1. 首頁
  2. 問答
  3. 爲什麼在Docker編譯期間所做的所有更改在運行時不可用?

爲什麼在Docker編譯期間所做的所有更改在運行時不可用?

2017-07-27 17 views
1

我想製作一個Docker鏡像,它只是MongoDB原始鏡像以及在數據庫上配置的管理員用戶帳戶。我的目標是簡單地在auth模式下啓動一個帶有mongo實例的容器,然後使用mongo admin -u root -p root登錄到它。爲什麼在Docker編譯期間所做的所有更改在運行時不可用?

這是我的Dockerfile

FROM mongo:latest 

RUN mongod --fork --logpath /var/log/mongodb.log \ 
    && mongo admin --eval " \ 
     db.createUser({ user: 'root', pwd: 'root', roles: [ 'root' ]}); \ 
     db.shutdownServer() \ 
    " 

CMD ["mongod", "--auth"]

這是在相同的目錄中Dockerfile執行docker build --tag lvbarbosa/task-db .命令的輸出:

Sending build context to Docker daemon 2.048kB 
Step 1/3 : FROM mongo:latest 
latest: Pulling from library/mongo 
5233d9aed181: Pull complete 
5bbfc055e8fb: Pull complete 
aaf85a329dc4: Pull complete 
1360aef7d266: Pull complete 
9cb9d47c5d80: Pull complete 
80e12bf92c3c: Pull complete 
fd3679b936e6: Pull complete 
5cb080b90ae5: Pull complete 
46cf38664c75: Pull complete 
59693a4ecb90: Pull complete 
dff9fc3b430d: Pull complete 
Digest: sha256:90b78c44a58d6d927f96baabea3212d8c756017846715b630044aefcabcab2eb 
Status: Downloaded newer image for mongo:latest 
---> 6833171fe0ad 
Step 2/3 : RUN mongod --fork --logpath /var/log/mongodb.log  && mongo admin --eval "   db.createUser({ user: 'root', pwd: 'root', roles: [ 'root' ]});   db.shutdownServer()  " 
---> Running in 6c1a5530b7b6 
about to fork child process, waiting until server is ready for connections. 
forked process: 10 
child process started successfully, parent exiting 
MongoDB shell version v3.4.6 
connecting to: mongodb://127.0.0.1:27017/admin 
MongoDB server version: 3.4.6 
Successfully added user: { "user" : "root", "roles" : [ "root" ] } 
server should be down... 
---> 82fa5430003c 
Removing intermediate container 6c1a5530b7b6 
Step 3/3 : CMD mongod 
---> Running in 42f240f05661 
---> 90ec29686438 
Removing intermediate container 42f240f05661 
Successfully built 90ec29686438 
Successfully tagged lvbarbosa/task-db:latest

接下來,創建使用與圖像的容器docker run --detach --publish 27017:27017 --name task-db lvbarbosa/task-db。當我嘗試使用我的主機終端和命令mongo admin -u root -p root連接到實例時,登錄失敗。我收到一個user not found錯誤消息。

看起來,在構建期間對UFS所做的更改不會持久。但是,如何在構建期間將數據下載/複製到FS中,並且它在上層可用,並且數據庫文件的更改不是?我很困惑。這是從啓動時間到嘗試失敗記錄的完整容器日誌。

2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=86b7b24efed4 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten] db version v3.4.6 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten] git version: c55eb86ef46ee7aede3b1e2a5d184a7df4bfb5b5 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1t 3 May 2016 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten] allocator: tcmalloc 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten] modules: none 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten] build environment: 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten]  distmod: debian81 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten]  distarch: x86_64 
2017-07-27T13:20:47.687+0000 I CONTROL [initandlisten]  target_arch: x86_64 
2017-07-27T13:20:47.688+0000 I CONTROL [initandlisten] options: { security: { authorization: "enabled" } } 
2017-07-27T13:20:47.690+0000 I STORAGE [initandlisten] 
2017-07-27T13:20:47.690+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 
2017-07-27T13:20:47.690+0000 I STORAGE [initandlisten] **   See http://dochub.mongodb.org/core/prodnotes-filesystem 
2017-07-27T13:20:47.690+0000 I STORAGE [initandlisten] wiredtiger_open config: create,cache_size=3474M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0), 
2017-07-27T13:20:47.719+0000 I FTDC  [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data' 
2017-07-27T13:20:47.727+0000 I INDEX [initandlisten] build index on: admin.system.version properties: { v: 2, key: { version: 1 }, name: "incompatible_with_version_32", ns: "admin.system.version" } 
2017-07-27T13:20:47.727+0000 I INDEX [initandlisten]  building index using bulk method; build may temporarily use up to 500 megabytes of RAM 
2017-07-27T13:20:47.728+0000 I INDEX [initandlisten] build index done. scanned 0 total records. 0 secs 
2017-07-27T13:20:47.728+0000 I COMMAND [initandlisten] setting featureCompatibilityVersion to 3.4 
2017-07-27T13:20:47.728+0000 I NETWORK [thread1] waiting for connections on port 27017 
2017-07-27T13:20:48.963+0000 I NETWORK [thread1] connection accepted from 172.17.0.1:45804 #1 (1 connection now open) 
2017-07-27T13:20:48.963+0000 I NETWORK [conn1] received client metadata from 172.17.0.1:45804 conn1: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.6" }, os: { type: "Darwin", name: "Mac OS X", architecture: "x86_64", version: "17.0.0" } } 
2017-07-27T13:20:48.970+0000 I ACCESS [conn1] SCRAM-SHA-1 authentication failed for root on admin from client 172.17.0.1:45804 ; UserNotFound: Could not find user [email protected] 
2017-07-27T13:20:48.972+0000 I -  [conn1] end connection 172.17.0.1:45804 (1 connection now open)

Mongo的原始Dockerfile存在於它們的github中。

我已經做了一些研究,有些人提到了在數據庫階段使用的「臨時文件系統」,這就是爲什麼變化沒有被持久化。因此,我應該讓用戶在運行時添加功能,而不是構建時間。但是在編譯時應該有一種方法來配置它,不應該在那裏?

來源

2017-07-27 Lucas Viana

回答

1

我猜想修改是在/data/db/data/configdb中進行的。但由於基數mongodb的圖像中,這些文件夾是declared as VOLUME,並據此向documentation

改變從Dockerfile內的空間:如果任何構建步驟更改卷中的數據已經被宣佈後,這些更改將被丟棄。

來源

2017-07-27 13:18:45 zigarn

+0

這樣做很有意義。我認爲這是與'去除中間容器6c1a5530b7b6'步驟有關的東西。你知道是否有另一種方式在構建時添加用戶,而不需要從Linux映像創建一個全新的Dockerfile並在VOLUME聲明之前下載/設置所有內容? –

+0

我想你必須在啓動基於mongodb映像的容器後執行此操作:https://docs.docker.com/samples/mongo/#authentication-and-authorization – zigarn

相關問題

 相關問題