Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker - Can mount an NFS share into a container but not a sub-directory of it

Tags:

docker

nfs

I have an NFS share with the following properties:

  • Mounted on my host on /nfs/external_disk
  • Owner user is test_user with UID 1234
  • Group is test_group with GID 2222
  • Permissions is 750

I have a small Dockerfile with the following content

ARG tag=lts
from jenkins/jenkins:${tag}

user root

# Create a new user and new group that matches what is on the host.
ARG username=test_user
ARG groupname=test_group
ARG uid=1234
ARG gid=2222
RUN groupadd -g ${gid} ${groupname} && \
    mkdir -p /users && \
    useradd -l -m -u ${uid} -g ${groupname} -s /bin/bash -d /users/${username} ${username}

user ${username}

After building the image (named custom_jenkins), and when I run the following command, the container is started properly and I see the original Jenkins homer stuff now copied to the share.

docker run -td --rm -v /nfs/external_disk:/var/jenkins_home custom_jenkins

However if I want to mount a sub-directory of the NFS share, say ${NFS_SHARE}/jenkins_home, then I get an error:

docker run -td --rm -v /nfs/external_disk/jenkins_home:/var/jenkins_home custom_jenkins

docker: Error response from daemon: error while creating mount source path '/nfs/external_disk/jenkins_home': mkdir /nfs/external_disk/jenkins_home: permission denied.

Now even if I attempt to create the sub-directory myself before starting the container, I still get the same error. Even when I set the permissions of the sub-directory to be 777.

Note that I am running as test_user which has the same UID/GID as in the container and it actually owns the NFS share.

I have a feeling that when docker attempts to create a sub-directory, it attempts to create it as some different user (e.g. the "docker" user) which causes it to fail while creating the folder since it has no access inside the share.

Can anyone help? thanks in advance.

like image 521
user3396919 Avatar asked Dec 18 '19 21:12

user3396919


People also ask

Can Docker mount NFS?

Docker also allows users to mount directories shared over the NFS remote file-sharing system.

Which of these is used to mount a directory from the hard disk in Docker?

Using the parameter -v allows you to bind a local directory. -v or --volume allows you to mount local directories and files to your container.

What is the syntax to mount a directory from the Docker host into a directory in the container?

The -v flag is used to mount a host folder, and it consists of two fields separated by a colon. The first part is the path in the host machine. The second part is the path in the container. The --name flag (optional) is used to give the container a specific name.


1 Answers

I tried to reproduce. Works just fine for me. Perhaps I am missing some constraint. Hope this helps anyway. Note at step 6 the owner and the group for the file that I created from the container. This might answer one of your questions.

Step 1: I created a NFS share somewhere in my LAN
Step 2: I mounted the share on the machine that's running the docker engine

sudo mount 192.168.0.xxx:/i-data/b4024d5b/nfs/NFS /mnt/nsa320/
neo@neo-desktop:nsa320$ mount | grep NFS
192.168.0.xxx:/i-data/b4024d5b/nfs/NFS on /mnt/nsa320 type nfs (rw,relatime,vers=3,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=192.168.0.xxx,mountvers=3,mountport=3775,mountproto=udp,local_lock=none,addr=192.168.0.xxx)

Step 3: I created some sample files and a sub-directory:

neo@neo-desktop:nsa320$ ls -la /mnt/nsa320/
total 12
drwxrwxrwx 3 root root 4096 Jul 21 22:54 .
drwxr-xr-x 3 root root 4096 Jul 21 22:41 ..
-rw-r--r-- 1 neo  neo     0 Jul 21 22:45 dummyFile
-rw-r--r-- 1 root root    0 Jul 21 22:53 fileCreatedFromContainer << THIS WAS CREATED FROM A CONTAINER THAT WAS NOT LAUNCHED WITH THE --user OPTION
drwxr-xr-x 2 neo  neo  4096 Jul 21 22:54 subfolder

Step 4: Launched a dummy container and mounted the sub-directory (1000 is the UID of the user neo in the my OS):

docker run -d -v /mnt/nsa320/subfolder:/var/externalMount --user 1000 alpine tail -f /dev/null

Step 5: Connected in container to check the mount(I can read and write in the subfolder located on the NFS)

neo@neo-desktop:nsa320$ docker exec -ti ded1dc79773e sh
/ $ ls /var/externalMount/
fileInSubfolder
/ $ touch /var/externalMount/fileInSubfolderCreatedFromContainer

Step 6: Back on the host, to whom does the file that I created from the container belongs to:

neo@neo-desktop:nsa320$ ls -la /mnt/nsa320/subfolder/
total 8
drwxr-xr-x 2 neo  neo  4096 Jul 21 23:23 .
drwxrwxrwx 3 root root 4096 Jul 21 22:54 ..
-rw-r--r-- 1 neo  neo     0 Jul 21 22:54 fileInSubfolder
-rw-r--r-- 1 neo  root    0 Jul 21 23:23 fileInSubfolderCreatedFromContainer

Maybe off-topic: whoami executed in the container returns just the UID:

$ whoami
whoami: unknown uid 1000
like image 134
Neo Anderson Avatar answered Nov 09 '22 08:11

Neo Anderson