如何在保留所有者和权限的同时从数据容器装载卷?
How can I mount a volume from a data container while preserving the owner and permissions?
我正在使用 Fig 并尝试使用数据卷容器在 Rails 网络服务器和另一个容器中的 Resque worker 运行ning 之间共享上传的文件。为此,数据卷容器定义了一个 /rails/public/system 卷,用于共享这些文件。 Rails 和 Resque 在各自的容器中将 运行 作为 rails 用户处理,这两个容器都基于 markb/litdistco 图像。 fig.yml 看起来像这样:
redis:
image: redis:2.8.17
volumes_from:
- file
web:
image: markb/litdistco
command: /usr/bin/start-server /opt/nginx/sbin/nginx
ports:
- 80:8000
- 443:4430
environment:
DATABASE_URL:
links:
- redis
volumes_from:
- file
worker:
image: markb/litdistco
command: /usr/bin/start-server "bundle exec rake environment resque:work QUEUE=litdistco_offline RAILS_ENV=production"
environment:
DATABASE_URL:
links:
- redis
volumes_from:
- file
file:
image: markb/litdistco
command: echo "datastore"
volumes:
- /var/redis
- /rails/log
- ./config/container/ssl:/etc/ssl
当 web 和 worker 容器为 运行ning 时,我可以在两者中看到 /rails/public/system 目录,但是它属于 root 两个容器中的用户和目录权限阻止 rails 用户写入此目录。
作为参考,有两个 Docker 文件用于制作 markb/litdistco 容器。第一个定义了我用于本地开发的基本图像 (Dockerfile):
# This Dockerfile is based on the excellent blog post by SteveLTN:
#
# http://steveltn.me/blog/2014/03/15/deploy-rails-applications-using-docker/
#
# KNOWN ISSUES:
#
# * Upgrading passenger or ruby breaks nginx directives with absolute paths
# Start from Ubuntu base image
FROM ubuntu:14.04
MAINTAINER Mark Bennett <mark@burmis.ca>
# Update package sources
RUN apt-get -y update
# Install basic packages
RUN apt-get -y install build-essential libssl-dev curl
# Install basics
RUN apt-get -y install tmux vim
RUN apt-get install -y libcurl4-gnutls-dev
# Install libxml2 for nokogiri
RUN apt-get install -y libxslt-dev libxml2-dev
# Install mysql-client
RUN apt-get -y install mysql-client libmysqlclient-dev
# Add RVM key and install requirements
RUN command curl -sSL https://rvm.io/mpapis.asc | gpg --import -
RUN curl -sSL https://get.rvm.io | bash -s stable
RUN /bin/bash -l -c "rvm requirements"
# Create rails user which will run the app
RUN useradd rails --home /rails --groups rvm
# Create the rails users home and give them permissions
RUN mkdir /rails
RUN chown rails /rails
RUN mkdir -p /rails/public/system
RUN chown rails /rails/public/system
# Add configuration files in repository to filesystem
ADD config/container/start-server.sh /usr/bin/start-server
RUN chown rails /usr/bin/start-server
RUN chmod +x /usr/bin/start-server
# Make a directory to contain nginx and give rails user permission
RUN mkdir /opt/nginx
RUN chown rails /opt/nginx
# Switch to rails user that will run app
USER rails
# Install rvm, ruby, bundler
WORKDIR /rails
ADD ./.ruby-version /rails/.ruby-version
RUN echo "gem: --no-ri --no-rdoc" > /rails/.gemrc
RUN /bin/bash -l -c "rvm install `cat .ruby-version`"
RUN /bin/bash -l -c "gem install bundler --no-ri --no-rdoc"
# Install nginx
RUN /bin/bash -l -c "gem install passenger --no-ri --no-rdoc"
RUN /bin/bash -l -c "passenger-install-nginx-module"
ADD config/container/nginx-sites.conf.TEMPLATE /opt/nginx/conf/nginx.conf.TEMPLATE
ADD config/container/set-nginx-paths.sh /rails/set-nginx-paths.sh
RUN /bin/bash -l -c "source /rails/set-nginx-paths.sh"
