Running OpenStack in a container can be a useful workflow for developers. The primary benefits are faster performance and lower memory overhead while still providing a suitable level of isolation. The guide walks the user through procedure for configuring an LXC container and deploying OpenStack in it using devstack. It also discusses the limitations of this setup - particularly related to cinder. Change-Id: I2e0921fd118cfe98cef86ba110a94b3edccf9a29
5.1 KiB
All-In-One Single LXC Container
This guide walks you through the process of deploying OpenStack using devstack in an LXC container instead of a VM.
The primary benefits to running devstack inside a container instead of a VM is faster performance and lower memory overhead while still providing a suitable level of isolation. This can be particularly useful when you want to simulate running OpenStack on multiple nodes.
Warning
Containers do not provide the same level of isolation as a virtual machine.
Note
Not all OpenStack features support running inside of a container. See
Limitations section below for details. OpenStack in a VM <single-vm>
is recommended for
beginners.
Prerequisites
This guide is written for Ubuntu 14.04 but should be adaptable for any modern Linux distribution.
Install the LXC package:
sudo apt-get install lxc
You can verify support for containerization features in your
currently running kernel using the lxc-checkconfig
command.
Container Setup
Configuration
For a successful run of stack.sh
and to permit use of
KVM to run the VMs you launch inside your container, we need to use the
following additional configuration options. Place the following in a
file called devstack-lxc.conf
:
# Permit access to /dev/loop*
lxc.cgroup.devices.allow = b 7:* rwm
# Setup access to /dev/net/tun and /dev/kvm
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0
lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
# Networking
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
Create Container
The configuration and rootfs for LXC containers are created using the
lxc-create
command.
We will name our container devstack
and use the
ubuntu
template which will use debootstrap
to
build a Ubuntu rootfs. It will default to the same release and
architecture as the host system. We also install the additional packages
bsdmainutils
and git
as we'll need them to run
devstack:
sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git
The first time it builds the rootfs will take a few minutes to download, unpack, and configure all the necessary packages for a minimal installation of Ubuntu. LXC will cache this and subsequent containers will only take seconds to create.
Note
To speed up the initial rootfs creation, you can specify a mirror to
download the Ubuntu packages from by appending --mirror=
and then the URL of a Ubuntu mirror. To see other other template
options, you can run lxc-create -t ubuntu -h
.
Start Container
To start the container, run:
sudo lxc-start -n devstack
A moment later you should be presented with the login prompt for your
container. You can login using the username ubuntu
and
password ubuntu
.
You can also ssh into your container. On your host, run
sudo lxc-info -n devstack
to get the IP address (e.g.
ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')
).
Run Devstack
You should now be logged into your container and almost ready to run devstack. The commands in this section should all be run inside your container.
Tip
You can greatly reduce the runtime of your initial devstack setup by
ensuring you have your apt sources.list configured to use a fast mirror.
Check and update /etc/apt/sources.list
if necessary and
then run apt-get update
.
Download DevStack
git clone https://git.openstack.org/openstack-dev/devstack
Configure
Refer to
minimal-configuration
if you wish to configure the behaviour of devstack.Start the install
cd devstack ./stack.sh
Cleanup
To stop the container:
lxc-stop -n devstack
To delete the container:
lxc-destroy -n devstack
Limitations
Not all OpenStack features may function correctly or at all when ran from within a container.
Cinder
Unable to create LVM backed volume
In our configuration, we have not whitelisted access to device-mapper or LVM devices. Doing so will permit your container to have access and control of LVM on the host system. To enable, add the following to your
devstack-lxc.conf
before runninglxc-create
:lxc.cgroup.devices.allow = c 10:236 rwm lxc.cgroup.devices.allow = b 252:* rwm
Additionally you'll need to set
udev_rules = 0
in theactivation
section of/etc/lvm/lvm.conf
unless you mount devtmpfs in your container.
Unable to attach volume to instance
It is not possible to attach cinder volumes to nova instances due to parts of the Linux iSCSI implementation not being network namespace aware. This can be worked around by using network pass-through instead of a separate network namespace but such a setup significantly reduces the isolation of the container (e.g. a
halt
command issued in the container will cause the host system to shutdown).