eeacms/docker-cleanup Docker 镜像 - 轩辕镜像

Docker Cleanup

This image will periodically clean up exited containers and remove images and volumes that aren't in use by a running container. Based on meltwater/docker-cleanup with some small changes.

WARNING: This script will remove all exited containers, data-only containers and unused images unless you carefully exclude them. Take care if you mount /var/lib/docker into the container since that will clean up all unused data volumes. If it's not compatible with your system or Docker version it may delete all your volumes, even from under running containers.

Normally any Docker containers that exit are still kept on disk until docker rm -v is used to clean them up. Similarly any images that aren't used any more are kept around. For a cluster node that see lots of containers start and stop, large amounts of exited containers and old image versions can fill up the disk. A Jenkins build slave has the same issues, but can also suffer from SNAPSHOT images being continuously rebuilt and causing untagged images to be left around.

Environment Variables

The default parameters can be overridden by setting environment variables on the container using the docker run -e flag.

• CLEAN_PERIOD=1800 - Interval in seconds to sleep after completing a cleaning run. Defaults to 1800 seconds = 30 minutes.
• DELAY_TIME=1800 - Seconds to wait before removing exited containers and unused images. Defaults to 1800 seconds = 30 minutes.
• KEEP_IMAGES - List of images to avoid cleaning, e.g. "ubuntu:trusty, ubuntu:latest". Defaults to clean all unused images.
• KEEP_CONTAINERS - List of images for exited or dead containers to avoid cleaning, e.g. "ubuntu:trusty, ubuntu:latest".
• KEEP_CONTAINERS_NAMED - List of names for exited or dead containers to avoid cleaning, e.g. "my-container1, persistent-data".
• KEEP_VOLUMES - List of unused named volumes to avoid cleaning, e.g. "database-vol, caching". To keep all use the value **All**.
• LOOP - Add the ability to do non-looped cleanups, run it once and exit. Options are true, false. Defaults to true to run it forever in loops.
• DEBUG - Set to 1 to enable more debugging output on pattern matches
• DOCKER_API_VERSION - The docker API version to use. This defaults to 1.20, but you can override it here in case the docker version on your host differs from the one that is installed in this container. You can find this on your host system by running docker version --format '{{.Client.APIVersion}}'.

Note that KEEP_IMAGES, KEEP_CONTAINERS, and KEEP_CONTAINERS_NAMED are left-anchored regexs. Therefore, the image foo/bar:tag will be matched by ANY of the following:

• foo/bar:tag
• foo/bar
• foo/b
• [[:alpha:]]*/bar
• .*/.*:tag
• .*:tag
• foo/*:tag

However it will not match

• foo/baz
• bar:tag
• /bar
• :tag
• [[:alpha:]]*:tag

By default, all are set to **None** which is the same as the blank string. If you want to keep ALL images, volumes or containers, effectively disabling this part of the cleanup, then you should use **All** to match it all.

Deployment

The image uses the Docker client to to list and remove containers and images. For this reason the Docker client and socket is mapped into the container.

If the /var/lib/docker directory is mapped into the container this script will also clean up orphaned Docker volumes.

Docker-compose and Rancher

yml
cleanup:
  image: eeacms/docker-cleanup:2.1.0
  environment:
    CLEAN_PERIOD: '86400'
    DEBUG: '0'
    DELAY_TIME: '900'
    KEEP_CONTAINERS: '**All**'
    KEEP_CONTAINERS_NAMED: '**All**'
    KEEP_VOLUMES: '**None**'
    KEEP_IMAGES: rancher/, busybox, tianon/
    LOOP: 'true'
  labels:
    io.rancher.scheduler.global: 'true'
    io.rancher.scheduler.affinity:host_label_ne: janitor.exclude=true
  privileged: true
  volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - /var/lib/docker:/var/lib/docker

Systemd and CoreOS/Fleet

Create a Systemd unit file in /etc/systemd/system/docker-cleanup.service with contents like below. Using CoreOS and Fleet then add the X-Fleet section to schedule the unit on all cluster nodes.

[Unit]
Description=Cleanup of exited containers and unused images/volumes
After=docker.service
Requires=docker.service

[Install]
WantedBy=multi-user.target

[Service]
Environment=IMAGE=eeacms/docker-cleanup:latest NAME=docker-cleanup

# Allow docker pull to take some time
TimeoutStartSec=600

# Restart on failures
KillMode=none
Restart=always
RestartSec=15

ExecStartPre=-/usr/bin/docker kill $NAME
ExecStartPre=-/usr/bin/docker rm $NAME
ExecStartPre=-/bin/sh -c 'if ! docker images | tr -s " " : | grep "^${IMAGE}:"; then docker pull "${IMAGE}"; fi'
ExecStart=/usr/bin/docker run \
    -v /var/run/docker.sock:/var/run/docker.sock:rw \
    -v /var/lib/docker:/var/lib/docker:rw \
    --name=${NAME} \
    $IMAGE

ExecStop=/usr/bin/docker stop $NAME

[X-Fleet]
Global=true

Puppet Hiera

Using the garethr-docker module

classes:
  - docker::run_instance

docker::run_instance:
  'cleanup':
    image: 'eeacms/docker-cleanup:latest'
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:rw"
      - "/var/lib/docker:/var/lib/docker:rw"

Command Line

docker run \
  -v /var/run/docker.sock:/var/run/docker.sock:rw \
  -v /var/lib/docker:/var/lib/docker:rw \
  eeacms/docker-cleanup:latest

Kubernetes

You can find a Kubernetes DaemonSet configuration, that will allow you to run the eeacms/docker-cleanup container on every node of your cluster.

kubectl create -f contrib/k8s-daemonset.yml

Development

A Makefile is included to help with repetitive commands during development.

make help