A data volume container is far superior to bind mounting the
host's shared directories. It preserves the idempotency,
immutability and declarative properties of the containers.
The way this works in practice is that a data volume container is
created. Then when the containers start they use LVM to access
the filesystem where /var/lib/docker is contained. Then the
container startup logic bindmounts the data volume stored on the
host filesystem in /var/lib/docker/vfs/dir/ID. This prevents
people with access to the host operating system from damaging
the contents of the data container.
It does mean that now we must use tools/stop to stop our containers
rather than tools/cleanup-containers -f.
This is a containers best practice. For more details see:
https://docs.docker.com/userguide/dockervolumes/
Big credit goes to Danyeon Hansen for seeding this idea in the
mariadb containers.
Note occasionally docker-compose start/stop seems to not want to stop
a container. This bug needs to be addressed upstream separately
from our utilization of this best practice.
Change-Id: Iaa1419f606e1b1b7a7560a095c49e79d643164f1
Previously, the nwfilter daemon/conf pkgs would need to be
installed on the host. Compose would then mount the host DIR
to the compute containers. A more efficient approach is to simply
install the nwfilter config/daemon in the libvirt container. Both
appoaches address the following error when booting an instance:
'no-mac-spoofing' is missing
Change-Id: I81b446d198920473bf99b97ef5eac6ef5ee85024
Libvirt contains a package that sets the permissions of KVM.
If the host does not have libvirt installed the permissions
will never be set and nova boot will fail.
Change-Id: Ie5509199391db55e0984d59a6623f021f3ae46c1
By changing the PREFIX variable in the .buildconf one is now able to
build docker images from different bases.
For example, add the following line to your .buildconf file to build
CentOS based images:
PREFIX=centos-rdo-
Default base image is Fedora. For now only RH family is supported.
Additionally, changing the namespace either with the NAMESPACE variable
in .buildconf or via --namespace commandline option now changes the
source namespace as well from the default kollaglue one.
Implements: blueprint multi-baseos
Co-Authored-By: Steven Dake <stdake@cisco.com>
Change-Id: I3964cd2292789ea883a1f2d2738a5731a4fff49b
This imports sdakes' nova-docker codebase to show that atomic upgrades
work atleast with nova networking. This has many corrections.
For more details read:
http://sdake.io/2015/01/28/an-atomic-upgrade-process-for-openstack-compute-nodes/
Implements-blueprint: blueprint libvirt-container
Partially-implements; blueprint container-set-compute-operation-nova
Change-Id: I858ea113c5656b6da5d2fd13502fecdbd085c8da
Previously, the nova-network service was not fully functional.
This patch adds multi-interface support to the nova-network
container. The eth0 configuration is moved to a bridge (br100 per
nova defaults), and configures eth0 and eth1 as bridged
interfaces. eth0 is used for the nova-flat network and eth1 for
foating-ip's. This model is identical to typical bare-metal
nova-network deployments. The patch depends on the following patch
to kube-heat template that provides multiple interfaces per minion:
https://github.com/larsks/heat-kubernetes/pull/8
Rebased. Fixed merge conflict with k8s/pod/nova-compute-pod.yaml
Change-Id: Ieb59f397981a226555ce55ca621ef578b987e3c6
this patch creates a dummy interface ("flat0") and uses that for
flat_interface. This prevents nova from breaking container networking
when it adds the container eth0 to the nova bridge (br100).
Change-Id: I93c696a8476228d6bbca678748170c2a11d5af11
Not all nova services need a bridge. Remove bridge creation from
nova-base config and place in nova-network specifically.
Change-Id: Ia78c65a4661cd95112dca7ffdc1e839d4f648d52
libvirt-start.sh was missing from nova-compute/nova-compute. Add it
so libvirt is started from a fresh checkout of the repository.
Change-Id: I8b40819629b16e4a63102eb353b3c8682791cf9d
This moves nova-ctr-base one level up and renames it nova-base, so that
we can share the same basic config between compute and controller pods.
Change-Id: I325f70c278744a1e1fe99b891e05c59c4248c55f
The nova-compute POD now starts and produces nearly correct output.
It may be that the libvirt container needs additional attention as it
is spitting out errors related to the firewall toolchain on the container.
Change-Id: I5bcd21c59f341494206a09e882631185ce66f336
Libvirt imports from fedora-rdo-base rather then nova-base, so no need
in generating an extra image.
Change-Id: I3ddd3aca54900686e3351de3dc11896347b14b6e
Prevoiusly the connection uri was using an undefined variable. Now
it will use NOVA_LIBVIRT_SERVICE.
Change-Id: Ia5ceb3428fa7aeb8dd1dd7b500c63119856977f2
- do not perform database or keystone initialization in nova-compute
image (these should happen in the controller images).
- fix incorrect nova.conf path
- configure keystone_authtoken correct
NB: This still won't result in a working image, because it does not
configure the RPC settings yet. That will be for a subsequent patch.
Change-Id: Icbd66104ef817d360c46003b29fff63f66ace8d2
- batch yum operations to the build goes faster
- yum clean after install to remove yum cache and make
final image smaller
Change-Id: I62246a6329a6b2ab6ab4fee6f72652a805f1e72e
- use correct namespace for base image
- mariadb and openstack-utils are installed by fedora-rdo-base
Change-Id: I9c8bccab10f8b9dc66340fb94d45c90d1a39fea9
This should get us a working nova-compute. Once rabbitmq is operational
we can further debug and implement this container.
Change-Id: I0768b9f33bc43748f4e08da0edc111d669895cc8
This renames the keystone services so that they are named by function,
rather than port number (which would be confusing if they were running
on a different port).
Change-Id: Ibb0263a133c28a104563df431870a9effe584012
This patch updates all the json files that reference the mariadb service
variables to ues the new names.
Labelling things foo-master crept into this repository from the
kubernetes guestbook example (which has redis-master and redis-slaves).
We're not running clustered software at the moment so these labels are
unnecessary.
Change-Id: I229d04c89aa13cb6cc2e1c33a0a7b21e1c6e9caa
This patch replaces the collection of individual "build" scripts with a
single script (tools/build-docker-image), made available as "build"
inside each image directory.
The build-docker-image script will, by default, build images tagged with
the current commit id in order to prevent developers from accidentally
stepping on each other or on release images.
Documentation in docs/image-building.md describes the script in more
detail.
Change-Id: I444d5c2256a85223f8750a0904cb4b07f18ab67f
This lays the groundwork for the docker compute container.
The compute node is composed of libvirt container and a nove-compute
container. We are going to have to sort out how to get k8s to schedule
this pod 1 per node.
Change-Id: I1e06e4b5f5bde83b582edfc1094084a4ee353371
Partial-blueprint: kube-libvirt-container
Partial-blueprint: kube-nova-container
