版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/yujin2010good/article/details/79372266
理解dockerfile volume
docker文件系统是分层的,最底层的为只读。
/var/lib/docker/graph 存放本地image的分层信息
/var/lib/docker/devicemapper/devicemapper/data 存储了image与container的二进制数据文件
/var/lib/docker/devicemapper/devicemapper/metadata 存储了相关元数据
graphdriver
driver:btrfs、vfs、aufs、devmapper
aufs driver是docker最早支持的driver,但是aufs只是linux内核的一个补丁集
device mapper是linux 2.6内核中提供的一种从逻辑设备到物理设备的映射框架机制,是lvm2的核心,支持块级别的copy a write特性。
vfs虚拟文件系统的最大缺陷是不支持copy a write特性,每层都是一个单独的目录,如果新增一个child,则需要父级层镜像文件一并复制到新目录。
btrfs非常快,采用了btrfs的文件系统的快照能力来实现layer分层功能,缺点是任然在进化中,还不够成熟,特别是大量的写操作的压力下。
目前,除少数版本如ubuntu,docker基本运行在devicemppper基础上。
写操作--device mapper--block---copy----block
写操作--aufs--file----复制到顶层--file
高频写文件操作----volume
实践:
第一种作法:
docker run --rm=true -it -v /wolf01 myjava /bin/bash
docker inspect 4e6688d6f89f
找到以下这段
"Mounts": [
{
"Name": "e6544cec6576c96ca0945ba2c776174aead29a6fd2cf171084a0df936aa0697c",
"Source": "/var/lib/docker/volumes/e6544cec6576c96ca0945ba2c776174aead29a6fd2cf171084a0df936aa0697c/_data",
"Destination": "/wolf01",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
第二种作法:(这种方式,容器删除,目录还存在。)
把本机目录挂载到容器里
docker run --rm=true -it -v /storage:/wolf02 myjava /bin/bash
docker run --rm=true -it -v /zhangs:/wolf02 myjava /bin/bash
docker run --rm=true --privileged=true -it -v /zhangs:/wolf02 myjava /bin/bash
基于volume的互联,也可以 解决跨主机的共享问题
当然一些分布式文件系统也在这里可以用到:iscsi、nfs、ceph、分布式文件系统
可以多个容器指向一个volume,实现基于文件的共享访问。
基于数据容器的单主机互联 这才是容器目录的真正价值
docker run -it -v /wolf02 myjava /bin/bash
docker run -rm=true --privileged=true --volumes-from=id号 -it myjava /bin/bash
========================
1.什么是数据卷volume
为了了解什么是Docker Volume,首先我们需要明确Docker内的文件系统是如何工作的。
Docker镜像被存储在一系列的只读层。当我们开启一个容器,Docker读取只读镜像并添加一
个读写层在顶部。如果正在运行的容器修改了现有的文件,该文件将被拷贝出底层的只读层
到最顶层的读写层。在读写层中的旧版本文件隐藏于该文件之下,但并没有被不破坏 - 它
仍然存在于镜像以下。当Docker的容器被删除,然后重新启动镜像时,将开启一个没有任
何更改的新的容器 - 这些更改会丢失。此只读层及在顶部的读写层的组合被Docker称为
Union File System(联合文件系统)。
为了能够保存(持久)数据以及共享容器间的数据,Docker提出了Volumes的概念。很
简单,volumes是目录(或者文件),它们是外部默认的联合文件系统或者是存在于宿主文
件系统正常的目录和文件。
2.为什么使用数据卷volume
Docker的镜像是由一系列的只读层组合而来,当启动一个容器的时候,Docker加载镜像的所有只读层,
并在最上层加入一个读写层。这个设计使得Docker可以提高镜像构建、存储和分发的效率,节省了时
间和存储空间,然而也存在如下问题。
(1)容器中的文件在宿主机上存在形式复杂,不能在宿主机上很方便的对容器中的文件进行访问
(2)多个容器之间的数据无法共享
(3)当删除容器时,容器产生的数据将丢失
为了解决这些问题,Docker引入了数据卷(volume)机制。volume是存在一个或多个容器中的特
定文件或文件夹,这个目录能够独立于联合文件系统的形式在宿主机中存在,并为数据的共享与持久
提供一下便利。
(1)volume在容器创建时就初始化,在容器运行时就可以使用其中的文件
(2)volume能在不同的容器之间共享和重用
(3)对volume中的数据的操作会马上生效
(4)对volume中数据操作不会影响到镜像本身
(5)volume的生存周期独立于容器的生存周期,即使删除容器,volume仍然会存在,没有任何容器使用的volume也不会被Docker删除
3.如何使用数据卷
3.1 从容器挂载volume(-v /path)
在使用docker run创建新容器的时候,可以使用-v 标签为容器添加数据卷volume,以下用法是从容器中的某个文件夹创建volume,如果容器中指定的文件夹不存在,会自动生成。
