Lab 5 : Deploy Docker Container with OpenStack

POD parameters :

OpenStack Group-1

user0

aio110

10.1.64.110

compute120

10.1.64.120

[email protected]

POD details

User	aioX	computeY & cephZ	Network & Allocation Pool
user0 ssh : [email protected] vnc : lab.onecloudinc.com:5900	aio110 eth0 : 10.1.64.110 eth1 : 10.1.65.110 eth2 : ext-net Netmask : 255.255.255.0 Gateway : 10.1.64.1	compute120 eth0 : 10.1.64.120 eth1 : 10.1.65.120 eth2 : ext-net Netmask : 255.255.255.0 cephZ eth0 : 10.1.64.Z eth1 : 10.1.65.Z	Float Range : 10.1.65.00 – 10.1.65.00 Network : 10.1.65.0/24 Gateway : 10.1.65.1 DNS : 10.1.1.92

1. Introduction

We can integrate the Docker container in OpenStack by many ways, we are using Nova-Docker to achieve the complete integration of Nova to launch VM’s as Docker containers.
Nova typically manages VMs. In this approach, Nova driver is extended to spawn Docker Containers. Following is the architecture diagram mentioned in the Nova Docker wiki.

Note: The Docker driver is a hypervisor driver for Openstack Nova Compute.

The following are the work flow of Nova-docker with Openstack

To spawn containers Nova compute driver is pointed to Docker driver as mentioned in above diagram.
Nova Docker Virt driver talks to Docker agent using http api calls.
Docker images are stored in the Docker registry and images are exported to glance from Docker registry which Nova uses to create Containers.

The Linux Containers deployed with Docker have multiple advantages over the “normal”virtual machines usually deployed by Nova. Those advantages are speed, efficiency, and portability. This means that containers are much faster to boot, have less memory and CPU overhead, while retaining the ability to “run anywhere” like a virtual machine. The only requirement is to run Linux, since containers share the kernel of their host.

This better efficiency means that instead of booting a VM in a few seconds, it can spawn multiple containers in milliseconds.

2. Docker Installation

We are going to use compute120 node for nova-docker integration.

2.1 Docker Installation

1. Ensure you logged in to compute120 and becom root user to execute the below commands:

ssh centos@compute120

sudo su -

2. Make sure your existing yum packages are up-to-date.

yum install epel-release -y

yum update -y

Note: Reboot the system as you notice kernel is updated.

reboot

This will take few minutes.

Important! Repeat step1.

3. Run the Docker installation script.

curl -ssL https://get.docker.com/ | sh

This script adds the docker.repo repository and installs Docker.

4. Start the Docker daemon.

systemctl start docker

5. Verify docker is installed correctly by running a test image in a container.

docker run hello-world

Example Output:

Unable to find image 'hello-world:latest' locally
latest: Pulling from hello-world
a8219747be10: Pull complete
91c95931e552: Already exists
hello-world:latest: The image you are pulling has been verified.    
Status: Downloaded newer image for hello-world:latest
Hello from Docker.
This message shows that your installation appears to be working correctly.

6. Install Pip package using yum

yum install python-pip -y

7. Install python docker package using pip

pip install docker-py

8. Install git package from yum

yum install git -y

2.2 Nova-Docker Installation

In order for Nova to communicate with Docker over its local socket, add nova to the docker group and restart the compute service to pick up the change.

usermod -aGdocker nova

systemctl restart openstack-nova-compute.service

Pulling the nova-docker from stackforge repository

git clone -b stable/liberty https://github.com/stackforge/nova-docker.git

2.2.1 Copy nova-docker rootwrap filters

Copy the filters from nova-docker directory to the compute node . Move to nova-docker directory by executing the below command.

cd nova-docker

2.2.2 Create the directory /etc/nova/rootwrap.d, if it does not already exist

mkdir -p /etc/nova/rootwrap.d/

Copy the “docker.filters” file from the nova-docker to the “/etc/nova/rootwrap.d” folder that is created before.

cp /root/nova-docker/etc/nova/rootwrap.d/docker.filters /etc/nova/rootwrap.d/

2.2.3 Install Nova-Docker

Be sure that you are inside the nova-docker directory , that you cloned before and install the nova-docker by executing the setup.py file.

python setup.py install

Once this step is done nova-docker is successfully installed in your compute120 node.

