Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to change the read-only/read-write status of a docker mount at runtime?

Tags:

docker

I have a dockerized application that uses the filesystem to store lots of state. The application code is contained in the docker image

I am considering a update strategy which involves sharing the volume between two containers, but making sure that at most one container at a time can write to that filesystem.

The workflow would be:

  • start container A with /data mounted rw
  • start container B with /data mounted ro, and a newer version of the application
  • stop serving requests to container A
  • for container A, make the /data mount read-only
  • for container B, make the /data mount read-write
  • start serving requests to container B
like image 827
Robert Munteanu Avatar asked Mar 30 '17 12:03

Robert Munteanu

People also ask

Can data volumes can be mounted in read only mode in Docker?

The destination takes as its value the path where the file or directory is mounted in the container. May be specified as destination , dst , or target . The readonly option, if present, causes the bind mount to be mounted into the container as read-only. May be specified as readonly or ro .

Is a Docker image read only?

Docker images are stored as series of read-only layers. When we start a container, Docker takes the read-only image and adds a read-write layer on top.

Is Docker image a read/write image or is it a read only image?

From the official Docker docs: We've already seen that Docker images are read-only templates from which Docker containers are launched. Each image consists of a series of layers. Docker makes use of union file systems to combine these layers into a single image.

1 Answers

You can re-mount your volume from inside the container, in the rw mode, like that:

mount -o remount,rw /mnt/data

The catch is that mount syscall is not allowed inside the Docker containers by default so that you would have to run it in a privileged mode:

docker run --privileged ...

or enable the SYS_ADMIN capability

SYS_ADMIN Perform a range of system administration operations.

docker run --cap-add=SYS_ADMIN --security-opt apparmor:unconfined

(note that I have had to also add --security-opt apparmor:unconfined, to make this work on Ubuntu).

Also, remounting the rw volume back to ro might be tricky, as some process(es) might have already opened some files inside it for writing , in which case the remount will fail with is busy error message.

But my guess is that you can just restart the container instead (as it would be the one running an old version of the app).

like image 61
zeppelin Avatar answered Oct 05 '22 22:10

zeppelin
Sign in to Comment

Related questions

Restrict system calls inside docker container
Allow communication between two docker bridge networks using docker-compose
docker tomcat Log issue
Docker private registry | TLS certificate issue
docker login with root user on Container-VM Image
Python Tkinter in Docker .TclError: couldn't connect to display
How to add dynamic file to docker container
How-to: Dockerfile layer(s) reuse / reference
File storage for Docker Swarm
Docker not running on windows 10 error: Hardware assisted virtualization and data execution protection must be enabled in the BIOS
Docker Compose with PHP, MySQL, nginx connection issue
Docker volumes MariaDB Windows
Multi Docker Elastic Beanstalk: upload .ebextensions
Customize docker container bash
How to clear cache on building Gitlab?
Installing psycopg2 in an alpine docker container
Docker stack deploy rolling updates volume issue
How to change ip address range of docker swarm ingress network
Docker Compose: Mock external services
Kitematic or other GUI based options to connect to a remote docker host

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!