ZeroTier One makes ZeroTier virtual networks available as 'tap' virtual network ports. To do this inside a Docker container requires a few elevated permissions and access to the /dev/net/tun device.
Fortunately this is easy:
# docker run -it --rm --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun centos:7 [... command ...]
(SYS_ADMIN is needed because NET_ADMIN does not include the ioctl() required to put /dev/net/tun in tap mode. IMHO this is a bug in Linux's capability model but it would have to be fixed upstream.)
Here's a transcript of an example session where we start a command prompt in a test container, install ZeroTier One, start it (must be done manually here because the container does not run init or systemd), join a test network, and ping something.
# docker run -it --rm --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun centos:7 /bin/bash
[root@5b88595860bc /]# curl https://install.zerotier.com/ | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 12243 100 12243 0 0 18523 0 --:--:-- --:--:-- --:--:-- 18550
*** ZeroTier One Quick Install for Unix-like Systems
*** Supported targets for this script:
*** MacOS (10.7+) on x86_64 (just installs ZeroTier One.pkg)
*** Linux / Debian (wheezy or newer) on i386, x86_64, and armhf (Raspbian/jessie only)
*** Linux / Ubuntu (trusty or newer) on i386 and x86_64
*** Linux / SuSE (12+) on i386 and x86_64
*** Linux / CentOS (6+) on i386 and x86_64
*** Linux / Fedora (22+) on i386 and x86_64
*** Linux / Amazon (2016.03+) on x86_64
*** Please report problems to contact@zerotier.com and we will try to fix ASAP!
*** Detecting Linux Distribution
*** Found RHEL/CentOS, creating /etc/yum.repos.d/zerotier.repo
*** Installing zerotier-one package...
[ ... snipped a bunch of yum install output ...]
*** Enabling and starting zerotier-one service...
Created symlink from /etc/systemd/system/multi-user.target.wants/zerotier-one.service to /usr/lib/systemd/system/zerotier-one.service.
Failed to get D-Bus connection: Operation not permitted
*** Package installed but cannot start service! You may be in a Docker
*** container or using a non-standard init service.
[root@5b88595860bc /]# /usr/sbin/zerotier-one -d
[root@5b88595860bc /]# /usr/sbin/zerotier-cli join 8056c2e21c000001
200 join OK
[root@5b88595860bc /]# /usr/sbin/zerotier-cli listnetworks
200 listnetworks
200 listnetworks 8056c2e21c000001 - 02:e6:10:ab:69:33 REQUESTING_CONFIGURATION PRIVATE zt0 -
[root@5b88595860bc /]# /usr/sbin/zerotier-cli listnetworks
200 listnetworks
200 listnetworks 8056c2e21c000001 earth.zerotier.net 02:e6:10:ab:69:33 OK PUBLIC zt0 fd80:56c2:e21c:0000:0199:93e6:10b7:8bf1/88,28.183.140.10/7
[root@5b88595860bc /]# ping earth.zerotier.net
PING earth.zerotier.net (29.209.112.93) 56(84) bytes of data.
64 bytes from 29.209.112.93: icmp_seq=1 ttl=64 time=12.7 ms
64 bytes from 29.209.112.93: icmp_seq=2 ttl=64 time=13.1 ms
64 bytes from 29.209.112.93: icmp_seq=3 ttl=64 time=17.2 ms
64 bytes from 29.209.112.93: icmp_seq=4 ttl=64 time=17.4 ms
^C
--- earth.zerotier.net ping statistics ---
10 packets transmitted, 6 received, +4 errors, 40% packet loss, time 9046ms
rtt min/avg/max/mdev = 12.777/15.016/17.444/2.080 ms, pipe 4
[root@5b88595860bc /]# exitStep-by-step guide
Related articles
| Filter by label (Content by label) |
|---|
| showLabels | false |
|---|
| max | 5 |
|---|
| spaces | com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@a51 |
|---|
| showSpace | false |
|---|
| sort | modified |
|---|
| reverse | true |
|---|
| type | page |
|---|
| cql | label in ("container","docker","linux") and type = "page" and space = "SD" |
|---|
| labels | docker linux container |
|---|
|
...