Remove EXPOSE options from Dockerfiles

The EXPOSE options will create a local docker-proxy. This is unnecessary with --net=host mode. The docker-proxy adds about 20 microseconds of latency. Add documentation to the specification to indicate where to find the ports that are exposed by the services in case someone were to desire to add EXPOSE back to the Dockerfiles. Change-Id: I398e922fe096d6022a2d5985bb92498f89a5ea31
2015-03-28 08:11:34 -07:00 · 2015-03-28 08:11:34 -07:00 · a87980e5c2
commit a87980e5c2
parent 53c1ba99c8
9 changed files with 9 additions and 17 deletions
--- a/docker/barbican/Dockerfile
+++ b/docker/barbican/Dockerfile
@ -35,7 +35,4 @@ RUN pip install uwsgi
 RUN rm -rf /barbican-$PBR_VERSION
 RUN rm -rf /barbican-$PBR_VERSION.tar.gz

-# Expose the dev and admin ports
-EXPOSE 9311 9312
-
 CMD ["/start.sh"]
--- a/docker/ceilometer/ceilometer-api/Dockerfile
+++ b/docker/ceilometer/ceilometer-api/Dockerfile
@ -3,7 +3,5 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)

 RUN yum install -y openstack-ceilometer-api && yum clean all

-EXPOSE 8777
-
 ADD ./start.sh /start.sh
 CMD ["/start.sh"]
--- a/docker/glance/glance-registry/Dockerfile
+++ b/docker/glance/glance-registry/Dockerfile
@ -1,7 +1,5 @@
 FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%glance-base
 MAINTAINER Kolla Project (https://launchpad.net/kolla)

-EXPOSE 9191
-
 ADD ./start.sh /start.sh
 CMD ["/start.sh"]
--- a/docker/horizon/Dockerfile
+++ b/docker/horizon/Dockerfile
@ -4,8 +4,6 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 RUN yum -y install openstack-dashboard \
        httpd httpd-mod-wsgi && yum clean all

-EXPOSE 80
-
 ADD ./start.sh /start.sh

 CMD ["/start.sh"]
--- a/docker/mongodb/Dockerfile
+++ b/docker/mongodb/Dockerfile
@ -8,6 +8,4 @@ RUN mkdir -p /data/db
 VOLUME /data/db
 VOLUME /var/log/mongodb

-EXPOSE 27017
-
 ENTRYPOINT exec /bin/mongod --dbpath /data/db --logpath /var/log/mongodb/mongo.log --noprealloc --smallfiles
--- a/docker/neutron/neutron-server/Dockerfile
+++ b/docker/neutron/neutron-server/Dockerfile
@ -9,8 +9,6 @@ RUN yum install -y openstack-neutron \

 VOLUME /var/lib/neutron

-EXPOSE 9696
-
 ADD ./start.sh /start.sh
 ADD ./check.sh /check.sh

--- a/docker/nova-controller/nova-api/Dockerfile
+++ b/docker/nova-controller/nova-api/Dockerfile
@ -4,8 +4,6 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 RUN yum -y install \
        openstack-nova-api && yum clean all

-EXPOSE 8773 8774 8775
-
 ADD ./start.sh /start.sh
 ADD ./check.sh /check.sh

--- a/docker/zaqar/Dockerfile
+++ b/docker/zaqar/Dockerfile
@ -9,8 +9,6 @@ RUN yum -y localinstall python-oslo-utils-0.3.0-1.fc22.noarch.rpm \
           openstack-zaqar-2014.2-1.fc22.noarch.rpm \
           && yum clean all

-EXPOSE 8888
-
 ADD ./start.sh /start.sh
 ADD ./check.sh /check.sh

--- a/specs/containerize-openstack.rst
+++ b/specs/containerize-openstack.rst
@ -188,6 +188,15 @@ with the --privileged=true flag to docker that:
  leaf directories with no other host operating system use.
 * shares any namespace with the --ipc=host, --pid=host, or --net=host flags

+We will not use the Docker EXPOSE operation since all containers will use
+--net=host.  One motive for using --net=host is it is inherently simplier.
+A different motive for not using EXPOSE is the 20 microsecond penalty
+applied to every packet forwarded and returned by docker-proxy.
+If EXPOSE functionality is desired, it can be added back by
+referencing the default list of OpenStack ports to each Dockerfile:
+
+    http://docs.openstack.org/trunk/config-reference/content/firewalls-default-ports.html
+
 We will use the docker flag --restart=always to provide some measure of
 high availability for the individual containers and ensure they operate
 correctly as currently designed.