Editing Docker inside CT
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 1: | Line 1: | ||
| − | Since OpenVZ kernel | + | Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how. |
| − | |||
== Prerequisites == | == Prerequisites == | ||
| − | |||
* Kernel 042stab105.4 or later version | * Kernel 042stab105.4 or later version | ||
| − | * Kernel | + | * Kernel module veth module is loaded on host |
| − | == Container | + | == Container tuning == |
| − | * Create | + | * Create Fedora 20 container: |
| − | vzctl create $veid --ostemplate | + | vzctl create $veid --ostemplate fedora-20-x86_64 |
* Turn on bridge feature to allow docker creating bridged network: | * Turn on bridge feature to allow docker creating bridged network: | ||
vzctl set $veid --features bridge:on --save | vzctl set $veid --features bridge:on --save | ||
| Line 17: | Line 15: | ||
* Allow all iptables modules to be used in containers: | * Allow all iptables modules to be used in containers: | ||
vzctl set $veid --netfilter full --save | vzctl set $veid --netfilter full --save | ||
| − | |||
| − | |||
* Configure custom cgroups in systemd: | * Configure custom cgroups in systemd: | ||
: <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small> | : <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small> | ||
vzctl mount $veid | vzctl mount $veid | ||
| − | echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf | + | echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf |
* Start the container: | * Start the container: | ||
vzctl start $veid | vzctl start $veid | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Prepare Docker in container == | == Prepare Docker in container == | ||
| Line 39: | Line 29: | ||
yum -y install docker-io | yum -y install docker-io | ||
* Start docker daemon | * Start docker daemon | ||
| − | + | docker -d -s vfs | |
| − | |||
| − | |||
| − | |||
| − | |||
== Example usage == | == Example usage == | ||
=== Wordpress === | === Wordpress === | ||
| − | |||
Use Docker to start Wordpress (official, standard way). | Use Docker to start Wordpress (official, standard way). | ||
| Line 59: | Line 44: | ||
== Limitations == | == Limitations == | ||
| + | * This feature is currently in beta | ||
* Only "vfs" Docker graph driver is currently supported | * Only "vfs" Docker graph driver is currently supported | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
