0

现在 RHEL8 已经退出,Docker 不再是一个可行的选择,所以我试图让一个集群在 Podman 中运行,但遇到了权限错误。无论出于何种原因,无论我尝试什么,我都会得到java.lang.IllegalStateException: Unable to access 'path.data' (/usr/share/elasticsearch/data)

目录设置

  mkdir /var/elasticsearch-data
  mkdir /var/elasticsearch-data/data01
  mkdir /var/elasticsearch-data/data02
  mkdir /var/elasticsearch-data/data03
  mkdir /var/elasticsearch-data/data04

  chmod -R g+rwx /var/elasticsearch-data
  chgrp -R 0 /var/elasticsearch-data

我最终只是放弃并设置了目录,chmod -R 777 /var/elasticsearch-data但错误仍然存​​在。我尝试将目录所有权更改为非特权用户,并尝试更改组。

Podman 撰写文件

version: '2.2'
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms28g -Xmx28g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /var/elasticsearch-data/data01:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      - elastic
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es03,es04
      - cluster.initial_master_nodes=es01,es02,es03,es04
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms28g -Xmx28g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /var/elasticsearch-data/data02:/usr/share/elasticsearch/data
    networks:
      - elastic
  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02,es04
      - cluster.initial_master_nodes=es01,es02,es03,es04
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms28g -Xmx28g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /var/elasticsearch-data/data03:/usr/share/elasticsearch/data
    networks:
      - elastic
  es04:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
    container_name: es04
    environment:
      - node.name=es04
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02,es03
      - cluster.initial_master_nodes=es01,es02,es03,es04
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms28g -Xmx28g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /var/elasticsearch-data/data04:/usr/share/elasticsearch/data
    networks:
      - elastic
  kibana:
    image: docker.elastic.co/kibana/kibana:7.7.0
    container_name: kib01
    ports:
      - 5601:5601
    environment:
      ELASTICSEARCH_URL: http://es01:9200
      ELASTICSEARCH_HOSTS: http://es01:9200, http://es02:9200, http://es03:9200, http://es04:9200
    networks:
      - elastic

volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local
  data04:
    driver: local

