[英]Error with ibdata1 write when starting customised Docker MySQL container as non-root user
我需要基於 MySQL 映像啟動一個 MySQL 容器,該映像將現有數據庫作為映像的一部分並設置為默認數據庫。 它需要以 mysql 的非 root 用戶運行,因為我們的私有 Kubernetes 集群不允許以 root 身份運行。 從 SO 中引用另一個解決方案,以使用在 Dockerfile 下創建的預先存在的數據庫啟動 MySQL。 它在 Docker 桌面本地成功啟動了一個容器,直到我進行了更改以嘗試使容器可以作為用戶 mysql 運行。
數據庫架構是使用 mysqdump 從 VM 上的現有數據庫輸出並輸出到 eddie_backup2.sql。
Dockerfile:
FROM containerregistry-na.foocompany/container-external/mysql:5.7.29 as builder
# That file does the DB initialization but also runs mysql daemon, by removing the last line it will only init
RUN ["sed", "-i", "s/exec \"$@\"/echo \"not running $@\"/", "/usr/local/bin/docker-entrypoint.sh"]
ENV MYSQL_ALLOW_EMPTY_PASSWORD="y"
ENV MYSQL_USER="eddie" MYSQL_PASSWORD="eddie_pwd" MYSQL_DATABASE="eddie"
ADD eddie_backup2.sql /tmp/eddie_backup2.sql
COPY setup.sql docker-entrypoint-initdb.d/
# Need to change the datadir to something else that /var/lib/mysql because the parent docker file defines it as a volume.
# https://docs.docker.com/engine/reference/builder/#volume :
# Changing the volume from within the Dockerfile: If any build steps change the data within the volume after
# it has been declared, those changes will be discarded.
RUN ["/usr/local/bin/docker-entrypoint.sh", "mysqld", "--datadir", "/initialized-db" ]
# added below line to change ownership
RUN ["/bin/bash", "-c", "chown -R mysql:mysql /initialized-db/"]
# starting with mysql image again and using the generated datadirectory from above interim image
FROM containerregistry.foocompany.net/container-external/mysql:5.7.29 as actual_base
COPY --from=builder /initialized-db /var/lib/mysql
# change owner to mysql and list immediately to verify it was done
RUN ["/bin/bash", "-c", "chown -R mysql:mysql ./var/lib/mysql/ -v && ls -lrt /var/lib/mysql"]
USER mysql
CMD mysqld --datadir=/var/lib/mysql --user=mysql
MySQL 腳本 setup.sql 在初始化時運行,因為它位於進程查看的特殊目錄中:
use eddie;
source /tmp/eddie_backup2.sql ;
但是,日志表明寫入 Innodb* 文件夾的權限存在問題。 我認為這些是或應該存在於 /var/lib/mysql 下。 這就是我得到的。
docker build --no-cache -t eddie-mysql:0.3 .
日志:
changed ownership of './var/lib/mysql/performance_schema/file_summary_by_event_n
ame.frm' from root:root to mysql:mysql
changed ownership of './var/lib/mysql/performance_schema/events_transactions_sum
mary_by_thread_by_event_name.frm' from root:root to mysql:mysql
changed ownership of './var/lib/mysql/performance_schema/hosts.frm' from root:ro
ot to mysql:mysql
changed ownership of './var/lib/mysql/performance_schema' from root:root to mysq
l:mysql
changed ownership of './var/lib/mysql/ib_buffer_pool' from root:root to mysql:my
sql
changed ownership of './var/lib/mysql/ca.pem' from root:root to mysql:mysql
changed ownership of './var/lib/mysql/private_key.pem' from root:root to mysql:m
ysql
changed ownership of './var/lib/mysql/ibdata1' from root:root to mysql:mysql
changed ownership of './var/lib/mysql/auto.cnf' from root:root to mysql:mysql
changed ownership of './var/lib/mysql/client-key.pem' from root:root to mysql:my
sql
ownership of './var/lib/mysql/' retained as mysql:mysql
total 176196
-rw------- 1 mysql mysql 1680 Oct 2 15:07 server-key.pem
-rw-r--r-- 1 mysql mysql 1112 Oct 2 15:07 server-cert.pem
-rw-r----- 1 mysql mysql 50331648 Oct 2 15:07 ib_logfile1
-rw-r--r-- 1 mysql mysql 1112 Oct 2 15:07 ca.pem
-rw------- 1 mysql mysql 1676 Oct 2 15:07 ca-key.pem
-rw-r----- 1 mysql mysql 56 Oct 2 15:07 auto.cnf
-rw------- 1 mysql mysql 1680 Oct 2 15:07 client-key.pem
-rw-r--r-- 1 mysql mysql 1112 Oct 2 15:07 client-cert.pem
-rw-r--r-- 1 mysql mysql 452 Oct 2 15:07 public_key.pem
-rw------- 1 mysql mysql 1680 Oct 2 15:07 private_key.pem
-rw-r----- 1 mysql mysql 79691776 Oct 2 15:07 ibdata1
-rw-r----- 1 mysql mysql 50331648 Oct 2 15:07 ib_logfile0
-rw-r----- 1 mysql mysql 1452 Oct 2 15:07 ib_buffer_pool
drwxr-x--- 2 mysql mysql 12288 Oct 2 15:07 sys
drwxr-x--- 2 mysql mysql 4096 Oct 2 15:07 performance_schema
drwxr-x--- 2 mysql mysql 4096 Oct 2 15:07 mysql
drwxr-x--- 2 mysql mysql 4096 Oct 2 15:07 eddie
Removing intermediate container 29e35ac511ea
---> ce46892514e4
Step 13/14 : USER mysql
---> Running in fd1831317581
Removing intermediate container fd1831317581
---> ae9d3e300cbf
Step 14/14 : CMD mysqld --datadir=/var/lib/mysql --user=mysql
---> Running in 17143095e06f
Removing intermediate container 17143095e06f
---> 9712fc738c4c
Successfully built 9712fc738c4c
Successfully tagged eddie-mysql:0.3
可以看到上面的ibdata1所有權更改為mysql。 這是相關的。 .
