SlideShare a Scribd company logo

Orchestrating Docker with OpenStack

Erica Windisch, profile picture
Erica Windisch

The document discusses integrating Docker with OpenStack, specifically focusing on the Magnum project, which aims to orchestrate containers as a service within OpenStack. It highlights the Heat orchestration for managing Docker resources and provides examples of templates for deploying Docker containers on VMs. Additionally, it addresses challenges in using Nova as a machine abstraction while managing container workloads and outlines the features and limitations of this integration.

Technology
1 of 77
Downloaded 444 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Orchestrating Docker with OpenStack Nov 3rd, 2014
Orchestrating Docker with OpenStack
Compute MAGNUM Containers as a Service
Project SOLUM FROM CODE TO MANAGED APP “Convert code into a managed application running on an OpenStack cloud at the push of a button.”
Key element of the Solum data plane Docker Docker
Applying Heat Orchestration for Docker API
Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
Installing the plugin git clone https://github.com/openstack/heat ln -sf $PWD/heat/heat/contrib/docker/plugin; /usr/lib/heat/docker" echo “plugin_dirs=$PWD/heat/heat/contrib/docker/plugin” >> /etc/heat/heat.conf
Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT 1. Heat provides a Docker resource 2. Docker resource communicates directly to Docker 3. Templates may glue Nova and Docker resources 4. Can deploy containers on top of VMs or bare-metal instances.
Heat: Cirros heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros
Applying Heat Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
$ cat template.yml heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros $ heat stack-create -f template.yml docker Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT Applying Heat
Heat: Dockenstack heat_template_version: 2013-05-23 description: Single compute instance running Tempest resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: dockenstack privileged: true cmd: /opt/dockenstack/bin/tempest
heat_template_version: 2013-05-23 description: Two containers, one host with shared volumes resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io ftp_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: mikz/vsftpd ports: [ “21:21” ] volumes: [ “/ftp” ] name: “FTP” apache_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: fedora/apache ports: [ “80:80” ] volumes-from: “FTP” cmd: “rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh”
Resources: Heat • http://blog.oddbit.com/2014/08/30/docker-plugin-for- openstack-he/ • http://techs.enovance.com/7104/multi-tenant-docker- with-openstack-heat
MAGNUM Containers as a Service a new service of the OpenStack Compute program
The Containers Team Working Group of the Compute Program
The Containers Team Working Group of the Compute Program • Operating underneath Compute program • Outlined a proposal for Magnum (Nova Mid-cycle) • Magnum would directly orchestrate containers • Would leverage all benefits and features unique to containers. • It would be the “nova of containers” • It could use Nova to spawn instances to hold containers. • Those instances may be VMs, Baremetal, or Containers.
See Adrian Otto’s presentation: Containers for Multi-cloud Apps Tomorrow: 17:20
Nova Integration Docker plugin for Nova
Awesome People Ian Main (Red Hat) Chris Alfonso (Red Hat) Davanum ‘dims’ (IBM) ChangBo Guo Julien Vey (Numergy) Aaron Rosen (Nicera) Derek Higgins (Red Hat) Paul Czarkowski (Rackspace) Daniel Kuffner Pedro R Marques (Juniper) Lars Kellogg-Stedman (Red_Hat) Sam Alba (Docker) & more…
What? Enables control of Docker via OpenStack: • Nova API • Horizon UI Supports: • launch • terminate • reboot • serial console • snapshot • Glance • Neutron • Pause/unpause https://wiki.openstack.org/wiki/ HypervisorSupportMatrix
Identity Crisis
Nova doesn’t… Link container networks Pass environment variables Specify working directories Create docker-volumes Share docker-volumes between containers Arbitrary commands Arbitrary command-arguments Pass devices Nova is a machine abstraction, not a process one.
Docker doesn’t… • Support mounting devices (unprivileged) • Live-migration is future-speak • Boot from block devices (natively - it’s possible…) • Support Glance natively • PCI pass-through
Havana & Icehouse Image Management (at-release)
Havana & Icehouse Image Management (at-release) • docker-registry worked as a proxy • Users had to upload through docker-registry. • docker pulls images through the docker-registry proxy
Havana & Icehouse Image Management (at-release)
Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova.
Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly
Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly • Making that work would require a special procedure for glance uploads.
so… we took out the docker-registry instead.
Just Enough Docker
Just Enough Docker
Just Enough Docker • A subset of Nova features…
Just Enough Docker • A subset of Nova features… • A subset of Docker features…
Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker.
Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker.
Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker. • DinD is Docker and everything you love about Docker.
OpenStack Docker Nova nova docker
OpenStack Docker Nova nova docker Docker
OpenStack Docker Nova nova docker Docker OpenStack API Docker API
OpenStack Docker Nova nova docker Docker OpenStack API Docker API Docker API
Docker
Kubernetes Heat Docker Solum OpenShift Mesos CloudFoundry Magnum
neutron nova-api nova-compute VM VM docker docker Hypervisor container container
neutron nova-api
neutron nova-api
neutron nova-api nova-compute Docker container container
neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
Hybrid Nova configuration neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
Hybrid Nova configuration + Ironic neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
nova-api nova-compute Docker container docker container container
nova-api nova-compute Docker container docker container container
nova-api nova-compute Docker container docker container container Kubernetes Heat Mesos CloudFoundry Magnum
Install the plugin mkdir git-co; cd git-co" git clone https://github.com/stackforge/nova-docker" cd nova-driver" python setup.py install
Configure Nova Set in nova.conf:" compute_driver=novadocker.virt.docker.DockerDriver"
Putting an image into your repository docker pull cirros" docker save cirros | glance image-create --is-public=True --container-format=docker --disk-format=raw --name cirros
‘nova boot’
Networking Nova Network
Please welcome: Ian Main
Testing - Running & Passing
Testing - Running & Passing - Get as many tests passing as possible.! - Now running 1726 tests, 0 failures.! - Turned off: volumes resizing & suspending rescue! ! ! migrations.
Working Upstream
Working Upstream • Added pause and unpause support for docker containers. • Well accepted into the Docker project. • Dynamic device support needed for Cinder volumes. • First API that modifies running containers. • Docker community wants the user experience to be right. • It will land, just need to get it right
Cinder Volumes Use cases:! • Direct access to block device – not common.! • Mounting file systems.! - Possible security issues.! - Different from VMs.! - Privileged containers.! - FUSE filesystem support through user namespaces.! • PoC of boot from volume.
KILO Nova-Docker
KILO
KILO - Cinder support
KILO - Cinder support - Security groups (merged)
KILO - Cinder support - Security groups (merged) - docker-py (merged)
KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers
KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers - more +2 contributors
use our code… Fix our Bugs!
Q & A Eric Windisch <erw>@freenode @ewindisch Ian Main <slower>@freenode

