Reducing wear on the SD-Card of the raspberry Pi that’s acting as my docker-host.
I have a Raspberry 4 in use as Docker Host. I’m running multiple containers (MariaDB, Minecraft, ASP .NET Core, …), some of which are quite I/O-intensive. To reduce wear on the MicroSD-Card and to introduce some level of redundancy, I’d like to move the Storage to my NAS.
I decided on using iSCSI because it supports Block-Level I/O-Operations and has less overhead than traditional file sharing protocols (e.g. Samba).
Before you actually start to follow along, you need to make a decision about your volume creation strategy. You can either create one volume and then just create folders on it for your containers, or you can create a dedicated iSCSI-volume for every container.
While the first option means way less work, the second one enables you to move containers between hosts relativly easy later on. I’ll be explaining the second route, but modifying the steps to implement the first option should be easy.
Configuring the iSCSI volume
The first step in using iSCSI is the configuration of the Volume that is going to be mounted on the raspberry. In my case, my NAS provides an easy-to-use graphical interface for doing so.
We’re going to need the IQN-Name, Username and CHAP-Key for mounting the volume later on. iSCSI can also be used without authentication, but it doesn’t add any complexity so there is no reason to leave a potential door wide open for an attacker.
Preparing the Folder on the Docker Host
We now need to prepare a folder to use as a mountpoint for your volume. In my case, I have a folder called containers in the home directory of a user named admin. Because I chose to do one volume per container, I now need to create a subdirectory using
mkdir ~/containers/mariadb-dev
The next step is to install the software for configuring the iSCSI-Initiator
sudo apt-get update && sudo apt-get install open-iscsi
Afterwards we can look for volumes on a given IP-adress
iscsiadm -m discovery -t st -p 192.168.178.210
This command creates a file named default for every volume it finds. You need to browse the subfolders of /etc/iscsi/nodes/ and open the correct one for editing. You need to change three things
change the value for startup to automatic
set node.session.auth.authmethod to CHAP
Configure your credentials by adding
node.session.auth.username = [USERNAME]
node.session.auth.password = [PASSWORD]
After restarting the service by typing
sudo systemctl restart open-iscsi
You should see an additional device when doing a sudo lsblk. That's the iSCSI-volume.
Partitioning & Formatting the volume
We will now create a partiton and format it so that we can actually use the volume. First, create a partition table
sudo parted /dev/sda mklabel gpt
Remember to modify the device path so it matches you iSCSI-volume! Potential loss of data!
Next, create a single partition spanning the whole device
sudo parted -a opt /dev/sda mkpart primary ext4 0% 100%
and format it with the ext4-filesystem
sudo mkfs.ext4 -L [LABEL] /dev/sda1
Switch [LABEL] out with a name of your choice that makes it easy to identify the partitons use. I always use the same name for my container, iSCSI-user, iSCSI-volume and partition so I can easily spot the things that belong together.
Edit your /etc/fstab to include the line
LABEL=[LABEL] [MOUNTPOINT] ext4 defaults,_netdev 0 0
while replacing [LABEL] and [MOUNTPOINT] with the values from your setup. Now you can mount the partition using
and it will also be automatically mounted during subsequent startups.
If you can't access the folder you configured as mountpoint after mounting the partition, you need to make your user the owner again. This can be accomplished by executing
sudo chown [USERNAME]:(GROUP) [MOUNTPOINT]
with (GROUP) being an optional parameter.
That's it, you're done! You can now start placing Compose files, Scripts and Docker Volumes on your iSCSI-Volume. If your iSCSI-Target is configured as RAID and you regularly back it up, you don't have to worry about failing MicroSD-Cards or dying raspberries anymore.
Moving a container is now as simple as stopping it on one host, moving the iSCSI-configuration and starting it up again. Remember to not connect to an iSCSI-Volume from to clients at the same time though. There is no protection against conflicting instructions sent by the clients.
How to Setup iSCSI Server (Target) and Client (Initiator) on Debian 9
