Jump to: navigation, search

Difference between revisions of "Docker"

(Configure OpenStack to enable Docker)
Line 101: Line 101:
 
It's recommended to add new images to Glance by using Docker. For instance, here is how you can fetch images from the public registry and push them back to Glance in order to boot a Nova instance with it:
 
It's recommended to add new images to Glance by using Docker. For instance, here is how you can fetch images from the public registry and push them back to Glance in order to boot a Nova instance with it:
  
$ docker search hipache
+
  $ docker search hipache
 
  Found 3 results matching your query ("hipache")
 
  Found 3 results matching your query ("hipache")
 
  NAME                            DESCRIPTION
 
  NAME                            DESCRIPTION
Line 108: Line 108:
 
Then, tag the image with the docker-registry location and push it.
 
Then, tag the image with the docker-registry location and push it.
  
$ docker tag samalba/hipache 10.0.2.15:5042/hipache
+
  $ docker pull samalba/hipache
$ docker push samalba/hipache 10.0.2.15:5042/hipache
+
  $ docker tag samalba/hipache 10.0.2.15:5042/hipache
 +
  $ docker push 10.0.2.15:5042/hipache
 
  The push refers to a repository [10.0.2.15:5042/hipache] (len: 1)
 
  The push refers to a repository [10.0.2.15:5042/hipache] (len: 1)
 
  Sending image list
 
  Sending image list
Line 119: Line 120:
 
In this case, the docker-registry (running in a docker container with a port mapped on 5042) will push the images to Glance. From there Nova can reach them and you can verify it with the glance cli.
 
In this case, the docker-registry (running in a docker container with a port mapped on 5042) will push the images to Glance. From there Nova can reach them and you can verify it with the glance cli.
  
$ glance image-list
+
  $ glance image-list
 
  +-------------------------------+---------------------------------+-------------+------------------+----------+--------+
 
  +-------------------------------+---------------------------------+-------------+------------------+----------+--------+
 
  | ID                            | Name                            | Disk Format | Container Format | Size    | Status |
 
  | ID                            | Name                            | Disk Format | Container Format | Size    | Status |
Line 132: Line 133:
 
You can obviously boot instances from nova cli:
 
You can obviously boot instances from nova cli:
  
$ nova boot --image "docker-busybox:latest" --flavor m1.tiny test
+
  $ nova boot --image "docker-busybox:latest" --flavor m1.tiny test
 
  +--------------------------------------+--------------------------------------+
 
  +--------------------------------------+--------------------------------------+
 
  | Property                            | Value                                |
 
  | Property                            | Value                                |

Revision as of 20:02, 4 November 2013


Overview

The Docker driver is a hypervisor driver for Openstack Nova Compute. It has been introduced with the Havana release.

Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider.

Docker extends LXC with a high level API providing a lightweight virtualization solution that runs processes in isolation. It provides a way to automate software deployment in a secure and repeatable environment. A Standard Container in Docker contains a software component along with all of its dependencies - binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, etc. Docker can be run on any x64 Linux kernel that supports cgroups and aufs.

Docker is a way of managing LXC containers on a single machine. However used behind Nova makes it much more powerful since it’s then possible to manage several hosts which will then manage hundreds of containers. The current Docker project aims for full OpenStack compatibility.

Containers don't aim to be a replacement for VMs, they are just complementary in the sense that they are better for specific use cases. Nova support for VMs is currently advanced thanks to the variety of hypervisors running VMs. However it's not the case for containers even though libvirt/LXC is a good starting point. Docker aims to go the second level of integration.


What does Docker bring to the current libvirt/lxc support?

Docker takes advantage of LXC and the AUFS file system to offer specific capabilities which are definitely not generic enough to be provided by libvirt:

  • Process-level API: For example docker can collect the standard outputs and inputs of the process running in each container for logging or direct interaction, it allows blocking on a container until it exits, setting its environment, and other process-oriented primitives which don’t fit well in libvirt’s abstraction.
  • Advanced change control at the filesystem level: Every change made on the filesystem is managed through a set of layers which can be snapshotted, rolled back, diff-ed etc.
  • Image portability: The state of any docker container can be optionally committed as an image and shared through a central image registry. Docker images are designed to be portable across infrastructures, so they are a great building block for hybrid cloud scenarios.
  • Build facility: docker can automate the assembly of a container from an application’s source code. This gives developers an easy way to deploy payloads to an Openstack cluster as part of their development workflow.


How the Nova hypervisor works under the hood?

The Nova driver embeds a tiny HTTP client which talks with the Docker internal Rest API through a unix socket. It uses the HTTP API to control containers and fetch information about them.

By using an embedded docker-registry, Docker can push and pull images from Glance. The registry usually lives in a container (see the DevStack part below) but it can be deployed outside a container as well.

Docker-under-the-hood.png

Configure OpenStack to enable Docker

First of all, the first requirement is to install Docker.

If you just want to try it quickly, you can just follow the following slides as a tutorial: http://www.slideshare.net/dotCloud/docker-open-stack


Nova configuration

Nova needs to be configured to use the Docker virt driver.

Edit the configuration file /etc/nova/nova.conf according to the following options:

[DEFAULT]
compute_driver = docker.DockerDriver

Optionally if you want to use your own docker-registry which listens on a port different than 5042, you can override the following option:

docker_registry_default_port = 5042


Glance configuration

Glance needs to be configured to support the "docker" container format. It's important to leave the default ones in order to not break an existing glance install.

[DEFAULT]
container_formats = ami,ari,aki,bare,ovf,docker

Deployment with DevStack

Using Docker hypervisor through DevStack replaces all manual configuration needed above.

Before running DevStack's stack.sh script, configure the following options in the "localrc" file:

VIRT_DRIVER=docker

Then, run Docker install script from the devstack directory:

NOTE: socat is needed for the script (usually installed by stack.sh). If you don't have socat installed, run "apt-get install socat"

$ ./tools/docker/install_docker.sh

Finally, run stack.sh from devstack directory:

$ ./stack.sh

How to use it

Once you configured Nova to use the docker driver, the flow is the same as any other driver.

$ glance image-list
+-------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                            | Name                            | Disk Format | Container Format | Size     | Status |
+-------------------------------+---------------------------------+-------------+------------------+----------+--------+
| f5049d8b-93cf-49ab-af56-e7... | cirros-0.3.1-x86_64-uec         | ami         | ami              | 25165824 | active |
| 0f1ec86c-157f-4f22-9889-c0... | cirros-0.3.1-x86_64-uec-kernel  | aki         | aki              | 4955792  | active |
| 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari         | ari              | 3714968  | active |
| 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest           | raw         | docker           | 2271596  | active |
+-------------------------------+---------------------------------+-------------+------------------+----------+--------+

Only images with a "docker" container format will be bootable. The image contains basically a tarball of the container filesystem.

NOTE: Docker supports inheritance between images, so it's possible to have several "docker" images without a name (None). It's usually an image dependence. These images are bootable as well, the filesystem will basically have a previous state. But it's probably not what you want to use in the first place.

It's recommended to add new images to Glance by using Docker. For instance, here is how you can fetch images from the public registry and push them back to Glance in order to boot a Nova instance with it:

 $ docker search hipache
Found 3 results matching your query ("hipache")
NAME                             DESCRIPTION
samalba/hipache                  https://github.com/dotcloud/hipache

Then, tag the image with the docker-registry location and push it.

 $ docker pull samalba/hipache
 $ docker tag samalba/hipache 10.0.2.15:5042/hipache
 $ docker push 10.0.2.15:5042/hipache
The push refers to a repository [10.0.2.15:5042/hipache] (len: 1)
Sending image list
Pushing repository 10.0.2.15:5042/hipache (1 tags)
Push 100% complete

Note that "10.0.2.15" is the IP address of my host, it would definitely work with "localhost" since my docker-registry is inside a container (however the port is important).

