关于docker:docker-使用storageopt参数约束容器文件系统大小

版本信息

ubuntu ：Ubuntu 22.04.1 LTS
docker：23.0.1

状况阐明

想起之前接过的一个单，需要是须要用docker的--storage-opt参数束缚但个容器文件系统所占空间的最大值，原本认为是送钱的，后果操作起来还遇到点小坑。
首先查看官网介绍理解这个参数的一些个性，发现必须应用xfs文件系统能力反对，且对驱动有肯定要求，这些要求曾经满足了。应用df -hT能够看到文件系统类型，docker info 能够看到Storage-Driver驱动。

开始操作

间接在创立容器的时候增加--storage-opt测试

root@ubuntu-01:~# docker imagesREPOSITORY   TAG       IMAGE ID       CREATED      SIZEbusybox      latest    bab98d58e29e   8 days ago   4.86MBroot@ubuntu-01:~# docker run -it  --storage-opt size=1G busybox /bin/shdocker: Error response from daemon: --storage-opt is supported only for overlay over xfs with 'pquota' mount option.See 'docker run --help'.

现会有报错，提醒--storage-opt 只反对笼罩在xfs与'pquota'挂载选项。
留神此时的容器文件系统所在位置为根分区，同时客户的服务器也只有一个盘。。。
应用mount命令从新挂载根分区，查看挂载参数发现并没有附加quota参数

root@ubuntu-01:~# mount -o remount,pquota /root@ubuntu-01:~# cat /proc/mounts /sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0udev /dev devtmpfs rw,nosuid,relatime,size=1953592k,nr_inodes=488398,mode=755,inode64 0 0devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0/dev/sda2 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 0securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0tmpfs /dev/shm tmpfs rw,nosuid,nodev,inode64 0 0tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,inode64 0 0cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0bpf /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=19319 0 0hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0none /run/credentials/systemd-sysusers.service ramfs ro,nosuid,nodev,noexec,relatime,mode=700 0 0/dev/loop0 /snap/core20/1587 squashfs ro,nodev,relatime,errors=continue 0 0/dev/loop1 /snap/lxd/22923 squashfs ro,nodev,relatime,errors=continue 0 0tmpfs /run/snapd/ns tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=401988k,nr_inodes=100497,mode=700,inode64 0 0/dev/loop3 /snap/snapd/18357 squashfs ro,nodev,relatime,errors=continue 0 0binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime 0 0/dev/loop4 /snap/core20/1828 squashfs ro,nodev,relatime,errors=continue 0 0/dev/loop5 /snap/lxd/24322 squashfs ro,nodev,relatime,errors=continue 0 0nsfs /run/snapd/ns/lxd.mnt nsfs rw 0 0

之后去批改fstab文件，批改实现后才重启零碎。

root@ubuntu-01:~# cat /etc/fstab # /etc/fstab: static file system information.## Use 'blkid' to print the universally unique identifier for a# device; this may be used with UUID= as a more robust way to name devices# that works even if disks are added and removed. See fstab(5).## <file system> <mount point>   <type>  <options>       <dump>  <pass># / was on /dev/sda2 during curtin installation/dev/disk/by-uuid/90ba0f1d-1852-4315-a75e-692dbd858370 / xfs defaults,pquota 0 0

