运行 docker-compose 时权限被拒绝,即使使用 sudo
Permission denied when running docker-compose, even with sudo
我已经有一个基于 docker 的环境 运行ning 几个月了,通过 docker-compose 配置并尝试添加新的 Radarr/Tdarr 容器到配置。当重新运行使用 docker-compose 命令时,它 returns 一个权限被拒绝的错误如下:
dhevans@ubuntu:/htpc-svc$ sudo docker-compose pull && docker-compose up -d
Pulling plex-server ... done
Pulling homeassistant ... done
Pulling node-red ... done
Pulling watchtower ... done
Pulling radarr ... done
Pulling tdarr ... done
Traceback (most recent call last):
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "requests/adapters.py", line 449, in send
File "urllib3/connectionpool.py", line 727, in urlopen
File "urllib3/util/retry.py", line 410, in increment
File "urllib3/packages/six.py", line 734, in reraise
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker/api/client.py", line 214, in _retrieve_server_version
File "docker/api/daemon.py", line 181, in version
File "docker/utils/decorators.py", line 46, in inner
File "docker/api/client.py", line 237, in _get
File "requests/sessions.py", line 543, in get
File "requests/sessions.py", line 530, in request
File "requests/sessions.py", line 643, in send
File "requests/adapters.py", line 498, in send
requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker-compose", line 3, in <module>
File "compose/cli/main.py", line 81, in main
File "compose/cli/main.py", line 200, in perform_command
File "compose/cli/command.py", line 70, in project_from_options
File "compose/cli/command.py", line 153, in get_project
File "compose/cli/docker_client.py", line 43, in get_client
File "compose/cli/docker_client.py", line 170, in docker_client
File "docker/api/client.py", line 197, in __init__
File "docker/api/client.py", line 222, in _retrieve_server_version
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
[2464] Failed to execute script docker-compose
在我对这些容器进行测试期间,我已经从合成文件中删除了新图像,但它仍然 returns 错误。这向我表明这与新容器无关,而是与 Docker 不再起作用的东西有关。
如果我 运行 sudo docker-compose up 或 sudo docker-compose up radarr,容器启动正常并且我能够远程访问 Web 服务。在我终止命令之前,它们会按预期运行。这向我表明图像或配置没有真正的问题,但是有一些东西阻止我让我的 docker 撰写文件正确启动整个配置。
version: "3.4"
services:
plex-server:
container_name: plex-server
image: linuxserver/plex
restart: unless-stopped
environment:
- PUID=${PUID} # default user id, defined in .env
- PGID=${PGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- VERSION=docker
network_mode: host
volumes:
- ${ROOT}/config/plex/db:/config # plex database
- ${ROOT}/data/config/plex/transcode:/transcode # temp transcoded files
- /mnt/elements:/elements
- /mnt/expansion:/expansion
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- ${ROOT}/config/homeassistant:/config
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
privileged: true
network_mode: host
node-red:
image: nodered/node-red:latest
restart: always
depends_on:
- "homeassistant"
user: root
environment:
- TZ=Europe/Zurich
# ports:
# - "1880:1880"
network_mode: host
volumes:
- ${ROOT}/config/nodered:/data
- /etc/localtime:/etc/localtime:ro
watchtower:
container_name: watchtower
image: v2tec/watchtower
network_mode: host
environment:
- LOG_LEVEL=info
- PUID=${PUID} # default user id, defined in .env
- PGID=${PGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- UMASK=022 #optional
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
radarr:
container_name: radarr
image: cr.hotio.dev/hotio/radarr
network_mode: bridge
ports:
- "7878:7878"
environment:
- PUID=${PUID}
- PGID=${PGID}
- UMASK=002
- TZ=${TZ}
volumes:
- ${ROOT}/config/radarr:/config # plex database
- /mnt/elements:/elements
- /mnt/expansion:/expansion
tdarr:
container_name: tdarr
image: ghcr.io/haveagitgat/tdarr:latest
restart: unless-stopped
network_mode: bridge
ports:
- 8265:8265 # webUI port
- 8266:8266 # server port
# - 8267:8267 # Internal node port
# - 8268:8268 # Example extra node port
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
- UMASK_SET=002
- serverIP=0.0.0.0
- serverPort=8266
- webUIPort=8265
- internalNode=true
- nodeID=MyInternalNode
volumes:
- ${ROOT}/config/tdarr/server:/app/server
- ${ROOT}/config/tdarr/config:/app/configs
- ${ROOT}/config/tdarr/logs:/app/logs
- ${ROOT}/data/tdarr/transcode_cache:/temp
- /mnt/elements:/elements
- /mnt/expansion:/expansion
tl;博士;尝试将新容器添加到 docker-compose。总是得到错误。删除了新容器,仍然出现错误。旧网站仍然可用,新网站只能通过 docker-compose-up 运行。一切都是 运行 作为 sudo。请告诉我我做错了什么,或者我已经用头撞砖墙几个小时了,应该看看哪里。
我删除了除第一个服务之外的所有服务,重新启动了该服务。
我重新添加了服务,一个接一个,每次都启动一个新的。
我没有收到任何错误。我执行了 sudo docker-compose down,所有容器都停止了。我重新发布了 sudo docker-compose up -d,所有容器都启动了,没有任何错误。
我不知道为什么这次成功了,之前却不行...
