Docker is the major technology in IT operations and software development. The popularity of this platform came due to the possibility of execution of software on high-end servers as well as embedded systems. When speaking about Docker, it is hard not to mention Docker Hub which is an online repository. The hub includes a huge library of over 150 mil images and that is a huge proof of the active community influence.
Docker is considered to be really secure, it has high-performance characteristics, and that mainly correlates with the implementation of container isolation. Nevertheless, there are no limitations when talking about improvements and new technologies. That’s why, RAM disks are used for the additional layer of security. Just by having these containers on the RAM disks, it is possible to reach a higher level of data protection, improve performance characteristics, and also have better speed of volatile memory.
Here in this article, we will try to share some of the major benefits of RAM disks on Ubuntu, together with some practical recommendations according to the implementation of this apprach.
RAM disk: what is it and why do you need it?
RAM disk functions as a disk drive and in some ways, moreover it is similar to SSD. When compared with the SSD, the RAM disk is way faster because it uses a RAM system. So, the speed characteristics are the main plus while the volatility is the main minus for the users. This means that stored information is temporary and is inaccessible when the system is rebooted or turned off.
The usage of RAM-disk in Ubuntu is rather simple and with proper instruction even new users can cope with the task. With the command-line tool, it is so simple to deal with the advanced setups so just by following a couple of recommendations you can manage everything on your own. RAM-disk integration with Ubuntu systems guarantees higher reliability, and containers can function with better security and performance.
Most Linux distributors have ‘tmpfs’ feature, and the Ubuntu system also includes it. Such a feature is responsible for the creation of the temporary storage area in RAM. During the setting up of RAM-disk on your system, you are creating a fast storage in RAM. This storage space can be used for Docker containers.
Difference between RAM-Disk and SSD for Docker Containers
If you are searching for the perfect hosting solution for Docker containers, then it is highly important to consider both available options such as SSD and RAM disk. So, let’s discuss some categories in which they differ from one another.
- Security and risks of data tampering. Nowadays, there is a high possibility of tempering, which is why RAM-disk wins in this category. The volatile characteristic means that information isn’t stored for a long period of time so there are minimal risks of data tampering. With SSD, there should be definitely implemented some additional measures such as data encryption.
- Persistence of data. SSD offers persistent storage, which means the information stays even if the system doesn’t work. This is an awesome option for long-term storage because information is always accessible even when the power is down. With RAM disks, the situation is totally opposite. All the data is lost if the system doesn’t work. This can be considered a negative factor when thinking about long-term storage, but for temporary info, it is a beneficial thing because everything starts fresh with every reboot.
- Capacity of storage. If considering the capacity, then SSD is a better choice because it works with extensive requirements, and as we’ve already discussed it is a long-term solution. RAM-disks storage is limited by the system and has less capacity. So, storage capacity is an important factor for those who are planning to have huge volumes of information.
- Price. According to the general number, SSD is cheaper than RAM-disk. This can be an impactful factor for users with small budgets. SSD is a better choice considering the financial part of the deal. For less price, you are getting capacity and a good speed.
For a better visualization, you can also review the table:
Categories | SSD | RAM-disk |
Price | Lower | Higher |
Speed | Slower | Faster |
Tampering of info | Higher risks | Lower risks |
Data persistence | Persistent | Volatile |
Capacity | Bigger | Limited |
Security | Lower | Higher |
Configuring Docker Containers on a RAM-Disk in Ubuntu
In order to simplify the configuration process in Ubuntu, we decided to share a step-by-step process that will be clear for any user. Remember, that this approach will be perfect for those who need high-speed access to data and its processing, but for those who need long-term storage that won’t work. The most common user cases are related to chat apps, temporary VPN, environment testing where reset is needed, and temporary file exchanges.
Stage 1: Defining the Purpose
Prior to dealing with specific setup processes, let’s first specify the purpose. When you are hosting Docker containers on this type of storage, we have a higher speed for container operations. Such a setup will suit perfectly those who need quick access to information and don’t need long-term storage because all the information is lost during reboot.
