Proxmox VE is a virtualization platform, like VMWare, but open source, based on Debian. It can run KVM virtual machines and Linux Containers (LXC). I’ve been using it for over 10 years, the first article I wrote mentioning it was in 2012. At home I have a 2 node Proxmox VE cluster with 2 HP EliteDesk Mini machines, both running with 16GB RAM and both an NVMe and SATA SSD with ZFS on the root (256GB). It’s quite small (physically) and adequate for my homelab needs. Proxmox VE 9.1 was recently released and this new version is able to run Docker containers/OCI images natively, no further hacks or VMs required to run Docker. This post shows you how to run a simple container from a Docker image.
Recently I removed all Google ads from this site due to their invasive tracking as well as Google Analytics. Please, if you find this content useful, consider a small donation using any of the options below. It would mean a lot to me if you showed your appreciation and helped pay for server costs:
GitHub Sponsorship
PCBWay Referral Link (After you place your order you get $5, I get $20)
Digital Osea Referral Link ($200 credit for 60 days. Spend $25 after your credit expires and I’ll get $25!)
Introduction and information about the OCI Image feature of Proxmox VE 9.1
Linux containers (LXC) in Proxmox VE behave more like virtual machines than Docker containers most of the time. A Docker container runs an application, an LXC container runs a whole slew (init system, ssh, an entire distribution). As far as I remember, Proxmox VE has no official way to run Docker containers natively. They recommend running Docker inside a Proxmox QEMU virtual machine. Sometimes (recently), docker-inside-lxc actually breaks.
But no one wants to manage an entire VM just to play with a few containers and running Docker directly on your Proxmox VE host is also a bad idea.
He did something very clever. They convert the container image into a full-fledged LXC image. At some places it seems that Scopio has been used.
Citing a forum post with more details:
May I ask why Docker LXC is a no-no?
This usually causes frequent problems between our use of Apparmer and other parts of our code base. So we highly discourage it. However, with the release of Proxmox VE 9.1 you can use OCI templates for application containers on Proxmox VE.
This means that you can run Docker containers as application containers on Proxmox VE just like you would run any other LXC container. It works by translating Docker images (which are OCI images) into LXC containers on Proxmox VE.
Not everything is working yet, at the time of writing this is still a technical preview:
Although it may be convenient to run “application containers” directly as Proxmox containers, doing so is currently a technology preview. For use cases requiring container orchestration or live migration, it is still recommended to run them inside a Proxmox QEMU virtual machine.
In the current technology preview state of our OCI image support, all layers are crushed into a single rootfs upon container creation. Because of this, you cannot currently update a container by simply swapping in a new image.
So technically the title of this article is wrong, you are not running Docker containers natively, they are converted. But for what it’s worth, it already saves a lot of time. Now only if Proxmox VE is supported docker-compose
Files, it will be even more amazing.
Upgrading Containers (A docker pull) is not straightforward (yet), it requires tampering with the data volume and recreating a container. The console doesn’t even provide a shell in most containers, it only shows the stdout/in of the main init process.
run pct enter xxx Left me inside a working shell in the converted container.
Starting OCI Image in Proxmox VE 9.1.1
Make sure you have updated Proxmox VE to at least 9.1.1.
Starting a Docker container (OCI image, I will use these terms interchangeably in this article) consists of two steps, first you need to download the image into template storage, then you can create a container from that image.
Go to your storage and click Pull from OCI Registry button:
Enter the full URL in the container image. For example, docker.io/eclipse-mosquitto:
(If you misspell the URL you will get strange errors, I got a few errors mentioning “unauthorized” when I had it just a typo in the context, nothing to do with authorization).
Click on the download button and see the image being pulled:
That was the storage part. Now the container part. Click Create CT
button, fill the first tab and on the second (Template) tab, select the OCI image we just downloaded:
But Disks tab, you can add additional volumes below the mount point, in this case for the Mosquito configuration:
It is comparable with -v Option when running docker container to mount local directory inside the container
Fill out the other tabs as you normally would. This is the summary page:
In Create In the job output you can see that Proxmox VE detected that the image is an OCI container/Docker image. A few additional things will be done to “convert” it to an LXC container:
Thats all there is to it. You can now start your container and enjoy all the features you typically get from an LXC container managed by Proxmox VE.
The console shows an additional notification regarding it being an OCI image based container:
In my case the console did not work, as mentioned before, but I was able to log into the container fine:
After editing the Mosquito configuration (at /mosquitto/config Volume) and upon restarting the container I was able to connect properly:
# example config:
listener 1883
allow_anonymous true
Once the container is created, environment variables are available in the Options tab:
(but not currently during initialization)
I also tried official nginx Docker container image, that worked fine too. This will be a major time saver when running containers.
Tags: docker, homelab, kvm, linux, lxc, oci, proxmox, proxmox-v, qmu, sysadmin, tutorial, virtualization