Post4VPS Forum | Free VPS Provider

Full Version: Docker on OpenVZ
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
This might be kind of an unsual topic. I'm not sure if I should post this in support request or general discussion. Please feel free to move it if you feel it better placed elsewhere.

I recently rented a openvz vps. Normally I'd shy away from this, as I use docker to ease server config, and in my experience docker doesn't play well with openvz. However, this provider famously advertises on their page that their service supports docker... so I decide to give it a shot.

I've been using wordops as a control panel for docker, and usually it works great. Just like I was afraid though, as soon as I try to create my first site, docker starts throwing errors.

I sent a ticket to support, and we went through a few exchanges about error logs.

Eventually, what I figured out, is that the vps uses kernel 4.15.0 which does not support cgroups. Cgroups is necessary for docker to provision resources for and keep contained the services it runs. Docker itself will run, and the "hello world" docker runs with no issue, but docker fails at deploying the nginx proxy used to direct traffic between the containers.

After some googling, I found some interesting conflicting articles. Some state that docker requires cgroups to run; others state that there are workarounds. Most of these workarounds seem to be centered around getting docker to work on chromeOS, which isn't helpful. I tried a couple fixes including setting up cgroups.conf manually and another using umount. Both hit permissions fail.

So I guess what I'm wondering is if anyone has any experience in hacking a workaround in docker to make it work on openVZ? Some experience that will actually work? Or is this a hopeless endevour, and I should just close the service and ask for a refund. I've had this vps less than 2 days, and they have a full 7 day refund policy, so it's no issue to ask for a refund. I just want to make sure I explore all the options before I do.

The support was quick to respond, but gave up long before I did. Which I understand; you can't spend hours supporting a vps which costs 15$ a year; but maybe it can make a good topic for a forum like this.
I would personally just get a KVM server and know that its going to work instead of trying to run something that is not designed to run on.
(09-25-2020, 11:46 PM)fitkoh Wrote: [ -> ]So I guess what I'm wondering is if anyone has any experience in hacking a workaround in docker to make it work on openVZ? Some experience that will actually work? Or is this a hopeless endevour, and I should just close the service and ask for a refund. I've had this vps less than 2 days, and they have a full 7 day refund policy, so it's no issue to ask for a refund. I just want to make sure I explore all the options before I do.
The idea of running a Docker engine inside an OpenVZ guest system is just insane!... and would/should never work!!

(09-25-2020, 11:46 PM)fitkoh Wrote: [ -> ]Eventually, what I figured out, is that the vps uses kernel 4.15.0 which does not support cgroups. Cgroups is necessary for docker to provision resources for and keep contained the services it runs. Docker itself will run, and the "hello world" docker runs with no issue, but docker fails at deploying the nginx proxy used to direct traffic between the containers.
And No!.. the problem is not Cgroups' support in your case, because CGroups are supported starting in Linux kernel 3.10; it's CGroups v2 that are implemented in kernel 4.15. And Docker engine requires CGroups v1 (v2 is still not supported by Docker last time I checked) for its process isolation for the containers it runs.

Why the idea of Docker on OpenVZ is insane?.. Your OVZ VPS uses the host kernel and I don't think it has the permissions required to use CGroup features which are responsible for  managing and monitoring resource allocation for processes under its control by setting their resource limits ( CPU, memory etc..) Nor does it have permission for the kernel namespacing feature that is also a must for Docker and on and on...

Better get a KVM VPS and then running Docker will be possible if the VPS has enough resources to handle its tasks.

Good luck!
No big brain time here. Totally agree with . OpenVZ is simply too limited to run Docker. I assume, given the kernel you mentioned and etc, you got a OpenVZ 7 (or rather Virtuozzo 7) VPS. They have an article for Docker that was last edited in 2016... well, to me that shows pretty much how supported it is... not at all anymore (it might have been supported in 2016 where Docker was not as advanced as it is now).

Here it is: https://wiki.openvz.org/Docker_inside_CT_vz7

Pretty poor, right?

