iCompaas Support

Profile Applicability:

• Level 2 

Description:

Docker's base device size should not be modified unless necessary. The base device size determines the size of the filesystem used by containers, and increasing it can affect the system's resources. Expanding the base device size should only be done when required for specific workloads.

Rationale:

Changing the base device size can increase the size of the filesystem, which might lead to resource exhaustion if not properly managed. Since Docker doesn't allow shrinking the base device size once increased, careful consideration is necessary before making any changes.

Impact:

Pros:

• Prevents unintentional resource exhaustion by controlling the base device size.
  

• Reduces the risk of denying service by ensuring filesystem expansion is carefully managed.
  

Cons:

• If the size is increased unnecessarily, it could consume more disk space than needed.
  

Default Value:

The default base device size is 10GB.

Pre-requisites:

• Administrative access to the Docker host.
  

• Knowledge of storage requirements and Docker’s storage driver.
  

Remediation

Test Plan:

Using AWS Console:

1. Log in to the EC2 instance running Docker.
   

2. Verify that no --storage-opt dm.basesize parameter is set in the docker info output:
   

   ps -ef | grep dockerd

   
   

Using AWS CLI:

1. Connect to the EC2 instance where Docker is running.
   

2. Run the following command to check if the --storage-opt dm.basesize parameter is set:
   

   ps -ef | grep dockerd

   
   

Implementation Plan:

Using AWS Console:

1. Log in to the EC2 instance.
   

2. Ensure that the --storage-opt dm.basesize option is not set by checking the Docker daemon startup options and /etc/docker/daemon.json for any modifications.
   

Using AWS CLI:

1. Use SSM to ensure the --storage-opt dm.basesize parameter is not set, and restart Docker:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["ps -ef | grep dockerd && sudo systemctl restart docker"]'

   
   

Backout Plan:

1. Using AWS Console:

2. Log in to the EC2 instance.
   

3. If the --storage-opt dm.basesize is set, remove it from /etc/docker/daemon.json or ensure the Docker daemon does not have this parameter in its start-up options.
   

Using AWS CLI:

1. Use SSM to remove the --storage-opt dm.basesize parameter and restart Docker:
   

   aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceIds,Values=instance_id" --parameters 'commands=["sudo sed -i \'/--storage-opt dm.basesize/d\' /etc/docker/daemon.json && sudo systemctl restart docker"]'

   
   

References:

• Docker Storage Driver Options