use openstack to run java programs inside a docker container
TRANSCRIPT
03/05/2023 12:25 a.m.
Use OpenStack to run Java programs inside a Docker container
SEBASTIANO MIANO
TESINA PROTOCOLLI E ARCHITETTURE DI ROUTING
1/24
03/05/2023 12:25 a.m.
Outline
• Problem presentation and proposed solution
• Implementation steps
• Performance Analysis
• Final Considerations
2/24
03/05/2023 12:25 a.m.
OpenStack
OpenStack is a free and open-source cloud computing software platform. Users primarily deploy it as an infrastructure as service (IaaS) solution. 3/24
03/05/2023 12:25 a.m.
VM migration: use case
4/24
03/05/2023 12:25 a.m.
Hypervisor VMs vs. LXC vs. Docker LXC
5/24
03/05/2023 12:25 a.m.
VM migration: Docker
6/24
…also 400-500 MB
03/05/2023 12:25 a.m.
Migrate Java programs instead VM
7/24
03/05/2023 12:25 a.m.
VM migration problem: solution
8/24
03/05/2023 12:25 a.m.
Implementation steps
Modify OpenStack so that recognizes this object (JAR) and lunches this object inside a Docker container with a JVM.
Create a bridge in C using libpcap library that forwards packets between 2 vNIC.
Integrate the previous prototype in Java.
9/24
03/05/2023 12:25 a.m.
OpenStack and libvirt
In order to interact with the virtualization capabilities of VM, OpenStack uses the libvirt and its corresponding API to deploy an instance on the compute node.
10/24
03/05/2023 12:25 a.m.
OpenStack and NovaDocker
11/24
03/05/2023 12:25 a.m.
Transfer instance (JAR) from GlanceThe Glance project provides a service where users can upload and discover data assets that are meant to be used with other services. This currently includes images and metadata definitions.
os_command_line 12/24
image_id
03/05/2023 12:25 a.m.
OpenStack and NovaJar
In order to load the Jar inside the Docker container and run it I developed two solutions:1. The first one uses docker data volumes to mount a Host
Directory as a Data Volume.2. The second one uses the new exec command included in
the docker API 1.15 that allows to run a command inside a running container.
13/24
03/05/2023 12:25 a.m.
Solution with Data Volumes
With this solution I transfer the jar image in the host directory and when NovaJar receives a request from scheduler mount this directory in a directory on the just created container.
14/24
03/05/2023 12:25 a.m. 15
Solution with Exec Command
With this solution I need to start the container and after that I have to inject the JAR image inside the container. There are not “official” solution to do this when a container is already running, but I solved this problem by copying the JAR retrieved from glance in this path -> /var/lib/docker/aufs/mnt/{container_id}. After that I use the exec command to run the jar inside the container.
Docker REST API
exec
/var/lib/docker/aufs/mnt/{container_id}
03/05/2023 12:25 a.m.
Data Volumes VS Exec Command
Data Volumes• Good:
― Uses a feature of Docker’s API in order to use the JAR inside the container
― If the JAR does not use the network is possible to start it at container boot.
Exec Command• Good:
― Allows a user to spawn a process inside their Docker container via the Docker API.
• Bad:― If the JAR uses the network (all
times) the “pure” solution does not work because when the container starts the network is not yet available.
• Bad:― The command started using
docker exec will only run while the container’s primary process is running.
― Uses an “unofficial” solution in order to inject the JAR inside the container (other solution: Dockerfile).
16/24
03/05/2023 12:25 a.m.
Third solution: merge of the previous
Data Volumes and Exec Command• Good:
― Uses a feature of Docker’s API in order to use the JAR inside the container
― Allows a user to spawn a process inside their Docker container via the Docker API.
• Bad:― The command started using
docker exec will only run while the container’s primary process is running (requires container already running). 17/24
03/05/2023 12:25 a.m.
Changes to the controller: Nova-scheduler
Nova-scheduler is the module on the controller node that decide on which host run the instance selected. There are some standard filters available in nova.schedule.filters.We have to enable the ImagePropertiesFilter. It filters hosts based on properties defined on the instance’s image. It passes hosts that can support the specified image properties contained in the instance. In particular it filters hosts based on the architecture, hypervisor type, and virtual machine mode specified in the instance.
os_command_linehypervisor_type = nova_jar 18/24
03/05/2023 12:25 a.m.
Performance Analysis
Ser ies1
0.167
0.707
0.207
0.129
Start JAR Bridge
Tim
e (s
)
19/24
03/05/2023 12:25 a.m.
Performance Analysis
1 NIC 2 NIC 4 NIC 6 NIC 8 NIC 12 NIC0123456789
10
Time to start container
Container creation Container startRetrieve JAR First JAR output
1 NIC 2 NIC 4 NIC 6 NIC 8 NIC 12 NIC0123456789
10
Total Time
Total Time
20/24
03/05/2023 12:25 a.m. 21/24
Performance Analysis
03/05/2023 12:25 a.m.
Final Observations
22/24
• Transfer JAVA programs is better than transfer VM images - not only java programs• Use the hybrid solution (volume + exec) is better - use only “official” API• Container start problem - OVS?• Container start delay can be solved - use a container already running - attach vNIC in this container at runtime• Nova-docker driver still under development - great start, but additional features needed for parity - additions to nova-docker driver could change cloud performance• Docker is still under development
03/05/2023 12:25 a.m.
JavaBridge and libpcap wrapper
23/24
eth0 eth2eth1
Java Bridge
Docker Container
JNI
03/05/2023 12:25 a.m.
Thanks for your attention!
24/24