Since the very early days of upstream Linux containers – around 2006 – we’ve been distinguishing between ‘application’ and ‘system’ containers. (The definition of application containers has changed a bit, and their use case has changed a *lot*, but the general gist remains the same).
A few years ago I would get regular – daily! – queries by lots of people asking what I thought of Docker. Some asked because, as one of the early people involved in kernel container functionality, I’d be interested. Others did so because I had been working with http://linuxcontainers.org/lxc, a particular container administration suite, and thought I’d feel competitive. However, as we’ve said for a long time, Docker is a great tool for application containers and application container purposes. From a LXC/LXD perspective, we’re looking at different use cases. One of those is hosting containers in which to run Docker 🙂
And, in Ubuntu 16.04, you can easily do so. (The Docker patches to enable this are on their way upstream.) To run Docker inside a container, the container must have a few properties. These are conferred by the ‘docker’ profile. The docker profile does not include a network interface, so you’ll want to create a container with both the default and docker profiles:
lxc launch ubuntu-daily:xenial docker1 -p default -p docker
Now, enter the container and install the docker.io package:
lxc exec docker1 — apt update
lxc exec docker1 — apt install docker.io
lxc exec docker1 — docker pull ubuntu
lxc exec docker1 — docker run -it ubuntu bash
et voila, a docker container is running inside your lxd container. By itself this may seem like a novelty. However, when you start deploying the lxd hosts with openstack nova-lxd plugin or juju-lxd, the possibilities are endless.
S3hh's Blog 
Are the Docker patches already upstream or we still have to wait? Were can we track progress for this inclusion?
I think all are upstream now. github would be the place to track, in particular https://github.com/docker/docker/pulls?q=is%3Apr+hallyn and https://github.com/opencontainers/runc/pulls?q=is%3Apr+hallyn . All are closed, so latest upstream docker with a recent enough kernel should work inside lxd. I haven’t tried in several months though.
Thank you
Hi,
I’m using LXD with a separate zfs partition on a host. I would like to start a container for nested docker containers. Which storage driver should I use in docker configuration?
Regards,
Matthew
Hi,
not quite sure, and it depends what distro/release you’re using, but I think using overlay (on a ubuntu xenial or later) would work best.
Hello,
I use Ubuntu 16.10 and using overlay I got errors:
level=error msg=”‘overlay2’ is not supported over zfs”
level=fatal msg=”Error starting daemon: error initializing graphdriver: backing file system is unsupported for this graph driver”
So I decided to use ZFS also as docker storage engine (but different pool). Shortly: How to enforce linux to let a nonroot user mount ZFS in legacy mode (using mount -F zfs or mount.zfs)?
I use LXD with ZFS storage engine and on the guest machine I am trying to run docker also with ZFS storage engine (but on different pool). The problem is that a root user on LXD guest machine is not the same as root on host (I use LXD in unprivileged mode). Therefore I need to give a change to the nonroot user to mount ZFS – docker does it in legacy mode.
Regards,
Matthew
Oh yeah, I forgot about that. I had run into that once, but never dove deeper to see whether overlay over zfs really is a problem or not. You might ask on freenode#ubuntu-kernel. If there’s not a good reason then docker could be patched to drop that check.
(docker in the ubuntu archive, that is)
Hi.. Is it possible to import external image like Cent-OS-7.iso for Linux container. I have try that but it shows a error.
If it is an installation cd, that can be tricky to do. They like to do things like creating devices which unprivileged containers can’t do, so you have to run them as privileged containers. That’s part of the motivation for the images.linuxcontainers.org image server, so that you can do ‘lxc launch images:centos/7 centos1’
If I download image from server that you suggest me and I will modify it according to my requirements like some software installation. After is it able to use for container?
Yes. One way to do it is to launch an initial container, make your changes, stop the container, then publish it as a new image. You can then launch new containers based on that image. Or, you can just skip publishing the container, and copy the established container to new ones. I like to make an image as it’s clearer, a month later, what was meant to be the image vs usable containers. Example (from memory, there may be typos):
lxc launch images:centos/7 base1
lxc exec base1 — bash # make your changes
lxc stop base1
lxc publish base1 –alias my-centos-base1
lxc launch my-centos-base1 prod1
If I download image from server that you suggest me and I will modify it according to my requirements like some software installation. After is it able to use for container?
I mean how can create custom image rather than using remote access image files?
You can publish your own images (see my previous response). Note that you can also then make your lxd public so that you – and others – can use your images. So you can publish an image, then invite friends to use that image by having them add your server as a remote, let’s call it ‘dinusha’, then they can ‘launch dinusha:centos-d1 test1’.
If I made commercial product what about security there?.. It can not be publish for all. I am planing to build that for specific task..
By default your lxd instance is not publically available. If you have made it publically available, images can still be (and by default are) private – you have to mark them ‘public’ in order for anyone but you to be able to see and use them. You can verify whether images are public by doing ‘lxc image list’ and looking in the ‘PUBLIC’ column.