本文共 15516 字,大约阅读时间需要 51 分钟。
The Docker driver is a hypervisor driver for Openstack Nova Compute. It was introduced with the Havana release, but lives out-of-tree for Icehouse and Juno. Being out-of-tree has allowed the driver to reach maturity and feature-parity faster than would be possible should it have remained in-tree. It is expected the driver will return to mainline Nova in the Kilo release.
is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider.
Docker provides management of Linux containers with a high level API providing a lightweight solution that runs processes in isolation. It provides a way to automate software deployment in a secure and repeatable environment. A Docker container includes a software component along with all of its dependencies - binaries, libraries, configuration files, scripts, virtualenvs, jars, gems, tarballs, etc. Docker can be run on any x64 Linux kernel supporting cgroups and aufs.
Docker is a way of managing multiple containers on a single machine. However used behind Nova makes it much more powerful since it’s then possible to manage several hosts, which in turn manage hundreds of containers. The current Docker project aims for full OpenStack compatibility.
Containers don't aim to be a replacement for VMs, they are complementary in the sense that they are better for specific use cases.
Docker takes advantage of containers and filesystem technologies in a high-level which are not generic enough to be managed by libvirt.
The Nova driver embeds a tiny HTTP client which talks with the Docker internal Rest API through a unix socket. It uses the HTTP API to control containers and fetch information about them.
The driver will fetch images from the OpenStack Image Service (Glance) and load them into the Docker filesystem. Images may be placed in Glance by exporting them from Docker using the 'docker save' command.
Older versions of this driver required running a private , which would proxy to . This is no longer required.
The first requirement is to on your compute hosts.
In order for Nova to communicate with Docker over its local socket, add nova to the docker group and restart the compute service to pick up the change:
usermod -G docker novaservice openstack-nova-compute restart
You will also need to install the driver:
pip install -e git+
You should then install the required modules
cd src/novadocker/python setup.py install
You may optionally choose to create operating-system packages for this, or use another appropriate installation method for your deployment.
Nova needs to be configured to use the Docker virt driver.
Edit the configuration file /etc/nova/nova.conf according to the following options:
[DEFAULT]compute_driver = novadocker.virt.docker.DockerDriver
Create the directory /etc/nova/rootwrap.d, if it does not already exist, and inside that directory create a file "docker.filters" with the following content:
# nova-rootwrap command filters for setting up network in the docker driver# This file should be owned by (and only-writeable by) the root user[Filters]# nova/virt/docker/driver.py: 'ln', '-sf', '/var/run/netns/.*'ln: CommandFilter, /bin/ln, root
Glance needs to be configured to support the "docker" container format. It's important to leave the default ones in order to not break an existing glance install.
[DEFAULT]container_formats = ami,ari,aki,bare,ovf,docker
Once you configured Nova to use the docker driver, the flow is the same as any other driver.
$ glance image-list+-------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+-------------------------------+---------------------------------+-------------+------------------+----------+--------+| f5049d8b-93cf-49ab-af56-e7... | cirros-0.3.1-x86_64-uec | ami | ami | 25165824 | active || 0f1ec86c-157f-4f22-9889-c0... | cirros-0.3.1-x86_64-uec-kernel | aki | aki | 4955792 | active || 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari | ari | 3714968 | active || 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest | raw | docker | 2271596 | active |+-------------------------------+---------------------------------+-------------+------------------+----------+--------+
Only images with a "docker" container format will be bootable. The image contains basically a tarball of the container filesystem.
It's recommended to add new images to Glance by using Docker. For instance, here is how you can fetch images from the public registry and push them back to Glance in order to boot a Nova instance with it:
$ docker search hipacheFound 3 results matching your query ("hipache")NAME DESCRIPTIONsamalba/hipache Then, pull the image and push it to Glance:
$ docker pull samalba/hipache $ docker save samalba/hipache | glance image-create --is-public=True --container-format=docker --disk-format=raw --name samalba/hipache
NOTE: The name you provide to glance must match the name by which the image is known to docker.
