Docker 无法打开RDB文件授权密钥(在服务器根目录/run中)进行保存:权限被拒绝
我有一个带redis容器的码头工人 it的配置 docker-compose.ymlDocker 无法打开RDB文件授权密钥(在服务器根目录/run中)进行保存:权限被拒绝,docker,redis,Docker,Redis,我有一个带redis容器的码头工人 it的配置 docker-compose.yml # Redis redis: image: redis:4.0.6 build: context: . dockerfile: dockerfile_redis volumes: - "./redis.conf:/usr/local/etc/redis/redis.conf" ports: - "6379:6379" dockerfile_redis CMD [
# Redis
redis:
image: redis:4.0.6
build:
context: .
dockerfile: dockerfile_redis
volumes:
- "./redis.conf:/usr/local/etc/redis/redis.conf"
ports:
- "6379:6379"
dockerfile_redis
CMD ["chown", "redis:redis", "-R", "/etc"]
CMD ["chown", "redis:redis", "-R", "/var/lib"]
CMD ["chown", "redis:redis", "-R", "/run"]
CMD ["sudo", "chmod", "644", "/data/dump.rdb" ]
CMD ["sudo", "chmod", "755", "/etc" ]
CMD ["sudo", "chmod", "770", "/var/lib" ]
CMD ["sudo", "chmod", "777", "/run" ]
CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]
此外,我还使用django和芹菜,当芹菜工作4-6小时时,芹菜容器停止运行,出现错误:
[2018-03-05 17:18:24,516: CRITICAL/MainProcess] Unrecoverable error: ResponseError('MISCONF Redis is configured to save RDB snapshots, but it is currently not able to persist on disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.',)
Traceback (most recent call last):
File "/usr/local/lib/python3.4/site-packages/celery/worker/worker.py", line 203, in start
self.blueprint.start(self)
File "/usr/local/lib/python3.4/site-packages/celery/bootsteps.py", line 119, in start
step.start(parent)
File "/usr/local/lib/python3.4/site-packages/celery/bootsteps.py", line 370, in start
return self.obj.start()
File "/usr/local/lib/python3.4/site-packages/celery/worker/consumer/consumer.py", line 320, in start
blueprint.start(self)
File "/usr/local/lib/python3.4/site-packages/celery/bootsteps.py", line 119, in start
step.start(parent)
File "/usr/local/lib/python3.4/site-packages/celery/worker/consumer/consumer.py", line 596, in start
c.loop(*c.loop_args())
File "/usr/local/lib/python3.4/site-packages/celery/worker/loops.py", line 88, in asynloop
next(loop)
File "/usr/local/lib/python3.4/site-packages/kombu/async/hub.py", line 354, in create_loop
cb(*cbargs)
File "/usr/local/lib/python3.4/site-packages/kombu/transport/redis.py", line 1040, in on_readable
self.cycle.on_readable(fileno)
File "/usr/local/lib/python3.4/site-packages/kombu/transport/redis.py", line 337, in on_readable
chan.handlers[type]()
File "/usr/local/lib/python3.4/site-packages/kombu/transport/redis.py", line 714, in _brpop_read
**options)
File "/usr/local/lib/python3.4/site-packages/redis/client.py", line 680, in parse_response
response = connection.read_response()
File "/usr/local/lib/python3.4/site-packages/redis/connection.py", line 629, in read_response
raise response
redis.exceptions.ResponseError: MISCONF Redis is configured to save RDB snapshots, but it is currently not able to persist on disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.
Import Error
-------------- celery@b17b82a69031 v4.1.0 (latentcall)
---- **** -----
--- * *** * -- Linux-4.4.0-34-generic-x86_64-with-debian-8.9 2018-03-05 07:24:00
-- * - **** ---
- ** ---------- [config]
- ** ---------- .> app: backend:0x7f19e5745208
- ** ---------- .> transport: redis://redis:6379/0
- ** ---------- .> results: disabled://
- *** --- * --- .> concurrency: 20 (prefork)
-- ******* ---- .> task events: OFF (enable -E to monitor tasks in this worker)
--- ***** -----
-------------- [queues]
.> celery exchange=celery(direct) key=celery
[tasks]
. CallbackNotifier
. FB posting
. FB token status
. MD posting
. MD token status
. OK posting
. OK token status
. TW posting
. TW token status
. VK posting
. VK token status
. api.controllers.message.scheduled_message
. backend.celery.debug_task
. stats.views.collect_stats
在我的redis.conf文件中,我禁用了快照
stop-writes-on-bgsave-error no
在redis日志中:
1:M 06 Mar 07:40:04.037 * Background saving started by pid 8228
8228:C 06 Mar 07:40:04.038 # Failed opening the RDB file backupall.db (in server root dir /run) for saving: Permission denied
但是,当我重新启动redis容器时,会收到一些警告:
1:C 06 Mar 08:12:48.982 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 06 Mar 08:12:48.982 # Redis version=4.0.6, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 06 Mar 08:12:48.982 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
1:M 06 Mar 08:12:48.986 * Running mode=standalone, port=6379.
1:M 06 Mar 08:12:48.986 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 06 Mar 08:12:48.986 # Server initialized
1:M 06 Mar 08:12:48.987 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
1:M 06 Mar 08:12:48.988 * DB loaded from disk: 0.001 seconds
1:M 06 Mar 08:12:48.988 * Ready to accept connections
如果您真的不需要公开端口,只需删除以下几行:
ports:
- "6379:6379"
请查看此博客: 很可能是恶意软件导致您的redis的工作目录发生更改,redis试图按照恶意脚本的命令将RDB文件写入root拥有的目录。由于它不是从根目录运行的,并且没有向用户“redis”授予对/run目录的写入权限,因此写入失败
因此,不要将您的Redis服务器端口暴露于Internet,它应该可以解决恶意软件能够访问该端口的问题。您的Redis可能已暴露于世界,没有密码保护,因此受到恶意人员的危害。