Merge "container: Build the container from tree not git"
This commit is contained in:
commit
068e3ad5a1
|
@ -0,0 +1,39 @@
|
|||
FROM alpine:3.4
|
||||
MAINTAINER Antoni Segura Puimedon "toni@kuryr.org"
|
||||
WORKDIR /
|
||||
COPY . /opt/kuryr-libnetwork
|
||||
RUN \
|
||||
apk add --no-cache \
|
||||
bash \
|
||||
iproute2 \
|
||||
openvswitch \
|
||||
py-pip \
|
||||
python \
|
||||
uwsgi-python \
|
||||
&& apk add --no-cache --virtual build-deps \
|
||||
gcc \
|
||||
git \
|
||||
linux-headers \
|
||||
musl-dev \
|
||||
python-dev \
|
||||
&& pip install -U pip setuptools \
|
||||
\
|
||||
&& cd /opt/kuryr-libnetwork \
|
||||
&& pip install . \
|
||||
&& cd / \
|
||||
&& apk del build-deps
|
||||
|
||||
ENV SERVICE_USER="admin"
|
||||
ENV SERVICE_PROJECT_NAME="admin"
|
||||
ENV SERVICE_PASSWORD="pass"
|
||||
ENV SERVICE_DOMAIN_NAME="Default"
|
||||
ENV USER_DOMAIN_NAME="Default"
|
||||
ENV IDENTITY_URL="http://127.0.0.1:35357/v3"
|
||||
ENV CAPABILITY_SCOPE="local"
|
||||
ENV LOG_LEVEL="INFO"
|
||||
ENV PROCESSES=2
|
||||
ENV THREADS=2
|
||||
|
||||
VOLUME /var/log/kuryr
|
||||
|
||||
CMD ["/opt/kuryr-libnetwork/contrib/docker/run_kuryr.sh"]
|
123
README.rst
123
README.rst
|
@ -30,8 +30,97 @@ Features
|
|||
* TODO
|
||||
|
||||
|
||||
Getting Code
|
||||
------------
|
||||
Getting it running with a service container
|
||||
-------------------------------------------
|
||||
|
||||
Prerequisites
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
The necessary components for an operating environment to run Kuryr are:
|
||||
|
||||
* Keystone (preferably configured with Keystone v3),
|
||||
* Neutron (preferably mitaka or newer),
|
||||
* Mariadb (for Neutron and Keystone),
|
||||
* Neutron agents for the vendor you choose,
|
||||
* Rabbitmq if the Neutron agents for your vendor require it,
|
||||
* Docker 1.9+
|
||||
|
||||
Building the container
|
||||
~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
The Dockerfile in the root of this repository can be used to generate a wsgi
|
||||
Kuryr Libnetwork server container with docker build::
|
||||
|
||||
docker build -t your_docker_username/libnetwork:latest .
|
||||
|
||||
Additionally, you can pull the upstream container::
|
||||
|
||||
docker pull kuryr/libnetwork:latest
|
||||
|
||||
Note that you can also specify the tag of a stable release for the above
|
||||
command instead of *latest*.
|
||||
|
||||
How to run the container
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
First we prepare Docker to find the driver::
|
||||
|
||||
sudo mkdir -p /usr/lib/docker/plugins/kuryr
|
||||
sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \
|
||||
https://raw.githubusercontent.com/openstack/kuryr-libnetwork/master/etc/kuryr.spec
|
||||
sudo service docker restart
|
||||
|
||||
Then we start the container::
|
||||
|
||||
docker run --name kuryr-libnetwork \
|
||||
--net=host \
|
||||
--cap-add=NET_ADMIN \
|
||||
-e SERVICE_USER=admin \
|
||||
-e SERVICE_PROJECT_NAME=admin \
|
||||
-e SERVICE_PASSWORD=admin \
|
||||
-e SERVICE_DOMAIN_NAME=Default \
|
||||
-e USER_DOMAIN_NAME=Default \
|
||||
-e IDENTITY_URL=http://127.0.0.1:35357/v3 \
|
||||
-v /var/log/kuryr:/var/log/kuryr \
|
||||
-v /var/run/openvswitch:/var/run/openvswitch \
|
||||
kuryr/libnetwork
|
||||
|
||||
Where:
|
||||
* SERVICE_USER, SERVICE_PROJECT_NAME, SERVICE_PASSWORD, SERVICE_DOMAIN_NAME,
|
||||
USER_DOMAIN_NAME are OpenStack credentials
|
||||
* IDENTITY_URL is the url to the OpenStack Keystone v3 endpoint
|
||||
* A volume is created so that the logs are available on the host
|
||||
* NET_ADMIN capabilities are given in order to perform network operations on
|
||||
the host namespace like ovs-vsctl
|
||||
|
||||
Other options you can set as '-e' parameters in Docker run:
|
||||
* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there
|
||||
is a cluster store plugged into the docker engine.
