iCompaas Support

Profile Applicability:

• Level 1 
  

Description:

Docker containers and their data are stored under the /var/lib/docker directory by default. To avoid storage-related issues, it is recommended to create a separate partition (logical volume) for Docker files, ensuring that the host system and Docker's storage do not interfere with each other.

Rationale:

Docker uses /var/lib/docker as the directory for storing containers, images, and metadata. Without a dedicated partition, the disk could fill up quickly, which would render both Docker and the host system unusable. By creating a separate partition, the storage is isolated, preventing potential disruptions.

Impact:

None: No direct impact on functionality, but it improves stability by ensuring that Docker's storage needs are isolated from the host system.

Default Value:

By default, /var/lib/docker is mounted under the / or /var partitions, depending on the OS configuration.

Pre-requisites:

• Access to the host system with administrative privileges.
  

• Knowledge of Logical Volume Manager (LVM) or disk partitioning.
  

Remediation:

Test Plan:

Using AWS Console:

1. Navigate to the EC2 instance running Docker.
   
2. Run the command grep '/var/lib/docker\s' /proc/mounts to confirm that /var/lib/docker is mounted correctly on a separate partition.
   
3. Alternatively, run mountpoint -- "$(docker info -f '{{ .DockerRootDir }}')" to verify whether the root directory is a mount point.
   

Using AWS CLI:

1. Connect to the EC2 instance.
   
2. Run the command  to check the Docker root directory and ensure it points to the appropriate partition.

docker info -f '{{ .DockerRootDir }}'

Implementation Plan:

Using AWS Console:

1. Connect to the EC2 instance.
   
2. Create a new partition using a tool like LVM or a dedicated disk.
   
3. Mount the new partition to /var/lib/docker.
   
4. Modify /etc/fstab to ensure that the partition is mounted persistently after reboots.
   
5. Restart Docker to ensure the changes take effect:
   

Using AWS CLI:

1. Use SSM to remotely create a new partition and mount it for Docker storage.
   
2. Execute the following command to create the partition:
   

aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo lvcreate -L 10G -n docker_data docker_vg && sudo mkfs.ext4 /dev/docker_vg/docker_data && sudo mount /dev/docker_vg/docker_data /var/lib/docker && sudo systemctl restart docker"]'

Backout Plan:

Using AWS Console:

1. Connect to the EC2 instance.
   
2. Unmount the partition using:
   

sudo umount /var/lib/docker

       3. Remove the partition or reconfigure Docker to use the default directory.

      4. Restart Docker:

Using AWS CLI:

1. Use SSM to remove the partition and revert to the default Docker directory:
   

aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo umount /var/lib/docker && sudo rm -rf /var/lib/docker/* && sudo systemctl restart docker"]'

References:

• Docker Storage Recommendations
  

• Docker Storage Documentation