Editing Docker inside CT vz7

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 1: Line 1:
 
Since Virtuozzo 7 kernel 3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers.
 
Since Virtuozzo 7 kernel 3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers.
  
'''Please be aware that this feature is experimental and is not supported in production! We plan to make it production in the upcoming updates.'''
+
'''Please be aware that this feature is experimental and is not supported in production!'''
  
'''This page is applicable for Virtuozzo 7''' (for Virtuozzo 6 see [[Docker inside CT | '''here''']]).
+
'''This page is applicable for Virtuozzo 7''' (for OpenVZ 6 see [[Docker inside CT | '''here''']]).
  
 
== Prerequisites ==
 
== Prerequisites ==
Line 14: Line 14:
 
  modprobe overlay  
 
  modprobe overlay  
  
'''Note:''' if you use 3.10.0-327.18.2.vz7.14.25 <= kernel <= 3.10.0-327.28.2.vz7.17.5, you need to allow using "overlayfs" inside a Virtuozzo Container:
+
'''Note:''' if you use kernel >= 3.10.0-327.18.2.vz7.14.25, you need to allow using "overlayfs" inside a Virtuozzo Container:
 
  echo 1 > /proc/sys/fs/experimental_fs_enable
 
  echo 1 > /proc/sys/fs/experimental_fs_enable
This was a temporary step, if you use kernel >= 3.10.0-327.28.2.vz7.17.6, overlayfs can be used inside a Container by default.
+
This is a temporary step, it will be dropped once overlayfs is proved to be absolutely safe to run in any vz7 Container.
  
 
== Limitations ==
 
== Limitations ==
Line 25: Line 25:
 
== Container tuning ==
 
== Container tuning ==
  
 +
* Turn on '''bridge''' feature to allow docker creating bridged network inside container:
 +
prlctl set $veid --features bridge:on
 +
* Setup Container veth-based network (Container must be '''veth'''-based, not '''venet'''-based):
 +
prlctl set $veid --device-add net --network Bridged --dhcp yes
 
* Allow all iptables modules to be used in containers:
 
* Allow all iptables modules to be used in containers:
 
  prlctl set $veid --netfilter=full
 
  prlctl set $veid --netfilter=full

Please note that all contributions to OpenVZ Virtuozzo Containers Wiki may be edited, altered, or removed by other contributors. If you don't want your writing to be edited mercilessly, then don't submit it here.
 If you are going to add external links to an article, read the External links policy first!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)
Retrieved from "https://wiki.openvz.org/Docker_inside_CT_vz7"