Docker Desktop for macOS文件共享

我在 Docker运行Studio容器 中尝试在物理主机macOS共享磁盘目录给Docker容器使用,以便能够把Docker容器的数据持久化。最初考虑使用 macOS系统NFS服务 ,不过没有解决挂载问题,所以改为采用Docker官方手册的 File sharing 方法。

File sharing

所谓 File sharing 通常的场景是在host主机(macOS)上使用IDE开发代码,然后在容器内部运行和测试代码(Linux环境)。默认情况下,共享了 /Users , /Volume , /private , /tmp/var/folders 目录。

  • 你可以添加自己指定的共享目录,如下:
../../_images/docker_file_sharing.png

然后点击右下角的 Apply & Restart 按钮生效。

注解

  • 务必只在容器内共享需要的目录。文件共享后任何在物理host主机上修改的文件都会通知到Linux VM,所以共享更多的文件会导致高CPU负载以及缓慢的文件系统性能
  • 共享目录设计允许应用程序直接编辑host主机共享给容器的文件。对于非代码数据,例如缓存目录或者数据库,性能会比存储在Linux VM,也就是使用Docker卷的性能要好(我理解Docker卷实际上是读写Docker Desktop for Mac的Linux虚拟机中的共享目录,这个虚拟机性能有限,并且如果Linux VM被重置数据会丢失)
  • 如果将整个macOS上的home目录共享到容器内部,贼macOS可能会提示你需要给予Docker访问你home目录个人区域(例如Reminders或Downloads目录)的访问权。
  • 需要注意macOS文件系统默认是文件名大小写不区分,而Linux则是区分大小写,则可能导致应用在macOS和Linux上表现不一。

上述添加的 file sharing 目录如何映射到容器内部?

  • 启动docker容器案例采用 Docker运行Studio容器dev 案例:

    docker build -t fedora-dev .
    docker run --name fedora-dev --hostname fedora-dev -p 122:22 --detach -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /Users/huatai/home_admin/dev:/home/admin fedora-dev /usr/sbin/init
    

但是启动立即终止,使用 docker ps --all 可以看到:

CONTAINER ID   IMAGE        COMMAND            CREATED          STATUS                        PORTS                                 NAMES
96677398766c   fedora-dev   "/usr/sbin/init"   20 seconds ago   Exited (255) 18 seconds ago                                         fedora-dev

为何有返回错误码 255 呢?

查看启动日志:

docker logs fedora-dev

可以看到:

systemd v248.3-1.fc34 running in system mode. (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Detected virtualization docker.
Detected architecture x86-64.
Failed to create symlink /sys/fs/cgroup/net_cls: File exists
Failed to create symlink /sys/fs/cgroup/net_prio: File exists
Failed to create symlink /sys/fs/cgroup/cpu: File exists
Failed to create symlink /sys/fs/cgroup/cpuacct: File exists

Welcome to Fedora 34 (Container Image)!

Failed to write /run/systemd/container, ignoring: Permission denied
Failed to create /docker/96677398766c1bdd1a48396d9c4db2c8a16a918bde715626cc3fb65e38986b64/init.scope control group: Permission denied
Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...

这个问题在 Building multiple docker images using the same kaniko executor gives ‘file exists’ error

Debian10 not working #168 提到是本地安装docker问题,需要重新安装一次docker初始。我参考 Docker Desktop for Mac 的 User manual ,尝试重置一次虚拟机:

  • 点击 Troubleshoot 按钮 (有一个 甲虫 形状) :
    • Clean/Purge data : A disk image reset destroys all Docker containers and images local to the machine, preserving all settings.
    • Reset Docker Desktop to factory defaults : A factory reset destroys all Docker containers and images local to the machine, and restores the application to its original state, as when it was first installed.
../../_images/docker_troubleshoot.png

我首先尝试 Clean/Purge data 这个过程实际上就是移除所有镜像和容器,完成以后,需要重新走以便镜像创建和容器创建,即再次执行:

docker build -t fedora-dev .
docker run --name fedora-dev --hostname fedora-dev -p 122:22 --detach -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /Users/huatai/home_admin/dev:/home/admin fedora-dev /usr/sbin/init

无效,则执行 Reset Docker Desktop to factory defaults ,然后再次重复上述步骤。

ARM环境Linux下尝试

上述命令在ARM的Linux主机上执行:

docker run --name fedora-dev --hostname fedora-dev -p 122:22 --detach -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /home/ubuntu/dev:/dev fedora-dev /usr/sbin/init

出现报错:

docker: Error response from daemon: failed to create shim: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: open /dev/ptmx: no such file or directory: unknown.

汗,低级错误 /dev 是容器内设备目录,不能映射覆盖,修正为:

docker run --name fedora-dev --hostname fedora-dev -p 122:22 --detach -ti -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /home/ubuntu/dev:/home-dev fedora-dev /usr/sbin/init

启动失败,报错日志:

systemd v248.4-1.fc34 running in system mode. (+PAM +AUDIT +SELINUX -APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Detected virtualization docker.
Detected architecture arm64.

Welcome to Fedora 34 (Container Image)!

Failed to write /run/systemd/container, ignoring: Permission denied
Failed to create /system.slice/docker-c11448d8691e10a0c89abd11dafd3d08e03dbbdec6bda771b4c93f943ab8daf8.scope/init.scope control group: Permission denied
Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object.
Exiting PID 1...