您首先得到的错误似乎不是 heisenbug,但在没有 sudo 的情况下 运行 docker-compose 应该可以重现(因为 Docker daemon socket 属于 root:docker).
更准确地说,错误与您执行命令的事实有关:
sudo docker-compose pull && docker-compose up -d #(1.)
与
的语义不同
sudo /bin/bash -c "docker-compose pull && docker-compose up -d" #(2.)
因此,命令 1. 的 docker-compose up -d 部分是 运行 没有 root 权限。
因此,如果您想在不使用 运行 额外的 bash 过程的情况下将两者结合起来,您可以 运行:
sudo docker-compose pull && sudo docker-compose up -d
顺便说一句,请注意可以从 Docker 命令中“删除”sudo 前缀,至少有两种方式:加入 docker 组(可以在个人工作站上有风险),或使用 bash 别名;参见例如.
我已经有一个基于 docker 的环境 运行ning 几个月了,通过 docker-compose 配置并尝试添加新的 Radarr/Tdarr 容器到配置。当重新运行使用 docker-compose 命令时,它 returns 一个权限被拒绝的错误如下:
dhevans@ubuntu:/htpc-svc$ sudo docker-compose pull && docker-compose up -d
Pulling plex-server ... done
Pulling homeassistant ... done
Pulling node-red ... done
Pulling watchtower ... done
Pulling radarr ... done
Pulling tdarr ... done
Traceback (most recent call last):
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "requests/adapters.py", line 449, in send
File "urllib3/connectionpool.py", line 727, in urlopen
File "urllib3/util/retry.py", line 410, in increment
File "urllib3/packages/six.py", line 734, in reraise
File "urllib3/connectionpool.py", line 677, in urlopen
File "urllib3/connectionpool.py", line 392, in _make_request
File "http/client.py", line 1277, in request
File "http/client.py", line 1323, in _send_request
File "http/client.py", line 1272, in endheaders
File "http/client.py", line 1032, in _send_output
File "http/client.py", line 972, in send
File "docker/transport/unixconn.py", line 43, in connect
urllib3.exceptions.ProtocolError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker/api/client.py", line 214, in _retrieve_server_version
File "docker/api/daemon.py", line 181, in version
File "docker/utils/decorators.py", line 46, in inner
File "docker/api/client.py", line 237, in _get
File "requests/sessions.py", line 543, in get
File "requests/sessions.py", line 530, in request
File "requests/sessions.py", line 643, in send
File "requests/adapters.py", line 498, in send
requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "docker-compose", line 3, in <module>
File "compose/cli/main.py", line 81, in main
File "compose/cli/main.py", line 200, in perform_command
File "compose/cli/command.py", line 70, in project_from_options
File "compose/cli/command.py", line 153, in get_project
File "compose/cli/docker_client.py", line 43, in get_client
File "compose/cli/docker_client.py", line 170, in docker_client
File "docker/api/client.py", line 197, in __init__
File "docker/api/client.py", line 222, in _retrieve_server_version
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
[2464] Failed to execute script docker-compose
在我对这些容器进行测试期间,我已经从合成文件中删除了新图像,但它仍然 returns 错误。这向我表明这与新容器无关,而是与 Docker 不再起作用的东西有关。
如果我 运行 sudo docker-compose up 或 sudo docker-compose up radarr,容器启动正常并且我能够远程访问 Web 服务。在我终止命令之前,它们会按预期运行。这向我表明图像或配置没有真正的问题,但是有一些东西阻止我让我的 docker 撰写文件正确启动整个配置。
version: "3.4"
