Difference between revisions of "Docker"
(→Community) |
(→Resources: This isn't the place to promote commercial books) |
||
(27 intermediate revisions by 12 users not shown) | |||
Line 5: | Line 5: | ||
== Overview == | == Overview == | ||
− | The Docker driver is a hypervisor driver for Openstack Nova Compute. It | + | The Docker driver is a hypervisor driver for Openstack Nova Compute. It was introduced with the Havana release, but lives out-of-tree for Icehouse and Juno. Being out-of-tree has allowed the driver to reach maturity and feature-parity faster than would be possible should it have remained in-tree. It is expected the driver will return to mainline Nova in the Kilo release. |
[http://www.docker.io/ Docker] is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider. | [http://www.docker.io/ Docker] is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider. | ||
− | Docker | + | Docker provides management of Linux containers with a high level API providing a lightweight solution that runs processes in isolation. It provides a way to automate software deployment in a secure and repeatable environment. A Docker container includes a software component along with all of its dependencies - binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, etc. Docker can be run on any x64 Linux kernel supporting cgroups and aufs. |
− | Docker is a way of managing | + | Docker is a way of managing multiple containers on a single machine. However used behind Nova makes it much more powerful since it’s then possible to manage several hosts, which in turn manage hundreds of containers. The current Docker project aims for full OpenStack compatibility. |
− | Containers don't aim to be a replacement for VMs, they are | + | Containers don't aim to be a replacement for VMs, they are complementary in the sense that they are better for specific use cases. |
− | === What | + | === What unique advantages Docker bring over other containers technologies? === |
− | Docker takes advantage of | + | Docker takes advantage of containers and filesystem technologies in a high-level which are not generic enough to be managed by libvirt. |
− | * Process-level API: | + | * Process-level API: Docker can collect the standard outputs and inputs of the process running in each container for logging or direct interaction, it allows blocking on a container until it exits, setting its environment, and other process-oriented primitives which don’t fit well in libvirt’s abstraction. |
* Advanced change control at the filesystem level: Every change made on the filesystem is managed through [http://docs.docker.io/en/latest/commandline/command/diff/ a set of layers] which can be snapshotted, rolled back, diff-ed etc. | * Advanced change control at the filesystem level: Every change made on the filesystem is managed through [http://docs.docker.io/en/latest/commandline/command/diff/ a set of layers] which can be snapshotted, rolled back, diff-ed etc. | ||
* Image portability: The state of any docker container can be optionally committed as an image and shared through [http://docs.docker.io/en/latest/use/workingwithrepository/ a central image registry]. Docker images are designed to be portable across infrastructures, so they are a great building block for hybrid cloud scenarios. | * Image portability: The state of any docker container can be optionally committed as an image and shared through [http://docs.docker.io/en/latest/use/workingwithrepository/ a central image registry]. Docker images are designed to be portable across infrastructures, so they are a great building block for hybrid cloud scenarios. | ||
− | * Build facility: docker can automate the assembly of a container from an application’s source code. This gives developers an easy way to deploy payloads to an | + | * Build facility: docker can automate the assembly of a container from an application’s source code. This gives developers an easy way to deploy payloads to an OpenStack cluster as part of [http://docs.docker.io/en/latest/use/builder/ their development workflow]. |
− | === How the Nova hypervisor | + | === How does the Nova hypervisor work under the hood? === |
