Docker：本地 MySQL 卷的权限被拒绝

Question

我是 Docker 新手，不太了解 Linux。我正在尝试使用Docker构建自己的本地开发环境。I\xe2\x80\x99m 使用docker-compose实用程序。我想将 MySQL 数据存储在本地卷中。当我第一次运行docker-compose build和docker-compose up -d命令时，没有错误。来自 MySQL 容器的数据进入本地文件夹。一切正常，除了一个：当我想更改docker-compose.yml文件并重建容器时，出现错误

\n

vo@vo-ThinkPad-Edge-E330:~/www/test$ docker-compose build\nmysql uses an image, skipping\nnginx uses an image, skipping\nBuilding app\nTraceback (most recent call last):\n  File "bin/docker-compose", line 3, in <module>\n  File "compose/cli/main.py", line 67, in main\n  File "compose/cli/main.py", line 126, in perform_command\n  File "compose/cli/main.py", line 302, in build\n  File "compose/project.py", line 468, in build\n  File "compose/project.py", line 450, in build_service\n  File "compose/service.py", line 1125, in build\n  File "docker/api/build.py", line 160, in build\n  File "docker/utils/build.py", line 30, in tar\n  File "docker/utils/build.py", line 49, in exclude_paths\n  File "docker/utils/build.py", line 214, in rec_walk\n  File "docker/utils/build.py", line 214, in rec_walk\n  File "docker/utils/build.py", line 214, in rec_walk\n  [Previous line repeated 1 more time]\n  File "docker/utils/build.py", line 184, in rec_walk\nPermissionError: [Errno 13] Permission denied: '/home/vo/www/test/docker/mysql/dbdata/performance_schema'\n[301838] Failed to execute script docker-compose\n

\n

我发现该文件夹的所有者systemd-coredump来自root组。所以我有2种方法：

\n

\n
1. sudo docker-compose build
\n
2. 删除具有权限的/home/vo/www/test/docker/mysql/dbdata文件夹sudo并docker-compose build再次运行。
\n

\n

所以，我的问题是：这是应该的样子还是可以解决权限问题？

\n

我的项目结构：

\n

/\n\xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 docker\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 mysql\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 conf\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 my.cnf\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 dbdata\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 nginx\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 conf\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x82\xc2\xa0\xc2\xa0     \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 nginx.conf\n\xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 php\n\xe2\x94\x82\xc2\xa0\xc2\xa0     \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 conf\n\xe2\x94\x82\xc2\xa0\xc2\xa0     \xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 local.ini\n\xe2\x94\x82\xc2\xa0\xc2\xa0     \xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 config\n\xe2\x94\x82\xc2\xa0\xc2\xa0     \xe2\x94\x82\xc2\xa0\xc2\xa0 \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 local.ini\n\xe2\x94\x82\xc2\xa0\xc2\xa0     \xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 Dockerfile\n\xe2\x94\x9c\xe2\x94\x80\xe2\x94\x80 docker-compose.yml\n\xe2\x94\x94\xe2\x94\x80\xe2\x94\x80 src\n

\n

我的docker-compose.yml：

\n

version: "3.7"\nservices:\n  \n  #PHP Service\n  app:\n    build:\n      args:\n        user: laravel\n        uid: 1000\n      context: ./\n      dockerfile: ./docker/php/Dockerfile\n    image: laravel-image\n    container_name: laravel\n    restart: unless-stopped\n    tty: true\n    environment:\n      SERVICE_NAME: app\n      SERVICE_TAGS: dev  \n    working_dir: /var/www/\n    volumes:\n      - ./src:/var/www\n      - ./docker/php/config/local.ini:/usr/local/etc/php/conf.d/local.ini\n    networks:\n      - laravel\n  \n  #MySQL Service  \n  mysql:\n    image: mysql:5.7\n    container_name: mysql\n    restart: unless-stopped\n    tty: true\n    ports:\n      - "3306:3306"\n    environment:\n      MYSQL_DATABASE: laravel\n      MYSQL_ROOT_PASSWORD: secret\n      MYSQL_PASSWORD: secret\n      MYSQL_USER: laravel\n      SERVICE_TAGS: dev\n      SERVICE_NAME: mysql\n    volumes:\n      - ./docker/mysql/dbdata:/var/lib/mysql\n      - ./docker/mysql/conf/my.cnf:/etc/mysql/my.cnf  \n    networks:\n      - laravel\n  \n  #Nginx Service\n  nginx:\n    image: nginx:1.17-alpine\n    container_name: nginx\n    restart: unless-stopped\n    tty: true\n    ports:\n      - "80:80"\n      - "443:443"\n    environment:\n      SERVICE_NAME: nginx\n      SERVICE_TAGS: dev        \n    volumes:\n      - ./src:/var/www\n      - ./docker/nginx/conf:/etc/nginx/conf.d\n    networks:\n      - laravel    \n\n#Networks\nnetworks:\n  laravel:\n    driver: bridge\n

