https://wiki.openvz.org/api.php?action=feedcontributions&feedformat=atom&user=Vitaly+LipatovOpenVZ Virtuozzo Containers Wiki - User contributions [en]2026-06-10T02:44:52ZUser contributionsMediaWiki 1.31.1https://wiki.openvz.org/index.php?title=Docker_inside_CT&diff=20392Docker inside CT2016-08-15T16:43:40Z<p>Vitaly Lipatov: /* Prepare Docker in container */</p>
<hr />
<div>Since OpenVZ kernel [[Download/kernel/rhel6-testing/042stab105.4|042stab105.4]] it is possible to run Docker inside containers. This article describes how.<br />
<br>'''This page is applicable for OpenVZ 6''' (for Virtuozzo 7 see [[Docker inside CT vz7| '''here''']]).<br />
<br />
== Prerequisites ==<br />
<br />
* Kernel 042stab105.4 or later version<br />
* Kernel modules '''tun''', '''veth''' and '''bridge''' loaded on host (not required since vzctl 4.9 as it loads it automatically)<br />
<br />
== Container creation and tuning ==<br />
<br />
* Create CentOS 7 container with enough disk space:<br />
vzctl create $veid --ostemplate centos-7-x86_64 --diskspace 20G<br />
* Turn on bridge feature to allow docker creating bridged network:<br />
vzctl set $veid --features bridge:on --save<br />
* Setup Container veth-based network:<br />
vzctl set $veid --netif_add eth0 --save<br />
* Allow all iptables modules to be used in containers:<br />
vzctl set $veid --netfilter full --save<br />
* Enable tun device access for container:<br />
vzctl set $veid --devnodes net/tun:rw --save<br />
* Configure custom cgroups in systemd:<br />
: <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small><br />
vzctl mount $veid<br />
echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf<br />
* Start the container:<br />
vzctl start $veid<br />
* If you use Debian Wheezy for your CT which does not support systemd, you can run:<br />
mount -t tmpfs tmpfs /sys/fs/cgroup<br />
mkdir /sys/fs/cgroup/freezer,devices<br />
mount -t cgroup cgroup /sys/fs/cgroup/freezer,devices -o freezer,devices<br />
mkdir /sys/fs/cgroup/cpu,cpuacct,cpuset<br />
mount -t cgroup cgroup /sys/fs/cgroup/cpu,cpuacct,cpuset/ -o cpu,cpuacct,cpuset<br />
<br />
== Prepare Docker in container == <br />
<br />
These steps are to be performed inside the container.<br />
<br />
* Install Docker:<br />
yum -y install docker-io<br />
* Start docker daemon<br />
dockerd -s vfs<br />
or change line in /etc/sysconfig/docker to:<br />
OPTIONS='--selinux-enabled -s vfs'<br />
and<br />
service docker start<br />
<br />
== Example usage ==<br />
<br />
=== Wordpress ===<br />
<br />
Use Docker to start Wordpress (official, standard way).<br />
<br />
* Start mysql docker:<br />
docker run --name test-mysql -e MYSQL_ROOT_PASSWORD=123 -d mysql<br />
* Start wordpress:<br />
docker run --name test-wordpress --link test-mysql:mysql -p 8080:80 -d wordpress<br />
* Access wordpress server by container IP and port 8080: <pre><nowiki>http://container_ip:8080</nowiki></pre><br />
<br />
== Limitations ==<br />
<br />
* Only "vfs" Docker graph driver is currently supported<br />
* [[Checkpointing and live migration]] of a container with Docker containers inside is not supported<br />
* Bridges cannot be created inside Docker containers running inside OpenVZ container<br />
<br />
== See also ==<br />
* [http://www.youtube.com/watch?v=rh4oPpLtdYc Docker inside CT demo video].<br />
<br />
[[Category:HOWTO]]<br />
[[Category: TRD]]</div>Vitaly Lipatov