如何更改 elasticsearch docker 容器中目录的所有者权限?
How do I change owner permissions of a directory inside my elasticsearch docker container?
我的 VM 中有一个 elasticsearch docker 容器,它与使用 docker 映像安装的 elasticsearch 2.3 版配合得很好。但是,在将 elasticsearch 升级到版本 7.1.1(使用 docker 图像)时,我收到了错误消息。在检查错误时,我发现我在 docker 容器的卷中提到的目录权限是错误的根本原因。当我尝试手动更改权限时,即通过 运行 命令 chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data 在我的 docker elasticsearch 容器中,它起作用了。但是当我尝试对我的 ansible 任务文件执行相同操作时,它不起作用并且 elasticsearch docker 容器不断重启。下面我粘贴了我的 ansible 任务 main.yml 文件 (ansible\roles\elasticsearch1\tasks\main.yml)。
我是 docker 的新手并且很敏感,所以在这方面的任何帮助都会很棒。
我已经试过了
command: chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data
作为我 main.yml 中 docker_container 条目中的参数之一。
- name: Data dir exists
file:
path: "{{ elasticsearch_data }}"
state: directory
mode: 0755
- name: elasticsearch-1 container is running
docker_container:
name: elasticsearch-1
image: "{{elasticsearch_image_name}}:{{elasticsearch_image_version}}"
state: started
restart: yes
restart_policy: "{{ docker_container_restart }}"
volumes:
- "{{ elasticsearch_data }}:/usr/share/elasticsearch/data"
env:
discovery.type: "single-node"
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
published_ports:
- "{{elasticsearch_rest_port}}:9200"
- "{{elasticsearch_mgnt_port}}:9300"
下面是 docker 日志中的错误:
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
{"type": "server", "timestamp": "2019-08-01T12:19:21,708+0000", "level": "WARN", "component": "o.e.b.ElasticsearchUncaughtExceptionHandler", "cluster.name": "docker-cluster", "node.name": "70b2e205184
thread [main]" ,
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to obtain node locks, tried [[/usr/share/elasticsearch/data]] with lock id [0]; maybe these locati
were started without increasing [node.max_local_storage_nodes] (was [1])?",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.1.1.jar:7.1.1]",
"Caused by: java.lang.IllegalStateException: failed to obtain node locks, tried [[/usr/share/elasticsearch/data]] with lock id [0]; maybe these locations are not writable or multiple nodes were starte
torage_nodes] (was [1])?",
"at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:297) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:272) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
剧本的输出如下:
PLAY [db1] *********************************************************************
skipping: no hosts matched
PLAY RECAP *********************************************************************
+ app_exit_code=0
+ wait 5898
TASK [Gathering Facts] *********************************************************
task path: /home/system/ansible/00020-elasticsearch1.yml:2
ok: [10.100.192.342]
META: ran handlers
TASK [elasticsearch1 : Data dir exists] ****************************************
task path: /home/system/ansible/roles/elasticsearch1/tasks/main.yml:1
ok: [10.100.192.342] => {"changed": false, "gid": 1002, "group": "hurgrp", "mode": "0755", "owner": "huruser", "path": "/data/elasticsearch1/data", "secontext": "unconfined_u:object_r:default_t:s0", "size": 19, "state": "directory", "uid": 1001}
TASK [elasticsearch1 : elasticsearch-1 container is running] *******************
task path: /home/system/ansible/roles/elasticsearch1/tasks/main.yml:7
