阅读这些链接:
- https://docs.docker.com/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes
- Backing up data volume containers off machine
我的理解是我可以拿一个数据卷容器并归档它的备份。 但是阅读第一个链接我似乎无法让它工作。
docker create -v /sonatype-work --name sonatype-work sonatype/nexus /bin/true
我使用以下方法在容器中启动 sonatype/nexus 图像:
--volumes-from sonatype-nexus
很好,运行 nexus 后,我检查数据量,我可以看到创建的内部结构,然后停止并删除 nexus 并重新启动,所有更改都已保存。
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f84abb054d2e sonatype/nexus "/bin/sh -c 'java -" 22 seconds ago Up 21 seconds 0.0.0.0:8081->8081/tcp nexus
1aea2674e482 sonatype/nexus "/bin/true" 25 seconds ago Created sonatype-work
我现在想备份 sonatype-work,但没有成功。
[root@ansible22 ~]# pwd
/root
[root@ansible22 ~]# docker run --volumes-from sonatype-work -v $(pwd):/backup ubuntu tar cvf /backup/sonatype-work-backup.tar /sonatype-work
tar: /backup/sonatype-work-backup.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
我试过以 -u root 运行,我也试过:
/root/sonatype-work-backup.tar
执行此操作时,我可以看到它去皮,但看不到 tar 文件。根据这个例子和我的理解,我认为那是不对的。
谁能看出我做错了什么?
编辑:Linux 版本信息
Fedora release 22 (Twenty Two)
NAME=Fedora
VERSION="22 (Twenty Two)"
ID=fedora
VERSION_ID=22
PRETTY_NAME="Fedora 22 (Twenty Two)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:22"
HOME_URL="https://fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=22
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=22
PRIVACY_POLICY_URL=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
VARIANT="Server Edition"
VARIANT_ID=server
Fedora release 22 (Twenty Two)
Fedora release 22 (Twenty Two)
最佳答案
原因与selinux标签有关。有几个很好的 Project Atomic 页面:
The default type for a confined container process is svirt_lxc_net_t. This type is permitted to read and execute all files types under /usr and most types under /etc. svirt_lxc_net_t is permitted to use the network but is not permitted to read content under /var, /home, /root, /mnt … svirt_lxc_net_t is permitted to write only to files labeled svirt_sandbox_file_t and docker_var_lib_t. All files in a container are labeled by default as svirt_sandbox_file_t.
然后在Using Volumes with Docker can Cause Problems with SELinux :
This will label the content inside the container with the exact MCS label that the container will run with, basically it runs
chcon -Rt svirt_sandbox_file_t -l s0:c1,c2 /var/db
where s0:c1,c2 differs for each container.
(在这种情况下不是 /var/db
而是 /root
)
If you volume mount a image with -v /SOURCE:/DESTINATION:z docker will automatically relabel the content for you to s0. If you volume mount with a Z, then the label will be specific to the container, and not be able to be shared between containers.
所以 z
或 Z
都适合这种情况,但通常人们可能更喜欢 Z
来隔离。
关于Docker 数据卷容器。我似乎无法备份,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33192786/