diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..8b8886d0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,39 @@ +FROM alpine:3.4 +MAINTAINER Antoni Segura Puimedon "toni@kuryr.org" +WORKDIR / +COPY . /opt/kuryr-libnetwork +RUN \ + apk add --no-cache \ + bash \ + iproute2 \ + openvswitch \ + py-pip \ + python \ + uwsgi-python \ + && apk add --no-cache --virtual build-deps \ + gcc \ + git \ + linux-headers \ + musl-dev \ + python-dev \ + && pip install -U pip setuptools \ + \ + && cd /opt/kuryr-libnetwork \ + && pip install . \ + && cd / \ + && apk del build-deps + +ENV SERVICE_USER="admin" +ENV SERVICE_PROJECT_NAME="admin" +ENV SERVICE_PASSWORD="pass" +ENV SERVICE_DOMAIN_NAME="Default" +ENV USER_DOMAIN_NAME="Default" +ENV IDENTITY_URL="http://127.0.0.1:35357/v3" +ENV CAPABILITY_SCOPE="local" +ENV LOG_LEVEL="INFO" +ENV PROCESSES=2 +ENV THREADS=2 + +VOLUME /var/log/kuryr + +CMD ["/opt/kuryr-libnetwork/contrib/docker/run_kuryr.sh"] diff --git a/README.rst b/README.rst index 47e6d62a..695f0819 100755 --- a/README.rst +++ b/README.rst @@ -30,8 +30,97 @@ Features * TODO -Getting Code ------------- +Getting it running with a service container +------------------------------------------- + +Prerequisites +~~~~~~~~~~~~~ + +The necessary components for an operating environment to run Kuryr are: + +* Keystone (preferably configured with Keystone v3), +* Neutron (preferably mitaka or newer), +* Mariadb (for Neutron and Keystone), +* Neutron agents for the vendor you choose, +* Rabbitmq if the Neutron agents for your vendor require it, +* Docker 1.9+ + +Building the container +~~~~~~~~~~~~~~~~~~~~~~ + +The Dockerfile in the root of this repository can be used to generate a wsgi +Kuryr Libnetwork server container with docker build:: + + docker build -t your_docker_username/libnetwork:latest . + +Additionally, you can pull the upstream container:: + + docker pull kuryr/libnetwork:latest + +Note that you can also specify the tag of a stable release for the above +command instead of *latest*. + +How to run the container +~~~~~~~~~~~~~~~~~~~~~~~~ + +First we prepare Docker to find the driver:: + + sudo mkdir -p /usr/lib/docker/plugins/kuryr + sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \ + https://raw.githubusercontent.com/openstack/kuryr-libnetwork/master/etc/kuryr.spec + sudo service docker restart + +Then we start the container:: + + docker run --name kuryr-libnetwork \ + --net=host \ + --cap-add=NET_ADMIN \ + -e SERVICE_USER=admin \ + -e SERVICE_PROJECT_NAME=admin \ + -e SERVICE_PASSWORD=admin \ + -e SERVICE_DOMAIN_NAME=Default \ + -e USER_DOMAIN_NAME=Default \ + -e IDENTITY_URL=http://127.0.0.1:35357/v3 \ + -v /var/log/kuryr:/var/log/kuryr \ + -v /var/run/openvswitch:/var/run/openvswitch \ + kuryr/libnetwork + +Where: +* SERVICE_USER, SERVICE_PROJECT_NAME, SERVICE_PASSWORD, SERVICE_DOMAIN_NAME, +USER_DOMAIN_NAME are OpenStack credentials +* IDENTITY_URL is the url to the OpenStack Keystone v3 endpoint +* A volume is created so that the logs are available on the host +* NET_ADMIN capabilities are given in order to perform network operations on +the host namespace like ovs-vsctl + +Other options you can set as '-e' parameters in Docker run: +* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there +is a cluster store plugged into the docker engine. +* LOG_LEVEL for defining, for example, "DEBUG" logging messages. +* PROCESSES for defining how many kuryr processes to use to handle the +libnetwork requests. +* THREADS for defining how many threads per process to use to handle the +libnetwork requests. + +Note that you will probably have to change the 127.0.0.1 IDENTITY_URL address +for the address where your Keystone is running. In this case it is 127.0.0.1 +because the example assumes running the container with *--net=host* on an all +in one deployment where Keystone is also binding locally. + +Alternatively, if you have an existing kuryr.conf, you can use it for the +container:: + + docker run --name kuryr-libnetwork \ + --net host \ + --cap-add NET_ADMIN \ + -v /etc/kuryr:/etc/kuryr:ro \ + -v /var/log/kuryr:/var/log/kuryr:rw \ + -v /var/run/openvswitch:/var/run/openvswitch:rw \ + kuryr/libnetwork + + +Getting it from source +---------------------- :: @@ -40,7 +129,7 @@ Getting Code Prerequisites -------------- +~~~~~~~~~~~~~ :: @@ -48,7 +137,7 @@ Prerequisites Installing Kuryr's libnetwork driver ------------------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Running the following will grab the requirements and install kuryr:: @@ -56,11 +145,11 @@ Running the following will grab the requirements and install kuryr:: Configuring Kuryr ------------------ +~~~~~~~~~~~~~~~~~ Generate sample config, `etc/kuryr.conf.sample`, running the following:: - $ tox -e genconfig + $ ./tools/generate_config_file_samples.sh Rename and copy config file at required path:: @@ -68,22 +157,27 @@ Rename and copy config file at required path:: $ cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf -Edit keystone section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD:: +Edit Neutron section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD:: - auth_uri = http://127.0.0.1:35357/v2.0 - admin_user = admin - admin_tenant_name = service - admin_password = ADMIN_PASSWORD + [neutron] + auth_url = http://127.0.0.1:35357/v3/ + username = admin + user_domain_name = Default + password = ADMIN_PASSWORD + project_name = service + project_domain_name = Default + auth_type = password In the same file uncomment the `bindir` parameter with the path for the Kuryr -vif binding executables:: +vif binding executables. For example, if you installed it on Debian or Ubuntu:: + [DEFAULT] bindir = /usr/local/libexec/kuryr Running Kuryr -------------- +~~~~~~~~~~~~~ Currently, Kuryr utilizes a bash script to start the service. Make sure that you have installed `tox` before the execution of the command below:: @@ -106,7 +200,8 @@ Testing Kuryr For a quick check that Kuryr is working, create a network:: - $ docker network create --driver kuryr test_net + $ docker network create --driver kuryr --ipam-driver kuryr \ + --subnet 10.10.0.0/16 test_net 785f8c1b5ae480c4ebcb54c1c48ab875754e4680d915b270279e4f6a1aa52283 $ docker network ls NETWORK ID NAME DRIVER diff --git a/contrib/docker/libnetwork/Dockerfile b/contrib/docker/libnetwork/Dockerfile deleted file mode 100644 index 93015fec..00000000 --- a/contrib/docker/libnetwork/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM alpine:3.3 -MAINTAINER Antoni Segura Puimedon "toni@kuryr.org" -WORKDIR / -RUN apk add --no-cache \ - bash \ - iproute2 \ - openvswitch \ - py-pip \ - python \ - uwsgi-python && \ - apk add --no-cache --virtual build-deps \ - gcc \ - git \ - linux-headers \ - musl-dev \ - python-dev && \ - pip install -U pip setuptools && \ - git clone https://github.com/openstack/kuryr && \ - cd /kuryr && \ - pip install . && \ - cd / && \ - rm -fr /kuryr && \ - apk del build-deps - -ENV SERVICE_USER="admin" -ENV SERVICE_TENANT_NAME="admin" -ENV SERVICE_PASSWORD="pass" -ENV IDENTITY_URL="http://127.0.0.1:35357/v2.0" -ENV OS_URL="http://127.0.0.1:9696" -ENV CAPABILITY_SCOPE="local" -ENV LOG_LEVEL="INFO" -ENV PROCESSES=2 -ENV THREADS=2 - -VOLUME /var/log/kuryr - -ADD run_kuryr.sh /usr/bin/run_kuryr.sh - -CMD ["/usr/bin/run_kuryr.sh"] diff --git a/contrib/docker/libnetwork/README.rst b/contrib/docker/libnetwork/README.rst deleted file mode 100644 index cb778806..00000000 --- a/contrib/docker/libnetwork/README.rst +++ /dev/null @@ -1,84 +0,0 @@ -================================= -Kuryr Docker libnetwork container -================================= - -This is the container generation file for Kuryr's Docker libnetwork driver, -useful for single Docker engine usage as well as Docker Swarm usage. - -How to build the container --------------------------- - -If you want to build your own container, you can just build it by running the -following command from this same directory: - -:: - - docker build -t your_docker_username/libnetwork:latest . - -How to get the container ------------------------- - -To get the upstream docker libnetwork container with ovs, you can just do: - -:: - - docker pull kuryr/libnetwork:latest - -It is expected that different vendors may have their own versions of the -Kuryr libnetwork container in their docker hub namespaces, for example: - -:: - - docker pull midonet/libnetwork:latest - -The reason for this is that some vendors' binding scripts need different (and -potentially non-redistributable) userspace tools in the container. - -How to run the container ------------------------- - -First we prepare Docker to find the driver - -:: - - sudo mkdir -p /usr/lib/docker/plugins/kuryr - sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \ - https://raw.githubusercontent.com/openstack/kuryr/master/etc/kuryr.spec - sudo service docker restart - -Then we start the container - -:: - - docker run --name kuryr-libnetwork \ - --net=host \ - --cap-add=NET_ADMIN \ - -e SERVICE_USER=admin \ - -e SERVICE_TENANT_NAME=admin \ - -e SERVICE_PASSWORD=admin \ - -e IDENTITY_URL=http://127.0.0.1:35357/v2.0 \ - -e OS_URL=http://127.0.0.1:9696 \ - -v /var/log/kuryr:/var/log/kuryr \ - -v /var/run/openvswitch:/var/run/openvswitch \ - kuryr/libnetwork - -Where: -* SERVICE_USER, SERVICE_TENANT_SERVICE_PASSWORD are OpenStack credentials -* IDENTITY_URL is the url to OpenStack Keystone -* OS_URL is the url to OpenStack Neutron -* k8S_API is the url to the Kubernetes API server -* A volume is created so that the logs are available on the host -* NET_ADMIN capabilities are given in order to perform network operations on -the host namespace like ovs-vsctl - -Other options: -* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there -is a cluster store plugged into the docker engine. -* LOG_LEVEL for defining, for example, "DEBUG" logging messages. -* PROCESSES for defining how many kuryr processes to use to handle the -libnetwork requests. -* THREADS for defining how many threads per process to use to handle the -libnetwork requests. - -Note that the 127.0.0.1 are most likely to have to be changed unless you are -running everything on a single machine with `--net=host`. diff --git a/contrib/docker/libnetwork/run_kuryr.sh b/contrib/docker/libnetwork/run_kuryr.sh deleted file mode 100755 index c03fe05c..00000000 --- a/contrib/docker/libnetwork/run_kuryr.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -mkdir -p /etc/kuryr -cat > /etc/kuryr/kuryr.conf << EOF -[DEFAULT] - -bindir = /usr/libexec/kuryr -capability_scope = $CAPABILITY_SCOPE -EOF - -/usr/sbin/uwsgi \ - --plugin /usr/lib/uwsgi/python \ - --http-socket :23750 \ - -w kuryr.server:app \ - --master \ - --processes "$PROCESSES" \ - --threads "$THREADS" diff --git a/contrib/docker/run_kuryr.sh b/contrib/docker/run_kuryr.sh new file mode 100755 index 00000000..3a64a333 --- /dev/null +++ b/contrib/docker/run_kuryr.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +if [ ! -d /etc/kuryr ]; then + mkdir -p /etc/kuryr + cat > /etc/kuryr/kuryr.conf << EOF +[DEFAULT] + +bindir = /usr/libexec/kuryr +capability_scope = $CAPABILITY_SCOPE + +[neutron] +project_domain_name = $USER_DOMAIN_NAME +project_name = $SERVICE_PROJECT_NAME +user_domain_name = $SERVICE_DOMAIN_NAME +password = $SERVICE_PASSWORD +username = $SERVICE_USER +auth_url = $IDENTITY_URL +auth_type = password +EOF + +fi + +/usr/sbin/uwsgi \ + --plugin /usr/lib/uwsgi/python \ + --http-socket :23750 \ + -w kuryr_libnetwork.server:app \ + --master \ + --processes "$PROCESSES" \ + --threads "$THREADS" diff --git a/kuryr_libnetwork/server.py b/kuryr_libnetwork/server.py index 0ab0fe79..92bfc836 100644 --- a/kuryr_libnetwork/server.py +++ b/kuryr_libnetwork/server.py @@ -9,7 +9,7 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +import os import sys from oslo_log import log @@ -20,16 +20,24 @@ from kuryr_libnetwork import config from kuryr_libnetwork import controllers -def start(): +def configure_app(): config.init(sys.argv[1:]) log.setup(config.CONF, 'kuryr') controllers.neutron_client() controllers.check_for_neutron_ext_support() controllers.check_for_neutron_ext_tag() + +def start(): + configure_app() kuryr_uri = parse.urlparse(config.CONF.kuryr_uri) app.run(kuryr_uri.hostname, kuryr_uri.port) if __name__ == '__main__': start() +elif 'UWSGI_ORIGINAL_PROC_NAME' in os.environ: + # The module is being loaded by uWSGI to get the Flask app running under + # it. This allows Neutron to be set, since uWSGI does not run 'start', + # which would trigger the embedded Flask wsgi development server. + configure_app()