Docker 运行 无法使用:无法加载...权限被拒绝
Docker run not working with: failed to load ... permission denied
我正在尝试在 Digital Ocean(这是一个数据中心)上进行部署,但我遇到了阻止部署的问题。
构建过程运行良好。
我的项目 Dockerfile:
####################################################################################################
## Builder
####################################################################################################
FROM rust:latest AS builder
RUN rustup target add x86_64-unknown-linux-musl
RUN apt update && apt install -y musl-tools musl-dev
RUN update-ca-certificates
WORKDIR /myrustapp
COPY ./ .
RUN cargo build --release
RUN chmod -R 777 /myrustapp
####################################################################################################
## Final image
####################################################################################################
FROM scratch
WORKDIR /myrustapp
COPY --from=builder /myrustapp/target/release/myrustapp ./
# RUN chmod -R 777 /myrustapp <- this occure a build crash because sh is not present in scratch image
最后(D.O执行的EQ命令):docker run myimage /myrustapp
结果/错误:
[myrustapp] [2022-01-19 14:14:19] starting container: starting non-root container [/myrustapp]: creating process: failed to load /myrustapp: permission denied
提前致谢!
因此,我使用 MUSL 构建器为我的容器创建了一个新映像,以防止依赖项因 scratch 或 alpine 映像而丢失。
我的新 Dockerfile:
# Build Stage
FROM ekidd/rust-musl-builder:latest AS builder
# We need to add the source code to the image because `rust-musl-builder`
# assumes a UID of 1000, but TravisCI has switched to 2000.
WORKDIR /myrustapp
ADD --chown=rust:rust . ./
RUN cargo build --release --target=x86_64-unknown-linux-musl
# Bundle Stage
FROM scratch
# If you want SSL for requests
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /myrustapp/target/x86_64-unknown-linux-musl/release/myrustapp /myrustapp
CMD ["/myrustapp"]
它实际上工作得很好,但也许它不能适应所有的依赖关系。
如果发生这种情况,@DazWilkin的解决方案效果很好,但图像会重很多。
我只需要对其进行一些编辑即可使其正常运行 (2022)。
编辑版本:
FROM rust:latest as builder
RUN USER=root cargo new --bin myrustapp
WORKDIR /myrustapp
COPY ./Cargo.toml ./Cargo.toml
RUN cargo build --release
RUN rm src/*.rs
ADD . ./
RUN rm ./target/release/deps/myrustapp*
RUN cargo build --release
FROM debian:latest as runtime
WORKDIR /bin
# Copy from builder and rename to 'server'
COPY --from=builder /myrustapp/target/release/myrustapp ./server
RUN apt-get update \
&& apt-get install -y ca-certificates tzdata \
&& rm -rf /var/lib/apt/lists/*
ENV TZ=Etc/UTC \
USER=appuser
RUN groupadd ${USER} \
&& useradd -g ${USER} ${USER} && \
chown -R ${USER}:${USER} /bin
USER ${USER}
EXPOSE 8080
ENTRYPOINT ["./server"]
感谢大家的帮助!
我正在尝试在 Digital Ocean(这是一个数据中心)上进行部署,但我遇到了阻止部署的问题。
构建过程运行良好。
我的项目 Dockerfile:
####################################################################################################
## Builder
####################################################################################################
FROM rust:latest AS builder
RUN rustup target add x86_64-unknown-linux-musl
RUN apt update && apt install -y musl-tools musl-dev
RUN update-ca-certificates
WORKDIR /myrustapp
COPY ./ .
RUN cargo build --release
RUN chmod -R 777 /myrustapp
####################################################################################################
## Final image
####################################################################################################
FROM scratch
WORKDIR /myrustapp
COPY --from=builder /myrustapp/target/release/myrustapp ./
# RUN chmod -R 777 /myrustapp <- this occure a build crash because sh is not present in scratch image
最后(D.O执行的EQ命令):docker run myimage /myrustapp
结果/错误:
[myrustapp] [2022-01-19 14:14:19] starting container: starting non-root container [/myrustapp]: creating process: failed to load /myrustapp: permission denied
提前致谢!
因此,我使用 MUSL 构建器为我的容器创建了一个新映像,以防止依赖项因 scratch 或 alpine 映像而丢失。
我的新 Dockerfile:
# Build Stage
FROM ekidd/rust-musl-builder:latest AS builder
# We need to add the source code to the image because `rust-musl-builder`
# assumes a UID of 1000, but TravisCI has switched to 2000.
WORKDIR /myrustapp
ADD --chown=rust:rust . ./
RUN cargo build --release --target=x86_64-unknown-linux-musl
# Bundle Stage
FROM scratch
# If you want SSL for requests
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /myrustapp/target/x86_64-unknown-linux-musl/release/myrustapp /myrustapp
CMD ["/myrustapp"]
它实际上工作得很好,但也许它不能适应所有的依赖关系。
如果发生这种情况,@DazWilkin的解决方案效果很好,但图像会重很多。
我只需要对其进行一些编辑即可使其正常运行 (2022)。
编辑版本:
FROM rust:latest as builder
RUN USER=root cargo new --bin myrustapp
WORKDIR /myrustapp
COPY ./Cargo.toml ./Cargo.toml
RUN cargo build --release
RUN rm src/*.rs
ADD . ./
RUN rm ./target/release/deps/myrustapp*
RUN cargo build --release
FROM debian:latest as runtime
WORKDIR /bin
# Copy from builder and rename to 'server'
COPY --from=builder /myrustapp/target/release/myrustapp ./server
RUN apt-get update \
&& apt-get install -y ca-certificates tzdata \
&& rm -rf /var/lib/apt/lists/*
ENV TZ=Etc/UTC \
USER=appuser
RUN groupadd ${USER} \
&& useradd -g ${USER} ${USER} && \
chown -R ${USER}:${USER} /bin
USER ${USER}
EXPOSE 8080
ENTRYPOINT ["./server"]
感谢大家的帮助!