At the 2017 Red Hat Summit, several people asked me “We normally use full VMs to separate network services like DNS and DHCP, can we use containers instead?”. The answer is yes, and here’s an example of how to create a system container in Red Hat Enterprise Linux 7 today.
The Goal
Create a network service that can be updated independently of any other services of the system, yet easily managed and updated from the host.
Let’s explore setting up a BIND server running under systemd in a container. In this part, we’ll look at building our container, as well as managing the BIND configuration and data files.
In Part Two, we’ll look at how systemd on the host integrates with systemd in the container. We’ll explore managing the service in the container, and enabling it as a service on the host.
Creating the Bind Container
To get systemd working inside a container easily, we first need to add two packages on the host: oci-register-machine and oci-systemd-hook. The oci-systemd-hook hook allows us to run systemd in a container without needing to use a privileged container or manually configuring tmpfs and cgroups. The oci-register-machine hook allows us to keep track of the container with the systemd tools like systemctl and machinectl.
Read more at Red Hat blog
