机器环境:VM虚拟机安装的Centos 7虚拟机,docker 1.13.1,测试了mysql 5.7和最新版(2022年1月17日)。
这两天使用Docker部署Mysql遇到MYSQL无法启动,使用的命令如下:
sudo docker run -p 3308:3306 -v /home/noel/mysql/conf:/etc/mysql/conf.d -v /home/noel/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 --name mysql -d mysql --privileged=true
查看日志,显示如下内容:
2022-01-17 07:20:03+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 8.0.27-1debian10 started.
2022-01-17 07:20:03+00:00 [ERROR] [Entrypoint]: mysqld failed while attempting to check config
command was: mysqld --privileged=true --verbose --help --log-bin-index=/tmp/tmp.eNqBDydbME
mysqld: Can't read dir of '/etc/mysql/conf.d/' (OS errno 13 - Permission denied)
mysqld: [ERROR] Stopped processing the 'includedir' directive in file /etc/mysql/my.cnf at line 29.
mysqld: [ERROR] Fatal error in defaults handling. Program aborted!
日志提示是没有读权限访问容器内MySQL的目录,网上查询到的是Ubuntu这类有apparmor访问控制的策略的系统,与容器MySQL的安全策略冲突,git issues 也只看到大神们是测试通过,没有彻底的解决方案:
AppArmor is ubuntu specific security.
If os is Ubuntu and docker is used, this error will happen.Minikube's vm use
buildroot
os. However docker driver's vm os isubuntu
.
So I think this is why the docker_ubuntu test failed.It may had better add document for specific user who wants to runs mysql on minikube with docker driver on Ubuntu machine.
minikube网站给出提示:
Deploying MySql on a linux with AppArmor
On Linux, if you want to run MySQL pod, you need to disable AppArmor for mysql profileIf your docker has AppArmor enabled, running mysql in privileged mode with docker driver will have the issue #7401. There is a workaround - see moby/moby#7512.
最后,在Ubuntu系统开发测试机上,网友给出如下解决方案:
sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
在Centos环境下(实际上发布环境,系统也不会同时出现Mysql服务和Mysql容器吧?),删除Mysql服务,只运行容器。
欢迎补充最新的解决方案。
参考:
docker部署mysql出错:mysqld: Can't read dir of '/etc/mysql/conf.d/' (Errcode: 13 - Permission denied)_Kingtu_linux的博客-CSDN博客
Mysql, Privileged mode, cannot open shared object file · Issue #7512 · moby/moby (github.com)