Explanation of the difference between VOLUME and docker v in Dockerfile
- 2021-10-25 08:15:16
- OfStack
The VOLUME mount in Dockerfile differs significantly from the docker-v command mount:
1. VOLUME
In Dockerfile, anonymous volumes are mounted on the host in VOLUME mode, and are automatically mounted anonymously on the host in the/var/lib/docker/volumes/ directory, with the following code:
FROM frolvlad/alpine-java:jre8-slim
MAINTAINER oas.cloud
COPY nickdir .
VOLUME /usr/local/oas/file/
WORKDIR /usr/local/oas/The above VOLUME/usr/local/oas/file/ defines the path of the directory in the container, which will be created in the container during the container creation process, and the mount directory name on the host machine is randomly generated.
For example:
/var/lib/docker/volumes/593fda6d7b8296bfca22894b326727c734133eebb11c9bc2c25a73b892157a37
Here, on the host machine,
/var/lib/docker/volumes/593fda6d7b8296bfca22894b326727c734133eebb11c9bc2c25a73b892157a37
The directory corresponds to the/usr/local/oas/file/ directory in the container
2. docker-v
docker-v can specify the specific directory to mount to the host machine, which is more controllable than VOLUME mounting mode of Dockerfile. The code is as follows:
$ docker run - name tengine-web -d -p 9527:80 -p 9000:9000 \
-v /usr/local/tengine/logs:/var/log/nginx \
-v /usr/local/tengine/conf.d:/etc/nginx/conf.d \
-v /usr/local/tengine/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /usr/local/tengine/html:/usr/share/nginx/html \
-v /usr/local/oas/file:/usr/local/oas/file nginxWith the above command, you can mount the directory of the host, the/usr/local/tengine/logs, to the corresponding directory of the container, the/var/log/nginx, with the host directory before the colon (absolute path) and the path mounted in the mirror after the colon (absolute path).
Additional: Docker Data Volume Mount Command volume (-v) vs. mount
1. Preface
Users can create containers with data volumes through the docker run-volume/-v or-mount options, but there are some subtle differences between these two options, which are summarized here.
2. Command usage
--volume(-v)
The parameter--volume (or-v) can only create bind mount. Example:
docker run --name $CONTAINER_NAME -it \
-v $PWD/$CONTAINER_NAME/app:/app:rw \
-v $PWD/$CONTAINER_NAME/data:/data:ro \
avocado-cloud:latest /bin/bashNote:
Command format:
[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]]If HOST-DIR is specified, it must be an absolute path, and if the path does not exist, it will be automatically created
rw in the instance is read-write and ro is read-only
--mount
Parameter--mount is used by default to mount volume, but can also be used to create bind, mount and tmpfs. If the type option is not specified, volume is mounted by default. volume is a more flexible data management mode, and volume can be managed through docker volume command set. Example:
docker run --name $CONTAINER_NAME -it \
--mount type=bind,source=$PWD/$CONTAINER_NAME/app,destination=/app \
--mount source=${CONTAINER_NAME}-data,destination=/data,readonly \
avocado-cloud:latest /bin/bashNote:
Mount volume command format:
[type=volume,]source=my-volume,destination=/path/in/container[,...]Create an bind mount command format:
type=bind,source=/path/on/host,destination=/path/in/container[,...]If you create bind mount and specify source, it must be an absolute path and the path must already exist
In the example, readonly means read-only
3. Summary of differences
1. Comparison of creating bind mount and mounting volume
| 对比项 | bind mount | volume |
|---|---|---|
| Source位置 | 用户指定 | /var/lib/docker/volumes/ |
| Source为空 | 覆盖dest为空 | 保留dest内容 |
| Source非空 | 覆盖dest内容 | 覆盖dest内容 |
| Source种类 | 文件或目录 | 只能是目录 |
| 可移植性 | 1般(自行维护) | 强(docker托管) |
| 宿主直接访问 | 容易(仅需chown) | 受限(需登陆root用户)* |
* Notes:
Docker cannot simply open the contents of volume to ordinary users on the host through sudo chown someuser:-R/var/lib/docker/volumes/somevolume, and there is a security risk if more permissions are opened. At this point, the design of Podman is much more ideal. volume is stored in the path of $HOME/.local/share/containers/storage/volumes/, which not only provides convenience, but also ensures security.
You can run containers without root permissions, which is one of the advantages of Podman, and it really benefits a lot in actual use.
2. Comparison of--volume and--mount when creating bind mount
| 对比项 | --volume 或 -v | --mount type=bind |
|---|---|---|
| 如果主机路径不存在 | 自动创建 | 命令报错 |