Stage 2: Prepare the Ubuntu System
First, you need to check whether Ubuntu is updated. Open the terminal and fill in the following lines:
sudo apt-get update
sudo apt-get upgrade
After upgrading the system, you’d better check the availability of RAM. In Ubuntu, use the next line:
free -h
With this command, you will determine the total amount of memory. This data will be shown in GB or MB so you should consider how much RAM should be used for RAM-disk. Usually, this part is chosen with a proportion that won’t influence other running processes.
Stage 3: Establishing the RAM-Disk
To start establishing RAM-disk, you should set up tmpfs filesystem. With the help of any editor that has root
access open /etc/fstab:
sudo nano /etc/fstab
After that, you will add specifications with the size and mount point of the disk, for instance:
tmpfs /mnt/ramdisk tmpfs defaults,size=4G 0 0
In this line, mnt/ramdisk stands for the directory where the disk will be mounted, tmpfs is a filesystem, and 4G is the size of the disk.
Close the file with the saved changes, create a directory for mounting and mount the disk with the following commands:
mkdir /mnt/ramdisk
sudo mount -a
With this line, you will mount all the filesystems in fstab and RAM-disk as well. After completion of all the above-mentioned processes, you can use RAM as a storage for Docker containers.
Stage 4: Install and Configure Docker
According to the default settings, Docker storage is in /var/lib/docker directory. That’s why, it is important to shift the storage to RAM-disk. To do this, the config file of Docker should be properly edited in order to select a needed directory. As usual, we will start with the usage of the editor and opening of the config file using the following line:
nano /etc/docker/daemon.json
Once the file is opened fill in the following parameters:
{
“data-root”: “/mnt/ramdisk/docker”
}
Install Docker with:
sudo apt-get install docker.io
After the completion of the procedure, Docker will be installed on the system in order to use it for data storage.
Stage 5: Deploying Docker Containers on the RAM-Disk
To show the functioning of the Docker containers, we will use WireGuard VPN. The following command will be utilized for WireGuard VPN:
docker run -d \
–name=wireguard \
–cap-add=NET_ADMIN \
–cap-add=SYS_MODULE \
-e PUID=1000 \
-e PGID=1000 \
-e SERVERPORT=51820 \
-e PEERS=1 \
-e PEERDNS=auto \
-e INTERNAL_SUBNET=10.10.10.0 \
-e ALLOWEDIPS=0.0.0.0/0 \
-e PERSISTENTKEEPALIVE_PEERS= \
-e LOG_CONFS=true \
-p 51820:51820/udp \
-v /mnt/ramdisk/config:/config \
-v /mnt/ramdisk/modules:/lib/modules \
–sysctl=”net.ipv4.conf.all.src_valid_mark=1″ \
linuxserver/wireguard
Here are a couple of explanations for the command mentioned above:
- ‘–name=’ this part includes identifiable name.
- ‘-d’ means that the container functions in the background.
- ‘-p’ is needed for mapping the VPN port and that is essential for VPN traffic.
- ‘—sysctl’ ‘—cap-add’ is required for the proper functioning of WireGuard.
- To get config for WireGuard VPN and QR code, just follow the below instructions:
- Start with the line ‘docker logs container_name’ and change the name part as in the line below:
docker logs wireguard
Find QR in the logs, be attentive, and display the entire code on the window.
- Scan the code from the terminal window.
As you see, there are no difficulties with the process just follow all the instructions that we have already shared here.
Configuration Information
If you are searching for a perfect variant that offers security and also high speed that is at the same time suitable for different apps with tampering protection of data then Docker containers hosted on RAM-disk is your choice. All the users who deal with sensitive operations can add an additional protection layer by utilizing this technology. Prior to choosing any solution for hosting Docker, you should equally understand the plus and minuss of your choices. A couple of drawbacks are connected with the data volatility, higher prices, and to some level the setup complexity. Despite these minor drawbacks, users should understand how beneficial this approach is in terms of performance and the temporary nature of the storage.
Generally speaking, this is a powerful tool that functions properly in the right context with high-speed characteristics.