Proxmox VE 自從 5.3 版開始就支援了巢狀式的 container,也就是能夠在 LXC 內跑 Docker,一直沒去試它,這幾天升級了家中的 Proxmox VE 到 5.4 版,也順便來測試一下。
1. 確認 Host 有 overlay 及 aufs 載入
root@pve1:~# lsmod | grep overlay overlay 77824 1 root@pve1:~# lsmod | grep aufs aufs 237568 0
如果沒有載入,必須將上述兩個核心模組新增到 /etc/modules,這兩個核心模組是 docker 必須的。
2. LXC 建立
這邊我以 ubuntun 18.04 版做測試,於 Proxmox VE先建立一個 ubuntu 18.04 的 LXC,注意這個 LXC 必須是 unprivileged 模式,如下圖

安裝好 LXC 之後先不要急著啟動,接下來必須設定這個 LXC 要支援巢狀,如下圖,Options => Features => 勾選 keyctl 及 nesting。

接著就可以啟動這個 LXC,然後就進入 console 準備搞 docker-ce 了。
3. 安裝及設定 docker-ce
照下面的步驟安裝即可
apt update apt upgrade apt install gnupg2 apt install curl apt install software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(cat /etc/os-release | grep UBUNTU_CODENAME | cut -d '=' -f 2) stable" apt update apt install docker-ce
4. 試著跑看看
root@docker-test:~# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete 
Digest: sha256:0e11c388b664df8a27a901dce21eb89f11d8292f7fca1b3e3c4321bf7897bffe
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/
For more examples and ideas, visit:
 https://docs.docker.com/get-started/
哇 !!!! 成功了 ,接著跑另一段進入 bash 看看
root@docker-test:~# docker run -it ubuntu bash Unable to find image 'ubuntu:latest' locally latest: Pulling from library/ubuntu 6abc03819f3e: Pull complete 05731e63f211: Pull complete 0bd67c50d6be: Pull complete Digest: sha256:f08638ec7ddc90065187e7eabdfac3c96e5ff0f6b2f1762cf31a4f49b53000a5 Status: Downloaded newer image for ubuntu:latest root@d7ab5c80449f:/# echo Hello Hello root@d7ab5c80449f:/# exit exit root@docker-test:~#
太棒了 ~~~ 都可以順利跑,用 LXC 跑 Docker 的好處顯而易見! 不用建立 KVM ,超省資源,各位可以試試看喔 !
由於 Container 內跑 Docker 會有安全性的疑慮,故我建議這種方式目前仍比較適合開發中的測試,或是內部的自動測試,持續整合也可以用這方法部屬。

