文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Docker容器-如何将套接字文件的GID设置为groupID 130?

Docker容器-如何将套接字文件的GID设置为groupID 130?
EN

Stack Overflow用户
提问于 2019-11-25 04:53:59
回答 1查看 2.7K关注 0票数 4

这是码头场景中的码头。

下面是安装了docker客户端的Dockerfile中的相应代码:

代码语言:javascript
复制
FROM jenkins/jenkins:2.190.2

ENV DEBIAN_FRONTEND=noninteractive

# Official Jenkins image does not include sudo, change to root user
USER root

# Used to set the docker group ID
# Set to 497 by default, which is the groupID used by AWS Linux ECS instance
ARG DOCKER_GID=497

# Create Docker Group with GID
# Set default value of 497 if DOCKER_GID set to blank string by Docker compose
RUN groupadd -g ${DOCKER_GID:-497} docker

# Install base packages for docker, docker-compose & ansible
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA8E81B4331F7F50 && \
RUN apt-get update -y && \
    apt-get -y install bc \
                    gawk \
                    libffi-dev \
                    musl-dev \
                    apt-transport-https \
                    curl \
                    python3 \
                    python3-dev \
                    python3-setuptools \
                    gcc \
                    make \
                    libssl-dev \
                    python3-pip 

# Used at build time but not runtime
ARG DOCKER_VERSION=5:19.03.4~3-0~debian-stretch

# Install the latest Docker CE binaries and add user `jenkins` to the docker group
RUN apt-get update && \
    apt-get -y install apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common && \
    curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey && \
    add-apt-repository \
      "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
      $(lsb_release -cs) \
      stable" && \
    apt-get update && \
    apt-get -y install docker-ce=${DOCKER_VERSION:-5:19.03.4~3-0~debian-stretch}  \
        docker-ce-cli=${DOCKER_VERSION:-5:19.03.4~3-0~debian-stretch} \
        containerd.io && \
    usermod -aG docker jenkins


ARG DOCKER_COMPOSE=1.24.1

# Install docker compose
RUN curl -L "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE:-1.24.1}/docker-compose-$(uname -s)-$(uname -m)" \
    -o /usr/local/bin/docker-compose && \
    chmod +x /usr/local/bin/docker-compose && \
    pip3 install ansible boto3

# Change to jenkins user
USER jenkins

# Add jenkins plugin
COPY plugins.txt /usr/share/jenkins/plugins.txt
RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/plugins.txt

docker-compose.yml在启动对接容器时创建挂载点(/var/run/docker.sock),映射到对接主机的套接字文件:

代码语言:javascript
复制
version: '2'

volumes:
  jenkins_home:
    external: true

services:
  jenkins:
    build:
      context: .
      args:
        DOCKER_GID: ${DOCKER_GID}
        DOCKER_VERSION: ${DOCKER_VERSION}
        DOCKER_COMPOSE: ${DOCKER_COMPOSE}
    volumes:
      - jenkins_home:/var/jenkins_home
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "8080:8080"

运行命令DOCKER_GID=130 docker-compose up -d

但是,码头容器中的/var/run/docker.sock的用户in和清单如下所示:

在docker主机(膝上型计算机)中,docker组的组id为130

代码语言:javascript
复制
todobackend$ ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Nov 24 21:04 /var/run/docker.sock
todobackend$ cat /etc/group | grep docker
docker:x:130:user
todobackend$ 
todobackend$ uname -a
Linux mohet01-ubuntu 4.15.0-70-generic #79-Ubuntu SMP Tue Nov 12 10:36:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
todobackend$

在容器中,docker组的组id为130

代码语言:javascript
复制
todobackend$ 
todobackend$ docker exec -it 1bb8eedbf59e bash
jenkins@1bb8eedbf59e:/$
jenkins@1bb8eedbf59e:/$ ls -l /var/run/docker.sock
srw-rw---- 1 nobody nogroup 0 Nov 25 03:04 /var/run/docker.sock
jenkins@1bb8eedbf59e:/$
jenkins@1bb8eedbf59e:/$ cat /etc/group | grep nogroup
nogroup:x:65534:
jenkins@1bb8eedbf59e:/$ cat /etc/passwd | grep nobody
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
jenkins@1bb8eedbf59e:/$ cat /etc/group | grep docker
docker:x:130:jenkins
jenkins@1bb8eedbf59e:/$
jenkins@1bb8eedbf59e:/$ docker info
Client:
 Debug Mode: false

Server:
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/info: dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info
jenkins@1bb8eedbf59e:/$

但是码头容器中的挂载点(/var/run/docker.sock)并不是id 130组的一部分,因此,来自jenkins容器的码头客户端是无法解决以下来自jenkins管道的错误,这是预期的:

代码语言:javascript
复制
[1;33m=> Creating cache volume...
[0mGot permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/volumes/create: dial unix /var/run/docker.sock: connect: permission denied
Makefile:43: recipe for target 'test' failed

如何将组id 130设置为组所有者到码头容器中的这个挂载点(/var/run/docker.sock)?

linux
docker
docker-compose
dockerfile
lxc-docker
EN

回答 1

Stack Overflow用户

发布于 2022-01-02 19:52:15

docker compose似乎很难做到这一点。可能适用于docker run用户的解决方法是从主机获取停靠组ID:

代码语言:javascript
复制
docker_group_id=$(getent group docker | cut -d: -f3)

然后添加参数以挂载/etc/passwd/etc/group

代码语言:javascript
复制
  -u "$(id -u):$docker_group_id" \
  -v /etc/passwd:/etc/passwd \
  -v /etc/group:/etc/group \
票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/59025426

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档