Docker &

April 23rd, 2014

Better! Faster!

Stronger!

Better! Faster!

Stronger!

What?

Compute

Why Docker?!(an incomplete list)

• Compatibility with Docker images (if standardizing or desiring cross-cloud compat.)

• Dockerfiles provide flexible, repeatable image building

• Global, multi-cloud image registry

• Layered images / builds

• Completeness of vision

Five major use cases

• Alternative form of virtualization for multi-tenant services!• Continuous Integration/Continuous Delivery:!

• Go from developer’s laptop, through automated test, to production, and through scaling without modification!

• Scale-out/Big Data:!• Rapidly scale same application across hundreds or thousands of servers…and scale

down as rapidly!

• Cross Cloud Deployment!• Move the same application across multiple clouds (public, private, or hybrid) without

modification or noticeable delay!

• Granular, Loose Security Isolation:!• Docker simplifies the separation of security concerns. Multiple processes of the same

“application” may run on a host, linked together, sharing resources but within separate security contexts (SeLinux labels, Linux capabilities, Cgroups, etc)

3URV��&RQV1RYD�GULYHU +HDW�SOXJLQ

,QWHJUDWLRQ�ZLWK�RWKHU�VHUYLFHV

1RYD�IHDWXUHV��TXRWD��DXWK��HWF����

$EVWUDFWLRQ�OD\HU�IRU�RWKHU�K\SHUYLVRU

&ORVHU�WR�WKH�'RFNHU�ZRUNIORZ

(DVLHU�PDLQWHQDQFH�RYHU�WLPH

(DVLHU�GHSOR\PHQW

䚉 %RWK�DSSURDFKHV�DUH�VLPSO\�GLIIHUHQW

䚉 2QH�GRHV�QRW�UHSODFH�WKH�RWKHU�

Closer to the Docker workflow

Hybrid-cloud compatible

Scheduled by backing cloud

Integration with other services

Nova features (quota, auth, etc…)

Abstraction layer for other hypervisors

Integrated scheduling

Heat vs Nova!Comparison

Compute IntegrationDocker plugin for Nova

What?Enables control of Docker via OpenStack:

• Nova API • Horizon UI

Supports: • launch • terminate • reboot • serial console • snapshot • glance • Neutron!

https://wiki.openstack.org/wiki/HypervisorSupportMatrix

Not supported.!(yet)

Cinder Volumes

Suspend/resume

Pause/unpause

(patches welcome!)

Image Management

docker-registry is a proxy !

users can upload through docker-registry or to glance directly

!docker pulls images through the

docker-registry proxy

Nova+Docker!Architecture Overview

Testing

Using Dockerwith the OpenStack Compute plugin

Install the plugin

mkdir git-co; cd git-co!

git clone https://github.com/stackforge/nova-docker!

cd nova-driver!

make install

Configure Nova

Set in nova.conf:!

compute_driver=novadocker.virt.docker.DockerDriver!

Run a registry

docker run -d -p ${DOCKER_REGISTRY_PORT}:5000 \ -e SETTINGS_FLAVOR=openstack \ -e OS_USERNAME=${OS_USERNAME} \ -e OS_PASSWORD=${OS_PASSWORD} \ -e OS_TENANT_NAME=${OS_TENANT_NAME} \ -e OS_GLANCE_URL="${SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" \ -e OS_AUTH_URL=${OS_AUTH_URL} \ registry ./docker-registry/run.sh

docker pull cirros!docker tag cirros 10.0.0.1:5000/cirros!docker push 10.0.0.1:5000/cirros”

Putting an image into your repository

‘nova boot’

dockenstacka solution for OpenStack development & testing

Host

VM

Linux

VM

Host

Container

Linux

VM

Vagrant(or other VM devstack environment) Dockenstack

! nested

Where container == host; for all practical purposes

Host

VM

Linux

VM

Host

Container

Linux

VM

Vagrant(or other VM devstack environment) Dockenstack

Project

SOLUM“Convert code into a managed application running

on an OpenStack cloud at the push of a button.”

FROM CODE TO MANAGED APP

Docker Docker

Key element of the Solum data plane

Applying HeatOrchestration for Docker API

Installing the plugin

git clone https://github.com/openstack/heat ln -sf $PWD/heat/heat/contrib/docker/plugin; \ /usr/lib/heat/docker!

echo “plugin_dirs=$PWD/heat/heat/contrib/docker/plugin” >> /etc/heat/heat.conf

7KH�'RFNHU�SOXJLQ�IRU�+HDW%\�XVLQJ�WKH�SOXJLQ��+HDW�FDQ�WDON�GLUHFWO\�WR�'RFNHU

Heat Resource

DockerInc::Docker::Container

Heat Workflow

Heat API

VM

Docker

NovaNova resource

Docker resource

Container1

Container2

Container3

HOT

Heat Templateheat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros

Q & A

Nitty-gritty