RabbitMQ 无法启动 Kubernetes 上的持久性存储。权限被拒绝错误
RabbitMQ fails to start with persistence storage on Kubernetes. Permission denied error
我有一个 rabbit mq pod,我配置为通过安装卷使用 pod restart/deletion 的持久性存储柜。
我配置了一切但无法解决这个错误:
/usr/lib/rabbitmq/bin/rabbitmq-server: 42:
/usr/lib/rabbitmq/bin/rabbitmq-server:
cannot create /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid:
Permission denied
这是我的 kubernetes 配置文件和部署应用程序
Dockerfile
FROM ubuntu:16.04
# hadolint ignore=DL3009
RUN apt-get update
# hadolint ignore=DL3008
RUN apt-get -y install --no-install-recommends rabbitmq-server
RUN apt-get -y autoremove && apt-get -y clean
# hadolint ignore=DL3001
RUN service rabbitmq-server start
COPY start.sh /start.sh
RUN chmod 755 ./start.sh
EXPOSE 5672
EXPOSE 15672
CMD ["/start.sh", "test", "1234"]
start.sh
#!/bin/sh
cat > /etc/rabbitmq/rabbitmq.conf <<EOF
listeners.tcp.default = 5672
default_user = <<"">>
default_pass = <<"">>
EOF
rabbitmq-server
rabbitmq.yaml
---
apiVersion: v1
kind: Service
metadata:
name: message-broker
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: 5672
targetPort: 5672
name: "tcp"
protocol: TCP
- port: 15672
targetPort: 15672
name: "management"
protocol: TCP
selector:
app: message-broker
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: message-broker
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: message-broker
template:
metadata:
labels:
app: message-broker
spec:
containers:
- name: message-broker
image: {{ .Values.message_broker.image }}
imagePullPolicy: {{ .Values.components.message_broker.imagePullPolicy }}
ports:
- containerPort: 5672
name: tcp
- containerPort: 15672
name: management
volumeMounts:
- name: data
mountPath: /var/lib/rabbitmq/mnesia
env:
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: password # password = root
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: user # user = root
...
nodeSelector:
....
volumes:
- name: data
hostPath:
path: /var/test/rabbitmq
让我知道我可能遗漏了什么。 :)
错误提示“无法创建 /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid:
没有权限'。尝试为 /var/lib/rabbitmq/mnesia/ 目录提供写入权限。
您在 /var/lib/rabbitmq/mnesia 中装载的卷归 root 所有。
rabbitmq 进程是 运行 作为 rabbitmq 用户并且没有对此目录的写入权限。
在你的 start.sh 添加:
chown rabbitmq:rabbitmq /var/lib/rabbitmq/mnesia
在启动 rabbitmq-server 进程之前。
我有一个 rabbit mq pod,我配置为通过安装卷使用 pod restart/deletion 的持久性存储柜。
我配置了一切但无法解决这个错误:
/usr/lib/rabbitmq/bin/rabbitmq-server: 42:
/usr/lib/rabbitmq/bin/rabbitmq-server:
cannot create /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid:
Permission denied
这是我的 kubernetes 配置文件和部署应用程序
Dockerfile
FROM ubuntu:16.04
# hadolint ignore=DL3009
RUN apt-get update
# hadolint ignore=DL3008
RUN apt-get -y install --no-install-recommends rabbitmq-server
RUN apt-get -y autoremove && apt-get -y clean
# hadolint ignore=DL3001
RUN service rabbitmq-server start
COPY start.sh /start.sh
RUN chmod 755 ./start.sh
EXPOSE 5672
EXPOSE 15672
CMD ["/start.sh", "test", "1234"]
start.sh
#!/bin/sh
cat > /etc/rabbitmq/rabbitmq.conf <<EOF
listeners.tcp.default = 5672
default_user = <<"">>
default_pass = <<"">>
EOF
rabbitmq-server
rabbitmq.yaml
---
apiVersion: v1
kind: Service
metadata:
name: message-broker
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: 5672
targetPort: 5672
name: "tcp"
protocol: TCP
- port: 15672
targetPort: 15672
name: "management"
protocol: TCP
selector:
app: message-broker
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: message-broker
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: message-broker
template:
metadata:
labels:
app: message-broker
spec:
containers:
- name: message-broker
image: {{ .Values.message_broker.image }}
imagePullPolicy: {{ .Values.components.message_broker.imagePullPolicy }}
ports:
- containerPort: 5672
name: tcp
- containerPort: 15672
name: management
volumeMounts:
- name: data
mountPath: /var/lib/rabbitmq/mnesia
env:
- name: RABBITMQ_DEFAULT_PASS
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: password # password = root
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:
name: rabbitmq-secrets
key: user # user = root
...
nodeSelector:
....
volumes:
- name: data
hostPath:
path: /var/test/rabbitmq
让我知道我可能遗漏了什么。 :)
错误提示“无法创建 /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid: 没有权限'。尝试为 /var/lib/rabbitmq/mnesia/ 目录提供写入权限。
您在 /var/lib/rabbitmq/mnesia 中装载的卷归 root 所有。
rabbitmq 进程是 运行 作为 rabbitmq 用户并且没有对此目录的写入权限。
在你的 start.sh 添加:
chown rabbitmq:rabbitmq /var/lib/rabbitmq/mnesia
在启动 rabbitmq-server 进程之前。