Even their Docker for OpenVZ 6 is better in terms of description and explanation: https://wiki.openvz.org/Docker_inside_CT

And if you read carefully you will notice only really old versions of Docker are supported. Remember you are already running inside a container and that is a limited one, too.


Basically why even waste time with OpenVZ in 2020? A lot of business shifted to KVM because it is simply much better in everything overall. And when "low end" business shift to KVM... that even speaks enough for itself.


P.S.: False advertising... great provider. Would cancel the contract given how blatantly obvious they lie. It's just the old good "put honey on it and the flies will come".
It's good to have my gut feelings confirmed, even if it makes me look naive. I've already been down this road before with openVZ, but as Refuge said, I was lured in by the honey. I especially appreciate the more specific details provided by - better than anything I could dredge up on google.

On the other hand, it's almost worth the trouble to have this wonderful interaction with the support staff. First the staff made grandiose claims: "I know we have tons of people running docker" followed by a quick surrender "I don't know what to suggest" and this morning the staff asked me what kernel they should have to make everything work right. Maybe I should direct support to this thread?

I'll admit, even though it's mostly my own fault (I really should know better), I feel like I've been duped. They  have no business advertising docker support when they clearly can't support docker. I really don't like to speak ill of anyone, but it seems very shameful. I won't blast them on a public forum, but if anyone wants to know the provider's name I'll provide it via pm.

I definitely agree that kvm is better. One thing I noted during this experience was that the vps reinstalled super fast - like in just a few seconds. Definitely less than a minute, which was good because I reinstalled several times. I'm assuming this is because openvz runs of the host kernel so not as many files have to be created for the instance and not necessarily because their hardware and networking is set up in a super fast and efficient manner.
If I remember well, OpenVZ 6 uses a 2.32.xxx kernel that is not compatible with Docker.

OpenVZ 7 yses a 3.2.xxx kernel that should be Compatible.

Which OpenVZ are you talking about?
(09-26-2020, 09:16 PM)LightDestory Wrote: [ -> ]If I remember well, OpenVZ 6 uses a 2.32.xxx kernel that is not compatible with Docker.

OpenVZ 7 yses a 3.2.xxx kernel that should be Compatible.

Which OpenVZ are you talking about?

I believe it's openvz7; although given circumstances I'm reluctant to take anything at face value. I'm hitting a wall searching google for a command to discover what version openvz I'm running; I haven't been able to input the correct search terms just yet. I installed virt-what but that doesn't give all the information we're looking for. I'll edit this post if I discover the command necessary before anyone else.


Yesterday, when I read your OP, I confess that I had at least 3 objections by the time I finished reading it. The most obvious (ie running Docker on an OVZ VPS) has been addressed in my previous post. But there are 2 others that I've left out because they relate to the use of Docker itself inside a VPS! Thus, it's  more of a 'philosophical' thing than anything else.

I've been using Docker since it gained traction in 2015/16 and I've developed a practical sense of when it should be used from when it should not (mostly because it's more of a waste of resources, because of the overhead.)

When you deploy your services via Docker on your VPS you consume more resources than it's necessary for those same services to be deployed natively/directly on your VPS, and that only make sense if you're just experimenting with Docker and are willing to incur that penalty OR if you already stack your services as a set of docker images that you migrate from place to place for deployment, of course at the price of that said penalty.

It's for this latter reason -portability- why Docker make more sense in the Cloud environment than in a VPS; and this is why most PaaS (Platform-as-a-Service) make use of them via various Orchestration mechanisms.

The second objection is the use of a control panel for Docker!! but this is personal and has to do with my bigger objection to Control Panels (CP) in general.
(09-25-2020, 11:46 PM)fitkoh Wrote: [ -> ]I've been using wordops as a control panel for docker, and usually it works great. Just like I was afraid though, as soon as I try to create my first site, docker starts throwing errors.

