Skip to content

Instantly share code, notes, and snippets.

@youzipi

youzipi/non-root-permission.md

Last active July 20, 2022 03:30
Show Gist options
  • Save youzipi/a8255ef3997ac8a95f74b5642ce9734d to your computer and use it in GitHub Desktop.
Save youzipi/a8255ef3997ac8a95f74b5642ce9734d to your computer and use it in GitHub Desktop.
Download ZIP
非root 用户启动镜像,写外部文件,没有权限
Raw
non-root-permission.md 
pulsar_1     | 2022-07-20T02:41:02,671+0000 [main] ERROR org.apache.pulsar.PulsarStandaloneStarter - Failed to start pulsar service.
pulsar_1     | java.io.IOException: org.apache.zookeeper.server.persistence.FileTxnSnapLog$DatadirException: Cannot write to data directory data/standalone/zookeeper/version-2
pulsar_1     |         at org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble.runZookeeper(LocalBookkeeperEnsemble.java:214) ~[org.apache.pulsar-pulsar-zookeeper-utils-2.10.1.jar:2.10.1]
pulsar_1     |         at org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble.startStandalone(LocalBookkeeperEnsemble.java:443) ~[org.apache.pulsar-pulsar-zookeeper-utils-2.10.1.jar:2.10.1]
pulsar_1     |         at org.apache.pulsar.PulsarStandalone.start(PulsarStandalone.java:269) ~[org.apache.pulsar-pulsar-broker-2.10.1.jar:2.10.1]
pulsar_1     |         at org.apache.pulsar.PulsarStandaloneStarter.main(PulsarStandaloneStarter.java:139) [org.apache.pulsar-pulsar-broker-2.10.1.jar:2.10.1]
pulsar_1     | Caused by: org.apache.zookeeper.server.persistence.FileTxnSnapLog$DatadirException: Cannot write to data directory data/standalone/zookeeper/version-2
pulsar_1     |         at org.apache.zookeeper.server.persistence.FileTxnSnapLog.<init>(FileTxnSnapLog.java:140) ~[org.apache.zookeeper-zookeeper-3.6.3.jar:3.6.3]
pulsar_1     |         at org.apache.zookeeper.server.ZooKeeperServer.<init>(ZooKeeperServer.java:441) ~[org.apache.zookeeper-zookeeper-3.6.3.jar:3.6.3]
pulsar_1     |         at org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble.runZookeeper(LocalBookkeeperEnsemble.java:200) ~[org.apache.pulsar-pulsar-zookeeper-utils-2.10.1.jar:2.10.1]
pulsar_1     |         ... 3 more

example: [Fix][Docker] Add write permissions to /pulsar subdirectories to enable running as non-root user

RUN for SUBDIRECTORY in conf data download logs; do \
     [ -d /pulsar/$SUBDIRECTORY ] || mkdir /pulsar/$SUBDIRECTORY; \
     chmod -R g+w /pulsar/$SUBDIRECTORY; \
     done

一个替代方案: 使用 bind mount,可以拿到正确的权限。

docker run -it -p 6650:6650  -p 8080:8080 \
    --mount type=bind,source=/Users/michaelmarshall/pulsardata,target=/pulsar/data \
    --mount source=pulsarconf,target=/pulsar/conf \
    apachepulsar/pulsar:2.10.0 bin/pulsar standalone

开发人员 一直在 k8s 上测试。 但是,docker 和 k8s 对于 volume 的处理,是有差异的。

I missed this case in my testing because I focused on kubernetes testing, which allows for configuring the group permissions on volumes. The nuance here is primarily how docker provisions volumes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment