linux - Docker:本地 MySQL 卷的权限被拒绝
问题描述
我是 Docker 新手,我不太了解 Linux。我正在尝试使用Docker构建自己的本地开发环境。我正在使用docker-compose实用程序。我想将 MySQL 数据存储在本地卷中。当我第一次运行docker-compose build
和docker-compose up -d
命令时,没有错误。MySQL 容器中的数据进入本地文件夹。一切都很好,除了一个:当我想更改我的 docker-compose.yml文件并重建容器时,我收到一个错误
vo@vo-ThinkPad-Edge-E330:~/www/test$ docker-compose build
mysql uses an image, skipping
nginx uses an image, skipping
Building app
Traceback (most recent call last):
File "bin/docker-compose", line 3, in <module>
File "compose/cli/main.py", line 67, in main
File "compose/cli/main.py", line 126, in perform_command
File "compose/cli/main.py", line 302, in build
File "compose/project.py", line 468, in build
File "compose/project.py", line 450, in build_service
File "compose/service.py", line 1125, in build
File "docker/api/build.py", line 160, in build
File "docker/utils/build.py", line 30, in tar
File "docker/utils/build.py", line 49, in exclude_paths
File "docker/utils/build.py", line 214, in rec_walk
File "docker/utils/build.py", line 214, in rec_walk
File "docker/utils/build.py", line 214, in rec_walk
[Previous line repeated 1 more time]
File "docker/utils/build.py", line 184, in rec_walk
PermissionError: [Errno 13] Permission denied: '/home/vo/www/test/docker/mysql/dbdata/performance_schema'
[301838] Failed to execute script docker-compose
我发现该文件夹的所有者systemd-coredump
来自root
组。所以我有两种方法:
sudo docker-compose build
- 删除具有权限的/home/vo/www/test/docker/mysql/dbdata文件夹并再次运行。
sudo
docker-compose build
所以,我的问题是:这是应该的还是可以解决权限问题?
我的项目结构:
/
├── docker
│ ├── mysql
│ │ ├── conf
│ │ │ └── my.cnf
│ │ └── dbdata
│ ├── nginx
│ │ └── conf
│ │ └── nginx.conf
│ └── php
│ ├── conf
│ │ └── local.ini
│ ├── config
│ │ └── local.ini
│ └── Dockerfile
├── docker-compose.yml
└── src
我的 docker-compose.yml:
version: "3.7"
services:
#PHP Service
app:
build:
args:
user: laravel
uid: 1000
context: ./
dockerfile: ./docker/php/Dockerfile
image: laravel-image
container_name: laravel
restart: unless-stopped
tty: true
environment:
SERVICE_NAME: app
SERVICE_TAGS: dev
working_dir: /var/www/
volumes:
- ./src:/var/www
- ./docker/php/config/local.ini:/usr/local/etc/php/conf.d/local.ini
networks:
- laravel
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: unless-stopped
tty: true
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: laravel
MYSQL_ROOT_PASSWORD: secret
MYSQL_PASSWORD: secret
MYSQL_USER: laravel
SERVICE_TAGS: dev
SERVICE_NAME: mysql
volumes:
- ./docker/mysql/dbdata:/var/lib/mysql
- ./docker/mysql/conf/my.cnf:/etc/mysql/my.cnf
networks:
- laravel
#Nginx Service
nginx:
image: nginx:1.17-alpine
container_name: nginx
restart: unless-stopped
tty: true
ports:
- "80:80"
- "443:443"
environment:
SERVICE_NAME: nginx
SERVICE_TAGS: dev
volumes:
- ./src:/var/www
- ./docker/nginx/conf:/etc/nginx/conf.d
networks:
- laravel
#Networks
networks:
laravel:
driver: bridge
解决方案
好吧,我发现了一个窍门。在服务卷部分的 docker-compose.yml中,我必须使用命名卷而不是路径。例如,“mysqldbvolume”而不是“ ./docker/mysql/dbdata ”。然后我必须在顶级卷键中定义一个命名卷:
services:
#MySQL Service
mysql:
image: mysql:5.7
...
volumes:
- mysqldbvolume:/var/lib/mysql
- ./docker/mysql/conf/my.cnf:/etc/mysql/my.cnf
...
...
