Orchestrating Docker with OpenStack

Download Orchestrating Docker with OpenStack

Post on 02-Jul-2015

6.947 views

Category:

Technology

2 download

Embed Size (px)

DESCRIPTION

The Nova driver for Docker has been maturing rapidly since its mainline removal in Icehouse. During the Juno cycle, substantial improvements have been made to the driver, and greater parity has been reached with other  virtualization drivers. We will explore these improvements and what they mean to deployers. Eric will additionally showcase deployment scenarios for the deployment of OpenStack itself inside and underneath of Docker for powering traditional VM-based computing, storage, and other cloud services. Finally, users should expect a preview of the planned integration with the new OpenStack Containers Service effort to provide automation of advanced containers functionality and Docker-API semantics inside of an OpenStack cloud. Note that the included Heat templates are NOT usable. See the linked Heat resources for viable templates and examples.

TRANSCRIPT

<ul><li> 1. Orchestrating Docker with OpenStack Nov 3rd, 2014</li></ul> <p> 2. ComputeMAGNUMContainers as a Service 3. ProjectSOLUMFROM CODE TO MANAGED APPConvert code into a managed application running onan OpenStack cloud at the push of a button. 4. Key element of the Solum data planeDocker Docker 5. Applying HeatOrchestration for Docker API 6. DockerHeat ResourceHeat APIVMDockerNova resource NovaDocker resourceContainer1Container2Container3HOT 7. Installing the plugingit clone https://github.com/openstack/heatln -sf $PWD/heat/heat/contrib/docker/plugin; /usr/lib/heat/docker"echo plugin_dirs=$PWD/heat/heat/contrib/docker/plugin&gt;&gt; /etc/heat/heat.conf 8. DockerHeat ResourceHeat APIVMDockerNova resource NovaDocker resourceContainer1Container2Container3HOT 9. DockerHeat ResourceHeat APIVMDockerNova resource NovaDocker resourceContainer1Container2Container3HOT1. Heat provides a Docker resource2. Docker resource communicatesdirectly to Docker3. Templates may glue Nova andDocker resources4. Can deploy containers on top ofVMs or bare-metal instances. 10. Heat: Cirrosheat_template_version: 2013-05-23description: Single compute instance running cirros in a Dockercontainer.resources:my_instance:type: OS::Nova::Serverproperties:key_name: ewindisch_keyimage: ubuntu-preciseflavor: m1.largeuser_data: #include https://get.docker.iomy_docker_container:type: DockerInc::Docker::Containerdocker_endpoint: { get_attr: [my_instance, first_address] }image: cirros 11. Applying HeatHeat APIVMDockerNova resource NovaDocker resourceContainer1Container2Container3HOT 12. $ cat template.ymlheat_template_version: 2013-05-23description: Single compute instance running cirros in a Dockercontainer.resources:my_instance:type: OS::Nova::Serverproperties:key_name: ewindisch_keyimage: ubuntu-preciseflavor: m1.largeuser_data: #include https://get.docker.iomy_docker_container:type: DockerInc::Docker::Containerdocker_endpoint: { get_attr: [my_instance, first_address] }image: cirros$ heat stack-create -f template.yml dockerHeat APIVMDockerNova resource NovaDocker resourceContainer1Container2Container3HOTApplying Heat 13. Heat: Dockenstackheat_template_version: 2013-05-23description: Single compute instance running Tempestresources:my_instance:type: OS::Nova::Serverproperties:key_name: ewindisch_keyimage: ubuntu-preciseflavor: m1.largeuser_data: #include https://get.docker.iomy_docker_container:type: DockerInc::Docker::Containerproperties:docker_endpoint: { get_attr: [my_instance, first_address] }image: dockenstackprivileged: truecmd: /opt/dockenstack/bin/tempest 14. heat_template_version: 2013-05-23description: Two containers, one host with shared volumesresources:my_instance:type: OS::Nova::Serverproperties:key_name: ewindisch_keyimage: ubuntu-preciseflavor: m1.largeuser_data: #include https://get.docker.ioftp_container:type: DockerInc::Docker::Containerproperties:docker_endpoint: { get_attr: [my_instance, first_address] }image: mikz/vsftpdports: [ 21:21 ]volumes: [ /ftp ]name: FTPapache_container:type: DockerInc::Docker::Containerproperties:docker_endpoint: { get_attr: [my_instance, first_address] }image: fedora/apacheports: [ 80:80 ]volumes-from: FTPcmd: rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh 15. Resources: Heat http://blog.oddbit.com/2014/08/30/docker-plugin-for-openstack-he/ http://techs.enovance.com/7104/multi-tenant-docker-with-openstack-heat 16. MAGNUMContainers as a Servicea new service of the OpenStack Compute program 17. The Containers TeamWorking Group of the Compute Program 18. The Containers TeamWorking Group of the Compute Program Operating underneath Compute program Outlined a proposal for Magnum (Nova Mid-cycle) Magnum would directly orchestrate containers Would leverage all benefits and features unique tocontainers. It would be the nova of containers It could use Nova to spawn instances to holdcontainers. Those instances may be VMs, Baremetal, orContainers. 