RabbitMQ 无法在 Kubernetes 上启动持久性存储。权限被拒绝错误

Posted 2023-03-04

【中文标题】RabbitMQ 无法在 Kubernetes 上启动持久性存储。权限被拒绝错误

【英文标题】：RabbitMQ fails to start with persistence storage on Kubernetes. Permission denied error

【发布时间】：2021-08-18 14:42:07

【问题描述】：

我有一个 rabbit mq pod，我配置为在 pod 重启/删除时通过挂载卷使用持久性存储。

我配置了一切，但无法通过此错误：

/usr/lib/rabbitmq/bin/rabbitmq-server: 42: 
/usr/lib/rabbitmq/bin/rabbitmq-server: 
cannot create /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid: 
Permission denied

这是我的 kubernetes 配置文件和部署应用程序

Dockerfile

FROM ubuntu:16.04
# hadolint ignore=DL3009
RUN apt-get update
# hadolint ignore=DL3008
RUN apt-get -y install --no-install-recommends rabbitmq-server
RUN apt-get -y autoremove && apt-get -y clean
# hadolint ignore=DL3001
RUN service rabbitmq-server start
COPY start.sh /start.sh
RUN chmod 755 ./start.sh
EXPOSE 5672
EXPOSE 15672
CMD ["/start.sh", "test", "1234"]

start.sh

#!/bin/sh
cat > /etc/rabbitmq/rabbitmq.conf <<EOF
listeners.tcp.default = 5672

default_user = <<"$1">>
default_pass = <<"$2">>
EOF
rabbitmq-server

rabbitmq.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: message-broker
  namespace:  .Release.Namespace 
spec:
  ports:
   - port: 5672
     targetPort: 5672
     name: "tcp"
     protocol: TCP
   - port: 15672
     targetPort: 15672
     name: "management"
     protocol: TCP
  selector:
    app: message-broker
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: message-broker
  namespace:  .Release.Namespace 
spec:
  replicas: 1
  selector:
    matchLabels:
      app: message-broker
  template:
    metadata:
      labels:
        app: message-broker
    spec:
      containers:
      - name: message-broker
        image:  .Values.message_broker.image 
        imagePullPolicy:  .Values.components.message_broker.imagePullPolicy 
        ports:
        - containerPort: 5672
          name: tcp
        - containerPort: 15672
          name: management
        volumeMounts:
        - name: data
          mountPath: /var/lib/rabbitmq/mnesia
        env:
        - name: RABBITMQ_DEFAULT_PASS
          valueFrom:
            secretKeyRef:
              name: rabbitmq-secrets
              key: password # password = root
        - name: RABBITMQ_DEFAULT_USER
          valueFrom:
            secretKeyRef:
              name: rabbitmq-secrets
              key: user # user = root
      ...
      nodeSelector:
      ....
      volumes:
      - name: data
        hostPath:
          path: /var/test/rabbitmq

让我知道我可能会错过什么。 :)

【参考方案1】：

您在/var/lib/rabbitmq/mnesia 中挂载的卷归根用户所有。

rabbitmq 进程以rabbitmq 用户身份运行，并且没有对该目录的写入权限。

在你的start.sh 添加：

chown rabbitmq:rabbitmq /var/lib/rabbitmq/mnesia

在启动 rabbitmq-server 进程之前。

【参考方案2】：

错误提示“无法创建 /var/lib/rabbitmq/mnesia/rabbit@reana-message-broker-5f45f797ff-cs79m.pid： 没有权限'。尝试为 /var/lib/rabbitmq/mnesia/ 目录提供写权限。