[英]Shared image volume mount error in docker
I use docker-compose
for running my containers in docker
. 我使用
docker-compose
在docker
运行容器。 I have two services - one of celerybeat
and other the web
(I have many others but considering only these services because they contain my problem). 我有两种服务
celerybeat
一项服务和其他web
(我还有很多其他服务,但仅考虑这些服务,因为它们包含我的问题)。
docker-compose.yml
file looks like this: docker-compose.yml
文件如下所示:
.
.
.
celerybeat:
image: web-image
volumes:
- /home/ubuntu/celerybeat:/code/celerybeat
command: >
/bin/ash -c "su -m celery -c 'celery -A <application_here> beat -s /code/celerybeat/celerybeat-schedule'"
web:
image: web-image
volumes:
- /home/ubuntu/celerybeat:/code/celerybeat
command: >
<some_command_to_run_server>
In my Dockerfile
I have added these commands for proper permissions 在我的
Dockerfile
我添加了以下命令以获得适当的权限
RUN mkdir celerybeat
RUN touch celerybeat/celerybeat-schedule
RUN chown -R celery:celery celerybeat
Note: In my compose file structure written above I have provided volume mounts for both containers (but actually I am using one at a time), for the ease of not writing the compose files again and again . 注意:在上面编写的撰写文件结构中,我为两个容器提供了卷挂载(但实际上我一次使用了一个),以便避免一次又一次地写入撰写文件 。
The problem is actually here only. 问题实际上仅在这里。 Technically the volume mount should be provided only in the celerybeat service.
从技术上讲,仅在celerybeat服务中提供卷安装。 When I write volume mount for
celerybeat-schedule
in the celerybeat docker service I get permission denied
. 当我在celerybeat docker服务中为
celerybeat-schedule
编写卷挂载时,我获得了permission denied
。 Whereas when I write the volume mount command in the web service celerybeat service starts happily. 而当我在Web服务中编写volume mount命令时,celerybeat服务会很高兴地启动。 What is happening here can anyone explain me?
这里发生了什么事,有人可以向我解释吗? I need a fix for this.
我需要对此进行修复。
The issue you have is below 您遇到的问题如下
volumes:
- /home/ubuntu/celerybeat:/code/celerybeat
By doing the above volume mapping, you effectively cancel the below 通过执行以上体积映射,您可以有效地取消以下内容
RUN chown -R celery:celery celerybeat
And inherit the permissions from the volume mount. 并从卷装载继承权限。 The fix is either not to use the celery user or use below in your yaml
解决方法是不使用celery用户或在Yaml中使用以下方法
command: >
/bin/ash -c "chown -R celery:celery /code/celerybeat && su -m celery -c 'celery -A <application_here> beat -s /code/celerybeat/celerybeat-schedule'"
Order of operations - docker build
then docker run
(with docker-compose up
counting as a docker run
. 操作顺序-
docker build
然后docker run
( docker-compose up
docker run
。
When you mount a volume, the files and folders in that volume are owned by root. 挂载卷时,该卷中的文件和文件夹归root拥有。 Having
RUN chown -R celery:celery celerybeat
would work if you didn't mount a volume. 如果您不安装卷,则
RUN chown -R celery:celery celerybeat
将可以工作。 When you bind mount the volume in your docker run
/ docker-compose up
, anything that exists at /code/celerybeat is overwritten, including permissions. 当您绑定安装量的
docker run
/ docker-compose up
,任何存在于/代码/ celerybeat被覆盖,包括权限。
So when you run celerybeat as root, you're good in this case. 因此,当您以root用户身份运行celerybeat时,在这种情况下会很好。 If you run it as the celery user as you have tried, that user can't access /code/celerybeat because as a bind mount volume, it's owned by root.
如果您按尝试以celery用户身份运行它,则该用户将无法访问/ code / celerybeat,因为作为绑定装入卷,它是root拥有的。
Instead of chown
ing the directory in your Dockerfile, run chown
as part of an entrypoint script. 取而代之的
chown
荷兰国际集团在您的Dockerfile目录,运行chown
作为入口点脚本的一部分。 Something like: 就像是:
#!/bin/bash
chown -R celery:celery celerybeat
/bin/ash -c "su -m celery -c 'celery -A <application_here> beat -s /code/celerybeat/celerybeat-schedule'"
This script, and thus chown, execute after the bind mount, where RUN chown -R celery:celery celerybeat
executes before the bind mount, and is overwritten by it. 该脚本(因此也称为chown) 在绑定安装之后执行,其中
RUN chown -R celery:celery celerybeat
在绑定安装之前执行,并被绑定覆盖。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.