[root@i-r2irzkkd ~]# docker run -it --name volume-wolf01 -v /opt/vol_data test/mycentos:v1.0 /bin/bash
[root@d0caf6d9211f /]# cd /opt
[root@d0caf6d9211f opt]# ls
soft vol_data
[root@d0caf6d9211f opt]#
在上面的概念中,有说道,宿主机应该会有一个文件夹绑定挂载到容器中的volume挂载点,那默认的宿主机上的文件夹在哪呢,使用docker inspect命令,查看下容器详情(CRT令起一个SSH终端)
[root@i-r2irzkkd ~]# docker inspect volume-wolf01
[
{
"Id": "d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c",
"Created": "2016-09-06T11:35:15.489656349Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 127,
"Error": "",
"StartedAt": "2016-09-06T11:35:15.845562672Z",
"FinishedAt": "2016-09-06T11:36:56.948274531Z"
},
"Image": "sha256:dc0b220a093b5b2dd2dc6072b633963acd7a266abaad88aa65c60412b91aca9b",
"ResolvConfPath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/hostname",
"HostsPath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/hosts",
"LogPath": "",
"Name": "/volume-wolf01",
"RestartCount": 0,
"Driver": "devicemapper",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"ShmSize": 67108864,
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"KernelMemory": 0,
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null
},
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "29",
"DeviceName": "docker-8:1-394772-0b832a44768488bf28aeecc5d93401e4575160dd0ce56e50946714cd74dd963e",
"DeviceSize": "10737418240"
}
},
"Mounts": [
{
"Name": "ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652",
"Source": "/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data",
"Destination": "/opt/vol_data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "d0caf6d9211f",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": null,
"Cmd": [
"/bin/bash"
],
"Image": "test/mycentos:v1.0",
"Volumes": {
"/opt/vol_data": {}
},
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "79ec4cb73940073acc3e4878d12a5f8a8c7b3d74aca36806a0a3c54e35c07fae",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": null,
"SandboxKey": "/var/run/docker/netns/79ec4cb73940",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2a34f10c505b5733fc74e7f3373b6c5e77d088f116e2b9645fe3df166677bc94",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": ""
}
}
}
}
]
[root@i-r2irzkkd ~]#
注意看Mounts节点(Docker的版本用的是1.10.3),数据卷的使用,类似于 Linux 下对目录或文件进行 mount。
"Mounts": [
{
"Name": "ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652",
"Source": "/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data",
"Destination": "/opt/vol_data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
[root@i-r2irzkkd ~]# cd /var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data/
[root@i-r2irzkkd _data]# ls
[root@i-r2irzkkd _data]# pwd
/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data
[root@i-r2irzkkd _data]#
当我们在容器的volume上操作时,宿主机上对应的文件是否也会跟着变动呢?
测试一下,在容器的volume上创建一个文件test.txt,然后查看宿主机是不是也会同步存在
容器里查看
[root@i-r2irzkkd _data]# touch wolf.txt
[root@i-r2irzkkd _data]# echo 'wolf'>wolf.txt
[root@i-r2irzkkd _data]# cat wolf.txt
wolf
宿主主机里查看
[root@i-r2irzkkd ~]# cd /var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data/
[root@i-r2irzkkd _data]# ls
wolf.txt
[root@i-r2irzkkd _data]#
经测试,当容器上的volume有变动时,宿主机也会跟着变动,那反过来呢?经测试也是一样的。不管是容器挂载点发生变动还是宿主机对挂载目录进行操作,令一方都会跟着变动。
利用docker commit生成新镜像,然后docker run -it 运行新镜像,发现容器挂载目录下没有任何文件了。说明生成新镜像时,是不保存挂载文件的。
3.2从宿主机挂载volume(-v /host-path:/container-path)
将主机的文件或文件夹作为volume挂载时,可以用多个 -v标签为容器添加多个volume,还可以使用:ro指定该volume为只读。
注意:如果容器中指定的挂载目录存在相同的文件时,会被宿主机覆盖掉。
[root@i-r2irzkkd opt]# docker run -it --name vol-test02 -v /opt/wolf_01:/opt/wolf_01_01 -v /opt/wolf_02:/opt/wolf_02_02:ro test/mycentos:v1.0 /bin/bash
[root@83bddfe23ae7 /]# ls
anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@83bddfe23ae7 /]# ps
PID TTY TIME CMD
1 ? 00:00:00 bash
18 ? 00:00:00 ps
[root@83bddfe23ae7 /]# cd /opt
[root@83bddfe23ae7 opt]# ls
soft wolf_01_01 wolf_02_02
[root@83bddfe23ae7 opt]#
[root@i-r2irzkkd _data]# docker inspect vol-test02
[
{
"Id": "83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f",
"Created": "2016-09-06T12:03:17.087268257Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 10045,
"ExitCode": 0,
"Error": "",
"StartedAt": "2016-09-06T12:03:17.432836992Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:dc0b220a093b5b2dd2dc6072b633963acd7a266abaad88aa65c60412b91aca9b",
"ResolvConfPath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/hostname",
"HostsPath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/hosts",
"LogPath": "",
"Name": "/vol-test02",
"RestartCount": 0,
"Driver": "devicemapper",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/opt/wolf_01:/opt/wolf_01_01",
"/opt/wolf_02:/opt/wolf_02_02:ro"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"ShmSize": 67108864,
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"KernelMemory": 0,
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null
},
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "31",
"DeviceName": "docker-8:1-394772-28b0f04c044170a67f43d07bbcd44ff82629555f472bf0ee7a41e8272f76653f",
"DeviceSize": "10737418240"
}
},
"Mounts": [
{
"Source": "/opt/wolf_01",
"Destination": "/opt/wolf_01_01",
"Mode": "",
"RW": true,
"Propagation": "rslave"
},
{
"Source": "/opt/wolf_02",
"Destination": "/opt/wolf_02_02",
"Mode": "ro",
"RW": false,
"Propagation": "rslave"
}
],
"Config": {
"Hostname": "83bddfe23ae7",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": null,
"Cmd": [
"/bin/bash"
],
"Image": "test/mycentos:v1.0",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "983f607b7087ea5c373d76373a37ed2f430de655dd6f2eeb0b161939e66d56d1",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/983f607b7087",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "9b4b60c6ed0232008646dee4fe8323ea91de98c08afae6868c5c4463f14d1063",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2a34f10c505b5733fc74e7f3373b6c5e77d088f116e2b9645fe3df166677bc94",
"EndpointID": "9b4b60c6ed0232008646dee4fe8323ea91de98c08afae6868c5c4463f14d1063",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
[root@83bddfe23ae7 opt]# cd wolf_02_02/
[root@83bddfe23ae7 wolf_02_02]# ls
[root@83bddfe23ae7 wolf_02_02]# mkdir wolf
mkdir: cannot create directory 'wolf': Read-only file system
当在容器的vol-test-2上新建操作时,会提示只读.在宿主机上,2个挂载点新增,修改,删除操作都OK,
利用docker commit生成新镜像,然后docker run -it 运行新镜像,发现容器挂载目录下没有任何文件了。说明生成新镜像时,是不保存挂载文件的。
3.3使用Dockerfile添加volume
使用VOLUME指令向容器添加volume
VOLUME /data
多个时VOLUME ["/data1","/data2"]
这种情况和第一个中情况docker run -v /data是一样的。注意,dockerfile中使用volume是不能和第二种方法那样挂载宿主机中指定的文件夹。
这时为了保证Dockerfile的可移植性,因为不能保证所有的宿主机都有对应的文件夹。
需要注意的是,在Dockerfile中使用VOLUME指令后,如果尝试对这个volume进行修改,这些修改指令都不会生效,比如下面例子,尝试添加一个文件,并修改文件并改变文件所有权限
docker文件系统是分层的,最底层的为只读。
/var/lib/docker/graph 存放本地image的分层信息
/var/lib/docker/devicemapper/devicemapper/data 存储了image与container的二进制数据文件
/var/lib/docker/devicemapper/devicemapper/metadata 存储了相关元数据
graphdriver
driver:btrfs、vfs、aufs、devmapper
aufs driver是docker最早支持的driver,但是aufs只是linux内核的一个补丁集
device mapper是linux 2.6内核中提供的一种从逻辑设备到物理设备的映射框架机制,是lvm2的核心,支持块级别的copy a write特性。
vfs虚拟文件系统的最大缺陷是不支持copy a write特性,每层都是一个单独的目录,如果新增一个child,则需要父级层镜像文件一并复制到新目录。
btrfs非常快,采用了btrfs的文件系统的快照能力来实现layer分层功能,缺点是任然在进化中,还不够成熟,特别是大量的写操作的压力下。
目前,除少数版本如ubuntu,docker基本运行在devicemppper基础上。
写操作--device mapper--block---copy----block
写操作--aufs--file----复制到顶层--file
高频写文件操作----volume
实践:
第一种作法:
docker run --rm=true -it -v /wolf01 myjava /bin/bash
docker inspect 4e6688d6f89f
找到以下这段
"Mounts": [
{
"Name": "e6544cec6576c96ca0945ba2c776174aead29a6fd2cf171084a0df936aa0697c",
"Source": "/var/lib/docker/volumes/e6544cec6576c96ca0945ba2c776174aead29a6fd2cf171084a0df936aa0697c/_data",
"Destination": "/wolf01",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
]
把本机目录挂载到容器里
docker run --rm=true -it -v /storage:/wolf02 myjava /bin/bash
docker run --rm=true -it -v /zhangs:/wolf02 myjava /bin/bash
docker run --rm=true --privileged=true -it -v /zhangs:/wolf02 myjava /bin/bash
基于volume的互联,也可以 解决跨主机的共享问题
当然一些分布式文件系统也在这里可以用到:iscsi、nfs、ceph、分布式文件系统
可以多个容器指向一个volume,实现基于文件的共享访问。
基于数据容器的单主机互联 这才是容器目录的真正价值
docker run -it -v /wolf02 myjava /bin/bash
docker run -rm=true --privileged=true --volumes-from=id号 -it myjava /bin/bash
========================
1.什么是数据卷volume
为了了解什么是Docker Volume,首先我们需要明确Docker内的文件系统是如何工作的。
Docker镜像被存储在一系列的只读层。当我们开启一个容器,Docker读取只读镜像并添加一
个读写层在顶部。如果正在运行的容器修改了现有的文件,该文件将被拷贝出底层的只读层
到最顶层的读写层。在读写层中的旧版本文件隐藏于该文件之下,但并没有被不破坏 - 它
仍然存在于镜像以下。当Docker的容器被删除,然后重新启动镜像时,将开启一个没有任
何更改的新的容器 - 这些更改会丢失。此只读层及在顶部的读写层的组合被Docker称为
Union File System(联合文件系统)。
为了能够保存(持久)数据以及共享容器间的数据,Docker提出了Volumes的概念。很
简单,volumes是目录(或者文件),它们是外部默认的联合文件系统或者是存在于宿主文
件系统正常的目录和文件。
2.为什么使用数据卷volume
Docker的镜像是由一系列的只读层组合而来,当启动一个容器的时候,Docker加载镜像的所有只读层,
并在最上层加入一个读写层。这个设计使得Docker可以提高镜像构建、存储和分发的效率,节省了时
间和存储空间,然而也存在如下问题。
(1)容器中的文件在宿主机上存在形式复杂,不能在宿主机上很方便的对容器中的文件进行访问
(2)多个容器之间的数据无法共享
(3)当删除容器时,容器产生的数据将丢失
为了解决这些问题,Docker引入了数据卷(volume)机制。volume是存在一个或多个容器中的特
定文件或文件夹,这个目录能够独立于联合文件系统的形式在宿主机中存在,并为数据的共享与持久
提供一下便利。
(1)volume在容器创建时就初始化,在容器运行时就可以使用其中的文件
(2)volume能在不同的容器之间共享和重用
(3)对volume中的数据的操作会马上生效
(4)对volume中数据操作不会影响到镜像本身
