docker mysql-container 卷映射到项目中的文件夹 - 安全吗?
[英]docker mysql-container volume mapped to folder in project - safe?
问题描述
I want to start off with that I'm discovering docker now for a few days.
我想从我现在发现 docker 开始几天。 I have setup a docker-compose.yml with a stack that I run for development on my local machine.我已经设置了一个 docker-compose.yml 和一个我在本地机器上运行以进行开发的堆栈。 In my docker-compose.yml I have also created a mysql-container with a volume that connects a folder in my project to the mysql folder that is living in the container.在我的 docker-compose.yml 中,我还创建了一个带有卷的 mysql 容器,该卷将我的项目中的文件夹连接到容器中的 mysql 文件夹。
project structure:项目结构:
Project
|-- project folder 1
|-- project folder 2
|-- project folder 3
|-- docker
| `-- mysql
|-- file1
|-- file2
`-- docker-compose.yml
container:容器:
mysql:
image: mysql:5.7
ports:
- "3306:3306"
restart: always
environment:
MYSQL_DATABASE: xxx
MYSQL_USER: xxx
MYSQL_PASSWORD: xxx
MYSQL_ROOT_PASSWORD: xxx
networks:
- network-woo
volumes:
- ./docker/mysql:/var/lib/mysql
I push this project to git.我将这个项目推送到 git。 A devil called "newbie" on my shoulder tells me "great. this way you are saving the database in the git repo each time you push", While there is an angel called "gutfeeling" that tells me be careful.一个叫做“新手”的魔鬼在我肩上告诉我“太好了。这样你每次推送时都将数据库保存在 git 存储库中”,虽然有一个叫做“gutfeeling”的天使告诉我要小心。 This could go horribly wrong, but i'm not sure what yet.这可能 go 非常错误,但我还不确定是什么。
My question is if this is a safe method, and if anyone can foresee any troubles with this method in the future.我的问题是这是否是一种安全的方法,以及是否有人能预见到这种方法将来会出现任何问题。 I am aware that if I would put this project on a live server, and pull the git repo onto that server it would overwrite the database with the changes made in the local database, still working on a solution for that one.我知道,如果我将这个项目放在实时服务器上,并将 git 存储库拉到该服务器上,它将用本地数据库中所做的更改覆盖数据库,仍然在为那个解决方案工作。
Thanks in advance,提前致谢,
Bram布拉姆
3 个解决方案
解决方案1
0 2019-10-19 06:26:40
First and recommended approach is to put docker/mysql in gitignore so by doing this you will not worry about live and local both will maintain on local backup.第一个也是推荐的方法是将 docker docker/mysql放在gitignore中,这样你就不用担心 live 和 local 都将在本地备份上维护。
Ignoring files忽略文件
From time to time, there are files you don't want Git to check in to GitHub.
Create a local .gitignore创建一个本地.gitignore
If you create a file in your repository named.gitignore, Git uses it to determine which files and directories to ignore before you make a commit.
A.gitignore file should be committed into your repository, in order to share the ignore rules with any other users that clone the repository.
