在 ZFS 文件系统上使用 docker 无根模式的正确方法
我将我的 docker 配置为与无根模式一起使用,并且工作正常。但我更改了数据目录,将所有 docker 的数据存储在 zfs 文件系统中。看来它不能直接工作,我正在寻找正确的方法来设置我的系统。
存储驱动程序配置良好,我收到以下错误
docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Extracting [==================================================>] 2.479kB/2.479kB
docker: failed to register layer: exit status 1: "/sbin/zfs fs create -o mountpoint=legacy xxxx/main/3a2069b67391755d42342cbfa9c0a78cb779759787e219bd8a80c4c2d51c2e96" => cannot create 'xxxx/main/3a2069b67391755d42342cbfa9c0a78cb779759787e219bd8a80c4c2d51c2e96': permission denied
我认为此错误完全正常,但我们如何强制安全地允许在没有 root 权限的情况下创建挂载点。
I configure my docker to be used with rootless mode and it works fine. But I changed my data-dir to store all the docker's data in a zfs filesystem. It appears that it is not working directly and I am looking for the right way to setup my system.
The storage driver is well configured and I obtain the following error
docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Extracting [==================================================>] 2.479kB/2.479kB
docker: failed to register layer: exit status 1: "/sbin/zfs fs create -o mountpoint=legacy xxxx/main/3a2069b67391755d42342cbfa9c0a78cb779759787e219bd8a80c4c2d51c2e96" => cannot create 'xxxx/main/3a2069b67391755d42342cbfa9c0a78cb779759787e219bd8a80c4c2d51c2e96': permission denied
I assumed that this error is completely normal but how can we force securely to allow to create mountpoint without root rights.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
自 ZFS 2.2.0 起(2023 年 10 月 13 日) ),overlayfs 在 zfs 文件系统之上受支持:
这意味着只要您选择
overlay2存储驱动程序,您就可以在 ZFS 文件系统上拥有/var/lib/docker(或其无根等效项)。提供自己的 ZFS 版本的系统,例如 TrueNAS (Core/Scale)、Proxmox 虚拟环境 (Proxmox VE) 和 NixOS 可能不会立即提供 2.2.0 版本 - 截至撰写本文时(2023 年 10 月 25 日),Proxmox VE (v8.0.2-7) 仍在
zfs-2.1.13-pve1上并且zfs-kmod-2.1.12-pve1。As of ZFS 2.2.0 (Oct. 13, 2023), overlayfs is supported on top of a zfs filesystem:
This means that you can have
/var/lib/docker(or it's rootless equivalent) on a ZFS filesystem, as long as you select theoverlay2storage driver.Systems which provide their own ZFS builds such as TrueNAS (Core/Scale), Proxmox Virtual Environment (Proxmox VE) and NixOS may not have release 2.2.0 available immediately - at the time of writing (Oct. 25, 2023), Proxmox VE (v8.0.2-7) is still on
zfs-2.1.13-pve1andzfs-kmod-2.1.12-pve1.遗憾的是,rootless 不支持 zfs 存储驱动程序
https://docs.docker.com/ engine/security/rootless/
已知限制
The zfs storage driver is unfortunately not supported in rootless
From https://docs.docker.com/engine/security/rootless/
Known limitations????
Only the following storage drivers are supported:
Ubuntu-flavored kernel)
option)