stackoom
  简体   繁体   中英

Docker-based graylog permissions

 原文  2019-03-25 07:53:36       docker/ file-permissions/ permission-denied/ user-permissions/ graylog

Question

I've the following docker-compose.yml (slightly altered, but copied from here ): 

version: '2'
services:
  mongodb:
    image: mongo:3
    volumes:
      - /storage/mongo_data:/data/db
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.6.1
    volumes:
      - /storage/es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  graylog:
    image: graylog/graylog:3.0
    volumes:
      - /storage/graylog_journal:/usr/share/graylog/data/journal
    environment:
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

The problem is that when I run it with docker-compose it fails, since both graylog and elasticsearch services don't have access to /storage/graylog and /storage/elasticsearch respectively. What I need to change is to do:

  • chmod 1000:1000 -Rv /storage/elasticsearch
  • chmod 1100:1100 -Rv /storage/graylog

on the host machine.

So two questions arise:

  • why is that?
  • how to handle it elegantly?

2 answers

solution1
 0  2019-03-25 09:45:25

Elasticsearch and Graylog both do not run as root inside their container.

That is the reason their user/group need access to the filesystem on the host if your mount that into the container.

solution2
 0  2019-03-28 10:12:56

The compose file creates the volumes for the data, but the containers don't use them!

Original: 

volumes:
  - graylog_journal:/usr/share/graylog/data/journal

Your changes: 

volumes:
  - /storage/graylog_journal:/usr/share/graylog/data/journal

This creates the data directory in your host system and is in your hands.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Docker-based PAAS supporting multiple containers Cloud-based IDE for Docker-based projects? Why does DataDog prefer the Docker-based Agent installation? What are the solutions for deploying Docker-based app in private production environment? Monitor and scale Docker-based Celery workers cluster on AWS Cannot manage docker-based mysql server from Linux Docker & Graylog How can I run Docker-based project without installing docker into my windows machine How do you manage per-environment data in Docker-based microservices? Pycharm "Note that you cannot install any Python packages into Docker-based project interpreters."
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM