@@ -25,9 +25,7 @@ Docker.

 ## Data volumes

 A *data volume* is a specially-designated directory within one or more

-containers that bypasses the [*Union File

-System*](../reference/glossary.md#union-file-system). Data volumes provide several

-useful features for persistent or shared data:

+containers that bypasses the [*Union File System*](../reference/glossary.md#union-file-system). Data volumes provide several useful features for persistent or shared data:

 - Volumes are initialized when a container is created. If the container's

   base image contains data at the specified mount point, that existing data is

@@ -272,6 +270,12 @@ Then un-tar the backup file in the new container's data volume.

 You can use the techniques above to automate backup, migration and

 restore testing using your preferred tools.

+## Important tips on using shared volumes

+

+Multiple containers can also share one or more data volumes. However, multiple containers writing to a single shared volume can cause data corruption. Make sure you're applications are designed to write to shared data stores.

+

+Data volumes are directly accessible from the Docker host. This means you can read and write to them with normal Linux tools. In most cases you should not do this as it can cause data corruption if your containers and applications are unaware of your direct access.

+

 # Next steps

 Now we've learned a bit more about how to use Docker we're going to see how to

new file mode 100644

@@ -0,0 +1,197 @@

+<!--[metadata]>

+title = "AUFS storage driver in practice"

+description = "Learn how to optimize your use of AUFS driver."

+keywords = ["container, storage, driver, AUFS "]

+[menu.main]

+parent = "mn_storage_docker"

+<![end-metadata]-->

+

+# Docker and AUFS in practice

+

+AUFS was the first storage driver in use with Docker. As a result, it has a long and close history with Docker, is very stable, has a lot of real-world deployments, and has strong community support.  AUFS has several features that make it a good choice for Docker. These features enable:

+

+- Fast container startup times.

+- Efficient use of storage.

+- Efficient use of memory.

+

+Despite its capabilities and long history with Docker, some Linux distributions do not support AUFS. This is usually because AUFS is not included in the mainline (upstream) Linux kernel.

+

+The following sections examine some AUFS features and how they relate to Docker.

+

+## Image layering and sharing with AUFS

+

+AUFS is a *unification filesystem*. This means that it takes multiple directories on a single Linux host, stacks them on top of each other, and provides a single unified view. To achieve this, AUFS uses *union mount*.

+

+AUFS stacks multiple directories and exposes them as a unified view through a single mount point. All of the directories in the stack, as well as the union mount point, must all exist on the same Linux host. AUFS refers to each directory that it stacks as a *branch*.

+

+Within Docker, AUFS union mounts enable image layering. The AUFS storage driver implements Docker image layers using this union mount system. AUFS branches correspond to Docker image layers. The diagram below shows a Docker container based on the `ubuntu:latest` image.

+

+![](images/aufs_layers.jpg)

+

+This diagram shows the relationship between the Docker image layers and the AUFS branches (directories) in `/var/lib/docker/aufs`. Each image layer  and the container layer correspond to an AUFS branch (directory) in the Docker host's local storage area. The union mount point gives the unified view of all layers.

+

+AUFS also supports the copy-on-write technology (CoW). Not all storage drivers do.

+

+## Container reads and writes with AUFS

+

+Docker leverages AUFS CoW technology to enable image sharing and minimize the use of disk space. AUFS works at the file level. This means that all AUFS CoW operations copy entire files - even if only a small part of the file is being modified. This behavior can have a noticeable impact on container performance, especially if the files being copied are large, below a lot of image layers, or the CoW operation must search a deep directory tree.

+

+Consider, for example, an application running in a container needs to add a single new value to a large key-value store (file). If this is the first time the file is modified it does not yet exist in the container's top writable layer. So, the CoW must *copy up* the file from the underlying image. The AUFS storage driver searches each image layer for the file. The search order is from top to bottom. When it is found, the entire file is *copied up* to the container's top writable layer. From there, it can be opened and modified.

+

+Larger files obviously take longer to *copy up* than smaller files, and files that exist in lower image layers take longer to locate than those in higher layers. However, a *copy up* operation only occurs once per file on any given container. Subsequent reads and writes happen against the file's copy already *copied-up* to the container's top layer.

+

+

+## Deleting files with the AUFS storage driver

+

+The AUFS storage driver deletes a file from a container by placing a *whiteout

+file* in the container's top layer. The whiteout file effectively obscures the

+existence of the file in image's lower, read-only layers.  The simplified

+diagram below shows a container based on an image with three image layers.

+

+![](images/aufs_delete.jpg)

+

+The `file3` was deleted from the container. So, the AUFS storage driver  placed

+a whiteout file in the container's top layer. This whiteout file effectively

+"deletes"  `file3` from the container by obscuring any of the original file's

+existence in the image's read-only base layer. Of course, the image could have

+been in any of the other layers instead or in addition depending on how the

+layers are built.

+

+## Configure Docker with AUFS

+

+You can only use the AUFS storage driver on Linux systems with AUFS installed. Use the following command to determine if your system supports AUFS.

+

+```bash

+$ grep aufs /proc/filesystems

+nodev   aufs

+```

+

+This output indicates the system supports AUFS.  Once you've verified your

+system supports AUFS, you can must instruct the Docker daemon to use it. You do

+this from the command line with the `docker daemon` command:

+

+```bash

+$ sudo docker daemon --storage-driver=aufs &

+```

+

+Alternatively, you can edit the Docker config file and add the

+`--storage-driver=aufs` option to the `DOCKER_OPTS` line.

