[Reprint] In-depth understanding of Docker volume

Original: http://dockerone.com/article/128

The deployment and management of a large number of data files (such as MySQL database files) is a less-than-easy issue in the cloud platform area, and there are a number of factors that need to be considered, such as network bandwidth, such as the disk IO speed limit, such as bandwidth control across the room, for example, compared to packages. The volume concept of docker separates programs and data to achieve the purpose of on-demand management. This article explains the usage and usage scenarios of Docker volume.

In-depth understanding of Docker Volume (i) "Editor's words" This article mainly introduces the principle of Docker Volume and how to use it, which is an extension of the Docker starter tutorial. The author introduces the working principle of volume from the data sharing, data container, backup, permission and delete Volume Five, and helps the reader to understand volume from the actual combat.

From the Docker IRC channel and StackOverflow, many people don't quite understand how Docker volume works. In this article, I'll try my best to explain how volume works, and show some of the greatest practices. This article is intended for Docker users who do not know about volume, and certainly experienced users can learn some of the volume details in this article.

If you want to learn about Docker Volume, first we need to know how Docker's file system works. Docker images are overlaid by multiple file systems (read-only layers). When we start a container, Docker loads the read-only mirror layer and adds a read-write layer on top of it (the translator's note: Mirror stack). If a running container modifies an existing file that already exists, it is copied from the read-only layer below the read-write layer to the read-write layer, and the read-only version of the file still exists, but is hidden by a copy of the file in the read-write layer. When you delete a Docker container and restart it through the mirror, the previous changes are lost. In Docker, the combination of read-only and top-level read-write layers is called the Union file System (federated filesystem).

To be able to save (persist) data and share data between containers, Docker presents the concept of volume. Simply put, volume is a directory or file that bypasses the default federated file system and is present on the host in the form of a normal file or directory.

There are two ways to initialize volume, and there are some small and important differences between the two ways. We can use it at run time -vTo declare Volume:

$ docker run-it--name container-test-h container-v/data debian/bin/bash[email protected]:/# ls/data[email protected ]:/#

The above command will /dataMount to the container and bypass the federated file system, we can manipulate the directory directly on the host. Any in this image /dataThe path of the file will be copied to volume. We can use docker inspectcommand to find the location where the volume is stored on the host:

$ docker inspect-f {{. Volumes}} container-test

You will see a similar output:

MAP[/DATA:/VAR/LIB/DOCKER/VFS/DIR/CDE167197CCC3E138A14F1A4F...B32CEC92E79059437A9]

This shows that Docker is putting /var/lib/dockeris attached to a directory in the container. /dataDirectory. Let's add files from the host to this folder:

$ sudo touch/var/lib/docker/vfs/dir/cde167197ccc3e13814f...b32ce9059437a9/test-file

into our container you can see:

$ [Email protected]:/# ls/datatest-file

As long as the directory of the host is attached to the directory of the container, the change takes effect immediately. We can use the dockerfile in the VOLUMEdirectives to achieve the same purpose:

From Debian:wheezyvolume/data

But there's another thing that's only -vParameters can be done and dockerfile is not the thing is to mount the specified host directory on the container. For example:

$ docker run-v/home/adrian/data:/data Debian Ls/data

The command will mount the host's /home/adrian/dataDirectory to the inside of the container /dataThe directory. Any in /home/adrian/dataThe files for the directory will appear inside the container. This is useful for sharing files between hosts and containers, such as mounting source code that needs to be compiled. To ensure portability (not all of the system's host directories are available), the Mount host directory does not need to be specified from Dockerfile. When using -vparameter, any files under the mirror directory are not copied to volume. (Translator Note: Volume will be copied to the mirror directory, the image will not be copied to the volume)
Data sharing if you want to authorize a container to access the volume of another container, we can use the -volumes-fromParameters to perform docker run。

$ docker run-it-h newcontainer--volumes-from container-test debian/bin/bash[email protected]:/# Ls/datatest-file[emai L protected]:/#

It is important to note that it works regardless of whether the container-test is running. As long as the container is connected to the volume, it will not be deleted.
A common usage scenario for data containers is to use a pure data container to persist databases, configuration files, or data files. The official documentation is explained in detail. For example:

$ docker Run--name dbdata postgres echo "Data-only container for Postgres"

The command will create a postgres image containing the volume already defined in the Dockerfile, running echoCommand and then exit. When we run docker psCommand, echoCan help us identify the purpose of an image. We can use -volumes-fromcommand to volume of other containers:

$ docker run-d--volumes-from dbdata--name db1 postgres

Two points of note using the data container:

• Do not run the data container, which is purely a waste of resources.
• Do not use "minimal mirroring" for data containers, such as busybox or scratch , use only database mirroring itself. You already have the image, so you don't need to take up extra space.

Backup if you're using a data container, that's pretty easy to do:

$ docker Run--RM--volumes-from dbdata-v $ (PWD):/backup Debian tar cvf/backup/backup.tar/var/lib/postgresql/data

The example should compress everything in volume into a tar package (the official Postgres Dockerfile defines a volume in the/var/lib/postgresql/data directory)
Permissions and licensing typically you need to set volume permissions or initialize some default data or configuration files for volume. The key point to note is that the Dockerfile VOLUMEAny thing after the instruction cannot change the volume, for example:

From Debian:wheezyrun useradd foovolume/datarun touch/data/xrun chown-r foo:foo/data

The Docker file runs as expected, and we would have liked to touchThe command runs on the mirrored file system, but in fact it runs on the volume of a temporary container. As shown below:

From Debian:wheezyrun useradd foorun mkdir/data && touch/data/xrun chown-r foo:foo/datavolume/data

Docker can mount the files under volume in the Mirror to volume and set the correct permissions. This behavior does not occur if you specify the host directory for volume.

If you don't pass RUNcommand to set permissions, you need to use it when the container starts CMDOr ENTRYPOINTInstruction to execute (Translator Note: The cmd command is used to specify the commands to run when a container starts, similar to run, except that run is the command to run when the image is built).
Deleting volumes This feature may be more important if you have already used docker rmTo remove your container, there may be a lot of isolated volume still occupying space.

Volume can only be deleted if the following conditions are available:

• The container can be docker rm －v removed and no other container is connected to the volume (and the host directory is also not specified as volume). Attention, -v is essential.
• docker runUse rm parameters in

Unless you are already very careful, always run the container like this, otherwise you will be in /var/lib/docker/vfs/dirDirectory to get some zombie files and directories, and it's not easy to say what they represent.

Read more about the following resources explore the volumes mechanism in more depth:

• Crazy Docker's Pure data container
• Deep Docker:volumes (translated)
• Container Data Management

In addition, we can expect more tools to deal with volumes in the near future:

• Docker offers #8484

[Reprint] In-depth understanding of Docker volume