Thursday, November 13, 2014

OpenStack Series: Part 13 - Docker in OpenStack

Often time there is the notion that with Docker, the Linux Container technology is going to replace server virtualization.  The reasoning for this thought is that with Linux Container virtualize application on the operating system level in which the hypervisor is no longer needed. 

Another camp of thought is that container does not have the robustness and enterprise ready feature such as resource allocation management, high availability or even manageability that can be offered by VMware.

I have an article that mention combining the container technology and hypervisor is the best of both world and this is why VMware is embracing this technology with project Fargo.

Docker, Inc is the company behind the open source Docker platform.

Docker is an orchestration or packaging tool that allows applications and their dependencies to run on container technology.  

Docker is also being deploy in OpenStack Nova as a form of hypervisor type.  It was introduced in the Havana release but is being left out for the main development tree and due to popularity of Docker it will be updated and introduce back to to the main project in the Kilo release.  I think a lot more development effects will be put in to integrating Docker into OpenStack and make it a powerful tool for the enterprise IT.  There are talks about putting SDN into Docker which lead to the possibility of putting Network Function Virtualization into a container instead of a full blow virtual machine - NFD (Network Function Dockerization) <- a new name that I come up with based on the word "Dockerize"

OpenStack documentation outlines the advantages of using docker in an OpenStack Infrastructure:

Docker takes advantage of containers and filesystem technologies in a high-level which are not generic enough to be managed by libvirt.
  • Process-level API: Docker can collect the standard outputs and inputs of the process running in each container for logging or direct interaction, it allows blocking on a container until it exits, setting its environment, and other process-oriented primitives which don’t fit well in libvirt’s abstraction.
  • Advanced change control at the filesystem level: Every change made on the filesystem is managed through a set of layers which can be snapshotted, rolled back, diff-ed etc.
  • Image portability: The state of any Docker container can be optionally committed as an image and shared through a central image registry. Docker images are designed to be portable across infrastructures, so they are a great building block for hybrid cloud scenarios.
  • Build facility: Docker can automate the assembly of a container from an application’s source code. This gives developers an easy way to deploy payloads to an OpenStack cluster as part of their development workflow.
Currently Docker is in two of the OpenStack projects - Nova and Heat

Docker in OpenStack Nova
Docker is not a hypervisor but in Nova it is considered as a hypervisor type.  Docker is listed as a Group C hypervisor which means not much testing is done with the driver.  I think this will be changed in the Kilo release.

The Docker drive in Nova is basically a HTTP client that passes RESTful API into Docker.  This drive will load the Docker image from OpenStack Glance and load the image into the Docker filesystem.  Older version of this Docker drive needs a private docker-registery which in turns proxy to Glance but this is no longer necessary. (I have an article that talks about Docker image, register).

image source: https://wiki.openstack.org/wiki/File:Docker-under-the-hood.png

Docker in OpenStack Heat

While Docker is an orchestration tool for containers, Heat in turn talks to Docker for container deployment.

image source: https://raw.githubusercontent.com/MarouenMechtri/Docker-containers-deployment-with-OpenStack-Heat/master/images/docker-plugin.jpg

Scott Lowe (@scott_lowe) had 2 great articles on Heat template for Dockers here and here with reference link to another post of his on OpenStack Heat. If you want a quick overview of OpenStack Heat, I have one article on this subject in my OpenStack series.

Docker + OpenStack = PaaS
I think one of the use case for using Docker in an OpenStack environment is to take advantage of the nice feature of Docker which is lightweight, fast provisioning and portable to build a Platform as a Service.  There are cases we need a mature hypervisor with all the build-in High Availability and Resource Scheduling features but in some case a container is the best way to go.  In fact OpenStack is actively working on High Availability in different parts of the infrastructure and in due time this will augment the Docker technology to be enterprise ready.

There is already a project - Solum to leverage OpenStack for application delivery. OpenStack has a page for Solum which talks about the goal, resource and FAQ of this project in the context of OpenStack.

Related Post:
OpenStack Series Part 1: How do you look at OpenStack?
OpenStack Series Part 2: What's new in the Juno Release?
OpenStack Series Part 3: Keystone - Identity Service
OpenStack Series Part 4: Nova - Compute Service
OpenStack Series Part 5: Glance - Image Service
OpenStack Series Part 6: Cinder - Block Storage Service
OpenStack Series Part 7: Swift - Object Storage Service
OpenStack Series Part 8: Neutron - Networking Service
OpenStack Series Part 9: Horizon - a Web Based UI Service
OpenStack Series Part 10: Heat - Orchestration Service
OpenStack Series Part 11: Ceilometer - Monitoring and Metering Service
OpenStack Series Part 12: Trove - Database Service
OpenStack Series Part 14: Sahara - Data Processing Service
OpenStack Series part 15: Messaging and Queuing System in OpenStack
OpenStack Series Part 16: Ceph in OpenStack
OpenStack Series Part 17: Congress - Policy Service
OpenStack Series Part 18: Network Function Virtualization in OpenStack
OpenStack Series Part 19: Storage Polices for Object Storage
OpenStack Series Part 20: Group-based Policy for Neutron

Reference:
"Docker." - OpenStack. N.p., n.d. Web. 29 Oct. 2014.

No comments:

Post a Comment