More Related Content

PDF
[Open stack] heat + docker
dotCloud
 
PDF
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Erica Windisch
 
PDF
Running Docker with OpenStack | Docker workshop #1
dotCloud
 
PDF
Kubernetes Hands-On Guide
Stratoscale
 
PDF
Webinar container management in OpenStack
CREATE-NET
 
PPTX
Openstack Magnum: Container-as-a-Service
Chhavi Agarwal
 
PPTX
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
PPTX
Docker for Multi-Cloud Apps
Adrian Otto
 
[Open stack] heat + docker
dotCloud
 
Practical Docker for OpenStack (Juno Summit - May 15th, 2014)
Erica Windisch
 
Running Docker with OpenStack | Docker workshop #1
dotCloud
 
Kubernetes Hands-On Guide
Stratoscale
 
Webinar container management in OpenStack
CREATE-NET
 
Openstack Magnum: Container-as-a-Service
Chhavi Agarwal
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
Docker for Multi-Cloud Apps
Adrian Otto
 

What's hot (20)

PDF
OpenStack - Docker - Rackspace HQ
dotCloud
 
PPTX
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
CoreOS
 
PDF
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
PDF
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Stefan Schimanski
 
PDF
Rex gke-clustree
Romain Vrignaud
 
PDF
Using Docker with OpenStack - Hands On!
Adrian Otto
 
PDF
OpenStack Magnum
Adrian Otto
 
PDF
Docker for Java Developers
NGINX, Inc.
 
