Docker is a tool that simplifies the process of building container images. One of the issues with OpenStack is that building glance images is an off-line process. It is often difficult to track the contents of the images, how they where created and what software they contain.Docker also does not depend on virtualization; it creates linux container images that can be run directly by the host OS. This provides a much more efficient use of memory as well as better performance. It is a very attractive solution for DC operators that run a private infrastructure that serves in-house developed applications.
In order to run Docker as an openstack “hypervisor” start with devstack on ubuntu 12.04LTS. devstack includes a docker installer that will add a debian repository with the latest version of the docker packages.
After cloning the devstack repository one can issue the command:
tools/docker/install_docker.shFor OpenContrail there isn’t yet a similar install tool. I built the OpenContrail packages from source and installed them manually, modifying the configuration files in order to have config, control and compute-node components all running locally.
Next, I edited the devstack localrc file to have the following settings:
localrc
VIRT_DRIVER=docker
disable_service n-net
enable_service neutron
enable_service q-svc
Q_PLUGIN=contrail
NEUTRON_REPO=https://github.com/Juniper/neutron.git
NEUTRON_BRANCH=contrail/havana
I also added the following file to devstack:
lib/neutron_plugins/contrail
functionhas_neutron_plugin_security_group() {
return1
}
functionneutron_plugin_configure_common() {
Q_PLUGIN_CONF_PATH=etc/neutron/plugins/juniper/contrail
Q_PLUGIN_CONF_FILENAME=ContrailPlugin.ini
Q_DB_NAME=neutron
Q_PLUGIN_CLASS=neutron.plugins.juniper.contrail.contrailplugin.ContrailPlugin
}
functionneutron_plugin_configure_debug_command() {
:
}
functionneutron_plugin_create_nova_conf() {
NOVA_VIF_DRIVER=nova_contrail_vif.contrailvif.VRouterVIFDriver
}
functionneutron_plugin_configure_service() {
iniset $NEUTRON_CONF quotas quota_driver neutron.quota.ConfDriver
}
functionneutron_plugin_setup_interface_driver() {
:
}
functionneutron_plugin_check_adv_test_requirements() {
return0
}
functionis_neutron_ovs_base_plugin() {
return1
}
Unfortunately, the docker driver was moved out form the main nova code to stackforge. This requires the following change:
lib/nova_plugins/hypervisor_docker
diff --git a/lib/nova_plugins/hypervisor-docker b/lib/nova_plugins/hypervisor-docker
index cdbc4d1..b4c1db9 100644
--- a/lib/nova_plugins/hypervisor-docker
+++ b/lib/nova_plugins/hypervisor-docker
@@ -53,7 +53,8 @@ function cleanup_nova_hypervisor {
# configure_nova_hypervisor - Set config files, create data dirs, etc
function configure_nova_hypervisor {
- iniset $NOVA_CONF DEFAULT compute_driver docker.DockerDriver
+ iniset $NOVA_CONF DEFAULT compute_driver novadocker.virt.docker.driver.DockerDriver
iniset $GLANCE_API_CONF DEFAULT container_formats ami,ari,aki,bare,ovf,docker
}
The next step is to install the nova-docker package. The master branch is available athttps://github.com/stackforge/nova-docker. The fork that contains the opencontrail vif_driver is currently at https://github.com/pedro-r-marques/nova-docker.git in the branch “opencontrail”.
Before executing the nova-docker driver, i had create an extra rootwrap config file.
/etc/nova/rootwrap.d/docker.filters
[Filters]
# novadocker/virt/docker/driver.py: 'ln', '-sf'
There is an additional change that needs to be performed. The nova configuration file requires following lines to execute the opencontrail vif_driver rather than the default:
/etc/nova/nova.conf
[docker]
vif_driver = novadocker.virt.docker.opencontrail.OpenContrailVIFDriver
After this steps, you can execute stack.sh and boot an instance. The stack.sh script creates a network called “private”. In order to start a docker container via nova one can issue the command:
nova boot --image {image-uuid} --nic net-id={network-uuid} --flavor 1 {image-name}
And thats all folks!…
If we take a peak at the vif_driver code above it is really striking how few lines of code are involved.
There is some additional work that needs to be done in the backend; the compute-node API that is used for nova, neutron, docker and netns provisioning needs to be extracted into a single library. That needs to be sorted out… more than anything else we need a simple tool to install opencontrail from a ppa.
But in my mind, docker + opencontrail are a great combination for clusters built to host internally developed applications such as is the case of SaaS providers. Entire application stacks can be deployed in minutes, at scale.
The only piece missing is a compute scheduler that is designed to manage the instant load of an application rather than virtual machines that come in “flavor” size increments of memory consumption.
