问题描述
我正在为Symfony应用程序构建码头环境。每个应用程序都有一个容器,其中包含链接到应用程序服务器的Web根的附加数据的容器。作为基础架构的安全加固的一部分,这些数据容器设置为只读,以防止任何远程代码漏洞利用。每个应用程序还有一个侧面的车载容器,可以将日志写入。 Symfony目前将缓存写入默认的 cache_dir
$ {web_root} / app / cache / $ {env}
尝试启动时,只读数据容器中的哪一个
应用程序我得到这个错误
显然,由于它在只写容器中会发生这种情况
我设置了我的log_path设置在只读容器之外的参数中在
/ data / logs / symfony
的读写边框记录容器中哪些工作正常。
我已经阅读了Symfony食谱如何骑目录结构,但它只建议如何在 AppKernal.php 中进行此操作,我不想这样做路径可能会依赖于它在 local / uat / prod 环境中的变化而变化。
根据我们构建的环境,我们为构建服务器提供Symfony不同的参数,所以将这个配置放在这里是有意义的。
有人知道是否可以覆盖配置中的缓存目录,而不是编辑 AppKernal.php
这是一个使用Docker-compose yml文件的简化示例,只有一个只读父数据容器,带有2个sidecar容器用于缓存和日志记录:rw access这覆盖了只读父路径中包含的路径
版本:'2.0'
#维护者[email protected]
#@big narstie说不要在#base
服务:
#web服务器
pitchapp-web:
主机名:pitchapp-web
depends_on:
- pitchapp-dc
- pitc happ-log-sc
- pitchapp-cache-sc
- pitchapp-fpm
volumes_from:
- pitchapp-dc
- pitchapp-log-sc:rw
- pitchapp-cache-sc:rw
链接:
- pitchapp-fpm
build:
args:
- APP_NAME = pitchapp
- FPM_POOL = pitchapp-fpm
- FPM_PORT = 9001
- PROJECT = pitch
- APP_VOL_DIR = / data / www
- CONFIG_FOLDER = app / config
- ENVIRONMENT = dev
- ENV_PATH = dev
上下文:./pitch
dockerfile:Dockerfile
ports:
- 8181:80
extends:
文件:shared / dev-common.yml
服务:dev-common-env
env_file:
- env / dev.env
#web data- container
pitchapp-dc:
volumes:
- / data / tmp:/ data / tmp:rw
- / Sites / pitch / pitchapp:/ data / www / dev /音高/音高/当前:ro
主机名:pitchapp-dc
co ntainer_name:pitchapp-dc
extends:
file:shared / data-container-common.yml
service:data-container-common-env
read_only:true
working_dir:/ data / www
#web cache sidecar
pitchapp-cache-sc:
volumes:
- / data / cache / pitchapp:/ data / www / dev / pitch / pitchapp / current / app / cache / dev:rw
hostname:pitchapp-cache-sc
container_name:pitchapp-cache-sc
extends:
file:shared / data-container-common.yml
service:data-container-common-env
read_only:false
working_dir:/ data / cache
#web log sidecar
pitchapp-log-sc:
volumes:
- / data / log / pitchapp:/ data / log:rw
- / data / log / / symfony:/ data / www / dev / pitch / pitchapp / current / app / logs:rw
build:
args:
- APP_NAME = pitchapp
- TARGET_SERVICE = pitchapp
hostnam e:pitchapp-log-sc
container_name:pitchapp-log-sc
extends:
file:shared / logging-common.yml
service:logging-common-env
version:'2.0'
services:
data-container-common- env:
build:
上下文:./docker-data-container
dockerfile:Dockerfile
image:jkirkby91 / docker-data-container
env_file:
- env / data.env
重新启动:始终
特权:false
tty:false
shm_size:64M
stdin_open:true
version:'2.0'
services:
logging-common-env:
build:
上下文:./logging
dockerfile:Dockerfile
image:jkirkby91 / docker-data-co ntainer
env_file:
- env / logging.env
restart:always
working_dir:/ data / log
特权:false
tty:false
shm_size:64M
stdin_open:true
read_only:false
I'm building a docker environment for a Symfony application. I have a container per application with an attached data only container for the web root that is linked to the application server. As part of the security hardening for the infrastructure these data containers are set to read only, to prevent any remote code exploits. Each application then also has a side car container that allows logs to be written to.