PPTX
Learn kubernetes in 90 minutes
Larry Cai
 
PDF
Container Orchestration Integration: OpenStack Kuryr
Taku Fukushima
 
PDF
Docker Swarm Meetup (15min lightning)
Mike Goelzer
 
PDF
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
PDF
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
PDF
Docker worshop @Twitter - How to use your own private registry
dotCloud
 
PPTX
Docker & Kubernetes intro
Arnon Rotem-Gal-Oz
 
PPTX
Docker Ecosystem on Azure
Patrick Chanezon
 
PDF
The state of the swarm
Mathieu Buffenoir
 
PDF
Docker From Scratch
Giacomo Vacca
 
PPTX
Introduction kubernetes 2017_12_24
Sam Zheng
 
PDF
Kubernetes 101 and Fun
Mario-Leander Reimer
 
OpenStack - Docker - Rackspace HQ
dotCloud
 
Tectonic Summit 2016: Kubernetes 1.5 and Beyond
CoreOS
 
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
Kubernetes Architecture and Introduction – Paris Kubernetes Meetup
Stefan Schimanski
 
Rex gke-clustree
Romain Vrignaud
 
Using Docker with OpenStack - Hands On!
Adrian Otto
 
OpenStack Magnum
Adrian Otto
 
Docker for Java Developers
NGINX, Inc.
 
Learn kubernetes in 90 minutes
Larry Cai
 
Container Orchestration Integration: OpenStack Kuryr
Taku Fukushima
 
Docker Swarm Meetup (15min lightning)
Mike Goelzer
 
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
Bare Metal to OpenStack with Razor and Chef
Matt Ray
 
Docker worshop @Twitter - How to use your own private registry
dotCloud
 
Docker & Kubernetes intro
Arnon Rotem-Gal-Oz
 
Docker Ecosystem on Azure
Patrick Chanezon
 
The state of the swarm
Mathieu Buffenoir
 
Docker From Scratch
Giacomo Vacca
 
Introduction kubernetes 2017_12_24
Sam Zheng
 
Kubernetes 101 and Fun
Mario-Leander Reimer
 
Ad

Viewers also liked (20)

PDF
ContainerDayVietnam2016: Containers with OpenStack
Docker-Hanoi
 
PDF
High Availability from the DevOps side - OpenStack Summit Portland
eNovance
 
PPTX
Openstack ha
Deepak Mane
 
PPTX
Watcher, a Resource Manager for OpenStack: Plans for the N-release and Beyond
Antoine Cabot
 
PPTX
Openstackha 130925132534-phpapp02
Deepak Mane
 
PDF
OpenStack Resource Scheduling
Guangya Liu
 
PDF
Openstack Scheduler and Scalability Issue
Vigneshvar A.S
 
PDF
Fred explains IPv6
Fred Bovy
 
PDF
IPv6 Best Practice
flyingpotato
 
PPTX
State of Containers in OpenStack
openstackindia
 
PPTX
Open stack HA - Theory to Reality
Sriram Subramanian
 
PDF
resource on openstack
jieun kim
 
PDF
10 Good Reasons: NetApp for DevOps
NetApp
 
PPTX
OpenStack HA
Kenneth Hui
 
PPTX
Openstack Installation (ver. liberty)
Eggy Cheng
 
PPT
IPv6 theoryfinalx
Pawan Sharma
 
PDF
Swiss IPv6 Council: IPv6 in der Cloud - Case Study der cloudscale.ch
Digicomp Academy AG
 
PDF
High Availability for OpenStack
Kamesh Pemmaraju
 
PDF
What's really the difference between a VM and a Container?
Adrian Otto
 
PDF
Cisco IPv6 Tutorial
kriz5
 
ContainerDayVietnam2016: Containers with OpenStack
Docker-Hanoi
 
High Availability from the DevOps side - OpenStack Summit Portland
eNovance
 
Openstack ha
Deepak Mane
 
Watcher, a Resource Manager for OpenStack: Plans for the N-release and Beyond
Antoine Cabot
 
Openstackha 130925132534-phpapp02
Deepak Mane
 
OpenStack Resource Scheduling
Guangya Liu
 
Openstack Scheduler and Scalability Issue
Vigneshvar A.S
 
Fred explains IPv6
Fred Bovy
 
IPv6 Best Practice
flyingpotato
 
State of Containers in OpenStack
openstackindia
 
Open stack HA - Theory to Reality
Sriram Subramanian
 
resource on openstack
jieun kim
 
10 Good Reasons: NetApp for DevOps
NetApp
 
OpenStack HA
Kenneth Hui
 
Openstack Installation (ver. liberty)
Eggy Cheng
 
IPv6 theoryfinalx
Pawan Sharma
 
Swiss IPv6 Council: IPv6 in der Cloud - Case Study der cloudscale.ch
Digicomp Academy AG
 
High Availability for OpenStack
Kamesh Pemmaraju
 
What's really the difference between a VM and a Container?
Adrian Otto
 
Cisco IPv6 Tutorial
kriz5
 
Ad

Similar to Orchestrating Docker with OpenStack (20)

