Docker provides resources for the two kinds of data stored in a container:
- A mirror layer and the container layer storage driver management.
- Data Volume。
storage driver
Mirror docker layered structure as follows: 
the concept of layers of Docker mirror layer is introduced, the production process of each step in image rub total Europe, will generate a new image layer
Container consists of the top container a writable layer, and a plurality of read-only image layer, the data stored in the container on these layers. The biggest characteristic of this hierarchy is the Copy-on-Write:
- The new data is placed directly on top of the container layer.
- Modifying existing data mirroring layer will start to copy data to the container layer, the modified data is stored directly in the container layer, the mirror layer remains unchanged.
- If you have multiple layers of the same file name, the user can only see the files that the top layer.
The hierarchy to create a mirror and containers, sharing and distribution has become very efficient, which thanks to Docker storage driver. It is to achieve a unified view of the storage driver stack multiple layers of data and provide users with a single, consolidated thereafter.
Docker supports a variety of storage driver, there AUFS, Device Mapper, Btrfs, OverlayFS , VFS and ZFS. They can achieve a layered architecture, at the same time and have their own characteristics.
Docker will give priority to the use of Linux distributions default storage driver.
Will select the default driver depending on the configuration of the current system when Docker installation. The default driver has the best stability, because the default driver through rigorous testing on the release.
RunDocker infoto view the current system used by Storage driver
centos use the default driver overlay2, the underlying file system xfs, data stored in the respective layers / var / lib / docker
For some containers, such as busybox just a toolbox, you do not need to save the data for later use, directly to exit when finished, is stored in the container when the container is removed layers work together data also be deleted.
Docker Data Management
docker container persistent data stored in two general ways:
volume
the bind Mount 
either volume or bind mount, a host file system directory or file which is essentially
either volume or bind mount, on which the stored data lifecycle after stand container, that container delete data on the volume or bind mount, is still there
Volume
Docker Host is a file system file or directory on Volume essence, the container can be directly mount the file system. Volume has the following characteristics:
- Volume is a directory or file, rather than not formatted disk (block device).
- The container may read and write data in the volume.
- volume data can be permanently saved, even if its containers have been destroyed.
Because the volume is actually part of docker host file system, so the volume of space depends on the capacity of the file system is not currently in use.
volume Caution:
- volume of content exist beyond the lifetime of the vessel; still there after deletion
- When mounted volume, mount not need to specify the source and a mount point can, Docker generates a directory for each volume at / var / lib / docker / volumes path, as a source mount
- If the container has a directory mount point to point, then the data in the directory is to copy the volume
- If the mount point to point container empty directory, it will automatically create the required directories.
- If mounted on a volume that does not exist in the container start, Dokcer automatically create volumes
- Volume reused when the container volume stamp authority can be set by the read-only parameter ro
bind mount
bind mount is host to mount on existing directories or files to the container.
bind mount实际上是一个inode替换的过程。
bind mount机制主要作用,允许一个目录或者文件(不是整个设备)挂载到一个指定的目录上,而且在该挂载点上进行任何的操作,只是发生在被挂载的目录或者文件上,而原挂载点的内容则会被隐藏起来不受影响。
bind mount使用注意事项:
- 容器运行过程中,对bind mount目录中改动的数据,将被保存,删除容器后,bind mount中的数据任然存在。
- bind mount可以挂载在一个目录到容器,也可以挂载一个文件到容器,但必须要指定的目录或文件的路径,即mount源,当然也必须指定mount point,这也限制了容器的可移植性
- 若将bind mount也绑定到容器上的某非空目录下,则会隐藏容器目录下的现有内容,若不希望容器的整个目录被覆盖,可单独挂载某个文件
- 若mount源指向的文件或者目录在宿主机上不存在,则会自动创建
- bind mount时,可以通过ro参数将容器对数据的权限设置为只读,设置ro参数后,容器无法对数据进行修改,但宿主机依旧有权修改其内容。
bind mount的用法是使用-v选项将host已经存在的目录或者文件mount到容器
如下所示:
-v 的格式为 <host path>:<container path>。/usr/local/apache2/htdocs 就是 apache server 存放静态文件的地方。由于 /usr/local/apache2/htdocs 已经存在,原有数据会被隐藏起来,取而代之的是 host $HOME/htdocs/ 中的数据,这与 linux mount 命令的行为是一致的。
数据共享
数据共享是volume的关键特性,主机与容器数据共享:
- bind mount:将host上的目录或者文件mount到容器中
- volume:将Host上的数据copy到容器的volume中
容器间的数据共享:
bind mount:将host上目录或文件mount到多个容器中
volume:将volume挂载到多个容器
volume container:先通过volume或bind mount将数据挂载到一个container中,其他容器再引用这个container中的数据
volume container是专门为其他容器提供volume的容器。
volume生命周期管理
备份
因为 volume 实际上是 host 文件系统中的目录和文件,所以 volume 的备份实际上是对文件系统的备份
恢复
volume 的恢复也很简单,如果数据损坏了,直接用之前备份的数据拷贝
迁移
如果使用更新版本的 Registry,这就涉及到数据迁移,方法是:
- docker stop 当前 Registry 容器。
- 启动新版本容器并 mount 原有 volume。
销毁
volume删除后数据是找不回来的,注意
docker 不会销毁 bind mount,删除数据的工作只能由 host 负责,再在执行 docker rm 删除容器时可以带上 -v 参数,docker 会将容器使用到的 volume 一并删除,但前提是没有其他容器 mount 该 volume。
操作实验
volume挂载操作
Create a volume, and mounts a container httpd docker run -d -p 8080:80 -v /usr/local/apache2/htdocs httpd
-v to mount it to the container httpd 
-v format <host path>: <container path >. / usr / local / apache2 / htdocs is where the Apache Server to store static files,
due to the / usr / local / apache2 / htdocs already exists, the original data will be hidden and replaced by the data host $ HOME / htdocs / in.
Check the volume of information
docker volume ls
See mount the container volume information, and to obtain volume path, Type = volume
docker inspect d5db6a048612
View volume of data
cd /var/lib/docker/volumes/6189c90831d019229a2e8593453fe1c334faec1fcc56db80b9f99773d21c9c55/_data
See the corresponding data in the container, the results: data = data container volume
Index.html file contents into the container update
docker exec -it d5db6a048612 bash
cd htdocs && echo "update the index" > index.html
View the contents of the volume again, it has been synchronized with the new 
result data sharing and Host of container.
Force the removal of the container, and then view the data in the volume, you can see still there
docker rm -f d5db6a048612
bind mount
The host computer / root / htdocs directory in a read-only mount the container to a named httpd httpd1 mapped port 8081
docker run --name httpd1 -d -p 8081:80 -v /root/htdocs:/usr/local/apache2/htdocs:ro httpd
Mount View container information. Type = bind
docker inspect httpd1
Index.html file with new data on host host, confirms the data httpd1 container also together with the new 
result, container and Host realizes data sharing
Httpd1 into the container update index.html file data, suggesting Read-only
The host / root / htdocs mounted to the container named http httpd2 mapped port 8082 is not provided ro
docker run --name httpd2 -d -p 8082:80 -v /root/htdocs/:/usr/local/apache2/htdocs httpd
Httpd2 into the container update index.html
docker exec -it httpd2 bash
See each host, HTTP1, the data http2, three consistent with the data 
at this time confirms shared data between the containers