Difference between revisions of "Docker inside CT"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(more fixes)
(add big fat warning)
Line 1: Line 1:
 
Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how.
 
Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how.
 +
 +
{{Warn|This feature is currently in beta.}}
  
 
== Prerequisites ==
 
== Prerequisites ==

Revision as of 00:02, 12 February 2015

Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how.

Template:Warn

Prerequisites

  • Kernel 042stab105.4 or later version
  • Kernel module veth module is loaded on host

Container tuning

  • Create Fedora 20 container:
vzctl create $veid --ostemplate fedora-20-x86_64
  • Turn on bridge feature to allow docker creating bridged network:
vzctl set $veid --features bridge:on --save
  • Setup Container veth-based network:
vzctl set $veid --netif_add eth0 --save
  • Allow all iptables modules to be used in containers:
vzctl set $veid --netfilter full --save
  • Configure custom cgroups in systemd:
systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately
vzctl mount $veid
echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf 
  • Start the container:
vzctl start $veid

Prepare Docker in container

These steps are to be performed inside the container.

  • Install Docker:
yum -y install docker-io
  • Start docker daemon
docker -d -s vfs

Example usage

Wordpress

Use Docker to start Wordpress (official, standard way).

  • Start mysql docker:
docker run --name test-mysql -e MYSQL_ROOT_PASSWORD=123 -d mysql
  • Start wordpress:
docker run --name test-wordpress --link test-mysql:mysql -p 8080:80 -d wordpress
  • Access wordpress server by container IP and port 8080:
    http://container_ip:8080

Limitations

  • This feature is currently in beta
  • Only "vfs" Docker graph driver is currently supported