Docker Tips #1: Beware the 'rm'

This begins a serie of docker tips.

Scenario

I want to remove a container from my host

Given

My very simple Dockerfile

FROM phusion/baseimage:0.9.16
RUN echo useless command
VOLUME ["/data"]

built with docker build -t test .

Given

A container based on this image started with

docker run --name test_container -ti test /bin/dd if=/dev/zero of=/data/agileek_test.file count=102400 bs=1024

When

I remove it: docker rm test_container

Then

I expect to have everything deleted, right? Wrong

Explanations

If you look at /var/lib/docker/vfs/dir/ you will have something like that

/var/lib/docker/vfs/dir
├── 1fe7caeb0d0d70e199e529fc006713d79078dceff821bf4f9d0a9c52b7c16b63
├── 6dd51767e69d10859f605795d93fe1d0b2a3b8113ed05fffc2e7941f2d5546d3
│   └── agileek_test.file
├── 72ba5f35eb914871fab207d174c90668cf15979fa42a9e1a175febf257efba26

As you can see, the agileek_test.file is still here, without attached container, like a ghost folder on your system.

The Volume command

The fact that I specified VOLUME ["/data"] in my Dockerfile tells docker to treat this folder differently.

Almost every time when you use the VOLUME command, later when you run it, you mount this volume (on the host, or linked to another container) with -v

But when you forgot to do this, docker automatically creates a folder in a Virtual File System (on ubuntu, /var/lib/docker/vfs) and doesn’t delete it, even when you remove your container.

You can see with docker inspect test_container which folder has been created

"Volumes": {
	"/data": "/var/lib/docker/vfs/dir/6dd51767e69d10859f605795d93fe1d0b2a3b8113ed05fffc2e7941f2d5546d3"
}

but once you delete it, you’ve lost the information and this folder is “lost”

What can I do ?

The best practice is of course to always mount the folder that you declared with VOLUME in your Dockerfile.

The other good practice is to Read The Manual (Of course, I didn’t do it) because:

$ docker rm --help

Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]

Remove one or more containers

  -f, --force=false      Force the removal of a running container (uses SIGKILL)
  --help=false           Print usage
  -l, --link=false       Remove the specified link and not the underlying container
  -v, --volumes=false    Remove the volumes associated with the container

there is a -v option that Remove the volumes associated with the container

I really wished I found this before our server went full.