All geek questions in one place

Docker-compose tmpfs not working

I have a file for docker file that I am trying to protect by creating the root volumes of the containers that it creates read-only.

Relevant parts of docker-compose.yml :

 version: '2' services: mysql: image: mariadb:10.1 read_only: true tmpfs: - /var/run/mysqld:uid=999,gid=999 - /tmp volumes: - mysql:/var/lib/mysql restart: always volumes: mysql:

The problem is that tmpfs not created. If I run a container instance using docker-compose run --rm mysql /bin/bash , the /var/run/mysqld directory remains read-only, despite writing tmpfs , and any attempt to touch /var/run/mysqld/foo fails with an error. Since MySQL creates its own socket and pid file, this leads to the failure of the whole process. I am not sure why tmpfs entry does not work in this case.

 mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] mysqld (mysqld 10.1.21-MariaDB-1~jessie) starting as process 1 ... mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Using mutexes to ref count buffer pool pages mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: The InnoDB memory heap is disabled mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Compressed tables use zlib 1.2.8 mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Using Linux native AIO mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Using SSE crc32 instructions mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Initializing buffer pool, size = 256.0M mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Completed initialization of buffer pool mysql_1 | 2017-01-27 20:53:45 140515784030144 [Note] InnoDB: Highest supported file format is Barracuda. mysql_1 | 2017-01-27 20:53:48 140515784030144 [Note] InnoDB: 128 rollback segment(s) are active. mysql_1 | 2017-01-27 20:53:48 140515784030144 [Note] InnoDB: Waiting for purge to start mysql_1 | 2017-01-27 20:53:48 140515784030144 [Note] InnoDB: Percona XtraDB (http://www.percona.com) 5.6.34-79.1 started; log sequence number 239403989 mysql_1 | 2017-01-27 20:53:48 140515005662976 [Note] InnoDB: Dumping buffer pool(s) not yet started mysql_1 | 2017-01-27 20:53:48 140515784030144 [Note] Plugin 'FEEDBACK' is disabled. mysql_1 | 2017-01-27 20:53:49 140515784030144 [Note] Server socket created on IP: '::'. mysql_1 | 2017-01-27 20:53:49 140515784030144 [ERROR] Can't start server : Bind on unix socket: Read-only file system mysql_1 | 2017-01-27 20:53:49 140515784030144 [ERROR] Do you already have another mysqld server running on socket: /var/run/mysqld/mysqld.sock ? mysql_1 | 2017-01-27 20:53:49 140515784030144 [ERROR] Aborting

I can verify that the permissions in the directory are correct (and that the mysql user UID is 999):

 $ ls -la /var/run/mysqld total 8 drwxrwxrwx 2 mysql mysql 4096 Jan 17 22:14 . drwxr-xr-x 4 root root 4096 Jan 18 22:55 ..

But I still can't:

 $ touch /var/run/mysqld/foo touch: cannot touch '/var/run/mysqld/foo': Read-only file system

Even if I act as root.

Any ideas what I'm doing wrong?

Aside, the /tmp file system is working fine.

+12
source share
2 answers

I did some tests in this regard, it looks like the /var/run directory is special in docker.

Here is an example configuration and output:

  ubuntu: image: ubuntu command: "bash -c 'mount'" tmpfs: - /var/run - /var/cache

Running docker-compose up ubuntu shows what is being mounted. Can see that /var/cache installed, but /var/run not.

 ... ubuntu_1 | tmpfs on /var/cache type tmpfs (rw,nosuid,nodev,noexec,relatime) ...

If you use docker-compose run ubuntu bash , you can see that it is also installed there, but not /var/run .

The reason is that /var/run usually a symbolic link to /run , and therefore you create /var/run/mysql as tmpfs does not work.

It will work if you change it to /run/mysql , but /run usually mounted as tmpfs, so you can just do /run tmpfs. For instance:

  ubuntu: image: ubuntu command: "bash -c 'mount'" tmpfs: - /run - /var/cache

Note. I would like to modify my answer and show a way to do this using volumes :

 services: ubuntu: image: ubuntu command: "bash -c 'mount'" volumes: - cache_vol:/var/cache - run_vol:/run volumes: run_vol: driver_opts: type: tmpfs device: tmpfs cache_vol: driver_opts: type: tmpfs device: tmpfs

It also allows you to share mountable tmpfs .

+19
source

these are some images, such as alpine , the directory /var/run just a link to /run You can check this with

 $ docker run --rm -ti mariadb:10.1 ls -lh /var/run lrwxrwxrwx 1 root root 4 Aug 7 13:02 /var/run -> /run

This means that /var/run/mysqld is actually /run/mysqld

your updated docker-compose.yml

 version: '2' services: mysql: image: mariadb:10.1 read_only: true tmpfs: - /run/mysqld:uid=999,gid=999 - /tmp volumes: - mysql:/var/lib/mysql restart: always volumes: mysql:

in this case, just have your tmpfs point to /run

it looks like the / var / run directory is special in docker.

no, it's just because it's a link

0
source

Source: https://habr.com/ru/post/1263472/

More articles:


All Articles