Difference between revisions of "Docker inside CT"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(remove explicit steps numbering)
(more fixes)
Line 13: Line 13:
 
* Setup Container veth-based network:
 
* Setup Container veth-based network:
 
  vzctl set $veid --netif_add eth0 --save
 
  vzctl set $veid --netif_add eth0 --save
* Allow all iptables modules being used in containers:
+
* Allow all iptables modules to be used in containers:
 
  vzctl set $veid --netfilter full --save
 
  vzctl set $veid --netfilter full --save
 
* Configure custom cgroups in systemd:
 
* Configure custom cgroups in systemd:
 +
: <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small>
 
  vzctl mount $veid
 
  vzctl mount $veid
  echo "JoinControllers=cpu,cpuacct,cpuset,freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf  
+
  echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf  
 
* Start the container:
 
* Start the container:
 
  vzctl start $veid
 
  vzctl start $veid
Line 28: Line 29:
 
  yum -y install docker-io
 
  yum -y install docker-io
 
* Start docker daemon
 
* Start docker daemon
  docker -d -s vfs
+
docker -d -s vfs
  
 
== Example usage ==
 
== Example usage ==

Revision as of 22:47, 11 February 2015

Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how.

Prerequisites

  • Kernel 042stab105.4 or later version
  • Kernel module veth module is loaded on host

Container tuning

  • Create Fedora 20 container:
vzctl create $veid --ostemplate fedora-20-x86_64
  • Turn on bridge feature to allow docker creating bridged network:
vzctl set $veid --features bridge:on --save
  • Setup Container veth-based network:
vzctl set $veid --netif_add eth0 --save
  • Allow all iptables modules to be used in containers:
vzctl set $veid --netfilter full --save
  • Configure custom cgroups in systemd:
systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately
vzctl mount $veid
echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf 
  • Start the container:
vzctl start $veid

Prepare Docker in container

These steps are to be performed inside the container.

  • Install Docker:
yum -y install docker-io
  • Start docker daemon
docker -d -s vfs

Example usage

Wordpress

Use Docker to start Wordpress (official, standard way).

  • Start mysql docker:
docker run --name test-mysql -e MYSQL_ROOT_PASSWORD=123 -d mysql
  • Start wordpress:
docker run --name test-wordpress --link test-mysql:mysql -p 8080:80 -d wordpress
  • Access wordpress server by container IP and port 8080:
    http://container_ip:8080

Limitations

  • This feature is currently in beta
  • Only "vfs" Docker graph driver is currently supported