changed: [10.100.192.342] => {"ansible_facts": {"docker_container": {"AppArmorProfile": "", "Args": ["eswrapper"], "Config": {"ArgsEscaped": true, "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": ["eswrapper"], "Domainname": "", "Entrypoint": ["/usr/local/bin/docker-entrypoint.sh"], "Env": ["discovery.type=single-node", "ES_JAVA_OPTS=-Xms512m -Xmx512m", "PATH=/usr/share/elasticsearch/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "ELASTIC_CONTAINER=true"], "ExposedPorts": {"9200/tcp": {}, "9300/tcp": {}}, "Hostname": "1ec23e124b08", "Image": "elasticsearch:7.1.1", "Labels": {"license": "Elastic License", "org.label-schema.build-date": "20190305", "org.label-schema.license": "GPLv2", "org.label-schema.name": "elasticsearch", "org.label-schema.schema-version": "1.0", "org.label-schema.url": "https://www.elastic.co/products/elasticsearch", "org.label-schema.vcs-url": "https://github.com/elastic/elasticsearch", "org.label-schema.vendor": "Elastic", "org.label-schema.version": "7.1.1"}, "OnBuild": null, "OpenStdin": false, "StdinOnce": false, "Tty": false, "User": "", "Volumes": {"/usr/share/elasticsearch/data": {}}, "WorkingDir": "/usr/share/elasticsearch"}, "Created": "2019-08-26T13:33:25.098000492Z", "Driver": "overlay2", "ExecIDs": null, "GraphDriver": {"Data": {"LowerDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2-init/diff:/var/lib/docker/overlay2/8080db911ac1123a227a623d79054f7b37480d493d254da67073aa197adf48e4/diff:/var/lib/docker/overlay2/ab79afd0a77cd3f3210663033480a99a90581e38414a0b5f084abf98aab3470c/diff:/var/lib/docker/overlay2/181a2facaf7eab27e38ed5d6a403aa5bf1968b2a2da47c5fcf480bcdf855e863/diff:/var/lib/docker/overlay2/7bcd8bdef9bab37695e226fcd0c0984da878516951d3e6af1ef78ae8a02ede60/diff:/var/lib/docker/overlay2/993738850cca9ca3b73bd65cefb07862369705aca8b5d0db5e646d63263e3771/diff:/var/lib/docker/overlay2/b11080b6c1e61ec621e1af3575df720a0b535eda80dc2dc9abee45883badb541/diff:/var/lib/docker/overlay2/3c2669b57199903d1b02811a73d6ec387fbaed6085280979ce29b7b3c09f9331/diff", "MergedDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2/merged", "UpperDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2/diff", "WorkDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2/work"}, "Name": "overlay2"}, "HostConfig": {"AutoRemove": false, "Binds": ["/data/elasticsearch1/data:/usr/share/elasticsearch/data:rw"], "BlkioDeviceReadBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceWriteIOps": null, "BlkioWeight": 0, "BlkioWeightDevice": null, "CapAdd": null, "CapDrop": null, "Cgroup": "", "CgroupParent": "", "ConsoleSize": [0, 0], "ContainerIDFile": "", "CpuCount": 0, "CpuPercent": 0, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpuShares": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": null, "DiskQuota": 0, "Dns": null, "DnsOptions": null, "DnsSearch": null, "ExtraHosts": null, "GroupAdd": null, "IOMaximumBandwidth": 0, "IOMaximumIOps": 0, "IpcMode": "", "Isolation": "", "KernelMemory": 0, "Links": null, "LogConfig": {"Config": {}, "Type": "journald"}, "Memory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": -1, "NanoCpus": 0, "NetworkMode": "default", "OomKillDisable": false, "OomScoreAdj": 0, "PidMode": "", "PidsLimit": 0, "PortBindings": {"9200/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9201"}], "9300/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9301"}]}, "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "RestartPolicy": {"MaximumRetryCount": 0, "Name": "unless-stopped"}, "Runtime": "docker-runc", "SecurityOpt": null, "ShmSize": 