Difference between revisions of "Docker inside CT vz7"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
Line 27: Line 27:
 
* Turn on '''bridge''' feature to allow docker creating bridged network inside container:
 
* Turn on '''bridge''' feature to allow docker creating bridged network inside container:
 
  prlctl set $veid --features bridge:on
 
  prlctl set $veid --features bridge:on
* Setup Container veth-based network (Container must be '''veth'''-based, not '''venet'''-based):
 
prlctl set $veid --device-add net --network Bridged --dhcp yes
 
 
* Allow all iptables modules to be used in containers:
 
* Allow all iptables modules to be used in containers:
 
  prlctl set $veid --netfilter=full
 
  prlctl set $veid --netfilter=full

Revision as of 13:10, 16 August 2016

Since Virtuozzo 7 kernel 3.10.0-327.18.2.vz7.14.7 it is possible to run Docker inside containers.

Please be aware that this feature is experimental and is not supported in production! We plan to make it production in the upcoming updates.

This page is applicable for Virtuozzo 7 (for Virtuozzo 6 see here).

Prerequisites

  • Kernel 3.10.0-327.18.2.vz7.14.7 or later version
  • Kernel modules veth and overlay loaded on host

To enable veth and overlay modules please run:

modprobe veth
modprobe overlay 

Note: if you use kernel >= 3.10.0-327.18.2.vz7.14.25, you need to allow using "overlayfs" inside a Virtuozzo Container:

echo 1 > /proc/sys/fs/experimental_fs_enable

This is a temporary step, it will be dropped once overlayfs is proved to be absolutely safe to run in any vz7 Container.

Limitations

Container tuning

  • Turn on bridge feature to allow docker creating bridged network inside container:
prlctl set $veid --features bridge:on
  • Allow all iptables modules to be used in containers:
prlctl set $veid --netfilter=full

Docker install

To install docker inside container please use Docker Installation Guide for your OS https://docs.docker.com/v1.11/engine/installation/