docker openstack - 3/27/2014
TRANSCRIPT
Docker &
March 27th, 2014
What?
Compute
Why Docker?!(an incomplete list)
• Compatibility with Docker images (if standardizing or desiring cross-cloud compat.)
• Dockerfiles provide flexible, repeatable image building
• Global, multi-cloud image registry
• Layered images / builds
• Completeness of vision
Five major use cases
• Alternative form of virtualization for multi-tenant services!• Continuous Integration/Continuous Delivery:!
• Go from developer’s laptop, through automated test, to production, and through scaling without modification!
• Scale-out/Big Data:!• Rapidly scale same application across hundreds or thousands of servers…and scale
down as rapidly!
• Cross Cloud Deployment!• Move the same application across multiple clouds (public, private, or hybrid) without
modification or noticeable delay!
• Resource and Security Isolation:!• Docker simplifies the separation of security concerns. Multiple processes of the same
“application” may run on a host, linked together, sharing resources but within separate security contexts (SeLinux labels, Linux capabilities, Cgroups, etc)
Demo at OpenStack Summit HK
• Application Containerized from Source!• Application Goes Through Development Testing!• Push from laptop to Rackspace Cloud!
• No downtime or modification required!
• Push from Rackspace to Digital Ocean!• No downtime or modification required!
• Push from Digital Ocean to OpenStack Cluster!• No downtime or modification require!• Provision via Horizon – Native Havana Nova Integration
http://bit.ly/KQyIZC
Watch: Write Once and REALLY Run Anywhere with OpenStack and Docker
3URV��&RQV1RYD�GULYHU +HDW�SOXJLQ
,QWHJUDWLRQ�ZLWK�RWKHU�VHUYLFHV
1RYD�IHDWXUHV��TXRWD��DXWK��HWF����
$EVWUDFWLRQ�OD\HU�IRU�RWKHU�K\SHUYLVRU
&ORVHU�WR�WKH�'RFNHU�ZRUNIORZ
(DVLHU�PDLQWHQDQFH�RYHU�WLPH
(DVLHU�GHSOR\PHQW
䚉 %RWK�DSSURDFKHV�DUH�VLPSO\�GLIIHUHQW
䚉 2QH�GRHV�QRW�UHSODFH�WKH�RWKHU�
Closer to the Docker workflow
Hybrid-cloud compatible
Scheduled by backing cloud
Integration with other services
Nova features (quota, auth, etc…)
Abstraction layer for other hypervisors
Integrated scheduling
Heat vs Nova!Comparison
Project
SOLUM“Convert code into a managed application running
on an OpenStack cloud at the push of a button.”
FROM CODE TO MANAGED APP
Docker Docker
Key element of the Solum data plane
Compute IntegrationDocker plugin for Nova
What?Enables control of Docker via OpenStack:
• Nova API • Horizon UI
Supports: • launch • terminate • reboot • serial console • snapshot • glance
https://wiki.openstack.org/wiki/HypervisorSupportMatrix
Not supported.!(yet)
Neutron
Cinder Volumes
Suspend/resume
Pause/unpause
(patches welcome!)
Image Management
docker-registry is a proxy !
users can upload through docker-registry or to glance directly
!docker pulls images through the
docker-registry proxy
Nova+Docker!Architecture Overview
Testing
Applying HeatOrchestration for Docker API
7KH�'RFNHU�SOXJLQ�IRU�+HDW%\�XVLQJ�WKH�SOXJLQ��+HDW�FDQ�WDON�GLUHFWO\�WR�'RFNHU
Heat Resource
Heat Workflow
Heat API
VM
Docker
NovaNova resource
Docker resource
Container1
Container2
Container3
HOT
Heat Templateheat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: OS::Heat::Docker docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros
dockenstackan alternative to vagrant/vms for devstack
! nested
Where container == host; for all practical purposes
Host
VM
Linux
VM
Host
Container
Linux
VM
Vagrant(or other VM devstack environment) Dockenstack
Pre-cached resources• Pre-installed all ‘pip’ requirements
• Checkout of all git repositories
• All required ubuntu packages installed, or downloaded (in the case of non-prime packages)
• Each are ‘freshened’ on boot with updates so the pre-caching has no negative effect.
The image arrives prepared…
Negatives of dockenstack…
• No RHEL / SuSe / Fedora support (yet)
• Only tested with LXC and Docker virt drivers, but shouldn’t have problems with other drivers.
Q & A