You can control Docker via a very limited set of shell commands with the added benefit of pinpointing to the immediate source of error when something goes wrong (and it does very often when you're just setting things up.)

Anyway, I just wanted to be thorough as far as the OP is concerned :-)

Feel free to post any further Docker-related issue, it might make material to interact with, when I visit this forum during the week-ends.

Good luck!
(09-26-2020, 10:01 PM)fitkoh Wrote: [ -> ]I believe it's openvz7; although given circumstances I'm reluctant to take anything at face value. I'm hitting a wall searching google for a command to discover what version openvz I'm running; I haven't been able to input the correct search terms just yet. I installed virt-what but that doesn't give all the information we're looking for. I'll edit this post if I discover the command necessary before anyone else.

- OpenVZ 6 will always be at kernel 2.6.32.xxx regardless of the OS installed in the container.
- And it will have network adapters named like "venet0", "venet0:0" and so on (mount depends on the amount of network adapters available/installed).
- The filesystem of an OpenVZ 6 container will be either simfs or ploop:
-- device descriptor example for ploop: /dev/ploop12345 (number after ploop varies)
-- device descriptor example for simfs: /dev/simfs
-- simfs was first used in OpenVZ 6 and later on got replaced by ploop due to ploop having many advantages over simfs.

Reference:
- https://wiki.openvz.org/Download/kernel
- https://wiki.openvz.org/Simfs_filesystem...Containers
- https://wiki.openvz.org/Ploop/Why
- https://wiki.openvz.org/CT_storage_backends


OpenVZ 7 is different. A newer kernel and possibly many more changes. I will not be listing them here. I don't even know all of them as I never had a OpenVZ 7 VPS and probably will never have one.
(09-27-2020, 06:19 AM)fChk Wrote: [ -> ]
When you deploy your services via Docker on your VPS you consume more resources than it's necessary for those same services to be deployed natively/directly on your VPS, and that only make sense if you're just experimenting with Docker and are willing to incur that penalty OR if you already stack your services as a set of docker images that you migrate from place to place for deployment, of course at the price of that said penalty.

It's for this latter reason -portability- why Docker make more sense in the Cloud environment than in a VPS; and this is why most PaaS (Platform-as-a-Service) make use of them via various Orchestration mechanisms.

The second objection is the use of a control panel for Docker!! but this is personal and has to do with my bigger objection to Control Panels (CP) in general.

You can control Docker via a very limited set of shell commands with the added benefit of pinpointing to the immediate source of error when something goes wrong (and it does very often when you're just setting things up.)

Regarding point 1 (consumption of resources) I've noticed that too. For myself, I used docker for the first time only two months ago. I guess I'm late to the party. So I'm very much in the experimentation and figure out what works phase of things. I have 2 vps running a few docker images each, and they each idle at about 20-30% ram consumption and negligible load. I'm sure a standard shared hosting setup would run it more efficiently, but since I paid for the resources I don't mind to use them extravagantly as long as the resource consumption doesn't put me in the "abuser" category.
Regarding point 2 (use of control panel) I understand and share some of your same sentiments; but sometimes a control panel is useful, if you can avoid mucking things up with all the extra. Control panel isn't really the best term to describe wordops. It's more of a script, or a collection of scripts, to facilitate docker setup. There's no gui or buttons to click, it's all handled through the command line. It basically shortens those "few commands" docker needs to a single command. It's a simple matter to see what wordops is doing behind the scenes: the log files provide you with each command entered as well as its output - which is an excellent learning tool for noobies such as myself; and maybe slightly more entertaining than reading docs.
(09-27-2020, 07:59 AM)Hidden Refuge Wrote: [ -> ]- OpenVZ 6 will always be at kernel 2.6.32.xxx regardless of the OS installed in the container.

I don't even know all of them as I never had a OpenVZ 7 VPS and probably will never have one.
This would mean that it's definitely OVZ7
I have a micro vps that's openvz that I use just for backups, which isn't too painful, and as long as it renews at the current rate I'll probably keep it.
Pages: 1 2