Clean docker environment: devicemapper

docker device-mapper

Don't use a devicemapper loop file for anything serious! Docker has big warnings about this.

The /var/lib/docker/devicemapper/devicemapper directory contains the sparse loop files that contain all the data that docker mounts. So you would need to use lvm tools to trawl around them and do things. Have a read though the remove issues with devicemapper, they are kinda sorta resolved but maybe not.

I would move away from devicemapper where possible or use LVM thin pools on anything RHEL based. If you can't change storage drivers, the same procedure will at least clear up any allocated sparse space you can't reclaim.

Changing the docker storage driver

Changing storage driver will require dumping your /var/lib/docker directories which contains all your docker data. There are ways to save portions of it but that involves messing around with Docker internals. Better to commit and export any containers or volumes you want to keep and import them after the change. Otherwise you will have a fresh, blank Docker install!

  1. Export data

  2. Stop Docker

  3. Remove /var/lib/docker

  4. Modify your docker startup to use the new storage driver. Set --storage-driver=<name> in /lib/systemd/system/docker.service or /etc/systemd/system/docker.service or /etc/default/docker or /etc/sysconfig/docker

  5. Start Docker

  6. Import Data

AUFS

AUFS is not in the mainline kernel (and never will be) which means distro's have to actively include it somehow. For Ubuntu it's in the linux-image-extra packages.

apt-get install linux-image-extra-$(uname -r) linux-image-extra-virtual

Then change the storage driver option to --storage-driver=aufs

OverlayFS

OverlayFS is already available in Ubuntu, just change the storage driver to --storage-driver=overlay2 or --storage-driver=overlay if you are still using a 3.x kernel

I'm not sure how good an idea this is right now. It can't be much worse than the loop file but The overlay2 driver is pretty solid for dev use but isn't considered production ready yet (e.g. Docker Enterprise don't provide support) but it is being pushed to become the standard driver due to the AUFS/Kernel issues.

Direct LVM Thin Pool

Instead of the devicemapper loop file you can use an LVM thin pool directly. RHEL makes this easy with a docker-storage-setup utility that distributed with their EPEL docker package. Docker have detailed steps for setting up the volumes manually. 

--storage-driver=devicemapper \
--storage-opt=dm.thinpooldev=/dev/mapper/docker-thinpool \
--storage-opt dm.use_deferred_removal=true

Docker 17.06+ supports managing simple direct-lvm block device setups for you.

Just don't run out of space in the LVM volume, ever. You end up with an unresponsive Docker daemon that needs to be killed and then LVM resources that are still in use that are hard to clean up.


A periodic docker system prune -a works for me on systems where I use devicemapper and not the LVM thinpool. The pattern I use is:

  • I label any containers, images, etc with label "protected" if I want them to be exempt from cleanup
  • I then periodically run docker system prune -a --filter=label!=protected (either manually or on cron with -f)

Labeling examples:

  • docker run --label protected ...
  • docker create --label=protected=true ...
  • For images, Dockerfile's LABEL, eg LABEL protected=true
  • To add a label to an existing image that I cannot easily rebuild, I make a 2 line Dockerfile with the above, build a new image, then switch the new image for the old one (tag).

General Docker label documentation


First, what is devicemapper (official documentation)

Device Mapper has been included in the mainline Linux kernel since version 2.6.9. It is a core part of RHEL family of Linux distributions.

The devicemapper driver stores every image and container on its own virtual device. These devices are thin-provisioned copy-on-write snapshot devices.
Device Mapper technology works at the block level rather than the file level. This means that devicemapper storage driver's thin provisioning and copy-on-write operations work with blocks rather than entire files.

The devicemapper is the default Docker storage driver on some Linux distributions.

Docker hosts running the devicemapper storage driver default to a configuration mode known as loop-lvm. This mode uses sparse files to build the thin pool used by image and container snapshots

Docker 1.10 and later no longer matches image layer IDs with directory names in /var/lib/docker.
However, there are two key directories.

  • The /var/lib/docker/devicemapper/mnt directory contains the mount points for image and container layers.
  • The /var/lib/docker/devicemapper/metadatadirectory contains one file for every image layer and container snapshot.

If your docker info does show your Storage Driver is devicemapper (and not aufs), proceed with caution with those folders.
See for instance issue 18867.

Related

controlling the output with RApacheOutputErrors
How to use GWT 2.1 Data Presentation Widgets
Scope of a Spring-Controller and its instance-variables
Allowing connection to .NET COM server with mismatching integrity level
Tomcat: Cache-Control
GMSPolyline very large memory spike
Unable to do low-level decoding of video on Android 4.2 without using media extractor
See if user is part of Active Directory group in C# + Asp.net
New to Xcode can't open files in c++?
Saving child collections with OrmLite on Android with objects created from Jackson
Using a broadcast intent/broadcast receiver to send messages from a service to an activity
Ember CLI testing complicated model relationships