how to solve the chown permission issue of postgresql docker container when mount the nfs volume?
Question
I am using docker on Mac and trying to get a persistent container of postgresql database using nfs volume.
I put one line /Users/me/db -alldirs *(rw,sync,no_subtree_check,no_root_squash) in /etc/exports and restart nfsd. I think(correct me if I am wrong) the key point is no_root_squash which will allow the client root user to be still root user.Then in my docker-compose.yml, I declare the nfsmount point as the follwing:
version: '2'
volumes:
nfsmountdbdata:
driver: local
driver_opts:
type: nfs
o: addr=host.docker.internal,rw,nolock,hard,nointr,nfsvers=3
device: ":/Users/me/db/data"
nfsmountdbinit:
driver: local
driver_opts:
type: nfs
o: addr=host.docker.internal,rw,nolock,hard,nointr,nfsvers=3
device: ":/Users/me/db/initdb"
services:
## POSTGRES DATABASE
db:
image: postgres:9.6
privileged: true
volumes:
#- ./services/db/initdb:/docker-entrypoint-initdb.d
#- ./services/db/app:/var/lib/postgresql/data
- nfsmountdbinit:/docker-entrypoint-initdb.d
- nfsmountdbdata:/var/lib/postgresql/data
ports:
- 5432:5432
But when the container db starts, it complains a lot about chown: changing ownership of '/var/lib/postgresql/data/base/**/**': Operation not permitted . It makes me feel very confused as I have done something(no_root_squash configuration in nfs) to fix it. But it just does not work. What's wrong with my understanding here? I am using Mac Mojave and Docker desktop for Mac 2.0.0.0 stabel.
3 answers
solution1
0 2019-02-15 15:31:59
I believe I solved this...
Dockerfile
FROM postgres:9.6
ARG GNAME='groupname'
ARG GID='groupid'
ARG USERID=999
# fix permissions so it can persist data on the host nfs file system
RUN groupadd -g $GID $GNAME \
&& usermod -g $GNAME postgres \
&& usermod -u $USERID postgres
# go get the entrypoint script from their git hub link and details to follow
COPY ./docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["postgres"]
Get the Postgres Entrypoint scrip here
Make edits to it commenting out lines 34, 35, 36 52, 53, 54. Basically where it tries to chmod and chown the NFS folders.
...
if [ "$1" = 'postgres' ] && [ "$(id -u)" = '0' ]; then
#mkdir -p "$PGDATA"
#chown -R postgres "$PGDATA"
#chmod 700 "$PGDATA"
...
if [ "$1" = 'postgres' ]; then
#mkdir -p "$PGDATA"
#chown -R "$(id -u)" "$PGDATA" 2>/dev/null || :
#chmod 700 "$PGDATA" 2>/dev/null || :
...
Now build the image...
docker build -t postgres9.6:nfs --build-arg GID=<NFS GROUP ID> ==build-arg GNAME=<NFS GROUP NAME> --build-arg USERID=<NFS USER ID> .
What I mean by NFS GROUP ID, USER ID, and GROUP NAME is the user/group that has read/write access to the NFS folders.
Now you should have a Postgres Docker image that is capable of using NFS Host Volumes to store the database data.
Hope this helps..
solution2
0 2019-07-04 01:16:09
Something that worked easiest for me was to add a Dockerfile that did the following:
FROM postgres:11.2
ENV TZ=America/Los_Angeles
# Make us the same gid/id as the nfs mount.
RUN sed -i 's/:999:/:5081:/g' /etc/group
RUN sed -i 's/:999:999:/:5081:5081:/g' /etc/passwd
CMD [ "postgres", "-c", "max_connections=10000"]
solution3
0 2019-08-14 10:50:12
You don't need to create a new image to change the user, you can just run the postgres image as a different user instead:
postgres:
image: postgres:9.6
environment:
- PGDATA=/var/lib/postgresql/data/pgdata
user: "${UID:?You must do 'export UID' to launch}:${GID:?You must do 'export GID' to launch}"
volumes:
- nfsmountdbdata:/var/lib/postgresql/data
ports:
- 5432:5432
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.