在Ubuntu 18.04上使用docker-compose部署mysql服务时遇到权限问题,错误为“mysqld: Can't read dir of '/etc/mysql/conf.d/' (Errcode: 13 - Permission denied)”。尝试禁用AppArmor并未解决问题,最终发现是特权模式下,AppArmor配置文件冲突导致。解决方案是删除主机上的MySQL,以非特权模式运行docker的mysql服务,无需禁用AppArmor。
记一次使用docker compose在ubuntu 18.04部署mysql服务出错的Debug过程
原来在centos7正常运行的mysql服务,docker-compose.yaml文件定义如下:
version: "3.7"
services:
mysql:
image: mysql:5.7
container_name: mysql
env_file:
- .env
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
restart: always
ports:
- "3306:3306"
privileged: true
volumes:
- "mysql_data:/var/lib/mysql"
networks:
- backend
volumes:
mysql_data:
networks:
backend:
ipam:
config:
- subnet: 192.168.10.0/24
将该docker-compose.yaml的mysql服务在ubuntu启动,并查看状态
$ docker-compose up -d
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d66bc17228ff mysql:5.7 "docker-entrypoint.s…" 26 seconds ago Restarting (1) 2 seconds ago mysql
发现mysql服务一直在重启,查看docker日志查找原因
$ docker logs mysql
2020-04-28 16:26:20+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.30-1debian10 started.
2020-04-28 16:26:20+00:00 [ERROR] [Entrypoint]: mysqld failed while attempting to check config
command was: mysqld --verbose --help
mysqld: Can't read dir of '/etc/mysql/conf.d/' (Errcode: 13 - Permission denied)
mysqld: [ERROR] Fatal error in defaults handling. Program aborted!
2020-04-28 16:26:24+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 5.7.30-1debian10 started.
2020-04-28 16:26:24+00:00 [ERROR] [Entrypoint]: mysqld failed while attempting to check config
command was: mysqld --verbose --help
mysqld: Can't read dir of '/etc/mysql/conf.d/' (Errcode: 13 - Permission denied)
mysqld: [ERROR] Fatal error in defaults handling. Program aborted!
......
google一下,发现使用dockers安装MySQL这篇博文有提到需要关闭selinux。ubuntu 18.04 默认使用的selinux模块是AppArmor,禁用AppArmor命令如下:
# 停止apparmor服务
sudo /etc/init.d/apparmor stop
# 禁止开机启动
sudo update-rc.d -f apparmor remove
# 查看apparmor服务的状态
$ sudo /etc/init.d/apparmor status
● apparmor.service - AppArmor initialization
Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2020-04-29 00:09:39 CST; 24h ago
Docs: man:apparmor(7)
http://wiki.apparmor.net/
Main PID: 552 (code=exited, status=0/SUCCESS)
但是禁用AppArmor之后重启mysql服务,还是报同样的错误。
几经周折,最后在这个Issues找到答案:原来是以docker的特权模式(privileged: true)运行mysql服务时,AppArmor配置文件不会应用在容器内,而是因为我已在主机中安装了mysql,并且由于在特权模式下,将应用主机中的AppArmor配置文件,以希望查看来自主机而不是来自容器的调用,而这正是导致了错误的发生。
于是在Ubuntu18.04系统下彻底删除MySQL并重启系统之后,以docker的特权模式运行的mysql服务正常启动。不过由于我的mysql服务采用了挂载docker数据卷,而不是挂载宿主机的/etc目录,其实并不需要开启特权模式,所以最好的解决办法其实是以普通权限运行mysql服务,而不需要禁用AppArmor或者卸载本机的mysql。
以普通权限运行mysql服务的docker-compose.yaml文件修改如下:
version: "3.7"
services:
mysql:
image: mysql:5.7
container_name: mysql
env_file:
- .env
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
restart: always
ports:
- "3306:3306"
volumes:
- "mysql_data:/var/lib/mysql"
networks:
- backend
volumes:
mysql_data:
networks:
backend:
ipam:
config:
- subnet: 192.168.10.0/24
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