|
||||
* LOG_LEVEL for defining, for example, "DEBUG" logging messages.
|
||||
* PROCESSES for defining how many kuryr processes to use to handle the
|
||||
libnetwork requests.
|
||||
* THREADS for defining how many threads per process to use to handle the
|
||||
libnetwork requests.
|
||||
|
||||
Note that you will probably have to change the 127.0.0.1 IDENTITY_URL address
|
||||
for the address where your Keystone is running. In this case it is 127.0.0.1
|
||||
because the example assumes running the container with *--net=host* on an all
|
||||
in one deployment where Keystone is also binding locally.
|
||||
|
||||
Alternatively, if you have an existing kuryr.conf, you can use it for the
|
||||
container::
|
||||
|
||||
docker run --name kuryr-libnetwork \
|
||||
--net host \
|
||||
--cap-add NET_ADMIN \
|
||||
-v /etc/kuryr:/etc/kuryr:ro \
|
||||
-v /var/log/kuryr:/var/log/kuryr:rw \
|
||||
-v /var/run/openvswitch:/var/run/openvswitch:rw \
|
||||
kuryr/libnetwork
|
||||
|
||||
|
||||
Getting it from source
|
||||
----------------------
|
||||
|
||||
::
|
||||
|
||||
|
@ -40,7 +129,7 @@ Getting Code
|
|||
|
||||
|
||||
Prerequisites
|
||||
-------------
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
::
|
||||
|
||||
|
@ -48,7 +137,7 @@ Prerequisites
|
|||
|
||||
|
||||
Installing Kuryr's libnetwork driver
|
||||
------------------------------------
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Running the following will grab the requirements and install kuryr::
|
||||
|
||||
|
@ -56,11 +145,11 @@ Running the following will grab the requirements and install kuryr::
|
|||
|
||||
|
||||
Configuring Kuryr
|
||||
-----------------
|
||||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
Generate sample config, `etc/kuryr.conf.sample`, running the following::
|
||||
|
||||
$ tox -e genconfig
|
||||
$ ./tools/generate_config_file_samples.sh
|
||||
|
||||
|
||||
Rename and copy config file at required path::
|
||||
|
@ -68,22 +157,27 @@ Rename and copy config file at required path::
|
|||
$ cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf
|
||||
|
||||
|
||||
Edit keystone section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD::
|
||||
Edit Neutron section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD::
|
||||
|
||||
auth_uri = http://127.0.0.1:35357/v2.0
|
||||
admin_user = admin
|
||||
admin_tenant_name = service
|
||||
admin_password = ADMIN_PASSWORD
|
||||
[neutron]
|
||||
auth_url = http://127.0.0.1:35357/v3/
|
||||
username = admin
|
||||
user_domain_name = Default
|
||||
password = ADMIN_PASSWORD
|
||||
project_name = service
|
||||
project_domain_name = Default
|
||||
auth_type = password
|
||||
|
||||
|
||||
In the same file uncomment the `bindir` parameter with the path for the Kuryr
|
||||
vif binding executables::
|
||||
vif binding executables. For example, if you installed it on Debian or Ubuntu::
|
||||
|
||||
[DEFAULT]
|
||||
bindir = /usr/local/libexec/kuryr
|
||||
|
||||
|
||||
Running Kuryr
|
||||
-------------
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
Currently, Kuryr utilizes a bash script to start the service. Make sure that
|
||||
you have installed `tox` before the execution of the command below::
|
||||
|
@ -106,7 +200,8 @@ Testing Kuryr
|
|||
|
||||
For a quick check that Kuryr is working, create a network::
|
||||
|
||||
$ docker network create --driver kuryr test_net
|
||||
$ docker network create --driver kuryr --ipam-driver kuryr \
|
||||
--subnet 10.10.0.0/16 test_net
|
||||
785f8c1b5ae480c4ebcb54c1c48ab875754e4680d915b270279e4f6a1aa52283
|
||||
$ docker network ls
|
||||
NETWORK ID NAME DRIVER
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
FROM alpine:3.3
|
||||
