Docker/Volumes
From charlesreid1
Contents
Basics
Working Directory
First, we can set the working directory when we run a container by using the -w flag:
$ docker run -w /path/to/dir/ -i -t ubuntu pwd
This starts a new ubuntu image called pwd with the current working directory (when it starts up) set to /path/to/dir
.
Setting Disk Space
We can set the amount of storage for the docker container using --storage-opt flag:
$ docker run -it --storage-opt size=120G fedora /bin/bash
This starts a fedora image with a bash shell, and uses 120 gb for the container.
Mounting Host Folders
Can mount folders on the host machine to drives in the docker machine using the -v flag when calling docker run.
See docker run docs for details: https://docs.docker.com/engine/reference/run/
$ docker run \ -v /host/path:/container/path:options
For example, this will mount the current directory to the same location inside the docker container, and set that location as the working directory for the new image:
$ docker run \ -v `pwd`:`pwd` \ -w `pwd` \ -i -t ubuntu pwd
This starts a docker container with the name "pwd", and mounts the current working directory (say, /home/someone/docker
) to the same path in the docker image /home/someone/docker
. It then sets the working directory to that directory.
Making Container Filesystem Read-Only
Read only control can be set on volumes as well: --read-only
flag. This flag makes the entire contents of the container's root filesystem read-only, except for volumes mounted with the -v
flag. To illustrate:
$ # this will not work, because /canttouchthis is part of the container's root filesystem $ docker run -t --read-only -v /icanwrite busybox touch /canttouchthis touch: /canttouchthis: Read-only file system $ # this will work, because /icanwrite is mounted with -v and is not read-only $ docker run --read-only -v /icanwrite busybox touch /icanwrite/here $ # no error, no poblem!
Making Host Directories Read-Only
To mount a host directory on the container's filesystem, you can use the -v
flag. To mount a host directory as read-only on the container's filesystem, add :ro
to the end of the flag:
$ docker run -v <host path>:/<container path>:ro ...
For example:
$ docker run -v /home/someone/scripts:/scripts:ro -it ubuntu root@a53d902e433b:/# root@a53d902e433b:/# touch /scripts/file touch: cannot touch '/scripts/file': Read-only file system
Volumes with Data
There are a few options to getting data in and out of a Docker container.
The first is to use a Data Volume, a volume specifically designed to be persistent and shareaable within containers.
The second is to use the host filesystem, mounting host directories inside the containers.
The first approach scales better; the second is good for one-off Docker container solutions.
Making a New Data Volume
A data volume is a specially-designated directory within one or more containers that bypasses the Union File System to provide several useful features for persistent or shared data:
- Data volumes can be shared and reused between containers
- Changes to a data volume are made directly
- Changes to a data volume will not be included when you update an image
Data volumes provide a way to make data persistent and shuttle data in and out of your docker.
To create a data volume, you use the -v
flag and specify the location:
$ docker run -v /mydata --name mydata_demo python hello_files.py
This would spin up a Python docker container that runs hello_files.py with a filesystem at /mydata
.
Mounting a Data Volume Container
This is the optimal solution - it applies the concept of the container to data, the nouns of software, instead of just to actions or verbs.
Here is an example: let's say you want to share some data between a whole bunch of ubuntu machines. Start by creating a new ubuntu machine with a persistent data volume at /data
, and create some data there (we'll add a flag):
$ docker run -v /data --name ctf -it ubuntu root@b426841907f7:/# echo $SHELL /bin/bash root@b426841907f7:/# echo "The flag is 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed" > /data/flag.txt root@b426841907f7:/# exit
Now we can create other ubuntu docker containers and mount the /data
directory in those containers:
$ docker run --volumes-from ctf --name ctfclone1 -it ubuntu root@5bc1c9f61aec:/# cat /data/flag.txt The flag is 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed root@5bc1c9f61aec:/# $ docker run --volumes-from ctf --name ctfclone2 -it ubuntu root@e2072bdf7926:/# cat /data/flag.txt The flag is 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed root@e2072bdf7926:/#
etc...
Using Host Directory for Data
Another method for getting data into and out of your docker container, which does not scale as well, is to mount a host directory inside the docker container. Note that this will give the container FULL read/write access to the ACTUAL directory, it does not create a copy.
Mount a host directory containing data in the host machine (full read/write access):
$ docker run -v /home/someone/data:/data -it ubuntu
Mount a host directory containing data in the host machine as READ ONLY:
$ docker run -v /home/someone/data:/data:ro -it ubuntu
Patterns
This section covers some patterns for organizing files so that you can move things in and out from containers, while also keeping in line with the philosophy behind docker containers, which is that they should be stateless.
Flags
docker notes on the virtual microservice container platform
Installing the docker platform: Docker/Installing Docker Hello World: Docker/Hello World
Creating Docker Containers: Getting docker containers from docker hub: Docker/Dockerhub Creating docker containers with dockerfiles: Docker/Dockerfiles Managing Dockerfiles using git: Docker/Dockerfiles/Git Setting up Python virtualenv in container: Docker/Virtualenv
Running docker containers: Docker/Basics Dealing with volumes in Docker images: Docker/Volumes Removing Docker images: Docker/Removing Images Rsync Docker Container: Docker/Rsync
Networking with Docker Containers:
|
docker pods pods are groups of docker containers that travel together
Docker pods are collections of Docker containers that are intended to run in concert for various applications.
Wireless Sensor Data Acquisition Pod The wireless sensor data acquisition pod deploys containers This pod uses the following technologies: Stunnel · Rsync · Apache · MongoDB · Python · Jupyter (numerical Python stack)
Deep Learning Pod This pod utilizes the following technologies: Python · Sklearn · Jupyter (numerical Python stack) · Keras · TensorFlow
|