Docker--数据持久化

Docker持久化方式从官方文档中看有三种
https://docs.docker.com/storage/

image.png

An easy way to visualize the difference among volumes, bind mounts, and tmpfs mounts is to think about where the data lives on the Docker host.

• Volumes are stored in a part of the host filesystem which is managed by Docker (/var/lib/docker/volumes/ on Linux). Non-Docker processes should not modify this part of the filesystem. Volumes are the best way to persist data in Docker.
• Bind mounts may be stored anywhere on the host system. They may even be important system files or directories. Non-Docker processes on the Docker host or a Docker container can modify them at any time.
• tmpfs mounts are stored in the host system’s memory only, and are never written to the host system’s filesystem.

一、volume

1.1 一些细节说明

1、可以显式的用docker volume create命令创建volume，或者在容器创建时docker会自动创建，前提是要在Dockerfile中申明挂volume
2、挂载的volume由docker管理，独立于宿主机
3、一个volume可以挂载给多个容器，当没有正在运行的容器时，该volume依旧存在，除非显式删除
4、挂载volume时可以写出路径也可以不用，不写的话docker会随机分配一个
5、volumes可以使用volume driver，可以将数据存放在云磁盘中或远程宿主机中

Created and managed by Docker. You can create a volume explicitly using the docker volume create command, or Docker can create a volume during container or service creation.

When you create a volume, it is stored within a directory on the Docker host. When you mount the volume into a container, this directory is what is mounted into the container. This is similar to the way that bind mounts work, except that volumes are managed by Docker and are isolated from the core functionality of the host machine.

A given volume can be mounted into multiple containers simultaneously. When no running container is using a volume, the volume is still available to Docker and is not removed automatically. You can remove unused volumes using docker volume prune.

When you mount a volume, it may be named or anonymous. Anonymous volumes are not given an explicit name when they are first mounted into a container, so Docker gives them a random name that is guaranteed to be unique within a given Docker host. Besides the name, named and anonymous volumes behave in the same ways.

Volumes also support the use of volume drivers, which allow you to store your data on remote hosts or cloud providers, among other possibilities.

1.2 挂载方法

Bind mounts and volumes can both be mounted into containers using the -v or --volume flag, but the syntax for each is slightly different. For tmpfs mounts, you can use the --tmpfs flag. We recommend using the --mount flag for both containers and services, for bind mounts, volumes, or tmpfs mounts, as the syntax is more clear.

-v和mount

In general, --mount is more explicit and verbose. The biggest difference is that the -v syntax combines all the options together in one field, while the --mount syntax separates them. Here is a comparison of the syntax for each flag.
If you need to specify volume driver options, you must use --mount.

image.png

通常--mount方式更加显示但很冗余，-v是把所有的选项放在一个字段中，而--mount则分开声明
-v：

source:destination:ro
对于匿名卷，第一个字段可忽略；第三个字段是可选的

mount

key
type
source
destination
readonly
volume-opt

1.3 创建volume，使用和删除

1.3.1直接创建添加

容器和宿主机之间数据是共享的

可以主动创volume

docker volume create my-vol

列出所创volume

docker volume ls
local               my-vol

查看详细信息

$ docker volume inspect my-vol
[
    {
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/my-vol/_data",
        "Name": "my-vol",
        "Options": {},
        "Scope": "local"
    }
]

删除volume

$ docker volume rm my-vol

如果启动容器使用没创建的volume，Docker会帮你创建
使用-v或--mount声明volume

$ docker run -d \
  --name devtest \
  -v myvol2:/app \
  nginx:latest

$ docker run -d \
  --name devtest \
  --mount source=myvol2,target=/app \
  nginx:latest

使用docker inspect devtest确认volume被创建并挂载正确

"Mounts": [
    {
        "Type": "volume",
        "Name": "myvol2",
        "Source": "/var/lib/docker/volumes/myvol2/_data",
        "Destination": "/app",
        "Driver": "local",
        "Mode": "",
        "RW": true,
        "Propagation": ""
    }
],

停止容器，删除volume

$ docker container stop devtest

$ docker container rm devtest

$ docker volume rm myvol2

删除匿名volume
为了自动删除匿名volume，使用--rm命令。如下示例会创建匿名/foo volume，当容器删除时，Docker引擎会自动删除/foo但不会删awesomevolume

$ docker run --rm -v /foo -v awesome:/bar busybox top

删除所有未使用的volumes释放空间

$ docker volume prune

1.3.2 Dockerfile方式添加

可在Dockerfile中使用VOLUME指令来给镜像添加一个或多个数据卷（匿名方式声明volume）

VOLUME["/dataVolumeContainer","/dataVolumeContainer2","/dataVolumeContainer3"]

先拉取个centos镜像，用该镜像我们封装下，做个挂载卷测试

# volume test
FROM centos
VOLUME ["/dataVolumeContainer1","/dataVolumeContainer2"]
CMD echo "finished,--------success1"
CMD /bin/bash

Docker挂载主机目录Docker访问出现cannot open directory .: Permission denied
解决办法：在挂载目录后多加一个--privileged=true参数即可

1.4 容器间数据共享（--volume-from）

容器之间配置信息的传递，数据卷的生命周期一直持续到没有容器使用它为止；可用于备份恢复

备份数据
启动一个容器挂载volume

$ docker run -v /dbdata --name dbstore ubuntu /bin/bash

启动另一个容器继承自另一个容器

$ docker run --rm --volumes-from dbstore -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata

恢复数据

$ docker run -v /dbdata --name dbstore2 ubuntu /bin/bash

$ docker run --rm --volumes-from dbstore2 -v $(pwd):/backup ubuntu bash -c "cd /dbdata && tar xvf /backup/backup.tar --strip 1"

1.5 何时使用volume方式

Volumes are the preferred way to persist data in Docker containers and services. Some use cases for volumes include:

Sharing data among multiple running containers. If you don’t explicitly create it, a volume is created the first time it is mounted into a container. When that container stops or is removed, the volume still exists. Multiple containers can mount the same volume simultaneously, either read-write or read-only. Volumes are only removed when you explicitly remove them.

When the Docker host is not guaranteed to have a given directory or file structure. Volumes help you decouple the configuration of the Docker host from the container runtime.

When you want to store your container’s data on a remote host or a cloud provider, rather than locally.

When you need to back up, restore, or migrate data from one Docker host to another, volumes are a better choice. You can stop containers using the volume, then back up the volume’s directory (such as /var/lib/docker/volumes/).

When your application requires high-performance I/O on Docker Desktop. Volumes are stored in the Linux VM rather than the host, which means that the reads and writes have much lower latency and higher throughput.

When your application requires fully native file system behavior on Docker Desktop. For example, a database engine requires precise control over disk flushing to guarantee transaction durability. Volumes are stored in the Linux VM and can make these guarantees, whereas bind mounts are remoted to macOS or Windows, where the file systems behave slightly differently.

1.6 注意事项

If you use either bind mounts or volumes, keep the following in mind:

If you mount an empty volume into a directory in the container in which files or directories exist, these files or directories are propagated (copied) into the volume. Similarly, if you start a container and specify a volume which does not already exist, an empty volume is created for you. This is a good way to pre-populate data that another container needs.

If you mount a bind mount or non-empty volume into a directory in the container in which some files or directories exist, these files or directories are obscured by the mount, just as if you saved files into /mnt on a Linux host and then mounted a USB drive into /mnt. The contents of /mnt would be obscured by the contents of the USB drive until the USB drive were unmounted. The obscured files are not removed or altered, but are not accessible while the bind mount or volume is mounted.

二、bind mount

Available since the early days of Docker. Bind mounts have limited functionality compared to volumes. When you use a bind mount, a file or directory on the host machine is mounted into a container. The file or directory is referenced by its full path on the host machine. The file or directory does not need to exist on the Docker host already. It is created on demand if it does not yet exist. Bind mounts are very performant, but they rely on the host machine’s filesystem having a specific directory structure available. If you are developing new Docker applications, consider using named volumes instead. You can’t use Docker CLI commands to directly manage bind mounts.

三、mpfs

A tmpfs mount is not persisted on disk, either on the Docker host or within a container. It can be used by a container during the lifetime of the container, to store non-persistent state or sensitive information. For instance, internally, swarm services use tmpfs mounts to mount secrets into a service’s containers.