Question

我正在尝试制作一个Docker镜像，它只是MongoDB原始图像加上在数据库上配置的管理员用户帐户。我的目标是在auth模式下简单地启动一个带有mongo实例的容器，然后使用mongo admin -u root -p root登录它。

这是我的Dockerfile：

FROM mongo:latest

RUN mongod --fork --logpath /var/log/mongodb.log \
    && mongo admin --eval " \
        db.createUser({ user: 'root', pwd: 'root', roles: [ 'root' ]}); \
        db.shutdownServer() \
    "

CMD ["mongod", "--auth"]

这是与docker build --tag lvbarbosa/task-db .在同一目录中执行的Dockerfile命令的输出：

Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM mongo:latest
latest: Pulling from library/mongo
5233d9aed181: Pull complete 
5bbfc055e8fb: Pull complete 
aaf85a329dc4: Pull complete 
1360aef7d266: Pull complete 
9cb9d47c5d80: Pull complete 
80e12bf92c3c: Pull complete 
fd3679b936e6: Pull complete 
5cb080b90ae5: Pull complete 
46cf38664c75: Pull complete 
59693a4ecb90: Pull complete 
dff9fc3b430d: Pull complete 
Digest: sha256:90b78c44a58d6d927f96baabea3212d8c756017846715b630044aefcabcab2eb
Status: Downloaded newer image for mongo:latest
 ---> 6833171fe0ad
Step 2/3 : RUN mongod --fork --logpath /var/log/mongodb.log     && mongo admin --eval "         db.createUser({ user: 'root', pwd: 'root', roles: [ 'root' ]});         db.shutdownServer()     "
 ---> Running in 6c1a5530b7b6
about to fork child process, waiting until server is ready for connections.
forked process: 10
child process started successfully, parent exiting
MongoDB shell version v3.4.6
connecting to: mongodb://127.0.0.1:27017/admin
MongoDB server version: 3.4.6
Successfully added user: { "user" : "root", "roles" : [ "root" ] }
server should be down...
 ---> 82fa5430003c
Removing intermediate container 6c1a5530b7b6
Step 3/3 : CMD mongod
 ---> Running in 42f240f05661
 ---> 90ec29686438
Removing intermediate container 42f240f05661
Successfully built 90ec29686438
Successfully tagged lvbarbosa/task-db:latest

接下来，我使用docker run --detach --publish 27017:27017 --name task-db lvbarbosa/task-db创建一个包含该图像的容器。当我尝试使用主机终端和命令mongo admin -u root -p root连接到实例时，登录失败。我收到user not found错误消息。

看起来在构建期间对UFS所做的更改不会保留。但是为什么我可以在构建期间将数据下载/复制到FS中，并且它在上层可用，而对数据库文件的更改不是？我很迷惑。这是完整的容器日志，从启动时到尝试失败登录。

2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten] MongoDB starting : pid=1 port=27017 dbpath=/data/db 64-bit host=86b7b24efed4
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten] db version v3.4.6
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten] git version: c55eb86ef46ee7aede3b1e2a5d184a7df4bfb5b5
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten] OpenSSL version: OpenSSL 1.0.1t  3 May 2016
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten] allocator: tcmalloc
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten] modules: none
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten] build environment:
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten]     distmod: debian81
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten]     distarch: x86_64
2017-07-27T13:20:47.687+0000 I CONTROL  [initandlisten]     target_arch: x86_64
2017-07-27T13:20:47.688+0000 I CONTROL  [initandlisten] options: { security: { authorization: "enabled" } }
2017-07-27T13:20:47.690+0000 I STORAGE  [initandlisten] 
2017-07-27T13:20:47.690+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2017-07-27T13:20:47.690+0000 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2017-07-27T13:20:47.690+0000 I STORAGE  [initandlisten] wiredtiger_open config: create,cache_size=3474M,session_max=20000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal,compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-07-27T13:20:47.719+0000 I FTDC     [initandlisten] Initializing full-time diagnostic data capture with directory '/data/db/diagnostic.data'
2017-07-27T13:20:47.727+0000 I INDEX    [initandlisten] build index on: admin.system.version properties: { v: 2, key: { version: 1 }, name: "incompatible_with_version_32", ns: "admin.system.version" }
2017-07-27T13:20:47.727+0000 I INDEX    [initandlisten]      building index using bulk method; build may temporarily use up to 500 megabytes of RAM
2017-07-27T13:20:47.728+0000 I INDEX    [initandlisten] build index done.  scanned 0 total records. 0 secs
2017-07-27T13:20:47.728+0000 I COMMAND  [initandlisten] setting featureCompatibilityVersion to 3.4
2017-07-27T13:20:47.728+0000 I NETWORK  [thread1] waiting for connections on port 27017
2017-07-27T13:20:48.963+0000 I NETWORK  [thread1] connection accepted from 172.17.0.1:45804 #1 (1 connection now open)
2017-07-27T13:20:48.963+0000 I NETWORK  [conn1] received client metadata from 172.17.0.1:45804 conn1: { application: { name: "MongoDB Shell" }, driver: { name: "MongoDB Internal Client", version: "3.4.6" }, os: { type: "Darwin", name: "Mac OS X", architecture: "x86_64", version: "17.0.0" } }
2017-07-27T13:20:48.970+0000 I ACCESS   [conn1] SCRAM-SHA-1 authentication failed for root on admin from client 172.17.0.1:45804 ; UserNotFound: Could not find user root@admin
2017-07-27T13:20:48.972+0000 I -        [conn1] end connection 172.17.0.1:45804 (1 connection now open)

Mongo的原始Dockerfile出现在他们的github。

中

我做了一些研究，有些人提到在数据库阶段使用的“短暂文件系统”，这就是为什么没有持续更改的原因。因此，我应该让用户在运行时添加功能，而不是在构建时添加功能。但是应该有一种方法可以在构建期间配置它，不应该吗？

Answer 1

我猜这个修改是在/data/db或/data/configdb中进行的。但是在基础mongodb图像中，这些文件夹为declared as VOLUME，因此对应documentation：

更改Dockerfile中的卷：如果任何构建步骤在声明后更改了卷中的数据，那么这些更改将被丢弃。

为什么在Docker构建期间所做的所有更改在运行时都不可用？

1 个答案: