docker学习四--volume
理解dockerfile volume
docker文件系统是分层的,最底层的为只读。
/var/lib/docker/graph
存放本地image的分层信息
/var/lib/docker/devicemapper/devicemapper/data
存储了image与container的二进制数据文件
/var/lib/docker/devicemapper/devicemapper/metadata
存储了相关元数据
graphdriver
driver:btrfs、vfs、aufs、devmapper
aufs driver是docker最早支持的driver,但是aufs只是linux内核的一个补丁集。
device mapper是linux 2.6内核中提供的一种从逻辑设备到物理设备的映射框架机制,是lvm2的核心,支持块级别的copy a write特性。
vfs虚拟文件系统的最大缺陷是不支持copy a write特性,每层都是一个单独的目录,如果新增一个child,则需要父级层镜像文件一并复制到新目录。
btrfs非常快,采用了btrfs的文件系统的快照能力来实现layer分层功能,缺点是任然在进化中,还不够成熟,特别是大量的写操作的压力下。
目前,除少数版本如ubuntu,docker基本运行在devicemppper基础上。
写操作--device mapper--block---copy----block
写操作--aufs--file----复制到顶层--file
高频写文件操作----volume
实践:
第一种作法:
docker run --rm=true -it -v /wolf01 myjava /bin/bash
docker inspect 4e6688d6f89f
找到以下这段
"Mounts": [
{
"Name": "e6544cec6576c96ca0945ba2c776174aead29a6fd2cf171084a0df936aa0697c",
"Source": "/var/lib/docker/volumes/e6544cec6576c96ca0945ba2c776174aead29a6fd2cf171084a0df936aa0697c/_data",
"Destination": "/wolf01",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
]
第二种作法:(这种方式,容器删除,目录还存在。)
把本机目录挂载到容器里
docker run --rm=true -it -v /storage:/wolf02 myjava /bin/bash
docker run --rm=true -it -v /zhangs:/wolf02 myjava /bin/bash
docker run --rm=true --privileged=true -it -v /zhangs:/wolf02 myjava /bin/bash
基于volume的互联,也可以 解决跨主机的共享问题
当然一些分布式文件系统也在这里可以用到:iscsi、nfs、ceph、分布式文件系统
可以多个容器指向一个volume,实现基于文件的共享访问。
基于数据容器的单主机互联 这才是容器目录的真正价值
docker run -it -v /wolf02 myjava /bin/bash
docker run -rm=true --privileged=true --volumes-from=id号 -it myjava /bin/bash
========================
1.什么是数据卷volume
为了了解什么是Docker Volume,首先我们需要明确Docker内的文件系统是如何工作的。
Docker镜像被存储在一系列的只读层。当我们开启一个容器,Docker读取只读镜像并添加一个读写层在顶部。如果正在运行的容器修改了现有的文件,该文件将被拷贝出底层的只读层到最顶层的读写层。在读写层中的旧版本文件隐藏于该文件之下,但并没有被不破坏 - 它仍然存在于镜像以下。当Docker的容器被删除,然后重新启动镜像时,将开启一个没有任何更改的新的容器 - 这些更改会丢失。此只读层及在顶部的读写层的组合被Docker称为Union File System(联合文件系统)。
为了能够保存(持久)数据以及共享容器间的数据,Docker提出了Volumes的概念。很简单,volumes是目录(或者文件),它们是外部默认的联合文件系统或者是存在于宿主文件系统正常的目录和文件。
2.为什么使用数据卷volume
Docker的镜像是由一系列的只读层组合而来,当启动一个容器的时候,Docker加载镜像的所有只读层,并在最上层加入一个读写层。这个设计使得Docker可以提高镜像构建、存储和分发的效率,节省了时间和存储空间,然而也存在如下问题。
(1)容器中的文件在宿主机上存在形式复杂,不能在宿主机上很方便的对容器中的文件进行访问
(2)多个容器之间的数据无法共享
(3)当删除容器时,容器产生的数据将丢失
为了解决这些问题,Docker引入了数据卷(volume)机制。volume是存在一个或多个容器中的特定文件或文件夹,这个目录能够独立于联合文件系统的形式在宿主机中存在,并为数据的共享与持久提供一下便利。
(1)volume在容器创建时就初始化,在容器运行时就可以使用其中的文件
(2)volume能在不同的容器之间共享和重用
(3)对volume中的数据的操作会马上生效
(4)对volume中数据操作不会影响到镜像本身
(5)volume的生存周期独立于容器的生存周期,即使删除容器,volume仍然会存在,没有任何容器使用的volume也不会被Docker删除
3.如何使用数据卷
3.1 从容器挂载volume(-v /path)
在使用docker run创建新容器的时候,可以使用-v 标签为容器添加数据卷volume,以下用法是从容器中的某个文件夹创建volume,如果容器中指定的文件夹不存在,会自动生成。
[root@i-r2irzkkd ~]# docker run -it --name volume-wolf01 -v /opt/vol_data test/mycentos:v1.0 /bin/bash