The Nova driver embeds a tiny HTTP client which talks with the Docker internal Rest API through a unix socket. It uses the HTTP API to control containers and fetch information about them. | The Nova driver embeds a tiny HTTP client which talks with the Docker internal Rest API through a unix socket. It uses the HTTP API to control containers and fetch information about them. | ||
− | + | The driver will fetch images from the OpenStack Image Service (Glance) and load them into the Docker filesystem. Images may be placed in Glance by exporting them from Docker using the 'docker save' command. | |
+ | |||
+ | Older versions of this driver required running a private [https://github.com/dotcloud/docker-registry docker-registry], which would proxy to [http://docs.openstack.org/developer/glance/ Glance]. This is no longer required. | ||
[[File:Docker-under-the-hood.png|center|500px]] | [[File:Docker-under-the-hood.png|center|500px]] | ||
− | == Configure OpenStack to enable Docker == | + | == Configure an existing OpenStack installation to enable Docker == |
+ | |||
+ | === Installing Docker for OpenStack === | ||
+ | |||
+ | The first requirement is to [http://docs.docker.io/en/latest/installation/ install Docker] on your compute hosts. | ||
− | + | In order for Nova to communicate with Docker over its local socket, add ''nova'' to the ''docker'' group and restart the compute service to pick up the change: | |
− | + | usermod -aG docker nova | |
+ | service openstack-nova-compute restart | ||
+ | You will also need to install the driver: | ||
+ | |||
+ | pip install -e git+https://github.com/stackforge/nova-docker#egg=novadocker | ||
+ | |||
+ | You should then install the required modules | ||
+ | cd src/novadocker/ | ||
+ | python setup.py install | ||
+ | |||
+ | You may optionally choose to create operating-system packages for this, or use another appropriate installation method for your deployment. | ||
=== Nova configuration === | === Nova configuration === | ||
Line 48: | Line 64: | ||
[DEFAULT] | [DEFAULT] | ||
− | compute_driver = docker.DockerDriver | + | compute_driver = novadocker.virt.docker.DockerDriver |
− | |||
− | |||
− | + | Create the directory /etc/nova/rootwrap.d, if it does not already exist, and inside that directory create a file "docker.filters" with the following content: | |
+ | # nova-rootwrap command filters for setting up network in the docker driver | ||
+ | # This file should be owned by (and only-writeable by) the root user | ||
+ | |||
+ | [Filters] | ||
+ | # nova/virt/docker/driver.py: 'ln', '-sf', '/var/run/netns/.*' | ||
+ | ln: CommandFilter, /bin/ln, root | ||
=== Glance configuration === | === Glance configuration === | ||
Line 62: | Line 82: | ||
container_formats = ami,ari,aki,bare,ovf,docker | container_formats = ami,ari,aki,bare,ovf,docker | ||
− | == | + | === Using Nova-Docker === |
− | |||
− | Using Docker | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Once you configured Nova to use the docker driver, the flow is the same as any | Once you configured Nova to use the docker driver, the flow is the same as any | ||
Line 96: | Line 98: | ||
Only images with a "docker" container format will be bootable. The image contains basically a tarball of the container filesystem. | Only images with a "docker" container format will be bootable. The image contains basically a tarball of the container filesystem. | ||
− | |||
− | |||
It's recommended to add new images to Glance by using Docker. For instance, here is how you can fetch images from the public registry and push them back to Glance in order to boot a Nova instance with it: | It's recommended to add new images to Glance by using Docker. For instance, here is how you can fetch images from the public registry and push them back to Glance in order to boot a Nova instance with it: | ||
Line 106: | Line 106: | ||
samalba/hipache https://github.com/dotcloud/hipache | samalba/hipache https://github.com/dotcloud/hipache | ||
− | Then, | + | Then, pull the image and push it to Glance: |
$ docker pull samalba/hipache | $ docker pull samalba/hipache | ||
− | $ docker | + | $ docker save samalba/hipache | glance image-create --is-public=True --container-format=docker --disk-format=raw --name samalba/hipache |
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | '''NOTE: The name you provide to glance must match the name by which the image is known to docker.''' | |
− | |||
− | |||
$ glance image-list | $ glance image-list | ||
Line 128: | Line 121: | ||
