SlideShare a Scribd company logo

Orchestrating Docker with OpenStack

Erica Windisch, profile picture
Erica Windisch

The document discusses integrating Docker with OpenStack, specifically focusing on the Magnum project, which aims to orchestrate containers as a service within OpenStack. It highlights the Heat orchestration for managing Docker resources and provides examples of templates for deploying Docker containers on VMs. Additionally, it addresses challenges in using Nova as a machine abstraction while managing container workloads and outlines the features and limitations of this integration.

Technology
1 of 77
Downloaded 444 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Orchestrating Docker with OpenStack Nov 3rd, 2014
Orchestrating Docker with OpenStack
Compute MAGNUM Containers as a Service
Project SOLUM FROM CODE TO MANAGED APP “Convert code into a managed application running on an OpenStack cloud at the push of a button.”
Key element of the Solum data plane Docker Docker
Applying Heat Orchestration for Docker API
Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
Installing the plugin git clone https://github.com/openstack/heat ln -sf $PWD/heat/heat/contrib/docker/plugin; /usr/lib/heat/docker" echo “plugin_dirs=$PWD/heat/heat/contrib/docker/plugin” >> /etc/heat/heat.conf
Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT 1. Heat provides a Docker resource 2. Docker resource communicates directly to Docker 3. Templates may glue Nova and Docker resources 4. Can deploy containers on top of VMs or bare-metal instances.
Heat: Cirros heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros
Applying Heat Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
$ cat template.yml heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros $ heat stack-create -f template.yml docker Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT Applying Heat
Heat: Dockenstack heat_template_version: 2013-05-23 description: Single compute instance running Tempest resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: dockenstack privileged: true cmd: /opt/dockenstack/bin/tempest
heat_template_version: 2013-05-23 description: Two containers, one host with shared volumes resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io ftp_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: mikz/vsftpd ports: [ “21:21” ] volumes: [ “/ftp” ] name: “FTP” apache_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: fedora/apache ports: [ “80:80” ] volumes-from: “FTP” cmd: “rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh”
Resources: Heat • http://blog.oddbit.com/2014/08/30/docker-plugin-for- openstack-he/ • http://techs.enovance.com/7104/multi-tenant-docker- with-openstack-heat
MAGNUM Containers as a Service a new service of the OpenStack Compute program
The Containers Team Working Group of the Compute Program
The Containers Team Working Group of the Compute Program • Operating underneath Compute program • Outlined a proposal for Magnum (Nova Mid-cycle) • Magnum would directly orchestrate containers • Would leverage all benefits and features unique to containers. • It would be the “nova of containers” • It could use Nova to spawn instances to hold containers. • Those instances may be VMs, Baremetal, or Containers.
See Adrian Otto’s presentation: Containers for Multi-cloud Apps Tomorrow: 17:20
Nova Integration Docker plugin for Nova
Awesome People Ian Main (Red Hat) Chris Alfonso (Red Hat) Davanum ‘dims’ (IBM) ChangBo Guo Julien Vey (Numergy) Aaron Rosen (Nicera) Derek Higgins (Red Hat) Paul Czarkowski (Rackspace) Daniel Kuffner Pedro R Marques (Juniper) Lars Kellogg-Stedman (Red_Hat) Sam Alba (Docker) & more…
What? Enables control of Docker via OpenStack: • Nova API • Horizon UI Supports: • launch • terminate • reboot • serial console • snapshot • Glance • Neutron • Pause/unpause https://wiki.openstack.org/wiki/ HypervisorSupportMatrix
Identity Crisis
Nova doesn’t… Link container networks Pass environment variables Specify working directories Create docker-volumes Share docker-volumes between containers Arbitrary commands Arbitrary command-arguments Pass devices Nova is a machine abstraction, not a process one.
Docker doesn’t… • Support mounting devices (unprivileged) • Live-migration is future-speak • Boot from block devices (natively - it’s possible…) • Support Glance natively • PCI pass-through
Havana & Icehouse Image Management (at-release)
Havana & Icehouse Image Management (at-release) • docker-registry worked as a proxy • Users had to upload through docker-registry. • docker pulls images through the docker-registry proxy
Havana & Icehouse Image Management (at-release)
Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova.
Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly
Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly • Making that work would require a special procedure for glance uploads.
so… we took out the docker-registry instead.
Just Enough Docker
Just Enough Docker
Just Enough Docker • A subset of Nova features…
Just Enough Docker • A subset of Nova features… • A subset of Docker features…
Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker.
Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker.
Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker. • DinD is Docker and everything you love about Docker.
OpenStack Docker Nova nova docker
OpenStack Docker Nova nova docker Docker
OpenStack Docker Nova nova docker Docker OpenStack API Docker API
OpenStack Docker Nova nova docker Docker OpenStack API Docker API Docker API
Docker
Kubernetes Heat Docker Solum OpenShift Mesos CloudFoundry Magnum
neutron nova-api nova-compute VM VM docker docker Hypervisor container container
neutron nova-api
neutron nova-api
neutron nova-api nova-compute Docker container container
neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
Hybrid Nova configuration neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
Hybrid Nova configuration + Ironic neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
nova-api nova-compute Docker container docker container container
nova-api nova-compute Docker container docker container container
nova-api nova-compute Docker container docker container container Kubernetes Heat Mesos CloudFoundry Magnum
Install the plugin mkdir git-co; cd git-co" git clone https://github.com/stackforge/nova-docker" cd nova-driver" python setup.py install
Configure Nova Set in nova.conf:" compute_driver=novadocker.virt.docker.DockerDriver"
Putting an image into your repository docker pull cirros" docker save cirros | glance image-create --is-public=True --container-format=docker --disk-format=raw --name cirros
‘nova boot’
Networking Nova Network
Please welcome: Ian Main
Testing - Running & Passing
Testing - Running & Passing - Get as many tests passing as possible.! - Now running 1726 tests, 0 failures.! - Turned off: volumes resizing & suspending rescue! ! ! migrations.
Working Upstream
Working Upstream • Added pause and unpause support for docker containers. • Well accepted into the Docker project. • Dynamic device support needed for Cinder volumes. • First API that modifies running containers. • Docker community wants the user experience to be right. • It will land, just need to get it right
Cinder Volumes Use cases:! • Direct access to block device – not common.! • Mounting file systems.! - Possible security issues.! - Different from VMs.! - Privileged containers.! - FUSE filesystem support through user namespaces.! • PoC of boot from volume.
KILO Nova-Docker
KILO
KILO - Cinder support
KILO - Cinder support - Security groups (merged)
KILO - Cinder support - Security groups (merged) - docker-py (merged)
KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers
KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers - more +2 contributors
use our code… Fix our Bugs!
Q & A Eric Windisch <erw>@freenode @ewindisch Ian Main <slower>@freenode

