docker storage overview
Friends who are familiar with docker know that docker images exist with the concept of layer. They are superimposed layer by layer and eventually become the image we need. But each layer of the image is ReadOnly. The read and write layers are only created when we run the container. File system isolation enables:
- When the container is no longer running, the data does not persist and is difficult to get out of the container.
- Data migration cannot be performed well between different hosts.
- Writing data to the container's read-write layer requires the kernel to provide a federated file system, which additionally reduces performance.
Docker provides three different ways to mount data into the container, volume, bind mount (-v mapping), tmpfs
volume mode
Volume method is the best way to persist data in docker
- By default, docker will have a specific area on the host (Linux system: /var/lib/docker/volumes/), which is used to store volumes.
- Non-docker processes should not modify files in this directory.
- Volume can be managed through docker volume, such as creation, deletion and other operations
- Volume will be generated randomly if you do not specify a name when generating it.
[root@localhost ~]# ls /var/lib/docker/volumes/
ea73bac7843b4d05c08dc758ef15a5b3fc1070f3de8b3361dd40c3c58247c98f
ffa4846b581c1a50a01e7a12a6342ad2aaa442701a35ae56ef2f0e5d7888b22c
- The volume will continue to exist when the container is stopped or deleted. If you want to delete it, you need to display a statement.
Related use cases
- Data is shared between multiple containers. The volume still exists when the container is stopped or deleted. The same volume can be loaded between multiple containers.
- When the host cannot guarantee a specified directory or file structure
- When backup, restore, or data migration between hosts is required, stop the container and back up the volume's directory
Usage
Volume is recommended as the preferred method in docker. Compared with bind mount (-v), it has the following advantages:
- Compared with bind mount, volume is easier to back up or migrate
- Can be managed using Docker CLI (Command Line Interface) commands or Docker API (Interface)
- volume works on both Linux and Windows containers
- Volumes can be shared more securely between multiple containers
- The volume driver allows you to provide storage, encryption, or other functionality on a remote host or cloud
- The contents of the new volume can be pre-populated by the container
Create a management volume
[root@localhost ~]# docker volume create my-vol 创建卷
my-vol
[root@localhost ~]# docker volume ls 查看卷列表
DRIVER VOLUME NAME
local 1ad4af809485ff974988b79fdc3ada634c0b14b1324d9581369fd3b161632115
local my-vol
local portainer_data
[root@localhost ~]# docker volume inspect my-vol 查看卷信息
[
{
"CreatedAt": "2019-03-01T19:40:26+08:00",
"Driver": "local",
"Labels": {},
"Mountpoint": "/var/lib/docker/volumes/my-vol/_data",
"Name": "my-vol",
"Options": {},
"Scope": "local"
}
]
[root@localhost ~]# docker volume rm my-vol 删除卷
my-vol
[root@localhost ~]# docker volume ls
DRIVER VOLUME NAME
local 1ad4af809485ff974988b79fdc3ada634c0b14b1324d9581369fd3b161632115
local portainer_data
Start a container using a volume
as follows:
[root@localhost ~]# docker volume create my-vol2
my-vol2
方法一:
[root@localhost ~]# docker run -d -it --name storage-test -p 80:80 --mount source=my-vol2,target=/app nginx:latest
77d559ebcdb47e9b54b7023bbb6b7bf0a7135dc7458bb68c49311e1140251901
方法二
[root@localhost ~]# docker run -d -it --name storage-test -p 80:80 -v myvol2:/app nginx:latest
[root@localhost ~]# docker inspect storage-test
"Mounts": [
{
"Type": "volume",
"Name": "my-vol2",
"Source": "/var/lib/docker/volumes/my-vol2/_data",
"Destination": "/app",
"Driver": "local",
"Mode": "z",
"RW": true,
"Propagation": ""
}
Note: The volume has the correct Source and Destination and is readable and writable.
Stop containers and clean volumes
[root@localhost ~]# docker stop storage-test #停止容器
storage-test
[root@localhost ~]# docker rm storage-test #删除容器
storage-test
[root@localhost ~]# docker volume rm my-vol2 #删除卷
my-vol2
Learning link
When starting the service, if the Driver is local, no container can share this data. In addition, service can only use the --mount flag.
Using volume driver
When using docker volume create to create a volume or start a container that has not yet created a volume, you can specify the volume driver.
In the following example, the volume driver is first used when creating an independent volume, and then the volume driver is used when starting the container that creates the new volume.
Initial Setup
This example assumes you have 2 nodes, the first is a docker host and you can connect to the second node using SSH.
Install the vieux/sshfx plug-in on the docker host:
$ docker plugin install --grant-all-permissions vieux/sshfs
Creating volumes using volume driver
An SSH password is specified below, but the password can be omitted if the 2 hosts shared key is configured. Each volume driver can have multiple configuration options, specified using the -o flag.
$ docker volume create --driver vieux/sshfs \
-o sshcmd=test@node2:/home/test \
-o password=testpassword \
sshvolume
Use the volume driver when creating a container.
It should be noted here that if you need to use options in the command, you must use --mount instead of -v.
$ docker run -d \
-it \
--name sshfs-container \
--volume-driver vieux/sshfs \
--mount src=sshvolume,target=/app,volume-opt=sshcmd=test@node2:/home/test,volume-opt=password=testpassword \
nginx:latest
bind mount method
Through the bind mount method, you can mount any file or directory (absolute path) on your host into the container.
-
Mounted files or directories can be modified by any process, so sometimes modifications to the file or directory in the container will affect other processes.
-
If the file or directory to which the host is mounted does not exist, it will be created automatically.
-
This method cannot be managed through the command: docker volume
Related use cases:
bind mounts are generally used in the following ways:
-
What is mounted is a file, because only the bind mount method can mount files.
-
Share configuration files from the host to the container. By default, docker will bind files similar to /etc/resolv.conf for DNS resolution.
-
The host shares source code or build tools with the container. For example, you can mount the Maven target/ into the container, and every time the Maven project is built on the host, the container will have access to the rebuilt artifacts.
-
When the host's file or directory structure is consistent with that required by the container.
If you mount an empty file or directory to a container and there are files in the directory in the container, these files will be copied to the directory on the host. If you mount a non-empty file or directory to a container and there are files in the directory in the container, the files in the container will be hidden.
Comparison between volume and -V methods
volume means volume mount volume, -v means bind mount
type | -v | volume |
---|---|---|
volume position | Can be specified arbitrarily | /var/lib/docker/volumes/… |
Impact on existing mount points | Hide and replace with volume | Copy original data to volume |
Whether to support single file | support | Not supported, it can only be a directory |
Permission control | Can be set to read-only, default is read and write permissions | No control, all have read and write permissions |
Portability | Weak portability, bound to host path | Strong portability, no need to specify the host directory |
tmpfs mode
tmpfs, only stores in the host system's memory and does not write to the host's file system.
Related use cases:
tmpfs is generally used when security is important and data does not need to be persisted.
How to use:
It goes without saying that the relationship between –tmpfs and --mount is the same as the previous two methods. The difference between them is:
- –tmpfs does not allow any configurable options to be specified
- –tmpfs cannot be used with swarm service, you must use --mount
Using tmps in the container