ZeroTier One makes ZeroTier virtual networks available as 'tap' virtual network ports. To do this inside a Docker container requires a few elevated permissions and access to the /dev/net/tun device.

Fortunately this is easy:

# docker run -it --rm --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun centos:7 [... command ...]

(SYS_ADMIN is needed because NET_ADMIN does not include the ioctl() required to put /dev/net/tun in tap mode. IMHO this is a bug in Linux's capability model but it would have to be fixed upstream.)

Here's a transcript of an example session where we start a command prompt in a test container, install ZeroTier One, start it (must be done manually here because the container does not run init or systemd), join a test network, and ping something.

# docker run -it --rm --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun centos:7 /bin/bash

[root@5b88595860bc /]# curl https://install.zerotier.com/ | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 12243  100 12243    0     0  18523      0 --:--:-- --:--:-- --:--:-- 18550

*** ZeroTier One Quick Install for Unix-like Systems

*** Supported targets for this script:
***    MacOS (10.7+) on x86_64 (just installs ZeroTier One.pkg)
***    Linux / Debian (wheezy or newer) on i386, x86_64, and armhf (Raspbian/jessie only)
***    Linux / Ubuntu (trusty or newer) on i386 and x86_64
***    Linux / SuSE (12+) on i386 and x86_64
***    Linux / CentOS (6+) on i386 and x86_64
***    Linux / Fedora (22+) on i386 and x86_64
***    Linux / Amazon (2016.03+) on x86_64

*** Please report problems to contact@zerotier.com and we will try to fix ASAP!

*** Detecting Linux Distribution

*** Found RHEL/CentOS, creating /etc/yum.repos.d/zerotier.repo

*** Installing zerotier-one package...
[ ... snipped a bunch of yum install output ...]

*** Enabling and starting zerotier-one service...
Created symlink from /etc/systemd/system/multi-user.target.wants/zerotier-one.service to /usr/lib/systemd/system/zerotier-one.service.
Failed to get D-Bus connection: Operation not permitted

*** Package installed but cannot start service! You may be in a Docker
*** container or using a non-standard init service.

[root@5b88595860bc /]# /usr/sbin/zerotier-one -d
[root@5b88595860bc /]# /usr/sbin/zerotier-cli join 8056c2e21c000001
200 join OK
[root@5b88595860bc /]# /usr/sbin/zerotier-cli listnetworks         
200 listnetworks       
200 listnetworks 8056c2e21c000001 - 02:e6:10:ab:69:33 REQUESTING_CONFIGURATION PRIVATE zt0 -
[root@5b88595860bc /]# /usr/sbin/zerotier-cli listnetworks
200 listnetworks       
200 listnetworks 8056c2e21c000001 earth.zerotier.net 02:e6:10:ab:69:33 OK PUBLIC zt0 fd80:56c2:e21c:0000:0199:93e6:10b7:8bf1/88,28.183.140.10/7
[root@5b88595860bc /]# ping earth.zerotier.net
PING earth.zerotier.net (29.209.112.93) 56(84) bytes of data.
64 bytes from 29.209.112.93: icmp_seq=1 ttl=64 time=12.7 ms
64 bytes from 29.209.112.93: icmp_seq=2 ttl=64 time=13.1 ms
64 bytes from 29.209.112.93: icmp_seq=3 ttl=64 time=17.2 ms
64 bytes from 29.209.112.93: icmp_seq=4 ttl=64 time=17.4 ms
^C
--- earth.zerotier.net ping statistics ---
10 packets transmitted, 6 received, +4 errors, 40% packet loss, time 9046ms
rtt min/avg/max/mdev = 12.777/15.016/17.444/2.080 ms, pipe 4
[root@5b88595860bc /]# exit


You may also want to use visual panels to communicate related information, tips or things users need to be aware of.

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.



Related issues