在主机上（可能通过码头组合） [英] chown docker volumes on host (possibly through docker-compose)

问题描述

我有以下示例

 版本：'2'
 
服务：
代理：
容器名：代理
主机名：代理
图像：nginx 
端口：
  -  80:80 
  -  443：443 
卷：
  -  proxy_conf：/ etc / nginx 
  -  proxy_htdocs：/ usr / share / nginx / html 
 
卷：
 proxy_conf：{} 
 proxy_htdocs：{} 
  

哪个工作正常。当我运行 docker-compise up 它会在 / var / lib / docker / volumes 中创建这些命名卷，好。但是，从主机，我只能以root身份访问 / var / lib / docker ，因为它是 root：root （说得通）。我想知道是否有一种方法可以让主机的目录更加明智/安全（比如我用来在主机上做大部分事情的相对非特权的用户） ）或者如果我只需要手动吸收它并且 chown 。我开始有许多脚本已经解决了其他问题，所以额外的几行不会是一个很大的问题，但我真的希望保持自我编写的自动化最小化，如果我可以 - 更少的机会为愚蠢的错误。

顺便说一下，否：如果我挂载主机目录而不是创建卷，它们被覆盖，这意味着如果它们开始空，它们保持为空，并且我没有从容器中获取默认配置（或任何）。

额外的点数：我可以将卷移动到更多方便的位置？说， / home / myuser / myserverstuff / volumes ？

解决方案

最好不要直接访问 / var / lib / docker 内的文件。这些目录意在由docker守护进程管理，不要混淆。

要访问卷内的数据，有很多选项; p>

• 使用一个绑定的目录（你认为，但不符合你的用例）。


• 使用一个服务容器，该容器使用相同的卷并通过该容器访问，例如运行 ssh 的容器（以使用 scp ）或SAMBA容器（例如 svendowideit / samba ）


• 使用卷驱动程序插件 。有各种各样的插件提供各种选择。例如，本地持久插件是一个非常简单的插件，可让您指定其中 docker应存储卷数据（所以在 / var / lib / docker 之外）

I have the following example

version: '2'

services:
  proxy:
    container_name: proxy
    hostname: proxy
    image: nginx
    ports:
      - 80:80
      - 443:443
    volumes:
      - proxy_conf:/etc/nginx
      - proxy_htdocs:/usr/share/nginx/html

volumes:
  proxy_conf: {}
  proxy_htdocs: {}

which works fine. When I run docker-compose up it creates those named volumes in /var/lib/docker/volumes and all is good. However, from the host, I can only access /var/lib/docker as root, because it's root:root (makes sense). I was wondering if there is a way of chowning the host's directories to something more sensible/safe (like, my relatively unprivileged user that I use to do most things on the host) or if I just have to suck it up and chown them manually. I'm starting to have a number of scripts already to work around other issues, so having an extra couple of lines won't be much of a problem, but I'd really like to keep my self-written automation minimal, if I can -- fewer chances for stupid mistakes.

By the way, no: if I mount host directories instead of creating volumes, they get overlaid, meaning that if they start empty, they stay empty, and I don't get the default configuration (or whatever) from inside the container.

Extra points: can I just move the volumes to a more convenient location? Say, /home/myuser/myserverstuff/volumes?

解决方案

It's best to not try to access files inside /var/lib/docker directly. Those directories are meant to be managed by the docker daemon, and not to be messed with.

To access the data inside a volume, there's a number of options;

• use a bind-mounted directory (you considered that, but didn't fit your use case).
• use a "service" container that uses the same volume and makes it accessible through that container, for example a container running ssh (to use scp) or a SAMBA container (such as svendowideit/samba)
• use a volume-driver plugin. there's various plugins around that offer all kind of options. For example, the local persist plugin is a really simple plug-in that allows you to specify where docker should store the volume data (so outside of /var/lib/docker)

这篇关于在主机上（可能通过码头组合）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！