# Volumes
volumes:
mysqldbvolume:
driver: local
那么,我的音量现在在哪里?如果我想查看我的卷列表,我必须运行docker volume ls
:
DRIVER VOLUME NAME
local test_mysqldbvolume
local test_postgresdbvolume
检查音量 - docker volume inspect test_mysqldbvolume
:
[
{
"CreatedAt": "2020-12-17T21:54:53+02:00",
"Driver": "local",
"Labels": {
"com.docker.compose.project": "test",
"com.docker.compose.version": "1.27.4",
"com.docker.compose.volume": "mysqldbvolume"
},
"Mountpoint": "/var/lib/docker/volumes/test_mysqldbvolume/_data",
"Name": "test_mysqldbvolume",
"Options": null,
"Scope": "local"
}
]
所以,路径是“挂载点”:“/var/lib/docker/volumes/test_mysqldbvolume/_data”
与普通用户一起运行ls -la /var/lib/docker/volumes/test_mysqldbvolume/_data
说访问被拒绝。但是,如果我运行,sudo ls -la /var/lib/docker/volumes/test_mysqldbvolume/_data
我会看到我的体积数据:
drwxrwxrwt 6 systemd-coredump systemd-coredump 4096 дек 17 21:54 .
drwxr-xr-x 3 root root 4096 дек 17 21:42 ..
-rw-r----- 1 systemd-coredump systemd-coredump 56 дек 17 21:42 auto.cnf
-rw------- 1 systemd-coredump systemd-coredump 1676 дек 17 21:42 ca-key.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 1112 дек 17 21:42 ca.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 1112 дек 17 21:42 client-cert.pem
-rw------- 1 systemd-coredump systemd-coredump 1680 дек 17 21:42 client-key.pem
-rw-r----- 1 systemd-coredump systemd-coredump 2 дек 17 21:54 ed50eca9e01e.pid
-rw-r----- 1 systemd-coredump systemd-coredump 6093953 дек 17 21:54 general.log
-rw-r----- 1 systemd-coredump systemd-coredump 445 дек 17 21:49 ib_buffer_pool
-rw-r----- 1 systemd-coredump systemd-coredump 79691776 дек 17 21:54 ibdata1
-rw-r----- 1 systemd-coredump systemd-coredump 50331648 дек 17 21:54 ib_logfile0
-rw-r----- 1 systemd-coredump systemd-coredump 50331648 дек 17 21:42 ib_logfile1
-rw-r----- 1 systemd-coredump systemd-coredump 12582912 дек 17 21:54 ibtmp1
drwxr-x--- 2 systemd-coredump systemd-coredump 4096 дек 17 21:47 laravel
drwxr-x--- 2 systemd-coredump systemd-coredump 4096 дек 17 21:42 mysql
drwxr-x--- 2 systemd-coredump systemd-coredump 4096 дек 17 21:42 performance_schema
-rw------- 1 systemd-coredump systemd-coredump 1680 дек 17 21:42 private_key.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 452 дек 17 21:42 public_key.pem
-rw-r--r-- 1 systemd-coredump systemd-coredump 1112 дек 17 21:42 server-cert.pem
-rw------- 1 systemd-coredump systemd-coredump 1680 дек 17 21:42 server-key.pem
drwxr-x--- 2 systemd-coredump systemd-coredump 12288 дек 17 21:42 sys
最重要的是,权限错误消失了。
推荐阅读
- c# - 是否可以创建连接到另一个 websocket 的 websocket 服务器?
- jodatime - 为什么 kotlinx-datetime 存在?或者:为什么数据时间库如此依赖于平台?
- azure - Azure DevOps API - 如何引用其他管道作为资源参数
- typescript - 如何避免 VSCode 自动补全中的省略号?
- javascript - ReactJS:如何检测 XHR 请求之间的网络空闲
- android - 当应用程序关闭和锁定屏幕时,让 Flutter 保持清醒以接收来自 Firebase 消息的通知
- r - 使用现有因子级别有条件地更改某些行中的值,可能在 dplyr
- listview - 如何使用 jQuery mobile 更改一个类并将其保存在导航菜单中
- java - TextView 在 FragmentStateAdapter 中不显示全文
- python - TensorFlow 1.3 中的 GRU