使用gcsfuse挂载google存储时Docker构建失败

Question

我一直在尝试将SQL和一个存储桶挂载到我的docker WordPress容器中。它似乎挂载SQL成功，但挂载存储桶失败。该实例基于this post的。

我已经附加了Docker文件和下面的错误，以及我的构建命令。

Build命令：

docker build -t ic/spm .

Dockerfile：

FROM wordpress
MAINTAINER Gareth Williams <gareth@itinerateconsulting.com>

# Move login creds locally
ADD ./creds.json /creds.json

# install sudo, wget and gcsfuse
ENV GCSFUSE_REPO=gcsfuse-jessie
RUN   apt-get update && \
      apt-get -y install sudo && \
      apt-get install -y curl ca-certificates && \
      echo "deb http://packages.cloud.google.com/apt $GCSFUSE_REPO main" > /etc/apt/sources.list.d/gcsfuse.list && \
      curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
      apt-get update && \
      apt-get install -y gcsfuse wget && \
      apt-get remove -y curl --purge && \
      apt-get autoremove -y && \
      rm -rf /var/lib/apt/lists/*

# Config fuse
RUN chmod a+r /etc/fuse.conf
RUN perl -i -pe 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf

# Setup sql proxy
RUN sudo mkdir /cloudsql
RUN sudo chmod 777 /cloudsql
ADD https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 cloud_sql_proxy.linux.amd64
RUN mv cloud_sql_proxy.linux.amd64 cloud_sql_proxy && chmod +x ./cloud_sql_proxy
RUN ./cloud_sql_proxy -dir=/cloudsql -fuse -credential_file=/creds.json &
# mysql -u icroot -S /cloudsql/[INSTANCE_CONNECTION_NAME]

# Perform Cloud Storage FUSE mounting for uploads folder
RUN mkdir /mnt/uploads
RUN chmod a+w /mnt/uploads
#RUN chown www-data:www-data -R /mnt && groupadd fuse && gpasswd -a www-data fuse && chmod g+rw /dev/fuse
USER www-data
RUN gcsfuse --key-file /creds.json \
  --debug_gcs --debug_http --debug_fuse --debug_invariants \
  --dir-mode "777" -o allow_other spm-bucket /mnt/uploads

错误：

Step 17 : RUN gcsfuse --key-file /creds.json   --foreground --debug_gcs --debug_http --debug_fuse --debug_invariants   --dir-mode "777" -o allow_other spm-bucket /mnt/uploads
 ---> Running in 7e3f31221bee
Using mount point: /mnt/uploads
Opening GCS connection...
Opening bucket...
gcs: Req              0x0: <- ListObjects()
http: ========== REQUEST:
GET http://www.googleapis.com/storage/v1/b/spm-bucket/o?maxResults=1&projection=full HTTP/1.1
Host: www.googleapis.com
User-Agent: gcsfuse/0.0
Authorization: Bearer ya29.ElrQAw8oxClKt8YGvtmxhc7z2Y2LufvL0fBueq1UESjYYjRrdxukNTQqO1qfM8e8h-rqfbOWNSjVK2rCRXVrEDla-CiUVhHwT6X71Y1Djb0jDJg7z3KblgNQPrc
Accept-Encoding: gzip

http: ========== RESPONSE:
HTTP/2.0 200 OK
Content-Length: 31
Alt-Svc: quic=":443"; ma=2592000; v="35,34"
Cache-Control: private, max-age=0, must-revalidate, no-transform
Content-Type: application/json; charset=UTF-8
Date: Wed, 11 Jan 2017 09:19:05 GMT
Expires: Wed, 11 Jan 2017 09:19:05 GMT
Server: UploadServer
Vary: Origin
Vary: X-Origin
X-Guploader-Uploadid: AEnB2UpTqXhtHW906FFDTRsz4FjHjFu_E84wYhvt0zhaVFuMpqSY1fsd1XcrEcpsYBBwX1mqf0ZXRVWJH05ThtDQIfFKHd4PFw

