8

is there a way to instruct docker swarm to automatically run garbage collection and remove all dangling images and containers? I run docker stack rm STACK_NAME and redeploy the stack but this keeps unused objects. I know I can run docker prune to do the cleaning but is there a way to instruct docker to do so automatically?

P.S I tried setting history retention limit according to this post

mohan08p
  • 5,002
  • 1
  • 28
  • 36
tkyass
  • 2,968
  • 8
  • 38
  • 57
  • Possible duplicate of [How to remove old and unused Docker images](https://stackoverflow.com/questions/32723111/how-to-remove-old-and-unused-docker-images) – kenorb Apr 13 '18 at 00:26

3 Answers3

9

prune is the best you get, and will need to be automated on every node through something else, as the Swarm internals won't do it for you, yet. But with Services, and a Bash one-liner and global mode, it's a easy fix:

90% of the time it's the old images that are taking up space, and since we're using Swarm we wouldn't want to do something on the host outside of a Swarm service, so let's run a simple one-liner in a service that will prune images once a day on every node:

docker service create --name prune-images --mode global --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock docker sh -c "while true; do docker image prune -af; sleep 86400; done"

Note I wouldn't delete containers manually, but rather use task history limit to control that. Let old tasks stick around (which lets you inspect them for exit codes/errors and show their logs). The default is 5 for each service, so if want to change that to 2 for all Swarm services in the cluster:

docker swarm update --task-history-limit=2

Then the old containers will cleanup earlier, and the old images used by them will get caught by prune. Note that the history includes the running one so a limit of 2 means a single shutdown container will hang around (including its inspect metadata and logs).

Bret Fisher
  • 8,164
  • 2
  • 31
  • 36
  • made some research and found this [article](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html) which doesn't recommend creating services that are able to write to docker socket. I decided to run prune as a crontab entry instead – tkyass Mar 13 '18 at 19:41
  • using crontab is no more secure, and requires manual touching of each node. Both ways require root. Doing any docker commands requires root or root equivalent. That article is just pointing out that doing docker commands in a container doesn't change the fact that docker equals root. They are just clearing up a myth, and it doesn't mean "never use docker socket" because all your platorm management containers must use socket to dockerd (aka root). My recommendation stands. You ideally want nothing on your swarm but 1. docker 2. containers. – Bret Fisher Mar 13 '18 at 19:47
5

Thanks to @DhiaTN for the accurate answer. I am covering some missing points. To remove all untagged images , images with use:

docker rmi $(docker images | grep "^<none>" | awk "{print $3}")
SushilG
  • 655
  • 1
  • 6
  • 19
  • thanks for your answer,but the param of awk should be quoated in single mark ,`docker images | grep "^" | awk '{print $3}'` i – zwx Feb 24 '19 at 03:23
2

You do as follow:

docker stop $(docker ps -a) # stop all containers
docker rm $(docker ps -a) -f # delete all containers
docker rmi $(docker images -a -q) # delete all images

For more options.

Dhia
  • 10,119
  • 11
  • 58
  • 69
  • thanks Dhia for your answer .. but I'm looking for a configuration settings instead of running commands or writing a script to run them periodically. – tkyass Mar 09 '18 at 16:37
  • You can automate the commands above in a bash script or with makefile – Dhia Mar 09 '18 at 16:38
  • 1
    @tkyass there is no configuration in docker to do that. As @DhiaTN mentioned, you must run it via cronjob or something else. By the way. `docker image prune` and `docker container prune` might be a smarter way. – Markus Mar 09 '18 at 17:00
  • 1
    downvoted because it does not answer the question at all: 1) `docker system prune` does the same thing; OP says he already knows this command 2) he is asking for *automation* – raoel Jun 29 '18 at 07:09