+

+```bash

+# Use DOCKER_OPTS to modify the daemon startup options.

+DOCKER_OPTS="--storage-driver=aufs"

+```

+

+Once your daemon is running, verify the storage driver with the `docker info` command.

+

+```bash

+$ sudo docker info

+Containers: 1

+Images: 4

+Storage Driver: aufs

+ Root Dir: /var/lib/docker/aufs

+ Backing Filesystem: extfs

+ Dirs: 6

+ Dirperm1 Supported: false

+Execution Driver: native-0.2

+...output truncated...

+````

+

+The output above shows that the Docker daemon is running the AUFS storage driver on top of an existing ext4 backing filesystem.

+

+## Local storage and AUFS

+

+As the `docker daemon` runs with the AUFS driver, the driver stores images and containers on within the Docker host's local storage area in the `/var/lib/docker/aufs` directory.

+

+### Images

+

+Image layers and their contents are stored under

+`/var/lib/docker/aufs/mnt/diff/<image-id>` directory. The contents of an image

+layer in this location includes all the files and directories belonging in that

+image layer.

+

+The `/var/lib/docker/aufs/layers/` directory contains metadata about how image

+layers are stacked. This directory contains one file for every image or

+container layer on the Docker host. Inside each file are the image layers names

+that exist below it. The diagram below shows an image with 4 layers.

+

+![](images/aufs_metadata.jpg)

+

+Inspecting the contents of the file relating to the top layer of the image

+shows the three image layers below it. They are listed in the order they are

+stacked.

+

+```bash

+$ cat /var/lib/docker/aufs/layers/91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c

+

+d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82

+

+c22013c8472965aa5b62559f2b540cd440716ef149756e7b958a1b2aba421e87

+

+d3a1f33e8a5a513092f01bb7eb1c2abf4d711e5105390a3fe1ae2248cfde1391

+```

+

+The base layer in an image has no image layers below it, so its file is empty.

+

+### Containers

+

+Running containers are mounted at locations in the

+`/var/lib/docker/aufs/mnt/<container-id>` directory. This is the AUFS union

+mount point that exposes the container and all underlying image layers as a

+single unified view. If a container is not running, its directory still exists

+but is empty. This is because containers are only mounted when they are running.

+

+Container metadata and various config files that are placed into the running

+container are stored in `/var/lib/containers/<container-id>`. Files in this

+directory exist for all containers on the system, including ones that are

+stopped. However, when a container is running the container's log files are also

+in this directory.

+

+A container's thin writable layer is stored under

+`/var/lib/docker/aufs/diff/<container-id>`. This directory is stacked by AUFS as

+the containers top writable layer and is where all changes to the container are

+stored. The directory exists even if the container is stopped. This means that

+restarting a container will not lose changes made to it. Once a container is

+deleted this directory is deleted.

+

+Information about which image layers are stacked below a container's top

+writable layer is stored in the following file

+`/var/lib/docker/aufs/layers/<container-id>`. The command below shows that the

+container with ID `b41a6e5a508d` has 4 image layers below it:

+

+```bash

+$ cat /var/lib/docker/aufs/layers/b41a6e5a508dfa02607199dfe51ed9345a675c977f2cafe8ef3e4b0b5773404e-init

+91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c

+d74508fb6632491cea586a1fd7d748dfc5274cd6fdfedee309ecdcbc2bf5cb82

+c22013c8472965aa5b62559f2b540cd440716ef149756e7b958a1b2aba421e87

+d3a1f33e8a5a513092f01bb7eb1c2abf4d711e5105390a3fe1ae2248cfde1391

+```

+

+The image layers are shown in order. In the output above, the layer starting

+with image ID "d3a1..." is the image's base  layer. The image layer starting

+with "91e5..." is the image's topmost layer.

+

+

+## AUFS and Docker performance

+

+To summarize some of the performance related aspects already mentioned:

+

+- The AUFS storage driver is a good choice for PaaS and other similar use-cases where container density is important. This is because AUFS efficiently shares images between multiple running containers, enabling fast container start times and minimal use of disk space.

+

+- The underlying mechanics of how AUFS shares files between image layers and containers uses the systems page cache very efficiently.

+

+- The AUFS storage driver can introduce significant latencies into container write performance. This is because the first time a container writes to any file, the file has be located and copied into the containers top writable layer. These latencies increase and are compounded when these files exist below many image layers and the files themselves are large.

+

+One final point. Data volumes provide the best and most predictable performance.

+This is because they bypass the storage driver and do not incur any of the

+potential overheads introduced by thin provisioning and copy-on-write. For this

+reason, you may want to place heavy write workloads on data volumes.

+

+## Related information

+

+* [Understand images, containers, and storage drivers](imagesandcontainers.md)

+* [Select a storage driver](selectadriver.md)

+* [BTRFS storage driver in practice](btrfs-driver.md)

+* [Device Mapper storage driver in practice](device-mapper-driver.md)

new file mode 100644

@@ -0,0 +1,280 @@

+<!--[metadata]>

+title = "BTRFS storage in practice"

+description = "Learn how to optimize your use of BTRFS driver."

