当web应用尝试将日志文件写入docker卷时,权限被拒绝
调查之后,似乎没有可接受的方法来启用对当web应用尝试将日志文件写入docker卷时,权限被拒绝,docker,spring-boot,Docker,Spring Boot,调查之后,似乎没有可接受的方法来启用对/opt/service/log目录/卷的spring引导写入访问,该目录/卷最终位于java.io.FileNotFoundException:log/app.log(权限被拒绝) Dockerfile: FROM openjdk:8-alpine RUN apk update && apk add --no-cache bash curl busybox EXPOSE 8080 #1 RUN mkdir -p /opt/service/l
/opt/service/log
目录/卷的spring引导写入访问,该目录/卷最终位于java.io.FileNotFoundException:log/app.log(权限被拒绝)
Dockerfile:
FROM openjdk:8-alpine
RUN apk update && apk add --no-cache bash curl busybox
EXPOSE 8080
#1 RUN mkdir -p /opt/service/log ; chown -R user /opt/service/log
VOLUME ["/opt/service/log"]
# a few COPY commands
RUN adduser -D -S -u 1000 user && chown -R 1000 /opt/service/
#2 RUN chmod -R 777 /opt/service
RUN chmod 755 /opt/service/entrypoint.sh
USER 1000
RUN ls -la .
RUN touch /opt/service/log/test.log
ENTRYPOINT ["/opt/service/entrypoint.sh"]
[INFO] DOCKER> Step 13/15 : RUN ls -la .
[INFO] DOCKER>
[INFO] DOCKER> ---> Running in a99022c07da2
[INFO] DOCKER> total 28088
drwxr-xr-x 1 user root 4096 Oct 15 11:05 .
drwxr-xr-x 1 root root 4096 Oct 15 11:02 ..
-rw-r--r-- 1 user root 4367 Sep 17 10:18 entrypoint.sh
drwxr-xr-x 2 root root 4096 Oct 15 11:05 log
-rw-r--r-- 1 user root 28741050 Oct 15 11:05 service.jar
[INFO] DOCKER> Removing intermediate container a99022c07da2
[INFO] DOCKER> ---> d0831197c79c
[INFO] DOCKER> Step 14/15 : RUN touch /opt/service/log/test.log
[INFO] DOCKER>
[INFO] DOCKER> ---> Running in 54f5d57499fc
[INFO] DOCKER> [91mtouch: /opt/service/log/test.log: Permission denied
#1
此已注释的修复程序可以正常工作,但不可接受,因为稍后可以更改目录
执行Dockerfile的输出:
FROM openjdk:8-alpine
RUN apk update && apk add --no-cache bash curl busybox
EXPOSE 8080
#1 RUN mkdir -p /opt/service/log ; chown -R user /opt/service/log
VOLUME ["/opt/service/log"]
# a few COPY commands
RUN adduser -D -S -u 1000 user && chown -R 1000 /opt/service/
#2 RUN chmod -R 777 /opt/service
RUN chmod 755 /opt/service/entrypoint.sh
USER 1000
RUN ls -la .
RUN touch /opt/service/log/test.log
ENTRYPOINT ["/opt/service/entrypoint.sh"]
[INFO] DOCKER> Step 13/15 : RUN ls -la .
[INFO] DOCKER>
[INFO] DOCKER> ---> Running in a99022c07da2
[INFO] DOCKER> total 28088
drwxr-xr-x 1 user root 4096 Oct 15 11:05 .
drwxr-xr-x 1 root root 4096 Oct 15 11:02 ..
-rw-r--r-- 1 user root 4367 Sep 17 10:18 entrypoint.sh
drwxr-xr-x 2 root root 4096 Oct 15 11:05 log
-rw-r--r-- 1 user root 28741050 Oct 15 11:05 service.jar
[INFO] DOCKER> Removing intermediate container a99022c07da2
[INFO] DOCKER> ---> d0831197c79c
[INFO] DOCKER> Step 14/15 : RUN touch /opt/service/log/test.log
[INFO] DOCKER>
[INFO] DOCKER> ---> Running in 54f5d57499fc
[INFO] DOCKER> [91mtouch: /opt/service/log/test.log: Permission denied
如何使卷可由用户写入
user
/spring boot?您将/opt/service/log定义为卷。完成此操作后,RUN
命令将无法进行进一步的更改。递归chmod
将在临时容器中运行,并装入临时匿名卷,然后该匿名卷将与您所做的权限更改一起丢弃
详情见:
- 从Dockerfile内更改卷:如果任何生成步骤在声明卷后更改了卷内的数据,则这些更改将被放弃
卷
定义,因为它会导致类似这样的问题,并破坏下游用户进行更改的能力。您始终可以在运行时,而不是在构建映像时,在docker-compose.yml或docker run
命令行中定义卷装载。如果必须在Dockerfile中定义卷,则将其移动到文件的末尾,并意识到您将无法在以后的Dockerfile中扩展此映像