# Copy the Gemfile and Gemfile.lock into the image.
# Temporarily set the working directory to where they are.
WORKDIR /tmp
ADD Gemfile Gemfile
ADD Gemfile.lock Gemfile.lock
# bundle install
RUN /bin/bash -l -c "bundle install"
# Add rails project to project directory
ADD ./ /rails
# set WORKDIR
WORKDIR /rails
# Make sure rails has the right owner
USER root
RUN chown -R rails:rails /rails
# Publish ports
EXPOSE 3000
EXPOSE 4430
EXPOSE 8000
这被标记为 litdistco-base 图像,然后我使用 config/containers/production/Dockerfile 生成我在暂存和生产中标记为 markb/litdistco 和 运行 的图像。
# Start from LitDistCo base image
FROM litdistco-base
MAINTAINER Mark Bennett <mark@burmis.ca>
USER rails
# Setup volumes used in production
VOLUME ["/rails/log", "/rails/public/system"]
# Build the application assets
WORKDIR /rails
RUN /bin/bash -l -c "touch /rails/log/production.log; chmod 0666 /rails/log/production.log"
RUN /bin/bash -l -c "source /etc/profile.d/rvm.sh; bundle exec rake assets:precompile"
任何人都可以解释我如何让数据容器卷挂载为 rails 用户可写。我非常想避免 运行 将任何 Ruby 进程设置为 root,即使是在容器中也是如此。
对于某些上下文,我还应该提到我正在 Mac OS X 上的 boot2docker 中 Docker 中开发图像,然后 运行 将它们放在Google Ubuntu 14.04 主机上的计算引擎实例。谢谢!
我会稍微修改一下你的图片。编写一个 shell 脚本,将 /usr/bin/start-server 命令包装在 fig.yml 中,并将其放入容器中。
然后您可以在启动服务器之前 chown rails 任何您需要的东西。
运行 也不需要默认用户 rails 的容器,只要您以 rails 用户身份启动服务器即可: sudo -u rails /usr/bin/start-server(或类似的东西)。
我个人还没有使用过 litdistco-base 镜像,所以不知道它是如何工作的。
我认为您需要按以下方式修改 litdistco-base 图像,以便两个目录都属于 rails:
# Start from LitDistCo base image
FROM litdistco-base
MAINTAINER Mark Bennett <mark@burmis.ca>
RUN mkdir -p /rails/log
RUN mkdir -p /rails/public/system
RUN chown -R rails:rails /rails/log /rails/public/system
USER rails
# Setup volumes used in production
VOLUME ["/rails/log", "/rails/public/system"]
# Build the application assets
WORKDIR /rails
RUN /bin/bash -l -c "touch /rails/log/production.log; chmod 0666 /rails/log/production.log"
RUN /bin/bash -l -c "source /etc/profile.d/rvm.sh; bundle exec rake assets:precompile"
我正在使用 Fig 并尝试使用数据卷容器在 Rails 网络服务器和另一个容器中的 Resque worker 运行ning 之间共享上传的文件。为此,数据卷容器定义了一个 /rails/public/system 卷,用于共享这些文件。 Rails 和 Resque 在各自的容器中将 运行 作为 rails 用户处理,这两个容器都基于 markb/litdistco 图像。 fig.yml 看起来像这样:
redis:
image: redis:2.8.17
volumes_from:
- file
web:
image: markb/litdistco
command: /usr/bin/start-server /opt/nginx/sbin/nginx
ports:
- 80:8000
- 443:4430
environment:
DATABASE_URL:
links:
- redis
volumes_from:
- file
worker:
image: markb/litdistco
command: /usr/bin/start-server "bundle exec rake environment resque:work QUEUE=litdistco_offline RAILS_ENV=production"
environment:
DATABASE_URL:
links:
- redis
volumes_from:
- file
file:
image: markb/litdistco
command: echo "datastore"
volumes:
- /var/redis
- /rails/log
- ./config/container/ssl:/etc/ssl
当 web 和 worker 容器为 运行ning 时,我可以在两者中看到 /rails/public/system 目录,但是它属于 root 两个容器中的用户和目录权限阻止 rails 用户写入此目录。
作为参考,有两个 Docker 文件用于制作 markb/litdistco 容器。第一个定义了我用于本地开发的基本图像 (Dockerfile):
# This Dockerfile is based on the excellent blog post by SteveLTN:
#
# http://steveltn.me/blog/2014/03/15/deploy-rails-applications-using-docker/
#
# KNOWN ISSUES:
#
# * Upgrading passenger or ruby breaks nginx directives with absolute paths
# Start from Ubuntu base image
FROM ubuntu:14.04
MAINTAINER Mark Bennett <mark@burmis.ca>
# Update package sources
RUN apt-get -y update
# Install basic packages
RUN apt-get -y install build-essential libssl-dev curl
# Install basics
RUN apt-get -y install tmux vim
RUN apt-get install -y libcurl4-gnutls-dev
# Install libxml2 for nokogiri
RUN apt-get install -y libxslt-dev libxml2-dev
# Install mysql-client
RUN apt-get -y install mysql-client libmysqlclient-dev
# Add RVM key and install requirements
RUN command curl -sSL https://rvm.io/mpapis.asc | gpg --import -
RUN curl -sSL https://get.rvm.io | bash -s stable
RUN /bin/bash -l -c "rvm requirements"
# Create rails user which will run the app
RUN useradd rails --home /rails --groups rvm
# Create the rails users home and give them permissions
RUN mkdir /rails
RUN chown rails /rails
RUN mkdir -p /rails/public/system
RUN chown rails /rails/public/system
# Add configuration files in repository to filesystem
ADD config/container/start-server.sh /usr/bin/start-server
RUN chown rails /usr/bin/start-server
RUN chmod +x /usr/bin/start-server
# Make a directory to contain nginx and give rails user permission
RUN mkdir /opt/nginx
RUN chown rails /opt/nginx
# Switch to rails user that will run app
USER rails
# Install rvm, ruby, bundler
WORKDIR /rails
ADD ./.ruby-version /rails/.ruby-version
RUN echo "gem: --no-ri --no-rdoc" > /rails/.gemrc
RUN /bin/bash -l -c "rvm install `cat .ruby-version`"
RUN /bin/bash -l -c "gem install bundler --no-ri --no-rdoc"
# Install nginx
RUN /bin/bash -l -c "gem install passenger --no-ri --no-rdoc"
RUN /bin/bash -l -c "passenger-install-nginx-module"
ADD config/container/nginx-sites.conf.TEMPLATE /opt/nginx/conf/nginx.conf.TEMPLATE
ADD config/container/set-nginx-paths.sh /rails/set-nginx-paths.sh
RUN /bin/bash -l -c "source /rails/set-nginx-paths.sh"
# Copy the Gemfile and Gemfile.lock into the image.
# Temporarily set the working directory to where they are.
WORKDIR /tmp
ADD Gemfile Gemfile
ADD Gemfile.lock Gemfile.lock
# bundle install
RUN /bin/bash -l -c "bundle install"
# Add rails project to project directory
ADD ./ /rails
# set WORKDIR
WORKDIR /rails
# Make sure rails has the right owner
USER root
RUN chown -R rails:rails /rails
# Publish ports
EXPOSE 3000
EXPOSE 4430
EXPOSE 8000
这被标记为 litdistco-base 图像,然后我使用 config/containers/production/Dockerfile 生成我在暂存和生产中标记为 markb/litdistco 和 运行 的图像。
# Start from LitDistCo base image
FROM litdistco-base
MAINTAINER Mark Bennett <mark@burmis.ca>
USER rails
# Setup volumes used in production
VOLUME ["/rails/log", "/rails/public/system"]
# Build the application assets
WORKDIR /rails
RUN /bin/bash -l -c "touch /rails/log/production.log; chmod 0666 /rails/log/production.log"
RUN /bin/bash -l -c "source /etc/profile.d/rvm.sh; bundle exec rake assets:precompile"
任何人都可以解释我如何让数据容器卷挂载为 rails 用户可写。我非常想避免 运行 将任何 Ruby 进程设置为 root,即使是在容器中也是如此。
对于某些上下文,我还应该提到我正在 Mac OS X 上的 boot2docker 中 Docker 中开发图像,然后 运行 将它们放在Google Ubuntu 14.04 主机上的计算引擎实例。谢谢!
我会稍微修改一下你的图片。编写一个 shell 脚本,将 /usr/bin/start-server 命令包装在 fig.yml 中,并将其放入容器中。
然后您可以在启动服务器之前 chown rails 任何您需要的东西。
运行 也不需要默认用户 rails 的容器,只要您以 rails 用户身份启动服务器即可: sudo -u rails /usr/bin/start-server(或类似的东西)。
我个人还没有使用过 litdistco-base 镜像,所以不知道它是如何工作的。
我认为您需要按以下方式修改 litdistco-base 图像,以便两个目录都属于 rails:
# Start from LitDistCo base image
FROM litdistco-base
MAINTAINER Mark Bennett <mark@burmis.ca>
RUN mkdir -p /rails/log
RUN mkdir -p /rails/public/system
RUN chown -R rails:rails /rails/log /rails/public/system
USER rails
# Setup volumes used in production
VOLUME ["/rails/log", "/rails/public/system"]
# Build the application assets
WORKDIR /rails
RUN /bin/bash -l -c "touch /rails/log/production.log; chmod 0666 /rails/log/production.log"
RUN /bin/bash -l -c "source /etc/profile.d/rvm.sh; bundle exec rake assets:precompile"