Fatal编程技术网
  • docker/
  • 如果Docker容器具有Docker机密,则其启动失败

如果Docker容器具有Docker机密,则其启动失败

docker

如果Docker容器具有Docker机密,则其启动失败,docker,Docker,我正在尝试使用下面的compose文件运行docker stack命令,以了解docker secret是如何工作的 version: '3.1' services: web: image: nginxdemos/hello secrets: # secrets block only for 'web' service - my_external_secret - my_file_secret secrets:

我正在尝试使用下面的compose文件运行docker stack命令,以了解docker secret是如何工作的

version: '3.1'

services:
  web:
    image: nginxdemos/hello
    secrets:                    # secrets block only for 'web' service
     - my_external_secret
     - my_file_secret

secrets:                        # top level secrets block
  my_external_secret:
    external: true
  my_file_secret:
    file: my_file_secret.txt
不幸的是,我得到下面的错误

"Status": {
            "Timestamp": "2019-12-30T10:07:23.777012653Z",
            "State": "failed",
            "Message": "starting",
            "Err": "starting container failed: RemoveSecretsPath failed: remove /var/lib/docker/containers/be1fb75c79b4c44927569629cb64bb58b4ac24bda960e15e25c2ae3198eecf39/secrets/my_file_secret: read-only file system",
            "ContainerStatus": {
                "ContainerID": "be1fb75c79b4c44927569629cb64bb58b4ac24bda960e15e25c2ae3198eecf39",
                "ExitCode": 128
            },
            "PortStatus": {}
        },
        "DesiredState": "shutdown",
请查看其他详细信息

[root@docswarm1 ~]# df '/var/lib/docker/containers'
Filesystem            1K-blocks    Used Available Use% Mounted on
/dev/mapper/rhel-root   8374272 6781368   1592904  81% /var/lib/docker/containers


[root@docswarm1 ~]# cd /var/lib/docker/containers
[root@docswarm1 containers]# touch test.log
[root@docswarm1 containers]# ls -lhrt test.log
-rw-r--r--. 1 root root 0 Dec 30 17:00 test.log
[root@docswarm1 containers]#
您以什么用户的身份运行docker命令?错误消息听起来像是该用户没有对
/var/lib/docker/containers/be1fb75c79b4c4927569629cb64bb58b4ac24bda960e15e25c2ae3198eecf39/secrets/my_file_secret
的权限,无论是哪个用户运行docker客户端,服务器总是以
root运行。这不太可能是用户权限问题。这个错误(“只读文件系统”)并不意味着权限问题。我是以root用户的身份运行的啊,是的,很好@larsks。尝试运行
df'/var/lib/docker/containers'
mount | grep'/var'
并发布输出。另请查看是否可以在下面的说明中手动创建/删除
var/lib/docker/containers
@Z4 tier粘贴输出下的文件。mount | grep'/var'是一个巨大的输出,无法粘贴

[root@docswarm1 ~]# df '/var/lib/docker/containers'
Filesystem            1K-blocks    Used Available Use% Mounted on
/dev/mapper/rhel-root   8374272 6781368   1592904  81% /var/lib/docker/containers


[root@docswarm1 ~]# cd /var/lib/docker/containers
[root@docswarm1 containers]# touch test.log
[root@docswarm1 containers]# ls -lhrt test.log
-rw-r--r--. 1 root root 0 Dec 30 17:00 test.log
[root@docswarm1 containers]#