Docker中的共享映像卷安装错误
[英]Shared image volume mount error in docker
问题描述
I use docker-compose for running my containers in docker . 
我使用docker-compose在docker运行容器。 I have two services - one of celerybeat and other the web (I have many others but considering only these services because they contain my problem). 我有两种服务celerybeat一项服务和其他web (我还有很多其他服务,但仅考虑这些服务,因为它们包含我的问题)。
docker-compose.yml file looks like this: docker-compose.yml文件如下所示:
.
.
.
celerybeat:
image: web-image
volumes:
- /home/ubuntu/celerybeat:/code/celerybeat
command: >
/bin/ash -c "su -m celery -c 'celery -A <application_here> beat -s /code/celerybeat/celerybeat-schedule'"
web:
image: web-image
volumes:
- /home/ubuntu/celerybeat:/code/celerybeat
command: >
<some_command_to_run_server>
In my Dockerfile I have added these commands for proper permissions 在我的Dockerfile我添加了以下命令以获得适当的权限
RUN mkdir celerybeat
RUN touch celerybeat/celerybeat-schedule
RUN chown -R celery:celery celerybeat
Note: In my compose file structure written above I have provided volume mounts for both containers (but actually I am using one at a time), for the ease of not writing the compose files again and again . 注意:在上面编写的撰写文件结构中,我为两个容器提供了卷挂载(但实际上我一次使用了一个),以便避免一次又一次地写入撰写文件 。
The problem is actually here only. 问题实际上仅在这里。 Technically the volume mount should be provided only in the celerybeat service. 从技术上讲,仅在celerybeat服务中提供卷安装。 When I write volume mount for celerybeat-schedule in the celerybeat docker service I get permission denied . 当我在celerybeat docker服务中为celerybeat-schedule编写卷挂载时,我获得了permission denied 。 Whereas when I write the volume mount command in the web service celerybeat service starts happily. 而当我在Web服务中编写volume mount命令时,celerybeat服务会很高兴地启动。 What is happening here can anyone explain me? 这里发生了什么事,有人可以向我解释吗? I need a fix for this. 我需要对此进行修复。
2 个解决方案
解决方案1
2 2017-12-18 13:12:51
The issue you have is below 您遇到的问题如下
volumes:
- /home/ubuntu/celerybeat:/code/celerybeat
By doing the above volume mapping, you effectively cancel the below 通过执行以上体积映射,您可以有效地取消以下内容
RUN chown -R celery:celery celerybeat
And inherit the permissions from the volume mount. 并从卷装载继承权限。 The fix is either not to use the celery user or use below in your yaml 解决方法是不使用celery用户或在Yaml中使用以下方法
command: >
/bin/ash -c "chown -R celery:celery /code/celerybeat && su -m celery -c 'celery -A <application_here> beat -s /code/celerybeat/celerybeat-schedule'"
解决方案2
1 已采纳 2017-12-18 13:15:25
Order of operations - docker build then docker run (with docker-compose up counting as a docker run . 操作顺序- docker build然后docker run ( docker-compose up docker run 。
When you mount a volume, the files and folders in that volume are owned by root. 挂载卷时,该卷中的文件和文件夹归root拥有。 Having RUN chown -R celery:celery celerybeat would work if you didn't mount a volume. 如果您不安装卷,则RUN chown -R celery:celery celerybeat将可以工作。 When you bind mount the volume in your docker run / docker-compose up , anything that exists at /code/celerybeat is overwritten, including permissions. 当您绑定安装量的docker run / docker-compose up ,任何存在于/代码/ celerybeat被覆盖,包括权限。
So when you run celerybeat as root, you're good in this case. 因此,当您以root用户身份运行celerybeat时,在这种情况下会很好。 If you run it as the celery user as you have tried, that user can't access /code/celerybeat because as a bind mount volume, it's owned by root. 如果您按尝试以celery用户身份运行它,则该用户将无法访问/ code / celerybeat,因为作为绑定装入卷,它是root拥有的。
Instead of chown ing the directory in your Dockerfile, run chown as part of an entrypoint script. 取而代之的chown荷兰国际集团在您的Dockerfile目录,运行chown作为入口点脚本的一部分。 Something like: 就像是:
#!/bin/bash
chown -R celery:celery celerybeat
/bin/ash -c "su -m celery -c 'celery -A <application_here> beat -s /code/celerybeat/celerybeat-schedule'"
This script, and thus chown, execute after the bind mount, where RUN chown -R celery:celery celerybeat executes before the bind mount, and is overwritten by it. 该脚本(因此也称为chown) 在绑定安装之后执行,其中RUN chown -R celery:celery celerybeat 在绑定安装之前执行,并被绑定覆盖。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.