我正在尝试运行gitlab-cedocker 映像,但遇到权限被拒绝的问题secrets_helper.rb。以下是从启动日志中提取的:
================================================================================
Recipe Compile Error in /opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/default.rb
================================================================================
Errno::EPERM
------------
Operation not permitted @ rb_file_chmod - /etc/gitlab/gitlab-secrets.json
Cookbook Trace:
---------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:121:in `chmod'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:121:in `block in write_to_gitlab_secrets'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:119:in `open'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:119:in `write_to_gitlab_secrets'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/settings_helper.rb:163:in `generate_secrets'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/settings_helper.rb:167:in `generate_config'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/config.rb:26:in `from_file'
/opt/gitlab/embedded/cookbooks/cache/cookbooks/gitlab/recipes/default.rb:26:in `from_file'
Relevant File Content:
----------------------
/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/libraries/helpers/secrets_helper.rb:
There was an error running gitlab-ctl reconfigure:
Operation not permitted @ rb_file_chmod - /etc/gitlab/gitlab-secrets.json
114:
115: def self.write_to_gitlab_secrets
116: secret_tokens = gather_gitlab_secrets
117:
118: if File.directory?('/etc/gitlab')
119: File.open('/etc/gitlab/gitlab-secrets.json', 'w', 0600) do |f|
120: f.puts(Chef::JSONCompat.to_json_pretty(secret_tokens))
121>> f.chmod(0600)
122: end
123: end
124:
125: nil
126: end
127: end
128:
我用以下内容创建了容器:
docker run --detach \
--hostname domain.name.com \
--publish 4443:443 \
--publish 4080:80 \
--publish 4022:22 \
--name gitlab \
--restart always \
--volume /mnt/nfs-1/gitlab/config:/etc/gitlab \
--volume /mnt/nfs-1/gitlab/logs:/var/log/gitlab \
--volume /mnt/nfs-1/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
权限如下所示:
/mnt
/mnt/nfs-1
drwxrwx--- 5 1020 1020 5 Jun 2 23:13 gitlab
/mnt/nfs-1/gitlab
drwxrwx--- 2 1020 1020 10 Jun 2 23:15 config
drwxrwx--- 2 1020 1020 2 Jun 2 23:13 data
drwxrwx--- 4 1020 1020 4 Jun 2 23:15 logs
这/mnt/nfs-1是一个 NFS 共享,使用 Rancher 的配置设置。
# /var/lib/rancher/conf/cloud-config.d/nfs.yml
rancher:
services:
nfs:
image: walkerk1980/rancher-nfs-client
labels:
io.rancher.os.after: console, preload-user-images
io.rancher.os.scope: system
net: host
privileged: true
restart: always
volumes:
- /usr/bin/iptables:/sbin/iptables:ro
- /mnt/nfs-1:/mnt/nfs-1:shared
environment:
SERVER: nas.stark.local
SHARE: /mnt/pool/data_set
MOUNT_OPTIONS: rw,noatime,nolock,soft,_netdev,auto
NFS文件共享(在FreeNAS 中)如下所示:
但是,那里的解决方案对我不起作用,我不太确定git用户在哪里。我假设它存在于正在运行的图像中。
我还尝试降级/升级/不同版本/ee 版本有同样的问题,所以我假设它与卷有关?
外部资源