\n

Answer 1

好吧，我发现了一个窍门。在服务卷部分的docker-compose.yml中，我必须使用命名卷而不是路径。例如，“mysqldbvolume”而不是“ ./docker/mysql/dbdata ”。然后我必须在顶层定义一个命名卷卷键中定义一个命名卷：

\n

services: \n  #MySQL Service  \n  mysql:\n    image: mysql:5.7\n    ...\n    volumes:\n      - mysqldbvolume:/var/lib/mysql\n      - ./docker/mysql/conf/my.cnf:/etc/mysql/my.cnf\n    ...\n\n...\n\n# Volumes\nvolumes:\n  mysqldbvolume:\n    driver: local\n

\n

那么，我的音量现在在哪里？如果我想查看我的卷列表，我必须运行docker volume ls：

\n

DRIVER    VOLUME NAME\nlocal     test_mysqldbvolume\nlocal     test_postgresdbvolume\n

\n

检查体积 -docker volume inspect test_mysqldbvolume：

\n

[\n    {\n        "CreatedAt": "2020-12-17T21:54:53+02:00",\n        "Driver": "local",\n        "Labels": {\n            "com.docker.compose.project": "test",\n            "com.docker.compose.version": "1.27.4",\n            "com.docker.compose.volume": "mysqldbvolume"\n        },\n        "Mountpoint": "/var/lib/docker/volumes/test_mysqldbvolume/_data",\n        "Name": "test_mysqldbvolume",\n        "Options": null,\n        "Scope": "local"\n    }\n]\n

\n

所以，路径是“Mountpoint”：“/var/lib/docker/volumes/test_mysqldbvolume/_data”

\n

使用普通用户运行ls -la /var/lib/docker/volumes/test_mysqldbvolume/_data表示访问被拒绝。但如果我跑sudo ls -la /var/lib/docker/volumes/test_mysqldbvolume/_data我会看到我的体积数据：

\n

drwxrwxrwt 6 systemd-coredump systemd-coredump     4096 \xd0\xb4\xd0\xb5\xd0\xba 17 21:54 .\ndrwxr-xr-x 3 root             root                 4096 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 ..\n-rw-r----- 1 systemd-coredump systemd-coredump       56 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 auto.cnf\n-rw------- 1 systemd-coredump systemd-coredump     1676 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 ca-key.pem\n-rw-r--r-- 1 systemd-coredump systemd-coredump     1112 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 ca.pem\n-rw-r--r-- 1 systemd-coredump systemd-coredump     1112 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 client-cert.pem\n-rw------- 1 systemd-coredump systemd-coredump     1680 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 client-key.pem\n-rw-r----- 1 systemd-coredump systemd-coredump        2 \xd0\xb4\xd0\xb5\xd0\xba 17 21:54 ed50eca9e01e.pid\n-rw-r----- 1 systemd-coredump systemd-coredump  6093953 \xd0\xb4\xd0\xb5\xd0\xba 17 21:54 general.log\n-rw-r----- 1 systemd-coredump systemd-coredump      445 \xd0\xb4\xd0\xb5\xd0\xba 17 21:49 ib_buffer_pool\n-rw-r----- 1 systemd-coredump systemd-coredump 79691776 \xd0\xb4\xd0\xb5\xd0\xba 17 21:54 ibdata1\n-rw-r----- 1 systemd-coredump systemd-coredump 50331648 \xd0\xb4\xd0\xb5\xd0\xba 17 21:54 ib_logfile0\n-rw-r----- 1 systemd-coredump systemd-coredump 50331648 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 ib_logfile1\n-rw-r----- 1 systemd-coredump systemd-coredump 12582912 \xd0\xb4\xd0\xb5\xd0\xba 17 21:54 ibtmp1\ndrwxr-x--- 2 systemd-coredump systemd-coredump     4096 \xd0\xb4\xd0\xb5\xd0\xba 17 21:47 laravel\ndrwxr-x--- 2 systemd-coredump systemd-coredump     4096 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 mysql\ndrwxr-x--- 2 systemd-coredump systemd-coredump     4096 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 performance_schema\n-rw------- 1 systemd-coredump systemd-coredump     1680 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 private_key.pem\n-rw-r--r-- 1 systemd-coredump systemd-coredump      452 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 public_key.pem\n-rw-r--r-- 1 systemd-coredump systemd-coredump     1112 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 server-cert.pem\n-rw------- 1 systemd-coredump systemd-coredump     1680 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 server-key.pem\ndrwxr-x--- 2 systemd-coredump systemd-coredump    12288 \xd0\xb4\xd0\xb5\xd0\xba 17 21:42 sys\n

\n

最重要的是，权限错误消失了。

\n