$ glance image-list+-------------------------------+---------------------------------+-------------+------------------+----------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+-------------------------------+---------------------------------+-------------+------------------+----------+--------+| f5049d8b-93cf-49ab-af56-e7... | cirros-0.3.1-x86_64-uec | ami | ami | 25165824 | active || 0f1ec86c-157f-4f22-9889-c0... | cirros-0.3.1-x86_64-uec-kernel | aki | aki | 4955792 | active || 03a54807-2e35-4864-a337-45... | cirros-0.3.1-x86_64-uec-ramdisk | ari | ari | 3714968 | active || 77083f3c-d320-46e3-bcba-0c... | docker-busybox:latest | raw | docker | 2271596 | active || 998f52ba-fe03-46b0-b5a6-4b... | samalba/hipache | raw | docker | 486 | active |+-------------------------------+---------------------------------+-------------+------------------+----------+--------+
You can obviously boot instances from nova cli:
$ nova boot --image "samalba/hipache" --flavor m1.tiny test+--------------------------------------+--------------------------------------+| Property | Value |+--------------------------------------+--------------------------------------+| OS-EXT-STS:task_state | scheduling || image | samalba/hipache || OS-EXT-STS:vm_state | building || OS-EXT-SRV-ATTR:instance_name | instance-0000002d || OS-SRV-USG:launched_at | None || flavor | m1.micro || id | 31086c50-f937-4f80-9790-045096ecb32c || security_groups | [{u'name': u'default'}] || user_id | 1a3eed38d1344e869dd019b3636db12b || OS-DCF:diskConfig | MANUAL || accessIPv4 | || accessIPv6 | || progress | 0 || OS-EXT-STS:power_state | 0 || OS-EXT-AZ:availability_zone | nova || config_drive | || status | BUILD || updated | 2013-08-25T00:22:32Z || hostId | || OS-EXT-SRV-ATTR:host | None || OS-SRV-USG:terminated_at | None || key_name | None || OS-EXT-SRV-ATTR:hypervisor_hostname | None || name | test || adminPass | QwczSPAAT6Mm || tenant_id | 183a9b7ed7c6465f97387458d693ca4c || created | 2013-08-25T00:22:31Z || os-extended-volumes:volumes_attached | [] || metadata | {} |+--------------------------------------+--------------------------------------+ Once the instance is booted:
$ nova list+--------------------------------------+------+--------+------------+-------------+------------------+| ID | Name | Status | Task State | Power State | Networks |+--------------------------------------+------+--------+------------+-------------+------------------+| 31086c50-f937-4f80-9790-045096ecb32c | test | ACTIVE | None | Running | private=10.0.0.2 |+--------------------------------------+------+--------+------------+-------------+------------------+
You can also see the corresponding container on docker:
$ docker psdocker psID IMAGE COMMAND CREATED STATUS PORTSf337c7fec5ff samalba/hipache sh 10 seconds ago Up 10 seconds
The command used here is the one configured in the image. Each container image can have a command configured for the run. The driver does not usually override this. You can image booting an apache2 instance, it will start the apache process if the image is authored properly via a .
Using the Docker hypervisor via replaces all manual configuration needed above.
Note: below, localadmin == admin user, adjust to suit your configuration
Ubuntu:
[ -e /usr/lib/apt/methods/https ] || { sudo apt-get update sudo apt-get install apt-transport-https}sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \ --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9sudo sh -c "echo deb docker main \ > /etc/apt/sources.list.d/docker.list"sudo apt-get updatesudo apt-get install -y lxc-dockersource /etc/bash_completion.d/docker # Docker file completion for bashsudo bash -c "echo DOCKER_OPTS=\'-G localadmin\' >> /etc/default/docker"sudo restart dockerdocker version # Should work!docker run -i -t ubuntu /bin/bash # Optional test step Fedora:
sudo yum -y install dockersudo yum -y update dockersudo systemctl start dockersudo systemctl enable dockersudo docker run -i -t ubuntu /bin/bash
sudo apt-get updatesudo apt-get install -y python-pip python-devrm -rf /opt/stack/nova-dockersudo mkdir -p /opt/stacksudo git clone /opt/stack/nova-dockercd /opt/stack/nova-docker# Check out a different version if not using master, i.e:# sudo git checkout stable/kilo && sudo git pull --ff-only origin stable/kilosudo pip install . # The linecache2 error appears to be benign
Clone devstack (it is recommended to use the same releases of devstack and nova-docker, e.g., stable/kilo, master, etc.)
Before running 's stack.sh script, configure the following options in the local.conf or localrc file:
VIRT_DRIVER=novadocker.virt.docker.DockerDriver# Introduce glance to docker images[DEFAULT]container_formats=ami,ari,aki,bare,ovf,ova,docker
Configure nova to use the nova-docker driver Note: neutron is the default as of kilo
[DEFAULT]compute_driver=novadocker.virt.docker.DockerDriver
echo "##### Introduce glance to docker images" >> local.confecho "" >> local.confecho "[DEFAULT]" >> local.confecho container_formats=ami,ari,aki,bare,ovf,ova,docker >> local.confecho >> local.confecho "##### Configure nova to use the nova-docker driver" >> local.confecho "" >> local.confecho "[DEFAULT]" >> local.confecho compute_driver=novadocker.virt.docker.DockerDriver >> local.confecho >> local.conf
./stack.sh
Copy the filters
sudo cp /opt/stack/nova-docker/etc/nova/rootwrap.d/docker.filters /etc/nova/rootwrap.d/
Start a Container
. openrc adminINSTANCE=d1IMAGE=cirrosdocker pull cirrosdocker save cirros | glance image-create --name ${IMAGE} --is-public true --container-format docker --disk-format rawnova boot --image ${IMAGE} --flavor m1.tiny ${INSTANCE}sleep 10nova listnova show ${INSTANCE} Assign it a floating IP and connect to it
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no cirros@${floatingip_ip} Using the Docker hypervisor via replaces all manual configuration needed above.
Install Docker, then install Devstack and run stack.sh
Once stack.sh completes, run unstack.sh from the devstack directory
Install nova-docker:
git clone /opt/stack/nova-dockercd /opt/stack/nova-dockersudo python setup.py install
Prepare DevStack:
export INSTALLDIR={Devstack_Parent_Dir}cd /opt/stack/nova-docker./contrib/devstack/prepare_devstack.shcat localrc >> local.conf Run stack.sh from devstack directory:
$ ./stack.sh
It may be necessary to install a Docker filter as well:
sudo cp /opt/stack/nova-docker/etc/nova/rootwrap.d/docker.filters \ /etc/nova/rootwrap.d/
We have a and involvement of various contributors may be verified via Github's .
The Docker team is also involved with the more generic and highly-overlapping efforts of the .
We are available on IRC on Freenode in #nova-docker. The containers team may be found in #openstack-containers.
转载地址:http://iyyoi.baihongyu.com/