堆栈内存溢出
  简体   繁体   English

如何在挂载nfs卷时解决postgresql docker容器的chown权限问题?

[英]how to solve the chown permission issue of postgresql docker container when mount the nfs volume?

 原文  2018-12-08 13:03:34       docker/ nfs

问题描述

I am using docker on Mac and trying to get a persistent container of postgresql database using nfs volume. 我在Mac上使用docker并尝试使用nfs卷获取postgresql数据库的持久容器。

I put one line /Users/me/db -alldirs *(rw,sync,no_subtree_check,no_root_squash) in /etc/exports and restart nfsd. 我在/etc/exports放了一行/Users/me/db -alldirs *(rw,sync,no_subtree_check,no_root_squash)并重启nfsd。 I think(correct me if I am wrong) the key point is no_root_squash which will allow the client root user to be still root user.Then in my docker-compose.yml, I declare the nfsmount point as the follwing: 我认为(纠正我,如果我错了)关键点是no_root_squash,它将允许客户端root用户仍然是root用户。然后在我的docker-compose.yml中,我将nfsmount点声明为以下内容: 

version: '2'
volumes:
  nfsmountdbdata:
    driver: local
    driver_opts:
      type: nfs
      o: addr=host.docker.internal,rw,nolock,hard,nointr,nfsvers=3
      device: ":/Users/me/db/data"
  nfsmountdbinit:
    driver: local
    driver_opts:
      type: nfs
      o: addr=host.docker.internal,rw,nolock,hard,nointr,nfsvers=3
      device: ":/Users/me/db/initdb"
services:

  ## POSTGRES DATABASE
  db:
    image: postgres:9.6
    privileged: true
    volumes:
      #- ./services/db/initdb:/docker-entrypoint-initdb.d
      #- ./services/db/app:/var/lib/postgresql/data
      - nfsmountdbinit:/docker-entrypoint-initdb.d
      - nfsmountdbdata:/var/lib/postgresql/data
    ports:
      - 5432:5432

But when the container db starts, it complains a lot about chown: changing ownership of '/var/lib/postgresql/data/base/**/**': Operation not permitted . 但是当容器db启动时,它会抱怨chown: changing ownership of '/var/lib/postgresql/data/base/**/**': Operation not permitted It makes me feel very confused as I have done something(no_root_squash configuration in nfs) to fix it. 这让我感到非常困惑,因为我已经做了一些事情(nfs中的no_root_squash配置)来修复它。 But it just does not work. 但它只是不起作用。 What's wrong with my understanding here? 我在这里的理解有什么问题? I am using Mac Mojave and Docker desktop for Mac 2.0.0.0 stabel. 我使用Mac Mojave和Docker桌面为Mac 2.0.0.0 stabel。

3 个解决方案

解决方案1
 0  2019-02-15 15:31:59

I believe I solved this... 我相信我解决了这个......

Dockerfile Dockerfile 

FROM postgres:9.6
ARG GNAME='groupname'
ARG GID='groupid'
ARG USERID=999

# fix permissions so it can persist data on the host nfs file system
RUN groupadd -g $GID $GNAME \
 && usermod -g $GNAME postgres \
 && usermod -u $USERID postgres

# go get the entrypoint script from their git hub link and details to follow
COPY ./docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["postgres"]

Get the Postgres Entrypoint scrip here 这里获取Postgres入口点

Make edits to it commenting out lines 34, 35, 36 52, 53, 54. Basically where it tries to chmod and chown the NFS folders. 对其进行编辑,注释出第34,35,36,52,53,54行。基本上它是在尝试chmodchown NFS文件夹的地方。 

...
if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
    #mkdir -p "$PGDATA"
    #chown -R postgres "$PGDATA"
    #chmod 700 "$PGDATA"
...
if [ "$1" = 'postgres' ]; then
    #mkdir -p "$PGDATA"
    #chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
    #chmod 700 "$PGDATA" 2>/dev/null || :
...

Now build the image... 现在构建图像...... 

docker build -t postgres9.6:nfs --build-arg GID=<NFS GROUP ID> ==build-arg GNAME=<NFS GROUP NAME> --build-arg USERID=<NFS USER ID> .

What I mean by NFS GROUP ID, USER ID, and GROUP NAME is the user/group that has read/write access to the NFS folders. 我的意思是NFS GROUP ID,USER ID和GROUP NAME是对NFS文件夹具有读/写访问权限的用户/组。

Now you should have a Postgres Docker image that is capable of using NFS Host Volumes to store the database data. 现在你应该有一个Postgres Docker镜像,它能够使用NFS Host Volumes来存储数据库数据。

Hope this helps.. 希望这可以帮助..

解决方案2
 0  2019-07-04 01:16:09

Something that worked easiest for me was to add a Dockerfile that did the following: 对我来说最简单的事情是添加一个执行以下操作的Dockerfile: 

FROM postgres:11.2
ENV TZ=America/Los_Angeles

# Make us the same gid/id as the nfs mount.
RUN sed -i 's/:999:/:5081:/g' /etc/group
RUN sed -i 's/:999:999:/:5081:5081:/g' /etc/passwd


CMD [ "postgres", "-c", "max_connections=10000"]

解决方案3
 0  2019-08-14 10:50:12

You don't need to create a new image to change the user, you can just run the postgres image as a different user instead: 您无需创建新图像来更改用户,您可以将postgres图像作为其他用户运行: 

  postgres:
    image: postgres:9.6
    environment:
      - PGDATA=/var/lib/postgresql/data/pgdata
    user: "${UID:?You must do 'export UID' to launch}:${GID:?You must do 'export GID' to launch}"
    volumes:
      - nfsmountdbdata:/var/lib/postgresql/data
    ports:
      - 5432:5432

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 NFS 共享卷不会挂载到 Docker 容器 - NFS Share Volume wont mount to Docker container nfs卷安装到ubuntu virtualbox内的mysql docker容器失败 - nfs volume mount to mysql docker container inside a ubuntu virtualbox fail 具有卷挂载的 docker 容器中的文件权限 - File permission in docker container with volume mount 具有NFS安装作为卷映射的SQL Server Docker容器 - SQL Server docker container with NFS mount as volume mapping 如何使用 docker compose v3 在容器中直接挂载 NFS 共享/卷 - How to directly mount NFS share/volume in container using docker compose v3 在 docker-compose 中挂载 NFS 卷时连接超时 - Connection timed out when mount NFS volume in docker-compose 如何将Docker容器的根目录挂载为NFS挂载点 - How to mount the root directory of docker container as a NFS mount point 如何使用jenkins docker容器安装docker卷? - How to mount docker volume with jenkins docker container? docker volume nfs权限被拒绝 - docker volume nfs permission denied 如何将卷挂载添加到正在运行的 postgreSQL 容器? - How to add volume mount to running postgreSQL container?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM