当前位置:   article > 正文

Podman 创建容器时挂载目录权限处理_podman 启动 挂载卷权限

podman 启动 挂载卷权限


最近使用 podman 在服务器非 root 用户下部署 oracle 容器时,遇到挂载目录的权限问题,一番折腾后终于解决了,这里记录一下,给有需要的朋友。

操作环境介绍

# 因 CentOS 8 不再维护,所以用 AlmaLinux 替代,基本和 CentOS 差别不大
uname -a
Linux localhost.localdomain 5.14.0-70.13.1.el9_0.x86_64 #1 SMP PREEMPT Tue May 17 15:53:11 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux
cat /etc/almalinux-release
AlmaLinux release 9.0 (Emerald Puma)
# 镜像用的是以前用 docker 根据 oracle 官方提供的镜像工具制作的
podman images
REPOSITORY                                                TAG               IMAGE ID      CREATED        SIZE
registry.cn-hangzhou.aliyuncs.com/***/oracle_database  19.3.0-ee         30aa1e17e6ad  14 months ago  6.72 GB
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

未设置挂载目录属主和属组时的容器异常日志

...
Prepare for db operation
Cannot create directory "/opt/oracle/oradata/ORCLCDB".
8% complete
Copying database files
...
SQL> Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
mkdir: cannot create directory '/opt/oracle/oradata/dbconfig': Permission denied
mv: cannot stat '/opt/oracle/product/19c/dbhome_1/dbs/spfileORCLCDB.ora': No such file or directory
mv: cannot stat '/opt/oracle/product/19c/dbhome_1/dbs/orapwORCLCDB': No such file or directory
mv: cannot move '/opt/oracle/product/19c/dbhome_1/network/admin/sqlnet.ora' to '/opt/oracle/oradata/dbconfig/ORCLCDB/': No such file or directory
mv: cannot move '/opt/oracle/product/19c/dbhome_1/network/admin/listener.ora' to '/opt/oracle/oradata/dbconfig/ORCLCDB/': No such file or directory
mv: cannot move '/opt/oracle/product/19c/dbhome_1/network/admin/tnsnames.ora' to '/opt/oracle/oradata/dbconfig/ORCLCDB/': No such file or directory
mv: cannot move '/opt/oracle/product/19c/dbhome_1/install/.docker_enterprise' to '/opt/oracle/oradata/dbconfig/ORCLCDB/': No such file or directory
cp: cannot create regular file '/opt/oracle/oradata/dbconfig/ORCLCDB/': No such file or directory
...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17

设置主机挂载目录的属主和属组

假设要挂载的主机目录为:/home/admin/oracle/oradata
PS:注意 podman run 时加上 --privileged=true,提升容器中用户权限

# 方案一
# 临时 run 一个容器,在挂载点随便创建一个文件
podman run --rm --privileged=true -v /tmp:/tmp registry.cn-hangzhou.aliyuncs.com/***/oracle_database:19.3.0-ee /bin/bash -c "touch /tmp/tmp.txt"
# 查看容器创建的文件属主和属组
ll /tmp
-rw-r--r--. 1 154320 154320 0  529 15:52 tmp.txt
# 修改挂载目录属主和属组为上面 tmp.txt 的属主和属组
sudo chown 154320:154320 /home/admin/oracle/oradata

# 方案二(支持 rootless 的主机上可用)
# 根据 Podman rootless 容器用户映射实现规则,可通过容器内用户 uid/gid 计算出映射的主机 uid/gid
# 确认 OS 是否开启 user namespace 功能(user.max_user_namespaces 参数值大于 0)
sudo sysctl -a | grep user\.max_user_namespaces
user.max_user_namespaces = 30393
# 查看主机用户的 subuid/subgid 映射范围
cat /etc/subuid
admin:100000:65536
cat /etc/subgid
admin:100000:65536
# 第1个参数是用户名,第2个参数是映射起始,第3个参数是最大映射个数
# 如上 admin 用户,映射范围是 100000 ~ 165535
# 查看容器中用户 uid/gid
podman run --rm -t registry.cn-hangzhou.aliyuncs.com/***/oracle_database:19.3.0-ee id
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba),54323(oper),54324(backupdba),54325(dgdba),54326(kmdba),54330(racdba)
# 容器中用户 uid/gid 映射到主机 uid/gid 的计算方式就是:(容器用户 uid/gid) - 1 + (主机用户 subuid/subgid 映射起始值)
# 上例中,容器中 oracle 用户 uid 映射到主机的 uid 等于:54321 - 1 + 100000 = 154320
# 上例中,容器中 dba 用户组 gid 映射到主机的 gid 等于:54322 - 1 + 100000 = 154321
# 所以设置挂载目录属主属组命令如下(oracle 数据目录属主属组一般为 oracle:dba)
sudo chown 154320:154321 /home/admin/oracle/oradata
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29

PS:方案二参考文章 https://blog.csdn.net/alex_yangchuansheng/article/details/123195931

再次创建容器进行验证

podman run -d --name oracle --shm-size=1g -p 1521:1521 -p 5500:5500 -e ORACLE_SID=ORCLCDB \
-e ORACLE_PDB=ORCLPDB -e ORACLE_PWD=xxx -e ORACLE_CHARACTERSET=AL32UTF8 \
-v /home/admin/oracle/oradata:/opt/oracle/oradata --privileged=true registry.xxx/oracle_database:19.3.0-ee
  • 1
  • 2
  • 3

查看容器日志,未见目录权限异常,数据库创建成功!

podman logs -f oracle
----------------------------
SQL> 
PL/SQL procedure successfully completed.

SQL> Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production
Version 19.3.0.0.0
The Oracle base remains unchanged with value /opt/oracle
#########################
DATABASE IS READY TO USE!
#########################
The following output is now a tail of the alert.log:
ORCLPDB(3):Completed: ALTER DATABASE DEFAULT TABLESPACE "USERS"
2022-05-29T16:13:18.854046+08:00
ALTER SYSTEM SET control_files='/opt/oracle/oradata/ORCLCDB/control01.ctl' SCOPE=SPFILE;
2022-05-29T16:13:18.856804+08:00
ALTER SYSTEM SET local_listener='' SCOPE=BOTH;
   ALTER PLUGGABLE DATABASE ORCLPDB SAVE STATE
Completed:    ALTER PLUGGABLE DATABASE ORCLPDB SAVE STATE
2022-05-29T16:13:18.940577+08:00

XDB initialized.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/神奇cpp/article/detail/922962
推荐阅读
相关标签
  

闽ICP备14008679号