在卷上对CNB Docker映像进行写访问 [英] Write access on volume for CNB Docker image
问题描述
我正在开发一个应将其迁移到docker容器(用于在服务器上作为systemd服务运行)的Spring Boot应用程序该应用程序在文件系统上读写可配置的路径-现在让我们假设它是/var/mypath
I am working on a spring boot application that should be migrated into a docker container (used to run as a systemd service on a server)
The app reads and writes a configurable path on the file system - lets for now assume it is /var/mypath
我使用了springs gradle插件中的 bootBuildImage
任务构建了一个docker镜像.它使用了看起来是默认的构建器映像,即 gcr.io/paketo-buildpacks/builder
来构建应用程序映像.
I built a docker image using the bootBuildImage
task from springs gradle plugin. it used what appears to be the default builder image, namely gcr.io/paketo-buildpacks/builder
to build the application image.
因此,在docker compose文件中,我定义了一个堆栈,其中包含(不重要的)mysql数据库和spring boot应用程序,如下所示:
Consequently, in a docker compose file, I defined a stack, with the (unimportant) mysql db and the spring boot app like this:
version: "3.8"
services:
backend_db:
container_name: "backend_db"
image: "mariadb:latest"
# ...
backend_app:
depends_on:
- "backend_db"
container_name: "backend_app"
image: "myImageName:latest"
restart: always
ports:
- 8080:8080
volumes:
- "app:/var/mypath"
environment:
# mysql data etc...
volumes:
db:
app:
当我使用 docker-compose up
启动它时,spring-boot应用程序没有对/var/mypath
的写权限.我发现,显然CNB构建使spring应用程序以用户 cnb
的身份运行.我想,该卷是作为root创建的,只有root具有对此卷的写访问权.
When I start it up with docker-compose up
, the spring-boot application does not have write access on /var/mypath
.
I figured out, that apparently the CNB build makes the spring application run as user cnb
.
I suppose, the volume is created as root and only root has write access to it.
手动小丑方法似乎不是最佳选择,因为我希望能够仅在服务器上 docker-compose up
并完成操作,而不是手动地但无论如何都要反复进行:我尝试从容器内 chown
到cnb用户的卷没有成功:
The manual-chown approach seems suboptimal, since I would have expected to be able to just docker-compose up
on a server and be done, instead of manually chowning around but anyways:
I have tried to chown
the volume to the cnb user from within the container without success:
chown cnb/var/mypath/chown:更改"/var/mypath/"的所有权:不允许操作
chown cnb /var/mypath/ chown: changing ownership of '/var/mypath/': Operation not permitted
如何确定Spring Boot应用程序可以写入该卷?
How can I make sure, that the spring boot application can write the volume?
推荐答案
我毕竟设法对卷进行了chown/chgrp-我的错误是它不能在容器内工作(没有sudo)-但它可以工作从外部使用docker exec,指定root用户:
I managed to chown/chgrp the volume after all - my mistake was that it does not work from within the container (there is no sudo) - but it works from outside using docker exec, specifying the root user:
docker exec -u 0 -it backend_app chown cnb /var/mypath
docker exec -u 0 -it backend_app chgrp cnb /var/mypath
用户@Stuck还通过创建另一个docker-image层提出了一种更精细的方法:可以`bootBuildImage`创建可写卷?
User @Stuck also suggested a more elaborate approach by creating another docker-image layer: can `bootBuildImage` create writeable volumes?
Spring的Andy Wilkinson指出,这是Docker的一个普遍问题-因此,如果将来出现其他解决方案,我很高兴对此问题进行更新.
Andy Wilkinson from Spring pointed out that this is a general Docker issue - so if some other solution pops up in the future, I'm glad to update this question.
这篇关于在卷上对CNB Docker映像进行写访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!