docker bind-mount

Bind mounts

自從Docker早期以來，綁定安裝就一直在進行。與卷相比，綁定掛載的功能有限。當您使用綁定掛載時，主機上的一個文件或目錄被安裝到一個容器中。文件或目錄由主機上的完整或相對路徑引用。相比之下，在使用卷時，在主機上的Docker s存儲目錄中創建了一個新目錄，Docker管理該目錄的內容。

The file or directory does not need to exist on the Docker host already. It is created on demand if it does not yet exist. Bind mounts are very performant, but they rely on the host machine’s filesystem having a specific directory structure available. If you are developing new Docker applications, consider using named volumes

instead. You can’t use Docker CLI commands to directly manage bind mounts.

Choosing the -v or –mount flag

Originally起初, the -v or --volume flag was used for standalone containers and the --mount flag was used for swarm services. However, starting with Docker 17.06, you can also use --mount with standalone containers. In general（通常來說）, --mount

is more explicit and verbose. The biggest difference is that the -v syntax combines all the options together in one field, while the --mount syntax separates（分離） them. Here is a comparison of the syntax for each flag.

Tip: New users should use the --mount syntax. Experienced users may be more familiar with the -v

or --volume syntax, but are encouraged to use --mount, because research has shown it to be easier to use.

-v or --volume: Consists of three fields, separated by colon characters (:). The fields must be in the correct order, and the meaning of each field is not immediately obvious.

• In the case of bind mounts, the first field is the path to the file or directory on the host machine.

• The second field is the path where the file or directory will be mounted in the container.

• The third field is optional, and is a comma-separated list of options, such as ro, consistent, delegated, cached, z, and Z. These options are discussed below.

--mount: Consists of multiple key-value pairs, separated by commas and each consisting of a <key>=<value> tuple. The --mount syntax is more verbose than -v or --volume, but the order of the keys is not significant（意義，重要）, and the value of the flag is easier to understand.

• The type of the mount, which can be bind, volume, or tmpfs. This topic discusses bind mounts, so the type will always be bind.

• The source of the mount. For bind mounts, this is the path to the file or directory on the Docker daemon host. May be specified as source or src.

• The destination（目的） takes as its value the path where the file or directory will be mounted in the container. May be specified as destination, dst, or target.

• The readonly option, if present, causes the bind mount to be mounted into the container as read-only.

• The bind-propagation option, if present, changes the bind propagation. May be one of rprivate, private, rshared, shared, rslave, slave.

• The consistency option, if present, may be one of consistent, delegated, or cached. This setting only applies to Docker for Mac, and is ignored on all other platforms.

• The --mount flag does not support z or Z options for modifying selinux labels.

Differences between -v and --mount behavior

Because the -v and --volume flags have been a part of Docker for a long time, their behavior cannot be changed. This means that there is one behavior that is different between -v and --mount.

If you use -v or --volume to bind-mount a file or directory that does not yet exist on the Docker host, -v will create the endpoint(終端) for you. It is always created as a directory.

If you use --mount to bind-mount a file or directory that does not yet exist on the Docker host, Docker does not automatically create it for you, but generates an error.

Start a container with a bind mount

The --mount and -v examples below produce the same result. You can’t run them both unless you remove the devtest container after running the first one.

--mount

docker run -d \

-it \

--name devtest \

--mount type=bind,source="$(pwd)"/target,target=/app \

nginx:latest

-v

$ docker run -d \

-it \

--name devtest \

-v "$(pwd)"/target:/app \

nginx:latest

Use docker inspect devtest to verify that the bind mount was created correctly. Look for the Mounts section:

"Mounts": [ { "Type": "bind",

"Source": "/tmp/source/target",

"Destination": "/app", "Mode": "",

.........

$ docker container stop devtest

$ docker container rm devtest

Mounting into a non-empty directory on the container

If you bind-mount into a non-empty directory on the container, the directory’s existing contents will be obscured（覆蓋） by the bind mount. This can be beneficial（有益的）, such as when you want to test a new version of your application without building a new image. However, it can also be surprising and this behavior differs from that of docker volumes.

This example is contrived（考慮） to be extreme（極端的）, but will replace（替代） the contents of the container’s /usr/ directory with the /tmp/ directory on the host machine. In most cases, this would result in a non-functioning（非功能性的） container.

docker run -d \

-it \

--name broken-container \

--mount type=bind,source=/tmp,target=/usr \ tmp這個目錄是本來存在的。 nginx:latest docker: Error response from daemon: oci runtime error: container_linux.go:262: starting container process caused "exec: \"nginx\": executable file not found in $PATH".

-v：

$ docker run -d \

-it \

--name broken-container \

-v /tmp:/usr \

nginx:latest

The container is created but does not start. Remove it:

$ docker container rm broken-container

Use a read-only bind mount

-v "$(pwd)"/target:/app:ro \

Configure the selinux label

如果您使用selinux，您可以添加z或z選項來修改將安裝到容器中的主機文件或目錄的selinux標簽。這將影響主機本身的文件或目錄，並可能在Docker的範圍之外產生影響。

z選項表明綁定掛載內容是在多個容器之間共享的。

Z選項表明綁定掛載內容是私有的和未共享的。

使用這些選項時要特別小心。使用Z選項安裝一個系統目錄，如/home或/usr，將使您的主機不可操作，您可能需要手動將主機文件重新綁定。

本文出自 “11716212” 博客，請務必保留此出處http://11726212.blog.51cto.com/11716212/1975582

docker數據存儲方式（bind--mount）