The service is installed via the Virtual Machine Project project in the script ‘aemdesign-vm/scripts/devops/docker-install.sh’. This command returns unused blocks to the thin pool.ĭocker is configured to manage applications using thin pool volume data management via Convoy. The thin pool can ‘ zero out’ the data block but this is a performance concern as a delete will incur a corresponding write operation.Ī recommended way to ensure unused blocks are eventually released, is to schedule a regular job to execute the command *‘fstrim’** *on the mounted file systems. The security concern is as blocks are marked as unused, the blocks may contain sensitive data that can be read by another process when released. This is by design as a security and as a performance concern.
Thin Volume ManagementĪs the Docker containers write and delete data in the logical volumes, blocks allocated by the thin pool are not released immediately. The Docker containers in the AEM Platform are configured to use Convoy to manage their data. Convoy is a Docker Plugin that wraps a thin pool backed by the kernel level Device Mapper (NOTE: Red Hat Device Mapper documentation : ).
Details on the installation can be found ‘ aemdesign-vm/scripts/devops/docker-install.sh’.Įach server is configured with Convoy (NOTE: Convoy project home: ) which is used in Docker as a volume plugin. Thin PoolĪ Thin Pool named ‘rhel’ is configured in the aemdesign-vm project as part of the initial Docker installation. The IPTables rules for applications that are installed as services on the operating system are required to be defined. The Docker service will forward packets from the statically assigned IP network interface eth0 to the network interface docker0 *that binds to the Docker bridge network (under the Virtual Machine Project and in the file *aemdesign-vm/scripts/devops/firewall.sh) The configuration of IPTables is not strictly required for the Docker containers that bind to the host IP and port. This file has been truncated.The role ‘server-iptables’ automates the application of the configuration in the Using the IPTables service (NOTE: ) of the Red Hat Product Information. * Virtual File System(VFS)/Network File System(NFS)
It's much easier for user to manage data with Docker volumes with Convoy. So user would able to migrate the volumes between the hosts, share the same volume across the hosts, make scheduled snapshots of as well as recover to previous version of volume. device mapper, NFS, EBS) and more features like snapshot/backup/restore. You can also use ```-volume-from``` but that would require original container still exists on the same host.Ĭonvoy used Docker volume plugin mechanism to provide persistent volume for Docker containers, and supports various of backends(e.g. For example, if you start a wordpress container with database, add some posts, remove the container, then the modified database would lost.īefore volume plugin, the only way to reuse the volume is using host bind mount feature of Docker, as ```docker run -v /host_path:/container_path```, then maintain the content of the volume at ```/host_path```.
User can create volume through ```docker run -v volname```, but it's disposable, cannot be easily reused for new containers or containers on the other hosts. It's written in Go and can be deployed as a standalone binary.ĭocker has various drivers(aufs, device mapper, etc) for container's root image, but not for volumes. It's designed to be a simple Docker volume plug-ins that supports vendor-specific extensions such as snapshots, backups and restore. rancher/convoy/blob/master/README.md # Convoy ()]()Ĭonvoy is a Docker volume plugin for a variety of storage back-ends.
0 kommentar(er)