networks:
  elastic:
    driver: bridge

使用 podman-compose 运行

podman-compose up

日志输出

[root@mapsdemo opt]# podman-compose up
podman pod create --name=opt --share net -p 9200:9200 -p 5601:5601
Error: unable to create pod: error adding pod to state: name opt is in use: pod already exists
125
podman create --name=es01 --pod=opt -l io.podman.compose.config-hash=123 -l io.podman.compose.project=opt -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=es01 -e node.name=es01 -e c
luster.name=es-docker-cluster -e discovery.seed_hosts=es02,es03 -e cluster.initial_master_nodes=es01,es02,es03 -e bootstrap.memory_lock=true -e ES_JAVA_OPTS=-Xms28g -Xmx28g --mount type=bind,source=/var/elasticsearch-data/data01,destinatio
n=/usr/share/elasticsearch/data --add-host es01:127.0.0.1 --add-host es01:127.0.0.1 --add-host es02:127.0.0.1 --add-host es02:127.0.0.1 --add-host es03:127.0.0.1 --add-host es03:127.0.0.1 --add-host es04:127.0.0.1 --add-host es03:127.0.0.1
 --add-host kibana:127.0.0.1 --add-host kib01:127.0.0.1 docker.elastic.co/elasticsearch/elasticsearch:7.7.0
Error: error creating container storage: the container name "es01" is already in use by "fc3902dad1e80d30d0cb778f2667356a26e2b005a7b24de032aad13ca7147622". You have to remove that container to be able to reuse that name.: that name is alre
ady in use
125
podman create --name=es02 --pod=opt -l io.podman.compose.config-hash=123 -l io.podman.compose.project=opt -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=es02 -e node.name=es02 -e c
luster.name=es-docker-cluster -e discovery.seed_hosts=es01,es03,es04 -e cluster.initial_master_nodes=es01,es02,es03,es04 -e bootstrap.memory_lock=true -e ES_JAVA_OPTS=-Xms28g -Xmx28g --mount type=bind,source=/var/elasticsearch-data/data02,
destination=/usr/share/elasticsearch/data --add-host es01:127.0.0.1 --add-host es01:127.0.0.1 --add-host es02:127.0.0.1 --add-host es02:127.0.0.1 --add-host es03:127.0.0.1 --add-host es03:127.0.0.1 --add-host es04:127.0.0.1 --add-host es03
:127.0.0.1 --add-host kibana:127.0.0.1 --add-host kib01:127.0.0.1 docker.elastic.co/elasticsearch/elasticsearch:7.7.0
Error: error creating container storage: the container name "es02" is already in use by "e66f93a50e61e62a1f0408aee3bef96f8ddf949f7edb35bfdbdf5557da91f743". You have to remove that container to be able to reuse that name.: that name is alre
ady in use
125
podman create --name=es03 --pod=opt -l io.podman.compose.config-hash=123 -l io.podman.compose.project=opt -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=es04 -e node.name=es04 -e c
luster.name=es-docker-cluster -e discovery.seed_hosts=es01,es02,es03 -e cluster.initial_master_nodes=es01,es02,es03,es04 -e bootstrap.memory_lock=true -e ES_JAVA_OPTS=-Xms28g -Xmx28g --mount type=bind,source=/var/elasticsearch-data/data04,
destination=/usr/share/elasticsearch/data --add-host es01:127.0.0.1 --add-host es01:127.0.0.1 --add-host es02:127.0.0.1 --add-host es02:127.0.0.1 --add-host es03:127.0.0.1 --add-host es03:127.0.0.1 --add-host es04:127.0.0.1 --add-host es03
:127.0.0.1 --add-host kibana:127.0.0.1 --add-host kib01:127.0.0.1 docker.elastic.co/elasticsearch/elasticsearch:7.7.0
Error: error creating container storage: the container name "es03" is already in use by "f707acc5bd286dcab77a5463b5d3ce04bceb55705203025926a87180b8ad8c2b". You have to remove that container to be able to reuse that name.: that name is alre
ady in use
125
podman create --name=kib01 --pod=opt -l io.podman.compose.config-hash=123 -l io.podman.compose.project=opt -l io.podman.compose.version=0.0.1 -l com.docker.compose.container-number=1 -l com.docker.compose.service=kibana -e ELASTICSEARCH_UR
L=http://es01:9200 -e ELASTICSEARCH_HOSTS=http://es01:9200, http://es02:9200, http://es03:9200, http://es04:9200 --add-host es01:127.0.0.1 --add-host es01:127.0.0.1 --add-host es02:127.0.0.1 --add-host es02:127.0.0.1 --add-host es03:127.0.
0.1 --add-host es03:127.0.0.1 --add-host es04:127.0.0.1 --add-host es03:127.0.0.1 --add-host kibana:127.0.0.1 --add-host kib01:127.0.0.1 docker.elastic.co/kibana/kibana:7.7.0
Error: error creating container storage: the container name "kib01" is already in use by "3cc0578669211247b729d82cb4993c679164ebd5ea32858818b737bd6dcac293". You have to remove that container to be able to reuse that name.: that name is alr
eady in use
125
podman start -a es01
podman start -a es02
podman start -a es03
podman start -a kib01
{"type": "server", "timestamp": "2020-05-25T00:32:32,478Z", "level": "WARN", "component": "o.e.b.JNANatives", "cluster.name": "es-docker-cluster", "node.name": "es01", "message": "Unable to lock JVM Memory: error=12, reason=Cannot allocate
 memory" }
{"type": "server", "timestamp": "2020-05-25T00:32:32,481Z", "level": "WARN", "component": "o.e.b.JNANatives", "cluster.name": "es-docker-cluster", "node.name": "es01", "message": "This can result in part of the JVM being swapped out." }
{"type": "server", "timestamp": "2020-05-25T00:32:32,481Z", "level": "WARN", "component": "o.e.b.JNANatives", "cluster.name": "es-docker-cluster", "node.name": "es01", "message": "Increase RLIMIT_MEMLOCK, soft limit: 65536, hard limit: 655
36" }
{"type": "server", "timestamp": "2020-05-25T00:32:32,481Z", "level": "WARN", "component": "o.e.b.JNANatives", "cluster.name": "es-docker-cluster", "node.name": "es01", "message": "These can be adjusted by modifying /etc/security/limits.co$
f, for example: \n\t# allow user 'elasticsearch' mlockall\n\telasticsearch soft memlock unlimited\n\telasticsearch hard memlock unlimited" }
{"type": "server", "timestamp": "2020-05-25T00:32:32,482Z", "level": "WARN", "component": "o.e.b.JNANatives", "cluster.name": "es-docker-cluster", "node.name": "es01", "message": "If you are logged in interactively, you will have to re-log
in for the new limits to take effect." }
{"type": "server", "timestamp": "2020-05-25T00:32:32,537Z", "level": "ERROR", "component": "o.e.b.ElasticsearchUncaughtExceptionHandler", "cluster.name": "es-docker-cluster", "node.name": "es01", "message": "uncaught exception in thread [m
ain]",
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unable to access 'path.data' (/usr/share/elasticsearch/data)",

有没有其他人遇到过这个?

4

3 回答 3

1

如果您运行以下命令:

chcon -t svirt_sandbox_file_t <host file path> 

这应该使您能够使用 selinux(这是一个好主意)

于 2021-02-14T13:45:49.613 回答
0

这不是问题的真正答案,但如果它对遇到此问题的其他人有所帮助,这就是如何在 RHEL-8 上安装 Docker。您必须强制安装更新版本的 containerd。我无法弄清楚 Podman compose 的权限出了什么问题。

  dnf install -y https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
  dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
  curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  systemctl enable docker
  systemctl start docker
于 2020-05-25T20:05:48.850 回答
0

编辑:使用@James 的答案——使用 SELinux 总是一个更好的主意。我没有为我的实验室设置而费心去弄清楚它,但既然别人有你应该这样做。

-- 原始答案 --

我认为两次回答我自己的帖子可能很奇怪,但我希望这很方便。

你准备好迎接一生的惊喜了吗?你准备好了吗?

我什至会给你一个提示——我在 RHEL8 vanilla 上运行。

我知道这会令人震惊。

暂停以获得戏剧效果

SELinux。

将其关闭 ( setenforce 0)。一切都神奇地起作用。

我可以从这里听到每个人的震惊。

于 2020-05-26T20:54:56.263 回答