In this case, the docker-registry (running in a docker container with a port mapped on 5042) will push the images to Glance. From there Nova can reach them and you can verify it with the glance cli.

 $ glance image-list
+-------------------------------+---------------------------------+-------------+------------------+----------+--------+
| ID                            | Name                            | Disk Format | Container Format | Size     | Status |
+-------------------------------+---------------------------------+-------------+------------------+----------+--------+
| f5049d8b-93cf-49ab-af56-e7... | cirros-0.3.1-x86_64-uec         | ami         | ami              | 25165824 | active |
| 0f1ec86c-157f-4f22-9889-c0... | cirros-0.3.1-x86_64-uec-kernel  | aki         | aki              | 4955792  | active |
| 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari         | ari              | 3714968  | active |
| 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest           | raw         | docker           | 2271596  | active |
| 998f52ba-fe03-46b0-b5a6-4b... | hipache:latest                  | raw         | docker           | 486      | active |
+-------------------------------+---------------------------------+-------------+------------------+----------+--------+

You can obviously boot instances from nova cli:

 $ nova boot --image "docker-busybox:latest" --flavor m1.tiny test
+--------------------------------------+--------------------------------------+
| Property                             | Value                                |
+--------------------------------------+--------------------------------------+
| OS-EXT-STS:task_state                | scheduling                           |
| image                                | docker-busybox:latest                |
| OS-EXT-STS:vm_state                  | building                             |
| OS-EXT-SRV-ATTR:instance_name        | instance-0000002d                    |
| OS-SRV-USG:launched_at               | None                                 |
| flavor                               | m1.micro                             |
| id                                   | 31086c50-f937-4f80-9790-045096ecb32c |
| security_groups                      | [{u'name': u'default'}]              |
| user_id                              | 1a3eed38d1344e869dd019b3636db12b     |
| OS-DCF:diskConfig                    | MANUAL                               |
| accessIPv4                           |                                      |
| accessIPv6                           |                                      |
| progress                             | 0                                    |
| OS-EXT-STS:power_state               | 0                                    |
| OS-EXT-AZ:availability_zone          | nova                                 |
| config_drive                         |                                      |
| status                               | BUILD                                |
| updated                              | 2013-08-25T00:22:32Z                 |
| hostId                               |                                      |
| OS-EXT-SRV-ATTR:host                 | None                                 |
| OS-SRV-USG:terminated_at             | None                                 |
| key_name                             | None                                 |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | None                                 |
| name                                 | test                                 |
| adminPass                            | QwczSPAAT6Mm                         |
| tenant_id                            | 183a9b7ed7c6465f97387458d693ca4c     |
| created                              | 2013-08-25T00:22:31Z                 |
| os-extended-volumes:volumes_attached | []                                   |
| metadata                             | {}                                   |
+--------------------------------------+--------------------------------------+

Once the instance is booted:

$ nova list
+--------------------------------------+------+--------+------------+-------------+------------------+
| ID                                   | Name | Status | Task State | Power State | Networks         |
+--------------------------------------+------+--------+------------+-------------+------------------+
| 31086c50-f937-4f80-9790-045096ecb32c | test | ACTIVE | None       | Running     | private=10.0.0.2 |
+--------------------------------------+------+--------+------------+-------------+------------------+

You can also see the corresponding container on docker:

$ docker ps
docker ps
ID              IMAGE                                  COMMAND      CREATED             STATUS          PORTS
f337c7fec5ff    10.0.2.15:5042/docker-busybox:latest   sh           10 seconds ago      Up 10 seconds

The command used here is the one configured in the image. Each container image can have a command configured for the run. The driver does not override this. You can image booting an apache2 instance, it will start the apache process if the image is authored properly via a Dockerfile.

Community