极客观点
项目管理
HarmonyOS
先说现象:
mongodb_1 | 2019-04-27T03:55:24.900+0000 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=a57fa7215d67
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] db version v4.1.10
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] git version: 8cdc51e7810f7fd8898a4c60b935e389f04659ee
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.1.0g 2 Nov 2017
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] allocator: tcmalloc
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] modules: none
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] build environment:
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] distmod: ubuntu1804
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] distarch: x86_64
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] target_arch: x86_64
mongodb_1 | 2019-04-27T03:55:24.904+0000 I CONTROL [initandlisten] options: { net: { bindIp: "*" }, security: { authorization: "enabled" } }
mongodb_1 | 2019-04-27T03:55:24.904+0000 I STORAGE [initandlisten] exception in initAndListen: IllegalOperation: Attempted to create a lock file on a read-only directory: /data/db, terminating
mongodb_1 | 2019-04-27T03:55:24.904+0000 I NETWORK [initandlisten] shutdown: going to close listening sockets...
mongodb_1 | 2019-04-27T03:55:24.904+0000 I NETWORK [initandlisten] removing socket file: /tmp/mongodb-27017.sock
mongodb_1 | 2019-04-27T03:55:24.905+0000 I CONTROL [initandlisten] now exiting
mongodb_1 | 2019-04-27T03:55:24.905+0000 I CONTROL [initandlisten] shutting down with code:100
dockers_mongodb_1 exited with code 100主要问题在这行:
mongodb_1 | 2019-04-27T03:55:24.904+0000 I STORAGE [initandlisten] exception in initAndListen: IllegalOperation: Attempted to create a lock file on a read-only directory: /data/db, terminating使用的是mongodb官方的容器Dockerfile build,使用docker-compose 编排。
dockerfile文件如下:
FROM ubuntu:bionic
# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
RUN groupadd -r mongodb && useradd -r -g mongodb mongodb
RUN echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic main restricted universe multiverse" > /etc/apt/sources.list \
&& echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-updates main restricted universe multiverse" >> /etc/apt/sources.list \
&& echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-backports main restricted universe multiverse" >> /etc/apt/sources.list \
&& echo "deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu/ bionic-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN export all_proxy=http:192.168.1.177:1080
RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
ca-certificates \
jq \
numactl \
; \
if ! command -v ps > /dev/null; then \
apt-get install -y --no-install-recommends procps; \
fi; \
rm -rf /var/lib/apt/lists/*
# grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases)
ENV GOSU_VERSION 1.11
# grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases)
ENV JSYAML_VERSION 3.13.0
RUN mkdir ~/.gnupg && echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf
RUN set -ex; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
wget \
; \
if ! command -v gpg > /dev/null; then \
apt-get install -y --no-install-recommends gnupg dirmngr; \
fi; \
rm -rf /var/lib/apt/lists/*; \
\
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
command -v gpgconf && gpgconf --kill all || :; \
rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
chmod +x /usr/local/bin/gosu; \
gosu --version; \
gosu nobody true; \
\
wget -O /js-yaml.js "https://github.com/nodeca/js-yaml/raw/${JSYAML_VERSION}/dist/js-yaml.js"; \
# TODO some sort of download verification here
\
apt-get purge -y --auto-remove wget
RUN mkdir /docker-entrypoint-initdb.d
ENV GPG_KEYS E162F504A20CDF15827F718D4B7C549A058F8B6B
RUN set -ex; \
export GNUPGHOME="$(mktemp -d)"; \
for key in $GPG_KEYS; do \
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
done; \
gpg --batch --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mongodb.gpg; \
command -v gpgconf && gpgconf --kill all || :; \
rm -r "$GNUPGHOME"; \
apt-key list
# Allow build-time overrides (eg. to build image with MongoDB Enterprise version)
# Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise
# Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com
# Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com .
ARG MONGO_PACKAGE=mongodb-org-unstable
ARG MONGO_REPO=repo.mongodb.org
ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO}
ENV MONGO_MAJOR 4.1
ENV MONGO_VERSION 4.1.10
# bashbrew-architectures:amd64 arm64v8 s390x
RUN echo "deb http://$MONGO_REPO/apt/ubuntu bionic/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR multiverse" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list"
RUN set -x \
&& apt-get update \
&& apt-get install -y \
${MONGO_PACKAGE}=$MONGO_VERSION \
${MONGO_PACKAGE}-server=$MONGO_VERSION \
${MONGO_PACKAGE}-shell=$MONGO_VERSION \
${MONGO_PACKAGE}-mongos=$MONGO_VERSION \
${MONGO_PACKAGE}-tools=$MONGO_VERSION \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /var/lib/mongodb \
&& mv /etc/mongod.conf /etc/mongod.conf.orig
RUN mkdir -p /data/db /data/configdb \
&& chown -R mongodb:mongodb /data/db /data/configdb \
&& chmod g+w -R /data/db \
&& chmod g+w -R /data/configdb
VOLUME /data/db /data/configdb
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
EXPOSE 27017
CMD ["mongod"]docker-compose 服务配置如下,省略了其他服务配置:
mongodb:
build: ./dockerfiles/mongodb
volumes:
- ./data/mongodb/db:/data/db
- ./data/mongodb/configdb:/data/configdb
ports:
- 7017:27017
environment:
- MONGO_INITDB_ROOT_USERNAME=super
- MONGO_INITDB_ROOT_PASSWORD=uZL99s7SMH36bZEp
restart: always如果把docker-compose mongodb服务的volumes选择去掉,是能正常启动的。说明就是因为挂载了主机目录导致了问题的产生。这里声明一下:主机data目录权限设置是0777。
网络搜了很多资料都是说权限问题,但说的都是非容器环境下启动,非容器环境权限问题很容易通过chmod命令解决。在容器环境,目录权限也在dockerfile设置了mongodb用户所有。并且通过run命令进入容器测试发现mongodb用户对/data/mongodb目录是可写的。
我曾尝试在docker-entrypoint.sh文件中对/data/mongodb设置读写权限失败。
mongodb
问题解决了,原来还是我的环境问题。挂载的目录是在一个windows的共享目录下面,mongodb不支持NFS文件格式,所以一直报错。我把挂载的目录改成ubuntu其他目录就没问题了。
观察下面volumes节点的变化