Create the Ultimate Virtualization and Container Setup (KVM, LXC, Docker) with Management GUIs

7
Proxmox Docker Portainer Title
Proxmox Docker Portainer Title

We have been pioneering a new solution that is the ultimate virtualization and container setup for development servers/ labs. We have used Proxmox VE for many years as a stable, Debian Linux based, KVM virtualization platform. Aside from virtualization, Proxmox VE has features such as high-availability clustering, Ceph storage, ZFS storage and etc built-in. While enterprises may love VMware ESXi, Proxmox VE is a great open alternative that saves an enormous amount on license costs.

Given the market Proxmox VE is targeted at, it adopted LXC as its container solution. We have many readers that love the Proxmox VE for its power and simplicity but wanted to add Docker containers given their popularity. With the next-generation Debian Stretch-based Proxmox VE 5.0 coming, we wanted to do a how-to guide on getting everything setup so that you can have Proxmox plus Docker with a Portainer web GUI to manage everything.

If you want to discuss this here is the original thread.

Proxmox VE + Docker + Portainer GUI How-to Video

Here is a video guide showing the setup from installation through starting a Monero Mining container via the Portainer web GUI.

We do want to caution that you may want to change the directories and users involved, and we will not recommend this for production. As a developer system, it works great. As described here, it is a security nightmare

Proxmox VE + Docker + Portainer.io GUI Steps and Commands

Video coming soon but I wanted to document the steps:

1. Install Proxmox VE 5.0
2. Make the following sources adjustments so you can update:

To fix this first add the no subscription sources:

# nano /etc/apt/sources.list
add:
deb http://download.proxmox.com/debian stretch pve-no-subscription

Then remove the enterprise source:

# nano /etc/apt/sources.list.d/pve-enterprise.list
comment out (add a # symbol in front) of this line:
# deb https://enterprise.proxmox.com/debian stretch pve-enterprise
Then update the machine
apt-get update && apt-get dist-upgrade -y

3. Reboot
4. Install docker-ce:

apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
apt-key fingerprint 0EBFCD88
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
apt-get update && apt-get install docker-ce -y

You should now be able to do docker ps and see no containers are running.

5. Install Portainer with a persistent container

Just for ease of getting started, we are going to make a directory on the boot drive. You should move this to other storage, but this makes it simple for a guide:

mkdir /root/portainer/data

Install Portainer for a Docker WebGUI:

docker run -d -p 9000:9000 -v /root/portainer/data:/data -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer

Again, make the directory on ZFS storage or similar, not in the root directory.

Wait about 15-30 seconds after you see Portainer start (you can check “docker ps” to see status.)

6. Your login URLs will be the following ports:

Proxmox GUI: https://<serverip>:8006
Portainer GUI: http://<serverip>:9000

At this point, you now have a GUI for everything you might want.

7. You may also configure Proxmox to restart on boot:

sudo systemctl enable docker

7 COMMENTS

  1. I would love a more detailed description of a more secure setup. Are you planning to make a more elaborate one in the near future?

  2. Thanks for the guide. I installed Docker and Portainer on top of Proxmox 4.4. it required one small changes in sources.list. Rather than pointing to the “Stretch” repo, I pointed to the “Jessie” repo with the following: deb http://download.proxmox.com/debian jessie pve-no-subscription

  3. 2nd vote for hardening this, if possible.
    In the meantime looking at Joyent Triton. Need something secure.

  4. Update: Triton is too big. Is there something inherently insecure about this, or can we just use best practices?

  5. If I understand correctly, the security issue is that Docker runs as root, so an attack on a container could potentially escalate its way to the host, which would then have root access of your Proxmox OS.

  6. I completed this guide and was content on having docker working inside Proxmox4. My issue is I lost the network on the proxmox kvms i created since docker took over the 172.x.x.x . I am new to linux, what is the easy fix for this? I was leaning on creating another virtual network but not sure on how to hook that to my existing kvms.

  7. Has anyone run into issues where the bridge network doesn’t work for VM’s with this setup? I did a clean install and none of my VMs (all created after Docker setup) have internet access unless I switch them to NAT. I’m also seeing a lot of errors in the syslog about veth devices.

    Aug 25 08:51:04 pve kernel: br-a3505c2f1aea: port 1(veth0c726fc) entered disabled state
    Aug 25 08:51:04 pve kernel: device veth0c726fc left promiscuous mode
    Aug 25 08:51:04 pve kernel: br-a3505c2f1aea: port 1(veth0c726fc) entered disabled state
    Aug 25 08:51:04 pve systemd-udevd[22640]: Could not generate persistent MAC address for veth2fcf5b9: No such file or directory
    Aug 25 08:51:04 pve kernel: br-a3505c2f1aea: port 1(veth2fcf5b9) entered blocking state
    Aug 25 08:51:04 pve kernel: br-a3505c2f1aea: port 1(veth2fcf5b9) entered disabled state
    Aug 25 08:51:04 pve kernel: device veth2fcf5b9 entered promiscuous mode
    Aug 25 08:51:04 pve kernel: IPv6: ADDRCONF(NETDEV_UP): veth2fcf5b9: link is not ready
    Aug 25 08:51:04 pve kernel: br-a3505c2f1aea: port 1(veth2fcf5b9) entered blocking state
    Aug 25 08:51:04 pve kernel: br-a3505c2f1aea: port 1(veth2fcf5b9) entered forwarding state
    Aug 25 08:51:04 pve systemd-udevd[22639]: Could not generate persistent MAC address for veth59ae241: No such file or directory
    Aug 25 08:51:04 pve kernel: eth0: renamed from veth59ae241
    Aug 25 08:51:04 pve kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth2fcf5b9: link becomes ready
    Aug 25 08:51:13 pve kernel: br-a3505c2f1aea: port 1(veth2fcf5b9) entered disabled state
    Aug 25 08:51:13 pve kernel: veth59ae241: renamed from eth0
    Aug 25 08:51:13 pve kernel: br-a3505c2f1aea: port 1(veth2fcf5b9) entered disabled state
    Aug 25 08:51:13 pve kernel: device veth2fcf5b9 left promiscuous mode
    ….
    Aug 25 08:54:54 pve kernel: br-a3505c2f1aea: port 1(vethe8aa3a1) entered blocking state
    Aug 25 08:54:54 pve kernel: br-a3505c2f1aea: port 1(vethe8aa3a1) entered disabled state

LEAVE A REPLY

Please enter your comment!
Please enter your name here