I am running docker on a RHEL7.9 machine we hope to host webservices and a few other applications.
$ docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
scan: Docker Scan (Docker Inc., v0.8.0)
Server:
Containers: 22
Running: 22
Paused: 0
Stopped: 0
Images: 16
Server Version: 20.10.7
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2 io.containerd.runtime.v1.linux nvidia
Default Runtime: runc
Init Binary: docker-init
containerd version: 7eba5930496d9bbe375fdf71603e610ad737d2b2
runc version: v1.0.0-0-g84113ee
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-1160.24.1.el7.x86_64
Operating System: Red Hat Enterprise Linux
OSType: linux
Architecture: x86_64
CPUs: 80
Total Memory: 503.3GiB
Name: <not relevant>
ID: <not relevant>
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: <not relevant>
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: true
I have /var/lib/docker under it's own partition as part of security protocol. I did this after initial setup of the system.
$ grep '/var/lib/docker\s' /proc/mounts
/dev/mapper/afsys-var_lib_docker /var/lib/docker xfs rw,seclabel,relatime,attr2,inode64,sunit=512,swidth=512,noquota 0 0
$ mountpoint -- "$(docker info -f '{{ .DockerRootDir }}')"
/var/lib/docker is a mountpoint
I am unsure if things are configured correctly - specifically some of the overlay storage is showing up in separate mountpoints on filesystem. I'm unsure if this is expected.. or a byproduct of partitioning /var/lib/docker AFTER we setup the system and had previously built images/containers.
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 263885104 0 263885104 0% /dev
tmpfs 263899860 0 263899860 0% /dev/shm
tmpfs 263899860 4181840 259718020 2% /run
tmpfs 263899860 0 263899860 0% /sys/fs/cgroup
/dev/mapper/sys-root 9763538944 135472276 9628066668 2% /
/dev/sdf1 972452 264664 707788 28% /boot
/dev/mapper/sys-maintenance 976087296 34336 976052960 1% /maintenance
/dev/mapper/sys-tmp 976087296 34472 976052824 1% /tmp
/dev/mapper/sys-var 976087296 54178732 921908564 6% /var
/dev/mapper/sys-var_lib_docker 524032000 62655660 461376340 12% /var/lib/docker
/dev/mapper/sys-var_log 976087296 2079404 974007892 1% /var/log
/dev/mapper/sys-var_log_audit 976087296 73968 976013328 1% /var/log/audit
/dev/mapper/sys-home 9763538944 36080988 9727457956 1% /home
tmpfs 52779976 0 52779976 0% /run/user/1001
tmpfs 52779976 0 52779976 0% /run/user/0
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/458fdb1acf9be0a10f3627ac8bffad5311542f6d66de976bed3f19b437f76d57/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/04015d24492d44b0b350a1b118904bbd620cb6554a4f10fb6000be1945b00e23/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/688ba6b06a96b2dbeb1602c91f36c69f4a2b55a731887c44b0d8ed496698099f/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6cafdb8e46dd04a2b0bcc9982906f83ec706d8fe7980b62a20fbb45c7439be74/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/7d715bcebb32eb144166a48289816b7aad3247aff9a6289e78552f349ad32293/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/50beb5caa2817b62388fffe73cc736dbb80ef5553d5b881f6393316b22d3d415/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/0b5ce085bf279805aa3fb04329d1ff6c96c0ea487a81db0f6c62619b0ef12eab/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/7386a81809e579aac138c1e0449a32f23063258f5c4131df676deeb26924e5bb/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/f180488020c76514e0c4cf3ec651e31ac6b712d71e3dd066996c810f5c44cae6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/e7aff65debb3b2200fe209b54e225419bf00f3d18e99caadde06249c67f70dce/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/3f5a54dae289b0169088e506229a5e75a54eb084a7e9eb7d191393bb0d922e1b/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/498b74db68c80bd88805bd4511c44c87624b00b53563250899fb821770a4c13c/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/e964f314751256feb5f0e2224d6306fabe500f4817bb5e2df2b9598f157032da/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/3ee10a1cb42e0028ef19072b878277f09c079440bdb9696d240ec7240aaf30f6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/fc39cf63c7f11715ba366aa363b0bbe311109396bbad579d64cb8a86636f11f6/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/1dae92df5c219ca2fad777e8544101fce4c9d67da7004a1860ba3823b0e94f26/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/96450a2ec1c860f2b94d31347a8586a720bb72b4d75b30d716954f96bb3044a5/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/76a3e24abd07a441247d9ebd515c68001be8f146b1ed9d8e1ac9f03f290f6591/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6cdf52c19bf11696c84190e4be40cc25ea553621670f142400f782324bda6d9a/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/c26d05d70bbf4e09900fc02b9a94e96b23b89c118f6a4b8eb840e22d9e2de34d/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/6426313243beafaa3059d43d7d6cb5c9954bdf9363012555dae59807657e58d5/merged
overlay 524032000 62655660 461376340 12% /var/lib/docker/overlay2/24d8c3c58b23f68c820bd624c8a7ec4902219ede1acdbb1336b055045e5d3c25/merged
Please forgive me if I am misinterpreting, but needed a sanity check and/or to be given advice on how to best configure so these overlays don't show up as separate mounts.
CodePudding user response:
Why Docker uses overlayfs
Docker containers are composed of multiple layers. Docker needs to be able to efficiently combine layers, and add and remove those layers efficiently. To combine those layers, Docker uses a storage driver such as overlayfs or aufs.
These filesystems count as mounts, so they show up in tools such as mount or df.
I have /var/lib/docker under it's own partition as part of security protocol. I did this after initial setup of the system.
I believe Docker supports this. I see no reason why this wouldn't work. The only caveat I can think of is that if you had containers before creating this partition, then mounting that partition would shadow those containers, therefore making any containers created before the partition was created inaccessible.
Excluding overlay from df
If you want to avoid seeing these in the output of df, you can use this command:
df -x overlay