Setup docker BTRFS subvolume

inverse · March 24, 2023, 10:45am

I setup my system using btrfs and timeshift for easier snapshotting and restoration however I noticed that docker (/var/llib/docker) is being included in these snapshots and I’ve noticed some weird behaviour like certain images having my host mounted into them

https://www.reddit.com/r/docker/comments/mba2c7/comment/grxwudz/?utm_source=reddit&utm_medium=web2x&context=3

I saw this post which looks like it would solve it but was unable to follow what steps are required to make such changes.

Any help would be much appreciated!

dalto · March 24, 2023, 11:02am

Can you more clearly identify what the problem you are facing is?

The reddit article you linked is that timeshift isn’t properly rolling back snapshots with nested subvolumes. It isn’t clear how that is related to the issues you are describing.

inverse · March 24, 2023, 11:09am

I have that issue outlined in the Reddit post as well which is another motivation for trying to stop those being included.

But right now I have a weird issue…

malachi@puslar-work monitoring $ docker run -it <redacted>/builder/ruby:3.1 bash
[root@c012c330a823 /]# yay
 -> Avoid running yay as root/sudo.

Which is strange as the image is bases of Debian yet for some reason seems to be mounting my host if I check the / it’s the same file system.

dalto · March 24, 2023, 11:11am

But the issue the reddit post describes is trying to address the fact that they are not included.

inverse · March 24, 2023, 11:29am

Ahhh perhaps I misread it - I was facing the same issue there though that when rolling back my docker setup was broken.

I assumed it was because they are includedas subvolume list yields:

malachi@puslar-work monitoring $ sudo btrfs subvolume list /
ID 256 gen 248205 top level 5 path timeshift-btrfs/snapshots/2022-06-20_09-12-29/@
ID 257 gen 248306 top level 5 path @home
ID 258 gen 248205 top level 5 path @cache
ID 259 gen 248306 top level 5 path @log
ID 260 gen 51142 top level 256 path timeshift-btrfs/snapshots/2022-06-20_09-12-29/@/var/lib/portables
ID 261 gen 51142 top level 256 path timeshift-btrfs/snapshots/2022-06-20_09-12-29/@/var/lib/machines
ID 262 gen 248205 top level 5 path @var-cache-pacman-pkg
ID 263 gen 247666 top level 5 path @swap
ID 264 gen 248205 top level 5 path timeshift-btrfs/snapshots/2022-03-10_14-15-23/@
ID 312 gen 51142 top level 256 path timeshift-btrfs/snapshots/2022-06-20_09-12-29/@/var/lib/docker/btrfs/subvolumes/a37bbf90e5a5760a60058057339157863acf0dc9172920ccd03945dc58f0b2f6
ID 313 gen 51142 top level 256 path timeshift-btrfs/snapshots/2022-06-20_09-12-29/@/var/lib/docker/btrfs/subvolumes/c8145e4593b893fafcca106376fdd6df62781a22a3cdeb039504c3e93cb86197
ID 314 gen 51142 top level 256 path timeshift-btrfs/snapshots/2022-06-20_09-12-29/@/var/lib/docker/btrfs/subvolumes/d03089f074c95ca178aa8eaf7cfc5c2ff9079326518aa4c167eb69c8150eadba
...

I assumed I would need to create a named volume called @docker to the path /var/lib/docker and it would make working with timeshift + docker better but my knowledge of btrfs is not good.

dalto · March 24, 2023, 11:36am

Yes, what that is showing is that your snapshots do not include your docker subvolumes.

The real issue here is that timeshift fails to handle nested subvolumes properly.

Yes, that would help. However, it won’t fix those existing docker subvolumes. You would have to move those around after creating and mounting the non-nested docker subvolume.

inverse · March 24, 2023, 11:55am

The real issue here is that timeshift fails to handle nested subvolumes properly.

I’m happy to nuke all those docker sub-volumes and start fresh. Also can remove all timeshift snapshots if that helps too?

What steps would I need to do to get there?

dalto · March 24, 2023, 12:42pm

Can you share the contents of /etc/fstab and the output of lsblk -plo name,type,fstype,size,mountpoint

inverse · March 24, 2023, 1:07pm

malachi@puslar-work ~ $ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=6C89-1181                            /boot/efi      vfat    umask=0077 0 2
/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /              btrfs   subvol=/@,defaults,noatime,autodefrag,compress=zstd 0 0
/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /home          btrfs   subvol=/@home,defaults,noatime,autodefrag,compress=zstd 0 0
/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /var/cache     btrfs   subvol=/@cache,defaults,noatime,autodefrag,compress=zstd 0 0
/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /var/log       btrfs   subvol=/@log,defaults,noatime,autodefrag,compress=zstd 0 0
/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /var/cache/pacman/pkg btrfs subvol=/@var-cache-pacman-pkg,defaults,noatime,autodefrag,compress=zstd 0 0



/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /swap          btrfs   subvol=@swap,defaults,compress=no 0 0
/swap/swapfile none swap defaults 0 0
/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /var/cache/pacman/pkg btrfs subvol=/@var-cache-pacman-pkg,defaults,noatime,autodefrag,compress=zstd 0 0

/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /swap          btrfs   subvol=@swap,defaults,compress=no 0 0
/swap/swapfile none swap defaults 0 0

Not sure why /swap and /var/cache/pacman/pkg is outlined twice

malachi@puslar-work ~ $ lsblk -plo name,type,fstype,size,mountpoint
NAME                                                  TYPE  FSTYPE        SIZE MOUNTPOINT
/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc crypt btrfs       953.4G /var/lib/docker/btrfs
/dev/nvme0n1                                          disk              953.9G 
/dev/nvme0n1p1                                        part  vfat          512M /boot/efi
/dev/nvme0n1p2                                        part  crypto_LUKS 953.4G

dalto · March 24, 2023, 1:34pm

Yes you should remove the 3 duplicate lines from that file.

I am also not sure I see the point in creating a separate subvolume for /var/cache/pacman/pkg since you already have /var/cache on a separate subvolume but it doesn’t hurt anything.

As for the rest, here is one way to do it:

sudo mkdir /mnt/btrfs
sudo mount /dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /mnt/btrfs -o subvolid=5
sudo btrfs subvolume create /mnt/btrfs/@docker

Add this to /etc/fstab

/dev/mapper/luks-2afa3d76-e25c-4819-8f2f-0da5f4c216dc /var/lib/docker     btrfs   subvol=/@docker,defaults,noatime,autodefrag,compress=zstd 0 0

The test it with:

sudo mount /var/lib/docker

Then feel free to clean up the extra subvolumes you don’t need.

inverse · March 24, 2023, 1:51pm

Thanks so much for your help! Will try this out!

Yeah these were automatically created when I followed https://discovery.endeavouros.com/category/encrypted-installation/. There was one where you could just copy and run and that’s how I got to where I am

system · March 26, 2023, 1:52pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.