+keywords = ["container, storage, driver, BTRFS "]

+[menu.main]

+parent = "mn_storage_docker"

+<![end-metadata]-->

+

+# Docker and BTRFS in practice

+

+Btrfs is a next generation copy-on-write filesystem that supports many advanced

+storage technologies that make it a good fit for Docker. Btrfs is included in

+the mainline Linux kernel and it's on-disk-format is now considered stable.

+However, many of its features are still under heavy development and users should

+consider it a fast-moving target.

+

+Docker's `btrfs` storage driver leverages many Btrfs features for image and

+container management. Among these features are thin provisioning, copy-on-write,

+and snapshotting.

+

+This article refers to Docker's Btrfs storage driver as `btrfs` and the overall Btrfs Filesystem as Btrfs.

+

+>**Note**: The [Commercially Supported Docker Engine (CS-Engine)](https://www.docker.com/compatibility-maintenance) does not currently support the `btrfs` storage driver.

+

+## The future of Btrfs

+

+Btrfs has been long hailed as the future of Linux filesystems. With full support in the mainline Linux kernel, a stable on-disk-format, and active development with a focus on stability, this is now becoming more of a reality.

+

+As far as Docker on the Linux platform goes, many people see the `btrfs` storage driver as a potential long-term replacement for the `devicemapper` storage driver. However, at the time of writing, the `devicemapper` storage driver should be considered safer, more stable, and more *production ready*. You should only consider the `btrfs` driver for production deployments if you understand it well and have existing experience with Btrfs.

+

+## Image layering and sharing with Btrfs

+

+Docker leverages Btrfs *subvolumes* and *snapshots* for managing the on-disk components of image and container layers.  Btrfs subvolumes look and feel like a normal Unix filesystem. As such, they can have their own internal directory structure that hooks into the wider Unix filesystem.

+

+Subvolumes are natively copy-on-write and have space allocated to them on-demand

+from an underlying storage pool. They can also be nested and snapped. The

+diagram blow shows 4 subvolumes. 'Subvolume 2' and 'Subvolume 3' are nested,

+whereas 'Subvolume 4' shows its own internal directory tree.

+

+![](images/btfs_subvolume.jpg)

+

+Snapshots are a point-in-time read-write copy of an entire subvolume. They exist directly below the subvolume they were created from. You can create snapshots of snapshots as shown in the diagram below.

+

+![](images/btfs_snapshots.jpg)

+

+Btfs allocates space to subvolumes and snapshots on demand from an underlying pool of storage. The unit of allocation is referred to as a *chunk* and *chunks* are normally ~1GB in size.

+

+Snapshots are first-class citizens in a Btrfs filesystem. This means that they look, feel, and operate just like regular subvolumes. The technology required to create them is built directly into the Btrfs filesystem thanks to its native copy-on-write design. This means that Btrfs snapshots are space efficient with little or no performance overhead. The diagram below shows a subvolume and it's snapshot sharing the same data.

+

+![](images/btfs_pool.jpg)

+

+Docker's `btrfs` storage driver stores every image layer and container in its own Btrfs subvolume or snapshot. The base layer of an image is stored as a subvolume whereas child image layers and containers are stored as snapshots. This is shown in the diagram below.

+

+![](images/btfs_container_layer.jpg)

+

+The high level process for creating images and containers on Docker hosts running the `btrfs` driver is as follows:

+

+1. The image's base layer is stored in a Btrfs subvolume under

+`/var/lib/docker/btrfs/subvolumes`.

+

+    The image ID is used as the subvolume name. E.g., a base layer with image ID

+    "f9a9f253f6105141e0f8e091a6bcdb19e3f27af949842db93acba9048ed2410b" will be

+    stored in

+    `/var/lib/docker/btrfs/subvolumes/f9a9f253f6105141e0f8e091a6bcdb19e3f27af949842db93acba9048ed2410b`

+

+2. Subsequent image layers are stored as a Btrfs snapshot of the parent layer's subvolume or snapshot.

+

+    The diagram below shows a three-layer image. The base layer is a subvolume. Layer 1 is a snapshot of the base layer's subvolume. Layer 2 is a snapshot of Layer 1's snapshot.

+

+    ![](images/btfs_constructs.jpg)

+

+## Image and container on-disk constructs

+

+Image layers and containers are visible in the Docker host's filesystem at

+`/var/lib/docker/btrfs/subvolumes/<image-id> OR <container-id>`. Directories for

+containers are present even for containers with a stopped status. This is

+because the `btrfs` storage driver mounts a default, top-level subvolume at

+`/var/lib/docker/subvolumes`. All other subvolumes and snapshots exist below

+that as Btrfs filesystem objects and not as individual mounts.

+

+The following example shows a single Docker image with four image layers.

