meltwater / docker-cleanup Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED Automatic Docker image, container and volume cleanup
License: MIT License
DEPRECATED Automatic Docker image, container and volume cleanup
License: MIT License
REPOSITORY TAG IMAGE ID CREATED SIZE
autodeploy 6ebe3bbe6cbed36f0c69cf87cbfb68aad14c62ba 9ffd283dcfcb 5 minutes ago 190.5 MB
x.x.io:443/ci/autodeploy 6ebe3bbe6cbed36f0c69cf87cbfb68aad14c62ba 9ffd283dcfcb 5 minutes ago 190.5 MB
Both images are not used but docker rmi 9ffd283dcfcb
doesn't work since they have the same ID. In this case it should be deleted by name.
2016-03-10T17:40:28.659207597Z => Start to clean 3 images
2016-03-10T17:40:28.679801771Z Error response from daemon: conflict: unable to delete 9ffd283dcfcb (must be forced) - image is referenced in one or more repositories
2016-03-10T17:40:28.680382797Z Error response from daemon: conflict: unable to delete 9ffd283dcfcb (must be forced) - image is referenced in one or more repositories
Hi,
I have some cuda (nvidia volumes) that should always stay around. Is there a possibility to keep them?
Feature request: Instead of deleting all unused images, have a pool size that evicts based on LRU.
This would be really useful when nodes are running all sorts of images but we would still like fast starts when.
Context: We run periodic jobs through a set of nodes. We have a lot of images and the nodes don't have a large attached disk.. I would like to keep the last 16GB of recently used images, but remove all others to be able to run new jobs.
seems that if you use --restart=always it'll start removing others that haven't restarted yet, some extra info in the logs would be nice too right now there's just the id so it's hard to see what happened
hey there!
Is it possible to run this script "one-shot" ?
I'd like to run it, and once finished, exit.
With the new release (1.7.0) im getting the following error:
$ docker run
-v /var/run/docker.sock:/var/run/docker.sock:rw
-v /var/lib/docker:/var/lib/docker:rw
meltwater/docker-cleanup
exec: "/run.sh": permission denied
docker: Error response from daemon: Container command could not be invoked..
There's no problem with 1.6.0. Not sure what changes made in run.sh that require extra permission.
Please specifically include the MIT License from chadoe/docker-cleanup-volumes (https://github.com/chadoe/docker-cleanup-volumes/blob/master/LICENSE).
I'm a bit confused as to how KEEP_CONTAINERS
and KEEP_CONTAINERS_NAMED
are supposed to work together. We were running this docker container (using the Rancher catalog stack) with the following env vars set:
KEEP_CONTAINERS = "*:*"
KEEP_CONTAINERS_NAMED = "**None**"
KEEP_IMAGES = "/rancher"
Based on that config and the docs I would expect no containers to ever get cleaned up (each container's image should match the KEEP_CONTAINERS
rule). However, we were seeing some start-once, data-only containers get cleaned up.
need ability to delete images based on age after the exclusion list
As stated on this article, only the docker daemon should have exclusive access to the configuration directory, /var/lib/docker
. Quoting from the article:
The Docker daemon was explicitly designed to have exclusive access to /var/lib/docker. Nothing else should touch, poke, or tickle any of the Docker files hidden there.
Why is that? It’s one of the hard learned lessons from the dotCloud days. The dotCloud container engine worked by having multiple processes accessing /var/lib/dotcloud simultaneously. Clever tricks like atomic file replacement (instead of in-place editing), peppering the code with advisory and mandatory locking, and other experiments with safe-ish systems like SQLite and BDB only got us so far; and when we refactored our container engine (which eventually became Docker) one of the big design decisions was to gather all the container operations under a single daemon and be done with all that concurrent access nonsense.
(Don’t get me wrong: it’s totally possible to do something nice and reliable and fast involving multiple processes and state-of-the-art concurrency management; but we think that it’s simpler, as well as easier to write and to maintain, to go with the single actor model of Docker.)
This means that if you share your /var/lib/docker directory between multiple Docker instances, you’re gonna have a bad time. Of course, it might work, especially during early testing. “Look ma, I can docker run ubuntu!” But try to do something more involved (pull the same image from two different instances…) and watch the world burn.
I think binding the unix socket should be enough, and the right way of doing it - by only executing docker commands and not inspecting the configuration files.
I had to re-create my entire environment
Hi, I wanted to use this useful tool on a EC2 instance running the last CoreOS stable AMI (version 835.11.0, ami-7e72c70d
).
