Hi Sudipta, There is another approach you can consider which does not need any changes to Nova.
The approach works as follows: - Save the container image tar in Swift - Generate a Swift tempURL for the container file - Boot Nova vm and pass instructions for following steps through cloud init / user data - download the container file from Swift (wget) - load it (docker load) - run it (docker run) We have implemented this approach in Solum (where we use Heat for deploying a VM and then run application container on it by providing above instructions through user_data of the HOT). Thanks, Devdatta ----- From: Sudipta Biswas <sbisw...@linux.vnet.ibm.com> Sent: Wednesday, July 27, 2016 9:17 AM To: OpenStack Development Mailing List (not for usage questions) Subject: [openstack-dev] [nova][rfc] Booting docker images using nova libvirt Premise: While working with customers, we have realized: - They want to use containers but are wary of using the same host kernel for multiple containers. - They already have a significant investment (including skills) in OpenStack's Virtual Machine workflow and would like to re-use it as much as possible. - They are very interested in using docker images. There are some existing approaches like Hyper, Secure Containers workflows which already tries to address the first point. But we wanted to arrive at an approach that addresses all the above three in context of OpenStack Nova with minimalist changes. Design Considerations: We tried a few experiments with the present libvirt driver in nova to accomplish a work flow to deploy containers inside virtual machines in OpenStack via Nova. The fundamental premise of our approach is to run a single container encapsulated in a single VM. This VM image just has a bare minimum operating system required to run it. The container filesystem comes from the docker image. We would like to get the feedback on the below approaches from the community before proposing this as a spec or blueprint. Approach 1 User workflow: 1. The docker image is obtained in the form of a tar file. 2. Upload this tar file in glance. This support is already there in glance were a container-type of docker is supported. 3. Use this image along with nova libvirt driver to deploy a virtual machine. Following are some of the changes to the OpenStack code that implements this approach: 1. Define a new conf parameter in nova called – base_vm_image=/var/lib/libvirt/images/baseimage.qcow2 This option is used to specify the base VM image. 2. define a new sub_virt_type = container in nova conf. Setting this parameter will ensure mounting of the container filesystem inside the VM. Unless qemu and kvm are used as virt_type – this workflow will not work at this moment. 3. In the virt/libvirt/driver.py we do the following based on the sub_virt_type = container: - We create a qcow2 disk from the base_vm_image and expose that 'disk' as the boot disk for the virtual machine. Note – this is very similar to a regular virtual machine boot minus the fact that the image is not downloaded from glance but instead it is present on the host. - We download the docker image into the /var/lib/nova/instances/_base directory and then for each new virtual machine boot – we create a new directory /var/lib/nova/instances/<instance_uuid> as it's and copy the docker filesystem to it. Note – there are subsequent improvements to this idea that could be performed around the lines of using a union filesystem approach. - The step above allows each virtual machine to have a different copy of the filesystem. - We create a 'passthrough' mount of the filesystem via libvirt. This code is also present in the nova libvirt driver and we just trigger it based on our sub_virt_type parameter. 4. A cloud init – userdata is provided that looks somewhat like this: runcmd: - mount -t 9p -o trans=virtio share_dir /mnt - chroot /mnt /bin/<command_to_run> The command_to_run is usually the entrypoint to for the docker image. There could be better approaches to determine the entrypoint as well (say from docker image metadata). Approach 2. In this approach, the workflow remains the same as the first one with the exception that the docker image is changed into a qcow2 image using a tool like virt-make-fs before uploading it to glance, instead of a tar file. A tool like virt-make-fs can convert a tar file to a qcow2 image very easily. This image is then downloaded on the compute node and a qcow2 disk is created/attached to the virtual machine that boots using the base_vm_image. Approach 3 A custom qcow2 image is created using kernel, initramfs and the docker image and uploaded to glance. No changes are needed in openstack nova. It boots as a regular VM. Changes will be needed in image generation tools and will involve few additional tasks from an operator point of view. I look forward to your comments/suggestions on the above. Thanks, Sudipto __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
