2014-10-28

Nova-Docker on Juno

Containers are hot. It is the latest buzzword. Unfortunately buzzwords are not always the right way to go, but I have been wanting to use containers as a first class citizen on OpenStack for a while.

In Icehouse, Heat has support for containers but only in the sense that you can launch an instance and then launch a container within that instance (Scott Lowe – has a good walkthrough for this – it is a great read).

First a bit of history.

DockerStackThe Docker driver is a hypervisor driver for Openstack Nova Compute. It was introduced with the Havana release, but lives out-of-tree for Icehouse and Juno. Being out-of-tree has allowed the driver to reach maturity and feature-parity faster than would be possible should it have remained in-tree. It is expected the driver will return to mainline Nova in the Kilo release.

The Docker driver was removed from Nova – due to CI issues and migrated to Stackforge for the Icehouse release.

From the announcement for Juno

Many operational updates were also made this cycle including improvements for rescue mode that users requested as well as allowing per-network setting on nova-network code. Key drivers were added such as bare metal as a service (Ironic) and Docker support through StackForge.

I set out to try it out. This is my environment:

  • Fedora 20 (x64)
  • All in one RDO installation of OpenStack (2014.2)

First things first was to get OpenStack up and running (that I am not going to go into how that is done in this post).

The stages are as follows:

  1. Install Docker on the compute node
  2. Install required packages to install nova-docker driver
  3. Config file changes
  4. Dockerize all the things!!

Install Docker on the compute Node

Following the documentation (do so for your Linux distribution)

yum -y remove docker
yum -y install docker-io

Then start the docker services and set them to run at startup

systemctl start docker
systemctl enable docker

Now to test that Docker is working correctly without OpenStack

docker run -i -t ubuntu /bin/bash

If all is good then you should see something similar to the screenshots below.

docker run

docker ps

Now we know that Docker is working correctly.

Install required packages to install nova-docker driver

Following the OpenStack documentation for Docker.

There are two packages needed to start, pip (python-pi) and git.

yum install -y python-pip git

Then we get the nova-docker driver from Stackforge and install it.

pip install -e git+https://github.com/stackforge/nova-docker#egg=novadocker
cd src/novadocker/
python setup.py install

This will pull the files from github - will place them under your current working directory. Then you install the modules required for the driver.

Config file changes

The default compute driver needs to be changed, edit your /etc/nova/nova.conf and change the following option.

[DEFAULT]
compute_driver = novadocker.virt.docker.DockerDriver

Create the directory /etc/nova/rootwrap.d, if it does not already exist, and inside that directory create a file "docker.filters" with the following content:

# nova-rootwrap command filters for setting up network in the docker driver
# This file should be owned by (and only-writeable by) the root user

[Filters]
# nova/virt/docker/driver.py: 'ln', '-sf', '/var/run/netns/.*'
ln: CommandFilter, /bin/ln, root

Glance is the place where all the images are stored – and it used to be the case that you needed a private docker registry – but this is no longer the case, they can be added directly.

Edit the /etc/glance/glance-api.conf file and add docker to the supported container_formats value like the following example.

# Supported values for the 'container_format' image attribute
container_formats=ami,ari,aki,bare,ovf,ova,docker

We now need to restart the services for the new setting to take effect.

systemctl restart openstack-nova-compute
systemctl restart openstack-glance-api

If all is well and there were no configuration errors – then you are good to go.

Dockerize all the things!!

No demonstration is ever complete without showing the deployment of a Wordpress application (why in the hell is it always Wordpress???).

We pull the Wordpress container into the host and then push it into Glance (assuming you have already sourced the credentials for Keystone/Glance)

docker pull tutum/wordpress
docker save tutum/wordpress | glance image-create --is-public=True --container-format=docker --disk-format=raw --name tutum/wordpress

**The image name has to be the same as container name

docker pull

glance image-create

image

And in the GUI

Horizon

And now to boot the new instance

nova boot --image "tutum/wordpress" --flavor m1.tiny test

nova boot

Here is the Console log

console log

Opening a web browser to the instance that received an IP from Neutron.

And hey presto – Wordpress!

Hey - Wordpress

This was a preliminary test – still many things to check…

  • Automation (Heat)
  • Bug problems
  • and so on…

Happy Dockerizing!! (and yes it seems that is actually a word)

2014-10-13

It is All About Resource Abstraction #VMworld

I am here sitting here at the blogger table on Day-0 (Partner Day) of VMworld in Barcelona, and it is time to close some technical debt (well not really technical but it would be better to call it blogging debt).

If there is one thing that VMware have been doing a great job over the years is abstracting resources, and by that I mean making it easier and easier for end users to use the underlying resources in your infrastructure.

Let’s start with the basic VM concept. Instead of buying a network card, a disk, a CPU etc. that process is abstracted with a GUI (or an API if you that is your thing) which makes adding any of the the above resources a snap.

Networking next. Portgroups – abstract the underlying physical network which makes as easy as one-two-three to connect a VM to a network port and hey-presto – you have a pingable IP.

Virtual desktops (is it the year of the virtual desktop yet?). Abstraction of a pool of resources behind a portal that allows you to get a desktop with a click of a mouse button.

I will dare to say that up until now this have been targeted at making the lives of the end users as easy as possible.

Let me say that again.

“..up until now this have been targeted at making the lives of the end users as easy as possible.”

But what about those poor people that have put all that infrastructure in place? Those poor admins. 5635400338_2c59ee1926_z

  • Installing ESXi Hosts
  • Configuring Networking
  • Storage
  • Templates
  • etc…
  • etc…

Over the years we have developed tools, written our own code, our own scripts to deploy the infrastructure as fast as possible, and in as much of a standard way as possible.

Of course VMware has given us some tools over the years to alleviate these pan points. It started with kickstart scripted installs, Host Profiles, AutoDeploy. Over the years it has evolved, but there has never really been a proper focus on the administrators who have been installing, maintaining and upgrading the infrastructure.

Of course there were different levels of abstraction introduced over the years, I mean vCloud itself is one huge level of abstraction in itself, and again I think this is mainly for the end user. Of course there is stuff in there for the administrators at each and every level, but still you had to install vCenter, and the ESXi Hosts, and configure all the bits.

VMW-LOGO-EVO-Rail-108

Until Now.

VMware announced EVO:RAIL (Duncan has a great collection of resources here) at VMworld US just over a month ago. For the first time – VMware is abstracting again, and this time it is solely for the Administrators. EVO:RAIL, and the future EVO:RACK will do just that. EVO:RAIL for the smaller scale and EVO:RACK for hyper scale

As far as I know there is nothing in the EVO family that is actually for the end users, it all about the underlying infrastructure. Configuration of the Servers, the Network, the Storage, vSphere, vCenter, VSAN the VMware software lifecycle. None of that is of any interest to the end user – but it is of huge interest to the people that build infrastructure. (of course there is a GUI there to see VM’s but I do not see that being massively adopted).

A lot of talk has been going on around if VMware has entered the hardware market yes/no – and they are continuously stressing that they are NOT – that is a whole different discussion. This aspect of abstraction is something that I have not seen mentioned before.

The infrastructure people are no less of an important market – no less of an important customer for VMware, and with this release – I think this is a welcomed change in direction, and hopefully this will continue and evolve in the future.

Please feel free to leave your thought and comments in the box below.