如何在保留所有者和权限的同时从数据容器装载卷?
我正在使用Fig并尝试使用数据卷容器在Rails Web服务器和另一个容器中运行的Resque工作器之间共享上传的文件。 为此,数据卷容器定义了用于共享这些文件的/rails/public/system卷。 Rails和Resque进程作为rails用户在各自的容器中运行,这两个容器都是基于markb/litdistco映像的。 一起fig.yml看起来像这样:
redis: image: redis:2.8.17 volumes_from: - file web: image: markb/litdistco command: /usr/bin/start-server /opt/nginx/sbin/nginx ports: - 80:8000 - 443:4430 environment: DATABASE_URL: links: - redis volumes_from: - file worker: image: markb/litdistco command: /usr/bin/start-server "bundle exec rake environment resque:work QUEUE=litdistco_offline RAILS_ENV=production" environment: DATABASE_URL: links: - redis volumes_from: - file file: image: markb/litdistco command: echo "datastore" volumes: - /var/redis - /rails/log - ./config/container/ssl:/etc/ssl
当web和worker容器运行时,我可以在两个目录中看到/rails/public/system目录,但是它们在两个容器中都是由root用户拥有的, root的权限阻止了rails用户写入这个目录。
作为参考,有两个Dockerfiles进入制作markb/litdistco容器。 第一个定义了我用于本地开发的基本镜像( Dockerfile ):
# This Dockerfile is based on the excellent blog post by SteveLTN: # # http://steveltn.me/blog/2014/03/15/deploy-rails-applications-using-docker/ # # KNOWN ISSUES: # # * Upgrading passenger or ruby breaks nginx directives with absolute paths # Start from Ubuntu base image FROM ubuntu:14.04 MAINTAINER Mark Bennett <mark@burmis.ca> # Update package sources RUN apt-get -y update # Install basic packages RUN apt-get -y install build-essential libssl-dev curl # Install basics RUN apt-get -y install tmux vim RUN apt-get install -y libcurl4-gnutls-dev # Install libxml2 for nokogiri RUN apt-get install -y libxslt-dev libxml2-dev # Install mysql-client RUN apt-get -y install mysql-client libmysqlclient-dev # Add RVM key and install requirements RUN command curl -sSL https://rvm.io/mpapis.asc | gpg --import - RUN curl -sSL https://get.rvm.io | bash -s stable RUN /bin/bash -l -c "rvm requirements" # Create rails user which will run the app RUN useradd rails --home /rails --groups rvm # Create the rails users home and give them permissions RUN mkdir /rails RUN chown rails /rails RUN mkdir -p /rails/public/system RUN chown rails /rails/public/system # Add configuration files in repository to filesystem ADD config/container/start-server.sh /usr/bin/start-server RUN chown rails /usr/bin/start-server RUN chmod +x /usr/bin/start-server # Make a directory to contain nginx and give rails user permission RUN mkdir /opt/nginx RUN chown rails /opt/nginx # Switch to rails user that will run app USER rails # Install rvm, ruby, bundler WORKDIR /rails ADD ./.ruby-version /rails/.ruby-version RUN echo "gem: --no-ri --no-rdoc" > /rails/.gemrc RUN /bin/bash -l -c "rvm install `cat .ruby-version`" RUN /bin/bash -l -c "gem install bundler --no-ri --no-rdoc" # Install nginx RUN /bin/bash -l -c "gem install passenger --no-ri --no-rdoc" RUN /bin/bash -l -c "passenger-install-nginx-module" ADD config/container/nginx-sites.conf.TEMPLATE /opt/nginx/conf/nginx.conf.TEMPLATE ADD config/container/set-nginx-paths.sh /rails/set-nginx-paths.sh RUN /bin/bash -l -c "source /rails/set-nginx-paths.sh" # Copy the Gemfile and Gemfile.lock into the image. # Temporarily set the working directory to where they are. WORKDIR /tmp ADD Gemfile Gemfile ADD Gemfile.lock Gemfile.lock # bundle install RUN /bin/bash -l -c "bundle install" # Add rails project to project directory ADD ./ /rails # set WORKDIR WORKDIR /rails # Make sure rails has the right owner USER root RUN chown -R rails:rails /rails # Publish ports EXPOSE 3000 EXPOSE 4430 EXPOSE 8000
这被标记为基于litdistco-base图像,然后我使用config/containers/production/Dockerfile来生成标记为markb/litdistco的图像,并在分期和生产中运行。
# Start from LitDistCo base image FROM litdistco-base MAINTAINER Mark Bennett <mark@burmis.ca> USER rails # Setup volumes used in production VOLUME ["/rails/log", "/rails/public/system"] # Build the application assets WORKDIR /rails RUN /bin/bash -l -c "touch /rails/log/production.log; chmod 0666 /rails/log/production.log" RUN /bin/bash -l -c "source /etc/profile.d/rvm.sh; bundle exec rake assets:precompile"
任何人都可以解释如何让数据容器卷安装为由rails用户写入。 我非常想避免以root身份运行任何Ruby进程,即使在一个容器内。
对于某些情况下,我还应该提到,我正在Mac OS X上的boot2docker中开发Docker中的映像,然后在Ubuntu 14.04主机上的Google Compute Engine实例上运行这些映像。 谢谢!
我会修改你的形象一点点。 编写一个shell脚本,将/ usr / bin / start-server命令封装在你的fig.yml文件中,并放在你的容器中。
然后,您可以在启动服务器之前更新所需的任何内容。
用一个默认的用户栏运行容器也不是真的需要,只要你以rails用户启动服务器:sudo -u rails / usr / bin / start-server(或类似的东西)。
个人还没有使用litdistco基础的形象,所以不知道它是如何工作的所有细节。