在docker中不能启动tomcat:“权限被拒绝”
我有以下的docker文件:
FROM debian:jessie RUN apt-get update && apt-get install -y wget RUN wget --quiet http://www.us.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz -O /tmp/tomcat.tar.gz RUN cd /tmp && tar xf tomcat.tar.gz RUN mv /tmp/apache-tomcat-8.5.20 /usr/share/ RUN adduser --system --shell /bin/bash --gecos 'Tomcat Java Servlet and JSP engine' --group --disabled-password --home /home/tomcat tomcat RUN chown -R tomcat:tomcat /usr/share/apache-tomcat-8.5.20/* RUN chmod +x /usr/share/apache-tomcat-8.5.20/bin/*.sh RUN apt-get update && apt-get install -y openjdk-7-jre-headless CMD ["/bin/bash"] 如果我使用Ubuntu 17.04和Docker 1.12.6编译我的笔记本电脑,编译78d1802,我可以执行
su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh
没有任何问题:
$ sudo docker run -it ff1323fadc66 root@728de06f43be:/# su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh Using CATALINA_BASE: /usr/share/apache-tomcat-8.5.20 Using CATALINA_HOME: /usr/share/apache-tomcat-8.5.20 Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.5.20/temp Using JRE_HOME: /usr Using CLASSPATH: /usr/share/apache-tomcat-8.5.20/bin/bootstrap.jar:/usr/share/apache-tomcat-8.5.20/bin/tomcat-juli.jar Tomcat started.
但是,如果我在docker 1.12.6的Ubuntu 16.04 LTS上尝试,在AWS上托pipe构build78d1802,我会得到以下输出:
$ sudo docker run -it 96e0e82a9dda root@f8f7d3fd6917:/# su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh Using CATALINA_BASE: /usr/share/apache-tomcat-8.5.20 Using CATALINA_HOME: /usr/share/apache-tomcat-8.5.20 Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.5.20/temp Using JRE_HOME: /usr Using CLASSPATH: /usr/share/apache-tomcat-8.5.20/bin/bootstrap.jar:/usr/share/apache-tomcat-8.5.20/bin/tomcat-juli.jar touch: cannot touch '/usr/share/apache-tomcat-8.5.20/logs/catalina.out': Permission denied /usr/share/apache-tomcat-8.5.20/bin/catalina.sh: 434: /usr/share/apache-tomcat-8.5.20/bin/catalina.sh: cannot create /usr/share/apache-tomcat-8.5.20/logs/catalina.out: Permission denied
这怎么可能? docker文件不应该产生相同的环境? 我也在MacOS上试了一下,它也像魅力一样在那里启动tomcat。
我已经试图绕过这个与chmod 777 /usr/share/apache-tomcat-8.5.20/logs/但它也没有工作。
编辑:
按要求输出ls -alh /usr/share/apache-tomcat-8.5.20/logs/
root@ce87bb8feb9b:/# su tomcat -c /usr/share/apache-tomcat-8.5.20/bin/startup.sh Using CATALINA_BASE: /usr/share/apache-tomcat-8.5.20 Using CATALINA_HOME: /usr/share/apache-tomcat-8.5.20 Using CATALINA_TMPDIR: /usr/share/apache-tomcat-8.5.20/temp Using JRE_HOME: /usr Using CLASSPATH: /usr/share/apache-tomcat-8.5.20/bin/bootstrap.jar:/usr/share/apache-tomcat-8.5.20/bin/tomcat-juli.jar touch: cannot touch '/usr/share/apache-tomcat-8.5.20/logs/catalina.out': Permission denied /usr/share/apache-tomcat-8.5.20/bin/catalina.sh: 434: /usr/share/apache-tomcat-8.5.20/bin/catalina.sh: cannot create /usr/share/apache-tomcat-8.5.20/logs/catalina.out: Permission denied root@ce87bb8feb9b:/# ls -alh /usr/share/apache-tomcat-8.5.20/logs/ total 8.0K drwxr-x--- 2 tomcat tomcat 4.0K Aug 2 21:35 . drwxr-xr-x 17 root root 4.0K Sep 6 06:58 .. root@ce87bb8feb9b:/#
此外:当然,可以在不切换用户的情况下启动tomcat,然后使用root用户,但我宁愿避免这种情况。
EDIT2:
主机是Ubuntu 16.04.3 LTS:
$ cat /etc/os-release NAME="Ubuntu" VERSION="16.04.3 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.3 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial
它也有一个开发日志:
$ ls -l /run/systemd/journal/dev-log srw-rw-rw- 1 root root 0 Sep 5 13:13 /run/systemd/journal/dev-log
所以这一个似乎是最怪异的,我不知道根本的情况下,这不工作,但低于选项将为您工作
将用户更改为tomcat,然后解压缩文件夹
FROM debian:jessie RUN apt-get update && apt-get install -y wget openjdk-7-jre-headless RUN adduser --system --shell /bin/bash --gecos 'Tomcat Java Servlet and JSP engine' --group --disabled-password --home /home/tomcat tomcat USER tomcat RUN wget --quiet http://www.us.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz -O /tmp/tomcat.tar.gz && cd /tmp && tar xf tomcat.tar.gz && mv /tmp/apache-tomcat-8.5.20/ /tomcat USER root CMD ["/bin/bash"]
删除日志文件夹并重新创build它
FROM debian:jessie RUN apt-get update && apt-get install -y wget openjdk-7-jre-headless RUN adduser --system --shell /bin/bash --gecos 'Tomcat Java Servlet and JSP engine' --group --disabled-password --home /home/tomcat tomcat RUN wget --quiet http://www.us.apache.org/dist/tomcat/tomcat-8/v8.5.20/bin/apache-tomcat-8.5.20.tar.gz -O /tmp/tomcat.tar.gz && cd /tmp && tar xf tomcat.tar.gz && mv /tmp/apache-tomcat-8.5.20/ /tomcat RUN rm -rf /tomcat/logs && chown -R tomcat:tomcat /tomcat && su tomcat -c "mkdir /tomcat/logs" CMD ["/bin/bash"]
以上解决scheme适用于您的情况。 行为在两个操作系统中不同的根本原因尚不清楚
粘贴任何一个有兴趣debugging的垃圾箱
strace su tomcat -c /tomcat/logs/text.txt
实际使用的最终docker文件
我不禁想知道为什么重新发明轮子,官方的tomcat图像有什么问题? https://docs.docker.com/samples/library/tomcat/或https://hub.docker.com/_/tomcat/