阅读这些链接:
> https://docs.docker.com/userguide/dockervolumes/#backup-restore-or-migrate-data-volumes
> Backing up data volume containers off machine
我的理解是,我可以获取数据卷容器并存档其备份.
但是,阅读第一个链接后,我似乎无法正常工作.
docker create -v /sonatype-work --name sonatype-work sonatype/nexus /bin/true
我使用以下命令在容器中启动sonatype / nexus图像:
--volumes-from sonatype-nexus
一切顺利,在运行了nexus之后,我检查了数据量,可以看到创建的内部,然后停止并删除nexus并重新开始,所有更改都保存了.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f84abb054d2e sonatype/nexus "/bin/sh -c 'java -" 22 seconds ago Up 21 seconds 0.0.0.0:8081->8081/tcp nexus
1aea2674e482 sonatype/nexus "/bin/true" 25 seconds ago Created sonatype-work
我现在想备份声呐式工作,但是没有运气.
[root@ansible22 ~]# pwd
/root
[root@ansible22 ~]# docker run --volumes-from sonatype-work -v $(pwd):/backup ubuntu tar cvf /backup/sonatype-work-backup.tar /sonatype-work
tar: /backup/sonatype-work-backup.tar: Cannot open: Permission denied
tar: Error is not recoverable: exiting now
我试过以-u root身份运行,也尝试过:
/root/sonatype-work-backup.tar
这样做时,我可以看到它去皮的东西,但是看不到tar文件.根据示例和我的理解,我认为那不是正确的.
谁能看到我在做什么错?
编辑:Linux版本信息
Fedora release 22 (Twenty Two)
NAME=Fedora
VERSION="22 (Twenty Two)"
ID=fedora
VERSION_ID=22
PRETTY_NAME="Fedora 22 (Twenty Two)"
ANSI_COLOR="0;34"
CPE_NAME="cpe:/o:fedoraproject:fedora:22"
HOME_URL="https://fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=22
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=22
PRIVACY_POLICY_URL=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
VARIANT="Server Edition"
VARIANT_ID=server
Fedora release 22 (Twenty Two)
Fedora release 22 (Twenty Two)
The default type for a confined container process is svirt_lxc_net_t. This type is permitted to read and execute all files types under /usr and most types under /etc. svirt_lxc_net_t is permitted to use the network but is not permitted to read content under /var,/home,/root,/mnt … svirt_lxc_net_t is permitted to write only to files labeled svirt_sandBox_file_t and docker_var_lib_t. All files in a container are labeled by default as svirt_sandBox_file_t.
然后在Using Volumes with Docker can Cause Problems with SELinux中:
This will label the content inside the container with the exact MCS label that the container will run with,basically it runs
chcon -Rt svirt_sandBox_file_t -l s0:c1,c2 /var/db
where s0:c1,c2 differs for each container.
(在这种情况下,不是/ var / db而是/ root)
If you volume mount a image with -v /SOURCE:/DESTINATION:z docker will automatically relabel the content for you to s0. If you volume mount with a Z,then the label will be specific to the container,and not be able to be shared between containers.
因此,在这种情况下,z或Z都是合适的,但通常可能更希望使用Z进行隔离.