RabbitMQ 无法启动 Kubernetes 上的持久性存储。权限被拒绝错误

RabbitMQ fails to start with persistence storage on Kubernetes. Permission denied error

我有一个 rabbit mq pod,我配置为通过安装卷使用 pod restart/deletion 的持久性存储柜。

我配置了一切但无法解决这个错误:

/usr/lib/rabbitmq/bin/rabbitmq-server: 42: 
/usr/lib/rabbitmq/bin/rabbitmq-server: 
cannot create /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid: 
Permission denied

这是我的 kubernetes 配置文件和部署应用程序

  1. Dockerfile
FROM ubuntu:16.04
# hadolint ignore=DL3009
RUN apt-get update
# hadolint ignore=DL3008
RUN apt-get -y install --no-install-recommends rabbitmq-server
RUN apt-get -y autoremove && apt-get -y clean
# hadolint ignore=DL3001
RUN service rabbitmq-server start
COPY start.sh /start.sh
RUN chmod 755 ./start.sh
EXPOSE 5672
EXPOSE 15672
CMD ["/start.sh", "test", "1234"]
  1. start.sh
#!/bin/sh
cat > /etc/rabbitmq/rabbitmq.conf <<EOF
listeners.tcp.default = 5672

default_user = <<"">>
default_pass = <<"">>
EOF
rabbitmq-server
  1. rabbitmq.yaml
---
apiVersion: v1
kind: Service
metadata:
  name: message-broker
  namespace: {{ .Release.Namespace }}
spec:
  ports:
   - port: 5672
     targetPort: 5672
     name: "tcp"
     protocol: TCP
   - port: 15672
     targetPort: 15672
     name: "management"
     protocol: TCP
  selector:
    app: message-broker
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: message-broker
  namespace: {{ .Release.Namespace }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: message-broker
  template:
    metadata:
      labels:
        app: message-broker
    spec:
      containers:
      - name: message-broker
        image: {{ .Values.message_broker.image }}
        imagePullPolicy: {{ .Values.components.message_broker.imagePullPolicy }}
        ports:
        - containerPort: 5672
          name: tcp
        - containerPort: 15672
          name: management
        volumeMounts:
        - name: data
          mountPath: /var/lib/rabbitmq/mnesia
        env:
        - name: RABBITMQ_DEFAULT_PASS
          valueFrom:
            secretKeyRef:
              name: rabbitmq-secrets
              key: password # password = root
        - name: RABBITMQ_DEFAULT_USER
          valueFrom:
            secretKeyRef:
              name: rabbitmq-secrets
              key: user # user = root
      ...
      nodeSelector:
      ....
      volumes:
      - name: data
        hostPath:
          path: /var/test/rabbitmq

让我知道我可能遗漏了什么。 :)

错误提示“无法创建 /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid: 没有权限'。尝试为 /var/lib/rabbitmq/mnesia/ 目录提供写入权限。

您在 /var/lib/rabbitmq/mnesia 中装载的卷归 root 所有。

rabbitmq 进程是 运行 作为 rabbitmq 用户并且没有对此目录的写入权限。

在你的 start.sh 添加:

chown rabbitmq:rabbitmq /var/lib/rabbitmq/mnesia

在启动 rabbitmq-server 进程之前。