Docker in LXD

Since the very early days of upstream Linux containers – around 2006 – we’ve been distinguishing between ‘application’ and ‘system’ containers. (The definition of application containers has changed a bit, and their use case has changed a *lot*, but the general gist remains the same).

A few years ago I would get regular – daily! – queries by lots of people asking what I thought of Docker. Some asked because, as one of the early people involved in kernel container functionality, I’d be interested. Others did so because I had been working with http://linuxcontainers.org/lxc, a particular container administration suite, and thought I’d feel competitive. However, as we’ve said for a long time, Docker is a great tool for application containers and application container purposes. From a LXC/LXD perspective, we’re looking at different use cases. One of those is hosting containers in which to run Docker 🙂

And, in Ubuntu 16.04, you can easily do so. (The Docker patches to enable this are on their way upstream.) To run Docker inside a container, the container must have a few properties. These are conferred by the ‘docker’ profile. The docker profile does not include a network interface, so you’ll want to create a container with both the default and docker profiles:

lxc launch ubuntu-daily:xenial docker1 -p default -p docker

Now, enter the container and install the docker.io package:

lxc exec docker1 — apt update
lxc exec docker1 — apt install docker.io
lxc exec docker1 — docker pull ubuntu
lxc exec docker1 — docker run -it ubuntu bash

et voila, a docker container is running inside your lxd container. By itself this may seem like a novelty. However, when you start deploying the lxd hosts with openstack nova-lxd plugin or juju-lxd, the possibilities are endless.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

17 Responses to Docker in LXD

  1. Michele says:

    Are the Docker patches already upstream or we still have to wait? Were can we track progress for this inclusion?

  2. morswin90 says:

    Hi,
    I’m using LXD with a separate zfs partition on a host. I would like to start a container for nested docker containers. Which storage driver should I use in docker configuration?

    Regards,
    Matthew

    • s3hh says:

      Hi,

      not quite sure, and it depends what distro/release you’re using, but I think using overlay (on a ubuntu xenial or later) would work best.

      • morswin90 says:

        Hello,
        I use Ubuntu 16.10 and using overlay I got errors:
        level=error msg=”‘overlay2’ is not supported over zfs”
        level=fatal msg=”Error starting daemon: error initializing graphdriver: backing file system is unsupported for this graph driver”

        So I decided to use ZFS also as docker storage engine (but different pool). Shortly: How to enforce linux to let a nonroot user mount ZFS in legacy mode (using mount -F zfs or mount.zfs)?

        I use LXD with ZFS storage engine and on the guest machine I am trying to run docker also with ZFS storage engine (but on different pool). The problem is that a root user on LXD guest machine is not the same as root on host (I use LXD in unprivileged mode). Therefore I need to give a change to the nonroot user to mount ZFS – docker does it in legacy mode.

        Regards,
        Matthew

  3. s3hh says:

    Oh yeah, I forgot about that. I had run into that once, but never dove deeper to see whether overlay over zfs really is a problem or not. You might ask on freenode#ubuntu-kernel. If there’s not a good reason then docker could be patched to drop that check.

  4. Dinusha says:

    Hi.. Is it possible to import external image like Cent-OS-7.iso for Linux container. I have try that but it shows a error.

    • s3hh says:

      If it is an installation cd, that can be tricky to do. They like to do things like creating devices which unprivileged containers can’t do, so you have to run them as privileged containers. That’s part of the motivation for the images.linuxcontainers.org image server, so that you can do ‘lxc launch images:centos/7 centos1’

      • Dinusha says:

        If I download image from server that you suggest me and I will modify it according to my requirements like some software installation. After is it able to use for container?

      • s3hh says:

        Yes. One way to do it is to launch an initial container, make your changes, stop the container, then publish it as a new image. You can then launch new containers based on that image. Or, you can just skip publishing the container, and copy the established container to new ones. I like to make an image as it’s clearer, a month later, what was meant to be the image vs usable containers. Example (from memory, there may be typos):

        lxc launch images:centos/7 base1
        lxc exec base1 — bash # make your changes
        lxc stop base1
        lxc publish base1 –alias my-centos-base1
        lxc launch my-centos-base1 prod1

  5. Dinusha says:

    If I download image from server that you suggest me and I will modify it according to my requirements like some software installation. After is it able to use for container?

    • Dinusha says:

      I mean how can create custom image rather than using remote access image files?

      • s3hh says:

        You can publish your own images (see my previous response). Note that you can also then make your lxd public so that you – and others – can use your images. So you can publish an image, then invite friends to use that image by having them add your server as a remote, let’s call it ‘dinusha’, then they can ‘launch dinusha:centos-d1 test1’.

      • Dinusha says:

        If I made commercial product what about security there?.. It can not be publish for all. I am planing to build that for specific task..

      • s3hh says:

        By default your lxd instance is not publically available. If you have made it publically available, images can still be (and by default are) private – you have to mark them ‘public’ in order for anyone but you to be able to see and use them. You can verify whether images are public by doing ‘lxc image list’ and looking in the ‘PUBLIC’ column.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s