Containers are hot. It is the latest buzzword. Unfortunately buzzwords are not always the right way to go, but I have been wanting to use containers as a first class citizen on OpenStack for a while.
In Icehouse, Heat has support for containers but only in the sense that you can launch an instance and then launch a container within that instance (Scott Lowe – has a good walkthrough for this – it is a great read).
First a bit of history.
The Docker driver is a hypervisor driver for Openstack Nova Compute. It was introduced with the Havana release, but lives out-of-tree for Icehouse and Juno. Being out-of-tree has allowed the driver to reach maturity and feature-parity faster than would be possible should it have remained in-tree. It is expected the driver will return to mainline Nova in the Kilo release.
From the announcement for Juno
Many operational updates were also made this cycle including improvements for rescue mode that users requested as well as allowing per-network setting on nova-network code. Key drivers were added such as bare metal as a service (Ironic) and Docker support through StackForge.
I set out to try it out. This is my environment:
- Fedora 20 (x64)
- All in one RDO installation of OpenStack (2014.2)
First things first was to get OpenStack up and running (that I am not going to go into how that is done in this post).
The stages are as follows:
- Install Docker on the compute node
- Install required packages to install nova-docker driver
- Config file changes
- Dockerize all the things!!
Install Docker on the compute Node
Following the documentation (do so for your Linux distribution)
yum -y remove docker yum -y install docker-io
Then start the docker services and set them to run at startup
systemctl start docker systemctl enable docker
Now to test that Docker is working correctly without OpenStack
docker run -i -t ubuntu /bin/bash
If all is good then you should see something similar to the screenshots below.
Now we know that Docker is working correctly.
Install required packages to install nova-docker driver
Following the OpenStack documentation for Docker.
There are two packages needed to start, pip (python-pi) and git.
yum install -y python-pip git
Then we get the nova-docker driver from Stackforge and install it.
pip install -e git+https://github.com/stackforge/nova-docker#egg=novadocker cd src/novadocker/ python setup.py install
This will pull the files from github - will place them under your current working directory. Then you install the modules required for the driver.
Config file changes
The default compute driver needs to be changed, edit your /etc/nova/nova.conf and change the following option.
[DEFAULT] compute_driver = novadocker.virt.docker.DockerDriver
Create the directory /etc/nova/rootwrap.d, if it does not already exist, and inside that directory create a file "docker.filters" with the following content:
# nova-rootwrap command filters for setting up network in the docker driver # This file should be owned by (and only-writeable by) the root user [Filters] # nova/virt/docker/driver.py: 'ln', '-sf', '/var/run/netns/.*' ln: CommandFilter, /bin/ln, root
Glance is the place where all the images are stored – and it used to be the case that you needed a private docker registry – but this is no longer the case, they can be added directly.
Edit the /etc/glance/glance-api.conf file and add docker to the supported container_formats value like the following example.
# Supported values for the 'container_format' image attribute container_formats=ami,ari,aki,bare,ovf,ova,docker
We now need to restart the services for the new setting to take effect.
systemctl restart openstack-nova-compute systemctl restart openstack-glance-api
If all is well and there were no configuration errors – then you are good to go.
Dockerize all the things!!
No demonstration is ever complete without showing the deployment of a Wordpress application (why in the hell is it always Wordpress???).
We pull the Wordpress container into the host and then push it into Glance (assuming you have already sourced the credentials for Keystone/Glance)
docker pull tutum/wordpress docker save tutum/wordpress | glance image-create --is-public=True --container-format=docker --disk-format=raw --name tutum/wordpress
**The image name has to be the same as container name
And now to boot the new instance
nova boot --image "tutum/wordpress" --flavor m1.tiny test
Opening a web browser to the instance that received an IP from Neutron.
And hey presto – Wordpress!
This was a preliminary test – still many things to check…
- Automation (Heat)
- Bug problems
- and so on…
Happy Dockerizing!! (and yes it seems that is actually a word)