Shulou(Shulou.com)06/01 Report--

This article is about how to manage container data in docker. Xiaobian thinks it is quite practical, so share it with everyone for reference. Let's follow Xiaobian and have a look.

There are two main ways to manage docker data.

Data volumes, and

Data volume containers.

The role of the data volume:

Data volumes

A data volume is a specially-designed directory within one or more containers that bypasses the Union File System to provide several useful features for persistent or shared data:

Data volumes can be shared and reused between containers

Changes to a data volume are made directly

Changes to a data volume will not be included when you update an image

Volumes persist until no containers use them

Substance: Isn't it just a catalogue?

Practice:

Use-v to add a data volume (i.e./webapp directory) to the container:

docker run -d -P --name web -v /webapp training/webapp python app.py

Enter the container to view (you need to install nsenter first, here I use the script):

root@docker:~# accessdockPlease input the specific container's name:webroot@831a05306ec7:/# lsbin dev home lib64 mnt proc run selinux sys usr webappboot etc lib media opt root sbin srv tmp varroot@831a05306ec7:/#

You can see that there is an additional webapp folder in the container root directory.

About usage in dockerfile (using VOLUME) identification:

You can also use the VOLUME instruction in a Dockerfile to add one or more new volumes to any container created from that image.

Use-v to mount the local directory into the container as a data volume (docker will create it automatically if the directory is not there):

PS: In my experiments, this command in the official manual causes the container to exit itself, but changing "/opt" to another directory will not cause problems:

docker run -d -P --name web -v /src/webapp:/opt/webapp training/webapp python app.py

See the effect:

root@docker:~# docker run -d -P --name web -v /src/webapp:/webapp training/webapp python app.py #":" preceded by local directory,":" followed by directory in container a1c6d9d20eb47a77e526d8b6f8af2926a253afd9112ec32480b5c060fceceff7root@docker:~# cd /src/webapp/root@docker:/src/webapp# lsroot@docker: /src/webapp#

My host didn't have the/src/webapp directory, but docker created it automatically.

Let's look at the container first:

root@docker:~# accessdock Please input the specific container's name:webroot@7d201fd35578:/# lsbin dev home lib64 mnt proc run selinux sys usr webappboot etc lib media opt root sbin srv tmp varroot@7d201fd35578:/# cd webapp/root@7d201fd35578:/webapp# touch hellproot@7d201fd35578:/webapp# lshellproot@7d201fd35578:/webapp# exitlogoutroot@docker:~# cd /src/webapp/root@docker:/src/webapp# lshellp

Through such experiments, you can learn about the shared nature of data volumes. Create files on the data volume inside the container that are also visible on the host.

By default, containers are readable and writable to this directory. If you want the container to have only read attributes for/src/webapp, use the following command:

docker run -d -P --name web -v /src/webapp:/webapp:ro training/webapp python app.py

Add a ":ro" to the container directory.

When I want to delete a hellp file from a container, the prompt reads only:

root@08fae41a534b:/webapp# rm hellprm: cannot remove `hellp': Read-only file system

Sharing volumes between containers:

In some cases where shared data needs to be provided for multiple containers, you can start a data volume container and mount data to it. This way, other containers attached to this data volume container can access the mounted data. Here, I start a data volume container and mount/var/data on the host. Start the other containers so they can access the shared volumes of the volume container.

Start Volume Container:

docker run -d -p 1000:5000 -v /var/data:/data --name data1 training/webapp python app.py

Start an additional container:

docker run -d -p 2000:5000 --volumes-from data1 --name data2 training/webapp python app.py

Here we use the--volumes-from identifier (specifying the volume container) to link it to data1, so we have the same/data directory in data2.

Verification:

root@docker:/var/data# mkdir testroot@docker:/var/data# touch test/helloroot@docker:/var/data# ls #Create something in the data volumeabc testroot@docker:/var/data# ls test/helloot @docker:/var/data# accessdockPlease input the specific container's name:data1root@9795da386459:/# cd /dataroot@9795da386459:/data# lsabc testroot@9795da386459:/data# cd test/root@9795da386459:/data/test# ls #helloroot@9795da386459:/data/test# root@9795da386459:/data/test# exitlogoutroot@docker:/var/data# accessdockPlease input the specific container's name:data2root@2b383ccacd05:/# cd data/root@2b383ccacd05:/data# lsabc testroot@2b383ccacd05:/data# cd test/root@2b383ccacd05:/data/test# ls #Hello can also be accessed on data2

When you delete the data1 container of a mounted volume, including the initialization data container, or subsequent containers, the volume will not be deleted until no containers use the volume. This allows you to upgrade, or migrate, valid data volumes between containers.

Thinking: I tried to put the executable file in a shared data volume, read-only. However, the file can still be executed in the container. I'm afraid this is where problems can arise in a production environment, and you have to restrict access, etc., to protect the host even if the container's operation poses a threat to the host. This issue must be taken seriously.

Thank you for reading! About "how to manage container data in docker" this article is shared here, I hope the above content can be of some help to everyone, so that everyone can learn more knowledge, if you think the article is good, you can share it to let more people see it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.