Difference between revisions of "Docker inside CT"
|  (remove explicit steps numbering) |  (more fixes) | ||
| Line 13: | Line 13: | ||
| * Setup Container veth-based network: | * Setup Container veth-based network: | ||
|   vzctl set $veid --netif_add eth0 --save |   vzctl set $veid --netif_add eth0 --save | ||
| − | * Allow all iptables modules  | + | * Allow all iptables modules to be used in containers: | 
|   vzctl set $veid --netfilter full --save |   vzctl set $veid --netfilter full --save | ||
| * Configure custom cgroups in systemd: | * Configure custom cgroups in systemd: | ||
| + | : <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small> | ||
|   vzctl mount $veid |   vzctl mount $veid | ||
| − |   echo "JoinControllers=cpu,cpuacct,cpuset | + |   echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf   | 
| * Start the container: | * Start the container: | ||
|   vzctl start $veid |   vzctl start $veid | ||
| Line 28: | Line 29: | ||
|   yum -y install docker-io |   yum -y install docker-io | ||
| * Start docker daemon | * Start docker daemon | ||
| − | + |  docker -d -s vfs | |
| == Example usage == | == Example usage == | ||
Revision as of 22:47, 11 February 2015
Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how.
Contents
Prerequisites
- Kernel 042stab105.4 or later version
- Kernel module veth module is loaded on host
Container tuning
- Create Fedora 20 container:
vzctl create $veid --ostemplate fedora-20-x86_64
- Turn on bridge feature to allow docker creating bridged network:
vzctl set $veid --features bridge:on --save
- Setup Container veth-based network:
vzctl set $veid --netif_add eth0 --save
- Allow all iptables modules to be used in containers:
vzctl set $veid --netfilter full --save
- Configure custom cgroups in systemd:
- systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately
vzctl mount $veid echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf
- Start the container:
vzctl start $veid
Prepare Docker in container
These steps are to be performed inside the container.
- Install Docker:
yum -y install docker-io
- Start docker daemon
docker -d -s vfs
Example usage
Wordpress
Use Docker to start Wordpress (official, standard way).
- Start mysql docker:
docker run --name test-mysql -e MYSQL_ROOT_PASSWORD=123 -d mysql
- Start wordpress:
docker run --name test-wordpress --link test-mysql:mysql -p 8080:80 -d wordpress
- Access wordpress server by container IP and port 8080: http://container_ip:8080 
Limitations
- This feature is currently in beta
- Only "vfs" Docker graph driver is currently supported
