版本信息ubuntu:Ubuntu22.04.1LTSdocker:23.0.1情况描述回忆一下之前走的一个命令,要求是使用docker的--storage-opt参数限制,但是一个容器文件系统占用的最大空间,本以为是天赐之物,但操作起来还是遇到了一些坑。首先查看官网了解该参数的一些特点,发现必须使用xfs文件系统支持,并且对驱动有一定的要求,已经满足。使用df-hT查看文件系统类型,使用dockerinfo查看Storage-Driver驱动程序。开始运行并添加--storage-opttestroot@ubuntu-01:~#dockerimagesREPOSITORYTAGIMAGEIDCREATEDSIZEbusyboxlatestbab98d58e29e8daysago4.86MBroot@ubuntu-01:~#dockerrun-it--storage-optsize=1Gbusybox/bin/shdocker:来自守护进程的错误响应:--storage-opt仅支持覆盖带有“pquota”挂载选项的xfs。请参阅“dockerrun--help”。现在会报错,Tip--storage-optonlysupportsoverridingmountoptionsonxfswith'pquota'。注意此时容器文件系统的位置是根分区,客户端的服务器只有一个磁盘。..使用mount命令重新挂载根分区,查看挂载参数,发现没有额外的quota参数root@ubuntu-01:~#mount-oremount,pquota/root@ubuntu-01:~#cat/proc/挂载/sysfs/syssysfsrw,nosuid,nodev,noexec,relatime00proc/procprocrw,nosuid,nodev,noexec,relatime00udev/devdevtmpfsrw,nosuid,relatime,size=1953592k,nr_inodes=488398,mode=755,inode6400devpts/dev/ptsdevptsrw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=00000tmpfs/runtmpfsrw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode6400/dev/sda2/xfsrw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota00securityfs/sys/kernel/securitysecurityfsrw,nosuid,nodev,noexec,relatime00tmpfs/dev/shmtmpfsrw,nosuid,nodev,inode64000tmpfs/run/locktmpfsrw,nosuid,nodev,noexec,relatime,size=5120k,inode6400cgroup2/sys/fs/cgroupcgroup2rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot00pstore/sys/fs/pstorepstorerw,nosuid,nodev,noexec,relatime00bpf/sys/fs/bpfbpfrw,nosuid,nodev,noexec,relatimee,mode=70000systemd-1/proc/sys/fs/binfmt_miscautofsrw,relatime,fd=29,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1931900hugetlbfs/dev/hugepageshugetlbfsrw,relatime,pagesize=2M00mqueue/dev/mqueuemqueuerw,nosuid,nodev,noexec,relatime00debugfs/sys/kernel/debugdebugfsrw,nosuid,nodev,noexec,relatime00tracefs/sys/内核/跟踪tracefsrw,nosuid,nodev,noexec,relatime00fusectl/sys/fs/fuse/connectionsfusectlrw,nosuid,nodev,noexec,relatime00configfs/sys/kernel/configconfigfsrw,nosuid,nodev,noexec,relatime00none/run/credentials/systemd-sysusers.serviceramfsro,nosuid,nodev,noexec,relatime,mode=70000/dev/loop0/snap/core20/1587squashfsro,nodev,relatime,errors=continue00/dev/loop1/snap/lxd/22923squashfsro,nodev,relatime,errors=continue00tmpfs/run/snapd/nstmpfsrw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode6400tmpfs/run/user/0tmpfsrw,nosuid,nodev,relatime,size=401988k,nr_inodes=100497,mode=700,inode6400/dev/loop3/snap/snapd/18357squashfsro,nodev,relatime,errors=continue00binfmt_misc/proc/sys/fs/binfmt_miscbinfmt_miscrw,nosuid,nodev,noexec,relatime00/dev/loop4/snap/core20/1828squashfsro,nodev,relatime,错误=继续00/dev/loop5/snap/lxd/24322squashfsro,nodev,relatime,错误=继续00nsfs/run/snapd/ns/lxd.mntnsfsrw00后,修改fstab文件,修改完成后重启系统root@ubuntu-01:~#cat/etc/fstab#/etc/fstab:静态文件系统信息。##使用'blkid'打印#设备的通用唯一标识符;这可以与UUID=一起使用,作为一种更强大的命名设备的方式#即使添加和删除磁盘也能正常工作。参见fstab(5)。##<文件系统><挂载点><类型><选项><转储><通过>#/在curtin安装期间位于/dev/sda2/dev/disk/by-uuid/90ba0f1d-1852-4315-a75e-692dbd858370/xfsdefaults,pquota00发现其实际上并没有啥用root@ubuntu-01:~#cat/proc/mounts/sysfs/syssysfsrw,nosuid,nodev,noexec,relatime00proc/procprocrw,nosuid,nodev,noexec,relatime00udev/devdevtmpfsrw,nosuid,relatime,size=1953596k,nr_inodes=488399,mode=755,inode6400devpts/dev/ptsdevptsrw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=00000tmpfs/runtmpfsrw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode6400/dev/sda2/xfsrw,relatime,attr2,inode64,日志缓冲区=8,logbsize=32k,noquota00securityfs/sys/kernel/securitysecurityfsrw,nosuid,nodev,noexec,relatime00tmpfs/dev/shmtmpfsrw,nosuid,nodev,inode6400tmpfs/run/locktmpfsrw,nosuid,nodev,noexec,relatime,size=5120k,inode6400cgroup2/sys/fs/cgroupcgroup2rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot00pstore/sys/fs/pstorepstorerw,nosuid,nodev,noexec,relatime00bpf/sys/fs/bpfbpfrw,nosuid,nodev,noexec,relatime,mode=70000systemd-1/proc/sys/fs/binfmt_miscautofsrw,relatime,fd=29,pgrp=1,超时=0,minproto=5,maxproto=5,direct,pipe_ino=2363900hugetlbfs/dev/hugepageshugetlbfsrw,relatime,pagesize=2M00mqueue/dev/mqueuemqueuerw,nosuid,nodev,noexec,relatime00debugfs/sys/内核/调试debugfsrw,nosuid,nodev,noexec,relatime00tracefs/sys/kernel/tracingtracefsrw,nosuid,nodev,noexec,relatime00fusectl/sys/fs/fuse/connectionsfusectlrw,nosuid,nodev,noexec,relatime00configfs/sys/kernel/configconfigfsrw,nosuid,nodev,noexec,relatime00none/run/credentials/systemd-sysusers.serviceramfsro,nosuid,nodev,noexec,relatime,mode=70000/dev/loop0/snap/core20/1587squashfsro,nodev,relatime,错误=继续00/dev/loop1/snap/lxd/24322squashfsro,nodev,relatime,错误=继续00/dev/loop2/snap/core20/1828squashfsro,nodev,relatime,错误=继续00/dev/loop4/snap/snapd/18357squashfsro,nodev,relatime,错误=继续00/dev/loop3/snap/lxd/22923squashfsro,nodev,relatime,错误=继续00binfmt_misc/proc/sys/fs/binfmt_miscbinfmt_miscrw,nosuid,nodev,noexec,relatime00tmpfs/run/snapd/nstmpfsrw,nosuid,nodev,noexec,relatime,size=401992k,mode=755,inode6400nsfs/run/snapd/ns/lxd.mntnsfsrw00tmpfs/run/user/0tmpfsrw,nosuid,nodev,relatime,size=401988k,nr_inodes=100497,mode=700,inode6400在启动容器的时候仍然会报错root@ubuntu-01:~#dockerrun-it--storage-optsize=1Gbusybox/bin/shdocker:来自守护进程的错误响应:--storage-optissupportedonly用于使用'pquota'挂载选项覆盖xfs。参见'dockerrun--help'最后,搜索信息后,参考https://support.circleci.com/hc/en-us/articles/7060937560859-...我发现如果解决之前的方法是设置非系统根分区,应该可以生效。如果是系统根分区,不知道为什么不生效,也没仔细看。根据文档内容修改guide,添加grub的pquota参数。root@ubuntu-01:~#cat/etc/default/grub#如果你更改了这个文件,之后运行'update-grub'来更新#/boot/grub/grub.cfg.#对于这个选项的完整文档文件,参见:#info-fgrub-n'简单配置'GRUB_DEFAULT=0GRUB_TIMEOUT_STYLE=hiddenGRUB_TIMEOUT=0GRUB_DISTRIBUTOR=`lsb_release-i-s2>/dev/null||echoDebian`GRUB_CMDLINE_LINUX_DEFAULT="rootflags=pquota"GRUB_CMDLINE_LINUX=""重新生成grub文件root@ubuntu-01:~#grub-mkconfig-o/boot/grub/grub.cfgSourcingfile`/etc/default/grub'Sourcingfile`/etc/default/grub.d/init-select.cfg'生成grub配置文件...找到linux镜像:/boot/vmlinuz-5.15.0-43-generic找到initrd镜像:/boot/initrd.img-5.15.0-43-genericWarning:os-proberwillnotbeexecutedtodetectotherbootablepartitions.SystemsonthemwillnotbeaddedtotheGRUBbootconfiguration.CheckGRUB_DISABLE_OS_PROBERdocumentationentry.done重新启动后发现配额已被附加root@ubuntu-01:~#猫/过程/mounts|grepquota/dev/sda2/xfsrw,relatime,attr2,inode64,logbufs=8,logbsize=32k,prjquota00再次添加--storage-opt参数createcontainertestroot@ubuntu-01:~#docker运行-it--storage-optsize=1Gbusybox/bin/sh/#df-hTFilesystemTypeSizeUsedAvailableUse%Mountedonoverlayoverlay1.0G12.0K1024.0M0%/tmpfstmpfs64.0M064.0M0%/devshmtmpfs64.0M064.0M0%/dev/shm/dev/sda2xfs20.0G7.5G12.5G37%/etc/resolv.conf/dev/sda2xfs20.0G7.5G12.5G37%/etc/主机名/dev/sda2xfs20.0G7.5G12.5G37%/etc/hoststmpfstmpfs1.9G01.9G0%/proc/asoundtmpfstmpfs1.9G01.9G0%/proc/acpitmpfstmpfs64.0M064.0M0%/proc/kcoretmpfstmpfs64.0M064.0M0%/proc/keystmpfstmpfs64.0M064.0M0%/proc/timer_listtmpfstmpfs1.9G01.9G0%/proc/scsitmpfstmpfs1.9G01.9G0%/sys/固件发现再次使用--storage-opt参数约束容器文件系统大小时,不会报错,约束成功,Mane在手。
