64
edits
Changes
m
* This feature is currently in beta
no edit summary
Since OpenVZ kernel [[Download/kernel/rhel6-testing/042stab105.4 |042stab105.4]] it is possible to run Docker inside containers. This article describes how.<br>'''This page is applicable for OpenVZ 6''' (for Virtuozzo 7 see [[Docker inside CT vz7| '''here''']]).
== Prerequisites ==
* Kernel 042stab105.4 or later version
* Kernel module modules '''tun''', '''veth module is ''' and '''bridge''' loaded on host(not required since vzctl 4.9 as it loads it automatically)
== Container creation and tuning ==
* Create Fedora 20 CentOS 7 containerwith enough disk space: vzctl create $veid --ostemplate fedoracentos-207-x86_64--diskspace 20G
* Turn on bridge feature to allow docker creating bridged network:
vzctl set $veid --features bridge:on --save
* Allow all iptables modules to be used in containers:
vzctl set $veid --netfilter full --save
* Enable tun device access for container:
vzctl set $veid --devnodes net/tun:rw --save
* Configure custom cgroups in systemd:
: <small>''systemd reads /proc/cgroups and mounts all cgroups enabled there, though it doesn't know there's a restriction that only freezer,devices and cpuacct,cpu,cpuset can be mounted in container, but not freezer, cpu etc. separately''</small>
vzctl mount $veid
echo "JoinControllers=cpu,cpuacct,cpuset freezer,devices" >> /vz/root/$veid/etc/systemd/system.conf
* Start the container:
vzctl start $veid
* If you use Debian Wheezy for your CT which does not support systemd, you can run:
mount -t tmpfs tmpfs /sys/fs/cgroup
mkdir /sys/fs/cgroup/freezer,devices
mount -t cgroup cgroup /sys/fs/cgroup/freezer,devices -o freezer,devices
mkdir /sys/fs/cgroup/cpu,cpuacct,cpuset
mount -t cgroup cgroup /sys/fs/cgroup/cpu,cpuacct,cpuset/ -o cpu,cpuacct,cpuset
== Prepare Docker in container ==
yum -y install docker-io
* Start docker daemon
dockerd -s vfsor change line in /etc/sysconfig/docker to: OPTIONS='--d selinux-enabled -s vfs'and service docker start
== Example usage ==
=== Wordpress ===
Use Docker to start Wordpress (official, standard way).
== Limitations ==
* Only "vfs" Docker graph driver is currently supported
* [[Checkpointing and live migration]] of a container with Docker containers inside is not supported
* Bridges cannot be created inside Docker containers running inside OpenVZ container
* Only works with docker versions 1.10 or older. Newer versions will return an error: "Your Linux kernel version 2.6.32-042stab123.2 is not supported for running docker. Please upgrade your kernel to 3.10.0 or newer." (i.e. switch to [[Quick_installation|Virtuozzo 7]] or later)
== See also ==
* [http://www.youtube.com/watch?v=rh4oPpLtdYc Docker inside CT demo video].
[[Category:HOWTO]]
[[Category: TRD]]
