Docker on RHEL7 quickstart, the OpenVZ way

rhel7-docker-quickstart.md

Docker on RHEL 7 quickstart

NOTE: below is an attempt to build a container that can be used as as OS-container instead of an application-container. Like OpenVZ, but by using Docker. Currently this requires running the containers in privileged more, which doesn't really seperate the containers in a secure fashion

It does result in a container with a public IP address, running systemd, that you can also SSH to

Prerequisites: enable the rhel-7-server-extras-rpms yum repository

Installation

1. yum install docker
2. systemctl start docker.service
3. systemctl enable docker.service

Now you should be able to run docker images which would return an empty list

Creating a docker image

1. mkdir /var/lib/buildroot
2. rpm --root /var/lib/buildroot/rhel7-docker-image --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
3. yum --installroot=/var/lib/buildroot/rhel7-docker-image -y install basesystem filesystem bash yum passwd procps iproute iputils vim-minimal netstat net-tools ping systemd initscripts openssh-server
4. chroot /var/lib/builroot/rhel7-docker-image
   • passwd root
   • rm -f /lib/systemd/system/multi-user.target.wants/*
   • rm -f /etc/systemd/system/*.wants/*
   • rm -f /lib/systemd/system/local-fs.target.wants/*
   • rm -f /lib/systemd/system/sockets.target.wants/*udev*
   • rm -f /lib/systemd/system/sockets.target.wants/*initctl*
   • rm -f /lib/systemd/system/basic.target.wants/*
   • rm -f /lib/systemd/system/anaconda.target.wants/*
   • exit
5. cd /var/lib/builroot/rhel7-docker-image
6. tar -cvf - . | docker import -

Running docker images would now show something like this:

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
<none>              <none>              34184c23a515        51 seconds ago      428 MB

And you shoud be able to execute ls -l / in the container:

[root@host12 ~]# docker run 34184c23a515 ls -l /
total 12
lrwxrwxrwx.   1 root root    7 Jan  7 17:48 bin -> usr/bin
dr-xr-xr-x.   2 root root    6 May 25  2015 boot
drwxr-xr-x.   5 root root  360 Jan  7 18:48 dev
drwxr-xr-x.  38 root root 4096 Jan  7 18:48 etc
drwxr-xr-x.   2 root root    6 May 25  2015 home
lrwxrwxrwx.   1 root root    7 Jan  7 17:48 lib -> usr/lib
lrwxrwxrwx.   1 root root    9 Jan  7 17:48 lib64 -> usr/lib64
drwxr-xr-x.   2 root root    6 May 25  2015 media
drwxr-xr-x.   2 root root    6 May 25  2015 mnt
drwxr-xr-x.   2 root root    6 May 25  2015 opt
dr-xr-xr-x. 468 root root    0 Jan  7 18:48 proc
dr-xr-x---.   2 root root    6 May 25  2015 root
drwxr-xr-x.   6 root root   64 Jan  7 18:48 run
lrwxrwxrwx.   1 root root    8 Jan  7 17:48 sbin -> usr/sbin
drwxr-xr-x.   2 root root    6 May 25  2015 srv
dr-xr-xr-x.  13 root root    0 Jan  7 17:22 sys
drwxrwxrwt.   2 root root    6 May 25  2015 tmp
drwxr-xr-x.  13 root root 4096 Jan  7 17:48 usr
drwxr-xr-x.  18 root root 4096 Jan  7 17:48 var
[root@host12 ~]# 

Create a bridge

And have Docker use it through /etc/sysconfig/docker

Running a container

To run init in an interactive (-i) terminal (-t) in the container above:

[root@host12 jfolmer]# docker run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --env container=docker -t --privileged 98cfa1ca90c7 /usr/sbin/init
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization docker.
Detected architecture x86-64.

Welcome to Red Hat Enterprise Linux Server 7.2 (Maipo)!

Set hostname to <b94a1bbc49da>.
Initializing machine ID from random generator.
Unit etc-resolv.conf.mount is bound to inactive unit dev-mapper-vg\x2dvar.device. Stopping, too.
Unit etc-hosts.mount is bound to inactive unit dev-mapper-vg\x2dvar.device. Stopping, too.
Unit etc-hostname.mount is bound to inactive unit dev-mapper-vg\x2dvar.device. Stopping, too.
Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.
Startup finished in 71ms.
Failed to initialize automounter: Permission denied
Unit proc-sys-fs-binfmt_misc.automount entered failed state.

Red Hat Enterprise Linux Server 7.2 (Maipo)
Kernel 3.10.0-229.14.1.el7.x86_64 on an x86_64

b94a1bbc49da login: 

SSH from the outside

The container is given a free IP in the same range as the host, starting with .1. You'd better not have a router configured at .1 through... Ignoring this, and ping sweeping the IP range, leads to our container living at .13:

[jfolmer@repo ~]$ ssh [email protected]
[email protected]'s password: 
-bash-4.2# ps auxw
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.1  40884  3208 ?        Ss   11:00   0:00 /usr/sbin/init
root         18  0.0  0.1  36816  3292 ?        Ss   11:00   0:00 /usr/lib/systemd/systemd-journald
dbus         38  0.0  0.0  26456  1468 ?        Ss   11:00   0:00 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile 
root         42  0.0  0.0  26392  1680 ?        Ss   11:00   0:00 /usr/lib/systemd/systemd-logind
root         61  0.0  0.1  82544  3592 ?        Ss   11:00   0:00 /usr/sbin/sshd -D
root        114  0.0  0.0   6448   816 console  Ss+  11:10   0:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 linux
root        120  0.0  0.0 110028   848 tty1     Ss+  11:18   0:00 /sbin/agetty --noclear tty1 linux
root        121  0.7  0.2 139216  5472 ?        Ss   11:26   0:00 sshd: root@pts/0
root        123  0.0  0.0 115372  1996 pts/0    Ss   11:26   0:00 -bash
root        138  0.0  0.0 139492  1624 pts/0    R+   11:27   0:00 ps auxw
-bash-4.2#