+

+```bash

+$ sudo docker images -a

+REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE

+ubuntu              latest              0a17decee413        2 weeks ago         188.3 MB

+<none>              <none>              3c9a9d7cc6a2        2 weeks ago         188.3 MB

+<none>              <none>              eeb7cb91b09d        2 weeks ago         188.3 MB

+<none>              <none>              f9a9f253f610        2 weeks ago         188.1 MB

+```

+

+Each image layer exists as a Btrfs subvolume or snapshot with the same name as it's image ID as illustrated by the `btrfs subvolume list` command shown below:

+

+```bash

+$ sudo btrfs subvolume list /var/lib/docker

+ID 257 gen 9 top level 5 path btrfs/subvolumes/f9a9f253f6105141e0f8e091a6bcdb19e3f27af949842db93acba9048ed2410b

+ID 258 gen 10 top level 5 path btrfs/subvolumes/eeb7cb91b09d5de9edb2798301aeedf50848eacc2123e98538f9d014f80f243c

+ID 260 gen 11 top level 5 path btrfs/subvolumes/3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b

+ID 261 gen 12 top level 5 path btrfs/subvolumes/0a17decee4139b0de68478f149cc16346f5e711c5ae3bb969895f22dd6723751

+```

+

+Under the `/var/lib/docker/btrfs/subvolumes` directoy, each of these subvolumes and snapshots are visible as a normal Unix directory:

+

+```bash

+$ ls -l /var/lib/docker/btrfs/subvolumes/

+total 0

+drwxr-xr-x 1 root root 132 Oct 16 14:44 0a17decee4139b0de68478f149cc16346f5e711c5ae3bb969895f22dd6723751

+drwxr-xr-x 1 root root 132 Oct 16 14:44 3c9a9d7cc6a235eb2de58ca9ef3551c67ae42a991933ba4958d207b29142902b

+drwxr-xr-x 1 root root 132 Oct 16 14:44 eeb7cb91b09d5de9edb2798301aeedf50848eacc2123e98538f9d014f80f243c

+drwxr-xr-x 1 root root 132 Oct 16 14:44 f9a9f253f6105141e0f8e091a6bcdb19e3f27af949842db93acba9048ed2410b

+```

+

+Because Btrfs works at the filesystem level and not the block level, each image

+and container layer can be browsed in the filesystem using normal Unix commands.

+The example below shows a truncated output of an `ls -l` command against the

+image's top layer:

+

+```bash

+$ ls -l /var/lib/docker/btrfs/subvolumes/0a17decee4139b0de68478f149cc16346f5e711c5ae3bb969895f22dd6723751/

+total 0

+drwxr-xr-x 1 root root 1372 Oct  9 08:39 bin

+drwxr-xr-x 1 root root    0 Apr 10  2014 boot

+drwxr-xr-x 1 root root  882 Oct  9 08:38 dev

+drwxr-xr-x 1 root root 2040 Oct 12 17:27 etc

+drwxr-xr-x 1 root root    0 Apr 10  2014 home

+...output truncated...

+```

+

+## Container reads and writes with Btrfs

+

+A container is a space-efficient snapshot of an image. Metadata in the snapshot

+points to the actual data blocks in the storage pool. This is the same as with a

+subvolume. Therefore, reads performed against a snapshot are essentially the

+same as reads performed against a subvolume. As a result, no performance

+overhead is incurred from the Btrfs driver.

+

+Writing a new file to a container invokes an allocate-on-demand operation to

+allocate new data block to the container's snapshot. The file is then written to

+this new space. The allocate-on-demand operation is native to all writes with

+Btrfs and is the same as writing new data to a subvolume. As a result, writing

+new files to a container's snapshot operate at native Btrfs speeds.

+

+Updating an existing file in a container causes a copy-on-write operation

+(technically *redirect-on-write*). The driver leaves the original data and

+allocates new space to the snapshot. The updated data is written to this new

+space. Then, the driver updates the filesystem metadata in the snapshot to point

+to this new data. The original data is preserved in-place for subvolumes and

+snapshots further up the tree. This behavior is native to copy-on-write

+filesystems like Btrfs and incurs very little overhead.

+

+With Btfs, writing and updating lots of small files can result in slow performance. More on this later.

+

+## Configuring Docker with Btrfs

+

+The `btrfs` storage driver only operates on a Docker host where `/var/lib/docker` is mounted as a Btrfs filesystem. The following procedure shows  how to configure Btrfs on Ubuntu 14.04 LTS.

+

+### Prerequisites

+

+If you have already used the Docker daemon on your Docker host and have images you want to keep, `push` them to Docker Hub or your private Docker Trusted Registry before attempting this procedure.

+

+Stop the Docker daemon. Then, ensure that you have a spare block device at `/dev/xvdb`. The device identifier may be different in your environment and you should substitute your own values throughout the procedure.

+

+The procedure also assumes your kernel has the appropriate Btrfs modules loaded. To verify this, use the following command:

+

+```bash

+$ cat /proc/filesystems | grep btrfs`

+```

+

+### Configure Btrfs on Ubuntu 14.04 LTS

+

+Assuming your system meets the prerequisites, do the following:

+

+1. Install the "btrfs-tools" package.

+

+        $ sudo apt-get install btrfs-tools

+        Reading package lists... Done

+        Building dependency tree

+        <output truncated>

+

+2. Create the Btrfs storage pool.

+

+    Btrfs storage pools are created with the `mkfs.btrfs` command. Passing multiple devices to the `mkfs.btrfs` command creates a pool across all of those devices. Here you create a pool with a single device at `/dev/xvdb`.

+

+        $ sudo mkfs.btrfs -f /dev/xvdb

+        WARNING! - Btrfs v3.12 IS EXPERIMENTAL

+        WARNING! - see http://btrfs.wiki.kernel.org before using

+

+        Turning ON incompat feature 'extref': increased hardlink limit per file to 65536

+        fs created label (null) on /dev/xvdb

+            nodesize 16384 leafsize 16384 sectorsize 4096 size 4.00GiB

+        Btrfs v3.12

+

+    Be sure to substitute `/dev/xvdb` with the appropriate device(s) on your

+    system.

