Docker Community Forums

Share and learn in the Docker community.

How can you see what volumes a container must map for an image and what happens if you don't map it?

Supposed all I have is a docker image, or path to an image, how do I determine what volumes have to be mapped for the image?

And, what happens if I don’t map a volume the image needs?

Read the docker hub description, it should list all environment variables, volumes and other required option to run the container. Also you might want to stay away from images that lack proper documentation. Images from bitnami and linuxserver are usualy a safe bet: well documented, broadly used and frequently updated using ci build chaines.

If a VOLUME declaration is present in a Dockerfile and you don’t map a volume to its target folder, you will end up having anonymous volumes with random alphanumeric names. Check the output of docker volume ls. Afair anonymous volumes are attache to the lifecycle of a container: created with them, removed with them (though, not 100% sure about the last bit, as sometimes you will find orphaned anyonymous volumes).

Use named volumes (e.g. for remote shares, but can be local folders as well) or bind-mounts (local folders only) if you want/need to persist data.

What about if they are not in DockerHub or a central place like that? I know I shouldn’t trust them but let’s just say I have the image – is there any other way to check? Like a way to reverse engineer the DockerFile?

Use docker ps to get the container id.

Then docker inspect -f ‘{{ .Mounts }}’ containerid

Example:

terminal 1

$ docker run -it -v /tmp:/tmp ubuntu:14.04 /bin/bash
terminal 2

$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ddb7b55902cc ubuntu:14.04 “/bin/bash” About a minute ago Up About a minute distracted_banach

$ docker inspect -f “{{ .Mounts }}” ddb7
map[/tmp:/tmp]
The output

map[/tmp:/tmp]
is, apparently, due to the use of the Go language to implement the docker command tools.

The docker inspect command without the -f format is quite verbose. Since it is JSON you could pipe it to python or nodejs and extract whatever you needed.

paul@home:~$ docker inspect ddb7
[{
“AppArmorProfile”: “”,
“Args”: ,
“Config”: {
“AttachStderr”: true,
“AttachStdin”: true,
“AttachStdout”: true,
“Cmd”: [
“/bin/bash”
],
“CpuShares”: 0,
“Cpuset”: “”,
“Domainname”: “”,
“Entrypoint”: null,
“Env”: [
“PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin”
],
“ExposedPorts”: null,
“Hostname”: “ddb7b55902cc”,
“Image”: “ubuntu:14.04”,
“MacAddress”: “”,
“Memory”: 0,
“MemorySwap”: 0,
“NetworkDisabled”: false,
“OnBuild”: null,
“OpenStdin”: true,
“PortSpecs”: null,
“StdinOnce”: true,
“Tty”: true,
“User”: “”,
“Volumes”: null,
“WorkingDir”: “”
},
“Created”: “2015-05-08T22:41:44.74862921Z”,
“Driver”: “devicemapper”,
“ExecDriver”: “native-0.2”,
“ExecIDs”: null,
“HostConfig”: {
“Binds”: [
“/tmp:/tmp”
],
“CapAdd”: null,
“CapDrop”: null,
“ContainerIDFile”: “”,
“Devices”: ,
“Dns”: null,
“DnsSearch”: null,
“ExtraHosts”: null,
“IpcMode”: “”,
“Links”: null,
“LxcConf”: ,
“NetworkMode”: “bridge”,
“PidMode”: “”,
“PortBindings”: {},
“Privileged”: false,
“PublishAllPorts”: false,
“ReadonlyRootfs”: false,
“RestartPolicy”: {
“MaximumRetryCount”: 0,
“Name”: “”
},
“SecurityOpt”: null,
“VolumesFrom”: null
},
“HostnamePath”: “/var/lib/docker/containers/ddb7b55902cc328612d794570fe9a936d96a9644411e89c4ea116a5fef4c311a/hostname”,
“HostsPath”: “/var/lib/docker/containers/ddb7b55902cc328612d794570fe9a936d96a9644411e89c4ea116a5fef4c311a/hosts”,
“Id”: “ddb7b55902cc328612d794570fe9a936d96a9644411e89c4ea116a5fef4c311a”,
“Image”: “ed5a78b7b42bde1e3e4c2996e02da778882dca78f8919cbd0deb6694803edec3”,
“MountLabel”: “”,
“Name”: “/distracted_banach”,
“NetworkSettings”: {
“Bridge”: “docker0”,
“Gateway”: “172.17.42.1”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“IPAddress”: “172.17.0.4”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“LinkLocalIPv6Address”: “fe80::42:acff:fe11:4”,
“LinkLocalIPv6PrefixLen”: 64,
“MacAddress”: “02:42:ac:11:00:04”,
“PortMapping”: null,
“Ports”: {}
},
“Path”: “/bin/bash”,
“ProcessLabel”: “”,
“ResolvConfPath”: “/var/lib/docker/containers/ddb7b55902cc328612d794570fe9a936d96a9644411e89c4ea116a5fef4c311a/resolv.conf”,
“RestartCount”: 0,
“State”: {
“Error”: “”,
“ExitCode”: 0,
“FinishedAt”: “0001-01-01T00:00:00Z”,
“OOMKilled”: false,
“Paused”: false,
“Pid”: 6115,
“Restarting”: false,
“Running”: true,
“StartedAt”: “2015-05-08T22:41:45.367432585Z”
},
“Volumes”: {
“/tmp”: “/tmp”
},
“VolumesRW”: {
“/tmp”: true
}
}
]
docker history will show the layers baked into an image. Unfortunately, docker history seems hobbled by its formatting and lack of options to choose what is displayed.

