在Docker中初始化Celery时出现OSError: [Errno 13] Permission denied错误。

Question

在Docker中初始化Celery时出现OSError: [Errno 13] Permission denied错误。

8

当运行docker compose时，我一直遇到以下错误。问题在我的Mac OS开发环境中根本不会出现（尝试在Ubuntu和Debian部署时才出现此错误），但这个错误似乎表明Celery没有权限写入celerybeat文件。我已经尝试了几天，试图让它工作（为Celery授予必要的权限），但没有成功。

错误信息：

celery_1    | [2017-06-17 13:08:26,509: INFO/Beat] beat: Starting...
celery_1    | [2017-06-17 13:08:26,556: ERROR/Beat] Removing corrupted schedule file 'celerybeat-schedule': DBAccessError(13, 'Permission denied')
celery_1    | Traceback (most recent call last):
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 376, in setup_schedule
celery_1    |     self._store = self._open_schedule()
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 366, in _open_schedule
celery_1    |     return self.persistence.open(self.schedule_filename, writeback=True)
celery_1    |   File "/usr/local/lib/python2.7/shelve.py", line 243, in open
celery_1    |     return DbfilenameShelf(filename, flag, protocol, writeback)
celery_1    |   File "/usr/local/lib/python2.7/shelve.py", line 227, in __init__
celery_1    |     Shelf.__init__(self, anydbm.open(filename, flag), protocol, writeback)
celery_1    |   File "/usr/local/lib/python2.7/anydbm.py", line 85, in open
celery_1    |     return mod.open(file, flag, mode)
celery_1    |   File "/usr/local/lib/python2.7/dbhash.py", line 18, in open
celery_1    |     return bsddb.hashopen(file, flag, mode)
celery_1    |   File "/usr/local/lib/python2.7/bsddb/__init__.py", line 364, in hashopen
celery_1    |     d.open(file, db.DB_HASH, flags, mode)
celery_1    | DBAccessError: (13, 'Permission denied')
celery_1    | [2017-06-17 13:08:26,558: ERROR/Beat] Process Beat
celery_1    | Traceback (most recent call last):
celery_1    |   File "/usr/local/lib/python2.7/site-packages/billiard/process.py", line 292, in _bootstrap
celery_1    |     self.run()
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 553, in run
celery_1    |     self.service.start(embedded_process=True)
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 470, in start
celery_1    |     humanize_seconds(self.scheduler.max_interval))
celery_1    |   File "/usr/local/lib/python2.7/site-packages/kombu/utils/__init__.py", line 325, in __get__
celery_1    |     value = obj.__dict__[self.__name__] = self.__get(obj)
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 512, in scheduler
celery_1    |     return self.get_scheduler()
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 507, in get_scheduler
celery_1    |     lazy=lazy)
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/utils/imports.py", line 53, in instantiate
celery_1    |     return symbol_by_name(name)(*args, **kwargs)
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 358, in __init__
celery_1    |     Scheduler.__init__(self, *args, **kwargs)
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 185, in __init__
celery_1    |     self.setup_schedule()
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 384, in setup_schedule
celery_1    |     self._store = self._destroy_open_corrupted_schedule(exc)
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 371, in _destroy_open_corrupted_schedule
celery_1    |     self._remove_db()
celery_1    |   File "/usr/local/lib/python2.7/site-packages/celery/beat.py", line 363, in _remove_db
celery_1    |     os.remove(self.schedule_filename + suffix)
celery_1    | OSError: [Errno 13] Permission denied: 'celerybeat-schedule'

Dockerfile摘要

FROM python:2.7-slim
MAINTAINER Maintainer <maintainer@gmail.com>    

RUN apt-get -y install sudo

ENV INSTALL_PATH /minebase
RUN mkdir -p $INSTALL_PATH

WORKDIR $INSTALL_PATH

COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt

COPY . .
RUN pip install --editable .

