docker容器根目錄爲只讀的解決辦法

時間 2019-12-05

原文原文鏈接

問題描述

今天在啓動docker容器的時候發現一段時間後宿主機上全部的容器的根目錄所有變成了只讀，而且宿主機message日誌報磁盤相關的錯node

容器內mount結果以下git

[root@zk-1 ~]# mount
/dev/mapper/docker-253:0-4298664622-7830c39693a73c13e80cf2a22a46558b22adcc5adf94ca1c893f44ece878601e on / type ext4 (ro,relatime,stripe=16,data=ordered)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=65536k)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
/dev/mapper/centos-root on /nfsc type xfs (rw,relatime,attr2,inode64,noquota)
tmpfs on /run/secrets type tmpfs (rw,nosuid,nodev,noexec,relatime)
/dev/mapper/centos-root on /etc/resolv.conf type xfs (rw,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hostname type xfs (rw,relatime,attr2,inode64,noquota)
/dev/mapper/centos-root on /etc/hosts type xfs (rw,relatime,attr2,inode64,noquota)

宿主機報錯以下github

Jan 13 15:06:01 docker2 systemd: Starting Session 6 of user root.
Jan 13 15:06:01 docker2 systemd: Started Session 6 of user root.
Jan 13 15:06:31 docker2 systemd: Starting Session 7 of user root.
Jan 13 15:06:31 docker2 systemd-logind: New session 7 of user root.
Jan 13 15:06:31 docker2 systemd: Started Session 7 of user root.
Jan 13 15:07:01 docker2 systemd: Starting Session 8 of user root.
Jan 13 15:07:01 docker2 systemd: Started Session 8 of user root.
Jan 13 15:07:38 docker2 kernel: device-mapper: thin: 253:3: reached low water mark for data device: sending event.
Jan 13 15:07:44 docker2 kernel: device-mapper: thin: 253:3: switching pool to out-of-data-space (queue IO) mode
Jan 13 15:08:01 docker2 systemd: Starting Session 9 of user root.
Jan 13 15:08:01 docker2 systemd: Started Session 9 of user root.
Jan 13 15:08:44 docker2 kernel: device-mapper: thin: 253:3: switching pool to out-of-data-space (error IO) mode
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269408)
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269408
Jan 13 15:08:44 docker2 kernel: Aborting journal on device dm-4-8.
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269409
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269410
Jan 13 15:08:44 docker2 kernel: EXT4-fs error (device dm-4): ext4_journal_check_start:56: Detected aborted journal
Jan 13 15:08:44 docker2 kernel: EXT4-fs (dm-4): Remounting filesystem read-only
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269411
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269412
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269413
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269414
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269415
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269416
Jan 13 15:08:44 docker2 kernel: Buffer I/O error on device dm-5, logical block 9269417
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269424)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269440)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269456)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269472)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269488)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269504)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269520)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269536)
Jan 13 15:08:44 docker2 kernel: EXT4-fs warning (device dm-5): ext4_end_bio:332: I/O error -28 writing to inode 1320256 (offset 13077839872 size 8388608 starting block 9269552)
Jan 13 15:08:44 docker2 kernel: Aborting journal on device dm-5-8.
Jan 13 15:08:44 docker2 kernel: EXT4-fs error (device dm-5) in ext4_da_write_end:2782: IO failure
Jan 13 15:08:44 docker2 kernel: EXT4-fs error (device dm-5): ext4_journal_check_start:56: Detected aborted journal
Jan 13 15:08:44 docker2 kernel: EXT4-fs (dm-5): Remounting filesystem read-only
Jan 13 15:08:44 docker2 kernel: EXT4-fs error (device dm-5) in ext4_do_update_inode:4504: Journal has aborted
Jan 13 15:08:44 docker2 kernel: EXT4-fs error (device dm-5): mpage_map_and_submit_extent:2229: comm kworker/u98:3: Failed to mark inode 1320256 dirty
Jan 13 15:08:44 docker2 kernel: EXT4-fs error (device dm-5) in ext4_writepages:2520: IO failure

第一反映是查看磁盤空間使用狀況docker

[root@zk-1 ~]# df -Th
Filesystem           Type   Size  Used Avail Use% Mounted on
/dev/mapper/docker-253:0-4298664622-7830c39693a73c13e80cf2a22a46558b22adcc5adf94ca1c893f44ece878601e
                     ext4    99G   49G   46G  52% /
tmpfs                tmpfs  126G     0  126G   0% /dev
shm                  tmpfs   64M     0   64M   0% /dev/shm
tmpfs                tmpfs  126G     0  126G   0% /sys/fs/cgroup
/dev/mapper/centos-root
                     xfs    1.7T  113G  1.6T   7% /nfsc
tmpfs                tmpfs  126G     0  126G   0% /run/secrets
/dev/mapper/centos-root
                     xfs    1.7T  113G  1.6T   7% /etc/resolv.conf
/dev/mapper/centos-root
                     xfs    1.7T  113G  1.6T   7% /etc/hostname
/dev/mapper/centos-root
                     xfs    1.7T  113G  1.6T   7% /etc/hosts