PDF
Docker, Kubernetes, and Google Cloud
Samuel Chow
 
PDF
時代在變 Docker 要會:台北 Docker 一日入門篇
Philip Zheng
 
PPTX
Docker Introduction and its Usage in Machine Learning
yogendra18
 
PDF
ContainerDayVietnam2016: Dockerize a small business
Docker-Hanoi
 
PDF
Docker: A New Way to Turbocharging Your Apps Development
msyukor
 
PDF
Docker workshop 0507 Taichung
Paul Chao
 
PDF
手把手帶你學 Docker 入門篇
Philip Zheng
 
PDF
廣宣學堂: 容器進階實務 - Docker進深研究班
Paul Chao
 
PDF
Docker 進階實務班
Philip Zheng
 
PPTX
Docker 1.11 Presentation
Sreenivas Makam
 
PDF
手把手帶你學Docker 03042017
Paul Chao
 
PDF
Docker+java
DPC Consulting Ltd
 
PDF
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
PDF
Docker, but what it is?
Julien Maitrehenry
 
PDF
Up and running with docker
Michelle Liu
 
PDF
Docker
Abhishek Tomar
 
PPT
14309525_docker_docker_docker_docker_introduction.ppt
aravym456
 
PDF
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
PPTX
Running Docker in Development & Production (DevSum 2015)
Ben Hall
 
PDF
VMware@Night: Container & Virtualisierung
Digicomp Academy AG
 
Docker, Kubernetes, and Google Cloud
Samuel Chow
 
時代在變 Docker 要會:台北 Docker 一日入門篇
Philip Zheng
 
Docker Introduction and its Usage in Machine Learning
yogendra18
 
ContainerDayVietnam2016: Dockerize a small business
Docker-Hanoi
 
Docker: A New Way to Turbocharging Your Apps Development
msyukor
 
Docker workshop 0507 Taichung
Paul Chao
 
手把手帶你學 Docker 入門篇
Philip Zheng
 
廣宣學堂: 容器進階實務 - Docker進深研究班
Paul Chao
 
Docker 進階實務班
Philip Zheng
 
Docker 1.11 Presentation
Sreenivas Makam
 
手把手帶你學Docker 03042017
Paul Chao
 
Docker+java
DPC Consulting Ltd
 
Docker Essentials Workshop— Innovation Labs July 2020
CloudHero
 
Docker, but what it is?
Julien Maitrehenry
 
Up and running with docker
Michelle Liu
 
Docker
Abhishek Tomar
 
14309525_docker_docker_docker_docker_introduction.ppt
aravym456
 
Dockers & kubernetes detailed - Beginners to Geek
wiTTyMinds1
 
Running Docker in Development & Production (DevSum 2015)
Ben Hall
 
VMware@Night: Container & Virtualisierung
Digicomp Academy AG
 

More from Erica Windisch (12)

PDF
Debugging & Profiling of AWS Lambda: ServerlessConf - IOpipe
Erica Windisch
 
PPTX
Embracing Serverless Ops (Lightning Talk)
Erica Windisch
 
PDF
Ops for NoOps - Operational Challenges for Serverless Apps
Erica Windisch
 
PDF
Building Composable Serverless Apps with IOpipe
Erica Windisch
 
PDF
Patterns for Secure Containerized Applications (Docker)
Erica Windisch
 
PDF
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Erica Windisch
 
PDF
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
Erica Windisch
 
PDF
Things will Change - Usenix Keynote UCMS'14
Erica Windisch
 
PDF
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Erica Windisch
 
PDF
Provisioning & Deploying with Docker
Erica Windisch
 
PDF
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Erica Windisch
 
PDF
Docker OpenStack - 3/27/2014
Erica Windisch
 
Debugging & Profiling of AWS Lambda: ServerlessConf - IOpipe
Erica Windisch
 
Embracing Serverless Ops (Lightning Talk)
Erica Windisch
 
Ops for NoOps - Operational Challenges for Serverless Apps
Erica Windisch
 
Building Composable Serverless Apps with IOpipe
Erica Windisch
 
Patterns for Secure Containerized Applications (Docker)
Erica Windisch
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Erica Windisch
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
Erica Windisch
 
Things will Change - Usenix Keynote UCMS'14
Erica Windisch
 
Deploying Docker (Provisioning /w Docker + Chef/Puppet) - DevopsDaysPGH
Erica Windisch
 