The thing is that it comes with Docker 1.8.3:
~ $ docker version
Client:
Version: 1.8.3
API version: 1.20
Go version: go1.4.2
Git commit: cedd534-dirty
Built: Fri Jan 22 06:07:01 UTC 2016
OS/Arch: linux/amd64
Server:
Version: 1.8.3
API version: 1.20
Go version: go1.4.2
Git commit: cedd534-dirty
Built: Fri Jan 22 06:07:01 UTC 2016
OS/Arch: linux/amd64
When I try to run docker-cleanup
with docker run -v /var/run/docker.sock:/var/run/docker.sock:rw -v /var/lib/docker:/var/lib/docker:rw meltwater/docker-cleanup:latest
, I get:
Error response from daemon: client is newer than server (client API version: 1.21, server API version: 1.20)
Cannot run docker binary at /usr/bin/docker
Please check if the docker binary is mounted correctly
Is there a way to use an older version of docker-cleanup
that runs the same version of my host? Do you have any suggestion?
Isn't this a common issue? I don't think that all the people is using Docker 1.9.
Thanks a lot!
Docker version 1.9.1, build a34a1d5
docker@default:~$ docker run \
> --restart \
> -e KEEP_IMAGES="ubuntu:14.04 corp/important-image:tag" \
> -v /var/run/docker.sock:/var/run/docker.sock:rw \
> -v /var/lib/docker:/var/lib/docker:rw \
> meltwater/docker-cleanup:latest
> docker: invalid restart policy -e.
> See 'docker run --help'.`
Right now this tool is aimed at vfs, coreos uses overlay, which doesn't really work in the same way, at least changing vfs/dir to overlay and running the script removes all sorts of things that break running containers.
I'm wondering if you investigated that subject already.
Hi when i change the default value of DELAY_TIME I get the following error in my logs. What could be causing this?
This is my unit file
[Unit]
Description=Cleanup of exited containers and unused images/volumes
After=docker.service
Requires=docker.service
[Install]
WantedBy=multi-user.target
[Service]
Environment=IMAGE=meltwater/docker-cleanup:latest NAME=docker-cleanup
TimeoutStartSec=600
KillMode=none
Restart=always
RestartSec=15
ExecStartPre=-/usr/bin/docker kill $NAME
ExecStartPre=-/usr/bin/docker rm $NAME
ExecStartPre=-/bin/sh -c 'if ! docker images | tr -s " " : | grep "^${IMAGE}:"; then docker pull "${IMAGE}"; fi'
ExecStart=/usr/bin/docker run
-e CLEAN_PERIOD='3600'
-e DELAY_TIME='3600'
-v /var/run/docker.sock:/var/run/docker.sock:rw
-v /var/lib/docker:/var/lib/docker:rw
--name=${NAME}
$IMAGE
ExecStop=/usr/bin/docker stop $NAME
I like this idea. we initially thought something like this for our CI box but we need a shell script to clean up this container which might be dangling
Ended up creating a new jenkins job which runs weekly with following container commands:
docker rm -f $(docker ps -aq)
docker rmi -f $(docker images -q)
We dont have any requirement to keep any specific containers running but thanks for providing this code!
https://docs.docker.com/compose/compose-file/#labels
ie :
labels:
com.janitor.ephemeral: true
com.janitor.dependsOn: [ 'container-name', 'container-name']
I'm experiencing a strange issue ATM, where I get the following logs from the containers:
docker is running properly
DEBUG ENABLED
=> Run the clean script every 60 seconds and delay 1800 seconds to clean.
DEBUG: Starting loop
=> Removing unused volumes using native 'docker volume' command
Error response from daemon: json: cannot unmarshal object into Go value of type []string
=> Removing exited/dead containers
Error response from daemon: json: cannot unmarshal object into Go value of type []string
=> Removing unused images
Error response from daemon: json: cannot unmarshal object into Go value of type []string
Here are the different Docker informations:
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: linux/amd64
The Docker daemon (/var/log/docker.log
) also have these logs:
time="2016-06-13T11:06:38.415267697Z" level=error msg="Handler for GET /v1.21/volumes returned error: json: cannot unmarshal object into Go value of type []string"
time="2016-06-13T11:06:38.415364606Z" level=error msg="HTTP Error" err="json: cannot unmarshal object into Go value of type []string" statusCode=500
time="2016-06-13T11:06:38.434171019Z" level=error msg="Handler for GET /v1.21/containers/json returned error: json: cannot unmarshal object into Go value of type []string"
time="2016-06-13T11:06:38.434265178Z" level=error msg="HTTP Error" err="json: cannot unmarshal object into Go value of type []string" statusCode=500
time="2016-06-13T11:06:38.451053964Z" level=error msg="Handler for GET /v1.21/containers/json returned error: json: cannot unmarshal object into Go value of type []string"
time="2016-06-13T11:06:38.451140106Z" level=error msg="HTTP Error" err="json: cannot unmarshal object into Go value of type []string" statusCode=500
Anybody already experienced this issue?
