docker + elasticsearch:创build日志文件时访问被拒绝
我试图在docker容器中运行elasticsearch(5.3.0),如下所示:
docker run --network=host --publish 9203:9200 --publish 9300:9300 --env ES_JAVA_OPTS="-Xms4g -Xmx4g" --env "bootstrap.memory_lock=true" --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 --volume /etc/elasticsearch/ip-spotlight.elasticsearch.RR6.yml:/usr/share/elasticsearch/config/elasticsearch.yml --volume /usr/ip-spotlight/elasticsearch/RR6:/usr/share/elasticsearch/data --volume /var/log/elasticsearch:/usr/share/elasticsearch/logs --label app="ip-spotlight" --label service="elasticsearch" --label func="RR6" --name "ip-spotlight.elasticsearch.RR6" docker.elastic.co/elasticsearch/elasticsearch:5.3.2 SElinux被禁用(为了完全确定):
# getenforce Disabled
为了完全确定这里是/var/log/elasticsearch的权限:
# ls -salt /var/log/elasticsearch/ total 8 4 drwxrwxrwx. 2 elasticsearch elasticsearch 4096 May 4 15:12 . # cat /etc/*release* CentOS Linux release 7.3.1611 (Core) Derived from Red Hat Enterprise Linux 7.3 (Source) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" CentOS Linux release 7.3.1611 (Core) CentOS Linux release 7.3.1611 (Core) cpe:/o:centos:centos:7
显示的错误信息是:
2017-05-04 13:10:24,621 main ERROR Unable to create file /var/log/elasticsearch/ip-spotlight.elasticsearch.RR6_access.log java.io.IOException: No such file or directory
编辑:手动添加日志文件
# touch /var/log/elasticsearch/ip-spotlight.elasticsearch.RR6_access.log # chmod 777 /var/log/elasticsearch/ip-spotlight.elasticsearch.RR6_access.log # docker run --network=host --publish 9203:9200 --publish 9300:9300 --env ES_JAVA_OPTS="-Xms4g -Xmx4g" --env "bootstrap.memory_lock=true" --cap-add=IPC_LOCK --ulimit memlock=-1:-1 --ulimit nofile=65536:65536 --volume /etc/elasticsearch/ip-spotlight.elasticsearch.RR6.yml:/usr/share/elasticsearch/config/elasticsearch.yml --volume /usr/ip-spotlight/elasticsearch/RR6:/usr/share/elasticsearch/data --volume /var/log/elasticsearch:/usr/share/elasticsearch/logs --label app="ip-spotlight" --label service="elasticsearch" --label func="RR6" --name "ip-spotlight.elasticsearch.RR6" docker.elastic.co/elasticsearch/elasticsearch:5.3.2 2017-05-04 13:10:24,621 main ERROR Unable to create file /var/log/elasticsearch/ip-spotlight.elasticsearch.RR6_access.log java.io.IOException: No such file or directory
编辑:官方文件说The container runs Elasticsearch as user elasticsearch using uid:gid 1000:1000. Bind mounted host directories and files, such as custom_elasticsearch.yml above, need to be accessible by this user. The container runs Elasticsearch as user elasticsearch using uid:gid 1000:1000. Bind mounted host directories and files, such as custom_elasticsearch.yml above, need to be accessible by this user. 但在服务器上,安装elasticsearch作为服务,我看到:
$ id elasticsearch uid=990(elasticsearch) gid=988(elasticsearch) groups=988(elasticsearch)
请注意,我在所有相关的文件和目录做了chmod 777 。 你能告诉我如何解决这个问题吗?
在执行docker run命令时,您将名称命名为ip-spotlight.elasticsearch.RR6 ,该名称不在/ var / log / xxx目录下,请确保您具有可访问的或有效的日志文件为了这。
- 预创build检查错误:“找不到VBoxManage。 确保安装了VirtualBox并且VBoxManage在path“
- docker工人开始:设备上没有剩余空间
- 来自守护进程的错误响应:chtimes / var / lib / docker / tmp / docker-export- $:无效的参数
- 在datapower docker实例中写入内存错误
- docker运行容器发生错误时映射容器的端口与机器
- 无法保存泊坞窗图像
- 如何在发生错误时将文件复制到docker容器:Nosuch容器?
- 作业docker.service失败
- 在重新启动kubernetes后,Mongodb容器的数据变成“只读”,glusterfs作为存储?