| 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari | ari | 3714968 | active | | | 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari | ari | 3714968 | active | | ||
| 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest | raw | docker | 2271596 | active | | | 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest | raw | docker | 2271596 | active | | ||
− | | 998f52ba-fe03-46b0-b5a6-4b... | hipache | + | | 998f52ba-fe03-46b0-b5a6-4b... | samalba/hipache | raw | docker | 486 | active | |
+-------------------------------+---------------------------------+-------------+------------------+----------+--------+ | +-------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ||
You can obviously boot instances from nova cli: | You can obviously boot instances from nova cli: | ||
− | $ nova boot --image " | + | $ nova boot --image "samalba/hipache" --flavor m1.tiny test |
+--------------------------------------+--------------------------------------+ | +--------------------------------------+--------------------------------------+ | ||
| Property | Value | | | Property | Value | | ||
+--------------------------------------+--------------------------------------+ | +--------------------------------------+--------------------------------------+ | ||
| OS-EXT-STS:task_state | scheduling | | | OS-EXT-STS:task_state | scheduling | | ||
− | | image | | + | | image | samalba/hipache | |
| OS-EXT-STS:vm_state | building | | | OS-EXT-STS:vm_state | building | | ||
| OS-EXT-SRV-ATTR:instance_name | instance-0000002d | | | OS-EXT-SRV-ATTR:instance_name | instance-0000002d | | ||
Line 182: | Line 175: | ||
docker ps | docker ps | ||
ID IMAGE COMMAND CREATED STATUS PORTS | ID IMAGE COMMAND CREATED STATUS PORTS | ||
− | f337c7fec5ff 10. | + | f337c7fec5ff samalba/hipache sh 10 seconds ago Up 10 seconds |
+ | |||
+ | The command used here is the one configured in the image. Each container image can have a command configured for the run. The driver does not usually override this. You can image booting an apache2 instance, it will start the apache process if the image is authored properly via a [http://docs.docker.io/en/latest/use/builder/ Dockerfile]. | ||
+ | |||
+ | == Configure DevStack to use Nova-Docker == | ||
+ | |||
+ | ''Using the Docker hypervisor via [http://devstack.org/ DevStack] replaces all manual configuration needed above.'' | ||
+ | |||
+ | Note: below, localadmin == admin user, adjust to suit your configuration | ||
+ | |||
+ | === Install the latest Docker release === | ||
+ | |||
+ | Ubuntu: | ||
+ | [ -e /usr/lib/apt/methods/https ] || { | ||
+ | sudo apt-get update | ||
+ | sudo apt-get install apt-transport-https | ||
+ | } | ||
+ | sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \ | ||
+ | --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 | ||
+ | sudo sh -c "echo deb https://get.docker.com/ubuntu docker main \ | ||
+ | > /etc/apt/sources.list.d/docker.list" | ||
+ | sudo apt-get update | ||
+ | sudo apt-get install -y lxc-docker | ||
+ | |||
+ | source /etc/bash_completion.d/docker # Docker file completion for bash | ||
+ | sudo bash -c "echo DOCKER_OPTS=\'-G localadmin\' >> /etc/default/docker" | ||
+ | sudo restart docker | ||
+ | docker version # Should work! | ||
+ | docker run -i -t ubuntu /bin/bash # Optional test step | ||
+ | |||
+ | Fedora: | ||
+ | sudo yum -y install docker | ||
+ | sudo yum -y update docker | ||
+ | sudo systemctl start docker | ||
+ | sudo systemctl enable docker | ||
+ | sudo docker run -i -t ubuntu /bin/bash | ||
+ | |||
+ | === Prepare Nova-Docker === | ||
+ | |||
+ | sudo apt-get update | ||
+ | sudo apt-get install -y python-pip python-dev | ||
+ | |||
+ | rm -rf /opt/stack/nova-docker | ||
+ | sudo mkdir -p /opt/stack | ||
+ | sudo git clone https://git.openstack.org/openstack/nova-docker /opt/stack/nova-docker | ||
+ | cd /opt/stack/nova-docker | ||
+ | # Check out a different version if not using master, i.e: | ||
+ | # sudo git checkout stable/kilo && sudo git pull --ff-only origin stable/kilo | ||
+ | sudo pip install . # The linecache2 error appears to be benign | ||
+ | |||
+ | === Set up Devstack === | ||
+ | |||
+ | Clone devstack (it is recommended to use the same releases of devstack and nova-docker, e.g., stable/kilo, master, etc.) | ||
+ | |||
