在主机上(可能通过码头组合) [英] chown docker volumes on host (possibly through docker-compose)
问题描述
我有以下示例
版本:'2'
服务:
代理:
容器名:代理
主机名:代理
图像:nginx
端口:
- 80:80
- 443:443
卷:
- proxy_conf:/ etc / nginx
- proxy_htdocs:/ usr / share / nginx / html
卷:
proxy_conf:{}
proxy_htdocs:{}
哪个工作正常。当我运行 docker-compise up
它会在 / var / lib / docker / volumes
中创建这些命名卷,好。但是,从主机,我只能以root身份访问 / var / lib / docker
,因为它是 root:root
(说得通)。我想知道是否有一种方法可以让主机的目录更加明智/安全(比如我用来在主机上做大部分事情的相对非特权的用户) )或者如果我只需要手动吸收它并且 chown
。我开始有许多脚本已经解决了其他问题,所以额外的几行不会是一个很大的问题,但我真的希望保持自我编写的自动化最小化,如果我可以 - 更少的机会为愚蠢的错误。
顺便说一下,否:如果我挂载主机目录而不是创建卷,它们被覆盖,这意味着如果它们开始空,它们保持为空,并且我没有从容器中获取默认配置(或任何)。
额外的点数:我可以将卷移动到更多方便的位置?说, / home / myuser / myserverstuff / volumes
?
最好不要直接访问 / var / lib / docker
内的文件。这些目录意在由docker守护进程管理,不要混淆。
要访问卷内的数据,有很多选项; p>
- 使用一个绑定的目录(你认为,但不符合你的用例)。
- 使用一个服务容器,该容器使用相同的卷并通过该容器访问,例如运行
ssh
的容器(以使用scp
)或SAMBA容器(例如 svendowideit / samba ) - 使用卷驱动程序插件 。有各种各样的插件提供各种选择。例如,本地持久插件是一个非常简单的插件,可让您指定其中 docker应存储卷数据(所以在
/ var / lib / docker
之外)
I have the following example
version: '2'
services:
proxy:
container_name: proxy
hostname: proxy
image: nginx
ports:
- 80:80
- 443:443
volumes:
- proxy_conf:/etc/nginx
- proxy_htdocs:/usr/share/nginx/html
volumes:
proxy_conf: {}
proxy_htdocs: {}
which works fine. When I run docker-compose up
it creates those named volumes in /var/lib/docker/volumes
and all is good. However, from the host, I can only access /var/lib/docker
as root, because it's root:root
(makes sense). I was wondering if there is a way of chown
ing the host's directories to something more sensible/safe (like, my relatively unprivileged user that I use to do most things on the host) or if I just have to suck it up and chown
them manually. I'm starting to have a number of scripts already to work around other issues, so having an extra couple of lines won't be much of a problem, but I'd really like to keep my self-written automation minimal, if I can -- fewer chances for stupid mistakes.
By the way, no: if I mount host directories instead of creating volumes, they get overlaid, meaning that if they start empty, they stay empty, and I don't get the default configuration (or whatever) from inside the container.
Extra points: can I just move the volumes to a more convenient location? Say, /home/myuser/myserverstuff/volumes
?
It's best to not try to access files inside /var/lib/docker
directly. Those directories are meant to be managed by the docker daemon, and not to be messed with.
To access the data inside a volume, there's a number of options;
- use a bind-mounted directory (you considered that, but didn't fit your use case).
- use a "service" container that uses the same volume and makes it accessible through that container, for example a container running
ssh
(to usescp
) or a SAMBA container (such as svendowideit/samba) - use a volume-driver plugin. there's various plugins around that offer all kind of options. For example, the local persist plugin is a really simple plug-in that allows you to specify where docker should store the volume data (so outside of
/var/lib/docker
)
这篇关于在主机上(可能通过码头组合)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!