[root@d0caf6d9211f /]# cd /opt
[root@d0caf6d9211f opt]# ls
soft vol_data
[root@d0caf6d9211f opt]# 在上面的概念中,有说道,宿主机应该会有一个文件夹绑定挂载到容器中的volume挂载点,那默认的宿主机上的文件夹在哪呢,使用docker inspect命令,查看下容器详情(CRT令起一个SSH终端)
[root@i-r2irzkkd ~]# docker inspect volume-wolf01
[
{
"Id": "d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c",
"Created": "2016-09-06T11:35:15.489656349Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 127,
"Error": "",
"StartedAt": "2016-09-06T11:35:15.845562672Z",
"FinishedAt": "2016-09-06T11:36:56.948274531Z"
},
"Image": "sha256:dc0b220a093b5b2dd2dc6072b633963acd7a266abaad88aa65c60412b91aca9b",
"ResolvConfPath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/hostname",
"HostsPath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/hosts",
"LogPath": "",
"Name": "/volume-wolf01",
"RestartCount": 0,
"Driver": "devicemapper",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"ShmSize": 67108864,
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"KernelMemory": 0,
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null
},
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "29",
"DeviceName": "docker-8:1-394772-0b832a44768488bf28aeecc5d93401e4575160dd0ce56e50946714cd74dd963e",
"DeviceSize": "10737418240"
}
},
"Mounts": [
{
"Name": "ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652",
"Source": "/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data",
"Destination": "/opt/vol_data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "d0caf6d9211f",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": null,
"Cmd": [
"/bin/bash"
],
"Image": "test/mycentos:v1.0",
"Volumes": {
"/opt/vol_data": {}
},
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "79ec4cb73940073acc3e4878d12a5f8a8c7b3d74aca36806a0a3c54e35c07fae",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": null,
"SandboxKey": "/var/run/docker/netns/79ec4cb73940",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2a34f10c505b5733fc74e7f3373b6c5e77d088f116e2b9645fe3df166677bc94",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": ""
}
}
}
}
]
[root@i-r2irzkkd ~]# 注意看Mounts节点(Docker的版本用的是1.10.3),数据卷的使用,类似于 Linux 下对目录或文件进行 mount。
"Mounts": [
{
"Name": "ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652",
"Source": "/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data",
"Destination": "/opt/vol_data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
[root@i-r2irzkkd ~]# cd /var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data/
[root@i-r2irzkkd _data]# ls
[root@i-r2irzkkd _data]# pwd
/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data
[root@i-r2irzkkd _data]# 当我们在容器的volume上操作时,宿主机上对应的文件是否也会跟着变动呢?