+ | Before running [http://devstack.org/ DevStack]'s stack.sh script, configure the following options in the local.conf or localrc file: | ||
+ | |||
+ | [[local|localrc]] | ||
+ | VIRT_DRIVER=novadocker.virt.docker.DockerDriver | ||
+ | |||
+ | # Introduce glance to docker images | ||
+ | [[post-config|$GLANCE_API_CONF]] | ||
+ | [DEFAULT] | ||
+ | container_formats=ami,ari,aki,bare,ovf,ova,docker | ||
+ | |||
+ | Configure nova to use the nova-docker driver | ||
+ | Note: neutron is the default as of kilo | ||
+ | |||
+ | [[post-config|$NOVA_CONF]] | ||
+ | [DEFAULT] | ||
+ | compute_driver=novadocker.virt.docker.DockerDriver | ||
+ | |||
+ | echo "##### Introduce glance to docker images" >> local.conf | ||
+ | echo "[[post-config|\$GLANCE_API_CONF]]" >> local.conf | ||
+ | echo "[DEFAULT]" >> local.conf | ||
+ | echo container_formats=ami,ari,aki,bare,ovf,ova,docker >> local.conf | ||
+ | echo >> local.conf | ||
+ | echo "##### Configure nova to use the nova-docker driver" >> local.conf | ||
+ | echo "[[post-config|\$NOVA_CONF]]" >> local.conf | ||
+ | echo "[DEFAULT]" >> local.conf | ||
+ | echo compute_driver=novadocker.virt.docker.DockerDriver >> local.conf | ||
+ | echo >> local.conf | ||
+ | |||
+ | === Start Devstack === | ||
+ | ./stack.sh | ||
+ | |||
+ | === Testing Nova-Docker === | ||
+ | |||
+ | Copy the filters | ||
+ | sudo cp /opt/stack/nova-docker/etc/nova/rootwrap.d/docker.filters /etc/nova/rootwrap.d/ | ||
+ | |||
+ | Start a Container | ||
+ | |||
+ | . openrc admin | ||
+ | |||
+ | INSTANCE=d1 | ||
+ | IMAGE=cirros | ||
+ | |||
+ | docker pull ${IMAGE} | ||
+ | docker save ${IMAGE} | | ||
+ | glance image-create --name ${IMAGE} --visibility public --container-format docker --disk-format raw | ||
+ | |||
+ | nova boot --image ${IMAGE} --flavor m1.tiny ${INSTANCE} | ||
+ | sleep 10 | ||
+ | nova list | ||
+ | nova show ${INSTANCE} | ||
+ | |||
+ | Assign it a floating IP and connect to it | ||
+ | ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no cirros@${floatingip_ip} | ||
+ | |||
+ | == Configure DevStack to use Nova-Docker (alternate post-stack method) == | ||
+ | |||
+ | ''Using the Docker hypervisor via [http://devstack.org/ DevStack] replaces all manual configuration needed above.'' | ||
+ | |||
+ | Install Docker, then install Devstack and run ''stack.sh'' | ||
+ | |||
+ | Once ''stack.sh'' completes, run ''unstack.sh'' from the devstack directory | ||
+ | |||
+ | Install nova-docker: | ||
+ | |||
+ | git clone https://git.openstack.org/stackforge/nova-docker /opt/stack/nova-docker | ||
+ | cd /opt/stack/nova-docker | ||
+ | sudo python setup.py install | ||
+ | |||
+ | Prepare DevStack: | ||
+ | |||
+ | export INSTALLDIR={Devstack_Parent_Dir} | ||
+ | cd /opt/stack/nova-docker | ||
+ | ./contrib/devstack/prepare_devstack.sh | ||
+ | cd ${INSTALLDIR}/devstack | ||
+ | cat localrc >> local.conf | ||
+ | |||
+ | Run ''stack.sh'' from devstack directory: | ||
+ | |||
+ | $ ./stack.sh | ||
− | + | It may be necessary to install a Docker filter as well: | |
+ | |||
+ | sudo cp /opt/stack/nova-docker/etc/nova/rootwrap.d/docker.filters \ | ||
+ | /etc/nova/rootwrap.d/ | ||
+ | |||
+ | == Resources == | ||
+ | * Lars Kellogg-Stedman; [http://blog.oddbit.com/2015/02/11/installing-novadocker-with-devstack/ Installing Nova-Docker with Devstack] (blog post) | ||
== Community == | == Community == | ||
− | + | We have a [https://wiki.openstack.org/wiki/Nova#Nova_subteams Nova Subteam] and involvement of various contributors may be verified via Github's | |
− | + | [https://github.com/stackforge/nova-docker/graphs/contributors contributors page]. | |
− | + | ||
− | + | The Docker team is also involved with the more generic and highly-overlapping efforts of the [https://wiki.openstack.org/wiki/Meetings/Containers Nova Containers Sub-team]. | |
− | + | ||
− | + | We are available on IRC on Freenode in #nova-docker. The containers team may be found in #openstack-containers. | |
− |
Revision as of 02:42, 17 October 2016
Contents
Overview
The Docker driver is a hypervisor driver for Openstack Nova Compute. It was introduced with the Havana release, but lives out-of-tree for Icehouse and Juno. Being out-of-tree has allowed the driver to reach maturity and feature-parity faster than would be possible should it have remained in-tree. It is expected the driver will return to mainline Nova in the Kilo release.
Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider.
Docker provides management of Linux containers with a high level API providing a lightweight solution that runs processes in isolation. It provides a way to automate software deployment in a secure and repeatable environment. A Docker container includes a software component along with all of its dependencies - binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, etc. Docker can be run on any x64 Linux kernel supporting cgroups and aufs.
Docker is a way of managing multiple containers on a single machine. However used behind Nova makes it much more powerful since it’s then possible to manage several hosts, which in turn manage hundreds of containers. The current Docker project aims for full OpenStack compatibility.
Containers don't aim to be a replacement for VMs, they are complementary in the sense that they are better for specific use cases.
What unique advantages Docker bring over other containers technologies?
Docker takes advantage of containers and filesystem technologies in a high-level which are not generic enough to be managed by libvirt.
- Process-level API: Docker can collect the standard outputs and inputs of the process running in each container for logging or direct interaction, it allows blocking on a container until it exits, setting its environment, and other process-oriented primitives which don’t fit well in libvirt’s abstraction.
- Advanced change control at the filesystem level: Every change made on the filesystem is managed through a set of layers which can be snapshotted, rolled back, diff-ed etc.
- Image portability: The state of any docker container can be optionally committed as an image and shared through a central image registry. Docker images are designed to be portable across infrastructures, so they are a great building block for hybrid cloud scenarios.
- Build facility: docker can automate the assembly of a container from an application’s source code. This gives developers an easy way to deploy payloads to an OpenStack cluster as part of their development workflow.
How does the Nova hypervisor work under the hood?
The Nova driver embeds a tiny HTTP client which talks with the Docker internal Rest API through a unix socket. It uses the HTTP API to control containers and fetch information about them.
The driver will fetch images from the OpenStack Image Service (Glance) and load them into the Docker filesystem. Images may be placed in Glance by exporting them from Docker using the 'docker save' command.
Older versions of this driver required running a private docker-registry, which would proxy to Glance. This is no longer required.
Configure an existing OpenStack installation to enable Docker
Installing Docker for OpenStack
The first requirement is to install Docker on your compute hosts.
In order for Nova to communicate with Docker over its local socket, add nova to the docker group and restart the compute service to pick up the change:
usermod -aG docker nova service openstack-nova-compute restart
You will also need to install the driver:
pip install -e git+https://github.com/stackforge/nova-docker#egg=novadocker
You should then install the required modules
cd src/novadocker/ python setup.py install
You may optionally choose to create operating-system packages for this, or use another appropriate installation method for your deployment.
Nova configuration
Nova needs to be configured to use the Docker virt driver.
Edit the configuration file /etc/nova/nova.conf according to the following options:
[DEFAULT] compute_driver = novadocker.virt.docker.DockerDriver
Create the directory /etc/nova/rootwrap.d, if it does not already exist, and inside that directory create a file "docker.filters" with the following content:
# nova-rootwrap command filters for setting up network in the docker driver # This file should be owned by (and only-writeable by) the root user [Filters] # nova/virt/docker/driver.py: 'ln', '-sf', '/var/run/netns/.*' ln: CommandFilter, /bin/ln, root
Glance configuration
Glance needs to be configured to support the "docker" container format. It's important to leave the default ones in order to not break an existing glance install.
[DEFAULT] container_formats = ami,ari,aki,bare,ovf,docker
Using Nova-Docker
Once you configured Nova to use the docker driver, the flow is the same as any other driver.
$ glance image-list +-------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +-------------------------------+---------------------------------+-------------+------------------+----------+--------+ | f5049d8b-93cf-49ab-af56-e7... | cirros-0.3.1-x86_64-uec | ami | ami | 25165824 | active | | 0f1ec86c-157f-4f22-9889-c0... | cirros-0.3.1-x86_64-uec-kernel | aki | aki | 4955792 | active | | 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari | ari | 3714968 | active | | 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest | raw | docker | 2271596 | active | +-------------------------------+---------------------------------+-------------+------------------+----------+--------+
Only images with a "docker" container format will be bootable. The image contains basically a tarball of the container filesystem.
It's recommended to add new images to Glance by using Docker. For instance, here is how you can fetch images from the public registry and push them back to Glance in order to boot a Nova instance with it:
$ docker search hipache Found 3 results matching your query ("hipache") NAME DESCRIPTION samalba/hipache https://github.com/dotcloud/hipache
Then, pull the image and push it to Glance:
$ docker pull samalba/hipache $ docker save samalba/hipache | glance image-create --is-public=True --container-format=docker --disk-format=raw --name samalba/hipache
NOTE: The name you provide to glance must match the name by which the image is known to docker.
$ glance image-list +-------------------------------+---------------------------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +-------------------------------+---------------------------------+-------------+------------------+----------+--------+ | f5049d8b-93cf-49ab-af56-e7... | cirros-0.3.1-x86_64-uec | ami | ami | 25165824 | active | | 0f1ec86c-157f-4f22-9889-c0... | cirros-0.3.1-x86_64-uec-kernel | aki | aki | 4955792 | active | | 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari | ari | 3714968 | active | | 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest | raw | docker | 2271596 | active | | 998f52ba-fe03-46b0-b5a6-4b... | samalba/hipache | raw | docker | 486 | active | +-------------------------------+---------------------------------+-------------+------------------+----------+--------+
You can obviously boot instances from nova cli:
$ nova boot --image "samalba/hipache" --flavor m1.tiny test +--------------------------------------+--------------------------------------+ | Property | Value | +--------------------------------------+--------------------------------------+ | OS-EXT-STS:task_state | scheduling | | image | samalba/hipache | | OS-EXT-STS:vm_state | building | | OS-EXT-SRV-ATTR:instance_name | instance-0000002d | | OS-SRV-USG:launched_at | None | | flavor | m1.micro | | id | 31086c50-f937-4f80-9790-045096ecb32c | | security_groups | [{u'name': u'default'}] | | user_id | 1a3eed38d1344e869dd019b3636db12b | | OS-DCF:diskConfig | MANUAL | | accessIPv4 | | | accessIPv6 | | | progress | 0 | | OS-EXT-STS:power_state | 0 | | OS-EXT-AZ:availability_zone | nova | | config_drive | | | status | BUILD | | updated | 2013-08-25T00:22:32Z | | hostId | | | OS-EXT-SRV-ATTR:host | None | | OS-SRV-USG:terminated_at | None | | key_name | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | name | test | | adminPass | QwczSPAAT6Mm | | tenant_id | 183a9b7ed7c6465f97387458d693ca4c | | created | 2013-08-25T00:22:31Z | | os-extended-volumes:volumes_attached | [] | | metadata | {} | +--------------------------------------+--------------------------------------+
Once the instance is booted:
$ nova list +--------------------------------------+------+--------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------------+ | 31086c50-f937-4f80-9790-045096ecb32c | test | ACTIVE | None | Running | private=10.0.0.2 | +--------------------------------------+------+--------+------------+-------------+------------------+
You can also see the corresponding container on docker:
$ docker ps docker ps ID IMAGE COMMAND CREATED STATUS PORTS f337c7fec5ff samalba/hipache sh 10 seconds ago Up 10 seconds
The command used here is the one configured in the image. Each container image can have a command configured for the run. The driver does not usually override this. You can image booting an apache2 instance, it will start the apache process if the image is authored properly via a Dockerfile.
Configure DevStack to use Nova-Docker
Using the Docker hypervisor via DevStack replaces all manual configuration needed above.