CMD gunicorn -c "python:config.gunicorn" "minebase.app:create_app()"

RUN groupadd -r celery && useradd -r -g celery celery | chpasswd && adduser celery sudo

RUN sudo chown -R celery ./
USER celery

CMD ["celery", "-A", "worker:app", "worker"]

Docker-compose.yml

version: '2'

services:

  postgres:
    image: 'postgres:9.5'
    env_file:
      - '.env'
    volumes:
      - 'postgres:/var/lib/postgresql/data'
    ports:
      - '5432:5432'

  redis:
    image: 'redis:3.0-alpine'
    command: redis-server --requirepass password
    volumes:
      - 'redis:/var/lib/redis/data'
    ports:
      - '6379:6379'

  minebase:
    build: .
    command: >
      gunicorn -c "python:config.gunicorn" --reload "minebase.app:create_app()" --timeout 7200 --workers=5
    env_file:
      - '.env'
    volumes:
      - '.:/minebase'
    ports:
      - '8000:8000'

  nginx:
    restart: always
    build: ./nginx/
    ports:
      - "80:80"
    volumes:
      - '.:/minebase'
    volumes_from:
      - minebase
    links:
      - minebase:minebase
    expose:
      - 80

  celery:
    build: .
    command: celery worker -B -l info -A minebase.blueprints.contact.tasks 
    env_file:
      - '.env'
    volumes:
      - '.:/minebase'

volumes:
  postgres:
  redis:

版本信息

Celery 版本: v3.1.23

Docker 版本: 17.05.0-ce

Docker compose 版本: 1.13.0

- Greg Gascon

你能分享完整的Dockerfile和compose文件吗？ - gile

@gile 当然，我刚刚把它们添加到问题正文中了。 - Greg Gascon

4个回答

2

根据文档：

如果您正在使用 Debian、Ubuntu 或其他基于 Debian 的发行版：

Debian 最近将 /dev/shm 特殊文件重命名为 /run/shm。一个简单的解决方法是创建一个符号链接：ln -s /run/shm /dev/shm 对于我来说，简单的解决方案是在我的 Dockerfile 中添加：RUN ln -s /run/shm /dev/shm

https://docs.celeryproject.org/en/stable/getting-started/first-steps-with-celery.html#celerytut-configuration

- Lucas Rahn

0

Centos。此问题是由于SElinux引起的。请输入

# setenforce 0
# sudo docker-compose ....

- Kairat Koibagarov

-2

对于那些遇到相同问题的人，可以通过给celery用户写入celerybeat文件来解决。我首先通过在Filezilla中手动设置文件权限来解决它。如果您想在dockerfile中自动化此过程，可以将以下代码附加到文件底部：

USER root

RUN sudo chown -R celery:celery celerybeat-schedule

确保先安装sudo，可以使用以下代码片段：

RUN apt-get -y install sudo

- Greg Gascon

3

据说以root用户身份运行docker容器是一个经典的坏主意。请查看https://dockerlabs.collabnix.com/security/Running-Containers-as-ROOT.html，以及文章下面的一系列参考资料。@Greg Gascon - unlockme

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Slavik Svyrydiuk · Accepted Answer

在Docker容器中，您不需要使用sudo和chown进行所有这些魔法操作。使用现有的非特权用户nobody:

您不需要在Docker容器中使用sudo和chown进行复杂的操作。

只需使用现有的非特权用户nobody:

FROM some-base-image
WORKDIR /app
RUN chown nobody:nogroup "celerybeat-schedule"
USER nobody
CMD ["celery", "-A", "your_project.celery_app", "-E", "-B"]

另一种方法是指定“celerybeat-schedule”文件的自定义位置。例如，在/tmp目录下：

在/tmp目录下指定“celerybeat-schedule”文件的自定义位置：

FROM some-base-image
WORKDIR /app
USER nobody
CMD ["celery", "-A", "your_project.celery_app",, "-E", "-B", \
     "-s", "/tmp/celerybeat-schedule"]