+

+    > **Warning**: Take note of the warning about Btrfs being experimental. As

+    noted earlier, Btrfs is not currently recommended for production deployments

+    unless you already have extensive experience.

+

+3. If it does not already exist, create a directory for the Docker host's local storage area at `/var/lib/docker`.

+

+        $ sudo mkdir /var/lib/docker

+

+4. Configure the system to automatically mount the Btrfs filesystem each time the system boots.

+

+    a. Obtain the Btrfs filesystem's UUID.

+

+        $ sudo blkid /dev/xvdb

+        /dev/xvdb: UUID="a0ed851e-158b-4120-8416-c9b072c8cf47" UUID_SUB="c3927a64-4454-4eef-95c2-a7d44ac0cf27" TYPE="btrfs"

+

+    b. Create a `/etc/fstab` entry to automatically mount `/var/lib/docker` each time the system boots.

+

+        /dev/xvdb /var/lib/docker btrfs defaults 0 0

+        UUID="a0ed851e-158b-4120-8416-c9b072c8cf47" /var/lib/docker btrfs defaults 0 0

+

+5. Mount the new filesystem and verify the operation.

+

+        $ sudo mount -a

+        $ mount

+        /dev/xvda1 on / type ext4 (rw,discard)

+        <output truncated>

+        /dev/xvdb on /var/lib/docker type btrfs (rw)

+

+    The last line in the output above shows the `/dev/xvdb` mounted at `/var/lib/docker` as Btrfs.

+

+

+Now that you have a Btrfs filesystem mounted at `/var/lib/docker`, the daemon should automatically load with the `btrfs` storage driver.

+

+1. Start the Docker daemon.

+

+        $ sudo service docker start

+        docker start/running, process 2315

+

+    The procedure for starting the Docker daemon may differ depending on the

+    Linux distribution you are using.

+

+    You can start the Docker daemon with the `btrfs` storage driver by passing

+    the `--storage-driver=btrfs` flag to the `docker daemon` command or you can

+    add the `DOCKER_OPTS` line to the Docker config file.

+

+2. Verify the storage driver with the `docker info` command.

+

+        $ sudo docker info

+        Containers: 0

+        Images: 0

+        Storage Driver: btrfs

+        [...]

+

+Your Docker host is now configured to use the `btrfs` storage driver.

+

+## BTRFS and Docker performance

+

+There are several factors that influence Docker's performance under the  `btrfs` storage driver.

+

+- **Page caching**. Btrfs does not support page cache sharing. This means that *n* containers accessing the same file require *n* copies to be cached. As a result, the `btrfs` driver may not be the best choice for PaaS and other high density container use cases.

+

+- **Small writes**. Containers performing lots of small writes (including Docker hosts that start and stop many containers) can lead to poor use of Btrfs chunks. This can ultimately lead to out-of-space conditions on your Docker host and stop it working. This is currently a major drawback to using current versions of Btrfs.

+

+    If you use the `btrfs` storage driver, closely monitor the free space on your Btrfs filesystem using the `btrfs filesys show` command. Do not trust the output of normal Unix commands such as `df`; always use the Btrfs native commands.

+

+- **Sequential writes**. Btrfs writes data to disk via journaling technique. This can impact sequential writes, where performance can be up to half.

+

+- **Fragmentation**. Fragmentation is a natural byproduct of copy-on-write filesystems like Btrfs. Many small random writes can compound this issue. It can manifest as CPU spikes on Docker hosts using SSD media and head thrashing on Docker hosts using spinning media. Both of these result in poor performance.

+

+    Recent versions of Btrfs allow you to specify `autodefrag` as a mount option. This mode attempts to detect random writes and defragment them. You should perform your own tests before enabling this option on your Docker hosts. Some tests have shown this option has a negative performance impact on Docker hosts performing lots of small writes (including systems that start and stop many containers).

+

+- **Solid State Devices (SSD)**. Btrfs has native optimizations for SSD media. To enable these, mount with the `-o ssd` mount option. These optimizations include enhanced SSD write performance by avoiding things like *seek optimizations* that have no use on SSD media.

+

+    Btfs also supports the TRIM/Discard primitives. However, mounting with the `-o discard` mount option can cause performance issues. Therefore, it is recommended you perform your own tests before using this option.

+

+- **Use Data Volumes**. Data volumes provide the best and most predictable performance. This is because they bypass the storage driver and do not incur any of the potential overheads introduced by thin provisioning and copy-on-write. For this reason, you may want to place heavy write workloads on data volumes.

+

+## Related Information

+

+* [Understand images, containers, and storage drivers](imagesandcontainers.md)

+* [Select a storage driver](selectadriver.md)

+* [AUFS storage driver in practice](aufs-driver.md)

+* [Device Mapper storage driver in practice](device-mapper-driver.md)

new file mode 100644

@@ -0,0 +1,310 @@

+<!--[metadata]>

+title="Device mapper storage in practice"

+description="Learn how to optimize your use of device mapper driver."