You can choose terse and verbose formats, via the --no-trunc flag.

docker history drpaulbrewer/spark-worker IMAGE CREATED CREATED BY SIZE 438ff4e1753a 2 weeks ago /bin/sh -c #(nop) CMD [/bin/sh -c /spark/my-s 0 B 6b664e299724 2 weeks ago /bin/sh -c #(nop) ADD file:09da603c5f0dca7cc6 296 B f6ae126ae124 2 weeks ago /bin/sh -c #(nop) MAINTAINER drpaulbrewer@eaf 0 B 70bcb3ffaec9 2 weeks ago /bin/sh -c #(nop) EXPOSE 2222/tcp 4040/tcp 60 0 B 1332ac203849 2 weeks ago /bin/sh -c apt-get update && apt-get --yes up 1.481 GB 8e6f1e0bb1b0 2 weeks ago /bin/sh -c sed -e 's/archive.ubuntu.com/www.g 1.975 kB b3d242776b1f 2 weeks ago /bin/sh -c #(nop) WORKDIR /spark/spark-1.3.1 0 B ac0d6cc5aa3f 2 weeks ago /bin/sh -c #(nop) ADD file:b6549e3d28e2d149c0 25.89 MB 6ee404a44b3f 5 weeks ago /bin/sh -c #(nop) WORKDIR /spark 0 B c167faff18cf 5 weeks ago /bin/sh -c adduser --disabled-password --home 335.1 kB f55d468318a4 5 weeks ago /bin/sh -c #(nop) MAINTAINER drpaulbrewer@eaf 0 B 19c8c047d0fe 8 weeks ago /bin/sh -c #(nop) CMD [/bin/bash] 0 B c44d976a473f 8 weeks ago /bin/sh -c sed -i 's/^#\s*\(deb.*universe\)/ 1.879 kB
14dbf1d35e28 8 weeks ago /bin/sh -c echo ‘#!/bin/sh’ > /usr/sbin/polic 701 B
afa7a164a0d2 8 weeks ago /bin/sh -c #(nop) ADD file:57f97478006b988c0c 131.5 MB
511136ea3c5a 23 months ago 0 B
Here’s a verbose example.