Symfony currently writes the cache to the default cache_dir location of
${web_root}/app/cache/${env}
Which is in the read-only data container
when trying to boot the application I get this error
Obviously as its in the write only container this will happen
I've set my log_path is set in parameters outside the read-only container in the read-write sidecar logging container of
/data/logs/symfony
which works fine.
I've read the Symfony cookbook on how to over ride the directory structure but it only advises on how to do this in AppKernal.php which I don't want to do as the paths may change dependant on if its in a local/uat/prod environment.
We feed Symfony different parameters from our build server depending on the environment we are deploying to so it makes sense to put this config in here.
does anyone know if its possible to override the cache dir in config rather than editing AppKernal.php
Here's a simplified example of a docker-compose yml file i'm using, with a read only parent data container with 2 sidecar containers for caching and logging with :rw access that overrides a path that is contained with the read-only parent path
version: '2.0'
# maintainer [email protected]
# @big narstie said "dont f*** up the #base"
services:
# web server
pitchapp-web:
hostname: pitchapp-web
depends_on:
- pitchapp-dc
- pitchapp-log-sc
- pitchapp-cache-sc
- pitchapp-fpm
volumes_from:
- pitchapp-dc
- pitchapp-log-sc:rw
- pitchapp-cache-sc:rw
links:
- pitchapp-fpm
build:
args:
- APP_NAME=pitchapp
- FPM_POOL=pitchapp-fpm
- FPM_PORT=9001
- PROJECT=pitch
- APP_VOL_DIR=/data/www
- CONFIG_FOLDER=app/config
- ENVIRONMENT=dev
- ENV_PATH=dev
context: ./pitch
dockerfile: Dockerfile
ports:
- "8181:80"
extends:
file: "shared/dev-common.yml"
service: dev-common-env
env_file:
- env/dev.env
# web data-container
pitchapp-dc:
volumes:
- /data/tmp:/data/tmp:rw
- /Sites/pitch/pitchapp:/data/www/dev/pitch/pitchapp/current:ro
hostname: pitchapp-dc
container_name: pitchapp-dc
extends:
file: "shared/data-container-common.yml"
service: data-container-common-env
read_only: true
working_dir: /data/www
# web cache sidecar
pitchapp-cache-sc:
volumes:
- /data/cache/pitchapp:/data/www/dev/pitch/pitchapp/current/app/cache/dev:rw
hostname: pitchapp-cache-sc
container_name: pitchapp-cache-sc
extends:
file: "shared/data-container-common.yml"
service: data-container-common-env
read_only: false
working_dir: /data/cache
# web log sidecar
pitchapp-log-sc:
volumes:
- /data/log/pitchapp:/data/log:rw
- /data/log/pitchapp/symfony:/data/www/dev/pitch/pitchapp/current/app/logs:rw
build:
args:
- APP_NAME=pitchapp
- TARGET_SERVICE=pitchapp
hostname: pitchapp-log-sc
container_name: pitchapp-log-sc
extends:
file: "shared/logging-common.yml"
service: logging-common-env
version: '2.0'
services:
data-container-common-env:
build:
context: ./docker-data-container
dockerfile: Dockerfile
image: jkirkby91/docker-data-container
env_file:
- env/data.env
restart: always
privileged: false
tty: false
shm_size: 64M
stdin_open: true
version: '2.0'
services:
logging-common-env:
build:
context: ./logging
dockerfile: Dockerfile
image: jkirkby91/docker-data-container
env_file:
- env/logging.env
restart: always
working_dir: /data/log
privileged: false
tty: false
shm_size: 64M
stdin_open: true
read_only: false
这篇关于在参数中设置symfony缓存目录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!