+keywords=["container, storage, driver, device mapper"]

+[menu.main]

+parent="mn_storage_docker"

+<![end-metadata]-->

+

+# Docker and the Device Mapper storage driver

+

+Device Mapper is a kernel-based framework that underpins many advanced

+volume management technologies on Linux. Docker's `devicemapper` storage driver

+leverages the thin provisioning and snapshotting capabilities of this framework

+for image and container management. This article refers to the Device Mapper

+storage driver as `devicemapper`, and the kernel framework as `Device Mapper`.

+

+

+>**Note**: The [Commercially Supported Docker Engine (CS-Engine) running on RHEL and CentOS Linux](https://www.docker.com/compatibility-maintenance) requires that you use the `devicemapper` storage driver.

+

+

+## An alternative to AUFS

+

+Docker originally ran on Ubuntu and Debian Linux and used AUFS for its storage

+backend. As Docker became popular, many of the companies that wanted to use it

+were using Red Hat Enterprise Linux (RHEL). Unfortunately, because the upstream

+mainline Linux kernel did not include AUFS, RHEL did not use AUFS either.

+

+To correct this Red Hat developers investigated getting AUFS into the mainline

+kernel. Ultimately, though, they decided a better idea was to develop a new

+storage backend. Moreover, they would base this new storage backend on existing

+`Device Mapper` technology.

+

+Red Hat collaborated with Docker Inc. to contribute this new driver. As a result

+of this collaboration, Docker's Engine was re-engineered to make the storage

+backend pluggable. So it was that the `devicemapper` became the second storage

+driver Docker supported.

+

+Device Mapper has been included in the mainline Linux kernel since version

+2.6.9. It is a core part of RHEL family of Linux distributions. This means that

+the `devicemapper` storage driver is based on stable code that has a lot of

+real-world production deployments and strong community support.

+

+

+## Image layering and sharing

+

+The `devicemapper` driver stores every image and container on its own virtual

+device. These devices are thin-provisioned copy-on-write snapshot devices.

+Device Mapper technology works at the block level rather than the file level.

+This means that `devicemapper` storage driver's thin provisioning and

+copy-on-write operations work with blocks rather than entire files.

+

+>**Note**: Snapshots are also referred to as *thin devices* or *virtual devices*. They all mean the same thing in the context of the `devicemapper` storage driver.

+

+With the `devicemapper` the high level process for creating images is as follows:

+

+1. The `devicemapper` storage driver creates a thin pool.

+

+    The pool is created from block devices or loop mounted sparse files (more on this later).

+

+2. Next it creates a *base device*.

+

+    A base device is a thin device with a filesystem. You can see which filesystem is in use by running the `docker info` command and checking the `Backing filesystem` value.

+

+3. Each new image (and image layer) is a snapshot of this base device.

+

+    These are thin provisioned copy-on-write snapshots. This means that they are initially empty and only consume space from the pool when data is written to them.

+

+With `devicemapper`, container layers are snapshots of the image they are created from. Just as with images, container snapshots are thin provisioned copy-on-write snapshots. The container snapshot stores all updates to the container. The `devicemapper` allocates space to them on-demand from the pool as and when data is written to the container.

+

+The high level diagram below shows a thin pool with a base device and two images.

+

+![](images/base_device.jpg)

+

+If you look closely at the diagram you'll see that it's snapshots all the way down. Each image layer is a snapshot of the layer below it. The lowest layer of each image is a snapshot of the the base device that exists in the pool. This base device is a `Device Mapper` artifact and not a Docker image layer.

+

+A container is a snapshot of the image it is created from. The diagram below shows two containers - one based on the Ubuntu image and the other based on the Busybox image.

+

+![](images/two_dm_container.jpg)

+

+

+## Reads with the devicemapper

+

+Let's look at how reads and writes occur using the `devicemapper` storage driver. The diagram below shows the high level process for reading a single block (`0x44f`) in an example container.

+

+![](images/dm_container.jpg)

+

+1. An application makes a read request for block 0x44f in the container.

+

+    Because the container is a thin snapshot of an image it does not have the data. Instead, it has a pointer (PTR) to where the data is stored in the  image snapshot lower down in the image stack.

+

+2. The storage driver follows the pointer to block `0xf33` in the snapshot relating to image layer `a005...`.

+

+3. The `devicemapper` copies the contents of block `0xf33` from the image snapshot to memory in the container.

+

+4. The storage driver returns the data to the requesting application.

+

+### Write examples

+

+With the `devicemapper` driver, writing new data to a container is accomplished by an *allocate-on-demand* operation. Updating existing data uses a copy-on-write operation. Because Device Mapper is a block-based technology these operations occur at the block level.

+

+For example, when  making a small change to a large file in a container, the `devicemapper` storage driver does not copy the entire file. It only copies the blocks to be modified. Each block is 64KB.

+

+#### Writing new data

+

+To write 56KB of new data to a container:

+

+1. An application makes a request to write 56KB of new data to the container.

+

+2. The allocate-on-demand operation allocates a single new 64KB block to the containers snapshot.

+

+    If the write operation is larger than 64KB, multiple new blocks are allocated to the container snapshot.

+

+3. The data is written to the newly allocated block.

+

+#### Overwriting existing data

+

+To modify existing data for the first time:

+

+1. An application makes a request to modify some data in the container.

+

+2. A copy-on-write operation locates the blocks that need updating.

