[英]Unable to mount cifs filesystem in Docker container
I'm on Docker 17.06.0-ce and I'm attempting to mount a CIFS share in a container and only having some luck. 我在Docker 17.06.0-ce上,我试图在一个容器中安装一个CIFS共享,只有一些运气。 If I use
--privileged
, it works, but that's not desirable for me. 如果我使用
--privileged
,它可以工作,但这对我来说是不可取的。 I've tried using --cap-add
as well as suggested in this answer (even trying with --cap-add ALL
with no success. 我已经尝试使用
--cap-add
以及此答案中的建议(甚至尝试使用--cap-add ALL
没有成功。
The same mount command works fine on the host system as well. 同样的mount命令也适用于主机系统。
Here's a simple docker file I've tried playing with 这是我尝试过的一个简单的docker文件
FROM alpine:latest
RUN apk add --no-cache cifs-utils
Run with many different permutations, all with the same result below: 使用许多不同的排列运行,所有结果都具有相同的结果:
Works: docker run --rm -it --privileged cifs-test /bin/sh
Works:
docker run --rm -it --privileged cifs-test /bin/sh
Doesn't Work: docker run --rm -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH cifs-test /bin/sh
不起作用:
docker run --rm -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH cifs-test /bin/sh
Doesn't Work: docker run --rm -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH --cap-add NET_ADMIN cifs-test /bin/sh
不起作用:
docker run --rm -it --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH --cap-add NET_ADMIN cifs-test /bin/sh
Doesn't Work: docker run --rm -it --cap-add ALL cifs-test /bin/sh
不起作用:
docker run --rm -it --cap-add ALL cifs-test /bin/sh
And the command: 并且命令:
mkdir /test && mount.cifs //myserver/testpath /test -o user=auser,password=somepass,domain=mydomain
And the result from each run
command above except the first: 以上每个
run
命令的结果除了第一个:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Has something changed in Docker that requires --privileged
all the time for these types of mounts now? Docker中有什么变化需要 - 现在这些类型的坐骑
--privileged
都是--privileged
? Or is there something else I'm missing? 或者还有其他我想念的东西?
I started using docker-volume-netshare
so far with good success. 到目前为止,我开始使用
docker-volume-netshare
取得了很好的成功。 There are some minor problems, like volumes created with docker volume create
not being persistent, but nevertheless it looks like this volume driver is quite usable. 有一些小问题,比如使用
docker volume create
不持久,但是看起来这个卷驱动程序非常实用。 One advantage is that special caps/privileged mode are not necessary. 一个优点是不需要特殊上限/特权模式。 Here are some hints on how to use it.
以下是有关如何使用它的一些提示。
Install (Ubuntu/Debian) 安装(Ubuntu / Debian)
$ curl -L -o /tmp/docker-volume-netshare_0.34_amd64.deb https://github.com/ContainX/docker-volume-netshare/releases/download/v0.34/docker-volume-netshare_0.34_amd64.deb
$ sudo dpkg -i /tmp/docker-volume-netshare_0.34_amd64.deb
$ rm /tmp/docker-volume-netshare_0.34_amd64.deb
Configure 配置
$ sudo vi /etc/default/docker-volume-netshare
enter as single setting 输入为单一设置
DKV_NETSHARE_OPTS="cifs --netrc=/root/"
then 然后
$ sudo vi /root/.netrc
enter the following settings per host: 为每个主机输入以下设置:
machine <host>
username <user>
password <password>
domain <domain>
Note that <host>
must be a host name or an IP address followed by a colon (eg 10.20.30.4:
) 请注意,
<host>
必须是主机名或IP地址,后跟冒号(例如10.20.30.4:
Enable the volume driver as a systemd
service 将卷驱动程序作为
systemd
服务启用
Note: if your OS does not support systemd
, another method to install it as a service is necessary. 注意:如果您的操作系统不支持
systemd
,则需要另一种将其安装为服务的方法。
$ sudo systemctl enable docker-volume-netshare
Use a volume in docker run
and docker service create
在
docker run
和docker service create
使用卷
$ sudo docker run -it --rm --mount type=volume,volume-driver=cifs,source=<myvol>,destination=<absolute-path-in-container>,volume-opt=share=<ip>:/<share> ubuntu:zesty bash
$ sudo docker service create --name <name> --mount type=volume,volume-driver=cifs,source=<myvol>,destination=<absolute-path-in-container>,volume-opt=share=<host>/<share> <image>
Obviously it is not necessary to use the identical volume in multiple containers, because the volumes only map to a cifs share which in turn is shared among containers mounting it. 显然,没有必要在多个容器中使用相同的卷,因为卷只映射到cifs共享,而cifs共享又在安装它的容器之间共享。 As mentioned above, don't use
docker volume create
with this volume driver, as volumes are lost as soon as docker-volume-netshare
is stopped and/or restarted (and hence on reboot). 如上所述,不要将
docker volume create
与此卷驱动程序一起使用,因为只要docker-volume-netshare
停止和/或重新启动(因此在重新启动时),卷就会丢失。
Get help 得到帮助
$ docker-volume-netshare --help
$ docker-volume-netshare cifs --help
Logs 日志
Hint: for debugging use DKV_NETSHARE_OPTS="cifs --netrc=/root/ --verbose"
in /etc/default/docker-volume-netshare
or stop the service and start docker-volume-netshare cifs --netrc=/root/ --verbose
in a shell) 提示:对于调试,在
/etc/default/docker-volume-netshare
使用DKV_NETSHARE_OPTS="cifs --netrc=/root/ --verbose"
或停止服务并启动docker-volume-netshare cifs --netrc=/root/ --verbose
在shell中的docker-volume-netshare cifs --netrc=/root/ --verbose
)
$ dmesg | tail
$ tail -50 /var/log/docker-volume-netshare.log
Resources 资源
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.