67108864, "UTSMode": "", "Ulimits": null, "UsernsMode": "", "VolumeDriver": "", "VolumesFrom": null}, "HostnamePath": "/var/lib/docker/containers/1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e/hostname", "HostsPath": "/var/lib/docker/containers/1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e/hosts", "Id": "1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e", "Image": "sha256:b0e9f9f047e6b49bdf540f84a9cd9004886bd17bb5bedd27692f1b4d1ec41355", "LogPath": "", "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c107,c1010", "Mounts": [{"Destination": "/usr/share/elasticsearch/data", "Mode": "rw", "Propagation": "rprivate", "RW": true, "Source": "/data/elasticsearch1/data", "Type": "bind"}], "Name": "/elasticsearch-1", "NetworkSettings": {"Bridge": "", "EndpointID": "14a0263746886f75eb7776af9aa5b2919aef696db76d53f0fde72164107938db", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "HairpinMode": false, "IPAddress": "172.17.0.5", "IPPrefixLen": 16, "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:05", "Networks": {"bridge": {"Aliases": null, "EndpointID": "14a0263746886f75eb7776af9aa5b2919aef696db76d53f0fde72164107938db", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": null, "IPAddress": "172.17.0.5", "IPPrefixLen": 16, "IPv6Gateway": "", "Links": null, "MacAddress": "02:42:ac:11:00:05", "NetworkID": "652a5457affbd71402c4c480be83bd0580e25024f9cd5985d7202f2c1170f08a"}}, "Ports": {"9200/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9201"}], "9300/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9301"}]}, "SandboxID": "7a6d886760f0b6ba6abda5ee0d0e86e60ef929a8b8bf6203e142ba997b1ef7a5", "SandboxKey": "/var/run/docker/netns/7a6d886760f0", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null}, "Path": "/usr/local/bin/docker-entrypoint.sh", "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c107,c1010", "ResolvConfPath": "/var/lib/docker/containers/1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e/resolv.conf", "RestartCount": 0, "State": {"Dead": false, "Error": "", "ExitCode": 0, "FinishedAt": "0001-01-01T00:00:00Z", "OOMKilled": false, "Paused": false, "Pid": 11802, "Restarting": false, "Running": true, "StartedAt": "2019-08-26T13:33:25.519298411Z", "Status": "running"}}}, "changed": true}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
10.100.192.342 : ok=3 changed=1 unreachable=0 failed=0
+ db_exit_code=0
+ exit_code=0
+ [[ 0 != 0 ]]
+ [[ 0 != 0 ]]
+ [[ 0 != 0 ]]
您的问题是 Docker 包装了您的进程 - 因此容器内的用户 elasticsearch
与容器外的用户 elasticsearch
不同(他们将具有不同的 UID 和 GID ).
假设 elasticsearch 容器使用固定的 UID,您应该在 ansible 脚本中指定该 UID 以使其正常工作。
我同意 Paul Becotte,您需要授予容器内 elasticsearch
用户和组的访问权限。为 elasticsearch
找到容器 UID 和 GID 并在 ansible 脚本中提供访问权限可能是个好主意,但是如果我们可以简单地使用下面的命令
提供访问权限,这将很容易
- name: Give data dir access to elasticsearch user inside elasticsearch-1 container
command: docker exec elasticsearch-1 chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data
在 docker_container
模块之后。所以整个 ansible 脚本如下所示,希望对您有所帮助。
- name: Data dir exists
file:
path: "{{ elasticsearch_data }}"
state: directory
mode: 0755
- name: elasticsearch-1 container is running
docker_container:
name: elasticsearch-1
image: "{{elasticsearch_image_name}}:{{elasticsearch_image_version}}"
state: started
restart: yes
restart_policy: "{{ docker_container_restart }}"
volumes:
- "{{ elasticsearch_data }}:/usr/share/elasticsearch/data"
env:
discovery.type: "single-node"
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
published_ports:
- "{{elasticsearch_rest_port}}:9200"
- "{{elasticsearch_mgnt_port}}:9300"
- name: Give data dir access to elasticsearch user inside elasticsearch-1 container
command: docker exec elasticsearch-1 chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data