发现其实并没啥用

root@ubuntu-01:~# cat /proc/mounts /sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0udev /dev devtmpfs rw,nosuid,relatime,size=1953596k,nr_inodes=488399,mode=755,inode64 0 0devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0/dev/sda2 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 0securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0tmpfs /dev/shm tmpfs rw,nosuid,nodev,inode64 0 0tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,inode64 0 0cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0bpf /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=23639 0 0hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0none /run/credentials/systemd-sysusers.service ramfs ro,nosuid,nodev,noexec,relatime,mode=700 0 0/dev/loop0 /snap/core20/1587 squashfs ro,nodev,relatime,errors=continue 0 0/dev/loop1 /snap/lxd/24322 squashfs ro,nodev,relatime,errors=continue 0 0/dev/loop2 /snap/core20/1828 squashfs ro,nodev,relatime,errors=continue 0 0/dev/loop4 /snap/snapd/18357 squashfs ro,nodev,relatime,errors=continue 0 0/dev/loop3 /snap/lxd/22923 squashfs ro,nodev,relatime,errors=continue 0 0binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime 0 0tmpfs /run/snapd/ns tmpfs rw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode64 0 0nsfs /run/snapd/ns/lxd.mnt nsfs rw 0 0tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=401988k,nr_inodes=100497,mode=700,inode64 0 0

在启动容器的时候仍然会报错

root@ubuntu-01:~# docker run -it  --storage-opt size=1G busybox /bin/shdocker: Error response from daemon: --storage-opt is supported only for overlay over xfs with 'pquota' mount option.See 'docker run --help'

最初通过查找材料，参考https://support.circleci.com/hc/en-us/articles/7060937560859-...找到了解决方案。之前的办法如果是设置的非零碎的根分区应该是能够失效的，如果是零碎根分区不晓得为啥就没失效，具体也没认真查。
依照文档内容批改疏导，从grub增加pquota参数。

root@ubuntu-01:~# cat /etc/default/grub# If you change this file, run 'update-grub' afterwards to update# /boot/grub/grub.cfg.# For full documentation of the options in this file, see:#   info -f grub -n 'Simple configuration'GRUB_DEFAULT=0GRUB_TIMEOUT_STYLE=hiddenGRUB_TIMEOUT=0GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`GRUB_CMDLINE_LINUX_DEFAULT="rootflags=pquota"GRUB_CMDLINE_LINUX=""

从新生成grub文件

root@ubuntu-01:~# grub-mkconfig -o /boot/grub/grub.cfgSourcing file `/etc/default/grub'Sourcing file `/etc/default/grub.d/init-select.cfg'Generating grub configuration file ...Found linux image: /boot/vmlinuz-5.15.0-43-genericFound initrd image: /boot/initrd.img-5.15.0-43-genericWarning: os-prober will not be executed to detect other bootable partitions.Systems on them will not be added to the GRUB boot configuration.Check GRUB_DISABLE_OS_PROBER documentation entry.done

重启后发现quota参数曾经被附加

root@ubuntu-01:~# cat /proc/mounts |grep quota/dev/sda2 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,prjquota 0 0

再次增加--storage-opt参数创立容器测试

root@ubuntu-01:~# docker run -it  --storage-opt size=1G busybox /bin/sh/ # df -hTFilesystem           Type            Size      Used Available Use% Mounted onoverlay              overlay         1.0G     12.0K   1024.0M   0% /tmpfs                tmpfs          64.0M         0     64.0M   0% /devshm                  tmpfs          64.0M         0     64.0M   0% /dev/shm/dev/sda2            xfs            20.0G      7.5G     12.5G  37% /etc/resolv.conf/dev/sda2            xfs            20.0G      7.5G     12.5G  37% /etc/hostname/dev/sda2            xfs            20.0G      7.5G     12.5G  37% /etc/hoststmpfs                tmpfs           1.9G         0      1.9G   0% /proc/asoundtmpfs                tmpfs           1.9G         0      1.9G   0% /proc/acpitmpfs                tmpfs          64.0M         0     64.0M   0% /proc/kcoretmpfs                tmpfs          64.0M         0     64.0M   0% /proc/keystmpfs                tmpfs          64.0M         0     64.0M   0% /proc/timer_listtmpfs                tmpfs           1.9G         0      1.9G   0% /proc/scsitmpfs                tmpfs           1.9G         0      1.9G   0% /sys/firmware

发现再次应用--storage-opt参数束缚容器文件系统大小时不会报错，并且胜利束缚。 完结，马内到手。