services:
plex-server:
container_name: plex-server
image: linuxserver/plex
restart: unless-stopped
environment:
- PUID=${PUID} # default user id, defined in .env
- PGID=${PGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- VERSION=docker
network_mode: host
volumes:
- ${ROOT}/config/plex/db:/config # plex database
- ${ROOT}/data/config/plex/transcode:/transcode # temp transcoded files
- /mnt/elements:/elements
- /mnt/expansion:/expansion
homeassistant:
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
volumes:
- ${ROOT}/config/homeassistant:/config
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
privileged: true
network_mode: host
node-red:
image: nodered/node-red:latest
restart: always
depends_on:
- "homeassistant"
user: root
environment:
- TZ=Europe/Zurich
# ports:
# - "1880:1880"
network_mode: host
volumes:
- ${ROOT}/config/nodered:/data
- /etc/localtime:/etc/localtime:ro
watchtower:
container_name: watchtower
image: v2tec/watchtower
network_mode: host
environment:
- LOG_LEVEL=info
- PUID=${PUID} # default user id, defined in .env
- PGID=${PGID} # default group id, defined in .env
- TZ=${TZ} # timezone, defined in .env
- UMASK=022 #optional
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
radarr:
container_name: radarr
image: cr.hotio.dev/hotio/radarr
network_mode: bridge
ports:
- "7878:7878"
environment:
- PUID=${PUID}
- PGID=${PGID}
- UMASK=002
- TZ=${TZ}
volumes:
- ${ROOT}/config/radarr:/config # plex database
- /mnt/elements:/elements
- /mnt/expansion:/expansion
tdarr:
container_name: tdarr
image: ghcr.io/haveagitgat/tdarr:latest
restart: unless-stopped
network_mode: bridge
ports:
- 8265:8265 # webUI port
- 8266:8266 # server port
# - 8267:8267 # Internal node port
# - 8268:8268 # Example extra node port
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
- UMASK_SET=002
- serverIP=0.0.0.0
- serverPort=8266
- webUIPort=8265
- internalNode=true
- nodeID=MyInternalNode
volumes:
- ${ROOT}/config/tdarr/server:/app/server
- ${ROOT}/config/tdarr/config:/app/configs
- ${ROOT}/config/tdarr/logs:/app/logs
- ${ROOT}/data/tdarr/transcode_cache:/temp
- /mnt/elements:/elements
- /mnt/expansion:/expansion
tl;博士;尝试将新容器添加到 docker-compose。总是得到错误。删除了新容器,仍然出现错误。旧网站仍然可用,新网站只能通过 docker-compose-up 运行。一切都是 运行 作为 sudo。请告诉我我做错了什么,或者我已经用头撞砖墙几个小时了,应该看看哪里。
我删除了除第一个服务之外的所有服务,重新启动了该服务。
我重新添加了服务,一个接一个,每次都启动一个新的。
我没有收到任何错误。我执行了 sudo docker-compose down,所有容器都停止了。我重新发布了 sudo docker-compose up -d,所有容器都启动了,没有任何错误。
我不知道为什么这次成功了,之前却不行...
您首先得到的错误似乎不是 heisenbug,但在没有 sudo 的情况下 运行 docker-compose 应该可以重现(因为 Docker daemon socket 属于 root:docker).
更准确地说,错误与您执行命令的事实有关:
sudo docker-compose pull && docker-compose up -d #(1.)
与
的语义不同sudo /bin/bash -c "docker-compose pull && docker-compose up -d" #(2.)
因此,命令 1. 的 docker-compose up -d 部分是 运行 没有 root 权限。
因此,如果您想在不使用 运行 额外的 bash 过程的情况下将两者结合起来,您可以 运行:
sudo docker-compose pull && sudo docker-compose up -d
顺便说一句,请注意可以从 Docker 命令中“删除”sudo 前缀,至少有两种方式:加入 docker 组(可以在个人工作站上有风险),或使用 bash 别名;参见例如