19. See Adrian Ottos presentation:Containers for Multi-cloud AppsTomorrow: 17:20 20. Nova IntegrationDocker plugin for Nova 21. Awesome PeopleIan Main (Red Hat)Chris Alfonso (Red Hat)Davanum dims (IBM)ChangBo GuoJulien Vey (Numergy)Aaron Rosen (Nicera)Derek Higgins (Red Hat)Paul Czarkowski (Rackspace)Daniel KuffnerPedro R Marques (Juniper)Lars Kellogg-Stedman(Red_Hat)Sam Alba (Docker)&amp; more 22. What?Enables control ofDocker via OpenStack: Nova API Horizon UISupports: launch terminate reboot serial console snapshot Glance Neutron Pause/unpausehttps://wiki.openstack.org/wiki/HypervisorSupportMatrix 23. Identity Crisis 24. Nova doesntLink container networksPass environment variablesSpecify working directoriesCreate docker-volumesShare docker-volumes between containersArbitrary commandsArbitrary command-argumentsPass devicesNova is a machine abstraction, not a process one. 25. Docker doesnt Support mounting devices (unprivileged) Live-migration is future-speak Boot from block devices (natively - its possible) Support Glance natively PCI pass-through 26. Havana &amp; IcehouseImage Management(at-release) 27. Havana &amp; IcehouseImage Management(at-release) docker-registry worked as a proxy Users had to upload throughdocker-registry. docker pulls images through thedocker-registry proxy 28. Havana &amp; IcehouseImage Management(at-release) 29. Havana &amp; IcehouseImage Management(at-release) Glance was only used to providevisibility of Docker images for Nova. 30. Havana &amp; IcehouseImage Management(at-release) Glance was only used to providevisibility of Docker images for Nova. Users could not upload throughGlance directly 31. Havana &amp; IcehouseImage Management(at-release) Glance was only used to providevisibility of Docker images for Nova. Users could not upload throughGlance directly Making that work would require aspecial procedure for glance uploads. 32. so we took out thedocker-registry instead. 33. Just Enough Docker 34. Just Enough Docker 35. Just Enough Docker A subset of Nova features 36. Just Enough Docker A subset of Nova features A subset of Docker features 37. Just Enough Docker A subset of Nova features A subset of Docker features Enough for Nova to allow runningDocker-in-Docker. 38. Just Enough Docker A subset of Nova features A subset of Docker features Enough for Nova to allow runningDocker-in-Docker. DinD retains most performancebenefits of Docker. 39. Just Enough Docker A subset of Nova features A subset of Docker features Enough for Nova to allow runningDocker-in-Docker. DinD retains most performancebenefits of Docker. DinD is Docker and everythingyou love about Docker. 40. OpenStack DockerNovanovadocker 41. OpenStack DockerNovanovadockerDocker 42. OpenStack DockerNovanovadockerDockerOpenStack APIDocker API 43. OpenStack DockerNovanovadockerDockerOpenStack APIDocker API Docker API 44. Docker 45. Kubernetes HeatDockerSolum OpenShiftMesos CloudFoundryMagnum 46. neutron nova-apinova-computeVMVMdockerdockerHypervisorcontainercontainer 47. neutron nova-api 48. neutron nova-api 49. neutron nova-apinova-computeDockercontainercontainer 50. neutron nova-apinova-computeDockercontainercontainernova-computeVMVMdockerdockerHypervisorcontainercontainer 51. Hybrid Nova configurationneutron nova-apinova-computeDockercontainercontainernova-computeVMVMdockerdockerHypervisorcontainercontainer 52. neutron nova-apinova-computeDockercontainercontainernova-computeVMVMdockerdockerHypervisorcontainercontainernova-computeIronicMachine dockercontainercontainer 53. Hybrid Nova configuration + Ironicneutron nova-apinova-computeDockercontainercontainernova-computeVMVMdockerdockerHypervisorcontainercontainernova-computeIronicMachine dockercontainercontainer 54. nova-apinova-computeDockercontainer dockercontainercontainer 55. nova-apinova-computeDockercontainer dockercontainercontainer 56. nova-apinova-computeDockercontainer dockercontainercontainerKubernetesHeatMesosCloudFoundryMagnum 57. Install the pluginmkdir git-co; cd git-co"git clone https://github.com/stackforge/nova-docker"cd nova-driver"python setup.py install 58. Configure NovaSet in nova.conf:"compute_driver=novadocker.virt.docker.DockerDriver" 59. Putting an image into your repositorydocker pull cirros"docker save cirros | glance image-create --is-public=True --container-format=docker --disk-format=raw --name cirros 60. nova boot 61. NetworkingNovaNetwork 62. Please welcome:Ian Main 63. Testing - Running &amp; Passing 64. Testing - Running &amp; Passing- Get as many tests passing as possible.!- Now running 1726 tests, 0 failures.!- Turned off:volumesresizing &amp; suspendingrescue!! ! migrations. 65. Working Upstream 66. Working Upstream Added pause and unpause support for docker containers. Well accepted into the Docker project. Dynamic device support needed for Cinder volumes. First API that modifies running containers. Docker community wants the user experience to be right. It will land, just need to get it right 67. Cinder VolumesUse cases:! Direct access to block device not common.! Mounting file systems.!- Possible security issues.!- Different from VMs.!- Privileged containers.!- FUSE filesystem support through user namespaces.! PoC of boot from volume. 68. KILO Nova-Docker 69. KILO 70. KILO- Cinder support 71. KILO- Cinder support- Security groups (merged) 72. KILO- Cinder support- Security groups (merged)- docker-py (merged) 73. KILO- Cinder support- Security groups (merged)- docker-py (merged)- privileged containers 74. KILO- Cinder support- Security groups (merged)- docker-py (merged)- privileged containers- more +2 contributors 75. use our codeFix our Bugs! 76. Q &amp; AEric Windisch@freenode@ewindischIan Main@freenode </p>