为什么 docker/overlay2 显示为单独的挂载点?
Why does docker/overlay2 show up as a separate mountpoint?
我 运行 docker 在一台 RHEL7.9 机器上,我们希望托管网络服务和一些其他应用程序。
$ docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 22
Running: 22
Paused: 0
Stopped: 0
Images: 16
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux nvidia
Default Runtime: runc
Init Binary: docker-init
containerd version: 7eba5930496d9bbe375fdf71603e610ad737d2b2
runc version: v1.0.0-0-g84113ee
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.24.1.el7.x86_64
Operating System: Red Hat Enterprise Linux
OSType: linux
Architecture: x86_64
CPUs: 80
Total Memory: 503.3GiB
Name: <not relevant>
ID: <not relevant>
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: <not relevant>
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: true
作为安全协议的一部分,我在它自己的分区下有 /var/lib/docker。我在系统初始设置后执行此操作。
$ grep '/var/lib/docker\s' /proc/mounts
/dev/mapper/afsys-var_lib_docker /var/lib/docker xfs rw,seclabel,relatime,attr2,inode64,sunit=512,swidth=512,noquota 0 0
$ mountpoint -- "$(docker info -f '{{ .DockerRootDir }}')"
/var/lib/docker is a mountpoint
我不确定是否配置正确 - 特别是某些覆盖存储显示在文件系统上的单独挂载点中。我不确定这是预期的..还是分区的副产品 /var/lib/docker 在我们设置系统并且之前构建了 images/containers.
之后
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 263885104 0 263885104 0% /dev
tmpfs 263899860 0 263899860 0% /dev/shm
tmpfs 263899860 4181840 259718020 2% /run
tmpfs 263899860 0 263899860 0% /sys/fs/cgroup
/dev/mapper/sys-root 9763538944 135472276 9628066668 2% /
/dev/sdf1 972452 264664 707788 28% /boot
/dev/mapper/sys-maintenance 976087296 34336 976052960 1% /maintenance
/dev/mapper/sys-tmp 976087296 34472 976052824 1% /tmp
/dev/mapper/sys-var 976087296 54178732 921908564 6% /var
/dev/mapper/sys-var_lib_docker 524032000 62655660 461376340 12% /var/lib/docker
/dev/mapper/sys-var_log 976087296 2079404 974007892 1% /var/log
/dev/mapper/sys-var_log_audit 976087296 73968 976013328 1% /var/log/audit
/dev/mapper/sys-home 9763538944 36080988 9727457956 1% /home
tmpfs 52779976 0 52779976 0% /run/user/1001
tmpfs 52779976 0 52779976 0% /run/user/0
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/458fdb1acf9be0a10f3627ac8bffad5311542f6d66de976bed3f19b437f76d57/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/04015d24492d44b0b350a1b118904bbd620cb6554a4f10fb6000be1945b00e23/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/688ba6b06a96b2dbeb1602c91f36c69f4a2b55a731887c44b0d8ed496698099f/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6cafdb8e46dd04a2b0bcc9982906f83ec706d8fe7980b62a20fbb45c7439be74/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/7d715bcebb32eb144166a48289816b7aad3247aff9a6289e78552f349ad32293/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/50beb5caa2817b62388fffe73cc736dbb80ef5553d5b881f6393316b22d3d415/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/0b5ce085bf279805aa3fb04329d1ff6c96c0ea487a81db0f6c62619b0ef12eab/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/7386a81809e579aac138c1e0449a32f23063258f5c4131df676deeb26924e5bb/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/f180488020c76514e0c4cf3ec651e31ac6b712d71e3dd066996c810f5c44cae6