2.2.4 Glance Configuration

We need to integrate glance to store “container” type images (docker images) that we will pull from docker repository. In the upcoming section we will see about pulling the image from docker and uploading the image to glance.

Since we are in compute120 node, we don’t have glance components installed on it. Open a separate terminal for controller node and perform the remaining configuration to integrate glance.

Note: Login to aio110 node to execute the below commands as root user

a. Switch to aio node

ssh centos@aio110

sudo su -

b. Copy the keystonerc_admin file to compute node.

scp ~/keystonerc_admin root@compute120:/root

c. Append the following configuration under the DEFAULT section in glance-api.conf

openstack-config --set /etc/glance/glance-api.conf DEFAULT container_formats 'ami,ari,aki,bare,ovf,docker'

Restart the glance-api service to pick the changes.

systemctl restart openstack-glance-api.service

Once the service restarted successful, now the glance will ready to support for the container type images.

2.2.5 Nova Configuration

In order to establish the connection between nova and the docker, we need to add a specific driver in a nova.conf.

Note:: Login to compute120 node to execute the below commands as root user

a. Add the compute_driver=libvirt.LibvirtDriver configuration inside nova.conf

openstack-config --set /etc/nova/nova.conf DEFAULT compute_driver libvirt.LibvirtDriver
openstack-config --set /etc/nova/nova.conf DEFAULT compute_driver novadocker.virt.docker.DockerDriver

b. Restart the nova-compute service to pick the changes by executing the below command.

systemctl restart openstack-nova-compute.service

Once the nova-compute service is up, the hypervisor type will be changed from QEMU to docker.

2.2.6 Uploading Glance Image

In order to upload the docker images in to glance, we need to pull a initial docker image from the docker repository and then we need to upload to glance.

Note: Login to compute111 node to execute the below commands as root user

a. To pull the image form docker repository by using docker pull as specified in a below command.

docker pull training/webapp

b. To see the downloaded images execute the below command

docker images

Example output:

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
hello-world         latest              c54a2cc56cbb        7 weeks ago         1.848 kB
training/webapp     latest              6fae60ef3446        15 months ago       348.7 MB

c. Uploading the docker image in to the glance.

Note: Both the docker image name and the glance image should be same.

Before uploading image in to glance make sure you need to source the keystonerc_admin file.

source ~/keystonerc_admin

docker save training/webapp | glance image-create --visibility=public --container-format=docker --disk-format=raw  --name training/webapp

The output resembles as below once the command is successfully executed.

Example output:

+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | 48f359906775e9496b455c12de5efdd7     |
| container_format | docker                               |
| created_at       | 2016-08-21T15:01:55Z                 |
| disk_format      | raw                                  |
| id               | 69b58e15-bc00-4b9e-8714-b52193b819cf |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | training/webapp                      |
| owner            | 066f151218734895abf8739617985851     |
| protected        | False                                |
| size             | 364205568                            |
| status           | active                               |
| tags             | []                                   |
| updated_at       | 2016-08-21T15:02:07Z                 |
| virtual_size     | None                                 |
| visibility       | public                               |
+------------------+--------------------------------------+

2.2.7 Launching Nova Instances

a. Run the below command to launch the instance

nova boot --image training/webapp --flavor 2 --nic net-id=`neutron net-list | awk '/ private-net/ {print $2}'` training/webapp

b. You can see the active nova instance by executing the below command.

nova list

c. Once the instances launched successful, you can also see the entry in docker container by executing below command to list all containers.

docker run training/webapp &

docker ps -a

Now you can see the output as shown below, you can see the container name starts with “nova-”. Basically each docker container will execute certain command, in this document we pulled “training/webapp” image from the docker repository, this image will build in a such a way that will execute the “python app.py” (command) file.
Thus docker is successful integrated with OpenStack nova and glance.

Example output:

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS                      PORTS               NAMES
aacf5b343751        training/webapp     "python app.py"     29 seconds ago      Up 28 seconds               5000/tcp            pedantic_einstein
30e3b1b17a16        training/webapp     "python app.py"     6 minutes ago       Up 6 minutes                                    nova-09ad48d7-a7cb-4a55-99cf-a737343b839d
6293a54e9698        hello-world         "/hello"            19 minutes ago      Exited (0) 19 minutes ago                       hopeful_volhard