MAINTAINER Antoni Segura Puimedon "toni@kuryr.org"
|
||||
WORKDIR /
|
||||
RUN apk add --no-cache \
|
||||
bash \
|
||||
iproute2 \
|
||||
openvswitch \
|
||||
py-pip \
|
||||
python \
|
||||
uwsgi-python && \
|
||||
apk add --no-cache --virtual build-deps \
|
||||
gcc \
|
||||
git \
|
||||
linux-headers \
|
||||
musl-dev \
|
||||
python-dev && \
|
||||
pip install -U pip setuptools && \
|
||||
git clone https://github.com/openstack/kuryr && \
|
||||
cd /kuryr && \
|
||||
pip install . && \
|
||||
cd / && \
|
||||
rm -fr /kuryr && \
|
||||
apk del build-deps
|
||||
|
||||
ENV SERVICE_USER="admin"
|
||||
ENV SERVICE_TENANT_NAME="admin"
|
||||
ENV SERVICE_PASSWORD="pass"
|
||||
ENV IDENTITY_URL="http://127.0.0.1:35357/v2.0"
|
||||
ENV OS_URL="http://127.0.0.1:9696"
|
||||
ENV CAPABILITY_SCOPE="local"
|
||||
ENV LOG_LEVEL="INFO"
|
||||
ENV PROCESSES=2
|
||||
ENV THREADS=2
|
||||
|
||||
VOLUME /var/log/kuryr
|
||||
|
||||
ADD run_kuryr.sh /usr/bin/run_kuryr.sh
|
||||
|
||||
CMD ["/usr/bin/run_kuryr.sh"]
|
|
@ -1,84 +0,0 @@
|
|||
=================================
|
||||
Kuryr Docker libnetwork container
|
||||
=================================
|
||||
|
||||
This is the container generation file for Kuryr's Docker libnetwork driver,
|
||||
useful for single Docker engine usage as well as Docker Swarm usage.
|
||||
|
||||
How to build the container
|
||||
--------------------------
|
||||
|
||||
If you want to build your own container, you can just build it by running the
|
||||
following command from this same directory:
|
||||
|
||||
::
|
||||
|
||||
docker build -t your_docker_username/libnetwork:latest .
|
||||
|
||||
How to get the container
|
||||
------------------------
|
||||
|
||||
To get the upstream docker libnetwork container with ovs, you can just do:
|
||||
|
||||
::
|
||||
|
||||
docker pull kuryr/libnetwork:latest
|
||||
|
||||
It is expected that different vendors may have their own versions of the
|
||||
Kuryr libnetwork container in their docker hub namespaces, for example:
|
||||
|
||||
::
|
||||
|
||||
docker pull midonet/libnetwork:latest
|
||||
|
||||
The reason for this is that some vendors' binding scripts need different (and
|
||||
potentially non-redistributable) userspace tools in the container.
|
||||
|
||||
How to run the container
|
||||
------------------------
|
||||
|
||||
First we prepare Docker to find the driver
|
||||
|
||||
::
|
||||
|
||||
sudo mkdir -p /usr/lib/docker/plugins/kuryr
|
||||
sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \
|
||||
https://raw.githubusercontent.com/openstack/kuryr/master/etc/kuryr.spec
|
||||
sudo service docker restart
|
||||
|
||||
Then we start the container
|
||||
|
||||
::
|
||||
|
||||
docker run --name kuryr-libnetwork \
|
||||
--net=host \
|
||||
--cap-add=NET_ADMIN \
|
||||
-e SERVICE_USER=admin \
|
||||
-e SERVICE_TENANT_NAME=admin \
|
||||
-e SERVICE_PASSWORD=admin \
|
||||
-e IDENTITY_URL=http://127.0.0.1:35357/v2.0 \
|
||||
-e OS_URL=http://127.0.0.1:9696 \
|
||||
-v /var/log/kuryr:/var/log/kuryr \
|
||||
-v /var/run/openvswitch:/var/run/openvswitch \
|
||||
kuryr/libnetwork
|
||||
|
||||
Where:
|
||||
* SERVICE_USER, SERVICE_TENANT_SERVICE_PASSWORD are OpenStack credentials
|
||||
* IDENTITY_URL is the url to OpenStack Keystone
|
||||
* OS_URL is the url to OpenStack Neutron
|
||||
* k8S_API is the url to the Kubernetes API server
|
||||
* A volume is created so that the logs are available on the host
|
||||
* NET_ADMIN capabilities are given in order to perform network operations on
|
||||
the host namespace like ovs-vsctl
|
||||
|
||||
Other options:
|
||||
* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there
|
||||
is a cluster store plugged into the docker engine.
