r/minio: Do not mount storage volume with :Z
The `:Z` flag tells the container runtime to run `chcon` recursively on the specified path, in order to ensure that the files are accessible inside the container. For a very large volume like the MinIO storage directory, this can take an extremely long time. It's really only necessary on the first startup anyway, because the context won't change after that. To avoid spending a bunch of time, we can set the context correctly when we create the directory, and then not worry about it after that.unifi-restore
parent
84cd6022c0
commit
5edfbf2408
|
|
@ -34,6 +34,7 @@
|
||||||
group: minio
|
group: minio
|
||||||
mode: u=rwx,go=
|
mode: u=rwx,go=
|
||||||
state: directory
|
state: directory
|
||||||
|
setype: container_file_t
|
||||||
tags:
|
tags:
|
||||||
- datadir
|
- datadir
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ Exec=server {% if minio_address|d %}--address {{ minio_address }} {% endif %}/da
|
||||||
User=224
|
User=224
|
||||||
Group=224
|
Group=224
|
||||||
EnvironmentFile=/etc/sysconfig/minio
|
EnvironmentFile=/etc/sysconfig/minio
|
||||||
Volume={{ minio_storage_path }}:/data:rw,Z
|
Volume={{ minio_storage_path }}:/data:rw
|
||||||
Volume=/etc/minio/certs:/certs:ro,z
|
Volume=/etc/minio/certs:/certs:ro,z
|
||||||
Network=host
|
Network=host
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue