postgresql-container
postgresql-container copied to clipboard
sclorg
NFS mount for data directory of postgresql 9.5 container
Trying to share NFS mount from host machine, as data directory to postgresql 9.5 container
run command:
docker run -d --name postgres -v /srv/db2/cccp/:/var/lib/pgsql/data -p 5432:5432 -e "POSTGRESQL_USER=cccp" -e "POSTGRESQL_PASSWORD=cccp" -e "POSTGRESQL_DATABASE=cccp" registry.centos.org/sclo/postgresql-95-centos7
here /srv/db2/cccp/ is NFS share mounted on the host system.
NFS server exports a directory with config
/nfsshare *(rw,sync,no_subtree_check,all_squash,anonuid=0,anongid=0)
the docs mentions using setfacl command to work around with postgresql container dir ownership behavior, however while running setfacl command as mentioned, it prompts Operation Not Permitted.
[root@client ~]# setfacl -m u:26:-wx /srv/db2/cccp/
setfacl: /srv/db2/cccp/: Operation not supported
Note: Changing NFS server config to have uid=26 works for postgresql container, however, how does one manage UID/GID consistency all over the place then?
[root@client ~]# setfacl -m u:26:-wx /srv/db2/cccp/
The benefit of setfacl is primarily that you don't have to be root to allow containerized app to write there. The drawback is that it doesn't work for everybody, hm. Do you have spelling ideas for the documentation?
Note: Changing NFS server config to have uid=26 works for postgresql container, however, how does one manage UID/GID consistency all over the place then?
All over the place == all containers? You can make the directory world-writeable, or group '0' writeable (I think by default the processes are run under group 0). I'm not convinced this is a good recommendable default, though.
Do you have spelling ideas for the documentation?
as in if documentation can be updated with a better explanation?
I'm not convinced this is a good recommendable default, though.
@praiskup Yes, any idea what could be a better solution if one wants to have NFS share mounted as data directory for postgresql?
Checked again -- atm. PostgreSQL processes are run as 'postgres:postgres', you you somehow have to set the permissions so the process can write to data directory. Other option is to change the user by docker run -u and set the directory ownership accordignly. Btw., soon we could (in #208) add the 'postgres' user into 'root' group...
soon we could (in #208) add the 'postgres' user into 'root' group...
@praiskup : I have been keeping an eye on PR #208. IIUC the outcome should be seamlessly attaching host machine volume to /var/lib/pgsql/data directory inside the container. However, it seems to fail with permission issues again. Am I missing something here?
# docker images registry.centos.org/centos/postgresql-95-centos7
REPOSITORY TAG IMAGE ID CREATED SIZE
registry.centos.org/centos/postgresql-95-centos7 latest 0785e3c7337e About an hour ago 335 MB
# mkdir /tmp/foo
# docker run -d --name=vol-test -e POSTGRESQL_USER=cccp -e POSTGRESQL_PASSWORD=cccp -e POSTGRESQL_DATABASE=cccp -v /tmp/foo:/var/lib/pgsql/data:Z registry.centos.org/centos/postgresql-95-centos7
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
# docker logs -f vol-test
mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied
# cat /etc/centos-release
CentOS Linux release 7.4.1708 (Core)
# rpm -q docker
docker-1.12.6-61.git85d7426.el7.centos.x86_64
Results are same with and without providing :Z options to volume option in docker run command.
@navidshaikh have you added proper group ownership to /tmp/foo? (sudo chgrp root /tmp/foo)
have you added proper group ownership to /tmp/foo? (sudo chgrp root /tmp/foo)
@praiskup
# ls -la /tmp/foo/
total 0
drwxr-xr-x. 2 root root 6 Jan 10 15:08 .
drwxrwxrwt. 12 root root 250 Jan 11 03:25 ..