对于当前的工作方案,我有两个需要共享数据的容器。第一个容器是flask应用程序,它对数据做一些工作并创建日志文件。另一个容器是R Shiny应用程序,它充当应用程序的状态仪表板,并且在需要时,用户还可以通过在仪表板本身上提供密钥来直接查看日志文件。在这里,我的问题是从闪亮的仪表板容器访问日志文件时,拒绝权限错误被抛出。我已经在两个容器上安装了相同的卷,还尝试向所有者授予闪亮的应用程序容器权限,但是容器仍然无法访问文件,而我可以在主机位置访问相同的文件。是否缺少我需要在容器之间共享卷的授权的东西,或者闪亮的应用程序有任何问题?请提供可能的解决方案。
Docker组成的文件。 用于应用程序的Docker-compose文件:
version: '3.7'
services:
app:
container_name: app
image: mlengine
networks:
- network1
build:
context: .
dockerfile: DockerfileEngine
volumes:
- ./logs_n_status:/root/project/logs_n_status
#- logData:/root/project/logs_n_status
ports:
- 7011:3000
expose:
- "3000"
Docker组成文件以显示闪亮的仪表板:
# docker-compose.yml
version: '3.7'
services:
dashboard:
container_name: dashboard
image: mlapidashboard
networks:
- network1
build:
context: .
dockerfile: DockerfileRTD
volumes:
- /home/mlprod/dmda/testAPI/logs_n_status:/root/project/logs_n_status
#--volumes-from Container4:ro
#- logData:/root/project/logs_n_status:ro
ports:
- 9000:3838
networks:
network1:
#volumes:
# logData:
DockerfileEngine:
FROM ubuntu:18.04
RUN apt-get --fix-missing update && apt-get --fix-broken install && apt-get install -y poppler-utils && apt-get install -y tesseract-ocr && \
apt-get install -y libtesseract-dev && apt-get install -y libleptonica-dev && ldconfig && apt-get install -y python3.6 && \
apt-get install -y python3-pip && apt install -y libsm6 libxext6
RUN apt-get update && \
apt-get install -y openjdk-8-jdk && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/oracle-jdk8-installer;
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
RUN export JAVA_HOME
WORKDIR /root/
RUN mkdir /root/project
WORKDIR /root/project
RUN mkdir /root/project/processingDirectory
ADD requirements.txt .
RUN pip3 install -r ./requirements.txt
COPY ./xxxx xxxx
RUN python3 ./nltkDownloader.py
CMD ["gunicorn", "-t", "999999", "--bind", "0.0.0.0:3000", "wsgi:app"]
DockerfileDashboard:
FROM rocker/shiny:3.5.1
RUN apt-get update && apt-get install libcurl4-openssl-dev libv8-3.14-dev libsasl2-dev libssl-dev -y &&\
mkdir -p /var/lib/shiny-server/bookmarks/shiny
RUN R -e "install.packages(c('mongolite', 'dplyr', 'jsonlite', 'ggplot2', 'grid', 'gridExtra', 'DT', 'data.table', 'httr', 'shiny'))"
RUN mkdir /root/project
RUN mkdir /root/project/logs_n_status
COPY ./RealTimeDashboard /srv/shiny-server/RealTimeDashboard
RUN chmod -R 755 /srv/shiny-server/
RUN chmod -R 777 /root/project/logs_n_status
EXPOSE 3838
CMD ["/usr/bin/shiny-server.sh"]
答案 0 :(得分:1)
问题是rocker/shiny使用shiny作为用户(src),而另一个应用程序使用root生成日志(并且它们可能设置了特殊特权)
闪亮的用户的UID = 999。 如何提取它:
$ docker run -it --rm rocker/shiny bash
root@536f2edc5768:/usr/bin# su - shiny
$ id
uid=999(shiny) gid=999(shiny) groups=999(shiny)
为解决您的问题,我将DockerfileEngine更改如下:
FROM ubuntu:18.04
RUN apt-get --fix-missing update && apt-get --fix-broken install && apt-get install -y poppler-utils && apt-get install -y tesseract-ocr && \
apt-get install -y libtesseract-dev && apt-get install -y libleptonica-dev && ldconfig && apt-get install -y python3.6 && \
apt-get install -y python3-pip && apt install -y libsm6 libxext6
RUN apt-get update && \
apt-get install -y openjdk-8-jdk && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/oracle-jdk8-installer;
RUN useradd -ms /bin/bash -u 999 theuser
RUN mkdir -p /project \
&& chown -R theuser /project
USER theuser
WORKDIR /project
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
RUN export JAVA_HOME
RUN mkdir /project/processingDirectory
ADD requirements.txt .
RUN pip3 install -r ./requirements.txt
COPY --chown=theuser ./xxxx xxxx
RUN python3 ./nltkDownloader.py
CMD ["gunicorn", "-t", "999999", "--bind", "0.0.0.0:3000", "wsgi:app"]
确保两个容器都可以写入已安装的文件夹。