清洁 docker/overlay2/是否安全 [英] Is it safe to clean docker/overlay2/
问题描述
我在 AWS EC2 上运行了一些 docker 容器,/var/lib/docker/overlay2 文件夹的磁盘大小增长非常快.
I got some docker containers running on AWS EC2, the /var/lib/docker/overlay2 folder grows very fast in disk size.
我想知道删除其内容是否安全?或者如果 docker 有某种命令来释放一些磁盘使用.
I'm wondering if it is safe to delete its content? or if docker has some kind of command to free up some disk usage.
更新:
我实际上已经尝试过 docker system prune -a,它回收了 0Kb.
I actually tried docker system prune -a already, which reclaimed 0Kb.
此外,我的/docker/overlay2 磁盘大小远大于 docker system df
Also my /docker/overlay2 disk size is much larger than the output from docker system df
在阅读了 docker 文档和 BMitch 的回答后,我认为触摸这个文件夹是一个愚蠢的想法,我会尝试其他方法来回收我的磁盘空间.
After reading docker documentation and BMitch's answer, I believe it is a stupid idea to touch this folder and I will try other ways to reclaim my disk space.
推荐答案
Docker 使用/var/lib/docker 来存储您的图像、容器和本地命名卷.删除它可能会导致数据丢失并可能使引擎停止运行.overlay2 子目录专门包含图像和容器的各种文件系统层.
Docker uses /var/lib/docker to store your images, containers, and local named volumes. Deleting this can result in data loss and possibly stop the engine from running. The overlay2 subdirectory specifically contains the various filesystem layers for images and containers.
要清理未使用的容器和图像,请参阅docker system prune.还有一些选项可以删除卷甚至标记的图像,但由于可能会丢失数据,因此默认情况下不会启用它们:
To cleanup unused containers and images, see docker system prune. There are also options to remove volumes and even tagged images, but they aren't enabled by default due to the possibility of data loss:
$ docker system prune --help
Usage: docker system prune [OPTIONS]
Remove unused data
Options:
-a, --all Remove all unused images not just dangling ones
--filter filter Provide filter values (e.g. 'label=<key>=<value>')
-f, --force Do not prompt for confirmation
--volumes Prune volumes
修剪永远不会删除的内容包括正在运行的容器、这些容器上的日志以及这些容器所做的文件系统更改.此外,在正常 docker 文件夹之外创建的任何内容在这个垃圾收集.这可能来自写入此目录的其他应用程序,或者 docker 引擎的先前配置(例如,从 AUFS 切换到 overlay2,或者可能在启用用户命名空间之后).
What a prune will never delete includes running containers, logs on those containers, and filesystem changes made by those containers. Additionally, anything created outside of the normal docker folders may not be seen by docker during this garbage collection. This could be from some other app writing to this directory, or a previous configuration of the docker engine (e.g. switching from AUFS to overlay2, or possibly after enabling user namespaces).
如果忽略这个建议并且你从这个文件系统中删除了一个像overlay2这样的文件夹会发生什么?容器文件系统由文件系统层的集合组装而成,overlay2 文件夹是 docker 执行其中一些挂载的地方(当容器运行时,您将在 mount 的输出中看到它们).在使用中删除其中一些会从正在运行的容器中删除文件系统的块,并可能破坏从受影响的映像启动新容器的能力.
What would happen if this advice is ignored and you deleted a single folder like overlay2 out from this filesystem? The container filesystems are assembled from a collection of filesystem layers, and the overlay2 folder is where docker is performing some of these mounts (you'll see them in the output of mount when a container is running). Deleting some of these when they are in use would delete chunks of the filesystem out from a running container, and likely break the ability to start a new container from an impacted image.
要将 docker 完全刷新到干净状态,请停止 docker 引擎 (systemctl stop docker) 并使用 rm -rf/var/删除整个目录(不仅仅是overlay2 文件夹)lib/docker,然后重启docker(systemctl start docker).引擎将在没有任何图像、容器、卷、用户创建的网络或群状态的情况下重新启动.
To completely refresh docker to a clean state, stop the docker engine (systemctl stop docker) and delete the entire directory (not just the overlay2 folder) with rm -rf /var/lib/docker, and restart docker (systemctl start docker). The engine will restart without any images, containers, volumes, user created networks, or swarm state.
这篇关于清洁 docker/overlay2/是否安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