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/e7aff65debb3b2200fe209b54e225419bf00f3d18e99caadde06249c67f70dce/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/3f5a54dae289b0169088e506229a5e75a54eb084a7e9eb7d191393bb0d922e1b/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/498b74db68c80bd88805bd4511c44c87624b00b53563250899fb821770a4c13c/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/e964f314751256feb5f0e2224d6306fabe500f4817bb5e2df2b9598f157032da/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/3ee10a1cb42e0028ef19072b878277f09c079440bdb9696d240ec7240aaf30f6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/fc39cf63c7f11715ba366aa363b0bbe311109396bbad579d64cb8a86636f11f6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/1dae92df5c219ca2fad777e8544101fce4c9d67da7004a1860ba3823b0e94f26/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/96450a2ec1c860f2b94d31347a8586a720bb72b4d75b30d716954f96bb3044a5/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/76a3e24abd07a441247d9ebd515c68001be8f146b1ed9d8e1ac9f03f290f6591/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6cdf52c19bf11696c84190e4be40cc25ea553621670f142400f782324bda6d9a/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/c26d05d70bbf4e09900fc02b9a94e96b23b89c118f6a4b8eb840e22d9e2de34d/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6426313243beafaa3059d43d7d6cb5c9954bdf9363012555dae59807657e58d5/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/24d8c3c58b23f68c820bd624c8a7ec4902219ede1acdbb1336b055045e5d3c25/merged
如果我误解了,请原谅我,但需要进行健全性检查 and/or 以获得有关如何最佳配置的建议,以便这些叠加层不会显示为单独的安装。
为什么 Docker 使用 overlayfs
Docker容器由多层组成。 Docker 需要能够有效地组合层,并有效地添加和删除这些层。为了组合这些层,Docker 使用存储驱动程序,例如 overlayfs 或 aufs。
这些文件系统算作挂载,因此它们出现在 mount 或 df 等工具中。
I have /var/lib/docker under it's own partition as part of security protocol. I did this after initial setup of the system.
我相信 Docker 支持这一点。我看不出为什么这行不通。我能想到的唯一警告是,如果您在创建此分区之前有容器,那么挂载该分区会隐藏这些容器,因此无法访问在创建分区之前创建的任何容器。
从 df 中排除覆盖
如果你想避免在 df 的输出中看到这些,你可以使用这个命令:
df -x overlay
我 运行 docker 在一台 RHEL7.9 机器上,我们希望托管网络服务和一些其他应用程序。
$ docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 22
Running: 22
Paused: 0
Stopped: 0
Images: 16
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux nvidia
Default Runtime: runc
Init Binary: docker-init
containerd version: 7eba5930496d9bbe375fdf71603e610ad737d2b2
runc version: v1.0.0-0-g84113ee
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.24.1.el7.x86_64
Operating System: Red Hat Enterprise Linux
OSType: linux
Architecture: x86_64
CPUs: 80
Total Memory: 503.3GiB
Name: <not relevant>
ID: <not relevant>
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: <not relevant>
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: true
作为安全协议的一部分,我在它自己的分区下有 /var/lib/docker。我在系统初始设置后执行此操作。
$ grep '/var/lib/docker\s' /proc/mounts
/dev/mapper/afsys-var_lib_docker /var/lib/docker xfs rw,seclabel,relatime,attr2,inode64,sunit=512,swidth=512,noquota 0 0
$ mountpoint -- "$(docker info -f '{{ .DockerRootDir }}')"
/var/lib/docker is a mountpoint
我不确定是否配置正确 - 特别是某些覆盖存储显示在文件系统上的单独挂载点中。我不确定这是预期的..还是分区的副产品 /var/lib/docker 在我们设置系统并且之前构建了 images/containers.