根目錄下還剩餘46G未使用；感受甚是怪異，因而網上搜索不少資料終於有了相關解釋
參考網絡上的一片文章：http://jpetazzo.github.io/201...json

具體緣由

docker服務啓動的時候默認會建立一個107.4G的data文件，然後啓動的容器的全部更改內容所有存儲至這個data文件中；也就是說當容器內產生的相關data數據超過107.4G後容器就再也沒有多餘的空間可用，從而致使全部容器的根目錄變爲只讀！centos

宿主機的docker info信息以下網絡

[root@docker2 ~]# docker info
Containers: 169
Images: 1672
Storage Driver: devicemapper
 Pool Name: docker-253:0-4298664622-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 107.4 GB
 Data Space Total: 107.4 GB
 Data Space Available: 0 B
 Metadata Space Used: 137.4 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.01 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.107-RHEL7 (2015-10-14)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.2.1-1.el7.elrepo.x86_64
Operating System: CentOS Linux 7 (Core)
CPUs: 40
Total Memory: 251.9 GiB
Name: docker2.stg.1qianbao.com
ID: JMZF:IQ6H:RDBK:XNSN:W3IO:ZAQH:RRFB:XRIT:4I72:KOKD:R34K:FD5L
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

因爲個人容器比較多（169個jboss應用），故直接致使整個環境不可用。session

解決方案

中止docker服務app

service docker stopoop

刪除/var/lib/docker下面的全部文件（刪除後你的鏡像和容器都沒有了，建議將有用的鏡像先備份或者上傳至倉儲裏面）

rm -rf /var/lib/docker/*

使用更大的文件或磁盤或邏輯卷建立/var/lib/docker/devicemapper/devicemapper/data文件
1. 使用文件：dd if=/dev/zero of=/var/lib/docker/devicemapper/devicemapper/data bs=1G count=0 seek=1000這樣將會建立一個虛擬的1000G大小的data文件，若是不加seek參數count直接爲1000的話則是建立了一個結結實實的1000G的文件
2. 使用磁盤：ln -s /dev/sdb /var/lib/docker/devicemapper/devicemapper/data
3. 使用邏輯卷：ln -s /dev/mapper/centos-dockerdata /var/lib/docker/devicemapper/devicemapper/data

我用的是第一種使用文件的方法建立了一個1.6T的虛擬文件

mkdir -p /var/lib/docker/devicemapper/devicemapper/
dd if=/dev/zero  of=/var/lib/docker/devicemapper/devicemapper/data bs=1G count=0 seek=1600

建立完成後啓動docker服務

service docker start

這時再看下docker info中的data池

[root@docker2 ~]# docker info
Containers: 169
Images: 1701
Storage Driver: devicemapper
 Pool Name: docker-253:0-2355438-pool
 Pool Blocksize: 65.54 kB
 Backing Filesystem: xfs
 Data file: /dev/loop0
 Metadata file: /dev/loop1
 Data Space Used: 90.9 GB
 Data Space Total: 1.611 TB
 Data Space Available: 1.52 TB
 Metadata Space Used: 147.5 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2 GB
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.107-RHEL7 (2015-10-14)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 4.2.1-1.el7.elrepo.x86_64
Operating System: CentOS Linux 7 (Core)
CPUs: 40
Total Memory: 251.9 GiB
Name: docker2.stg.1qianbao.com
ID: JMZF:IQ6H:RDBK:XNSN:W3IO:ZAQH:RRFB:XRIT:4I72:KOKD:R34K:FD5L
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

此後，你的data文件有多大就決定了你的宿主機上全部容器可用的空間的大小！

另外一方面：也能夠經過docker啓動參數的--storage-opt選項來限制每一個容器初始化的磁盤大小，如-storage-opt dm.basesize=80G 這樣每一個容器啓動後起根目錄的總空間就是80G

[root@zk-1 ~]# df -Th
Filesystem           Type   Size  Used Avail Use% Mounted on
/dev/mapper/docker-253:0-27661746-8b7f953fb4759982ad82235c27e39dfe7190b55180d63cbcf3aa2fdc6569d43a
                     ext4    79G  785M   74G   2% /
tmpfs                tmpfs  126G     0  126G   0% /dev
shm                  tmpfs   64M     0   64M   0% /dev/shm
tmpfs                tmpfs  126G     0  126G   0% /sys/fs/cgroup
tmpfs                tmpfs  126G     0  126G   0% /run/secrets
/dev/mapper/centos-root
                     xfs    1.5T  338G  1.2T  23% /wls/wls81/zookeeper.out
/dev/mapper/centos-root
                     xfs    1.5T  338G  1.2T  23% /etc/resolv.conf
/dev/mapper/centos-root
                     xfs    1.5T  338G  1.2T  23% /etc/hostname
/dev/mapper/centos-root
                     xfs    1.5T  338G  1.2T  23% /etc/hosts