The second thing you can try to mount a different path other than ./docker/mysql .第二件事您可以尝试挂载./docker/mysql以外的其他路径。 For example例如
/home/dev/docker/myslq/ in dev machine or in your live /home/live/docker/mysql . /home/dev/docker/myslq/在开发机器或您的现场/home/live/docker/mysql中。
Better to go with the first approach and do not mess with directory names.最好使用第一种方法 go 并且不要弄乱目录名称。
解决方案2
0 2019-10-19 06:26:55
Exactly the problem is that exporting your git repo to a live server will erase the database which is not too good.确切的问题是,将 git 存储库导出到实时服务器会擦除不太好的数据库。
I wouldn't put the db into git.我不会将数据库放入 git。 But simply the structure.但只是结构。 The table creation / edition (what is often called migrations).表创建/编辑(通常称为迁移)。
Django is a Python web framework and handles this pretty well. Django 是一个 Python web 框架并且处理得很好。 And helps to version the right things in git:并帮助在 git 中对正确的东西进行版本控制:
- The database structure and changes (migrations)数据库结构和变化(迁移)
- Some raw data that should always be there (fixtures).一些应该始终存在的原始数据(夹具)。
So for instance if you build a shop, you would save and put in git: the database structure, and the migrations (like when you add a new field to a table), and the initial data: categories, items, delivery modes, etc... but not the clients user accounts for instance.因此,例如,如果您建立一个商店,您将保存并放入 git:数据库结构和迁移(例如当您向表中添加新字段时)以及初始数据:类别、项目、交付方式等...但不是客户的用户帐户。
https://docs.djangoproject.com/en/2.2/topics/migrations/ https://docs.djangoproject.com/en/2.2/topics/migrations/
https://docs.djangoproject.com/en/2.2/howto/initial-data/ https://docs.djangoproject.com/en/2.2/howto/initial-data/
Simply put, what you could do, is remove your mysql volume from git, and instead put the database creation scripts, with version.简而言之,您可以做的就是从 git 中删除您的 mysql 卷,而是放置带有版本的数据库创建脚本。
Like v0.1 for the database creation, v0.2 a sql script that would alter some fields, etc...就像用于创建数据库的 v0.1 一样,v0.2 是一个 sql 脚本,它会改变一些字段等......
And one script per table to do the inserts of initial data, so that if you lose your server for some reason, you can just import that initial data on your new server.每个表有一个脚本来插入初始数据,因此如果您由于某种原因丢失了服务器,您可以在新服务器上导入该初始数据。
解决方案3
0 2020-05-16 10:00:25
I suppose it depends on your project.我想这取决于你的项目。 I'm in the WordPress world, so I will use that as an example.我在 WordPress 世界中,所以我将以此为例。
If you are developing a theme or a plugin that will be used by more than one person, it makes sense to only put the theme or plugin in versioning.如果您正在开发一个多人使用的主题或插件,那么只将主题或插件放在版本控制中是有意义的。
In this case I will use wp-env (a script that spins up a couple of docker containers, and set up standard a WordPress environment for me), and only put the theme and/or plugin folder that is linked to the container in versioning.在这种情况下,我将使用 wp-env(一个启动几个 docker 容器的脚本,并为我设置标准的 WordPress 环境),并且只将链接到容器的主题和/或插件文件夹放入版本控制中. There is no point to actually version the generate WP source or DB files here, because they can simply be regenerated with the wp-env command again.在此处实际对生成的 WP 源或 DB 文件进行版本化是没有意义的,因为它们可以简单地再次使用 wp-env 命令重新生成。
On the other hand, if you are developing a complete website for a client, that depends on a combination of plugins and some settings, together with a custom theme you build, and maybe even one or two plugins you develop uniquely for that client, I've come to learn that I want to put my ENTIRE development environment in a git repo like this:另一方面,如果您正在为客户开发一个完整的网站,这取决于插件和一些设置的组合,以及您构建的自定义主题,甚至可能是您为该客户开发的一个或两个插件,我已经了解到我想将我的整个开发环境放在 git 存储库中,如下所示:
-- docker-compose.yml (spins up a wp container and a mysql container) -- data (the raw database files mapped to the mysql container) -- wordpress (the web root for the WordPress project, mapped to the wp container) --.git -- docker-compose.yml (spins up a wp container and a mysql container) -- data (the raw database files mapped to the mysql container) -- wordpress (the web root for the WordPress project, mapped to the wp container) -- .git
The reason I think this makes sense, is that I can just go to another computer, pull the repository, run docker-compose up, and I have everything exactly in the state that I left it when I last pushed the project on my other computer.我认为这是有道理的,因为我可以将 go 转移到另一台计算机上,拉取存储库,运行 docker-compose,然后我将所有东西都完全放在 state 中,我上次将它推到了我的另一台计算机上。
Of course, if you are working with other people, this might require some extra coordination.当然,如果您与其他人一起工作,这可能需要一些额外的协调。
Also, as some people have pointed out, you cannot simply go and push your git repo to live.此外,正如一些人指出的那样,您不能简单地 go 并推动您的 git 回购。 Instead, you could write a script that only pushes the relevant files to a live environment.相反,您可以编写一个仅将相关文件推送到实时环境的脚本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.