1

我正在尝试使用 Redmine 官方 Docker 在 Bluemix 容器中设置 Redmine 实例;

我可以毫无问题地构建映像并运行容器。

如果我向容器中添加一个卷,则构建将在接近尾声时失败,并带有以下日志:

chown:无法读取目录“文件/文件”:权限被拒绝

8chown:更改“文件”的所有权:权限被拒绝

我知道这是因为容器中的用户没有读/写权限。

我尝试了一些解决方案尝试,例如使用

用户根

在 chown 之前。即使仅在 chown 之后声明卷(如 Docker 页面中所建议的那样)

或者,我遇到的所有其他解决方案都涉及到容器的 ssh;我不能做什么,因为容器永远不会在体积的首位运行。

这是我的 Dockerfile 和 entrypoint.sh 的副本

FROM ruby:2.2-slim


# add the volumeeditor to grant permissions in bluemix
RUN groupadd --gid 1010 redmine
RUN useradd --uid 1010 --gid 1010 -m --shell /bin/bash redmine


RUN apt-get update && apt-get install -y --no-install-recommends \
        ca-certificates \
        wget \
    && rm -rf /var/lib/apt/lists/*

# grab gosu for easy step-down from root
ENV GOSU_VERSION 1.7
RUN set -x \
    && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" \
    && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" \
    && export GNUPGHOME="$(mktemp -d)" \
    && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
    && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
    && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
    && chmod +x /usr/local/bin/gosu \
    && gosu nobody true

# grab tini for signal processing and zombie killing
ENV TINI_VERSION v0.9.0
RUN set -x \
    && wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini" \
    && wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/$TINI_VERSION/tini.asc" \
    && export GNUPGHOME="$(mktemp -d)" \
    && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 6380DC428747F6C393FEACA59A84159D7001A4E5 \
    && gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini \
    && rm -r "$GNUPGHOME" /usr/local/bin/tini.asc \
    && chmod +x /usr/local/bin/tini \
    && tini -h

RUN apt-get update && apt-get install -y --no-install-recommends \
        imagemagick \
        libmysqlclient18 \
        libpq5 \
        libsqlite3-0 \
        \
        bzr \
        git \
        mercurial \
        openssh-client \
        subversion \
    && rm -rf /var/lib/apt/lists/*

ENV RAILS_ENV production
WORKDIR /usr/src/redmine

ENV REDMINE_VERSION 3.3.3
ENV REDMINE_DOWNLOAD_MD5 c946839c9a51dba48ae7c34c5351f677

RUN wget -O redmine.tar.gz "https://www.redmine.org/releases/redmine-${REDMINE_VERSION}.tar.gz" \
    && echo "$REDMINE_DOWNLOAD_MD5 redmine.tar.gz" | md5sum -c - \
    && tar -xvf redmine.tar.gz --strip-components=1 \
    && rm redmine.tar.gz files/delete.me log/delete.me \
    && mkdir -p tmp/pdf public/plugin_assets \
    && chown -R redmine:redmine ./

RUN buildDeps=' \
        gcc \
        libmagickcore-dev \
        libmagickwand-dev \
        libmysqlclient-dev \
        libpq-dev \
        libsqlite3-dev \
        make \
        patch \
    ' \
    && set -ex \
    && apt-get update && apt-get install -y $buildDeps --no-install-recommends \
    && rm -rf /var/lib/apt/lists/* \
    && bundle install --without development test \
    && for adapter in mysql2 postgresql sqlite3; do \
        echo "$RAILS_ENV:" > ./config/database.yml; \
        echo "  adapter: $adapter" >> ./config/database.yml; \
        bundle install --without development test; \
    done \
    && rm ./config/database.yml \
    && apt-get purge -y --auto-remove $buildDeps

COPY docker-entrypoint.sh /
ENTRYPOINT ["/docker-entrypoint.sh"]

VOLUME /usr/src/redmine/files

EXPOSE 3000
CMD ["rails", "server", "-b", "0.0.0.0"]

码头入口点.sh

#!/bin/bash
set -e

# usage: file_env VAR [DEFAULT]
#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
    local var="$1"
    local fileVar="${var}_FILE"
    local def="${2:-}"
    if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
        exit 1
    fi
    local val="$def"
    if [ "${!var:-}" ]; then
        val="${!var}"
    elif [ "${!fileVar:-}" ]; then
        val="$(< "${!fileVar}")"
    fi
    export "$var"="$val"
    unset "$fileVar"
}

case "$1" in
    rails|rake|passenger)
        if [ ! -f './config/database.yml' ]; then
            file_env 'REDMINE_DB_MYSQL'
            file_env 'REDMINE_DB_POSTGRES'
            
            if [ "$MYSQL_PORT_3306_TCP" ] && [ -z "$REDMINE_DB_MYSQL" ]; then
                export REDMINE_DB_MYSQL='mysql'
            elif [ "$POSTGRES_PORT_5432_TCP" ] && [ -z "$REDMINE_DB_POSTGRES" ]; then
                export REDMINE_DB_POSTGRES='postgres'
            fi
            
            if [ "$REDMINE_DB_MYSQL" ]; then
                adapter='mysql2'
                host="$REDMINE_DB_MYSQL"
                file_env 'REDMINE_DB_PORT' '3306'
                file_env 'REDMINE_DB_USERNAME' "${MYSQL_ENV_MYSQL_USER:-root}"
                file_env 'REDMINE_DB_PASSWORD' "${MYSQL_ENV_MYSQL_PASSWORD:-${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}}"
                file_env 'REDMINE_DB_DATABASE' "${MYSQL_ENV_MYSQL_DATABASE:-${MYSQL_ENV_MYSQL_USER:-redmine}}"
                file_env 'REDMINE_DB_ENCODING' ''
            elif [ "$REDMINE_DB_POSTGRES" ]; then
                adapter='postgresql'
                host="$REDMINE_DB_POSTGRES"
                file_env 'REDMINE_DB_PORT' '5432'
                file_env 'REDMINE_DB_USERNAME' "${POSTGRES_ENV_POSTGRES_USER:-postgres}"
                file_env 'REDMINE_DB_PASSWORD' "${POSTGRES_ENV_POSTGRES_PASSWORD}"
                file_env 'REDMINE_DB_DATABASE' "${POSTGRES_ENV_POSTGRES_DB:-${REDMINE_DB_USERNAME:-}}"
                file_env 'REDMINE_DB_ENCODING' 'utf8'
            else
                echo >&2
                echo >&2 'warning: missing REDMINE_DB_MYSQL or REDMINE_DB_POSTGRES environment variables'
                echo >&2
                echo >&2 '*** Using sqlite3 as fallback. ***'
                echo >&2
                
                adapter='sqlite3'
                host='localhost'
                file_env 'REDMINE_DB_PORT' ''
                file_env 'REDMINE_DB_USERNAME' 'redmine'
                file_env 'REDMINE_DB_PASSWORD' ''
                file_env 'REDMINE_DB_DATABASE' 'sqlite/redmine.db'
                file_env 'REDMINE_DB_ENCODING' 'utf8'
                
                mkdir -p "$(dirname "$REDMINE_DB_DATABASE")"
                chown -R redmine:redmine "$(dirname "$REDMINE_DB_DATABASE")"
            fi
            
            REDMINE_DB_ADAPTER="$adapter"
            REDMINE_DB_HOST="$host"
            echo "$RAILS_ENV:" > config/database.yml
            for var in \
                adapter \
                host \
                port \
                username \
                password \
                database \
                encoding \
            ; do
                env="REDMINE_DB_${var^^}"
                val="${!env}"
                [ -n "$val" ] || continue
                echo "  $var: \"$val\"" >> config/database.yml
            done
        fi
        
        # ensure the right database adapter is active in the Gemfile.lock
        bundle install --without development test
        
        if [ ! -s config/secrets.yml ]; then
            file_env 'REDMINE_SECRET_KEY_BASE'
            if [ "$REDMINE_SECRET_KEY_BASE" ]; then
                cat > 'config/secrets.yml' <<-YML
                    $RAILS_ENV:
                      secret_key_base: "$REDMINE_SECRET_KEY_BASE"
                YML
            elif [ ! -f /usr/src/redmine/config/initializers/secret_token.rb ]; then
                rake generate_secret_token
            fi
        fi
        if [ "$1" != 'rake' -a -z "$REDMINE_NO_DB_MIGRATE" ]; then
            gosu redmine rake db:migrate
        fi
        
        # https://www.redmine.org/projects/redmine/wiki/RedmineInstall#Step-8-File-system-permissions
        mkdir -p tmp tmp/pdf public/plugin_assets
        chown -R redmine:redmine files log public/plugin_assets
        chmod -R 755 files log tmp public/plugin_assets
        
        # remove PID file to enable restarting the container
        rm -f /usr/src/redmine/tmp/pids/server.pid
        
        if [ "$1" = 'passenger' ]; then
            # Don't fear the reaper.
            set -- tini -- "$@"
        fi
        
        set -- gosu redmine "$@"
        ;;
esac

exec "$@"

任何帮助将不胜感激。

4

1 回答 1

0

要解决此问题,您必须临时将非 root 用户添加到 root 组,以授予其对卷挂载的写入权限。这是文档中的一个示例:https ://console.ng.bluemix.net/docs/containers/container_volumes_ov.html#container_volumes_write

于 2017-05-26T15:58:09.523 回答