测试一下,在容器的volume上创建一个文件test.txt,然后查看宿主机是不是也会同步存在
容器里查看
[root@i-r2irzkkd _data]# touch wolf.txt
[root@i-r2irzkkd _data]# echo 'wolf'>wolf.txt
[root@i-r2irzkkd _data]# cat wolf.txt
wolf宿主主机里查看
[root@i-r2irzkkd ~]# cd /var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data/
[root@i-r2irzkkd _data]# ls
wolf.txt
[root@i-r2irzkkd _data]# 经测试,当容器上的volume有变动时,宿主机也会跟着变动,那反过来呢?经测试也是一样的。不管是容器挂载点发生变动还是宿主机对挂载目录进行操作,令一方都会跟着变动。
利用docker commit生成新镜像,然后docker run -it 运行新镜像,发现容器挂载目录下没有任何文件了。说明生成新镜像时,是不保存挂载文件的。
3.2从宿主机挂载volume(-v /host-path:/container-path)
将主机的文件或文件夹作为volume挂载时,可以用多个 -v标签为容器添加多个volume,还可以使用:ro指定该volume为只读。
注意:如果容器中指定的挂载目录存在相同的文件时,会被宿主机覆盖掉。
[root@i-r2irzkkd opt]# docker run -it --name vol-test02 -v /opt/wolf_01:/opt/wolf_01_01 -v /opt/wolf_02:/opt/wolf_02_02:ro test/mycentos:v1.0 /bin/bash
[root@83bddfe23ae7 /]# ls
anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@83bddfe23ae7 /]# ps
PID TTY TIME CMD
1 ? 00:00:00 bash
18 ? 00:00:00 ps
[root@83bddfe23ae7 /]# cd /opt
[root@83bddfe23ae7 opt]# ls
soft wolf_01_01 wolf_02_02
[root@83bddfe23ae7 opt]#
[root@i-r2irzkkd _data]# docker inspect vol-test02
[
{
"Id": "83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f",
"Created": "2016-09-06T12:03:17.087268257Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 10045,
"ExitCode": 0,
"Error": "",
"StartedAt": "2016-09-06T12:03:17.432836992Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:dc0b220a093b5b2dd2dc6072b633963acd7a266abaad88aa65c60412b91aca9b",
"ResolvConfPath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/hostname",
"HostsPath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/hosts",
"LogPath": "",
"Name": "/vol-test02",
"RestartCount": 0,
"Driver": "devicemapper",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/opt/wolf_01:/opt/wolf_01_01",
"/opt/wolf_02:/opt/wolf_02_02:ro"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"ShmSize": 67108864,
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"KernelMemory": 0,
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null
},
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "31",
"DeviceName": "docker-8:1-394772-28b0f04c044170a67f43d07bbcd44ff82629555f472bf0ee7a41e8272f76653f",
"DeviceSize": "10737418240"
}
},
"Mounts": [
{
"Source": "/opt/wolf_01",
"Destination": "/opt/wolf_01_01",
"Mode": "",
"RW": true,
"Propagation": "rslave"
},
{
"Source": "/opt/wolf_02",
"Destination": "/opt/wolf_02_02",
"Mode": "ro",
"RW": false,
"Propagation": "rslave"
}
],
"Config": {
"Hostname": "83bddfe23ae7",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": null,
"Cmd": [
"/bin/bash"
],
"Image": "test/mycentos:v1.0",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "983f607b7087ea5c373d76373a37ed2f430de655dd6f2eeb0b161939e66d56d1",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/983f607b7087",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "9b4b60c6ed0232008646dee4fe8323ea91de98c08afae6868c5c4463f14d1063",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2a34f10c505b5733fc74e7f3373b6c5e77d088f116e2b9645fe3df166677bc94",
"EndpointID": "9b4b60c6ed0232008646dee4fe8323ea91de98c08afae6868c5c4463f14d1063",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
[root@83bddfe23ae7 opt]# cd wolf_02_02/
[root@83bddfe23ae7 wolf_02_02]# ls
[root@83bddfe23ae7 wolf_02_02]# mkdir wolf
mkdir: cannot create directory 'wolf': Read-only file system当在容器的vol-test-2上新建操作时,会提示只读.在宿主机上,2个挂载点新增,修改,删除操作都OK,利用docker commit生成新镜像,然后docker run -it 运行新镜像,发现容器挂载目录下没有任何文件了。说明生成新镜像时,是不保存挂载文件的。
3.3使用Dockerfile添加volume
使用VOLUME指令向容器添加volume
VOLUME /data
多个时VOLUME ["/data1","/data2"]
这种情况和第一个中情况docker run -v /data是一样的。注意,dockerfile中使用volume是不能和第二种方法那样挂载宿主机中指定的文件夹。
这时为了保证Dockerfile的可移植性,因为不能保证所有的宿主机都有对应的文件夹。
需要注意的是,在Dockerfile中使用VOLUME指令后,如果尝试对这个volume进行修改,这些修改指令都不会生效,比如下面例子,尝试添加一个文件,并修改文件并改变文件所有权限
如果觉得我的文章对您有用,请点赞。您的支持将鼓励我继续创作!
赞2作者其他文章
评论 2 · 赞 5
评论 1 · 赞 8
评论 0 · 赞 2
评论 0 · 赞 2
评论 0 · 赞 2
添加新评论0 条评论