共计 7203 个字符,预计需要花费 19 分钟才能阅读完成。
版本信息
ubuntu:Ubuntu 22.04.1 LTS
docker:23.0.1
状况阐明
想起之前接过的一个单,需要是须要用 docker 的 –storage-opt 参数束缚但个容器文件系统所占空间的最大值,原本认为是送钱的,后果操作起来还遇到点小坑。
首先查看官网介绍理解这个参数的一些个性,发现必须应用 xfs 文件系统能力反对,且对驱动有肯定要求,这些要求曾经满足了。应用 df -hT 能够看到文件系统类型,docker info 能够看到 Storage-Driver 驱动。
开始操作
间接在创立容器的时候增加 –storage-opt 测试
root@ubuntu-01:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest bab98d58e29e 8 days ago 4.86MB
root@ubuntu-01:~# docker run -it --storage-opt size=1G busybox /bin/sh
docker: Error response from daemon: --storage-opt is supported only for overlay over xfs with 'pquota' mount option.
See 'docker run --help'. 现会有报错,提醒 –storage-opt 只反对笼罩在 xfs 与 ’pquota’ 挂载选项。
留神此时的容器文件系统所在位置为根分区,同时客户的服务器也只有一个盘。。。
应用 mount 命令从新挂载根分区,查看挂载参数发现并没有附加 quota 参数
root@ubuntu-01:~# mount -o remount,pquota /
root@ubuntu-01:~# cat /proc/mounts /
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,nosuid,relatime,size=1953592k,nr_inodes=488398,mode=755,inode64 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0
/dev/sda2 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,inode64 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,inode64 0 0
cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
bpf /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=19319 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0
mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0
tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0
fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0
configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0
none /run/credentials/systemd-sysusers.service ramfs ro,nosuid,nodev,noexec,relatime,mode=700 0 0
/dev/loop0 /snap/core20/1587 squashfs ro,nodev,relatime,errors=continue 0 0
/dev/loop1 /snap/lxd/22923 squashfs ro,nodev,relatime,errors=continue 0 0
tmpfs /run/snapd/ns tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0
tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=401988k,nr_inodes=100497,mode=700,inode64 0 0
/dev/loop3 /snap/snapd/18357 squashfs ro,nodev,relatime,errors=continue 0 0
binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime 0 0
/dev/loop4 /snap/core20/1828 squashfs ro,nodev,relatime,errors=continue 0 0
/dev/loop5 /snap/lxd/24322 squashfs ro,nodev,relatime,errors=continue 0 0
nsfs /run/snapd/ns/lxd.mnt nsfs rw 0 0之后去批改 fstab 文件,批改实现后才重启零碎。
root@ubuntu-01:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sda2 during curtin installation
/dev/disk/by-uuid/90ba0f1d-1852-4315-a75e-692dbd858370 / xfs defaults,pquota 0 0发现其实并没啥用
root@ubuntu-01:~# cat /proc/mounts /
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,nosuid,relatime,size=1953596k,nr_inodes=488399,mode=755,inode64 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0
/dev/sda2 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,inode64 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,inode64 0 0
cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
bpf /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=23639 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0
mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0
tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0
fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0
configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0
none /run/credentials/systemd-sysusers.service ramfs ro,nosuid,nodev,noexec,relatime,mode=700 0 0
/dev/loop0 /snap/core20/1587 squashfs ro,nodev,relatime,errors=continue 0 0
/dev/loop1 /snap/lxd/24322 squashfs ro,nodev,relatime,errors=continue 0 0
/dev/loop2 /snap/core20/1828 squashfs ro,nodev,relatime,errors=continue 0 0
/dev/loop4 /snap/snapd/18357 squashfs ro,nodev,relatime,errors=continue 0 0
/dev/loop3 /snap/lxd/22923 squashfs ro,nodev,relatime,errors=continue 0 0
binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /run/snapd/ns tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0
nsfs /run/snapd/ns/lxd.mnt nsfs rw 0 0
tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=401988k,nr_inodes=100497,mode=700,inode64 0 0在启动容器的时候仍然会报错
root@ubuntu-01:~# docker run -it --storage-opt size=1G busybox /bin/sh
docker: Error response from daemon: --storage-opt is supported only for overlay over xfs with 'pquota' mount option.
See 'docker run --help' 最初通过查找材料,参考 https://support.circleci.com/hc/en-us/articles/7060937560859-… 找到了解决方案。之前的办法如果是设置的非零碎的根分区应该是能够失效的,如果是零碎根分区不晓得为啥就没失效,具体也没认真查。
依照文档内容批改疏导,从 grub 增加 pquota 参数。
root@ubuntu-01:~# cat /etc/default/grub
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
# For full documentation of the options in this file, see:
# info -f grub -n 'Simple configuration'
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="rootflags=pquota"
GRUB_CMDLINE_LINUX=""
从新生成 grub 文件
root@ubuntu-01:~# grub-mkconfig -o /boot/grub/grub.cfg
Sourcing file `/etc/default/grub'Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-43-generic
Found initrd image: /boot/initrd.img-5.15.0-43-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done重启后发现 quota 参数曾经被附加
root@ubuntu-01:~# cat /proc/mounts |grep quota
/dev/sda2 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,prjquota 0 0再次增加 –storage-opt 参数创立容器测试
root@ubuntu-01:~# docker run -it --storage-opt size=1G busybox /bin/sh
/ # df -hT
Filesystem Type Size Used Available Use% Mounted on
overlay overlay 1.0G 12.0K 1024.0M 0% /
tmpfs tmpfs 64.0M 0 64.0M 0% /dev
shm tmpfs 64.0M 0 64.0M 0% /dev/shm
/dev/sda2 xfs 20.0G 7.5G 12.5G 37% /etc/resolv.conf
/dev/sda2 xfs 20.0G 7.5G 12.5G 37% /etc/hostname
/dev/sda2 xfs 20.0G 7.5G 12.5G 37% /etc/hosts
tmpfs tmpfs 1.9G 0 1.9G 0% /proc/asound
tmpfs tmpfs 1.9G 0 1.9G 0% /proc/acpi
tmpfs tmpfs 64.0M 0 64.0M 0% /proc/kcore
tmpfs tmpfs 64.0M 0 64.0M 0% /proc/keys
tmpfs tmpfs 64.0M 0 64.0M 0% /proc/timer_list
tmpfs tmpfs 1.9G 0 1.9G 0% /proc/scsi
tmpfs tmpfs 1.9G 0 1.9G 0% /sys/firmware
发现再次应用 –storage-opt 参数束缚容器文件系统大小时不会报错,并且胜利束缚。完结,马内到手。
正文完
