1.拉取镜像并启动容器
docker run -d --name myjenkins -p 8081:8080 -v $(pwd)/data:/var/jenkins_home jenkins/jenkins
2.通过docker ps命令查看容器并没有运行起来
3.docker logs myjenkins 报错信息如下:
touch: cannot touch ‘/var/jenkins_home/copy_reference_file.log’: Permission denied
Can not write to /var/jenkins_home/copy_reference_file.log. Wrong volume permissions?
分析:
我们检查一下之前启动方式的"/var/jenkins_home"目录权限,查看Jenkins容器的当前用户: 当前用户是"jenkins"而且"/var/jenkins_home"目录是属于jenkins用户拥有的
docker run -ti --rm --entrypoint="/bin/bash" jenkins -c "whoami && id"
控制台输出:
![image|800x39](upload://Af0xmohinF89tJLT4lK0Q2UDUKi.png)
docker run -ti --rm --entrypoint="/bin/bash" jenkins -c "ls -la /var/jenkins_home"
控制台输出:
![image|800x57](upload://2O5fUKK4fZygkDIxJ8a375AZziE.png)
而当映射本地数据卷时,/var/jenkins_home目录的拥有者变成了root用户
docker run -ti --rm -v $(pwd)/data:/var/jenkins_home --entrypoint="/bin/bash" jenkins -c "ls -la /var/jenkins_home"
控制台输出
![image|532x65](upload://adjuSRLXmzSz5v3W1LZxPhDYK9H.png)
这就解释了为什么当"jenkins"用户的进程访问"/var/jenkins_home"目录时,会出现 Permission denied 的问题
我们再检查一下宿主机上的数据卷目录,当前路径下"jenkins_data"目录的拥有者是"root"
ls -la ./jenkins_data
控制台输出:
![image|466x62](upload://L7dqtn5Xxkr2eKICyzM2Ck2E5K.png)
发现问题之后,相应的解决方法也很简单:把当前目录的拥有者赋值给uid 1000,再启动"jenkins"容器就一切正常了。
递归授权并再次启动jenkins
sudo chown -R 1000 ./jenkins_data
docker start Jenkins
重点来啦:
如果以上步骤还是解决不了权限问题,那么可以检查一下selinux状态,selinux开启的情况下会导致一些服务安装、使用不成功。
查看selinux状态,
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
临时关闭,
[root@localhost ~]# setenforce 0
1
永久关闭,可以修改配置文件/etc/selinux/config,将其中SELINUX设置为disabled,如下,
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@rdo ~]# sestatus
SELinux status: disabled
之后再次运行jenkins容器,jenkins_home目录顺利映射到本地指定的文件夹
你启动的时候挂载的目录是你运行命令时的当前目录下的data文件夹,那么这个文件夹的权限是不是不太对导致docker不能写入?
问题已经解决了,我就是记个笔记