Docker Community Forums

Share and learn in the Docker community.

Kvm installation in docker failing

Hi I am facing issue while installing kvm in docker if anybody have any idea please share
below are the commands which i have used.

Docker file:
RUN apt-get update -y && \

DEBIAN_FRONTEND=noninteractive apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils vagrant && \

apt-get autoclean && \

apt-get autoremove && \

vagrant plugin install vagrant-libvirt

COPY startup.sh /

ENTRYPOINT ["/startup.sh"]

RUN adduser root kvm

RUN adduser root libvirt

RUN usermod -a -G libvirt,kvm root
#USER instruction sets the user name as jenkins

USER root
WORKDIR /home/jenkins

startup.sh:
#!/bin/bash
set -eou pipefail

echo “inside startup”
#chown root:kvm /dev/kvm
service libvirtd start
service virtlogd start

exec “$@”

startup.sh
#!/bin/bash
set -eou pipefail

chown root:kvm /dev/kvm
service libvirtd start
service virtlogd start

exec “$@”
Remember to chmod +x startup.sh.

Bring up the container.

docker build -t vmindocker:latest -f Dockerfile .
docker run --privileged -it vmindocker bash
In the container, check for virtualisation support

root@51c19e93d3e5:/# egrep -c ‘(vmx|svm)’ /proc/cpuinfo
If 0 it means that your CPU doesn’t support hardware virtualization.

If 1 or more it does - but you still need to make sure that virtualization is enabled in the BIOS.

Alternatively, check that the container can host hardware accelerated KVM virtual machines.

root@51c19e93d3e5:/# kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
Spin up a VM in the container.

vagrant init generic/alpine37
vagrant up
vagrant ssh
Unprivileged container
I tried to run this process in an unprivileged container and ended up running it this way

docker run -it --device=/dev/kvm --device=/dev/net/tun -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --security-opt apparmor=unconfined vmindocker bash
The following led me to add the long string of commands above, plus you’d need some of the troubleshooting steps below.

–security-opt apparmor=unconfined --> Because apparmor refused to let me do anything and I did not want to disable it completely on my computer.
This is just an Ubuntu issue https://github.com/docker/labs/tree/master/security/apparmor#no-profile

Error while activating network: Call to virNetworkCreate failed: error creating bridge interface virbr1: Operation not permitted. --> CAP_NET_ADMIN

permission denied --> CAP_SYS_ADMIN

Error while activating network: Call to virNetworkCreate failed: Unable to open /dev/net/tun, is tun module loaded?: No such file or directory. --> create /dev/net/tun

Error while activating network: Call to virNetworkCreate failed: Unable to set bridge virbr1 forward_delay: Read-only file system. --> mount -o remount,rw /sys

Call to virNetworkCreate failed: cannot write to /proc/sys/net/ipv6/conf/virbr1/disable_ipv6 to enable/disable IPv6 on bridge virbr1: Read-only file system --> mount -o remount,rw /proc/sys

Call to virDomainCreateWithFlags failed: Failed to create controller cpu for group: Read-only file system --> -v /sys/fs/cgro