Difference between revisions of "Docker inside CT vz7"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(Created page with "Since Virtuozzo 7 kernel vzkernel-3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers. This article describes how. (This page is applicable for Virtuozzo 7...")
 
(Container tuning)
 
(10 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Since Virtuozzo 7 kernel vzkernel-3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers. This article describes how.
+
Since Virtuozzo 7 kernel 3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers.
(This page is applicable for Virtuozzo 7.)
+
 
 +
'''Please be aware that this feature is experimental and is not supported in production! We plan to make it production in the upcoming updates.'''
 +
 
 +
'''This page is applicable for Virtuozzo 7''' (for Virtuozzo 6 see [[Docker inside CT | '''here''']]).
  
 
== Prerequisites ==
 
== Prerequisites ==
Line 7: Line 10:
 
* Kernel modules '''veth''' and '''overlay''' loaded on host
 
* Kernel modules '''veth''' and '''overlay''' loaded on host
  
Note: if you use kernel >= 3.10.0-327.18.2.vz7.14.25, you need to allow using "overlayfs" inside a Virtuozzo Container:
+
To enable '''veth''' and '''overlay''' modules please run:
 +
modprobe veth
 +
modprobe overlay
 +
 
 +
'''Note:''' if you use 3.10.0-327.18.2.vz7.14.25 <= kernel <= 3.10.0-327.28.2.vz7.17.5, you need to allow using "overlayfs" inside a Virtuozzo Container:
 
  echo 1 > /proc/sys/fs/experimental_fs_enable
 
  echo 1 > /proc/sys/fs/experimental_fs_enable
 +
This was a temporary step, if you use kernel >= 3.10.0-327.28.2.vz7.17.6, overlayfs can be used inside a Container by default.
 +
 +
== Limitations ==
 +
 +
* Only '''overlay''' and '''vfs''' Docker graph drivers are currently supported. Recommended driver is '''overlay'''. To enable '''overlayfs''' Storage Driver for docker engine inside CT please read here https://docs.docker.com/engine/userguide/storagedriver/selectadriver/
 +
* [[Checkpointing and live migration]] of a container with Docker containers inside is not supported yet (to be done)
  
 
== Container tuning ==
 
== Container tuning ==
  
* Turn on bridge feature to allow docker creating bridged network:
 
vzctl set $veid --features bridge:on --save
 
* Setup Container veth-based network (Container must be '''veth'''-based, not '''venet'''-based):
 
vzctl set $veid --netif_add eth0 --save
 
 
* Allow all iptables modules to be used in containers:
 
* Allow all iptables modules to be used in containers:
  vzctl set $veid --netfilter full --save
+
  prlctl set $veid --netfilter=full
  
 +
== Docker install ==
  
== Limitations ==
+
To install docker inside container please use Docker Installation Guide for your OS
 
+
https://docs.docker.com/v1.11/engine/installation/
* Only '''overlay''' and '''vfs''' Docker graph drivers are currently supported
 
* [[Checkpointing and live migration]] of a container with Docker containers inside is not supported yet (to be done)
 
 
 
== See also ==
 
* [[Docker inside CT]] page for running Docker Containers inside OpenVZ 6 Containers
 
  
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]
 
[[Category: TRD]]
 
[[Category: TRD]]

Latest revision as of 13:00, 30 September 2016

Since Virtuozzo 7 kernel 3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers.

Please be aware that this feature is experimental and is not supported in production! We plan to make it production in the upcoming updates.

This page is applicable for Virtuozzo 7 (for Virtuozzo 6 see here).

Prerequisites[edit]

  • Kernel 3.10.0-327.18.2.vz7.14.7 or later version
  • Kernel modules veth and overlay loaded on host

To enable veth and overlay modules please run:

modprobe veth
modprobe overlay 

Note: if you use 3.10.0-327.18.2.vz7.14.25 <= kernel <= 3.10.0-327.28.2.vz7.17.5, you need to allow using "overlayfs" inside a Virtuozzo Container:

echo 1 > /proc/sys/fs/experimental_fs_enable

This was a temporary step, if you use kernel >= 3.10.0-327.28.2.vz7.17.6, overlayfs can be used inside a Container by default.

Limitations[edit]

Container tuning[edit]

  • Allow all iptables modules to be used in containers:
prlctl set $veid --netfilter=full

Docker install[edit]

To install docker inside container please use Docker Installation Guide for your OS https://docs.docker.com/v1.11/engine/installation/