+

+3. The operation allocates new blocks to the container snapshot and copies the data into those blocks.

+

+4. The modified data is written into the newly allocated blocks.

+

+The application in the container is unaware of any of these

+allocate-on-demand and copy-on-write operations. However, they may add latency

+to the application's read and write operations.

+

+## Configuring Docker with Device Mapper

+

+The `devicemapper` is the default Docker storage driver on some Linux

+distributions. This includes RHEL and most of its forks. Currently, the following distributions support the driver:

+

+* RHEL/CentOS/Fedora

+* Ubuntu 12.04          

+* Ubuntu 14.04          

+* Debian  

+

+Docker hosts running the `devicemapper` storage driver default to a

+configuration mode known as `loop-lvm`. This mode uses sparse files to build

+the thin pool used by image and container snapshots. The mode is designed to work out-of-the-box

+with no additional configuration. However, production deployments should not run

+under `loop-lvm` mode.

+

+You can detect the mode by viewing the `docker info` command:

+

+    $ sudo docker info

+    Containers: 0

+    Images: 0

+    Storage Driver: devicemapper

+     Pool Name: docker-202:2-25220302-pool

+     Pool Blocksize: 65.54 kB

+     Backing Filesystem: xfs

+     ...

+     Data loop file: /var/lib/docker/devicemapper/devicemapper/data

+     Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata

+     Library Version: 1.02.93-RHEL7 (2015-01-28)

+     ...

+

+The output above shows a Docker host running with the `devicemapper` storage driver operating in `loop-lvm` mode. This is indicated by the fact that the `Data loop file` and a `Metadata loop file` are on files under `/var/lib/docker/devicemapper/devicemapper`. These are loopback mounted sparse files.

+

+### Configure direct-lvm mode for production

+

+The preferred configuration for production deployments is `direct lvm`. This

+mode uses block devices to create the thin pool. The following procedure shows

+you how to configure a Docker host to use the `devicemapper` storage driver in a

+`direct-lvm` configuration.

+

+> **Caution:** If you have already run the Docker daemon on your Docker host and have images you want to keep, `push` them Docker Hub or your private Docker Trusted Registry before attempting this procedure.

+

+The procedure below will create a 90GB data volume and 4GB metadata volume to use as backing for the storage pool. It assumes that you have a spare block device at `/dev/xvdf` with enough free space to complete the task. The device identifier and volume sizes may be be different in your environment and you should substitute your own values throughout the procedure. The procedure also assumes that the Docker daemon is in the `stopped` state.

+

+1. Log in to the Docker host you want to configure and stop the Docker daemon.

+

+2. If it exists, delete your existing image store by removing the `/var/lib/docker` directory.

+

+        $ sudo rm -rf /var/lib/docker

+

+3. Create an LVM physical volume (PV) on your spare block device using the `pvcreate` command.

+

+        $ sudo pvcreate /dev/xvdf

+        Physical volume `/dev/xvdf` successfully created

+

+    The device identifier may be different on your system. Remember to substitute your value in the command above.

+

+4. Create a new volume group (VG) called `vg-docker` using the PV created in the previous step.

+

+        $ sudo vgcreate vg-docker /dev/xvdf

+        Volume group `vg-docker` successfully created

+

+5. Create a new 90GB logical volume (LV) called `data` from space in the `vg-docker` volume group.

+

+        $ sudo lvcreate -L 90G -n data vg-docker

+        Logical volume `data` created.

+

+    The command creates an LVM logical volume called `data` and an associated block device file at `/dev/vg-docker/data`. In a later step, you instruct the `devicemapper` storage driver to use this block device to store image and container data.

+

+    If you receive a signature detection warning, make sure you are working on the correct devices before continuing. Signature warnings indicate that the device you're working on is currently in use by LVM or has been used by LVM in the past.

+

+6. Create a new logical volume (LV) called `metadata` from space in the `vg-docker` volume group.

+

+        $ sudo lvcreate -L 4G -n metadata vg-docker

+        Logical volume `metadata` created.

+

+    This creates an LVM logical volume called `metadata` and an associated block device file at `/dev/vg-docker/metadata`. In the next step you instruct the `devicemapper` storage driver to use this block device to store image and container metadata.

+

+5. Start the Docker daemon with the `devicemapper` storage driver and the `--storage-opt` flags.

+

+  The `data` and `metadata` devices that you pass to the `--storage-opt` options were created in the previous steps.

+

+        $ sudo docker daemon --storage-driver=devicemapper --storage-opt dm.datadev=/dev/vg-docker/data --storage-opt dm.metadatadev=/dev/vg-docker/metadata &

+        [1] 2163

+        [root@ip-10-0-0-75 centos]# INFO[0000] Listening for HTTP on unix (/var/run/docker.sock)

+        INFO[0027] Option DefaultDriver: bridge

+        INFO[0027] Option DefaultNetwork: bridge

+        <output truncated>

+        INFO[0027] Daemon has completed initialization

+        INFO[0027] Docker daemon                                 commit=0a8c2e3 execdriver=native-0.2 graphdriver=devicemapper version=1.8.2

+

+    It is also possible to set the `--storage-driver` and `--storage-opt` flags in the Docker config file and start the daemon normally using the `service` or `systemd` commands.

+

+6. Use the `docker info` command to verify that the daemon is using `data` and `metadata` devices you created.

