Docker &
April 23rd, 2014
Better! Faster!
Stronger!
Better! Faster!
Stronger!
What?
Compute
Why Docker?!(an incomplete list)
• Compatibility with Docker images (if standardizing or desiring cross-cloud compat.)
• Dockerfiles provide flexible, repeatable image building
• Global, multi-cloud image registry
• Layered images / builds
• Completeness of vision
Five major use cases
• Alternative form of virtualization for multi-tenant services!• Continuous Integration/Continuous Delivery:!
• Go from developer’s laptop, through automated test, to production, and through scaling without modification!
• Scale-out/Big Data:!• Rapidly scale same application across hundreds or thousands of servers…and scale
down as rapidly!
• Cross Cloud Deployment!• Move the same application across multiple clouds (public, private, or hybrid) without
modification or noticeable delay!
• Granular, Loose Security Isolation:!• Docker simplifies the separation of security concerns. Multiple processes of the same
“application” may run on a host, linked together, sharing resources but within separate security contexts (SeLinux labels, Linux capabilities, Cgroups, etc)
3URV��&RQV1RYD�GULYHU +HDW�SOXJLQ
,QWHJUDWLRQ�ZLWK�RWKHU�VHUYLFHV
1RYD�IHDWXUHV��TXRWD��DXWK��HWF����
$EVWUDFWLRQ�OD\HU�IRU�RWKHU�K\SHUYLVRU
&ORVHU�WR�WKH�'RFNHU�ZRUNIORZ
(DVLHU�PDLQWHQDQFH�RYHU�WLPH
(DVLHU�GHSOR\PHQW
䚉 %RWK�DSSURDFKHV�DUH�VLPSO\�GLIIHUHQW
䚉 2QH�GRHV�QRW�UHSODFH�WKH�RWKHU�
Closer to the Docker workflow
Hybrid-cloud compatible
Scheduled by backing cloud
Integration with other services
Nova features (quota, auth, etc…)
Abstraction layer for other hypervisors
Integrated scheduling
Heat vs Nova!Comparison
Compute IntegrationDocker plugin for Nova
What?Enables control of Docker via OpenStack:
• Nova API • Horizon UI
Supports: • launch • terminate • reboot • serial console • snapshot • glance • Neutron!
https://wiki.openstack.org/wiki/HypervisorSupportMatrix
Not supported.!(yet)
Cinder Volumes
Suspend/resume
Pause/unpause
(patches welcome!)
Image Management
docker-registry is a proxy !
users can upload through docker-registry or to glance directly
!docker pulls images through the
docker-registry proxy
Nova+Docker!Architecture Overview
Testing
Using Dockerwith the OpenStack Compute plugin
Install the plugin
mkdir git-co; cd git-co!
git clone https://github.com/stackforge/nova-docker!
cd nova-driver!
make install
Configure Nova
Set in nova.conf:!
compute_driver=novadocker.virt.docker.DockerDriver!
Run a registry
docker run -d -p ${DOCKER_REGISTRY_PORT}:5000 \ -e SETTINGS_FLAVOR=openstack \ -e OS_USERNAME=${OS_USERNAME} \ -e OS_PASSWORD=${OS_PASSWORD} \ -e OS_TENANT_NAME=${OS_TENANT_NAME} \ -e OS_GLANCE_URL="${SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" \ -e OS_AUTH_URL=${OS_AUTH_URL} \ registry ./docker-registry/run.sh
docker pull cirros!docker tag cirros 10.0.0.1:5000/cirros!docker push 10.0.0.1:5000/cirros”
Putting an image into your repository
‘nova boot’
dockenstacka solution for OpenStack development & testing
Host
VM
Linux
VM
Host
Container
Linux
VM
Vagrant(or other VM devstack environment) Dockenstack
! nested
Where container == host; for all practical purposes
Host
VM
Linux
VM
Host
Container
Linux
VM
Vagrant(or other VM devstack environment) Dockenstack
Project
SOLUM“Convert code into a managed application running
on an OpenStack cloud at the push of a button.”
FROM CODE TO MANAGED APP
Docker Docker
Key element of the Solum data plane
Applying HeatOrchestration for Docker API
Installing the plugin
git clone https://github.com/openstack/heat ln -sf $PWD/heat/heat/contrib/docker/plugin; \ /usr/lib/heat/docker!
echo “plugin_dirs=$PWD/heat/heat/contrib/docker/plugin” >> /etc/heat/heat.conf
7KH�'RFNHU�SOXJLQ�IRU�+HDW%\�XVLQJ�WKH�SOXJLQ��+HDW�FDQ�WDON�GLUHFWO\�WR�'RFNHU
Heat Resource
DockerInc::Docker::Container
Heat Workflow
Heat API
VM
Docker
NovaNova resource
Docker resource
Container1
Container2
Container3
HOT
Heat Templateheat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros
Q & A
Nitty-gritty