通过卷共享安装在 docker 容器内的 FUSE FS
Share a FUSE FS mounted inside a docker container through volumes
我创建了一个 docker 容器,我在其中安装了保险丝 S3QL FS。这是有效的。
现在我希望能够与主机或其他容器共享这个挂载点,但它不起作用。
简而言之,我 运行 这样的容器:
docker run --rm -d -v /s3ql:/s3ql \
--cap-add SYS_ADMIN --device /dev/fuse \
--name myContainer \
myS3qlIimage mount.s3ql swiftks://url:container /s3ql
docker exec myContainer ls /s3ql 显示实际的 S3QL 内容,但主机上的 /s3ql 为空。
关于我到目前为止在回购上的表现的更多细节:https://gitlab.com/Salokyn/docker-s3ql
您认为这有可能实现吗?
通常,当您启动一个 Docker 容器时,它是 运行 在私有挂载命名空间中:这意味着 (a) 挂载在容器内的文件系统在主机上是不可见的和 (b) 安装在主机上的文件系统在容器内不可见。
您可以使用 --mount 选项的 bind-propagation 标志修改此行为。此标志有六个可用值:
shared: Sub-mounts of the original mount are exposed to replica mounts, and sub-mounts of replica mounts are also propagated to the original mount.slave: similar to a shared mount, but only in one direction. If the original mount exposes a sub-mount, the replica mount can see it. However, if the replica mount exposes a sub-mount, the original mount cannot see it.private: The mount is private. Sub-mounts within it are not exposed to replica mounts, and sub-mounts of replica mounts are not exposed to the original mount.rshared: The same as shared, but the propagation also extends to and from mount points nested within any of the original or replica mount points.rslave: The same as slave, but the propagation also extends to and from mount points nested within any of the original or replica mount points.rprivate: The default. The same as private, meaning that no mount points anywhere within the original or replica mount points propagate in either direction.
根据您的问题,您可能需要 rshared 选项,这将允许容器内的挂载在主机上可见。这意味着您的 docker 命令行看起来像:
docker run --rm \
--mount type=bind,source=/s3ql,target=/s3ql,bind-propagation=rshared \
--cap-add SYS_ADMIN --device /dev/fuse --name myContainer \
myS3qlIimage mount.s3ql swiftks://url:container /s3ql
但是这里可能还有第二个问题:如果你的 fuse mount 需要一个持久化进程才能运行,这将不起作用,因为你的容器将在 mount 命令后立即退出完成,带走任何进程。在这种情况下,只要您需要挂载活动,您就需要安排容器挂起:
docker run -d \
--mount type=bind,source=/s3ql,target=/s3ql,bind-propagation=rshared \
--cap-add SYS_ADMIN --device /dev/fuse --name myContainer \
myS3qlIimage sh -c 'mount.s3ql swiftks://url:container /s3ql; sleep inf'
(假设您有一个支持 inf 参数的 sleep 命令版本以永远休眠)。
我创建了一个 docker 容器,我在其中安装了保险丝 S3QL FS。这是有效的。
现在我希望能够与主机或其他容器共享这个挂载点,但它不起作用。
简而言之,我 运行 这样的容器:
docker run --rm -d -v /s3ql:/s3ql \
--cap-add SYS_ADMIN --device /dev/fuse \
--name myContainer \
myS3qlIimage mount.s3ql swiftks://url:container /s3ql
docker exec myContainer ls /s3ql 显示实际的 S3QL 内容,但主机上的 /s3ql 为空。
关于我到目前为止在回购上的表现的更多细节:https://gitlab.com/Salokyn/docker-s3ql
您认为这有可能实现吗?
通常,当您启动一个 Docker 容器时,它是 运行 在私有挂载命名空间中:这意味着 (a) 挂载在容器内的文件系统在主机上是不可见的和 (b) 安装在主机上的文件系统在容器内不可见。
您可以使用 --mount 选项的 bind-propagation 标志修改此行为。此标志有六个可用值:
shared: Sub-mounts of the original mount are exposed to replica mounts, and sub-mounts of replica mounts are also propagated to the original mount.slave: similar to a shared mount, but only in one direction. If the original mount exposes a sub-mount, the replica mount can see it. However, if the replica mount exposes a sub-mount, the original mount cannot see it.private: The mount is private. Sub-mounts within it are not exposed to replica mounts, and sub-mounts of replica mounts are not exposed to the original mount.rshared: The same as shared, but the propagation also extends to and from mount points nested within any of the original or replica mount points.rslave: The same as slave, but the propagation also extends to and from mount points nested within any of the original or replica mount points.rprivate: The default. The same as private, meaning that no mount points anywhere within the original or replica mount points propagate in either direction.
根据您的问题,您可能需要 rshared 选项,这将允许容器内的挂载在主机上可见。这意味着您的 docker 命令行看起来像:
docker run --rm \
--mount type=bind,source=/s3ql,target=/s3ql,bind-propagation=rshared \
--cap-add SYS_ADMIN --device /dev/fuse --name myContainer \
myS3qlIimage mount.s3ql swiftks://url:container /s3ql
但是这里可能还有第二个问题:如果你的 fuse mount 需要一个持久化进程才能运行,这将不起作用,因为你的容器将在 mount 命令后立即退出完成,带走任何进程。在这种情况下,只要您需要挂载活动,您就需要安排容器挂起:
docker run -d \
--mount type=bind,source=/s3ql,target=/s3ql,bind-propagation=rshared \
--cap-add SYS_ADMIN --device /dev/fuse --name myContainer \
myS3qlIimage sh -c 'mount.s3ql swiftks://url:container /s3ql; sleep inf'
(假设您有一个支持 inf 参数的 sleep 命令版本以永远休眠)。