2014-10-28

Nova-Docker on Juno

Containers are hot. It is the latest buzzword. Unfortunately buzzwords are not always the right way to go, but I have been wanting to use containers as a first class citizen on OpenStack for a while.

In Icehouse, Heat has support for containers but only in the sense that you can launch an instance and then launch a container within that instance (Scott Lowe – has a good walkthrough for this – it is a great read).

First a bit of history.

DockerStackThe Docker driver is a hypervisor driver for Openstack Nova Compute. It was introduced with the Havana release, but lives out-of-tree for Icehouse and Juno. Being out-of-tree has allowed the driver to reach maturity and feature-parity faster than would be possible should it have remained in-tree. It is expected the driver will return to mainline Nova in the Kilo release.

The Docker driver was removed from Nova – due to CI issues and migrated to Stackforge for the Icehouse release.

From the announcement for Juno

Many operational updates were also made this cycle including improvements for rescue mode that users requested as well as allowing per-network setting on nova-network code. Key drivers were added such as bare metal as a service (Ironic) and Docker support through StackForge.

I set out to try it out. This is my environment:

  • Fedora 20 (x64)
  • All in one RDO installation of OpenStack (2014.2)

First things first was to get OpenStack up and running (that I am not going to go into how that is done in this post).

The stages are as follows:

  1. Install Docker on the compute node
  2. Install required packages to install nova-docker driver
  3. Config file changes
  4. Dockerize all the things!!

Install Docker on the compute Node

Following the documentation (do so for your Linux distribution)

yum -y remove docker
yum -y install docker-io

Then start the docker services and set them to run at startup

systemctl start docker
systemctl enable docker

Now to test that Docker is working correctly without OpenStack

docker run -i -t ubuntu /bin/bash

If all is good then you should see something similar to the screenshots below.

docker run

docker ps

Now we know that Docker is working correctly.

Install required packages to install nova-docker driver

Following the OpenStack documentation for Docker.

There are two packages needed to start, pip (python-pi) and git.

yum install -y python-pip git

Then we get the nova-docker driver from Stackforge and install it.

pip install -e git+https://github.com/stackforge/nova-docker#egg=novadocker
cd src/novadocker/
python setup.py install

This will pull the files from github - will place them under your current working directory. Then you install the modules required for the driver.

Config file changes

The default compute driver needs to be changed, edit your /etc/nova/nova.conf and change the following option.

[DEFAULT]
compute_driver = novadocker.virt.docker.DockerDriver

Create the directory /etc/nova/rootwrap.d, if it does not already exist, and inside that directory create a file "docker.filters" with the following content:

# nova-rootwrap command filters for setting up network in the docker driver
# This file should be owned by (and only-writeable by) the root user

[Filters]
# nova/virt/docker/driver.py: 'ln', '-sf', '/var/run/netns/.*'
ln: CommandFilter, /bin/ln, root

Glance is the place where all the images are stored – and it used to be the case that you needed a private docker registry – but this is no longer the case, they can be added directly.

Edit the /etc/glance/glance-api.conf file and add docker to the supported container_formats value like the following example.

# Supported values for the 'container_format' image attribute
container_formats=ami,ari,aki,bare,ovf,ova,docker

We now need to restart the services for the new setting to take effect.

systemctl restart openstack-nova-compute
systemctl restart openstack-glance-api

If all is well and there were no configuration errors – then you are good to go.

Dockerize all the things!!

No demonstration is ever complete without showing the deployment of a Wordpress application (why in the hell is it always Wordpress???).

We pull the Wordpress container into the host and then push it into Glance (assuming you have already sourced the credentials for Keystone/Glance)

docker pull tutum/wordpress
docker save tutum/wordpress | glance image-create --is-public=True --container-format=docker --disk-format=raw --name tutum/wordpress

**The image name has to be the same as container name

docker pull

glance image-create

image

And in the GUI

Horizon

And now to boot the new instance

nova boot --image "tutum/wordpress" --flavor m1.tiny test

nova boot

Here is the Console log

console log

Opening a web browser to the instance that received an IP from Neutron.

And hey presto – Wordpress!

Hey - Wordpress

This was a preliminary test – still many things to check…

  • Automation (Heat)
  • Bug problems
  • and so on…

Happy Dockerizing!! (and yes it seems that is actually a word)