Pav*_*nes 2 environment-variables docker dockerfile docker-compose
核心问题是,当容器创建持久性文件时,它们实际上由 root 拥有,并且需要我输入 sudo 密码才能删除。我希望所有容器都以我的用户身份运行,或者至少以一种可以删除容器创建的临时文件的方式运行。看这个最小的例子:
\n# docker-compose.yml\nversion: "2.2"\nservices:\n app:\n build: .\n container_name: app\n environment:\n - UID=${UID}\n - GID=${GID}\n - USER=${USER}\n# Dockerfile\nFROM alpine\n\nRUN apk update\nRUN apk upgrade\nRUN apk add shadow\n\nRUN useradd -G root,wheel -u ${UID} -g ${GID} -s /bin/ash -d /home/${USER} ${USER}\nUSER ${USER}\nCMD /bin/ash\n# output\n\xe2\x9d\xaf docker-compose up -d --remove-orphans --build\n[+] Building 0.4s (8/8) FINISHED \n => [internal] load build definition from Dockerfile 0.0s\n => => transferring dockerfile: 212B 0.0s\n => [internal] load .dockerignore 0.0s\n => => transferring context: 32B 0.0s\n => [internal] load metadata for docker.io/library/alpine:latest 0.0s\n => [1/5] FROM docker.io/library/alpine 0.0s\n => CACHED [2/5] RUN apk update 0.0s\n => CACHED [3/5] RUN apk upgrade 0.0s\n => CACHED [4/5] RUN apk add shadow 0.0s\n => ERROR [5/5] RUN useradd -G root,wheel -u ${UID} -g ${GID} -s /bin/ash -d /home/${USER} ${USER} 0.3s\n------\n > [5/5] RUN useradd -G root,wheel -u ${UID} -g ${GID} -s /bin/ash -d /home/${USER} ${USER}:\n#0 0.325 useradd: invalid user ID \'-g\'\n------\nfailed to solve: executor failed running [/bin/sh -c useradd -G root,wheel -u ${UID} -g ${GID} -s /bin/ash -d /home/${USER} ${USER}]: exit code: 3\n该useradd命令失败,因为未设置任何环境变量。这意味着正在运行的命令是/bin/sh -c useradd -G root,wheel -u -g -s /bin/ash -d /home。
将环境添加到 docker-compose.yml 文件,这正是我在这里所做的。
\n\n我还尝试在命令前面添加环境变量,docker-compose如下docker build所示:
UID=$UID GID=$GID USER=$USER docker-compose up --build --remove-orphans -d\n和
\nUID=1000 GID=1000 USER=myusername docker-compose up --build --remove-orphans -d\n只是为了更好地衡量,我还尝试在里面使用版本 3docker-compose.yml
我还尝试将环境变量放入 .env 文件中
\nUSER=myusername\nGID=1000\nUID=1000\n因此,我正在寻找为什么它没有收到任何内容的解释以及尝试解决方案的建议。
\n正如建议尝试的-u选项:
\xe2\x9d\xaf docker build -t abc -u "$(id -u):$(id -g)" -f Dockerfile .\nunknown shorthand flag: \'u\' in -u\nSee \'docker build --help\'.\n\xe2\x9d\xaf docker build --help\n\nUsage: docker build [OPTIONS] PATH | URL | -\n\nBuild an image from a Dockerfile\n\nOptions:\n --add-host list Add a custom host-to-IP mapping (host:ip)\n --build-arg list Set build-time variables\n --cache-from strings Images to consider as cache sources\n --cgroup-parent string Optional parent cgroup for the container\n --compress Compress the build context using gzip\n --cpu-period int Limit the CPU CFS (Completely Fair Scheduler) period\n --cpu-quota int Limit the CPU CFS (Completely Fair Scheduler) quota\n -c, --cpu-shares int CPU shares (relative weight)\n --cpuset-cpus string CPUs in which to allow execution (0-3, 0,1)\n --cpuset-mems string MEMs in which to allow execution (0-3, 0,1)\n --disable-content-trust Skip image verification (default true)\n -f, --file string Name of the Dockerfile (Default is \'PATH/Dockerfile\')\n --force-rm Always remove intermediate containers\n --iidfile string Write the image ID to the file\n --isolation string Container isolation technology\n --label list Set metadata for an image\n -m, --memory bytes Memory limit\n --memory-swap bytes Swap limit equal to memory plus swap: \'-1\' to enable unlimited swap\n --network string Set the networking mode for the RUN instructions during build (default "default")\n --no-cache Do not use cache when building the image\n --pull Always attempt to pull a newer version of the image\n -q, --quiet Suppress the build output and print image ID on success\n --rm Remove intermediate containers after a successful build (default true)\n --security-opt strings Security options\n --shm-size bytes Size of /dev/shm\n -t, --tag list Name and optionally a tag in the \'name:tag\' format\n --target string Set the target build stage to build.\n --ulimit ulimit Ulimit options (default [])\n\xe2\x9d\xaf lsb_release -a\nLSB Version: n/a\nDistributor ID: ManjaroLinux\nDescription: Manjaro Linux\nRelease: 21.3.0\nCodename: Ruah\n\xe2\x9d\xaf docker --version\nDocker version 20.10.16, build aa7e414fdc\n\xe2\x9d\xaf docker-compose --version\nDocker Compose version 2.6.0\n当您构建图像时,只有build:块的内容可用。该environment:块在 Dockerfile 内不可用,volumes:挂载 或networks:(包括自动networks: [default])也不可用。
ARG原则上,您可以通过在 Dockerfile 中声明这些参数并将它们传递到build: { args: }Compose 文件中来使 Dockerfile 工作。
但是,“哪个用户正在运行此容器”并不是您通常想要构建到映像中的内容 \xe2\x80\x93 想象一下,只要有人拥有不同的用户名或用户 ID,就必须从源重建工具。您可以使用 Composeuser:指令使容器以您在运行时选择的不同用户 ID 运行。出于共享文件的目的,这通常需要是数字用户 ID( 的输出id -u)。您无需为此在图像中进行任何设置。用户不会存在于容器的/etc/passwd文件中,但这样做的唯一后果通常是某些交互式 shell 提示中的外观投诉。
version: "2.2"\nservices:\n app:\n build: .\n user: 1000\n # volumes:\n # - ./app_data:/data\n在 Dockerfile 中,我建议设置一个专用目录来保存应用程序的可写数据(如果需要的话)。创建非 root 用户是一个很好的做法,但它不需要特定的 uid。保留大多数文件归 root 所有且其他用户不可写入;不RUN chown或RUN chmod。上面显示的挂载volumes:将用主机目录替换容器目录,包括其(数字)所有权。
FROM alpine\n\n# Create the non-root user (BusyBox adduser syntax)\nRUN adduser -S -D -H nonroot\n\n# ... do the normal things to install and build your application ...\n# (still as root; do not chown the files)\n\n# Create the data directory\nRUN mkdir /data && chown nonroot /data\n\n# Switch to the non-root user only to run the actual container\nUSER nonroot\nCMD ["the_program"]\n| 归档时间: |
|
| 查看次数: |
9863 次 |
| 最近记录: |