docker run -d --name abc eddie-mysql:0.3
docker logs 746a210065840
下面的日志表明 ibdata 不能被用戶 mysql 寫入,即使根據鏡像構建日志它是由 mysql 擁有的!
2020-10-02T15:13:08.264040Z 0 [Note] InnoDB: Completed initialization of buffer
pool
2020-10-02T15:13:08.265201Z 0 [Note] InnoDB: If the mysqld execution user is aut
horized, page cleaner thread priority can be changed. See the man page of setpri
ority().
2020-10-02T15:13:08.275162Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdat
a1' must be writable
2020-10-02T15:13:08.275231Z 0 [ERROR] InnoDB: The innodb_system data file 'ibdat
a1' must be writable
2020-10-02T15:13:08.275263Z 0 [ERROR] InnoDB: Plugin initialization aborted with
error Generic error
2020-10-02T15:13:08.876474Z 0 [ERROR] Plugin 'InnoDB' init function returned err
or.
2020-10-02T15:13:08.876491Z 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE
ENGINE failed.
2020-10-02T15:13:08.876494Z 0 [ERROR] Failed to initialize builtin plugins.
2020-10-02T15:13:08.876496Z 0 [ERROR] Aborting
2020-10-02T15:13:08.876500Z 0 [Note] Binlog end
2020-10-02T15:13:08.876723Z 0 [Note] Shutting down plugin 'CSV'
2020-10-02T15:13:08.877008Z 0 [Note] mysqld: Shutdown complete
這可能不是最優雅的解決方案,但如前所述,由於將 chown 添加到我的 dockerfile 中,我可以看到用戶 mysql 擁有該文件。 但是發現,它沒有寫入權限(確認在臨時添加RUN ls -lrt /var/lib/mysql -v以列出文件夾 perms 以進行調試后),鑒於錯誤消息,這是有道理的。 似乎沒有公開可用的圖像來處理以非 root 用戶身份啟動 mySQL 容器的這種用例。
因此,在使用無默認數據目錄的 mysqld 初始化之后,立即修改了我的 Dockerfile 以賦予文件 ibdata1(以及包含文件夾)的大多數特權權限:
RUN ["/usr/local/bin/docker-entrypoint.sh", "mysqld", "--datadir", "/initialized-db" ]
RUN ["/bin/bash", "-c", "chown -R mysql:mysql /initialized-db/"]
RUN ["/bin/bash", "-c", "chmod ugo=rwx -R /initialized-db/"]
RUN chmod -R ugo+rwx /initialized-db/ibdata1
這是構建日志的相關部分:
Step 9/13 : RUN ["/bin/bash", "-c", "chown -R mysql:mysql /initialized-db/"]
---> Running in 973c96b0f535
Removing intermediate container 973c96b0f535
---> f190deb49406
Step 10/13 : RUN ["/bin/bash", "-c", "chmod ugo=rwx -R /initialized-db/"]
---> Running in 2e4612d7674c
Removing intermediate container 2e4612d7674c
---> efa6715342e2
Step 11/13 : RUN chmod -R ugo+rwx /initialized-db/ibdata1
---> Running in 3c2e288c19b7
Removing intermediate container 3c2e288c19b7
---> 1c0e7a32b2a4
Step 12/13 : FROM some-private-registry.net/container-external/mysql:5.7
.29 as actual_base
---> 5d9483f9a7b2
Step 13/13 : COPY --from=builder /initialized-db /var/lib/mysql
---> 19f51e56ae40
然后我可以以 mysql 用戶身份運行圖像:
docker container run -d --user mysql --name foo_name --user mysql foo-mysql:1.0
啟動mysql時出現錯誤:無法鎖定./ibdata1,錯誤:11
[英]I got an error when starting mysql: Unable to lock ./ibdata1, error: 11
以隨機(非root)Linux用戶身份運行預填充的Docker容器MySQL?
[英]Run MySQL a prefilled docker container as random (non-root) linux user?
在Lustre文件系統上,啟動Mysqld的持續時間太長(InnoDB:無法鎖定./ibdata1,錯誤:38)
[英]Duration of starting Mysqld is too long on Lustre file system (InnoDB: Unable to lock ./ibdata1, error: 38)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.