Docker容器数据卷
1.什么是Docker容器数据卷
卷就是目录或文件,存在于一个或多个容器中,由docker挂载到容器,但不属于联合文件系统,因此能够绕过Union File System提供一些用于持续存储或共享数据的特性
卷的设计目的就是数据的持久化,完全独立于容器的生存周期,因此Docker不会在容器删除时删除其挂载的数据卷
将docker容器内的数据保存进宿主机的磁盘中
运行一个带有容器卷存储功能的容器实例:
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录 镜像名
Docker挂载主机目录访问如果出现cannot open directory .: Permission denied
解决办法:在挂载目录后多加一个--privileged=true参数即可
默认情况,仓库被创建在容器的/var/lib/registry目录下,建议自行用容器卷映射,方便于宿主机联调
2.能做啥
将运用与运行的环境打包镜像,run后形成容器实例运行 ,但是我们对数据的要求希望是持久化的
Docker容器产生的数据,如果不备份,那么当容器实例删除后,容器内的数据自然也就没有了。
为了能保存数据在docker中我们使用卷。
特点:
1:数据卷可在容器之间共享或重用数据
2:卷中的更改可以直接实时生效
3:数据卷中的更改不会包含在镜像的更新中
4:数据卷的生命周期一直持续到没有容器使用它为止
3.数据卷案例
3.1 宿主vs容器之间映射添加容器卷
1.直接命令添加
docker run -it --privileged=true -v /tmp/host_data:/tmp/docker_data --name=ub01 ubuntu
[dark@EndeavourOS01 ~]$ ls /tmp/
checkup-db-1000 sddm-:0-wWicIi systemd-private-d7d5de65840f4bf081982322959ceaa1-systemd-timesyncd.service-CaeEWa
eos-FindAppIcon-issues.log sddm-auth2f4bec6d-f808-4816-bc6a-2e5449075493 systemd-private-d7d5de65840f4bf081982322959ceaa1-upower.service-UG6Paq
eos-update-notifier.log.iUzNbdpv systemd-private-d7d5de65840f4bf081982322959ceaa1-systemd-logind.service-OhPP1M vmware-root_580-2730496794
[dark@EndeavourOS01 ~]$ docker run -it --privileged=true -v /tmp/host_data:/tmp/docker_data --name=ub01 ubuntu
root@d6cf1b6c3332:/# ls /tmp/
docker_data
root@d6cf1b6c3332:/# ls /tmp/docker_data/
root@d6cf1b6c3332:/# touch /tmp/docker_data/test.txt
root@d6cf1b6c3332:/# ls /tmp/docker_data/
test.txt
root@d6cf1b6c3332:/# cat /tmp/docker_data/test.txt
root@d6cf1b6c3332:/# echo "hello docker" > /tmp/docker_data/test.txt
root@d6cf1b6c3332:/# cat /tmp/docker_data/test.txt
hello docker
root@d6cf1b6c3332:/#
主机另起终端
[dark@EndeavourOS01 ~]$ ls /tmp/
checkup-db-1000 host_data systemd-private-d7d5de65840f4bf081982322959ceaa1-systemd-logind.service-OhPP1M vmware-root_580-2730496794
eos-FindAppIcon-issues.log sddm-:0-wWicIi systemd-private-d7d5de65840f4bf081982322959ceaa1-systemd-timesyncd.service-CaeEWa
eos-update-notifier.log.iUzNbdpv sddm-auth2f4bec6d-f808-4816-bc6a-2e5449075493 systemd-private-d7d5de65840f4bf081982322959ceaa1-upower.service-UG6Paq
[dark@EndeavourOS01 ~]$ ls /tmp/host_data/
test.txt
[dark@EndeavourOS01 ~]$ cat /tmp/host_data/test.txt
hello docker
[dark@EndeavourOS01 ~]$
2.查看数据卷是否挂载成功
docker inspect 容器ID
[dark@EndeavourOS01 ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d6cf1b6c3332 ubuntu "bash" 15 minutes ago Up 15 minutes ub01
6873ff4a1873 redis "docker-entrypoint.s…" 8 hours ago Up 8 hours 6379/tcp interesting_beaver
[dark@EndeavourOS01 ~]$ docker inspect d6cf1b6c3332
[
{
"Id": "d6cf1b6c3332f42c6f139dc61be7ab7e48394530af7b711c885c16d93171421b",
"Created": "2022-05-08T11:29:21.810465454Z",
"Path": "bash",
"Args": [],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 9405,
"ExitCode": 0,
"Error": "",
"StartedAt": "2022-05-08T11:29:22.608051355Z",
"FinishedAt": "0001-01-01T00:00:00Z"
},
"Image": "sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1",