+

+        $ sudo docker info

+        INFO[0180] GET /v1.20/info

+        Containers: 0

+        Images: 0

+        Storage Driver: devicemapper

+         Pool Name: docker-202:1-1032-pool

+         Pool Blocksize: 65.54 kB

+         Backing Filesystem: xfs

+         Data file: /dev/vg-docker/data

+         Metadata file: /dev/vg-docker/metadata

+        [...]

+

+    The output of the command above shows the storage driver as `devicemapper`. The last two lines also confirm that the correct devices are being used for the `Data file` and the `Metadata file`.

+

+### Examine devicemapper structures on the host

+

+You can use the `lsblk` command to see the device files created above and the `pool` that the `devicemapper` storage driver creates on top of them.

+

+    $ sudo lsblk

+    NAME                       MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT

+    xvda                       202:0    0    8G  0 disk

+    └─xvda1                    202:1    0    8G  0 part /

+    xvdf                       202:80   0  100G  0 disk

+    ├─vg--docker-data          253:0    0   90G  0 lvm

+    │ └─docker-202:1-1032-pool 253:2    0  100G  0 dm

+    └─vg--docker-metadata      253:1    0    4G  0 lvm

+      └─docker-202:1-1032-pool 253:2    0  100G  0 dm

+

+The diagram below shows the image from prior examples updated with the detail from the `lsblk` command above.

+

+![](http://farm1.staticflickr.com/703/22116692899_0471e5e160_b.jpg)

+

+In the diagram, the pool is named `Docker-202:1-1032-pool` and spans the `data` and `metadata` devices created earlier. The `devicemapper` constructs the pool name as follows:

+

+```

+Docker-MAJ:MIN-INO-pool

+```

+

+`MAJ`, `MIN` and `INO` refer to the major and minor device numbers and inode.

+

+Because Device Mapper operates at the block level it is more difficult to see

+diffs between image layers and containers. However, there are two key

+directories. The `/var/lib/docker/devicemapper/mnt` directory contains the mount

+points for images and containers. The `/var/lib/docker/devicemapper/metadata`

+directory contains one file for every image and container snapshot. The files

+contain metadata about each snapshot in JSON format.

+

+## Device Mapper and Docker performance

+

+It is important to understand the impact that allocate-on-demand and copy-on-write operations can have on overall container performance.

+

+### Allocate-on-demand performance impact

+

+The `devicemapper` storage driver allocates new blocks to a container via an allocate-on-demand operation. This means that each time an app writes to somewhere new inside a container, one or more empty blocks has to be located from the pool and mapped into the container.

+

+All blocks are 64KB. A write that uses less than 64KB still results in a single 64KB block being allocated. Writing more than 64KB of data uses multiple 64KB blocks. This can impact container performance, especially in containers that perform lots of small writes. However, once a block is allocated to a container subsequent reads and writes can operate directly on that block.

+

+### Copy-on-write performance impact

+

+Each time a container updates existing data for the first time, the `devicemapper` storage driver has to perform a copy-on-write operation. This copies the data from the image snapshot to the container's snapshot. This process can have a noticeable impact on container performance.

+

+All copy-on-write operations have a 64KB granularity. As a results, updating 32KB of a 1GB file causes the driver to copy a single 64KB block into the container's snapshot. This has obvious performance advantages over file-level copy-on-write operations which would require copying the entire 1GB file into the container layer.

+

+In practice, however, containers that perform lots of small block writes (<64KB) can perform worse with `devicemapper` than with AUFS.

+

+### Other device mapper performance considerations

+

+There are several other things that impact the performance of the `devicemapper` storage driver..

+

+- **The mode.** The default mode for Docker running the `devicemapper` storage driver is `loop-lvm`. This mode uses sparse files and suffers from poor performance. It is **not recommended for production**. The recommended mode for production environments is `direct-lvm` where the storage driver writes directly to raw block devices.

+

+- **High speed storage.** For best performance you should place the `Data file` and `Metadata file` on high speed storage such as SSD. This can be direct attached storage or from a SAN or NAS array.

+

+- **Memory usage.** `devicemapper` is not the most memory efficient Docker storage driver. Launching *n* copies of the same container loads *n* copies of its files into memory. This can have a memory impact on your Docker host. As a result, the `devicemapper` storage driver may not be the best choice for PaaS and other high density use cases.

+

+One final point, data volumes provide the best and most predictable performance. This is because they bypass the storage driver and do not incur any of the potential overheads introduced by thin provisioning and copy-on-write. For this reason, you may want to place heavy write workloads on data volumes.

+

+## Related Information

+

+* [Understand images, containers, and storage drivers](imagesandcontainers.md)

+* [Select a storage driver](selectadriver.md)

+* [AUFS storage driver in practice](aufs-driver.md)

+* [BTRFS storage driver in practice](btrfs-driver.md)

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/aufs_delete.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/aufs_layers.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/aufs_metadata.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/base_device.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/btfs_constructs.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/btfs_container_layer.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/btfs_layers.png differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/btfs_pool.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/btfs_snapshots.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/btfs_subvolume.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/container-layers.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/dm_container.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/image-layers.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/overlay_constructs.jpg differ

new file mode 100644

Binary files /dev/null and b/docs/userguide/storagedriver/images/overlay_constructs2.jpg differ

new file mode 100644