Provisioning & Deploying with Docker
Erica Windisch
 
Practical Docker for OpenStack - NYC / PHL OpenStack meetup (4-23-2014)
Erica Windisch
 
Docker OpenStack - 3/27/2014
Erica Windisch
 

Recently uploaded (20)

PDF
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
Captain IT
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
PDF
AI And Its Effect On The Evolving IT Sector In Australia - Elevate
Elevate
 
PDF
Sensors and Actuators in IoT Systems using pdf
jeffinmathew654
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
Captain IT
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
AI And Its Effect On The Evolving IT Sector In Australia - Elevate
Elevate
 
Sensors and Actuators in IoT Systems using pdf
jeffinmathew654
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
KodekX | Application Modernization Development
KodekX
 
Cloud computing and distributed systems.
kkkkkhan
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Advanced Soft Computing BINUS July 2025.pdf
University of Hertfordshire
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 

Orchestrating Docker with OpenStack

  • 1. Orchestrating Docker with OpenStack Nov 3rd, 2014
  • 4. Project SOLUM FROM CODE TO MANAGED APP “Convert code into a managed application running on an OpenStack cloud at the push of a button.”
  • 5. Key element of the Solum data plane Docker Docker
  • 7. Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
  • 8. Installing the plugin git clone https://github.com/openstack/heat ln -sf $PWD/heat/heat/contrib/docker/plugin; /usr/lib/heat/docker" echo “plugin_dirs=$PWD/heat/heat/contrib/docker/plugin” >> /etc/heat/heat.conf
  • 9. Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
  • 10. Docker Heat Resource Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT 1. Heat provides a Docker resource 2. Docker resource communicates directly to Docker 3. Templates may glue Nova and Docker resources 4. Can deploy containers on top of VMs or bare-metal instances.
  • 11. Heat: Cirros heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros
  • 12. Applying Heat Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT
  • 13. $ cat template.yml heat_template_version: 2013-05-23 description: Single compute instance running cirros in a Docker container. resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container docker_endpoint: { get_attr: [my_instance, first_address] } image: cirros $ heat stack-create -f template.yml docker Heat API VM Docker Nova resource Nova Docker resource Container1 Container2 Container3 HOT Applying Heat
  • 14. Heat: Dockenstack heat_template_version: 2013-05-23 description: Single compute instance running Tempest resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io my_docker_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: dockenstack privileged: true cmd: /opt/dockenstack/bin/tempest
  • 15. heat_template_version: 2013-05-23 description: Two containers, one host with shared volumes resources: my_instance: type: OS::Nova::Server properties: key_name: ewindisch_key image: ubuntu-precise flavor: m1.large user_data: #include https://get.docker.io ftp_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: mikz/vsftpd ports: [ “21:21” ] volumes: [ “/ftp” ] name: “FTP” apache_container: type: DockerInc::Docker::Container properties: docker_endpoint: { get_attr: [my_instance, first_address] } image: fedora/apache ports: [ “80:80” ] volumes-from: “FTP” cmd: “rm -rf /var/www; ln -s /ftp /var/www; /run-apache.sh”
  • 16. Resources: Heat • http://blog.oddbit.com/2014/08/30/docker-plugin-for- openstack-he/ • http://techs.enovance.com/7104/multi-tenant-docker- with-openstack-heat
  • 17. MAGNUM Containers as a Service a new service of the OpenStack Compute program
  • 18. The Containers Team Working Group of the Compute Program
  • 19. The Containers Team Working Group of the Compute Program • Operating underneath Compute program • Outlined a proposal for Magnum (Nova Mid-cycle) • Magnum would directly orchestrate containers • Would leverage all benefits and features unique to containers. • It would be the “nova of containers” • It could use Nova to spawn instances to hold containers. • Those instances may be VMs, Baremetal, or Containers.
  • 20. See Adrian Otto’s presentation: Containers for Multi-cloud Apps Tomorrow: 17:20
  • 21. Nova Integration Docker plugin for Nova
  • 22. Awesome People Ian Main (Red Hat) Chris Alfonso (Red Hat) Davanum ‘dims’ (IBM) ChangBo Guo Julien Vey (Numergy) Aaron Rosen (Nicera) Derek Higgins (Red Hat) Paul Czarkowski (Rackspace) Daniel Kuffner Pedro R Marques (Juniper) Lars Kellogg-Stedman (Red_Hat) Sam Alba (Docker) & more…
