• Tue. Dec 27th, 2022

Proxmox / LXC – Running docker inside a container

ByAndreas

Jan 25, 2017 , , ,

In relation to http://www.solaris-cookbook.eu/linux/debian-proxmox-install-docker-with-rancher-and-dockerui-webgui/

I thought that it actually may make more sense to run Rancher and my Docker inside an LXC container rather than on the initial host itself.

The container provides me still with near to physical host performance but I am able to start and stop on demand and allocate resources for more docker apps as needed without impacting other guests.

A default LXC does not allow docker to run inside. In order to do so, once the container has been created (for example CT100) I had to:

cd /etc/pve/lxc

where I see my lxc container configurations. Stop the container in question, and vi the config file

vi 100.conf

it will look a bit like this where all I did was to add the part after “#insert docker part below”

arch: amd64
cores: 1
hostname: RancherServer
memory: 3088
net0: name=eth0,bridge=vmbr0,gw=xxx.xxx.xx.x,hwaddr=xx:xx:xx:xx:xx:xx,ip=xxx.xxx.xx.xx/24,type=veth
onboot: 0
ostype: ubuntu
rootfs: local-zfs:subvol-100-disk-1,size=30G
swap: 512

#insert docker part below
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

Update 2018-04-10
replaced the old

lxc.aa_profile: unconfined with the new
lxc.apparmor.profile: unconfined

 

Save and then start the container.

You can now login to the container and install docker and or Rancher as per guide here

15 thoughts on “Proxmox / LXC – Running docker inside a container”
  1. Thanks for the guide, unfortunately its not working for me. On an ubuntu 14.04 container I get the following:

    sudo docker run –rm hello-world
    FATA[0001] Error response from daemon: Cannot start container f633a6f01535b4776be46690c04bb6a71ebd6ca065ebe56f26ad5d655d177917: [8] System error: mountpoint for cpu not found

    Any advice or other tricks to get it to work? Cheers

    1. This is strictly a “why? Because I can” scenario and has any sort of security excluded.

      This solution is only as secure as docker is in particular under LXC.
      I use docker as a test platform and would never put it into production public web as i think security in docker is assumed.

      2 controversial statements below, have a look and consider for yourself.

      https://security.stackexchange.com/questions/106860/can-a-root-user-inside-a-docker-lxc-break-the-security-of-the-whole-system

      https://www.slideshare.net/jpetazzo/is-it-safe-to-run-applications-in-linux-containers

  2. on my proxmox frontend CT appears as stopped (greyed out) even when started.
    this only happens when I modify conf file with your proposed settings.
    have you faced this problem?

  3. Hi,
    the footprint of LXC base Debian/Ubuntu is relativ large compared to Alpine Linux. Therefore I would prefer to install Docker / Rancher in a LXC based on Alpine.
    What do you think?

    1. In theory yes I agree. You could also go straight into RacherOS which is supposed to be also very low in footprint.

      I use Ubuntu/Debian as base mostly cause those are my preferred flavors and I know in and out how to manage them.

Leave a Reply