Difference between revisions of "Docker inside CT"
(→Prerequisites: add loading of tun module) |
(→Container tuning: +diskspace) |
||
| Line 5: | Line 5: | ||
* Kernel modules '''tun''', '''veth''' and '''bridge''' loaded on host (not required since vzctl 4.9 as it loads it automatically) | * Kernel modules '''tun''', '''veth''' and '''bridge''' loaded on host (not required since vzctl 4.9 as it loads it automatically) | ||
| − | == Container tuning == | + | == Container creation and tuning == |
| − | * Create CentOS 7 container: | + | * Create CentOS 7 container with enough disk space: |
| − | vzctl create $veid --ostemplate centos-7-x86_64 | + | vzctl create $veid --ostemplate centos-7-x86_64 --diskspace 20G |
* Turn on bridge feature to allow docker creating bridged network: | * Turn on bridge feature to allow docker creating bridged network: | ||
vzctl set $veid --features bridge:on --save | vzctl set $veid --features bridge:on --save | ||
| Line 20: | Line 20: | ||
: <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small> | : <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small> | ||
vzctl mount $veid | vzctl mount $veid | ||
| − | echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf | + | echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf |
* Start the container: | * Start the container: | ||
vzctl start $veid | vzctl start $veid | ||
Revision as of 23:01, 24 April 2015
Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how.
Contents
Prerequisites
- Kernel 042stab105.4 or later version
- Kernel modules tun, veth and bridge loaded on host (not required since vzctl 4.9 as it loads it automatically)
Container creation and tuning
- Create CentOS 7 container with enough disk space:
vzctl create $veid --ostemplate centos-7-x86_64 --diskspace 20G
- Turn on bridge feature to allow docker creating bridged network:
vzctl set $veid --features bridge:on --save
- Setup Container veth-based network:
vzctl set $veid --netif_add eth0 --save
- Allow all iptables modules to be used in containers:
vzctl set $veid --netfilter full --save
- Enable tun device access for container:
vzctl set $veid --devnodes net/tun:rw --save
- Configure custom cgroups in systemd:
- systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately
vzctl mount $veid echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf
- Start the container:
vzctl start $veid
Prepare Docker in container
These steps are to be performed inside the container.
- Install Docker:
yum -y install docker-io
- Start docker daemon
docker -d -s vfs
Example usage
Wordpress
Use Docker to start Wordpress (official, standard way).
- Start mysql docker:
docker run --name test-mysql -e MYSQL_ROOT_PASSWORD=123 -d mysql
- Start wordpress:
docker run --name test-wordpress --link test-mysql:mysql -p 8080:80 -d wordpress
- Access wordpress server by container IP and port 8080:
http://container_ip:8080
Limitations
- Only "vfs" Docker graph driver is currently supported
- Checkpointing and live migration of a container with Docker containers inside is not supported
- Bridges cannot be created inside Docker containers running inside OpenVZ container
