From a87980e5c21b17a60ba46cb53208140143ed8b15 Mon Sep 17 00:00:00 2001 From: Steven Dake Date: Sat, 28 Mar 2015 08:11:34 -0700 Subject: [PATCH] Remove EXPOSE options from Dockerfiles The EXPOSE options will create a local docker-proxy. This is unnecessary with --net=host mode. The docker-proxy adds about 20 microseconds of latency. Add documentation to the specification to indicate where to find the ports that are exposed by the services in case someone were to desire to add EXPOSE back to the Dockerfiles. Change-Id: I398e922fe096d6022a2d5985bb92498f89a5ea31 --- docker/barbican/Dockerfile | 3 --- docker/ceilometer/ceilometer-api/Dockerfile | 2 -- docker/glance/glance-registry/Dockerfile | 2 -- docker/horizon/Dockerfile | 2 -- docker/mongodb/Dockerfile | 2 -- docker/neutron/neutron-server/Dockerfile | 2 -- docker/nova-controller/nova-api/Dockerfile | 2 -- docker/zaqar/Dockerfile | 2 -- specs/containerize-openstack.rst | 9 +++++++++ 9 files changed, 9 insertions(+), 17 deletions(-) diff --git a/docker/barbican/Dockerfile b/docker/barbican/Dockerfile index f017f31744..fecb784132 100644 --- a/docker/barbican/Dockerfile +++ b/docker/barbican/Dockerfile @@ -35,7 +35,4 @@ RUN pip install uwsgi RUN rm -rf /barbican-$PBR_VERSION RUN rm -rf /barbican-$PBR_VERSION.tar.gz -# Expose the dev and admin ports -EXPOSE 9311 9312 - CMD ["/start.sh"] diff --git a/docker/ceilometer/ceilometer-api/Dockerfile b/docker/ceilometer/ceilometer-api/Dockerfile index a9894e2bdf..aaaf7c8df2 100644 --- a/docker/ceilometer/ceilometer-api/Dockerfile +++ b/docker/ceilometer/ceilometer-api/Dockerfile @@ -3,7 +3,5 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla) RUN yum install -y openstack-ceilometer-api && yum clean all -EXPOSE 8777 - ADD ./start.sh /start.sh CMD ["/start.sh"] diff --git a/docker/glance/glance-registry/Dockerfile b/docker/glance/glance-registry/Dockerfile index 2510f8eb04..e9937dc7f0 100644 --- a/docker/glance/glance-registry/Dockerfile +++ b/docker/glance/glance-registry/Dockerfile @@ -1,7 +1,5 @@ FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%glance-base MAINTAINER Kolla Project (https://launchpad.net/kolla) -EXPOSE 9191 - ADD ./start.sh /start.sh CMD ["/start.sh"] diff --git a/docker/horizon/Dockerfile b/docker/horizon/Dockerfile index eafff2faa9..f153ef9968 100644 --- a/docker/horizon/Dockerfile +++ b/docker/horizon/Dockerfile @@ -4,8 +4,6 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla) RUN yum -y install openstack-dashboard \ httpd httpd-mod-wsgi && yum clean all -EXPOSE 80 - ADD ./start.sh /start.sh CMD ["/start.sh"] diff --git a/docker/mongodb/Dockerfile b/docker/mongodb/Dockerfile index 353df42b21..81278092fe 100644 --- a/docker/mongodb/Dockerfile +++ b/docker/mongodb/Dockerfile @@ -8,6 +8,4 @@ RUN mkdir -p /data/db VOLUME /data/db VOLUME /var/log/mongodb -EXPOSE 27017 - ENTRYPOINT exec /bin/mongod --dbpath /data/db --logpath /var/log/mongodb/mongo.log --noprealloc --smallfiles diff --git a/docker/neutron/neutron-server/Dockerfile b/docker/neutron/neutron-server/Dockerfile index 9597f7c404..a9d4eef4dd 100644 --- a/docker/neutron/neutron-server/Dockerfile +++ b/docker/neutron/neutron-server/Dockerfile @@ -9,8 +9,6 @@ RUN yum install -y openstack-neutron \ VOLUME /var/lib/neutron -EXPOSE 9696 - ADD ./start.sh /start.sh ADD ./check.sh /check.sh diff --git a/docker/nova-controller/nova-api/Dockerfile b/docker/nova-controller/nova-api/Dockerfile index 2ac871dadd..12a2add20a 100644 --- a/docker/nova-controller/nova-api/Dockerfile +++ b/docker/nova-controller/nova-api/Dockerfile @@ -4,8 +4,6 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla) RUN yum -y install \ openstack-nova-api && yum clean all -EXPOSE 8773 8774 8775 - ADD ./start.sh /start.sh ADD ./check.sh /check.sh diff --git a/docker/zaqar/Dockerfile b/docker/zaqar/Dockerfile index e993887c46..d4db63dc33 100644 --- a/docker/zaqar/Dockerfile +++ b/docker/zaqar/Dockerfile @@ -9,8 +9,6 @@ RUN yum -y localinstall python-oslo-utils-0.3.0-1.fc22.noarch.rpm \ openstack-zaqar-2014.2-1.fc22.noarch.rpm \ && yum clean all -EXPOSE 8888 - ADD ./start.sh /start.sh ADD ./check.sh /check.sh diff --git a/specs/containerize-openstack.rst b/specs/containerize-openstack.rst index 3aeb67be1d..f035ec2e04 100644 --- a/specs/containerize-openstack.rst +++ b/specs/containerize-openstack.rst @@ -188,6 +188,15 @@ with the --privileged=true flag to docker that: leaf directories with no other host operating system use. * shares any namespace with the --ipc=host, --pid=host, or --net=host flags +We will not use the Docker EXPOSE operation since all containers will use +--net=host. One motive for using --net=host is it is inherently simplier. +A different motive for not using EXPOSE is the 20 microsecond penalty +applied to every packet forwarded and returned by docker-proxy. +If EXPOSE functionality is desired, it can be added back by +referencing the default list of OpenStack ports to each Dockerfile: + + http://docs.openstack.org/trunk/config-reference/content/firewalls-default-ports.html + We will use the docker flag --restart=always to provide some measure of high availability for the individual containers and ensure they operate correctly as currently designed.