3

I have two containers that in one of them I am using gluster file system to mount the files that I need into mnt directory of my container and I'm using VOLUME /mnt in my Dockerfile to share the volume. I run this container with this:

docker run -d --cap-add SYS_ADMIN --device=/dev/fuse:/dev/fuse -e MOUNTPOINT="server1:test" -e TARGET="/mnt"  --name gluster gluster-client

and I want to use this files in the second container that is a nginx container so I run this container using --volumes-from to use that shared volume, this is how I run my container:

docker run -it --volumes-from gluster  nginx sh

my gluster container works fine, I mean I checked the mount directory(here /mnt) and I can see the files, but in second container that I'm usig docker --volumes-from there's no files in /mnt directory, it seems that it can mount the directory but not the files inside those directories,how can I fix it?, is it because I am using gluster or what?

gluster container is based on fedora and nginx container is based on alpine.

I appreciate your help:)

Ladan Nekuii
  • 185
  • 1
  • 6
  • 18

1 Answers1

2

It could be due to SELinux. Try running the second container as

docker run -it --volumes-from gluster:z  nginx sh

From docker run reference documentation:

Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Docker does not change the labels set by the OS.

To change the label in the container context, you can add either of two suffixes :z or :Z to the volume mount. These suffixes tell Docker to relabel file objects on the shared volumes. The z option tells Docker that two containers share the volume content. As a result, Docker labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Docker to label the content with a private unshared label. Only the current container can use a private volume.

About the same argument you can find more details on Using Volumes with Docker can Cause Problems with SELinux and Practical SELinux and Containers.

EDIT: If that is not the reason, your problem should due to glusterfs and data container. Try using named volumes.

Change the VOLUME line in first container to

VOLUME myVolume:/mnt

and in the second container, instead of --volumes-from, you can use --volume=myVolume.

See more on data container and named volumes on Docker Data Containers and Named Volumes and Docker named volume explained.

gile
  • 5,580
  • 1
  • 25
  • 31