{
 "kind": "storage#objects"
}
http: ====================
gcs: Req              0x0: -> ListObjects() (1.793169206s): OK
Mounting file system...
mountWithArgs: mountWithConn: Mount: mount: running fusermount: exit status 1

stderr:
fusermount: failed to open /dev/fuse: Operation not permitted

Answer 1

如果您在GKE上运行您的容器，并且您想使用gcsfuse，则应该在本地自动继承您的帐户的权限。Also...there是一个警告，您需要确保您运行的集群需要具有存储访问权限。因此，请确保您的群集已将存储权限设置为完全访问。这样，gcsfuse就可以在容器内的GCS上挂载存储桶，而不必担心传递凭据文件和所有stuff...making实现。

在docker file...make中，确保您正在执行apt命令来获取和安装gcsfuse应用程序。

我亲自制作了一个shell脚本，一旦实例启动，我就会调用它，它装载我所需的目录。

就像这样..。

Docker条目

ENTRYPOINT ["/opt/entry.sh"]

entry.sh脚本示例

gcsfuse [gcs bucket name] [local folder to mount as]

在生成GKE集群时，请确保添加存储范围

gcloud container clusters create [your cluster name] --scopes storage-full

希望这对你有帮助。

Answer 2

默认情况下，Docker不允许挂载其他存储(如GCP)。您可以做的是，当使用特权选项运行容器时，您可以使用存储进行挂载。

将此命令放入脚本文件(gcp.sh)并构建docker镜像。

RUN gcsfuse --key-file /creds.json \
  --debug_gcs --debug_http --debug_fuse --debug_invariants \
  --dir-mode "777" -o allow_other spm-bucket /mnt/uploads

gcp.sh：

gcsfuse --key-file /creds.json --debug_gcs --debug_http --debug_fuse --debug_invariants --dir-mode "777" -o allow_other spm-bucket /mnt/uploads

和Dockerfile：

FROM wordpress
MAINTAINER Gareth Williams <gareth@itinerateconsulting.com>

# Move login creds locally
ADD ./creds.json /creds.json

# install sudo, wget and gcsfuse
ENV GCSFUSE_REPO=gcsfuse-jessie
RUN   apt-get update && \
      apt-get -y install sudo && \
      apt-get install -y curl ca-certificates && \
      echo "deb http://packages.cloud.google.com/apt $GCSFUSE_REPO main" > /etc/apt/sources.list.d/gcsfuse.list && \
      curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \
      apt-get update && \
      apt-get install -y gcsfuse wget && \
      apt-get remove -y curl --purge && \
      apt-get autoremove -y && \
      rm -rf /var/lib/apt/lists/*

# Config fuse
RUN chmod a+r /etc/fuse.conf
RUN perl -i -pe 's/#user_allow_other/user_allow_other/g' /etc/fuse.conf

# Setup sql proxy
RUN sudo mkdir /cloudsql
RUN sudo chmod 777 /cloudsql
ADD https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 cloud_sql_proxy.linux.amd64
RUN mv cloud_sql_proxy.linux.amd64 cloud_sql_proxy && chmod +x ./cloud_sql_proxy
RUN ./cloud_sql_proxy -dir=/cloudsql -fuse -credential_file=/creds.json &
# mysql -u icroot -S /cloudsql/[INSTANCE_CONNECTION_NAME]

# Perform Cloud Storage FUSE mounting for uploads folder
RUN mkdir /mnt/uploads
RUN chmod a+w /mnt/uploads
#RUN chown www-data:www-data -R /mnt && groupadd fuse && gpasswd -a www-data fuse && chmod g+rw /dev/fuse
USER www-data
COPY gcp.sh /home
RUN chmod +x /home/gcp.sh
CMD cd /home && ./gcp.sh

最后，在构建镜像之后，使用特权选项docker run --privileged运行容器

Answer 3

您的www-data在dockerfile中有权限问题：

#RUN chown www-data:www-data -R /mnt && groupadd fuse && gpasswd -a www-data fuse && chmod g+rw /dev/fuse

取消此行的注释