I'm building a docker environment for a Symfony application. I have a container per application with an attached data only container for the web root that is linked to the application server. As part of the security hardening for the infrastructure these data containers are set to read only, to prevent any remote code exploits. Each application then also has a side car container that allows logs to be written to.

Symfony currently writes the cache to the default cache_dir location of

${web_root}/app/cache/${env}

Which is in the read-only data container

when trying to boot the application I get this error

Unable to write in the cache directory

Obviously as its in the write only container this will happen

I've set my log_path is set in parameters outside the read-only container in the read-write sidecar logging container of

/data/logs/symfony

which works fine.

I've read the Symfony cookbook on how to over ride the directory structure but it only advises on how to do this in AppKernal.php which I don't want to do as the paths may change dependant on if its in a local/uat/prod environment.

We feed Symfony different parameters from our build server depending on the environment we are deploying to so it makes sense to put this config in here.

does anyone know if its possible to override the cache dir in config rather than editing AppKernal.php

I'm creating the cache file outside the container and using -v to mount the directory into the container

$DIR is the current location

htdocs where the webfiles are

docker run -d \
   -v $DIR/htdocs:/var/www/html \
   -v $DIR/cache_folder:/var/www/html/app/cache

Then make sure that the container is allowed to write into cache_folder . The advantage is that you're not loosing any data if you recreate the container. This will also overwrite the folder /var/www/html/app/cache

Another way you can do this is inside every container, but loose the setting with every restart

chmod -R 777 ${web_root}/app/cache/${env}

Here's a simplified example of a docker-compose yml file i'm using, with a read only parent data container with 2 sidecar containers for caching and logging with :rw access that overrides a path that is contained with the read-only parent path

docker-compose-base.yml

version: '2.0'

# maintainer james.kirkby@sonyatv.com
# @big narstie said "dont f*** up the #base"

services:

  # web server
  pitchapp-web:
    hostname: pitchapp-web
    depends_on:
      - pitchapp-dc   
      - pitchapp-log-sc
      - pitchapp-cache-sc
      - pitchapp-fpm
    volumes_from:
      - pitchapp-dc
      - pitchapp-log-sc:rw
      - pitchapp-cache-sc:rw
    links:
      - pitchapp-fpm
    build:
      args: 
        - APP_NAME=pitchapp  
        - FPM_POOL=pitchapp-fpm
        - FPM_PORT=9001
        - PROJECT=pitch
        - APP_VOL_DIR=/data/www
        - CONFIG_FOLDER=app/config
        - ENVIRONMENT=dev
        - ENV_PATH=dev   
      context: ./pitch
      dockerfile: Dockerfile
    ports:
      - "8181:80"
    extends:
      file: "shared/dev-common.yml"
      service: dev-common-env
    env_file: 
      - env/dev.env

  # web data-container
  pitchapp-dc: 
    volumes:
      - /data/tmp:/data/tmp:rw      
      - /Sites/pitch/pitchapp:/data/www/dev/pitch/pitchapp/current:ro
    hostname: pitchapp-dc
    container_name: pitchapp-dc       
    extends:
      file: "shared/data-container-common.yml"
      service: data-container-common-env
    read_only: true
    working_dir: /data/www                      

  # web cache sidecar
  pitchapp-cache-sc:
    volumes:
      - /data/cache/pitchapp:/data/www/dev/pitch/pitchapp/current/app/cache/dev:rw
    hostname: pitchapp-cache-sc
    container_name: pitchapp-cache-sc
    extends:
      file: "shared/data-container-common.yml"
      service: data-container-common-env              
    read_only: false
    working_dir: /data/cache    

  # web log sidecar
  pitchapp-log-sc: 
volumes:
  - /data/log/pitchapp:/data/log:rw   
  - /data/log/pitchapp/symfony:/data/www/dev/pitch/pitchapp/current/app/logs:rw   
    build:
      args:
        - APP_NAME=pitchapp          
        - TARGET_SERVICE=pitchapp
    hostname: pitchapp-log-sc
    container_name: pitchapp-log-sc
    extends:
      file: "shared/logging-common.yml"
      service: logging-common-env       

data-container-common.yml

version: '2.0'

services:
  data-container-common-env:
    build:
      context: ./docker-data-container
      dockerfile: Dockerfile 
    image: jkirkby91/docker-data-container   
    env_file: 
      - env/data.env           
    restart: always
    privileged: false 
    tty: false
    shm_size: 64M
    stdin_open: true

logging-common.yml

version: '2.0'

services:
  logging-common-env:
    build:
      context: ./logging
      dockerfile: Dockerfile
    image: jkirkby91/docker-data-container    
    env_file: 
      - env/logging.env           
    restart: always
    working_dir: /data/log
    privileged: false 
    tty: false
    shm_size: 64M
    stdin_open: true       
    read_only: false