ECS Fargate 中的 Artifactory Docker 图像权限错误
Artifactory Docker Image in ECS Fargate has bad permissions
我正在尝试将 AWS ECS Fargate 用于 运行 JFrog Artifactory。我已经让它在 EC2 实例中正常工作,但 ECS 给我带来了一些问题,我认为与 Artifactory 帐户的权限有关,它 运行s 在容器内,但我不知道不知道为什么这会导致 ECS 内部出现问题,而不是 运行 在 EC2 上使用它时不会出现问题,因为它们正在采购相同的 Docker 图像。我已在此处附上带有相关消息的日志,以及我的任务定义。
我尝试过的事情:
- 将工作目录设置为 /usr/jfrog(未更改任何内容)
没有帮助的类似问题:
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1670 ] [main] - Testing directory /opt/jfrog/artifactory/var has read/write permissions for user id 1030
/opt/jfrog/artifactory/app/bin/installerCommon.sh: line 1642: /opt/jfrog/artifactory/var/test-permissions: Permission denied
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1679 ] [main] - /opt/jfrog/artifactory/var DOES NOT have proper permissions for user id 1030
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1680 ] [main] - Directory: /opt/jfrog/artifactory/var, permissions: 755, owner: root, group: root
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1681 ] [main] - Mounted directory must have read/write permissions for user id 1030
[shell] [38;5;197m[ERROR][0m [] [installerCommon.sh:784 ] [main] - Directory /opt/jfrog/artifactory/var has bad permissions for user id 1030
{
"ipcMode": null,
"executionRoleArn": "xxx",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/ecs/first-run-task-definition",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": [],
"portMappings": [
{
"hostPort": 8082,
"protocol": "tcp",
"containerPort": 8082
},
{
"hostPort": 8081,
"protocol": "tcp",
"containerPort": 8081
},
{
"hostPort": 443,
"protocol": "tcp",
"containerPort": 443
}
],
"command": [],
"linuxParameters": null,
"cpu": 256,
"environment": [],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [
{
"readOnly": null,
"containerPath": "/var/opt/jfrog/artifactory",
"sourceVolume": "artifactory-storage"
}
],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": 512,
"volumesFrom": [],
"stopTimeout": null,
"image": "releases-docker.jfrog.io/jfrog/artifactory-pro:latest",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": [],
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "petclinic-container"
}
],
"memory": "512",
"taskRoleArn": "xxx",
"family": "artifactory",
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"runtimePlatform": null,
"cpu": "256",
"inferenceAccelerators": [],
"proxyConfiguration": null,
"volumes": [
{
"fsxWindowsFileServerVolumeConfiguration": null,
"efsVolumeConfiguration": {
"transitEncryptionPort": null,
"fileSystemId": "xxx",
"authorizationConfig": {
"iam": "DISABLED",
"accessPointId": null
},
"transitEncryption": "ENABLED",
"rootDirectory": "/"
},
"name": "artifactory-storage",
"host": null,
"dockerVolumeConfiguration": null
}
],
"tags": []
}
原来解决方法很简单,和EFS盘的权限有关。所有子文件夹都属于 运行 的帐户,但文件夹本身不是。 运行 sudo chown 1030:1030 . 在我试图装载的文件夹中解决了我所有的问题。
之前和之后:
ubuntu@ip-10-0-1-29:/mnt/efs/fs1$ ls -la
total 40
drwxr-xr-x 10 root root 6144 Apr 6 21:40 .
drwxr-xr-x 3 root root 4096 Apr 5 07:40 ..
drwxr-xr-x 2 1030 1030 6144 Apr 6 21:40 artifactory
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 backup
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 bootstrap
drwxr-xr-x 11 1030 1030 6144 Apr 5 07:27 data
drwxr-xr-x 12 1030 1030 6144 Apr 5 07:26 etc
drwxr-xr-x 4 1030 1030 6144 Apr 5 07:27 log
drwxr-xr-x 8 1030 1030 6144 Apr 6 21:18 var
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 work
ubuntu@ip-10-0-1-29:/mnt/efs/fs1$ sudo chown 1030:1030 .
ubuntu@ip-10-0-1-29:/mnt/efs/fs1$ ls -la
total 40
drwxr-xr-x 10 1030 1030 6144 Apr 6 21:40 .
drwxr-xr-x 3 root root 4096 Apr 5 07:40 ..
drwxr-xr-x 2 1030 1030 6144 Apr 6 21:40 artifactory
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 backup
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 bootstrap
drwxr-xr-x 11 1030 1030 6144 Apr 5 07:27 data
drwxr-xr-x 12 1030 1030 6144 Apr 5 07:26 etc
drwxr-xr-x 4 1030 1030 6144 Apr 5 07:27 log
drwxr-xr-x 8 1030 1030 6144 Apr 6 21:18 var
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 work
我正在尝试将 AWS ECS Fargate 用于 运行 JFrog Artifactory。我已经让它在 EC2 实例中正常工作,但 ECS 给我带来了一些问题,我认为与 Artifactory 帐户的权限有关,它 运行s 在容器内,但我不知道不知道为什么这会导致 ECS 内部出现问题,而不是 运行 在 EC2 上使用它时不会出现问题,因为它们正在采购相同的 Docker 图像。我已在此处附上带有相关消息的日志,以及我的任务定义。
我尝试过的事情:
- 将工作目录设置为 /usr/jfrog(未更改任何内容)
没有帮助的类似问题:
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1670 ] [main] - Testing directory /opt/jfrog/artifactory/var has read/write permissions for user id 1030
/opt/jfrog/artifactory/app/bin/installerCommon.sh: line 1642: /opt/jfrog/artifactory/var/test-permissions: Permission denied
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1679 ] [main] - /opt/jfrog/artifactory/var DOES NOT have proper permissions for user id 1030
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1680 ] [main] - Directory: /opt/jfrog/artifactory/var, permissions: 755, owner: root, group: root
[shell] [38;5;69m[INFO ][0m [] [installerCommon.sh:1681 ] [main] - Mounted directory must have read/write permissions for user id 1030
[shell] [38;5;197m[ERROR][0m [] [installerCommon.sh:784 ] [main] - Directory /opt/jfrog/artifactory/var has bad permissions for user id 1030
{
"ipcMode": null,
"executionRoleArn": "xxx",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/ecs/first-run-task-definition",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": [],
"portMappings": [
{
"hostPort": 8082,
"protocol": "tcp",
"containerPort": 8082
},
{
"hostPort": 8081,
"protocol": "tcp",
"containerPort": 8081
},
{
"hostPort": 443,
"protocol": "tcp",
"containerPort": 443
}
],
"command": [],
"linuxParameters": null,
"cpu": 256,
"environment": [],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [
{
"readOnly": null,
"containerPath": "/var/opt/jfrog/artifactory",
"sourceVolume": "artifactory-storage"
}
],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": 512,
"volumesFrom": [],
"stopTimeout": null,
"image": "releases-docker.jfrog.io/jfrog/artifactory-pro:latest",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": [],
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "petclinic-container"
}
],
"memory": "512",
"taskRoleArn": "xxx",
"family": "artifactory",
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"runtimePlatform": null,
"cpu": "256",
"inferenceAccelerators": [],
"proxyConfiguration": null,
"volumes": [
{
"fsxWindowsFileServerVolumeConfiguration": null,
"efsVolumeConfiguration": {
"transitEncryptionPort": null,
"fileSystemId": "xxx",
"authorizationConfig": {
"iam": "DISABLED",
"accessPointId": null
},
"transitEncryption": "ENABLED",
"rootDirectory": "/"
},
"name": "artifactory-storage",
"host": null,
"dockerVolumeConfiguration": null
}
],
"tags": []
}
原来解决方法很简单,和EFS盘的权限有关。所有子文件夹都属于 运行 的帐户,但文件夹本身不是。 运行 sudo chown 1030:1030 . 在我试图装载的文件夹中解决了我所有的问题。
之前和之后:
ubuntu@ip-10-0-1-29:/mnt/efs/fs1$ ls -la
total 40
drwxr-xr-x 10 root root 6144 Apr 6 21:40 .
drwxr-xr-x 3 root root 4096 Apr 5 07:40 ..
drwxr-xr-x 2 1030 1030 6144 Apr 6 21:40 artifactory
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 backup
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 bootstrap
drwxr-xr-x 11 1030 1030 6144 Apr 5 07:27 data
drwxr-xr-x 12 1030 1030 6144 Apr 5 07:26 etc
drwxr-xr-x 4 1030 1030 6144 Apr 5 07:27 log
drwxr-xr-x 8 1030 1030 6144 Apr 6 21:18 var
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 work
ubuntu@ip-10-0-1-29:/mnt/efs/fs1$ sudo chown 1030:1030 .
ubuntu@ip-10-0-1-29:/mnt/efs/fs1$ ls -la
total 40
drwxr-xr-x 10 1030 1030 6144 Apr 6 21:40 .
drwxr-xr-x 3 root root 4096 Apr 5 07:40 ..
drwxr-xr-x 2 1030 1030 6144 Apr 6 21:40 artifactory
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 backup
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 bootstrap
drwxr-xr-x 11 1030 1030 6144 Apr 5 07:27 data
drwxr-xr-x 12 1030 1030 6144 Apr 5 07:26 etc
drwxr-xr-x 4 1030 1030 6144 Apr 5 07:27 log
drwxr-xr-x 8 1030 1030 6144 Apr 6 21:18 var
drwxr-xr-x 9 1030 1030 6144 Apr 5 07:26 work