Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Running Third-Party Applications in Containers

 

To run your own applications on Junos OS Evolved, you have the option to deploy them inside a Docker container. The container runs on Junos OS Evolved, and the agents run inside the container, keeping them isolated from the OS. Containers are installed in a separate partition mounted at /var/extensions.

Note

Docker containers are not integrated into Junos OS Evolved, they are created and managed entirely through Linux by using Docker commands. For more information on Docker containers and commands, see the official Docker documentation: https://docs.docker.com/get-started/

Containers have default limits for the resources that they can use from the system:

  • Storage – The size of the /var/extensions partition is platform driven: 8GB or 30% of the total size of /var, whichever is smaller.

  • Memory – Containers have a default limit of 2GB or 10% of total physical memory, whichever is smaller.

  • CPU – Containers have a default limit of 20% max CPU use across all cores.

Note

You can modify the resource limits on containers if necessary. See Modifying Resource Limits for Containers.

Deploying a Docker Container

To deploy a docker container:

  1. Start the docker service using the vrf0 socket:
    [vrf:vrf0] user@host_RE0:~# systemctl start docker@vrf0
  2. Set the following setenv variable:
    [vrf:vrf0] user@host_RE0:~# export DOCKER_HOST=unix:///run/docker-vrf0.sock
  3. Import the image.Note

    The URL for the import command needs to be changed for different containers.

    [vrf:vrf0] user@host_RE0:~# docker import http://198.0.2.2/lxc-images/images/pyez_new/2.1.9/amd64/default/20190225_19:53/rootfs.tar.xz
  4. Make sure the image is downloaded, and get the image ID.
    [vrf:vrf0] user@host_RE0:~# docker image ls
  5. Create a container using the image ID and enter a bash session in that container.
    [vrf:vrf0] user@host_RE0:~# docker create -it --name pyez1 --network=host 738c70533604 bash
    Note

    Docker containers are daemonized by default unless you use the -it argument.

Managing a Docker Container

Docker containers are managed through Linux workflow. Use the ps or top Linux commands to show which Docker containers are running, and use Docker commands to manage the containers. For more information on Docker commands, see: https://docs.docker.com/engine/reference/commandline/cli/

You need to provide additional arguments to Docker commands if your container requires extra capabilities like Netlink or Packet IO. The following example shows how to activate Netlink or Packet IO capabilities for a container by adding arguments to a Docker command:

  1. Create a read-only name persistent volume upon starting Docker services:

  2. Share the host’s network namespace with the container process:

  3. Automatically start the container upon system reboot:

  4. Enable net admin capability, which is required by Netlink and Packet IO libraries:

  5. Enable the environmental variables required for Netlink and Packet IO:

Selecting a VRF for a Docker Container

Containers inherit virtual routing and forwarding (VRF) from the Docker daemon. In order to run containers in a distinct VRF, a Docker daemon instance needs to be started in the corresponding VRF. The docker@vrf.service instance allows for starting a daemon in the corresponding VRF. If the VRF is unspecified, the VRF defaults to vrf0.

The docker.service runs in vrf:none by default.

The docker daemon for a specific VRF listens on corresponding socket located at /run/docker-vrf.sock.

The Docker client gets associated with the VRF specific docker daemon by use the following arguments:

For example, to run a container in vrf0 enter the following Docker command and arguments:

Note

A container can only be associated to a single VRF.

Modifying Resource Limits for Containers

The default resource limits for containers are controlled through a file located at /etc/extensions/platform_attributes. You will see the following text upon opening this file:

To change the resource limits for containers, add values to the EXTENSIONS entries at the bottom of the file:

  • EXTENSIONS_FS_DEVICE_SIZE_MIB= controls the maximum storage space that containers can use. Enter the value in bytes. The default value is 8GB or 30% of the total size of /var, whichever is smaller.

  • EXTENSIONS_CPU_QUOTA_PERCENTAGE= controls the maximum CPU usage that containers can use. Enter a value as a percentage of CPU usage. The default value is 20% max CPU use across all cores

  • EXTENSIONS_MEMORY_MAX_MIB= controls the maximum amount of physical memory that containers can use. Enter the value in bytes. The default value is 2GB or 10% of total physical memory, whichever is smaller.

Caution

Before modifying the resource limits for containers, be aware of the CPU and memory requirements for the scale you have to support in your configuration. Exercise caution when increasing resource limits for containers to prevent them from causing a strain on your system.