使用 apache airflow docker 运算符和无根 Z05B6053C41A2130AFD66FC3B158BDA
[英]Using apache airflow docker operator with rootless docker
问题描述
I'm working on a project that is using apache airflow to schedule different scripts.
我正在开发一个项目,该项目使用 apache airflow 来安排不同的脚本。
Airflow itself and the scripts setting up the DAGs are bundled up in one Dockerfile. Airflow 本身和设置 DAG 的脚本捆绑在一个 Dockerfile 中。 The central part of each DAG is a dockeroperator which starts the appropiate container on the host system.每个 DAG 的中心部分是一个 dockeroperator,它在主机系统上启动相应的容器。
(Note: It is a requirement that each airflow and the scripts its schedules each have a Dockerfile) (注意:要求每个 airflow 及其调度的脚本每个都有一个 Dockerfile)
Currently docker on the host system has root privileges as suggested here .目前,主机系统上的 docker 具有此处建议的 root 权限。 When starting up my airflow container I create a volume with -v /var/run/docker.sock:/var/run/docker.sock .在启动我的 airflow 容器时,我使用-v /var/run/docker.sock:/var/run/docker.sock创建一个卷。 In this configuration airflow starts the containers as expected and without problems.在此配置中,airflow 按预期启动容器并且没有问题。
However because running docker with root privileges seems unsafe I tried the rootless mode for docker ( https://docs.docker.com/engine/security/rootless/ ). However because running docker with root privileges seems unsafe I tried the rootless mode for docker ( https://docs.docker.com/engine/security/rootless/ ).
After the setup the all containers individually work perfectly fine on the host machine.设置后,所有容器在主机上都可以正常工作。 Only when I run the airflow container do I get issues.只有当我运行 airflow 容器时,我才会遇到问题。
The error message is quite long, so I'll just post the last line: docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))错误消息很长,所以我只发布最后一行: docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
This error is the same one I got while I was not creating the volume mentioned above in the earlier iteration of my whole setup, so the issue is probably related to the docker daemon in the airflow container not having the correct premissions, but I don't know how to fix this.此错误与我在整个设置的早期迭代中未创建上述卷时遇到的错误相同,因此该问题可能与 airflow 容器中的 docker 守护程序没有正确的权限有关,但我没有不知道如何解决这个问题。
1 个解决方案
解决方案1
0 2021-10-12 10:31:13
You could launch the whole setup using docker compose.您可以使用 docker compose 启动整个设置。 A good starting point for the docker-compose file is the one given here: https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html A good starting point for the docker-compose file is the one given here: https://airflow.apache.org/docs/apache-airflow/stable/start/docker.html
You can choose either the default UID=50000 and GID=0 or a custom UID.您可以选择默认 UID=50000 和 GID=0 或自定义 UID。 Create this UID at host, create a docker group and add this user to the group.在主机上创建此 UID,创建一个 docker 组并将此用户添加到该组。 Then add the airflow user inside the container into this group.然后将容器内的 airflow 用户添加到该组中。 You can do this at compose file by adding您可以通过添加在撰写文件中执行此操作
group_add:
- <docker GID>
Note.笔记。 If you use a custom image and add the user to docker group in the Dockerfile it has no effect since these settings are overwritten by docker compose startup.sh如果您使用自定义图像并将用户添加到 Dockerfile 中的 docker 组中,则它不起作用,因为这些设置被 docker compose startup.sh 覆盖
In addition, you have to mount the docker.sock file to the container此外,您必须将 docker.sock 文件挂载到容器中
volumes:
- /var/run/docker.sock:/var/run/docker.sock
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.