Added notes and troubleshooting topic on volume mounts from host (#3556)

* added notes and troubleshooting topic on volume mounts from host Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * updates to troubleshooting, FAQs and shared drives topics and notes Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-06-12 15:10:15 -07:00 · 2017-06-12 15:10:15 -07:00 · fa52e73dc5
parent fd0eb53dd1
commit fa52e73dc5
4 changed files with 75 additions and 34 deletions
--- a/compose/compose-file/index.md
+++ b/compose/compose-file/index.md
@ -1210,9 +1210,9 @@ more information.
 ### volumes
 > **Note**: The top-level
-> [`volumes` option](#volume-configuration-reference) defines
+> [volumes](#volume-configuration-reference) option defines
-> a named volume and references it from each service's `volumes` list. This replaces `volumes_from` in earlier versions of the Compose file format. See [Docker Volumes](/engine/userguide/dockervolumes.md) and
+> a named volume and references it from each service's `volumes` list. This replaces `volumes_from` in earlier versions of the Compose file format. (See [Docker Volumes](/engine/userguide/dockervolumes.md) and
-[Volume Plugins](/engine/extend/plugins_volume.md) for general information on volumes.
+[Volume Plugins](/engine/extend/plugins_volume.md) for general information on volumes.)
 Mount host paths or named volumes. Named volumes must be defined in the
 [top-level `volumes` key](#volume-configuration-reference). Use named volumes with [services, swarms, and stack files](#volumes-for-services-swarms-and-stack-files).
@ -1359,12 +1359,15 @@ The supported units are `us`, `ms`, `s`, `m` and `h`.
 ## Volume configuration reference
-While it is possible to declare volumes on the fly as part of the service
+While it is possible to declare [volumes](#volumes) on the file as part of the
-declaration, this section allows you to create named volumes that can be
+service declaration, this section allows you to create named volumes (without
-reused across multiple services (without relying on `volumes_from`), and are
+relying on `volumes_from`) that can be reused across multiple services, and are
-easily retrieved and inspected using the docker command line or API.
+easily retrieved and inspected using the docker command line or API. See the
-See the [docker volume](/engine/reference/commandline/volume_create.md)
+[docker volume](/engine/reference/commandline/volume_create.md) subcommand
-subcommand documentation for more information.
+documentation for more information.
 See [Docker Volumes](/engine/userguide/dockervolumes.md) and [Volume
 Plugins](/engine/extend/plugins_volume.md) for general information on volumes.
 Here's an example of a two-service setup where a database's data directory is
 shared with another service as a volume so that it can be periodically backed
--- a/docker-for-windows/faqs.md
+++ b/docker-for-windows/faqs.md
@ -196,7 +196,7 @@ Started topic.
 To learn more about using Docker for Windows and Docker Machine, see
 [What to know before you install](install.md#what-to-know-before-you-install) in the Getting Started topic. For more about Docker Machine itself, see
-[What is Docker Machine?](/machine/overview.md#what-is-docker-machine)
+[What is Docker Machine?](/machine/overview.md#what-is-docker-machine), and the [Hyper-V driver](/machine/drivers/hyper-v.md) for Docker Machine.
 ### How do I run Windows containers on Docker on Windows Server 2016?
--- a/docker-for-windows/index.md
+++ b/docker-for-windows/index.md
@ -372,17 +372,27 @@ here. If you run `docker` commands and tasks under a different username than the
 one used here to set up sharing, your containers will not have permissions to
 access the mounted volumes.
-> Tips on shared drives and permissions
+> Tips on shared drives, permissions, and volume mounts
 >
-> * Shared drives are only required for volume mounting
+ * Shared drives are only required for volume mounting
-> [Linux containers](#switch-between-windows-and-linux-containers), and not for
+ [Linux containers](#switch-between-windows-and-linux-containers), not for
-> Windows containers. For Linux containers, you need to share the drive where
+ Windows containers. For Linux containers, you need to share the drive where
-> your project is located (i.e., where the Dockerfile and volume are located).
+ your project is located (i.e., where the Dockerfile and volume are located).
-> Runtime errors such as file not found or cannot start service may indicate
+ Runtime errors such as file not found or cannot start service may indicate
-> shared drives are needed. (See also
+ shared drives are needed. (See also
-> [Volume mounting requires shared drives for Linux containers](troubleshoot.md#volume-mounting-requires-shared-drives-for-linux-containers).)
+ [Volume mounting requires shared drives for Linux containers](troubleshoot.md#volume-mounting-requires-shared-drives-for-linux-containers).)
 >
-> * You cannot control (`chmod`) permissions on shared volumes for
+* If possible, avoid volume mounts from the Windows host, and instead  mount on
 the MobyVM, or use a [data
 volume](https://docs.docker.com/engine/tutorials/dockervolumes.md#data-volumes)
 (named volume) or [data
 container](/engine/tutorials/dockervolumes.md#creating-and-mounting-a-data-volume-container).
 There are a number of issues with using host-mounted volumes and network paths
 for database files. Please see the troubleshooting topic on [Volume mounts from
 host paths use a nobrl option to override database
 locking](/docker-for-windows/troubleshoot.md#volume-mounts-from-host-paths-use-a-nobrl-option-to-override-database-locking).
