我被困在在Elastic Beanstalk上运行的docker容器内访问nfs4共享.
Netshare已启动并在运行Docker容器的EC2实例上运行.在实例上手动安装nfs共享是可行的,我可以毫无问题地访问EC2实例上的共享.
但是,当我运行容器时,尝试挂载nfs4卷时,文件没有出现在容器内.
我做这个首先,在Docker主机上启动netshare守护程序:
sudo ./docker-volume-netshare nfs
INFO[0000] == docker-volume-netshare :: Version: 0.18 - Built: 2016-05-27T20:14:07-07:00 ==
INFO[0000] Starting NFS Version 4 :: options: ''
然后,在Docker主机上,启动Docker容器.使用-v创建安装nfs4共享的卷:
sudo docker run --volume-driver=nfs -v ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com/home/ec2-user/nfs-share/templates:/home/ec2-user/xxx -ti aws_beanstalk/current-app /bin/bash
root@0a0c3de8a97e:/usr/src/app#
根据netshare守护程序,该方法有效:
INFO[0353] Mounting NFS volume ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com:/home/ec2-user/nfs-share/templates on /var/lib/docker-volumes/netshare/nfs/ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com/home/ec2-user/nfs-share/templates
因此,我尝试在新启动的容器中列出/ home / ec2-user / xxx的内容-但它为空?
root@0a0c3de8a97e:/usr/src/app# ls /home/ec2-user/xxx/
root@0a0c3de8a97e:/usr/src/app#
奇怪的是,nfs卷已正确安装在主机上:
[ec2-user@ip-xxx-xxx-xxx-xxx ~]$sudo ls -lh /var/lib/docker-volumes/netshare/nfs/ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com/home/ec2-user/nfs-share/templates | head -3
total 924K
drwxr-xr-x 5 ec2-user ec2-user 4,0K 29. Dez 14:12 file1
drwxr-xr-x 4 ec2-user ec2-user 4,0K 9. Mai 17:20 file2
这可能是权限问题吗? nfs服务器和客户端都使用ec2-user用户/组. docker容器以root身份运行.
我想念什么?
更新
如果我以–privileged模式启动容器,则可以在容器内部直接安装nfs共享:
sudo docker run --privileged -it aws_beanstalk/current-app /bin/bash
mount -t nfs4 ec2-xxxx-xxxx-xxxx-xxxx.us-west-2.compute.amazonaws.com:/home/ec2-user/nfs-share/templates /mnt/
ls -lh /mnt | head -3
total 924K
drwxr-xr-x 5 500 500 4.0K Dec 29 14:12 file1
drwxr-xr-x 4 500 500 4.0K May 9 17:20 file2
不幸的是,这无法解决问题,因为Elastic Beanstalk不允许特权容器(与ECS不同).
更新2
这是另一个解决方法:
>将主机上的nfs共享挂载到/ target
>在主机上重启docker
>运行容器docker run -it -v / target:/ mnt image / bin / bash
/ mnt现在已按预期填充.
@sebastian的“ UPDATE 2”让我步入正轨(感谢@sebastian).
但是对于像我一样可能通过Google提出此问题的其他人,这正是我能够自动在Elastic Beanstalk上挂载EFS(NFSv4)文件系统并将其提供给容器的方式.
添加此.config文件:
# .ebextensions/01-efs-mount.config
commands:
01umount:
command: umount /mnt/efs
ignoreErrors: true
02mkdir:
command: mkdir /mnt/efs
ignoreErrors: true
03mount:
command: mount -t nfs4 -o vers=4.1 $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone).EFS_FILE_SYSTEM_ID.efs.AWS_REGION.amazonaws.com:/ /mnt/efs
04restart-docker:
command: service docker stop && service docker start
05restart-ecs:
command: docker start ecs-agent
然后eb部署.部署完成后,SSH到您的EB EC2实例并验证它是否有效:
ssh ec2-user@YOUR_INSTANCE_IP
ls -la /mnt/efs
您应该在EFS文件系统中看到文件.但是,您仍然需要验证安装在容器内是否可读写.
sudo docker run -v /mnt/efs:/nfs debian:jessie ls -la /nfs
您应该看到相同的文件列表.
sudo docker run -v /mnt/efs:/nfs debian:jessie touch /nfs/hello
sudo docker run -v /mnt/efs:/nfs debian:jessie ls -la /nfs
您应该看到文件列表以及新的hello文件.
ls -la /mnt/efs
您还应该在容器外部看到hello文件.
最后,这是在Dockerrun.aws.json中使用-v / mnt / efs:/ nfs的方法.
{
"AWSEBDockerrunVersion": 2,"containerDefinitions": [
{
"image": "AWS_ID.dkr.ecr.AWS_REGION.amazonaws.com/myimage:latest","memory": 128,"mountPoints": [
{
"containerPath": "/nfs","sourceVolume": "efs"
}
],"name": "myimage"
}
],"volumes": [
{
"host": {
"sourcePath": "/mnt/efs"
},"name": "efs"
}
]
}
