不能 运行 声纳扫描仪在 docker 容器内:权限被拒绝
Can't run sonar-scanner inside docker container: Permission denied
我正在尝试构建具有 CI 目的的自定义 docker 图像(bitbucket 管道)。在构建并测试我的代码后,我希望我可以 运行 使用 sonarqube 进行一些分析。
在我的自定义图像上,我尝试安装 sonar-scanner,所以在容器中时它会被执行。但是,在容器内(在 bitbucket 或我的本地机器上)它失败并出现此错误:
/sonar-scanner-2.8/bin/sonar-scanner: 108: exec: : Permission denied
我已经尝试了很多不同的方法来设置扫描仪目录的权限和所有权,但没有任何效果。
更令人惊讶的是,即使 运行使用闪光灯 --privileged=true 容器时,我仍然会遇到同样的错误。
我在 docker 基础知识上缺少什么?
这是我最后一个版本的 Dockerfile:
# Pull base image.
FROM node:6
LABEL maintainer "Gabriel Araujo <contact@gbiel.com>"
ENV SONAR_SCANNER_VERSION 2.8
ENV SONAR_SCANNER_HOME /home/sonar-scanner-${SONAR_SCANNER_VERSION}
ENV SONAR_SCANNER_PACKAGE sonar-scanner-${SONAR_SCANNER_VERSION}.zip
ENV SONAR_RUNNER_HOME ${SONAR_SCANNER_HOME}
ENV PATH $PATH:${SONAR_SCANNER_HOME}/bin
ENV WORKDIR /home/workspace
# Define working directory.
WORKDIR ${WORKDIR}
# Install dependencies
RUN apt-get -yqq update && \
apt-get -yqq --no-install-recommends install git bzip2 curl unzip && \
npm install -g gulp bower && \
npm cache clean && \
apt-get -yqq autoremove && \
apt-get -yqq clean && \
rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/*
# Allow root for bower
RUN echo '{ "allow_root": true }' > /root/.bowerrc
# Download sonar
RUN curl --insecure -OL https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${SONAR_SCANNER_PACKAGE} && \
unzip ${SONAR_SCANNER_PACKAGE} -d /home && \
rm ${SONAR_SCANNER_PACKAGE}
RUN addgroup sonar && \
useradd -s /usr/sbin/nologin -d ${SONAR_SCANNER_HOME} -g sonar sonar && \
chown -R sonar:sonar ${SONAR_SCANNER_HOME} && \
chown -R sonar:sonar ${WORKDIR}
USER sonar
Java 8 需要先安装,因为声纳扫描仪需要它。我已将它添加到您的 Dockerfile 中。需要从 jessie backports 安装。
您可能应该将我添加的内容合并到您现有的 Install dependencies 部分
# Pull base image.
FROM node:6
LABEL maintainer "Gabriel Araujo <contact@gbiel.com>"
ENV SONAR_SCANNER_VERSION 2.8
ENV SONAR_SCANNER_HOME /home/sonar-scanner-${SONAR_SCANNER_VERSION}
ENV SONAR_SCANNER_PACKAGE sonar-scanner-${SONAR_SCANNER_VERSION}.zip
ENV SONAR_RUNNER_HOME ${SONAR_SCANNER_HOME}
ENV PATH $PATH:${SONAR_SCANNER_HOME}/bin
ENV WORKDIR /home/workspace
# Define working directory.
WORKDIR ${WORKDIR}
# Install OpenJDK 8
RUN echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list && \
apt-get update && \
apt-get install -y -t jessie-backports openjdk-8-jre-headless ca-certificates-java
# Install dependencies
RUN apt-get -yqq update && \
apt-get -yqq --no-install-recommends install git bzip2 curl unzip && \
npm install -g gulp bower && \
npm cache clean && \
apt-get -yqq autoremove && \
apt-get -yqq clean && \
rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/*
# Allow root for bower
RUN echo '{ "allow_root": true }' > /root/.bowerrc
# Download sonar
RUN curl --insecure -OL https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${SONAR_SCANNER_PACKAGE} && \
unzip ${SONAR_SCANNER_PACKAGE} -d /home && \
rm ${SONAR_SCANNER_PACKAGE}
RUN addgroup sonar && \
useradd -s /usr/sbin/nologin -d ${SONAR_SCANNER_HOME} -g sonar sonar && \
chown -R sonar:sonar ${SONAR_SCANNER_HOME} && \
chown -R sonar:sonar ${WORKDIR}
USER sonar
现在它应该可以工作了:
docker build -t sonar-test .
