如何为 Docker 容器内的附加卷设置权限?
[英]How can I set permissions on an attached Volume within a Docker container?
问题描述
I'm trying to deploy the Prometheus docker container with persistent data via an NFS volume using a Docker named volume .
我正在尝试使用名为 volume的Docker通过 NFS 卷部署具有持久数据的Prometheus docker 容器。 I'm deploying with Ansible, so I'll post Ansible config, but I've executed the same using Docker's CLI commands and the issue presents in that case as well.我正在使用 Ansible 进行部署,因此我将发布 Ansible 配置,但我已经使用 Docker 的 CLI 命令执行了相同的操作,并且在这种情况下也会出现问题。
When I deploy the container and review the containers docker logs , I see that /etc/prometheus is shared appropriately and attached to the container.当我部署容器并查看容器docker logs ,我看到/etc/prometheus已正确共享并附加到容器。 However, /prometheus , which is where the container stores relevant DB and metrics, gives permission denied.但是,容器存储相关数据库和指标的/prometheus会拒绝授予权限。
According to this answer , /prometheus is required to be chown ed to nobody.根据这个答案, /prometheus需要被chown给任何人。 This doesn't seem to happen within the container upon startup.这似乎不会在启动时在容器内发生。
Here's the volume creation from my Ansible role:这是我的 Ansible 角色创建的卷:
- name: "Creates named docker volume"
docker_volume:
volume_name: prometheus_persist
state: present
driver_options:
type: nfs
o: "addr={{ nfs_server }},rw,nolock"
device: ":{{ prometheus_nfs_path }}"
Which is equivalent to this Docker CLI command:这相当于这个 Docker CLI 命令:
docker volume create -d local -o type=nfs -o o=addr={{ nfs_server }},rw -o device=:{{ prometheus_nfs_path }} prometheus_persist
Here's my container deployment stanza这是我的容器部署节
- name: "Deploy prometheus container"
docker_container:
name: prometheus
# hostname: prometheus
image: prom/prometheus
restart_policy: always
state: started
ports: 9090:9090
user: ansible:docker
volumes:
- "{{ prometheus_config_path }}:/etc/prometheus"
mounts:
- source: prometheus_persist
target: /prometheus
read_only: no
type: volume
comparisons:
env: strict
Which is equivalent to this Docker CLI command:这相当于这个 Docker CLI 命令:
docker run -v prometheus_persist:/prometheus -v "{{ prometheus_config_path }}:/etc/prometheus" -p 9090:9090 --name prometheus prom/prometheus
Again, the container logs upon deployment indicate permission denied on /prometheus .同样,部署时的容器日志表明/prometheus上的权限被拒绝。 I've tested by mounting the prometheus_persist named volume on a generic Ubuntu container, it mounts fine, and I can touch files within.我已经通过在通用 Ubuntu 容器上安装prometheus_persist命名卷进行了测试,它安装得很好,我可以touch文件。 Any advice on how to resolve this?有关如何解决此问题的任何建议?
1 个解决方案
解决方案1
0 2020-11-03 22:24:28
This turned out to be an issue with NFS squashing.结果证明这是 NFS 压缩的问题。 The NFS exporter in my case is an old Synology, which doesn't allow no_root_squash to be set.就我而言,NFS 导出器是旧的 Synology,它不允许设置no_root_squash 。 However, mapping all users to admin on the NFS share resolved the issue.但是,将所有用户映射到 NFS 共享上的 admin 解决了该问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.