我的 VM 中有一个 elasticsearch docker 容器,它与使用 docker 映像安装的 elasticsearch 2.3 版配合得很好。但是,在将 elasticsearch 升级到版本 7.1.1(使用 docker 图像)时,我收到了错误消息。在检查错误时,我发现我在 docker 容器的卷中提到的目录权限是错误的根本原因。当我尝试手动更改权限时,即通过 运行 命令 chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data 在我的 docker elasticsearch 容器中,它起作用了。但是当我尝试对我的 ansible 任务文件执行相同操作时,它不起作用并且 elasticsearch docker 容器不断重启。下面我粘贴了我的 ansible 任务 main.yml 文件 (ansible\roles\elasticsearch1\tasks\main.yml)。
我是 docker 的新手并且很敏感,所以在这方面的任何帮助都会很棒。
我已经试过了
command: chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data
作为我 main.yml 中 docker_container 条目中的参数之一。
- name: Data dir exists
file:
path: "{{ elasticsearch_data }}"
state: directory
mode: 0755
- name: elasticsearch-1 container is running
docker_container:
name: elasticsearch-1
image: "{{elasticsearch_image_name}}:{{elasticsearch_image_version}}"
state: started
restart: yes
restart_policy: "{{ docker_container_restart }}"
volumes:
- "{{ elasticsearch_data }}:/usr/share/elasticsearch/data"
env:
discovery.type: "single-node"
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
published_ports:
- "{{elasticsearch_rest_port}}:9200"
- "{{elasticsearch_mgnt_port}}:9300"
下面是 docker 日志中的错误:
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
{"type": "server", "timestamp": "2019-08-01T12:19:21,708+0000", "level": "WARN", "component": "o.e.b.ElasticsearchUncaughtExceptionHandler", "cluster.name": "docker-cluster", "node.name": "70b2e205184
thread [main]" ,
"stacktrace": ["org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to obtain node locks, tried [[/usr/share/elasticsearch/data]] with lock id [0]; maybe these locati
were started without increasing [node.max_local_storage_nodes] (was [1])?",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.1.1.jar:7.1.1]",
"Caused by: java.lang.IllegalStateException: failed to obtain node locks, tried [[/usr/share/elasticsearch/data]] with lock id [0]; maybe these locations are not writable or multiple nodes were starte
torage_nodes] (was [1])?",
"at org.elasticsearch.env.NodeEnvironment.<init>(NodeEnvironment.java:297) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:272) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:252) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.<init>(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:211) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]",
"... 6 more",
剧本的输出如下:
PLAY [db1] *********************************************************************
skipping: no hosts matched
PLAY RECAP *********************************************************************
+ app_exit_code=0
+ wait 5898
TASK [Gathering Facts] *********************************************************
task path: /home/system/ansible/00020-elasticsearch1.yml:2
ok: [10.100.192.342]
META: ran handlers
TASK [elasticsearch1 : Data dir exists] ****************************************
task path: /home/system/ansible/roles/elasticsearch1/tasks/main.yml:1
ok: [10.100.192.342] => {"changed": false, "gid": 1002, "group": "hurgrp", "mode": "0755", "owner": "huruser", "path": "/data/elasticsearch1/data", "secontext": "unconfined_u:object_r:default_t:s0", "size": 19, "state": "directory", "uid": 1001}
TASK [elasticsearch1 : elasticsearch-1 container is running] *******************
task path: /home/system/ansible/roles/elasticsearch1/tasks/main.yml:7
changed: [10.100.192.342] => {"ansible_facts": {"docker_container": {"AppArmorProfile": "", "Args": ["eswrapper"], "Config": {"ArgsEscaped": true, "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": ["eswrapper"], "Domainname": "", "Entrypoint": ["/usr/local/bin/docker-entrypoint.sh"], "Env": ["discovery.type=single-node", "ES_JAVA_OPTS=-Xms512m -Xmx512m", "PATH=/usr/share/elasticsearch/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "ELASTIC_CONTAINER=true"], "ExposedPorts": {"9200/tcp": {}, "9300/tcp": {}}, "Hostname": "1ec23e124b08", "Image": "elasticsearch:7.1.1", "Labels": {"license": "Elastic License", "org.label-schema.build-date": "20190305", "org.label-schema.license": "GPLv2", "org.label-schema.name": "elasticsearch", "org.label-schema.schema-version": "1.0", "org.label-schema.url": "https://www.elastic.co/products/elasticsearch", "org.label-schema.vcs-url": "https://github.com/elastic/elasticsearch", "org.label-schema.vendor": "Elastic", "org.label-schema.version": "7.1.1"}, "OnBuild": null, "OpenStdin": false, "StdinOnce": false, "Tty": false, "User": "", "Volumes": {"/usr/share/elasticsearch/data": {}}, "WorkingDir": "/usr/share/elasticsearch"}, "Created": "2019-08-26T13:33:25.098000492Z", "Driver": "overlay2", "ExecIDs": null, "GraphDriver": {"Data": {"LowerDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2-init/diff:/var/lib/docker/overlay2/8080db911ac1123a227a623d79054f7b37480d493d254da67073aa197adf48e4/diff:/var/lib/docker/overlay2/ab79afd0a77cd3f3210663033480a99a90581e38414a0b5f084abf98aab3470c/diff:/var/lib/docker/overlay2/181a2facaf7eab27e38ed5d6a403aa5bf1968b2a2da47c5fcf480bcdf855e863/diff:/var/lib/docker/overlay2/7bcd8bdef9bab37695e226fcd0c0984da878516951d3e6af1ef78ae8a02ede60/diff:/var/lib/docker/overlay2/993738850cca9ca3b73bd65cefb07862369705aca8b5d0db5e646d63263e3771/diff:/var/lib/docker/overlay2/b11080b6c1e61ec621e1af3575df720a0b535eda80dc2dc9abee45883badb541/diff:/var/lib/docker/overlay2/3c2669b57199903d1b02811a73d6ec387fbaed6085280979ce29b7b3c09f9331/diff", "MergedDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2/merged", "UpperDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2/diff", "WorkDir": "/var/lib/docker/overlay2/c2609676f4fa042fe666d1885ca1ddb3a6f1f2be8d4272a64a901a0ffa5d27f2/work"}, "Name": "overlay2"}, "HostConfig": {"AutoRemove": false, "Binds": ["/data/elasticsearch1/data:/usr/share/elasticsearch/data:rw"], "BlkioDeviceReadBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceWriteIOps": null, "BlkioWeight": 0, "BlkioWeightDevice": null, "CapAdd": null, "CapDrop": null, "Cgroup": "", "CgroupParent": "", "ConsoleSize": [0, 0], "ContainerIDFile": "", "CpuCount": 0, "CpuPercent": 0, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpuShares": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": null, "DiskQuota": 0, "Dns": null, "DnsOptions": null, "DnsSearch": null, "ExtraHosts": null, "GroupAdd": null, "IOMaximumBandwidth": 0, "IOMaximumIOps": 0, "IpcMode": "", "Isolation": "", "KernelMemory": 0, "Links": null, "LogConfig": {"Config": {}, "Type": "journald"}, "Memory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": -1, "NanoCpus": 0, "NetworkMode": "default", "OomKillDisable": false, "OomScoreAdj": 0, "PidMode": "", "PidsLimit": 0, "PortBindings": {"9200/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9201"}], "9300/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9301"}]}, "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "RestartPolicy": {"MaximumRetryCount": 0, "Name": "unless-stopped"}, "Runtime": "docker-runc", "SecurityOpt": null, "ShmSize": 