Thank you very much,
Take volume output like the following:
$ docker volume ls
DRIVER VOLUME NAME
rancher-secrets 5e41a869acdb6a76c0cbf3212a358f72f96254b94bb3eebeb28d04b1171f3708
rancher-secrets 5ffeab5ad23e1f15705ade81b41677d6875f9cca5b33efde8149a43f6904853b
rancher-secrets 8c0744a2e9c3b15fcd42225b140716d6848bbfb01754de17f08d373cbd0f3aed
rancher-secrets 9774cc2270aad64b81cfa52db62d76ceebed4d2b183fa0c0ade34d2f3bcc6cc7
rancher-secrets c7b8416d75b3baa24cb500e28e3e1a29ce7df3ef530496b5d087ec9c0bef6739
rancher-nfs dev-mysql-etc
local f258cd3613f345121bafeb1643dd0849d698cb9058fecf25506a2dcf2998da77
rancher-secrets f3ac3d0bf7d9484b2483d7eafba72c4be204feeb648bb40b760855301e1e92ba
rancher-nfs openvpn-etc
rancher-nfs postfix-log
rancher-nfs postfix-spool
local rancher-agent-state
local rancher-cni
local rancher-cni-driver
rancher-nfs runner01-etc
rancher-nfs runner02-etc
rancher-nfs sq-content
rancher-nfs sq-content-dev
Every one of the non-local
volumes is managed by a volume driver and cannot be managed by docker volume
, yet the script still identifies them as unused volumes and attempts to remove them.
This can be fixed by adding the filter of driver=local
to the command on line 85 as follows:
docker volume ls -f driver=local,dangling=true -q
I found out that it does not remove any images. If -f is added to docker rmi command images will be removed then correctly. Reason was something like "because of tags try -f".
It would be very helpful if KEEP_IMAGES could take wildcards, or if specifying a container without a tag implied ALL tags. IE:
steve/foo : Keep steve/foo:latest, steve/foo:v1, steve/foo:v2 etc (same as steve/foo:* )
steve/* : Keep steve/foo:latest, steve/bar:v1, etc (same as steve/: )
steve/foo:latest : Only keep steve/foo:latest
steve/*:latest : Keep latest versions of all steve containers; steve/foo:latest, steve/bar:latest, etc
Doing this would allow us to clean up only unused container that are not in-house created, or all versions of one particular container.
Hi,
I am Kang Yin, a graduate student of Institute of Software, Chinese Academy of Sciences. Now we are doing a research on how to recommend tags for Docker Hub’s projects. We applied text mining and natural language processing to build a tag recommendation system for Docker projects.
We notice that you have created a repository on Docker Hub, which is named meltwater/docker-cleanup and the project address is https://hub.docker.com/r/meltwater/docker-cleanup/
Since the developers knows their projects better, we want to evaluate our recommendation results with your help as the project developer. We want to know if the recommended tags are reasonable for your projects.
The following tags (ranked by order) are generated from our model automatically. Would you like to do me a favor and reply with what tags are reasonable (Good) and what are not (Bad), in form of, “Good tags: ***, ***; Bad tags: ***, ***”.
The recommend tags for your project meltwater/docker-cleanup are listed as follows:
exited, cleanup, unused, docker-cleanup, clean, docker-cleanup-volumes, defaults, seconds, volumes, ubuntu
It will be a great help if you can give us a feedback.
Thank you so much for your precious time.
Since docker 1.9 introduced the docker volume
subcommand, removing volumes with docker-cleanup-volumes.sh
only partially removes them. The data is removed, but docker volume ls
still lists them.
This has the unfortunate side effect that creating named volumes with the same name as a previously removed one will blocks. Which makes containers startup stall when implicitly creating volumes with the -v
switch.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.