(5)volume的生存周期独立于容器的生存周期,即使删除容器,volume仍然会存在,没有任何容器使用的volume也不会被Docker删除
3.如何使用数据卷
3.1 从容器挂载volume(-v /path)
在使用docker run创建新容器的时候,可以使用-v 标签为容器添加数据卷volume,以下用法是从容器中的某个文件夹创建volume,如果容器中指定的文件夹不存在,会自动生成。
[root@i-r2irzkkd ~]# docker run -it --name volume-wolf01 -v /opt/vol_data test/mycentos:v1.0 /bin/bash
[root@d0caf6d9211f /]# cd /opt
[root@d0caf6d9211f opt]# ls
soft vol_data
[root@d0caf6d9211f opt]#
在上面的概念中,有说道,宿主机应该会有一个文件夹绑定挂载到容器中的volume挂载点,那默认的宿主机上的文件夹在哪呢,使用docker inspect命令,查看下容器详情(CRT令起一个SSH终端)
[root@i-r2irzkkd ~]# docker inspect volume-wolf01
[
{
"Id": "d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c",
"Created": "2016-09-06T11:35:15.489656349Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 127,
"Error": "",
"StartedAt": "2016-09-06T11:35:15.845562672Z",
"FinishedAt": "2016-09-06T11:36:56.948274531Z"
},
"Image": "sha256:dc0b220a093b5b2dd2dc6072b633963acd7a266abaad88aa65c60412b91aca9b",
"ResolvConfPath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/hostname",
"HostsPath": "/var/lib/docker/containers/d0caf6d9211fa119c3fb791be45af37b9e2fe1cf8d73bb4b54a061e40838a83c/hosts",
"LogPath": "",
"Name": "/volume-wolf01",
"RestartCount": 0,
"Driver": "devicemapper",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": null,
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"ShmSize": 67108864,
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"KernelMemory": 0,
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null
},
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "29",
"DeviceName": "docker-8:1-394772-0b832a44768488bf28aeecc5d93401e4575160dd0ce56e50946714cd74dd963e",
"DeviceSize": "10737418240"
}
},
"Mounts": [
{
"Name": "ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652",
"Source": "/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data",
"Destination": "/opt/vol_data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
"Config": {
"Hostname": "d0caf6d9211f",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": null,
"Cmd": [
"/bin/bash"
],
"Image": "test/mycentos:v1.0",
"Volumes": {
"/opt/vol_data": {}
},
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "79ec4cb73940073acc3e4878d12a5f8a8c7b3d74aca36806a0a3c54e35c07fae",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": null,
"SandboxKey": "/var/run/docker/netns/79ec4cb73940",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2a34f10c505b5733fc74e7f3373b6c5e77d088f116e2b9645fe3df166677bc94",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": ""
}
}
}
}
]
[root@i-r2irzkkd ~]#
注意看Mounts节点(Docker的版本用的是1.10.3),数据卷的使用,类似于 Linux 下对目录或文件进行 mount。
"Mounts": [
{
"Name": "ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652",
"Source": "/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data",
"Destination": "/opt/vol_data",
"Driver": "local",
"Mode": "",
"RW": true,
"Propagation": ""
}
],
[root@i-r2irzkkd ~]# cd /var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data/
[root@i-r2irzkkd _data]# ls
[root@i-r2irzkkd _data]# pwd
/var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data
[root@i-r2irzkkd _data]#
当我们在容器的volume上操作时,宿主机上对应的文件是否也会跟着变动呢?