|
||||
* LOG_LEVEL for defining, for example, "DEBUG" logging messages.
|
||||
* PROCESSES for defining how many kuryr processes to use to handle the
|
||||
libnetwork requests.
|
||||
* THREADS for defining how many threads per process to use to handle the
|
||||
libnetwork requests.
|
||||
|
||||
Note that the 127.0.0.1 are most likely to have to be changed unless you are
|
||||
running everything on a single machine with `--net=host`.
|
|
@ -1,17 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
mkdir -p /etc/kuryr
|
||||
cat > /etc/kuryr/kuryr.conf << EOF
|
||||
[DEFAULT]
|
||||
|
||||
bindir = /usr/libexec/kuryr
|
||||
capability_scope = $CAPABILITY_SCOPE
|
||||
EOF
|
||||
|
||||
/usr/sbin/uwsgi \
|
||||
--plugin /usr/lib/uwsgi/python \
|
||||
--http-socket :23750 \
|
||||
-w kuryr.server:app \
|
||||
--master \
|
||||
--processes "$PROCESSES" \
|
||||
--threads "$THREADS"
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ ! -d /etc/kuryr ]; then
|
||||
mkdir -p /etc/kuryr
|
||||
cat > /etc/kuryr/kuryr.conf << EOF
|
||||
[DEFAULT]
|
||||
|
||||
bindir = /usr/libexec/kuryr
|
||||
capability_scope = $CAPABILITY_SCOPE
|
||||
|
||||
[neutron]
|
||||
project_domain_name = $USER_DOMAIN_NAME
|
||||
project_name = $SERVICE_PROJECT_NAME
|
||||
user_domain_name = $SERVICE_DOMAIN_NAME
|
||||
password = $SERVICE_PASSWORD
|
||||
username = $SERVICE_USER
|
||||
auth_url = $IDENTITY_URL
|
||||
auth_type = password
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
/usr/sbin/uwsgi \
|
||||
--plugin /usr/lib/uwsgi/python \
|
||||
--http-socket :23750 \
|
||||
-w kuryr_libnetwork.server:app \
|
||||
--master \
|
||||
--processes "$PROCESSES" \
|
||||
--threads "$THREADS"
|
|
@ -9,7 +9,7 @@
|
|||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
import sys
|
||||
|
||||
from oslo_log import log
|
||||
|
@ -20,16 +20,24 @@ from kuryr_libnetwork import config
|
|||
from kuryr_libnetwork import controllers
|
||||
|
||||
|
||||
def start():
|
||||
def configure_app():
|
||||
config.init(sys.argv[1:])
|
||||
log.setup(config.CONF, 'kuryr')
|
||||
controllers.neutron_client()
|
||||
controllers.check_for_neutron_ext_support()
|
||||
controllers.check_for_neutron_ext_tag()
|
||||
|
||||
|
||||
def start():
|
||||
configure_app()
|
||||
kuryr_uri = parse.urlparse(config.CONF.kuryr_uri)
|
||||
app.run(kuryr_uri.hostname, kuryr_uri.port)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
start()
|
||||
elif 'UWSGI_ORIGINAL_PROC_NAME' in os.environ:
|
||||
# The module is being loaded by uWSGI to get the Flask app running under
|
||||
# it. This allows Neutron to be set, since uWSGI does not run 'start',
|
||||
# which would trigger the embedded Flask wsgi development server.
|
||||
configure_app()
|
||||
|
|
Loading…
Reference in New Issue