如何允许具有只读根文件系统的容器写入 tmpfs-volume?
How to allow Container with read only root filesystem writing to tmpfs-volume?
我有以下问题:
我的 nginx 容器以只读根文件系统开始,我配置了两个 tmpfs 挂载:/var/run 和 /var/cache/nginx 就像那里描述的那样:https://hub.docker.com/_/nginx
启动时 nginx 抛出这个错误并且容器停止:
2021/08/26 06:31:16 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" 失败(30:只读文件系统)
这是我的 ecs 任务配置:
{
"name": "nginx",
"essential": false,
"readonlyRootFilesystem": true,
"healthCheck": {
"command": [
"CMD-SHELL",
"curl --fail 127.0.0.1 || exit 1"
],
"interval": 30,
"timeout": 2,
"retries": 3
},
"memory": 256,
"image": "###########.dkr.ecr.eu-central-1.amazonaws.com/nginx:${NGINX_VER}",
"dockerLabels":
{
"Name": "nginx",
"Component": "sidecar-prometheus",
"App-Version": "${NGINX_VER}"
},
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "${LOG_GROUP_NAME}",
"awslogs-region": "eu-central-1",
"awslogs-stream-prefix": "${LOG_GROUP_NAME}"
}
},
"portMappings": [
{
"containerPort": 10000,
"hostPort": 10000,
"protocol": "tcp"
}
],
"mountPoints": [
{
"readOnly": false,
"containerPath": "/config",
"sourceVolume": "VolumeConfig"
}
],
"tmpfs": {
"containerPath": "/var/run",
"size": "50",
"mountOptions": "rw"
},
"tmpfs": {
"containerPath": "/var/cache/nginx",
"size": "50",
"mountOptions": "rw"
},
如何使 /var/cache/nginx 挂载 rw?
非常感谢您的帮助!
查看 documentation,tmpfs 接受 Array of Tmpfs objects。
您似乎传递了两次 tmpfs,而不是传递一个数组。正确传递数组应该有效:
"tmpfs": [
{
"containerPath": "/var/run",
"size": "50",
"mountOptions": "rw"
},
{
"containerPath": "/var/cache/nginx",
"size": "50",
"mountOptions": "rw"
}
]
答案是配置错误!
这里是正确的方法,tmpfs 必须包含在 linuxParameters 中:
"linuxParameters": {
"tmpfs": [
{
"containerPath": "/var/log/nginx",
"mountOptions": [ "rw" ],
"size": 50
},
{
"mountOptions": [ "rw" ],
"containerPath": "/run",
"size": 10
},
{
"mountOptions": [ "rw"],
"containerPath": "/var/cache/nginx",
"size": 10
},
{
"mountOptions": [ "rw"],
"containerPath": "/tmp",
"size": 10
}
]
}
我有以下问题:
我的 nginx 容器以只读根文件系统开始,我配置了两个 tmpfs 挂载:/var/run 和 /var/cache/nginx 就像那里描述的那样:https://hub.docker.com/_/nginx
启动时 nginx 抛出这个错误并且容器停止: 2021/08/26 06:31:16 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" 失败(30:只读文件系统)
这是我的 ecs 任务配置:
{
"name": "nginx",
"essential": false,
"readonlyRootFilesystem": true,
"healthCheck": {
"command": [
"CMD-SHELL",
"curl --fail 127.0.0.1 || exit 1"
],
"interval": 30,
"timeout": 2,
"retries": 3
},
"memory": 256,
"image": "###########.dkr.ecr.eu-central-1.amazonaws.com/nginx:${NGINX_VER}",
"dockerLabels":
{
"Name": "nginx",
"Component": "sidecar-prometheus",
"App-Version": "${NGINX_VER}"
},
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "${LOG_GROUP_NAME}",
"awslogs-region": "eu-central-1",
"awslogs-stream-prefix": "${LOG_GROUP_NAME}"
}
},
"portMappings": [
{
"containerPort": 10000,
"hostPort": 10000,
"protocol": "tcp"
}
],
"mountPoints": [
{
"readOnly": false,
"containerPath": "/config",
"sourceVolume": "VolumeConfig"
}
],
"tmpfs": {
"containerPath": "/var/run",
"size": "50",
"mountOptions": "rw"
},
"tmpfs": {
"containerPath": "/var/cache/nginx",
"size": "50",
"mountOptions": "rw"
},
如何使 /var/cache/nginx 挂载 rw?
非常感谢您的帮助!
查看 documentation,tmpfs 接受 Array of Tmpfs objects。
您似乎传递了两次 tmpfs,而不是传递一个数组。正确传递数组应该有效:
"tmpfs": [
{
"containerPath": "/var/run",
"size": "50",
"mountOptions": "rw"
},
{
"containerPath": "/var/cache/nginx",
"size": "50",
"mountOptions": "rw"
}
]
答案是配置错误!
这里是正确的方法,tmpfs 必须包含在 linuxParameters 中:
"linuxParameters": {
"tmpfs": [
{
"containerPath": "/var/log/nginx",
"mountOptions": [ "rw" ],
"size": 50
},
{
"mountOptions": [ "rw" ],
"containerPath": "/run",
"size": 10
},
{
"mountOptions": [ "rw"],
"containerPath": "/var/cache/nginx",
"size": 10
},
{
"mountOptions": [ "rw"],
"containerPath": "/tmp",
"size": 10
}
]
}