Merge "Add guide on running devstack in lxc container"

2016-02-17 15:10:00 +00:00
parent 0afc6db67a baa35d06e1
commit 886410eade
2 changed files with 172 additions and 0 deletions
--- a/doc/source/guides/lxc.rst
+++ b/doc/source/guides/lxc.rst
@@ -0,0 +1,164 @@
 ================================
 All-In-One Single LXC Container
 ================================
 This guide walks you through the process of deploying OpenStack using devstack
 in an LXC container instead of a VM.
 The primary benefits to running devstack inside a container instead of a VM is
 faster performance and lower memory overhead while still providing a suitable
 level of isolation. This can be particularly useful when you want to simulate
 running OpenStack on multiple nodes.
 .. Warning:: Containers do not provide the same level of isolation as a virtual
   machine.
 .. Note:: Not all OpenStack features support running inside of a container. See
   `Limitations`_ section below for details. :doc:`OpenStack in a VM <single-vm>`
   is recommended for beginners.
 Prerequisites
 ==============
 This guide is written for Ubuntu 14.04 but should be adaptable for any modern
 Linux distribution.
 Install the LXC package::
   sudo apt-get install lxc
 You can verify support for containerization features in your currently running
 kernel using the ``lxc-checkconfig`` command.
 Container Setup
 ===============
 Configuration
 ---------------
 For a successful run of ``stack.sh`` and to permit use of KVM to run the VMs you
 launch inside your container, we need to use the following additional
 configuration options. Place the following in a file called
 ``devstack-lxc.conf``::
  # Permit access to /dev/loop*
  lxc.cgroup.devices.allow = b 7:* rwm
  # Setup access to /dev/net/tun and /dev/kvm
  lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0
  lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
  # Networking
  lxc.network.type = veth
  lxc.network.flags = up
  lxc.network.link = lxcbr0
 Create Container
 -------------------
 The configuration and rootfs for LXC containers are created using the
 ``lxc-create`` command.
 We will name our container ``devstack`` and use the ``ubuntu`` template which
 will use ``debootstrap`` to build a Ubuntu rootfs. It will default to the same
 release and architecture as the host system. We also install the additional
 packages ``bsdmainutils`` and ``git`` as we'll need them to run devstack::
  sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git
 The first time it builds the rootfs will take a few minutes to download, unpack,
 and configure all the necessary packages for a minimal installation of Ubuntu.
 LXC will cache this and subsequent containers will only take seconds to create.
 .. Note:: To speed up the initial rootfs creation, you can specify a mirror to
   download the Ubuntu packages from by appending ``--mirror=`` and then the URL
   of a Ubuntu mirror. To see other other template options, you can run
   ``lxc-create -t ubuntu -h``.
 Start Container
 ----------------
 To start the container, run::
  sudo lxc-start -n devstack
 A moment later you should be presented with the login prompt for your container.
 You can login using the username ``ubuntu`` and password ``ubuntu``.
 You can also ssh into your container. On your host, run
 ``sudo lxc-info -n devstack`` to get the IP address (e.g. 
 ``ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')``).
 Run Devstack
 -------------
 You should now be logged into your container and almost ready to run devstack.
 The commands in this section should all be run inside your container.
 .. Tip:: You can greatly reduce the runtime of your initial devstack setup by
   ensuring you have your apt sources.list configured to use a fast mirror.
   Check and update ``/etc/apt/sources.list`` if necessary and then run 
   ``apt-get update``.
 #. Download DevStack
   ::
       git clone https://git.openstack.org/openstack-dev/devstack
 #. Configure
   Refer to :ref:`minimal-configuration` if you wish to configure the behaviour
   of devstack.
 #. Start the install
   ::
       cd devstack
       ./stack.sh
 Cleanup
 -------
 To stop the container::
  lxc-stop -n devstack
 To delete the container::
  lxc-destroy -n devstack
 Limitations
 ============
 Not all OpenStack features may function correctly or at all when ran from within
 a container.
 Cinder
 -------
 Unable to create LVM backed volume
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  In our configuration, we have not whitelisted access to device-mapper or LVM
  devices. Doing so will permit your container to have access and control of LVM
  on the host system. To enable, add the following to your
  ``devstack-lxc.conf`` before running ``lxc-create``::
    lxc.cgroup.devices.allow = c 10:236 rwm
    lxc.cgroup.devices.allow = b 252:* rwm
  Additionally you'll need to set ``udev_rules = 0`` in the ``activation``
  section of ``/etc/lvm/lvm.conf`` unless you mount devtmpfs in your container.
 Unable to attach volume to instance
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  It is not possible to attach cinder volumes to nova instances due to parts of
  the Linux iSCSI implementation not being network namespace aware. This can be
  worked around by using network pass-through instead of a separate network
  namespace but such a setup significantly reduces the isolation of the
  container (e.g. a ``halt`` command issued in the container will cause the host
  system to shutdown).
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -76,6 +76,7 @@ Walk through various setups used by stackers
   guides/single-vm
   guides/single-machine
   guides/lxc
   guides/multinode-lab
   guides/neutron
   guides/devstack-with-nested-kvm
@@ -96,6 +97,13 @@ Run :doc:`OpenStack on dedicated hardware <guides/single-machine>`  This can inc
 server-class machine or a laptop at home.
 :doc:`[Read] <guides/single-machine>`
 All-In-One LXC Container
 -------------------------
 Run :doc:`OpenStack in a LXC container <guides/lxc>`. Beneficial for intermediate
 and advanced users. The VMs launched in this cloud will be fully accelerated but
 not all OpenStack features are supported. :doc:`[Read] <guides/lxc>`
 Multi-Node Lab
 --------------