Note: below, localadmin == admin user, adjust to suit your configuration
Install the latest Docker release
Ubuntu:
[ -e /usr/lib/apt/methods/https ] || { sudo apt-get update sudo apt-get install apt-transport-https } sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \ --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 sudo sh -c "echo deb https://get.docker.com/ubuntu docker main \ > /etc/apt/sources.list.d/docker.list" sudo apt-get update sudo apt-get install -y lxc-docker source /etc/bash_completion.d/docker # Docker file completion for bash sudo bash -c "echo DOCKER_OPTS=\'-G localadmin\' >> /etc/default/docker" sudo restart docker docker version # Should work! docker run -i -t ubuntu /bin/bash # Optional test step
Fedora:
sudo yum -y install docker sudo yum -y update docker sudo systemctl start docker sudo systemctl enable docker sudo docker run -i -t ubuntu /bin/bash
Prepare Nova-Docker
sudo apt-get update sudo apt-get install -y python-pip python-dev rm -rf /opt/stack/nova-docker sudo mkdir -p /opt/stack sudo git clone https://git.openstack.org/openstack/nova-docker /opt/stack/nova-docker cd /opt/stack/nova-docker # Check out a different version if not using master, i.e: # sudo git checkout stable/kilo && sudo git pull --ff-only origin stable/kilo sudo pip install . # The linecache2 error appears to be benign
Set up Devstack
Clone devstack (it is recommended to use the same releases of devstack and nova-docker, e.g., stable/kilo, master, etc.)
Before running DevStack's stack.sh script, configure the following options in the local.conf or localrc file:
localrc VIRT_DRIVER=novadocker.virt.docker.DockerDriver # Introduce glance to docker images $GLANCE_API_CONF [DEFAULT] container_formats=ami,ari,aki,bare,ovf,ova,docker
Configure nova to use the nova-docker driver Note: neutron is the default as of kilo
$NOVA_CONF [DEFAULT] compute_driver=novadocker.virt.docker.DockerDriver
echo "##### Introduce glance to docker images" >> local.conf echo "\$GLANCE_API_CONF" >> local.conf echo "[DEFAULT]" >> local.conf echo container_formats=ami,ari,aki,bare,ovf,ova,docker >> local.conf echo >> local.conf echo "##### Configure nova to use the nova-docker driver" >> local.conf echo "\$NOVA_CONF" >> local.conf echo "[DEFAULT]" >> local.conf echo compute_driver=novadocker.virt.docker.DockerDriver >> local.conf echo >> local.conf
Start Devstack
./stack.sh
Testing Nova-Docker
Copy the filters
sudo cp /opt/stack/nova-docker/etc/nova/rootwrap.d/docker.filters /etc/nova/rootwrap.d/
Start a Container
. openrc admin INSTANCE=d1 IMAGE=cirros docker pull ${IMAGE} docker save ${IMAGE} | glance image-create --name ${IMAGE} --visibility public --container-format docker --disk-format raw nova boot --image ${IMAGE} --flavor m1.tiny ${INSTANCE} sleep 10 nova list nova show ${INSTANCE}
Assign it a floating IP and connect to it
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no cirros@${floatingip_ip}
Configure DevStack to use Nova-Docker (alternate post-stack method)
Using the Docker hypervisor via DevStack replaces all manual configuration needed above.
Install Docker, then install Devstack and run stack.sh
Once stack.sh completes, run unstack.sh from the devstack directory
Install nova-docker:
git clone https://git.openstack.org/stackforge/nova-docker /opt/stack/nova-docker cd /opt/stack/nova-docker sudo python setup.py install
Prepare DevStack:
export INSTALLDIR={Devstack_Parent_Dir} cd /opt/stack/nova-docker ./contrib/devstack/prepare_devstack.sh cd ${INSTALLDIR}/devstack cat localrc >> local.conf
Run stack.sh from devstack directory:
$ ./stack.sh
It may be necessary to install a Docker filter as well:
sudo cp /opt/stack/nova-docker/etc/nova/rootwrap.d/docker.filters \ /etc/nova/rootwrap.d/
Resources
- Lars Kellogg-Stedman; Installing Nova-Docker with Devstack (blog post)
Community
We have a Nova Subteam and involvement of various contributors may be verified via Github's contributors page.
The Docker team is also involved with the more generic and highly-overlapping efforts of the Nova Containers Sub-team.
We are available on IRC on Freenode in #nova-docker. The containers team may be found in #openstack-containers.