[英]How to map volume for Jenkins in Dockers
I have been trying to map volume from my host to docker container, while running jenkins, but failing.我一直在尝试将 map 卷从我的主机转移到 docker 容器,同时运行 jenkins,但失败了。
This is what I tried so far:这是我到目前为止所尝试的:
I executed the following command:我执行了以下命令:
docker run -p 8080:8080 -p 50000:50000 -v /var/jenkins_home:/var/jenkins_home jenkins/jenkins:lts
I am getting following error:我收到以下错误:
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
I tried a lot of things, and last I followed the following steps from this link:我尝试了很多东西,最后我按照此链接中的以下步骤操作:
Jenkins wrong volume permissions Jenkins 卷权限错误
docker run -p 8080:8080 -p 50000:50000 -it jenkins bin/bash
Once inside the container's shell run the id
command and you'll get results like:一旦进入容器的 shell 运行
id
命令,您将得到如下结果:
uid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)
Exit the container, go to the folder you are trying to map and run:退出容器 go 到您尝试 map 的文件夹并运行:
chown -R 1000:1000 .
On my machine I do not have user 1000 so I am trying to create it but failing to do so.在我的机器上,我没有用户 1000,所以我试图创建它但没有这样做。
useradd -u 1000 jenkins
When I run the above command, I get the following error.当我运行上述命令时,出现以下错误。
useradd: UID 1000 is not unique useradd:UID 1000 不是唯一的
My machine details are as follows:我的机器详细信息如下:
NAME="CentOS Linux"
VERSION="7 (Core)"
The OS is running on Oracle VM Virtual Box.该操作系统运行在 Oracle VM Virtual Box 上。
I have tried couple of other things, but seems to be failing.我尝试了其他几件事,但似乎失败了。
Any pointers will be appreciated.任何指针将不胜感激。
Thanks.谢谢。
tl;dr: You dont need add user jenkins with id 1000 on your host, the chown should be enough. tl; dr:您不需要在主机上添加用户jenkins和 id 1000, chown应该足够了。
Privilege mismatch is a common problem you often get when using bind mounts.权限不匹配是您在使用绑定挂载时经常遇到的常见问题。 The user running a process inside a container does not match the bind-mount privileges it tries to access.
在容器内运行进程的用户与其尝试访问的绑定挂载权限不匹配。
You can try to run the container as the host user that is allowed to access the bind mount, ie as the current host user docker run --user $(id -u):$(id -g)...
您可以尝试以允许访问绑定挂载的主机用户身份运行容器,即当前主机用户
docker run --user $(id -u):$(id -g)...
Then again there might be a specific user set in the image to run a process and this trick does not work.再一次,图像中可能设置了一个特定的用户来运行一个进程,这个技巧不起作用。 If you choose to keep using bind mounts you can change the permissions on the bind mount like you already did, ie
chown -R 1000:1000.
如果您选择继续使用绑定挂载,您可以像以前那样更改绑定挂载的权限,即
chown -R 1000:1000.
. . You dont need that user on your host system, it should still work, it will just show as user 1000 with gid 1000 on the host without a named user attached.
您的主机系统上不需要该用户,它应该仍然可以工作,它只会在主机上显示为用户 1000 和 gid 1000,而没有附加命名用户。
I suggest to get used to use named mounts instead of bind mounts, it solves alot of the troubles you get with bind mounts.我建议习惯使用命名挂载而不是绑定挂载,它解决了绑定挂载的很多麻烦。
I did some more RnD and tried following:我做了更多的 RnD 并尝试了以下操作:
I ran the following command我运行了以下命令
docker volume create jenkins_volume
This creates a volume jenkins_volume in following directory这会在以下目录中创建一个卷 jenkins_volume
var/lib/docker/volumes
If i do ll
, i get the following details如果
ll
愿意,我会得到以下详细信息
drwxr-xr-x. 3 root root 4096 Jul 26 07:51 jenkins_volume
ie the user and group is root.即用户和组是root。
Now if i try to run this command it works fine.现在,如果我尝试运行此命令,它可以正常工作。
docker run -p 8080:8080 -p 50000:50000 -v jenkins_volume:/var/jenkins_home jenkins/jenkins:lts
Although I am not clear to me why earlier it was not working (as in the original question), even when the id and group was root:root for /var/jenkins_home
.尽管我不清楚为什么早些时候它不起作用(如在原始问题中),即使 id 和 group 是 root:root for
/var/jenkins_home
。
May be someone shed more light on this, but for now it am able to make progess.可能有人对此有所了解,但现在它能够取得进展。
Thanks.谢谢。
I also had this problem and I will use different directory paths to avoid ambigiouty in this answer.我也有这个问题,我将使用不同的目录路径来避免这个答案中的歧义。 Eg
-v /var/host/jenkins_home:/var/jenkins_home
例如
-v /var/host/jenkins_home:/var/jenkins_home
First I would like to reproduce the error and create the directory on my host with sudo -u root mkdir -p /var/host/jenkins_home
.首先,我想重现错误并使用
sudo -u root mkdir -p /var/host/jenkins_home
在我的主机上创建目录。 Since the directory is created by root
only root has permission to access it.由于该目录是由
root
创建的,因此只有 root 有权访问它。
$ ls -al /var/host/jenkins_home/
total 8
drwxr-xr-x 2 root root 4096 Jul 27 03:54 .