  • 23. What? Enables control of Docker via OpenStack: • Nova API • Horizon UI Supports: • launch • terminate • reboot • serial console • snapshot • Glance • Neutron • Pause/unpause https://wiki.openstack.org/wiki/ HypervisorSupportMatrix
  • 25. Nova doesn’t… Link container networks Pass environment variables Specify working directories Create docker-volumes Share docker-volumes between containers Arbitrary commands Arbitrary command-arguments Pass devices Nova is a machine abstraction, not a process one.
  • 26. Docker doesn’t… • Support mounting devices (unprivileged) • Live-migration is future-speak • Boot from block devices (natively - it’s possible…) • Support Glance natively • PCI pass-through
  • 27. Havana & Icehouse Image Management (at-release)
  • 28. Havana & Icehouse Image Management (at-release) • docker-registry worked as a proxy • Users had to upload through docker-registry. • docker pulls images through the docker-registry proxy
  • 29. Havana & Icehouse Image Management (at-release)
  • 30. Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova.
  • 31. Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly
  • 32. Havana & Icehouse Image Management (at-release) • Glance was only used to provide visibility of Docker images for Nova. • Users could not upload through Glance directly • Making that work would require a special procedure for glance uploads.
  • 33. so… we took out the docker-registry instead.
  • 36. Just Enough Docker • A subset of Nova features…
  • 37. Just Enough Docker • A subset of Nova features… • A subset of Docker features…
  • 38. Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker.
  • 39. Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker.
  • 40. Just Enough Docker • A subset of Nova features… • A subset of Docker features… • Enough for Nova to allow running Docker-in-Docker. • DinD retains most performance benefits of Docker. • DinD is Docker and everything you love about Docker.
  • 41. OpenStack Docker Nova nova docker
  • 42. OpenStack Docker Nova nova docker Docker
  • 43. OpenStack Docker Nova nova docker Docker OpenStack API Docker API
  • 44. OpenStack Docker Nova nova docker Docker OpenStack API Docker API Docker API
  • 46. Kubernetes Heat Docker Solum OpenShift Mesos CloudFoundry Magnum
  • 47. neutron nova-api nova-compute VM VM docker docker Hypervisor container container
  • 50. neutron nova-api nova-compute Docker container container
  • 51. neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
  • 52. Hybrid Nova configuration neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container
  • 53. neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
  • 54. Hybrid Nova configuration + Ironic neutron nova-api nova-compute Docker container container nova-compute VM VM docker docker Hypervisor container container nova-compute Ironic Machine docker container container
  • 55. nova-api nova-compute Docker container docker container container
  • 56. nova-api nova-compute Docker container docker container container
  • 57. nova-api nova-compute Docker container docker container container Kubernetes Heat Mesos CloudFoundry Magnum
  • 58. Install the plugin mkdir git-co; cd git-co" git clone https://github.com/stackforge/nova-docker" cd nova-driver" python setup.py install
  • 59. Configure Nova Set in nova.conf:" compute_driver=novadocker.virt.docker.DockerDriver"
  • 60. Putting an image into your repository docker pull cirros" docker save cirros | glance image-create --is-public=True --container-format=docker --disk-format=raw --name cirros
  • 64. Testing - Running & Passing
  • 65. Testing - Running & Passing - Get as many tests passing as possible.! - Now running 1726 tests, 0 failures.! - Turned off: volumes resizing & suspending rescue! ! ! migrations.
  • 67. Working Upstream • Added pause and unpause support for docker containers. • Well accepted into the Docker project. • Dynamic device support needed for Cinder volumes. • First API that modifies running containers. • Docker community wants the user experience to be right. • It will land, just need to get it right
  • 68. Cinder Volumes Use cases:! • Direct access to block device – not common.! • Mounting file systems.! - Possible security issues.! - Different from VMs.! - Privileged containers.! - FUSE filesystem support through user namespaces.! • PoC of boot from volume.
  • 70. KILO
  • 71. KILO - Cinder support
  • 72. KILO - Cinder support - Security groups (merged)
  • 73. KILO - Cinder support - Security groups (merged) - docker-py (merged)
  • 74. KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers
  • 75. KILO - Cinder support - Security groups (merged) - docker-py (merged) - privileged containers - more +2 contributors
  • 76. use our code… Fix our Bugs!
  • 77. Q & A Eric Windisch <erw>@freenode @ewindisch Ian Main <slower>@freenode