 >
 * You cannot control (`chmod`) permissions on shared volumes for
 deployed containers. Docker for Windows sets permissions to a default value of
 [0755](http://permissions-calculator.org/decode/0755/) (`read`, `write`,
 `execute` permissions for `user`, `read` and `execute` for `group`). This is not
@ -390,16 +400,15 @@ configurable. See the troubleshooting topic [Permissions errors on data
 directories for shared
 volumes](troubleshoot.md#permissions-errors-on-data-directories-for-shared-volumes) for workarounds and more detail.
 >
-> * You can share local drives with your _containers_ but not with
+ * Make sure that the domain user has permissions to shared drives,
-> Docker Machine nodes. See
+ as described in the troubleshooting topic ([Verify domain user has permissions for shared drives](troubleshoot.md#verify-domain-user-has-permissions-for-shared-drives-volumes)).
-> [Can I share local drives and filesystem with my Docker Machine VMs?](faqs.md#can-i-share-local-drives-and-filesystem-with-my-docker-machine-vms)
+>
-> in the FAQs.
+ * You can share local drives with your _containers_ but not with Docker Machine
 nodes. See [Can I share local drives and filesystem with my Docker Machine
 VMs?](faqs.md#can-i-share-local-drives-and-filesystem-with-my-docker-machine-vms) in the FAQs.
 >
 {: .note-vanilla}
 See also [Verify domain user has permissions for shared
 drives](troubleshoot.md#verify-domain-user-has-permissions-for-shared-drives-volumes)
 in Troubleshooting.
 #### Firewall rules for shared drives
 Shared drives require port 445 to be open between the host machine and the virtual
--- a/docker-for-windows/troubleshoot.md
+++ b/docker-for-windows/troubleshoot.md
@ -55,7 +55,7 @@ volumes](/docker-for-windows/index.md#shared-drives) to a default value of
 working with applications that require permissions different than this default,
 you will likely get errors similar to the following.
-```
+```none
 Data directory (/var/www/html/data) is readable by other users. Please change the permissions to 0755 so that the directory cannot be listed by other users.
 ```
@ -107,10 +107,10 @@ containers](index.md#switch-between-windows-and-linux-containers),
 not Windows containers.
 Permissions to access shared drives are tied to the username and password you
-use to set up shared drives. (See [Shared Drives](index.md#shared-drives).) If
+use to set up [shared drives](index.md#shared-drives). If you run `docker`
-you run `docker` commands and tasks under a different username than the one used
+commands and tasks under a different username than the one used to set up shared
-to set up shared drives, your containers will not have permissions to access the
+drives, your containers will not have permissions to access the mounted volumes.
-mounted volumes. The volumes will show as empty.
+The volumes will show as empty.
 The solution to this is to switch to the domain user account and reset
 credentials on shared drives.
@ -151,6 +151,33 @@ local user is `samstevens` and the domain user is `merlin`.
 See also, the related issue on GitHub, [Mounted volumes are empty in the container](https://github.com/docker/for-win/issues/25).
 ### Volume mounts from host paths use a `nobrl` option to override database locking  
 You may encounter problems using volume mounts on the host, depending on the
 database software and which options are enabled. Docker for Windows uses
 [SMB/CIFS
 protocols](https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx)
 to mount host paths, and mounts them with the `nobrl` option, which prevents
 lock requests from being sent to the database server
 ([docker/for-win#11](https://github.com/docker/for-win/issues/11),
 [docker/for-win#694](https://github.com/docker/for-win/issues/694)). This is
 done to ensure container access to database files shared from the host. Although
 it solves the over-the-network database access problem, this "unlocked" strategy
 can interfere with other aspects of database functionality (for example,
 write-ahead logging (WAL) with SQLite, as described in
 [docker/for-win#1886](https://github.com/Sonarr/Sonarr/issues/1886)).
 If possible, avoid using shared drives for volume mounts on the host with network paths, and
 instead mount on the MobyVM, or create a [data
 volume](https://docs.docker.com/engine/tutorials/dockervolumes.md#data-volumes)
 (named volume) or [data
 container](/engine/tutorials/dockervolumes.md#creating-and-mounting-a-data-volume-container).
 See also, the [volumes key under service
 configuration](/compose/compose-file/index.md#volumes) and the [volume
 configuration
 reference](/compose/compose-file/index.md#volume-configuration-reference) in the
 Compose file documentation.
 ### Local security policies can block shared drives and cause login errors
 You need permissions to mount shared drives in order to use the Docker for
@ -162,7 +189,7 @@ these permissions to use the feature.
 Here are snip-its from example error messages:
-```
+```none
 Logon failure: the user has not been granted the requested logon type at
 this computer.
@ -191,7 +218,9 @@ commands ultimately get passed to Unix commands inside a Unix based container
 (for example, a shell script passed to `/bin/sh`). If Windows style line endings
 are used, `docker run` will fail with syntax errors.
-For an example of this issue and the resolution, see this issue on GitHub: <a href="https://github.com/moby/moby/issues/24388">Docker RUN fails to execute shell script (https://github.com/moby/moby/issues/24388)</a>.
+For an example of this issue and the resolution, see this issue on GitHub:
 [Docker RUN fails to execute shell
 script](https://github.com/moby/moby/issues/24388).
 ### Recreate or update your containers after Beta 18 upgrade