在多次`docker-compose up`&之后，如何保证docker主机卷具有正确的权限?`docker-compose-down` [英] how can i guarantee docker host volume have the right permission after multiple `docker-compose up` & `docker-compose-down`

问题描述

我正在开发一个使用Postgres作为其数据库的Node.js应用程序.我写了一个"docker-compose.yml"Node.js&的文件Postgres.

我创建pgdata目录，然后编写Dockerfile来构建Node.js映像:

  FROM节点:14.15.0WORKDIR"/usr/src/app"CMD ["npm"，开始")] 

这就是我写"docker-compose.yml"的方式文件:

  version:"3.7"；服务:D b:图片:postgres:13env_file:-./.env.postgres数量:-类型:绑定来源:./pgdata目标:/var/lib/postgresql/data体积:nocopy:正确环境:PGD​​ATA:/var/lib/postgresql/data/pgdatacontainer_name:$ {APP_NAME} -db快递应用:图片:$ {APP_NAME} -express-app:1建造:语境: .dockerfile:./Dockerfile数量:-类型:绑定来源: .目标:/usr/src/app体积:nocopy:正确env_file:-./.env-./.env.postgres取决于:- D b端口:-" $ {APP_PORT}:$ {DOCKER_CONTAINER_APP_PORT}"环境:POSTGRES_HOST:数据库 

然后我通过运行以下命令启动我的应用程序: docker-compose up --build ，一切正常.docker构建映像并创建其容器.我的应用程序运行良好，但是当我删除其图像(出于某些原因，使用node.js图像)并运行 docker-compose up --build 命令时，它将为我抛出此错误:

 使用本机版本构建.在Compose中了解有关本机构建的信息:https://docs.docker.com/go/compose-native-build/建立Express-App错误检查上下文:无法统计"/home/project1/pgdata/pgdata".错误:服务"express-app"构建失败 

然后，我意识到docker在挂载目录(pgdata)内创建了一个目录

所以我用'ls -ltrha'检查它的权限，这是输出:

 总计12Kdrwxr-xr-x 3 mjb mjb 4.0K 2月20日12:34.drwx ------ 19 systemd-coredump根目录4.0K 2月20日12:34 pgdatadrwxr-xr-x 6 mjb mjb 4.0K 2月21日12:19 .. 

解决方案

构建Docker映像时，您提供的上下文目录(通常是当前目录)将发送到Docker守护程序进行构建.这样做的目的是能够将上下文目录中的文件 COPY 复制到Docker映像中，因此您可以拥有一个独立的映像，该映像可以运行而无需单独安装应用程序代码.

在您的设置中，数据库内容存储在 ./pgdata 中，因此您将目录的子目录用作构建上下文.该目录中的数据将由数据库容器中的用户拥有，该用户通常与主机用户不是同一用户(没关系).但是现在由于另一个用户拥有 ./pgdata 目录，因此映像构建序列无法将构建上下文目录发送到Docker守护程序，因此会出现错误.

您可以创建 .dockerignore 文件告诉Docker从映像构建中排除数据库数据(无论如何，您都永远不会希望在映像中使用数据库数据).将此文件与 Dockerfile 和 docker-compose.yml 文件放在同一目录中.它可以只包含

 <代码>#.dockerignore#不要将主机的node_modules复制到映像中；我们将运行npm installnode_modules#根本不将数据库存储复制到映像中pgdata 

I am developing a Node.js app that uses Postgres as its database. I write a "docker-compose.yml" file for Node.js & Postgres.

I create pgdata directory, Then I write my Dockerfile to build Node.js image:

FROM node:14.15.0

WORKDIR "/usr/src/app"

CMD [ "npm", "start" ]

And this is how I write my "docker-compose.yml" file:

version: "3.7"
services:
  db:
    image: postgres:13
    env_file:
      - ./.env.postgres
    volumes:
      - type: bind
        source: ./pgdata
        target: /var/lib/postgresql/data
        volume:
          nocopy: true
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
    container_name: ${APP_NAME}-db

  express-app:
    image: ${APP_NAME}-express-app:1
    build:
      context: .
      dockerfile: ./Dockerfile
    volumes:
      - type: bind
        source: .
        target: /usr/src/app
        volume:
          nocopy: true
    env_file:
      - ./.env
      - ./.env.postgres
    depends_on:
      - db
    ports:
      - "${APP_PORT}:${DOCKER_CONTAINER_APP_PORT}"
    environment:
      POSTGRES_HOST: db

And then I start my app by running this command: docker-compose up --build and everything was OK. docker build image and create its containers. My app works fine but when I remove its image (node.js image, for some reasons), and run the docker-compose up --build command it throws this error for me:

Building with native build. Learn about native build in Compose here: https://docs.docker.com/go/compose-native-build/
Building express-app
error checking context: 'can't stat '/home/project1/pgdata/pgdata''.
ERROR: Service 'express-app' failed to build

And after that, I realize that docker create a directory inside the mounted directory (pgdata)

So I check it permission with 'ls -ltrha' and this is the output:

total 12K
drwxr-xr-x  3 mjb              mjb  4.0K FEB   20 12:34 .
drwx------ 19 systemd-coredump root 4.0K FEB   20 12:34 pgdata
drwxr-xr-x  6 mjb              mjb  4.0K FEB   21 12:19 ..

解决方案

When you build a Docker image, the context directory you give (typically the current directory) is sent to the Docker daemon to build. The goal of this is to be able to COPY files from the context directory into the Docker image, so you can have a self-contained image that can run without separately needing the application code mounted in.

In your setup, the database content is stored in ./pgdata, so a subdirectory of the directory you're using as a build context. The data in that directory will be owned by the user in the database container, which frequently won't be the same user as the host user (and that's okay). But now since a different user owns the ./pgdata directory, the image build sequence can't send the build context directory to the Docker daemon, hence the error you get.

You can create a .dockerignore file to tell Docker to exclude the database data from the image build (you will never want this in your image no matter what). Put this in the same directory as the Dockerfile and docker-compose.yml file. It can contain just

# .dockerignore
# Do not copy host's node_modules into the image; we will RUN npm install
node_modules
# Do not copy database storage into the image at all
pgdata

这篇关于在多次`docker-compose up`&之后，如何保证docker主机卷具有正确的权限?`docker-compose-down`的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！