Difference between revisions of "Docker inside CT vz7"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
m
Line 6: Line 6:
 
* Kernel 3.10.0-327.18.2.vz7.14.7 or later version
 
* Kernel 3.10.0-327.18.2.vz7.14.7 or later version
 
* Kernel modules '''veth''' and '''overlay''' loaded on host
 
* Kernel modules '''veth''' and '''overlay''' loaded on host
 +
 +
To enable '''veth''' and '''overlay''' modules please run:
 +
modprobe veth
 +
modprobe overlay
  
 
'''Note:''' if you use kernel >= 3.10.0-327.18.2.vz7.14.25, you need to allow using "overlayfs" inside a Virtuozzo Container:
 
'''Note:''' if you use kernel >= 3.10.0-327.18.2.vz7.14.25, you need to allow using "overlayfs" inside a Virtuozzo Container:
 
  echo 1 > /proc/sys/fs/experimental_fs_enable
 
  echo 1 > /proc/sys/fs/experimental_fs_enable
 
This is a temporary step, it will be dropped once overlayfs is proved to be absolutely safe to run in any vz7 Container.
 
This is a temporary step, it will be dropped once overlayfs is proved to be absolutely safe to run in any vz7 Container.
 +
 +
== Limitations ==
 +
 +
* Only '''overlay''' and '''vfs''' Docker graph drivers are currently supported. Recommended driver is '''overlay'''. To enable '''overlayfs''' Storage Driver for docker engine inside CT please read here https://docs.docker.com/engine/userguide/storagedriver/selectadriver/
 +
* [[Checkpointing and live migration]] of a container with Docker containers inside is not supported yet (to be done)
  
 
== Container tuning ==
 
== Container tuning ==
  
* Turn on '''bridge''' feature to allow docker creating bridged network:
+
* Turn on '''bridge''' feature to allow docker creating bridged network inside container:
  vzctl set $veid --features bridge:on --save
+
  prlctl set $veid --features bridge:on
 
* Setup Container veth-based network (Container must be '''veth'''-based, not '''venet'''-based):
 
* Setup Container veth-based network (Container must be '''veth'''-based, not '''venet'''-based):
  vzctl set $veid --netif_add eth0 --save
+
  prlctl set $veid --device-add net --network Bridged --dhcp yes
 
* Allow all iptables modules to be used in containers:
 
* Allow all iptables modules to be used in containers:
  vzctl set $veid --netfilter full --save
+
  prlctl set $veid --netfilter=full
 
 
  
== Limitations ==
+
== Docker install ==
  
* Only '''overlay''' and '''vfs''' Docker graph drivers are currently supported
+
To install docker inside container please use Docker Installation Guide for your OS
* [[Checkpointing and live migration]] of a container with Docker containers inside is not supported yet (to be done)
+
https://docs.docker.com/v1.11/engine/installation/
  
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]
 
[[Category: TRD]]
 
[[Category: TRD]]

Revision as of 12:00, 22 July 2016

Since Virtuozzo 7 kernel 3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers. This article describes how.
This page is applicable for Virtuozzo 7 (for OpenVZ 6 see here).

Prerequisites

  • Kernel 3.10.0-327.18.2.vz7.14.7 or later version
  • Kernel modules veth and overlay loaded on host

To enable veth and overlay modules please run:

modprobe veth
modprobe overlay 

Note: if you use kernel >= 3.10.0-327.18.2.vz7.14.25, you need to allow using "overlayfs" inside a Virtuozzo Container:

echo 1 > /proc/sys/fs/experimental_fs_enable

This is a temporary step, it will be dropped once overlayfs is proved to be absolutely safe to run in any vz7 Container.

Limitations

Container tuning

  • Turn on bridge feature to allow docker creating bridged network inside container:
prlctl set $veid --features bridge:on
  • Setup Container veth-based network (Container must be veth-based, not venet-based):
prlctl set $veid --device-add net --network Bridged --dhcp yes
  • Allow all iptables modules to be used in containers:
prlctl set $veid --netfilter=full

Docker install

To install docker inside container please use Docker Installation Guide for your OS https://docs.docker.com/v1.11/engine/installation/