测试一下,在容器的volume上创建一个文件test.txt,然后查看宿主机是不是也会同步存在
容器里查看
[root@i-r2irzkkd _data]# touch wolf.txt
[root@i-r2irzkkd _data]# echo 'wolf'>wolf.txt
[root@i-r2irzkkd _data]# cat wolf.txt
wolf
宿主主机里查看
[root@i-r2irzkkd ~]# cd /var/lib/docker/volumes/ea4573efb8923c5eebe0a9faefd2dc305e13d5e15076c811a152d732a40c4652/_data/
[root@i-r2irzkkd _data]# ls
wolf.txt
[root@i-r2irzkkd _data]#
经测试,当容器上的volume有变动时,宿主机也会跟着变动,那反过来呢?经测试也是一样的。不管是容器挂载点发生变动还是宿主机对挂载目录进行操作,令一方都会跟着变动。
利用docker commit生成新镜像,然后docker run -it 运行新镜像,发现容器挂载目录下没有任何文件了。说明生成新镜像时,是不保存挂载文件的。
3.2从宿主机挂载volume(-v /host-path:/container-path)
将主机的文件或文件夹作为volume挂载时,可以用多个 -v标签为容器添加多个volume,还可以使用:ro指定该volume为只读。
注意:如果容器中指定的挂载目录存在相同的文件时,会被宿主机覆盖掉。
[root@i-r2irzkkd opt]# docker run -it --name vol-test02 -v /opt/wolf_01:/opt/wolf_01_01 -v /opt/wolf_02:/opt/wolf_02_02:ro test/mycentos:v1.0 /bin/bash
[root@83bddfe23ae7 /]# ls
anaconda-post.log bin dev etc home lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var
[root@83bddfe23ae7 /]# ps
PID TTY TIME CMD
1 ? 00:00:00 bash
18 ? 00:00:00 ps
[root@83bddfe23ae7 /]# cd /opt
[root@83bddfe23ae7 opt]# ls
soft wolf_01_01 wolf_02_02
[root@83bddfe23ae7 opt]#
[root@i-r2irzkkd _data]# docker inspect vol-test02
[
{
"Id": "83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f",
"Created": "2016-09-06T12:03:17.087268257Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 10045,
"ExitCode": 0,
"Error": "",
"StartedAt": "2016-09-06T12:03:17.432836992Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:dc0b220a093b5b2dd2dc6072b633963acd7a266abaad88aa65c60412b91aca9b",
"ResolvConfPath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/hostname",
"HostsPath": "/var/lib/docker/containers/83bddfe23ae7707730b6b9aa06984315748b6b6bea1fff6ac4cc95021a79301f/hosts",
"LogPath": "",
"Name": "/vol-test02",
"RestartCount": 0,
"Driver": "devicemapper",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/opt/wolf_01:/opt/wolf_01_01",
"/opt/wolf_02:/opt/wolf_02_02:ro"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "journald",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"ShmSize": 67108864,
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"KernelMemory": 0,
"Memory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": -1,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null
},
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "31",
"DeviceName": "docker-8:1-394772-28b0f04c044170a67f43d07bbcd44ff82629555f472bf0ee7a41e8272f76653f",
"DeviceSize": "10737418240"
}
},
"Mounts": [
{
"Source": "/opt/wolf_01",
"Destination": "/opt/wolf_01_01",
"Mode": "",
"RW": true,
"Propagation": "rslave"
},
{
"Source": "/opt/wolf_02",
"Destination": "/opt/wolf_02_02",
"Mode": "ro",
"RW": false,
"Propagation": "rslave"
}
],
"Config": {
"Hostname": "83bddfe23ae7",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": null,
"Cmd": [
"/bin/bash"
],
"Image": "test/mycentos:v1.0",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "983f607b7087ea5c373d76373a37ed2f430de655dd6f2eeb0b161939e66d56d1",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/983f607b7087",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "9b4b60c6ed0232008646dee4fe8323ea91de98c08afae6868c5c4463f14d1063",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "2a34f10c505b5733fc74e7f3373b6c5e77d088f116e2b9645fe3df166677bc94",
"EndpointID": "9b4b60c6ed0232008646dee4fe8323ea91de98c08afae6868c5c4463f14d1063",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02"
}
}
}
}
]
[root@83bddfe23ae7 opt]# cd wolf_02_02/
[root@83bddfe23ae7 wolf_02_02]# ls
[root@83bddfe23ae7 wolf_02_02]# mkdir wolf
mkdir: cannot create directory 'wolf': Read-only file system
当在容器的vol-test-2上新建操作时,会提示只读.在宿主机上,2个挂载点新增,修改,删除操作都OK,
利用docker commit生成新镜像,然后docker run -it 运行新镜像,发现容器挂载目录下没有任何文件了。说明生成新镜像时,是不保存挂载文件的。
3.3使用Dockerfile添加volume
使用VOLUME指令向容器添加volume
VOLUME /data
多个时VOLUME ["/data1","/data2"]
这种情况和第一个中情况docker run -v /data是一样的。注意,dockerfile中使用volume是不能和第二种方法那样挂载宿主机中指定的文件夹。
这时为了保证Dockerfile的可移植性,因为不能保证所有的宿主机都有对应的文件夹。
需要注意的是,在Dockerfile中使用VOLUME指令后,如果尝试对这个volume进行修改,这些修改指令都不会生效,比如下面例子,尝试添加一个文件,并修改文件并改变文件所有权限