"ResolvConfPath": "/var/lib/docker/containers/d6cf1b6c3332f42c6f139dc61be7ab7e48394530af7b711c885c16d93171421b/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d6cf1b6c3332f42c6f139dc61be7ab7e48394530af7b711c885c16d93171421b/hostname",
"HostsPath": "/var/lib/docker/containers/d6cf1b6c3332f42c6f139dc61be7ab7e48394530af7b711c885c16d93171421b/hosts",
"LogPath": "/var/lib/docker/containers/d6cf1b6c3332f42c6f139dc61be7ab7e48394530af7b711c885c16d93171421b/d6cf1b6c3332f42c6f139dc61be7ab7e48394530af7b711c885c16d93171421b-json.log",
"Name": "/ub01",
"RestartCount": 0,
"Driver": "btrfs",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/tmp/host_data:/tmp/docker_data"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "default",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "private",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": true,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [
"label=disable"
],
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"KernelMemory": 0,
"KernelMemoryTCP": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": null,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": null,
"ReadonlyPaths": null
},
"GraphDriver": {
"Data": null,
"Name": "btrfs"
},
"Mounts": [
{
"Type": "bind",
"Source": "/tmp/host_data",
"Destination": "/tmp/docker_data",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "d6cf1b6c3332",
"Domainname": "",
"User": "",
"AttachStdin": true,
"AttachStdout": true,
"AttachStderr": true,
"Tty": true,
"OpenStdin": true,
"StdinOnce": true,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"bash"
],
"Image": "ubuntu",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "00a2d53c687c25ba4af87b9ec3d6285a0ce7092241a64383055b82a89b58ac5e",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/00a2d53c687c",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "3204966179b866b09122a779ae4fdd3824090b1edefdf66e1d0276b82fb9c0ac",
"Gateway": "172.17.0.1",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "02:42:ac:11:00:02",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "3c74bee0ac80741c4daed74965799258b9a2c077ab7306c773ec7bba4c3593bc",
"EndpointID": "3204966179b866b09122a779ae4fdd3824090b1edefdf66e1d0276b82fb9c0ac",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
}
]
[dark@EndeavourOS01 ~]$
翻看找到
"Mounts": [
{
"Type": "bind",
"Source": "/tmp/host_data",
"Destination": "/tmp/docker_data",
"Mode": "",
"RW": true,
"Propagation": "rprivate"
}
]
3.2 读写规则映射添加说明
1.读写(默认)
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录:rw 镜像名
默认同上案例,默认就是rw
2.只读
docker run -it --privileged=true -v /宿主机绝对路径目录:/容器内目录:ro 镜像名
容器实例内部被限制,只能读取不能写
/容器目录:ro 镜像名 就能完成功能,此时容器自己只能读取不能写
ro = read only
此时如果宿主机写入内容,可以同步给容器内,容器可以读取到。
3.3 卷的继承和共享
1.容器1完成和宿主机的映射
docker run -it --privileged=true -v /mydocker/u:/tmp --name u1 ubuntu
2.容器2继承容器1的卷规则
docker run -it --privileged=true --volumes-from 父类 --name u2 ubuntu
例如
docker run -it --privileged=true --volumes-from u1 --name u2 ubuntu
