如何在使用docker-compose时用容器内的主机用户修改卷文件
我有一个docker-composepipe理的docker-container,启动时会运行一个build脚本,将一堆文件添加到一个映射到host文件夹的卷上,因为容器总是以root用户身份运行,父文件夹,我怎么能设置docker-compose,使得创build的文件将由在docker上构build的用户在host文件系统上由同一个用户创build?
docker – 撰写文件
version: "2" services: # Data API and authentication/authorization api: build: context: ../api/ dockerfile: Dockerfile.dev hostname: api depends_on: - db - redis environment: - CORS_ORIGIN=http://localhost:3000,http://localhost:3001 - DATABASE_URL=postgres://postgres@db:5432/dev - DATABASE_DEBUG=false - REDIS_URL=redis://redis:6379/0 - SESSION_SECRET=wZjwhFtzQsd7r87W6AZw45Sm - FACEBOOK_ID=1821424564802638 - FACEBOOK_SECRET=2339bdf25f236a42fc3a18280bf455e8 - GOOGLE_ID=xxxxx.apps.googleusercontent.com - GOOGLE_SECRET=xxxxx - TWITTER_KEY=xxxxx - TWITTER_SECRET=xxxxx ports: - "8080:8080" - "127.0.0.1:9229:9229" # V8 inspector for tools/run.js - "127.0.0.1:9230:9230" # V8 inspector for src/server.js volumes: - yarn:/home/node/.cache/yarn - ../api/:/usr/src/app command: node tools/run.js # or, `node --inspect=0.0.0.0:9229 tools/run.js` # SQL and document data store db: image: postgres:9.6.5-alpine read_only: true tmpfs: - /tmp - /var/run/postgresql volumes: - db:/var/lib/postgresql/data - ./postgres-initdb.sh:/docker-entrypoint-initdb.d/initdb.sh # ports: # - "127.0.0.1:5432:5432" # you can override it via docker-compose.override.yml # Distributed in-memory cache redis: image: redis:4.0.2-alpine read_only: true volumes: - redis:/data volumes: db: redis: yarn: dockerfile.dev上的api目录
FROM node:8.6.0-alpine # Set a working directory WORKDIR /usr/src/app # If you have native dependencies, you'll need extra tools RUN apk add --no-cache make g++ python2 libsodium-dev && \ npm install -g node-gyp && \ mkdir -p /home/node/.cache/yarn && \ chown -R node:node /home/node/.cache/yarn && \ chmod 777 /home/node/.cache/yarn VOLUME /home/node/.cache/yarn
没有简单的方法来做到这一点,但是你可以在主机用户拥有相同的用户和组ID的容器内创build一个用户。 你可以在docker-compose build使用构build参数来做到这一点。
在dockerfile中
ARG UID ARG GID RUN groupadd -g $GID %group_name% && useradd -u $UID -g $GID --create-home -s /bin/bash %user_name% USER %user_name%
在docker-compose.yml中
version: "2" services: api: build: context: ../api/ dockerfile: Dockerfile.dev args: UID: %your uid% GID: %you gid%
更新1(自动化)
为了使这个过程更容易多个用户,你可以自动化一下。
在docker-compose.yml中,你可以使用像这样的variablesreplace :
version: "2" services: api: build: context: ../api/ dockerfile: Dockerfile.dev args: UID: ${UID_VAR} GID: ${GID_VAR}
比你可以编写脚本,它生成.env文件在回购为特定用户(假设它的名字是init.sh):
echo "UID_VAR=`id -u $USER`" > .env && echo "GID_VAR=`id -g $USER` >> .env
所以每个用户都会这样做:
git clone repo cd repo ./init.sh # generates .env docker-compose build # earch user is have to build container because of GID and UID docker-compose up