Docker is an open-source project that automates the deployment of applications inside software containers, by providing an additional layer of abstraction and automation of operating-system-level virtualization on Linux. The software container mechanism uses resource isolation features inside the Linux kernel, such as cgroups and kernel namespaces to allow multiple containers to run within a single Linux instance, avoiding the overhead of starting and maintaining virtual machines. Containers are lightweight and include everything needed to run themselves: code, runtime, system tools, system libraries and settings. The main advantage provided by containers is that the encapsulated software is isolated from its surroundings. For example, differences between development and staging environments can be kept separate in order to reduce conflicts between teams running different software on the same infrastructure. For a better understanding of what Docker is and how it works, the official documentation provided on the Docker website should be consulted: https://docs.docker.com/.

Docker provides a hello-world container which checks whether your system is running the daemon correctly. This container can be launched by simply running: docker run hello-world If your installation is working correctly, the following message should be outputted:Hello from Docker!

Enea NFV Access guest images can run inside Docker as any other container can. Before starting an Enea NFV Access guest image, a root filesystem has to be imported in Docker: docker import enea-linux-virtualization-guest-qemux86-64.tar.gz el7guest To check that the Docker image has been imported successfully, run: docker images Finally, start an Enea NFV Access container with bash running as the shell, by running: docker run -it el7guest /bin/bash

Any system resource present on the host machine can be attached or accessed by a Docker container. Typically, if a file or folder on the host machine needs to be attached to a container, that container should be launched with the -v parameter. For example, to attach the roots home folder to a container, the command line for Docker should have the following format: docker run -it -v /home/root:/home/host_root/ el7guest /bin/bash To check that folders have been properly passed from the host to the container, create a file in the source folder on the host root filesystem and check for its existence inside the containers destination location.

If OVS is running on the host and vhost file descriptors need to be passed to the container, this can be done by either mapping the folder where all the file descriptors are located or mapping the file descriptor itself: Mapping the folder can be done as exemplified above: docker run -it --rm -v /var/run/openvswitch/:/var/run/openvswitch/ el7guest /bin/bash Mapping a file descriptor is done in a similar way, but the -v flag needs to point directly to it: docker run -it --rm -v /var/run/openvswitch/vhost-user1 el7guest /bin/bash

Hugepages mount folders can also be accessed by a container similarly to how a plain folder is mapped, as shown in 1.3. For example, if the host system has hugepages mounted in the /mnt/huge location, a container can also access hugepages by being launched with: docker run -it -v /mnt/huge el7guest /bin/bash

If the host machine has multiple SRIOV instances created, a container can access the instances by being given privileged access to the host system. Unlike folders, PCI devices do not have to be mounted explicitly in order to be accessed and will be available to the container if the --privileged flag is passed to the command line: docker run --privileged -it el7guest /bin/bash