发表新帖
发表新帖

Mount SMB/CIFS share within a Docker container

后端 未结
关注
5 1981
遥遥无期
遥遥无期 2020-11-29 03:03

I have a web application running in a Docker container. This application needs to access some files on our corporate file server (Windows Server with an Active Directory dom

相关标签:
5条回答
  • 栀梦
    2020-11-29 03:09

    Do not make your containers less secure by exposing many ports just to mount a share. Or by running it as --privileged

    Here is how I solved this issue:

    • First mount the volume on the server that runs docker.

    sudo mount -t cifs -o username=YourUserName,uid=$(id -u),gid=$(id -g) //SERVER/share ~/WinShare

    Change the username, SERVER and WinShare here. This will ask your sudo password, then it will ask password for the remote share.

    Let's assume you created WinShare folder inside your home folder. After running this command you should be able to see all the shared folders and files in WinShare folder. In addition to that since you use the uidand gid tags you will have write access without using sudo all the time.

    • Now you can run your container by using -v tag and share a volume between the server and the container.

    Let's say you ran it like the following.

    docker run -d --name mycontainer -v /home/WinShare:/home 2d244422164

    You should be able to access the windows share and modify it from your container now.

    To test it just do:

    docker exec -it yourRunningContainer /bin/bash

    cd /Home

    touch testdocfromcontainer.txt

    You should see testdocfromcontainer.txt in the windows share.

    0 讨论(0)
  • 走了就别回头了
    2020-11-29 03:16

    You could use the smbclient command (part of the Samba package) to access the SMB/CIFS server from within the Docker container without mounting it, in the same way that you might use curl to download or upload a file.

    There is a question on StackExchange Unix that deals with this, but in short:

    smbclient //server/share -c 'cd /path/to/file; put myfile'

    For multiple files there is the -T option which can create or extract .tar archives, however this looks like it would be a two step process (one to create the .tar and then another to extract it locally). I'm not sure whether you could use a pipe to do it in one step.

    0 讨论(0)
  • 北荒
    2020-11-29 03:16

    You can use a Netshare docker volume plugin which allows to mount remote CIFS/Samba as volumes.

    0 讨论(0)
  • 日久生厌
    2020-11-29 03:26

    Yes, Docker is preventing you from mounting a remote volume inside the container as a security measure. If you trust your images and the people who run them, then you can use the --privileged flag with docker run to disable these security measures.

    Further, you can combine --cap-add and --cap-drop to give the container only the capabilities that it actually needs. (See documentation) The SYS_ADMIN capability is the one that grants mount privileges.

    0 讨论(0)
  • 花落未央
    2020-11-29 03:35
    1. yes
    2. There is a closed issue mount.cifs within a container

    https://github.com/docker/docker/issues/22197

    according to which adding

    --cap-add SYS_ADMIN --cap-add DAC_READ_SEARCH

    to the run options will make mount -t cifs operational.

    I tried it out and:

    mount -t cifs //<host>/<path> /<localpath> -o user=<user>,password=<user>

    within the container then works

    0 讨论(0)
 看不清?
提交回复
热议问题