More Related Content

PDF
[Open stack] heat + docker
dotCloud
 
PDF
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Erica Windisch
 
PDF
Running Docker with OpenStack | Docker workshop #1
dotCloud
 
PDF
Kubernetes Hands-On Guide
Stratoscale
 
PDF
Webinar container management in OpenStack
CREATE-NET
 
PPTX
Openstack Magnum: Container-as-a-Service
Chhavi Agarwal
 
PPTX
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
PPTX
Docker for Multi-Cloud Apps
Adrian Otto
 
[Open stack] heat + docker
dotCloud
 
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Erica Windisch
 
Running Docker with OpenStack | Docker workshop #1
dotCloud
 
Kubernetes Hands-On Guide
Stratoscale
 
Webinar container management in OpenStack
CREATE-NET
 
Openstack Magnum: Container-as-a-Service
Chhavi Agarwal
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
Docker for Multi-Cloud Apps
Adrian Otto
 

What's hot (20)

PDF
OpenStack - Docker - Rackspace HQ
dotCloud
 
PPTX
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
CoreOS
 
PDF
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
PDF
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Stefan Schimanski
 
PDF
Rex gke-clustree
Romain Vrignaud
 
PDF
Using Docker with OpenStack - Hands On!
Adrian Otto
 
PDF
OpenStack Magnum
Adrian Otto
 
PDF
Docker for Java Developers
NGINX, Inc.
 
PPTX
Learn kubernetes in 90 minutes
Larry Cai
 
PDF
Container Orchestration Integration: OpenStack Kuryr
Taku Fukushima
 
PDF
Docker Swarm Meetup (15min lightning)
Mike Goelzer
 
PDF
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
PDF
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
PDF
Docker worshop @Twitter - How to use your own private registry
dotCloud
 
PPTX
Docker & Kubernetes intro
Arnon Rotem-Gal-Oz
 
PPTX
Docker Ecosystem on Azure
Patrick Chanezon
 
PDF
The state of the swarm
Mathieu Buffenoir
 
PDF
Docker From Scratch
Giacomo Vacca
 
PPTX
Introduction kubernetes 2017_12_24
Sam Zheng
 
PDF
Kubernetes 101 and Fun
Mario-Leander Reimer
 
OpenStack - Docker - Rackspace HQ
dotCloud
 
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
CoreOS
 
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Stefan Schimanski
 
Rex gke-clustree
Romain Vrignaud
 
Using Docker with OpenStack - Hands On!
Adrian Otto
 
OpenStack Magnum
Adrian Otto
 
Docker for Java Developers
NGINX, Inc.
 
Learn kubernetes in 90 minutes
Larry Cai
 
Container Orchestration Integration: OpenStack Kuryr
Taku Fukushima
 
Docker Swarm Meetup (15min lightning)
Mike Goelzer
 
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
Docker worshop @Twitter - How to use your own private registry
dotCloud
 
Docker & Kubernetes intro
Arnon Rotem-Gal-Oz
 
Docker Ecosystem on Azure
Patrick Chanezon
 
The state of the swarm
Mathieu Buffenoir
 
Docker From Scratch
Giacomo Vacca
 
Introduction kubernetes 2017_12_24
Sam Zheng
 
Kubernetes 101 and Fun
Mario-Leander Reimer
 
Ad

Viewers also liked (20)

PDF
ContainerDayVietnam2016: Containers with OpenStack
Docker-Hanoi
 
PDF
High Availability from the DevOps side - OpenStack Summit Portland
eNovance
 
PPTX
Openstack ha
Deepak Mane
 
PPTX
Watcher, a Resource Manager for OpenStack: Plans for the N-release and Beyond
Antoine Cabot
 
PPTX
Openstackha 130925132534-phpapp02
Deepak Mane
 
PDF
OpenStack Resource Scheduling
Guangya Liu
 
PDF
Openstack Scheduler and Scalability Issue
Vigneshvar A.S
 
PDF
Fred explains IPv6
Fred Bovy
 
PDF
IPv6 Best Practice
flyingpotato
 
PPTX
State of Containers in OpenStack
openstackindia
 
PPTX
Open stack HA - Theory to Reality
Sriram Subramanian
 
PDF
resource on openstack
jieun kim
 
PDF
10 Good Reasons: NetApp for DevOps
NetApp
 
PPTX
OpenStack HA
Kenneth Hui
 
PPTX
Openstack Installation (ver. liberty)
Eggy Cheng
 
PPT
IPv6 theoryfinalx
Pawan Sharma
 
PDF
Swiss IPv6 Council: IPv6 in der Cloud - Case Study der cloudscale.ch
Digicomp Academy AG
 
PDF
High Availability for OpenStack
Kamesh Pemmaraju
 
PDF
What's really the difference between a VM and a Container?
Adrian Otto
 
PDF
Cisco IPv6 Tutorial
kriz5
 
ContainerDayVietnam2016: Containers with OpenStack
Docker-Hanoi
 
High Availability from the DevOps side - OpenStack Summit Portland
eNovance
 
Openstack ha
Deepak Mane
 
Watcher, a Resource Manager for OpenStack: Plans for the N-release and Beyond
Antoine Cabot
 
Openstackha 130925132534-phpapp02
Deepak Mane
 
OpenStack Resource Scheduling
Guangya Liu
 
Openstack Scheduler and Scalability Issue
Vigneshvar A.S
 
Fred explains IPv6
Fred Bovy
 
IPv6 Best Practice
flyingpotato
 
State of Containers in OpenStack
openstackindia
 
Open stack HA - Theory to Reality
Sriram Subramanian
 
resource on openstack
jieun kim
 
10 Good Reasons: NetApp for DevOps
NetApp
 
OpenStack HA
Kenneth Hui
 
Openstack Installation (ver. liberty)
Eggy Cheng
 
IPv6 theoryfinalx
Pawan Sharma
 
Swiss IPv6 Council: IPv6 in der Cloud - Case Study der cloudscale.ch
Digicomp Academy AG
 
High Availability for OpenStack
Kamesh Pemmaraju
 
What's really the difference between a VM and a Container?
Adrian Otto
 
Cisco IPv6 Tutorial
kriz5
 
Ad

Similar to Orchestrating Docker with OpenStack (20)

PDF
Docker OpenStack - 3/27/2014
Erica Windisch
 
PPTX
Docker with OpenStack
chmouel
 
PDF
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Erica Windisch
 
PPT
OpenStack with-docker-team-17
Jaspreet Singh
 
PPTX
Docker in OpenStack
Thanassis Parathyras
 
PDF
Cloud foundry Docker Openstack - Leading Open Source Triumvirate
Animesh Singh
 
PPTX
Managing Container Clusters in OpenStack Native Way
Qiming Teng
 
PDF
Docker Meetup Bangalore - Docker + Openstack
Ashish Billore
 
PPTX
Docker OpenStack Cloud Foundry
Animesh Singh
 
PDF
Docker and OpenStack at Rackspace
Docker, Inc.
 
PPTX
Private Cloud with Open Stack, Docker
Davinder Kohli
 
PDF
Dockerizing OpenStack for High Availability
Daniel Krook
 
PDF
Docker with openstack
Liang Bo
 
PDF
OpenStack on OpenStack
OpenStack Foundation
 
PDF
Robert collins openstack on openstack 201304162
OpenStack Foundation
 
PDF
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
dotCloud
 
PDF
Application Deployment on Openstack
Docker, Inc.
 
PPTX
Pairs OpenStack Summit Summary
Guangya Liu
 
PDF
Triple o overview
Cloud Native Day Tel Aviv
 
PDF
How to operate containerized OpenStack
Nalee Jang
 
Docker OpenStack - 3/27/2014
Erica Windisch
 
Docker with OpenStack
chmouel
 
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Erica Windisch
 
OpenStack with-docker-team-17
Jaspreet Singh
 
Docker in OpenStack
Thanassis Parathyras
 
Cloud foundry Docker Openstack - Leading Open Source Triumvirate
Animesh Singh
 
Managing Container Clusters in OpenStack Native Way
Qiming Teng
 
Docker Meetup Bangalore - Docker + Openstack
Ashish Billore
 
Docker OpenStack Cloud Foundry
Animesh Singh
 
Docker and OpenStack at Rackspace
Docker, Inc.
 
Private Cloud with Open Stack, Docker
Davinder Kohli
 
Dockerizing OpenStack for High Availability
Daniel Krook
 
Docker with openstack
Liang Bo
 
OpenStack on OpenStack
OpenStack Foundation
 
Robert collins openstack on openstack 201304162
OpenStack Foundation
 
Docker Presentation at the OpenStack Austin Meetup | 2013-09-12
dotCloud
 
Application Deployment on Openstack
Docker, Inc.
 
Pairs OpenStack Summit Summary
Guangya Liu
 
Triple o overview
Cloud Native Day Tel Aviv
 
How to operate containerized OpenStack
Nalee Jang
 

More from Erica Windisch (10)

PDF
Debugging & Profiling of AWS Lambda: ServerlessConf - IOpipe
Erica Windisch
 
PPTX
Embracing Serverless Ops (Lightning Talk)
Erica Windisch
 
PDF
Ops for NoOps - Operational Challenges for Serverless Apps
Erica Windisch
 
PDF
Building Composable Serverless Apps with IOpipe
Erica Windisch
 
PDF
Patterns for Secure Containerized Applications (Docker)
Erica Windisch
 
PDF
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Erica Windisch
 
PDF
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
Erica Windisch
 
PDF
Things will Change - Usenix Keynote UCMS'14
Erica Windisch
 
PDF
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Erica Windisch
 
PDF
Provisioning & Deploying with Docker
Erica Windisch
 
Debugging & Profiling of AWS Lambda: ServerlessConf - IOpipe
Erica Windisch
 
Embracing Serverless Ops (Lightning Talk)
Erica Windisch
 
Ops for NoOps - Operational Challenges for Serverless Apps
Erica Windisch
 
Building Composable Serverless Apps with IOpipe
Erica Windisch
 
Patterns for Secure Containerized Applications (Docker)
Erica Windisch
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Erica Windisch
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
Erica Windisch
 
Things will Change - Usenix Keynote UCMS'14
Erica Windisch
 
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Erica Windisch
 
Provisioning & Deploying with Docker
Erica Windisch
 

Recently uploaded (20)

PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
A Presentation on Artificial Intelligence
memembruh336
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Teaching material agriculture food technology
LiaRayya
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
KodekX | Application Modernization Development
KodekX
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 