67108864, "UTSMode": "", "Ulimits": null, "UsernsMode": "", "VolumeDriver": "", "VolumesFrom": null}, "HostnamePath": "/var/lib/docker/containers/1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e/hostname", "HostsPath": "/var/lib/docker/containers/1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e/hosts", "Id": "1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e", "Image": "sha256:b0e9f9f047e6b49bdf540f84a9cd9004886bd17bb5bedd27692f1b4d1ec41355", "LogPath": "", "MountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c107,c1010", "Mounts": [{"Destination": "/usr/share/elasticsearch/data", "Mode": "rw", "Propagation": "rprivate", "RW": true, "Source": "/data/elasticsearch1/data", "Type": "bind"}], "Name": "/elasticsearch-1", "NetworkSettings": {"Bridge": "", "EndpointID": "14a0263746886f75eb7776af9aa5b2919aef696db76d53f0fde72164107938db", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "HairpinMode": false, "IPAddress": "172.17.0.5", "IPPrefixLen": 16, "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:05", "Networks": {"bridge": {"Aliases": null, "EndpointID": "14a0263746886f75eb7776af9aa5b2919aef696db76d53f0fde72164107938db", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAMConfig": null, "IPAddress": "172.17.0.5", "IPPrefixLen": 16, "IPv6Gateway": "", "Links": null, "MacAddress": "02:42:ac:11:00:05", "NetworkID": "652a5457affbd71402c4c480be83bd0580e25024f9cd5985d7202f2c1170f08a"}}, "Ports": {"9200/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9201"}], "9300/tcp": [{"HostIp": "0.0.0.0", "HostPort": "9301"}]}, "SandboxID": "7a6d886760f0b6ba6abda5ee0d0e86e60ef929a8b8bf6203e142ba997b1ef7a5", "SandboxKey": "/var/run/docker/netns/7a6d886760f0", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null}, "Path": "/usr/local/bin/docker-entrypoint.sh", "ProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0:c107,c1010", "ResolvConfPath": "/var/lib/docker/containers/1ec23e124b084249946a3e8569c7090b0088eaefd7c8b55aa05c90cca56ca65e/resolv.conf", "RestartCount": 0, "State": {"Dead": false, "Error": "", "ExitCode": 0, "FinishedAt": "0001-01-01T00:00:00Z", "OOMKilled": false, "Paused": false, "Pid": 11802, "Restarting": false, "Running": true, "StartedAt": "2019-08-26T13:33:25.519298411Z", "Status": "running"}}}, "changed": true}
META: ran handlers
META: ran handlers
PLAY RECAP *********************************************************************
10.100.192.342 : ok=3 changed=1 unreachable=0 failed=0
+ db_exit_code=0
+ exit_code=0
+ [[ 0 != 0 ]]
+ [[ 0 != 0 ]]
+ [[ 0 != 0 ]]
您的问题是 Docker 包装了您的进程 - 因此容器内的用户 elasticsearch
与容器外的用户 elasticsearch
不同(他们将具有不同的 UID 和 GID ).
假设 elasticsearch 容器使用固定的 UID,您应该在 ansible 脚本中指定该 UID 以使其正常工作。
我同意 Paul Becotte,您需要授予容器内 elasticsearch
用户和组的访问权限。为 elasticsearch
找到容器 UID 和 GID 并在 ansible 脚本中提供访问权限可能是个好主意,但是如果我们可以简单地使用下面的命令
- name: Give data dir access to elasticsearch user inside elasticsearch-1 container
command: docker exec elasticsearch-1 chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data
在 docker_container
模块之后。所以整个 ansible 脚本如下所示,希望对您有所帮助。
- name: Data dir exists
file:
path: "{{ elasticsearch_data }}"
state: directory
mode: 0755
- name: elasticsearch-1 container is running
docker_container:
name: elasticsearch-1
image: "{{elasticsearch_image_name}}:{{elasticsearch_image_version}}"
state: started
restart: yes
restart_policy: "{{ docker_container_restart }}"
volumes:
- "{{ elasticsearch_data }}:/usr/share/elasticsearch/data"
env:
discovery.type: "single-node"
ES_JAVA_OPTS: "-Xms512m -Xmx512m"
published_ports:
- "{{elasticsearch_rest_port}}:9200"
- "{{elasticsearch_mgnt_port}}:9300"
- name: Give data dir access to elasticsearch user inside elasticsearch-1 container
command: docker exec elasticsearch-1 chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/data