之后$ df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 263885104 0 263885104 0% /dev
tmpfs 263899860 0 263899860 0% /dev/shm
tmpfs 263899860 4181840 259718020 2% /run
tmpfs 263899860 0 263899860 0% /sys/fs/cgroup
/dev/mapper/sys-root 9763538944 135472276 9628066668 2% /
/dev/sdf1 972452 264664 707788 28% /boot
/dev/mapper/sys-maintenance 976087296 34336 976052960 1% /maintenance
/dev/mapper/sys-tmp 976087296 34472 976052824 1% /tmp
/dev/mapper/sys-var 976087296 54178732 921908564 6% /var
/dev/mapper/sys-var_lib_docker 524032000 62655660 461376340 12% /var/lib/docker
/dev/mapper/sys-var_log 976087296 2079404 974007892 1% /var/log
/dev/mapper/sys-var_log_audit 976087296 73968 976013328 1% /var/log/audit
/dev/mapper/sys-home 9763538944 36080988 9727457956 1% /home
tmpfs 52779976 0 52779976 0% /run/user/1001
tmpfs 52779976 0 52779976 0% /run/user/0
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/458fdb1acf9be0a10f3627ac8bffad5311542f6d66de976bed3f19b437f76d57/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/04015d24492d44b0b350a1b118904bbd620cb6554a4f10fb6000be1945b00e23/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/688ba6b06a96b2dbeb1602c91f36c69f4a2b55a731887c44b0d8ed496698099f/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6cafdb8e46dd04a2b0bcc9982906f83ec706d8fe7980b62a20fbb45c7439be74/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/7d715bcebb32eb144166a48289816b7aad3247aff9a6289e78552f349ad32293/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/50beb5caa2817b62388fffe73cc736dbb80ef5553d5b881f6393316b22d3d415/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/0b5ce085bf279805aa3fb04329d1ff6c96c0ea487a81db0f6c62619b0ef12eab/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/7386a81809e579aac138c1e0449a32f23063258f5c4131df676deeb26924e5bb/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/f180488020c76514e0c4cf3ec651e31ac6b712d71e3dd066996c810f5c44cae6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/e7aff65debb3b2200fe209b54e225419bf00f3d18e99caadde06249c67f70dce/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/3f5a54dae289b0169088e506229a5e75a54eb084a7e9eb7d191393bb0d922e1b/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/498b74db68c80bd88805bd4511c44c87624b00b53563250899fb821770a4c13c/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/e964f314751256feb5f0e2224d6306fabe500f4817bb5e2df2b9598f157032da/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/3ee10a1cb42e0028ef19072b878277f09c079440bdb9696d240ec7240aaf30f6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/fc39cf63c7f11715ba366aa363b0bbe311109396bbad579d64cb8a86636f11f6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/1dae92df5c219ca2fad777e8544101fce4c9d67da7004a1860ba3823b0e94f26/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/96450a2ec1c860f2b94d31347a8586a720bb72b4d75b30d716954f96bb3044a5/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/76a3e24abd07a441247d9ebd515c68001be8f146b1ed9d8e1ac9f03f290f6591/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6cdf52c19bf11696c84190e4be40cc25ea553621670f142400f782324bda6d9a/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/c26d05d70bbf4e09900fc02b9a94e96b23b89c118f6a4b8eb840e22d9e2de34d/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6426313243beafaa3059d43d7d6cb5c9954bdf9363012555dae59807657e58d5/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/24d8c3c58b23f68c820bd624c8a7ec4902219ede1acdbb1336b055045e5d3c25/merged
如果我误解了,请原谅我,但需要进行健全性检查 and/or 以获得有关如何最佳配置的建议,以便这些叠加层不会显示为单独的安装。
为什么 Docker 使用 overlayfs
Docker容器由多层组成。 Docker 需要能够有效地组合层,并有效地添加和删除这些层。为了组合这些层,Docker 使用存储驱动程序,例如 overlayfs 或 aufs。
这些文件系统算作挂载,因此它们出现在 mount 或 df 等工具中。
I have /var/lib/docker under it's own partition as part of security protocol. I did this after initial setup of the system.
我相信 Docker 支持这一点。我看不出为什么这行不通。我能想到的唯一警告是,如果您在创建此分区之前有容器,那么挂载该分区会隐藏这些容器,因此无法访问在创建分区之前创建的任何容器。
从 df 中排除覆盖
如果你想避免在 df 的输出中看到这些,你可以使用这个命令:
df -x overlay