cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Linux namespace container (LXC, Docker, containers) support

Owen Tuz shared this idea 7 years ago
Completed

Linux namespace containers are increasingly being used to provide lightweight virtualisation, as in products like LXC, Docker's 'libcontainer' and our own 'containers':


https://linuxcontainers.org/


http://blog.docker.com/2014/03/docker-0-9-introducing-execution-drivers-and-libcontainer/


https://github.com/arachsys/containers


User namespaces have been an official part of the Linux kernel for some time and have been considered feature-complete since the 3.8 release (we're at 3.14 right now).


There is a current feature request for Docker, and at least one older mention of LXC already on your system, both of which this request would cover:


http://features.cpanel.net/responses/dockerio-support


http://forums.cpanel.net/f145/lxc-linux-containers-support-vps-optimized-version-case-56188-a-161038.html


As noted in the above request for Docker support, Red Hat and Openstack have both LXC and Docker support in the roadmap:


https://wiki.openstack.org/wiki/HypervisorSupportMatrix


Since the above (two-year old) request, LXC has matured significantly and passed its 1.0 release. Docker is also approaching 1.0, and containers are at 1.2.


If cPanel could provide official support for this mainline kernel feature, it would open up a lot of new platforms for customers to run your products under the existing 'VPS' licence.

Best Answer
photo

We have official support for namespace containers in cPanel version 11.52. Please note that in development and testing we have only tested LXC. If the namespace containers you prefer sets up the system in a similar way then it should be properly detected for VPS licensing.


We have found that some combinations will require more admin work, and present problems not resolvable within the container. For example (using LXC as reference) CentOS 7 containers on a Debian Jessie host can encounter capability constraints when certain system files are modified. It will be up to each hosting provider to identify and resolve these issues in order to provide their customers with a great experience.


Namespaced container identification is in the 11.51.9999 builds now available on our EDGE tier. We look forward to your comments and feedback.


Support for Docker-style containers is being tracked by a different request (http://features.cpanel.net/responses/dockerio-support). While it may be possible to run cPanel & WHM inside a Docker style container it is not recommended at this time.

Comments (11)

photo
2

This feature request would allow for more flexible (and cost effective) deployment options. For example running DNS-Only nodes in containers with dynamically scalable resources, would reduce the impact of load spikes (and denial of service attacks) while minimizing the baseline cost during normal low load conditions.


Supporting this feature request will have a direct impact on both the quality of service and cost of operations for many cPanel/WHM customers.

photo
1

We're about to start testing Docker to get a better idea of the options it's got, but I can think of using it for options like private mysql where you would run multiple instances of MySQL so each user gets thier own query cache and a user using too many ressources would not slow other users down.


I can also see this allowing things like nodejs… This does seem to be the future of webhosting.

photo
2

For reference purposes, the internal case is # 56188.

photo
1

kenf wrote:

For reference purposes, the internal case is # 56188.
Thanks, Ken.


I see that the case 56188 above only references LXC, which is only one product using these kernel features - may I ask if the internal case has been updated to cover namespace containers overall? Or is it still LXC-specific?


One follow-up to my original text - Docker has now reached 1.0, and introduced enterprise support:


http://blog.docker.com/2014/06/its-here-docker-1-0/

photo
1

looks like we have a duplicate feature request: http://features.cpanel.net/responses/dockerio-support

photo
1

Perhaps not a duplicate, exactly - as I said in my comment on the linked thread, Docker support would definitely be one benefit to this request being accepted.


These are mainstream Linux kernel features, though, so supporting them would allow cPanel to support a standard which is used by several projects and not just by Docker.


I'm just being careful not to tie these together, as Docker support on its own could potentially mean different things - for example, a decision to implement more Docker-specific features.

photo
1

Owen,


The case is still LXC specific and will likely remain so, though subcases may be opened for other things like Docker, should we proceed in this direction.


Docker and LXC are two different things, where Docker extends upon LXC. This is the only feature request for LXC. The Docker request does not show up in searches for LXC, which may be why this request has received more attention than the Docker request.

photo
1

This isn't a request for LXC either, to be clear - Docker no longer uses LXC, and we don't use LXC for our own code either (https://github.com/arachsys/containers).


However, all three have one core technology in common - the Linux kernel's features that allow containerisation.

photo
1

Any news on LXC support yet?

photo
1

We have official support for namespace containers in cPanel version 11.52. Please note that in development and testing we have only tested LXC. If the namespace containers you prefer sets up the system in a similar way then it should be properly detected for VPS licensing.


We have found that some combinations will require more admin work, and present problems not resolvable within the container. For example (using LXC as reference) CentOS 7 containers on a Debian Jessie host can encounter capability constraints when certain system files are modified. It will be up to each hosting provider to identify and resolve these issues in order to provide their customers with a great experience.


Namespaced container identification is in the 11.51.9999 builds now available on our EDGE tier. We look forward to your comments and feedback.


Support for Docker-style containers is being tracked by a different request (http://features.cpanel.net/responses/dockerio-support). While it may be possible to run cPanel & WHM inside a Docker style container it is not recommended at this time.

photo
1

Excellent news!


I did test install, it works, except for EasyApache - I submitted a ticket already, I hope this gets resolved soon.


What is the ETA to get this into RELEASE and STABLE tiers?


b.

photo
1

Thank you for testing it!


We expect our first production release to happen in early September. Best case is 11.52 makes it to the RELEASE tier in late September.

photo
1

Excellent.


What is the licensing plan for this environment? VPS license or dedi?


b.

photo
1

VPS licensing, as I mentioned in my earlier post.

photo
1

Now we only need to determine whether cPanel works in an unprivileged container. Fingers crossed, as this would be a real benefit security-wise.


b.

photo
1

We have not tested with an unprivileged setup. As long as there is a UID 0 inside the container things should work. Please pass along any findings from your analysis.

photo
1

Already doing it with your analysts. There is uid 0 inside. It will probably mess with quota support and any mounting that cPanel is trying to do, if any. Will continue there and post here when issue is resolved.

Replies have been locked on this page!