docker history --no-trunc=true drpaulbrewer/spark-worker
IMAGE CREATED CREATED BY SIZE
438ff4e1753a60779f389a3de593d41f7d24a61da6e1df76dded74a688febd64 2 weeks ago /bin/sh -c #(nop) CMD [/bin/sh -c /spark/my-spark-worker.sh] 0 B
6b664e29972481b8d6d47f98167f110609d9599f48001c3ca11c22364196c98a 2 weeks ago /bin/sh -c #(nop) ADD file:09da603c5f0dca7cc60f1911caf30c3c70df5e4783f7eb10468e70df66e2109f in /spark/ 296 B
f6ae126ae124ca211c04a1257510930b37ea78425e31a273ea0b1495fa176c57 2 weeks ago /bin/sh -c #(nop) MAINTAINER drpaulbrewer@eaftc.com 0 B
70bcb3ffaec97a0d14e93b170ed70cc7d68c3c9dfb0222c1d360a300d6e05255 2 weeks ago /bin/sh -c #(nop) EXPOSE 2222/tcp 4040/tcp 6066/tcp 7077/tcp 7777/tcp 8080/tcp 8081/tcp 0 B
1332ac20384947fe1f15107213b675e5be36a68d72f0e81153d6d5a21acf35af 2 weeks ago /bin/sh -c apt-get update && apt-get --yes upgrade && apt-get --yes install sed nano curl wget openjdk-8-jdk scala && echo “JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64” >>/etc/environment && export MAVEN_OPTS="-Xmx2g -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=512m" && ./build/mvn -Phive -Phive-thriftserver -DskipTests clean package && chown -R spark:spark /spark && mkdir /var/run/sshd 1.481 GB
8e6f1e0bb1b0b9286947d3a4b443cc8099b00f9670aab1d58654051e06f62e51 2 weeks ago /bin/sh -c sed -e ‘s/archive.ubuntu.com/www.gtlib.gatech.edu/pub/’ /etc/apt/sources.list > /tmp/sources.list && mv /tmp/sources.list /etc/apt/sources.list 1.975 kB
b3d242776b1f1f1ae5685471d06a91a68f92845ef6fc6445d831835cd55e5d0b 2 weeks ago /bin/sh -c #(nop) WORKDIR /spark/spark-1.3.1 0 B
ac0d6cc5aa3fdc3b65fc0173f6775af283c3c395c8dae945cf23940435f2785d 2 weeks ago /bin/sh -c #(nop) ADD file:b6549e3d28e2d149c0bc84f69eb0beab16f62780fc4889bcc64cfc9ce9f762d6 in /spark/ 25.89 MB
6ee404a44b3fdd3ef3318dc10f3d002f1995eea238c78f4eeb9733d00bb29404 5 weeks ago /bin/sh -c #(nop) WORKDIR /spark 0 B
c167faff18cfecedef30343ef1cb54aca45f4ef0478a3f6296746683f69d601b 5 weeks ago /bin/sh -c adduser --disabled-password --home /spark spark 335.1 kB
f55d468318a4778733160d377c5d350dc8f593683009699c2af85244471b15a3 5 weeks ago /bin/sh -c #(nop) MAINTAINER drpaulbrewer@eaftc.com 0 B
19c8c047d0fe2de7239120f2b5c1a20bbbcb4d3eb9cbf0efa59ab27ab047377a 8 weeks ago /bin/sh -c #(nop) CMD [/bin/bash] 0 B
c44d976a473f143937ef91449c73f2cabd109b540f6edf54facb9bc2b4fff136 8 weeks ago /bin/sh -c sed -i ‘s/^#\s*(deb.universe)$/\1/g’ /etc/apt/sources.list 1.879 kB
14dbf1d35e2849a00c6c2628055030fa84b4fb55eaadbe0ecad8b82df65cc0db 8 weeks ago /bin/sh -c echo ‘#!/bin/sh’ > /usr/sbin/policy-rc.d && echo ‘exit 101’ >> /usr/sbin/policy-rc.d && chmod +x /usr/sbin/policy-rc.d && dpkg-divert --local --rename --add /sbin/initctl && cp -a /usr/sbin/policy-rc.d /sbin/initctl && sed -i 's/^exit.
/exit 0/’ /sbin/initctl && echo ‘force-unsafe-io’ > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup && echo ‘DPkg::Post-Invoke { “rm -f /var/cache/apt/archives/.deb /var/cache/apt/archives/partial/.deb /var/cache/apt/.bin || true"; };’ > /etc/apt/apt.conf.d/docker-clean && echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/.deb /var/cache/apt/archives/partial/.deb /var/cache/apt/.bin || true”; };’ >> /etc/apt/apt.conf.d/docker-clean && echo ‘Dir::Cache::pkgcache “”; Dir::Cache::srcpkgcache “”;’ >> /etc/apt/apt.conf.d/docker-clean && echo ‘Acquire::Languages “none”;’ > /etc/apt/apt.conf.d/docker-no-languages && echo ‘Acquire::GzipIndexes “true”; Acquire::CompressionTypes::Order:: “gz”;’ > /etc/apt/apt.conf.d/docker-gzip-indexes 701 B
afa7a164a0d215dbf45cd1aadad2a4d12b8e33fc890064568cc2ea6d42ef9b3c 8 weeks ago /bin/sh -c #(nop) ADD file:57f97478006b988c0c68e5bf82684372e427fd45f21cd7baf5d974d2cfb29e65 in / 131.5 MB
511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158 23 months ago

But wouldn’t that only show what was mapped for the container? The image may ask for/expose multiple paths and you might only map 1 of them in the container.

The idea is to look at an image and see what is exposed – what needs to be mapped.

You might want to check the output of docker history --no-trunc {image id}.

lewis95 is a bot - don’t bother, usualy the responses are stollen from somewhere else and are hit and miss… though more misses than hits :wink: The last response is stolen from here.

You are free to map volumes to any existing or non existing paths inside the container. You will notice when you managed to render the container non functional :slight_smile: