container: Build the container from tree not git

Up until this patch, the Docker container for the Kuryr libnetwork
daemon was part of contrib and was being built by checking out the
latest master from github. That is not very helpful when developers
want to build the container to run their latest changes.

With this change, we move the Docker building to the root of the repo so
that it can use the current state of the repo to build and update the
README.rst to contain the information relative to building and using the
container.

Change-Id: Ie9032d62c73d873a29cabe84c64a19df13fdb749
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>

Dockerfile

@@ -0,0 +1,39 @@
+FROM alpine:3.4
+MAINTAINER Antoni Segura Puimedon "toni@kuryr.org"
+WORKDIR /
+COPY . /opt/kuryr-libnetwork
+RUN \
+  apk add --no-cache \
+    bash \
+    iproute2 \
+    openvswitch \
+    py-pip \
+    python \
+    uwsgi-python \
+  && apk add --no-cache --virtual build-deps \
+      gcc \
+      git \
+      linux-headers \
+      musl-dev \
+      python-dev \
+  && pip install -U pip setuptools \
+  \
+  && cd /opt/kuryr-libnetwork \
+  && pip install . \
+  && cd / \
+  && apk del build-deps
+
+ENV SERVICE_USER="admin"
+ENV SERVICE_PROJECT_NAME="admin"
+ENV SERVICE_PASSWORD="pass"
+ENV SERVICE_DOMAIN_NAME="Default"
+ENV USER_DOMAIN_NAME="Default"
+ENV IDENTITY_URL="http://127.0.0.1:35357/v3"
+ENV CAPABILITY_SCOPE="local"
+ENV LOG_LEVEL="INFO"
+ENV PROCESSES=2
+ENV THREADS=2
+
+VOLUME /var/log/kuryr
+
+CMD ["/opt/kuryr-libnetwork/contrib/docker/run_kuryr.sh"]

README.rst

@@ -30,8 +30,97 @@ Features
 * TODO
 
 
-Getting Code
-------------
+Getting it running with a service container
+-------------------------------------------
+
+Prerequisites
+~~~~~~~~~~~~~
+
+The necessary components for an operating environment to run Kuryr are:
+
+* Keystone (preferably configured with Keystone v3),
+* Neutron (preferably mitaka or newer),
+* Mariadb (for Neutron and Keystone),
+* Neutron agents for the vendor you choose,
+* Rabbitmq if the Neutron agents for your vendor require it,
+* Docker 1.9+
+
+Building the container
+~~~~~~~~~~~~~~~~~~~~~~
+
+The Dockerfile in the root of this repository can be used to generate a wsgi
+Kuryr Libnetwork server container with docker build::
+
+    docker build -t your_docker_username/libnetwork:latest .
+
+Additionally, you can pull the upstream container::
+
+    docker pull kuryr/libnetwork:latest
+
+Note that you can also specify the tag of a stable release for the above
+command instead of *latest*.
+
+How to run the container
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+First we prepare Docker to find the driver::
+
+    sudo mkdir -p /usr/lib/docker/plugins/kuryr
+    sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \
+    https://raw.githubusercontent.com/openstack/kuryr-libnetwork/master/etc/kuryr.spec
+    sudo service docker restart
+
+Then we start the container::
+
+    docker run --name kuryr-libnetwork \
+      --net=host \
+      --cap-add=NET_ADMIN \
+      -e SERVICE_USER=admin \
+      -e SERVICE_PROJECT_NAME=admin \
+      -e SERVICE_PASSWORD=admin \
+      -e SERVICE_DOMAIN_NAME=Default \
+      -e USER_DOMAIN_NAME=Default \
+      -e IDENTITY_URL=http://127.0.0.1:35357/v3 \
+      -v /var/log/kuryr:/var/log/kuryr \
+      -v /var/run/openvswitch:/var/run/openvswitch \
+      kuryr/libnetwork
+
+Where:
+* SERVICE_USER, SERVICE_PROJECT_NAME, SERVICE_PASSWORD, SERVICE_DOMAIN_NAME,
+USER_DOMAIN_NAME are OpenStack credentials
+* IDENTITY_URL is the url to the OpenStack Keystone v3 endpoint
+* A volume is created so that the logs are available on the host
+* NET_ADMIN capabilities are given in order to perform network operations on
+the host namespace like ovs-vsctl
+
+Other options you can set as '-e' parameters in Docker run:
+* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there
+is a cluster store plugged into the docker engine.
+* LOG_LEVEL for defining, for example, "DEBUG" logging messages.
+* PROCESSES for defining how many kuryr processes to use to handle the
+libnetwork requests.
+* THREADS for defining how many threads per process to use to handle the
+libnetwork requests.
+
+Note that you will probably have to change the 127.0.0.1 IDENTITY_URL address
+for the address where your Keystone is running. In this case it is 127.0.0.1
+because the example assumes running the container with *--net=host* on an all
+in one deployment where Keystone is also binding locally.
+
+Alternatively, if you have an existing kuryr.conf, you can use it for the
+container::
+
+    docker run --name kuryr-libnetwork \
+      --net host \
+      --cap-add NET_ADMIN \
+      -v /etc/kuryr:/etc/kuryr:ro \
+      -v /var/log/kuryr:/var/log/kuryr:rw \
+      -v /var/run/openvswitch:/var/run/openvswitch:rw \
+      kuryr/libnetwork
+
+
+Getting it from source
+----------------------
 
 ::
 
@@ -40,7 +129,7 @@ Getting Code
 
 
 Prerequisites
--------------
+~~~~~~~~~~~~~
 
 ::
 
@@ -48,7 +137,7 @@ Prerequisites
 
 
 Installing Kuryr's libnetwork driver
-------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Running the following will grab the requirements and install kuryr::
 
@@ -56,11 +145,11 @@ Running the following will grab the requirements and install kuryr::
 
 
 Configuring Kuryr
------------------
+~~~~~~~~~~~~~~~~~
 
 Generate sample config, `etc/kuryr.conf.sample`, running the following::
 
-    $ tox -e genconfig
+    $ ./tools/generate_config_file_samples.sh
 
 
 Rename and copy config file at required path::
@@ -68,22 +157,27 @@ Rename and copy config file at required path::
     $ cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf
 
 
-Edit keystone section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD::
+Edit Neutron section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD::
 
-    auth_uri = http://127.0.0.1:35357/v2.0
-    admin_user = admin
-    admin_tenant_name = service
-    admin_password = ADMIN_PASSWORD
+    [neutron]
+    auth_url = http://127.0.0.1:35357/v3/
+    username = admin
+    user_domain_name = Default
+    password = ADMIN_PASSWORD
+    project_name = service
+    project_domain_name = Default
+    auth_type = password
 
 
 In the same file uncomment the `bindir` parameter with the path for the Kuryr
-vif binding executables::
+vif binding executables. For example, if you installed it on Debian or Ubuntu::
 
+    [DEFAULT]
     bindir = /usr/local/libexec/kuryr
 
 
 Running Kuryr
--------------
+~~~~~~~~~~~~~
 
 Currently, Kuryr utilizes a bash script to start the service. Make sure that
 you have installed `tox` before the execution of the command below::
@@ -106,7 +200,8 @@ Testing Kuryr
 
 For a quick check that Kuryr is working, create a network::
 
-    $ docker network create --driver kuryr test_net
+    $ docker network create --driver kuryr --ipam-driver kuryr \
+    --subnet 10.10.0.0/16 test_net
     785f8c1b5ae480c4ebcb54c1c48ab875754e4680d915b270279e4f6a1aa52283
     $ docker network ls
     NETWORK ID          NAME                DRIVER

contrib/docker/libnetwork/Dockerfile

@@ -1,39 +0,0 @@
-FROM alpine:3.3
-MAINTAINER Antoni Segura Puimedon "toni@kuryr.org"
-WORKDIR /
-RUN apk add --no-cache \
-        bash \
-        iproute2 \
-        openvswitch \
-        py-pip \
-        python \
-        uwsgi-python && \
-    apk add --no-cache --virtual build-deps \
-        gcc \
-        git \
-        linux-headers \
-        musl-dev \
-        python-dev && \
-    pip install -U pip setuptools && \
-    git clone https://github.com/openstack/kuryr && \
-    cd /kuryr && \
-    pip install . && \
-    cd / && \
-    rm -fr /kuryr && \
-    apk del build-deps
-
-ENV SERVICE_USER="admin"
-ENV SERVICE_TENANT_NAME="admin"
-ENV SERVICE_PASSWORD="pass"
-ENV IDENTITY_URL="http://127.0.0.1:35357/v2.0"
-ENV OS_URL="http://127.0.0.1:9696"
-ENV CAPABILITY_SCOPE="local"
-ENV LOG_LEVEL="INFO"
-ENV PROCESSES=2
-ENV THREADS=2
-
-VOLUME /var/log/kuryr
-
-ADD run_kuryr.sh /usr/bin/run_kuryr.sh
-
-CMD ["/usr/bin/run_kuryr.sh"]

contrib/docker/libnetwork/README.rst

@@ -1,84 +0,0 @@
-=================================
-Kuryr Docker libnetwork container
-=================================
-
-This is the container generation file for Kuryr's Docker libnetwork driver,
-useful for single Docker engine usage as well as Docker Swarm usage.
-
-How to build the container
---------------------------
-
-If you want to build your own container, you can just build it by running the
-following command from this same directory:
-
-::
-
-    docker build -t your_docker_username/libnetwork:latest .
-
-How to get the container
-------------------------
-
-To get the upstream docker libnetwork container with ovs, you can just do:
-
-::
-
-    docker pull kuryr/libnetwork:latest
-
-It is expected that different vendors may have their own versions of the
-Kuryr libnetwork container in their docker hub namespaces, for example:
-
-::
-
-    docker pull midonet/libnetwork:latest
-
-The reason for this is that some vendors' binding scripts need different (and
-potentially non-redistributable) userspace tools in the container.
-
-How to run the container
-------------------------
-
-First we prepare Docker to find the driver
-
-::
-
-    sudo mkdir -p /usr/lib/docker/plugins/kuryr
-    sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \
-    https://raw.githubusercontent.com/openstack/kuryr/master/etc/kuryr.spec
-    sudo service docker restart
-
-Then we start the container
-
-::
-
-    docker run --name kuryr-libnetwork \
-      --net=host \
-      --cap-add=NET_ADMIN \
-      -e SERVICE_USER=admin \
-      -e SERVICE_TENANT_NAME=admin \
-      -e SERVICE_PASSWORD=admin \
-      -e IDENTITY_URL=http://127.0.0.1:35357/v2.0 \
-      -e OS_URL=http://127.0.0.1:9696 \
-      -v /var/log/kuryr:/var/log/kuryr \
-      -v /var/run/openvswitch:/var/run/openvswitch \
-      kuryr/libnetwork
-
-Where:
-* SERVICE_USER, SERVICE_TENANT_SERVICE_PASSWORD are OpenStack credentials
-* IDENTITY_URL is the url to OpenStack Keystone
-* OS_URL is the url to OpenStack Neutron
-* k8S_API is the url to the Kubernetes API server
-* A volume is created so that the logs are available on the host
-* NET_ADMIN capabilities are given in order to perform network operations on
-the host namespace like ovs-vsctl
-
-Other options:
-* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there
-is a cluster store plugged into the docker engine.
-* LOG_LEVEL for defining, for example, "DEBUG" logging messages.
-* PROCESSES for defining how many kuryr processes to use to handle the
-libnetwork requests.
-* THREADS for defining how many threads per process to use to handle the
-libnetwork requests.
-
-Note that the 127.0.0.1 are most likely to have to be changed unless you are
-running everything on a single machine with `--net=host`.

contrib/docker/libnetwork/run_kuryr.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-
-mkdir -p /etc/kuryr
-cat > /etc/kuryr/kuryr.conf << EOF
-[DEFAULT]
-
-bindir = /usr/libexec/kuryr
-capability_scope = $CAPABILITY_SCOPE
-EOF
-
-/usr/sbin/uwsgi \
-    --plugin /usr/lib/uwsgi/python \
-    --http-socket :23750 \
-    -w kuryr.server:app \
-    --master \
-    --processes "$PROCESSES" \
-    --threads "$THREADS"

contrib/docker/run_kuryr.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [ ! -d /etc/kuryr ]; then
+    mkdir -p /etc/kuryr
+    cat > /etc/kuryr/kuryr.conf << EOF
+[DEFAULT]
+
+bindir = /usr/libexec/kuryr
+capability_scope = $CAPABILITY_SCOPE
+
+[neutron]
+project_domain_name = $USER_DOMAIN_NAME
+project_name = $SERVICE_PROJECT_NAME
+user_domain_name = $SERVICE_DOMAIN_NAME
+password = $SERVICE_PASSWORD
+username = $SERVICE_USER
+auth_url = $IDENTITY_URL
+auth_type = password
+EOF
+
+fi
+
+/usr/sbin/uwsgi \
+    --plugin /usr/lib/uwsgi/python \
+    --http-socket :23750 \
+    -w kuryr_libnetwork.server:app \
+    --master \
+    --processes "$PROCESSES" \
+    --threads "$THREADS"

kuryr_libnetwork/server.py

@@ -9,7 +9,7 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-
+import os
 import sys
 
 from oslo_log import log
@@ -20,16 +20,24 @@ from kuryr_libnetwork import config
 from kuryr_libnetwork import controllers
 
 
-def start():
+def configure_app():
     config.init(sys.argv[1:])
     log.setup(config.CONF, 'kuryr')
     controllers.neutron_client()
     controllers.check_for_neutron_ext_support()
     controllers.check_for_neutron_ext_tag()
 
+
+def start():
+    configure_app()
     kuryr_uri = parse.urlparse(config.CONF.kuryr_uri)
     app.run(kuryr_uri.hostname, kuryr_uri.port)
 
 
 if __name__ == '__main__':
     start()
+elif 'UWSGI_ORIGINAL_PROC_NAME' in os.environ:
+    # The module is being loaded by uWSGI to get the Flask app running under
+    # it. This allows Neutron to be set, since uWSGI does not run 'start',
+    # which would trigger the embedded Flask wsgi development server.
+    configure_app()