We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: aaefb8c07c
Branches Tags
moby
/
docs
/
sources
/
installation
/
kernel.rst

kernel.rst 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. :title: Kernel Requirements
    2. 

  2. :description: Kernel supports
    3. 

  3. :keywords: kernel requirements, kernel support, docker, installation, cgroups, namespaces
    4. 

  4. 

  5. .. _kernel:
    6. 

  6. 

  7. Kernel Requirements
    8. 

  8. ===================
    9. 

  9. 

  10. In short, Docker has the following kernel requirements:
    11. 

  11. 

  12. - Linux version 3.8 or above.
    13. 

  13. 

  14. - Cgroups and namespaces must be enabled.
    15. 

  15. 

  16. *Note: as of 0.7 docker no longer requires aufs. AUFS support is still available as an optional driver.*
    17. 

  17. 

  18. The officially supported kernel is the one recommended by the
    19. 

  19. :ref:`ubuntu_linux` installation path. It is the one that most developers
    20. 

  20. will use, and the one that receives the most attention from the core
    21. 

  21. contributors. If you decide to go with a different kernel and hit a bug,
    22. 

  22. please try to reproduce it with the official kernels first.
    23. 

  23. 

  24. If you cannot or do not want to use the "official" kernels,
    25. 

  25. here is some technical background about the features (both optional and
    26. 

  26. mandatory) that docker needs to run successfully.
    27. 

  27. 

  28. 

  29. Linux version 3.8 or above
    30. 

  30. --------------------------
    31. 

  31. 

  32. Kernel versions 3.2 to 3.5 are not stable when used with docker.
    33. 

  33. In some circumstances, you will experience kernel "oopses", or even crashes.
    34. 

  34. The symptoms include:
    35. 

  35. 

  36. - a container being killed in the middle of an operation (e.g. an ``apt-get``
    37. 

  37.   command doesn't complete);
    38. 

  38. - kernel messages including mentioning calls to ``mntput`` or
    39. 

  39.   ``d_hash_and_lookup``;
    40. 

  40. - kernel crash causing the machine to freeze for a few minutes, or even
    41. 

  41.   completely.
    42. 

  42. 

  43. Additionally, kernels prior 3.4 did not implement ``reboot_pid_ns``,
    44. 

  44. which means that the ``reboot()`` syscall could reboot the host machine,
    45. 

  45. instead of terminating the container. To work around that problem,
    46. 

  46. LXC userland tools (since version 0.8) automatically drop the ``SYS_BOOT``
    47. 

  47. capability when necessary. Still, if you run a pre-3.4 kernel with pre-0.8
    48. 

  48. LXC tools, be aware that containers can reboot the whole host! This is
    49. 

  49. not something that Docker wants to address in the short term, since you
    50. 

  50. shouldn't use kernels prior 3.8 with Docker anyway.
    51. 

  51. 

  52. While it is still possible to use older kernels for development, it is
    53. 

  53. really not advised to do so.
    54. 

  54. 

  55. Docker checks the kernel version when it starts, and emits a warning if it
    56. 

  56. detects something older than 3.8.
    57. 

  57. 

  58. See issue `#407 <https://github.com/dotcloud/docker/issues/407>`_ for details.
    59. 

  59. 

  60. 

  61. Cgroups and namespaces
    62. 

  62. ----------------------
    63. 

  63. 

  64. You need to enable namespaces and cgroups, to the extent of what is needed
    65. 

  65. to run LXC containers. Technically, while namespaces have been introduced
    66. 

  66. in the early 2.6 kernels, we do not advise to try any kernel before 2.6.32
    67. 

  67. to run LXC containers. Note that 2.6.32 has some documented issues regarding
    68. 

  68. network namespace setup and teardown; those issues are not a risk if you
    69. 

  69. run containers in a private environment, but can lead to denial-of-service
    70. 

  70. attacks if you want to run untrusted code in your containers. For more details,
    71. 

  71. see `LP#720095 <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/720095>`_.
    72. 

  72. 

  73. Kernels 2.6.38, and every version since 3.2, have been deployed successfully
    74. 

  74. to run containerized production workloads. Feature-wise, there is no huge
    75. 

  75. improvement between 2.6.38 and up to 3.6 (as far as docker is concerned!).
    76. 

  76. 

  77. 

  78. 

  79. 

  80. Extra Cgroup Controllers
    81. 

  81. ------------------------
    82. 

  82. 

  83. Most control groups can be enabled or disabled individually. For instance,
    84. 

  84. you can decide that you do not want to compile support for the CPU or memory
    85. 

  85. controller. In some cases, the feature can be enabled or disabled at boot
    86. 

  86. time. It is worth mentioning that some distributions (like Debian) disable
    87. 

  87. "expensive" features, like the memory controller, because they can have
    88. 

  88. a significant performance impact.
    89. 

  89. 

  90. In the specific case of the memory cgroup, docker will detect if the cgroup
    91. 

  91. is available or not. If it's not, it will print a warning, and it won't
    92. 

  92. use the feature. If you want to enable that feature -- read on!
    93. 

  93. 

  94. 

  95. Memory and Swap Accounting on Debian/Ubuntu
    96. 

  96. -------------------------------------------
    97. 

  97. 

  98. If you use Debian or Ubuntu kernels, and want to enable memory and swap
    99. 

  99. accounting, you must add the following command-line parameters to your kernel::
    100. 

  100. 

  101.     cgroup_enable=memory swapaccount=1
    102. 

  102. 

  103. On Debian or Ubuntu systems, if you use the default GRUB bootloader, you can
    104. 

  104. add those parameters by editing ``/etc/default/grub`` and extending
    105. 

  105. ``GRUB_CMDLINE_LINUX``. Look for the following line::
    106. 

  106. 

  107.     GRUB_CMDLINE_LINUX=""
    108. 

  108. 

  109. And replace it by the following one::
    110. 

  110. 

  111.     GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
    112. 

  112. 

  113. Then run ``update-grub``, and reboot.
    114.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5