drwxr-xr-x 3 root root 4096 Jul 27 03:54 ..
When I start jenkins now I will get the same error like you当我现在开始 jenkins 时,我会得到和你一样的错误
$ docker run -p 8080:8080 -p 50000:50000 -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
touch: cannot touch '/var/jenkins_home/copy_reference_file.log': Permission denied
To fix this problem you must change the permissions on the host filesystem so that uid 1000 and gid 1000 has access to /var/host/jenkins_home
.要解决此问题,您必须更改主机文件系统的权限,以便 uid 1000 和 gid 1000 可以访问
/var/host/jenkins_home
。
sudo chown -R 1000:1000 /var/host/jenkins_home/
If I start jenkins now it will work:如果我现在启动 jenkins 它将起作用:
$ docker run -p 8080:8080 -p 50000:50000 -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts
Running from: /usr/share/jenkins/jenkins.war webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
2020-07-27 03:51:36.430+0000 [id=1] INFO org.eclipse.jetty.util.log.Log#initialized: Logging initialized @441ms to org.eclipse.jetty.util.log.JavaUtilLog
2020-07-27 03:51:36.577+0000 [id=1] INFO winstone.Logger#logInternal: Beginning extraction from war file
When working with docker you should think in uid and gid and not in usernames, because they can differ and lead to confusion.使用 docker 时,您应该考虑 uid 和 gid 而不是用户名,因为它们可能不同并导致混淆。
Eg on my host machine the uid 1000
is my user rene
例如,在我的主机上,uid
1000
是我的用户rene
$ id -un 1000
rene
But in the container it is jenkins
:但在容器中它是
jenkins
:
$ docker exec <CONTAINER_NAME> id -un 1000
jenkins
EDIT编辑
I still get same error
我仍然得到同样的错误
Check the permissions in the container检查容器中的权限
docker run --rm -v /var/host/jenkins_home:/var/jenkins_home jenkins/jenkins:lts ls -al /var/jenkins_home
it should show you that jenkins
is the owner and group of /var/jenkins_home
它应该告诉你
jenkins
是/var/jenkins_home
的所有者和组
total 12
drwxr-xr-x 2 jenkins jenkins 4096 Jul 27 04:56 .
drwxr-xr-x 1 root root 4096 Jul 15 14:56 ..
-rw-r--r-- 1 jenkins jenkins 100 Jul 27 04:56 copy_reference_file.log
EDIT编辑
Yes.
是的。 I am running docker inside a VM, right.
我在 VM 中运行 docker,对。 And the VM host is also a linux.
并且VM主机也是linux。 I am new to dockers, so did not understand much of what you said here.
我是码头工人的新手,所以不太了解您在这里所说的内容。 Can you please elaborate.
能否请您详细说明。
So you have the following setup:所以你有以下设置:
+-------------------------------------------------------------------------------+
+ VM Host |
+-------------------------------------------------------------------------------+
| |
| +-------------------------------------------------+ |
| / | VM (Docker Host) | |
| +- var +-------------------------------------------------+ |
| +- ... | / +-----------------------+| |
| | +- var | container jenkins || |
| | +- host +-----------------------+| |
| | + -jenkins_home |/ || |
| | / |+- var || |
| | | +- jenkins_home || |
| | +-----------------------+| |
| +-------------------------------------------------+ |
+-------------------------------------------------------------------------------+
Please ensure that you run the commands on the docker host (the VM).请确保在 docker 主机(VM)上运行命令。 Keep in mind that the docker host file system is different from your local (VM Host).
请记住,docker 主机文件系统与您的本地(VM 主机)不同。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.