docker run -it --rm sonar-test /home/sonar-scanner-2.8/bin/sonar-scanner --help
INFO:
INFO: usage: sonar-scanner [options]
INFO:
INFO: Options:
INFO: -D,--define <arg> Define property
INFO: -h,--help Display help information
INFO: -v,--version Display version information
INFO: -X,--debug Produce execution debug output
INFO: -i,--interactive Run interactively
我正在尝试构建具有 CI 目的的自定义 docker 图像(bitbucket 管道)。在构建并测试我的代码后,我希望我可以 运行 使用 sonarqube 进行一些分析。
在我的自定义图像上,我尝试安装 sonar-scanner,所以在容器中时它会被执行。但是,在容器内(在 bitbucket 或我的本地机器上)它失败并出现此错误:
/sonar-scanner-2.8/bin/sonar-scanner: 108: exec: : Permission denied
我已经尝试了很多不同的方法来设置扫描仪目录的权限和所有权,但没有任何效果。
更令人惊讶的是,即使 运行使用闪光灯 --privileged=true 容器时,我仍然会遇到同样的错误。
我在 docker 基础知识上缺少什么?
这是我最后一个版本的 Dockerfile:
# Pull base image.
FROM node:6
LABEL maintainer "Gabriel Araujo <contact@gbiel.com>"
ENV SONAR_SCANNER_VERSION 2.8
ENV SONAR_SCANNER_HOME /home/sonar-scanner-${SONAR_SCANNER_VERSION}
ENV SONAR_SCANNER_PACKAGE sonar-scanner-${SONAR_SCANNER_VERSION}.zip
ENV SONAR_RUNNER_HOME ${SONAR_SCANNER_HOME}
ENV PATH $PATH:${SONAR_SCANNER_HOME}/bin
ENV WORKDIR /home/workspace
# Define working directory.
WORKDIR ${WORKDIR}
# Install dependencies
RUN apt-get -yqq update && \
apt-get -yqq --no-install-recommends install git bzip2 curl unzip && \
npm install -g gulp bower && \
npm cache clean && \
apt-get -yqq autoremove && \
apt-get -yqq clean && \
rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/*
# Allow root for bower
RUN echo '{ "allow_root": true }' > /root/.bowerrc
# Download sonar
RUN curl --insecure -OL https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${SONAR_SCANNER_PACKAGE} && \
unzip ${SONAR_SCANNER_PACKAGE} -d /home && \
rm ${SONAR_SCANNER_PACKAGE}
RUN addgroup sonar && \
useradd -s /usr/sbin/nologin -d ${SONAR_SCANNER_HOME} -g sonar sonar && \
chown -R sonar:sonar ${SONAR_SCANNER_HOME} && \
chown -R sonar:sonar ${WORKDIR}
USER sonar
Java 8 需要先安装,因为声纳扫描仪需要它。我已将它添加到您的 Dockerfile 中。需要从 jessie backports 安装。
您可能应该将我添加的内容合并到您现有的 Install dependencies 部分
# Pull base image.
FROM node:6
LABEL maintainer "Gabriel Araujo <contact@gbiel.com>"
ENV SONAR_SCANNER_VERSION 2.8
ENV SONAR_SCANNER_HOME /home/sonar-scanner-${SONAR_SCANNER_VERSION}
ENV SONAR_SCANNER_PACKAGE sonar-scanner-${SONAR_SCANNER_VERSION}.zip
ENV SONAR_RUNNER_HOME ${SONAR_SCANNER_HOME}
ENV PATH $PATH:${SONAR_SCANNER_HOME}/bin
ENV WORKDIR /home/workspace
# Define working directory.
WORKDIR ${WORKDIR}
# Install OpenJDK 8
RUN echo 'deb http://deb.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list && \
apt-get update && \
apt-get install -y -t jessie-backports openjdk-8-jre-headless ca-certificates-java
# Install dependencies
RUN apt-get -yqq update && \
apt-get -yqq --no-install-recommends install git bzip2 curl unzip && \
npm install -g gulp bower && \
npm cache clean && \
apt-get -yqq autoremove && \
apt-get -yqq clean && \
rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/*
# Allow root for bower
RUN echo '{ "allow_root": true }' > /root/.bowerrc
# Download sonar
RUN curl --insecure -OL https://sonarsource.bintray.com/Distribution/sonar-scanner-cli/${SONAR_SCANNER_PACKAGE} && \
unzip ${SONAR_SCANNER_PACKAGE} -d /home && \
rm ${SONAR_SCANNER_PACKAGE}
RUN addgroup sonar && \
useradd -s /usr/sbin/nologin -d ${SONAR_SCANNER_HOME} -g sonar sonar && \
chown -R sonar:sonar ${SONAR_SCANNER_HOME} && \
chown -R sonar:sonar ${WORKDIR}
USER sonar
现在它应该可以工作了:
docker build -t sonar-test .
docker run -it --rm sonar-test /home/sonar-scanner-2.8/bin/sonar-scanner --help
INFO:
INFO: usage: sonar-scanner [options]
INFO:
INFO: Options:
INFO: -D,--define <arg> Define property
INFO: -h,--help Display help information
INFO: -v,--version Display version information
INFO: -X,--debug Produce execution debug output
INFO: -i,--interactive Run interactively