Orchestrating Docker with OpenStack

  • 1. Orchestrating Docker with OpenStack Nov 3rd, 2014
  • 4. Project SOLUM FROM CODE TO MANAGED APP “Convert code into a managed application running on an OpenStack cloud at the push of a button.”
  • 5. Key element of the Solum data plane Docker Docker
  • 7. Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
  • 8. Installing the plugin git clone https://github.com/openstack/heat ln -sf $PWD/heat/heat/contrib/docker/plugin; /usr/lib/heat/docker" echo “plugin_dirs=$PWD/heat/heat/contrib/docker/plugin” >> /etc/heat/heat.conf
  • 9. Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
  • 10. Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT 1. Heat provides a Docker resource 2. Docker resource communicates directly to Docker 3. Templates may glue Nova and Docker resources 4. Can deploy containers on top of VMs or bare-metal instances.
  • 11. Heat: Cirros heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros
  • 12. Applying Heat Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
  • 13. $ cat template.yml heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros $ heat stack-create -f template.yml docker Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT Applying Heat
  • 14. Heat: Dockenstack heat_template_version: 2013-05-23 description: Single compute instance running Tempest resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: dockenstack privileged: true cmd: /opt/dockenstack/bin/tempest
  • 15. heat_template_version: 2013-05-23 description: Two containers, one host with shared volumes resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io ftp_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: mikz/vsftpd ports: [ “21:21” ] volumes: [ “/ftp” ] name: “FTP” apache_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: fedora/apache ports: [ “80:80” ] volumes-from: “FTP” cmd: “rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh”
  • 16. Resources: Heat • http://blog.oddbit.com/2014/08/30/docker-plugin-for- openstack-he/ • http://techs.enovance.com/7104/multi-tenant-docker- with-openstack-heat
  • 17. MAGNUM Containers as a Service a new service of the OpenStack Compute program
  • 18. The Containers Team Working Group of the Compute Program
  • 19. The Containers Team Working Group of the Compute Program • Operating underneath Compute program • Outlined a proposal for Magnum (Nova Mid-cycle) • Magnum would directly orchestrate containers • Would leverage all benefits and features unique to containers. • It would be the “nova of containers” • It could use Nova to spawn instances to hold containers. • Those instances may be VMs, Baremetal, or Containers.
  • 20. See Adrian Otto’s presentation: Containers for Multi-cloud Apps Tomorrow: 17:20
  • 21. Nova Integration Docker plugin for Nova
  • 22. Awesome People Ian Main (Red Hat) Chris Alfonso (Red Hat) Davanum ‘dims’ (IBM) ChangBo Guo Julien Vey (Numergy) Aaron Rosen (Nicera) Derek Higgins (Red Hat) Paul Czarkowski (Rackspace) Daniel Kuffner Pedro R Marques (Juniper) Lars Kellogg-Stedman (Red_Hat) Sam Alba (Docker) & more…
  • 23. What? Enables control of Docker via OpenStack: • Nova API • Horizon UI Supports: • launch • terminate • reboot • serial console • snapshot • Glance • Neutron • Pause/unpause https://wiki.openstack.org/wiki/ HypervisorSupportMatrix
  • 25. Nova doesn’t… Link container networks Pass environment variables Specify working directories Create docker-volumes Share docker-volumes between containers Arbitrary commands Arbitrary command-arguments Pass devices Nova is a machine abstraction, not a process one.
  • 26. Docker doesn’t… • Support mounting devices (unprivileged) • Live-migration is future-speak • Boot from block devices (natively - it’s possible…) • Support Glance natively • PCI pass-through
  • 27. Havana & Icehouse Image Management (at-release)
  • 28. Havana & Icehouse Image Management (at-release) • docker-registry worked as a proxy • Users had to upload through docker-registry. • docker pulls images through the docker-registry proxy
  • 29. Havana & Icehouse Image Management (at-release)
  • 30. Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova.
  • 31. Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly
  • 32. Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly • Making that work would require a special procedure for glance uploads.
  • 33. so… we took out the docker-registry instead.
  • 36. Just Enough Docker • A subset of Nova features…
  • 37. Just Enough Docker • A subset of Nova features… • A subset of Docker features…
  • 38. Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker.
  • 39. Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker.
  • 40. Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker. • DinD is Docker and everything you love about Docker.
  • 41. OpenStack Docker Nova nova docker
  • 42. OpenStack Docker Nova nova docker Docker
  • 43. OpenStack Docker Nova nova docker Docker OpenStack API Docker API
  • 44. OpenStack Docker Nova nova docker Docker OpenStack API Docker API Docker API
  • 46. Kubernetes Heat Docker Solum OpenShift Mesos CloudFoundry Magnum
  • 47. neutron nova-api nova-compute VM VM docker docker Hypervisor container container
  • 50. neutron nova-api nova-compute Docker container container
  • 51. neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
  • 52. Hybrid Nova configuration neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
  • 53. neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
  • 54. Hybrid Nova configuration + Ironic neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
  • 55. nova-api nova-compute Docker container docker container container
  • 56. nova-api nova-compute Docker container docker container container
  • 57. nova-api nova-compute Docker container docker container container Kubernetes Heat Mesos CloudFoundry Magnum
  • 58. Install the plugin mkdir git-co; cd git-co" git clone https://github.com/stackforge/nova-docker" cd nova-driver" python setup.py install
  • 59. Configure Nova Set in nova.conf:" compute_driver=novadocker.virt.docker.DockerDriver"
  • 60. Putting an image into your repository docker pull cirros" docker save cirros | glance image-create --is-public=True --container-format=docker --disk-format=raw --name cirros
  • 64. Testing - Running & Passing
  • 65. Testing - Running & Passing - Get as many tests passing as possible.! - Now running 1726 tests, 0 failures.! - Turned off: volumes resizing & suspending rescue! ! ! migrations.
  • 67. Working Upstream • Added pause and unpause support for docker containers. • Well accepted into the Docker project. • Dynamic device support needed for Cinder volumes. • First API that modifies running containers. • Docker community wants the user experience to be right. • It will land, just need to get it right
  • 68. Cinder Volumes Use cases:! • Direct access to block device – not common.! • Mounting file systems.! - Possible security issues.! - Different from VMs.! - Privileged containers.! - FUSE filesystem support through user namespaces.! • PoC of boot from volume.
  • 70. KILO
  • 71. KILO - Cinder support
  • 72. KILO - Cinder support - Security groups (merged)
  • 73. KILO - Cinder support - Security groups (merged) - docker-py (merged)
  • 74. KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers
  • 75. KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers - more +2 contributors
  • 76. use our code… Fix our Bugs!
  • 77. Q & A Eric Windisch <erw>@freenode @ewindisch Ian Main <slower>@freenode