From 6f6ff116451e5287e1181342c9db1208de312dd7 Mon Sep 17 00:00:00 2001 From: Antoni Segura Puimedon Date: Tue, 13 Sep 2016 18:55:00 +0200 Subject: [PATCH] container: Build the container from tree not git Up until this patch, the Docker container for the Kuryr libnetwork daemon was part of contrib and was being built by checking out the latest master from github. That is not very helpful when developers want to build the container to run their latest changes. With this change, we move the Docker building to the root of the repo so that it can use the current state of the repo to build and update the README.rst to contain the information relative to building and using the container. Change-Id: Ie9032d62c73d873a29cabe84c64a19df13fdb749 Signed-off-by: Antoni Segura Puimedon --- Dockerfile | 39 ++++++++ README.rst | 123 ++++++++++++++++++++++--- contrib/docker/libnetwork/Dockerfile | 39 -------- contrib/docker/libnetwork/README.rst | 84 ----------------- contrib/docker/libnetwork/run_kuryr.sh | 17 ---- contrib/docker/run_kuryr.sh | 29 ++++++ kuryr_libnetwork/server.py | 12 ++- 7 files changed, 187 insertions(+), 156 deletions(-) create mode 100644 Dockerfile delete mode 100644 contrib/docker/libnetwork/Dockerfile delete mode 100644 contrib/docker/libnetwork/README.rst delete mode 100755 contrib/docker/libnetwork/run_kuryr.sh create mode 100755 contrib/docker/run_kuryr.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..8b8886d0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,39 @@ +FROM alpine:3.4 +MAINTAINER Antoni Segura Puimedon "toni@kuryr.org" +WORKDIR / +COPY . /opt/kuryr-libnetwork +RUN \ + apk add --no-cache \ + bash \ + iproute2 \ + openvswitch \ + py-pip \ + python \ + uwsgi-python \ + && apk add --no-cache --virtual build-deps \ + gcc \ + git \ + linux-headers \ + musl-dev \ + python-dev \ + && pip install -U pip setuptools \ + \ + && cd /opt/kuryr-libnetwork \ + && pip install . \ + && cd / \ + && apk del build-deps + +ENV SERVICE_USER="admin" +ENV SERVICE_PROJECT_NAME="admin" +ENV SERVICE_PASSWORD="pass" +ENV SERVICE_DOMAIN_NAME="Default" +ENV USER_DOMAIN_NAME="Default" +ENV IDENTITY_URL="http://127.0.0.1:35357/v3" +ENV CAPABILITY_SCOPE="local" +ENV LOG_LEVEL="INFO" +ENV PROCESSES=2 +ENV THREADS=2 + +VOLUME /var/log/kuryr + +CMD ["/opt/kuryr-libnetwork/contrib/docker/run_kuryr.sh"] diff --git a/README.rst b/README.rst index 47e6d62a..695f0819 100755 --- a/README.rst +++ b/README.rst @@ -30,8 +30,97 @@ Features * TODO -Getting Code ------------- +Getting it running with a service container +------------------------------------------- + +Prerequisites +~~~~~~~~~~~~~ + +The necessary components for an operating environment to run Kuryr are: + +* Keystone (preferably configured with Keystone v3), +* Neutron (preferably mitaka or newer), +* Mariadb (for Neutron and Keystone), +* Neutron agents for the vendor you choose, +* Rabbitmq if the Neutron agents for your vendor require it, +* Docker 1.9+ + +Building the container +~~~~~~~~~~~~~~~~~~~~~~ + +The Dockerfile in the root of this repository can be used to generate a wsgi +Kuryr Libnetwork server container with docker build:: + + docker build -t your_docker_username/libnetwork:latest . + +Additionally, you can pull the upstream container:: + + docker pull kuryr/libnetwork:latest + +Note that you can also specify the tag of a stable release for the above +command instead of *latest*. + +How to run the container +~~~~~~~~~~~~~~~~~~~~~~~~ + +First we prepare Docker to find the driver:: + + sudo mkdir -p /usr/lib/docker/plugins/kuryr + sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \ + https://raw.githubusercontent.com/openstack/kuryr-libnetwork/master/etc/kuryr.spec + sudo service docker restart + +Then we start the container:: + + docker run --name kuryr-libnetwork \ + --net=host \ + --cap-add=NET_ADMIN \ + -e SERVICE_USER=admin \ + -e SERVICE_PROJECT_NAME=admin \ + -e SERVICE_PASSWORD=admin \ + -e SERVICE_DOMAIN_NAME=Default \ + -e USER_DOMAIN_NAME=Default \ + -e IDENTITY_URL=http://127.0.0.1:35357/v3 \ + -v /var/log/kuryr:/var/log/kuryr \ + -v /var/run/openvswitch:/var/run/openvswitch \ + kuryr/libnetwork + +Where: +* SERVICE_USER, SERVICE_PROJECT_NAME, SERVICE_PASSWORD, SERVICE_DOMAIN_NAME, +USER_DOMAIN_NAME are OpenStack credentials +* IDENTITY_URL is the url to the OpenStack Keystone v3 endpoint +* A volume is created so that the logs are available on the host +* NET_ADMIN capabilities are given in order to perform network operations on +the host namespace like ovs-vsctl + +Other options you can set as '-e' parameters in Docker run: +* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there +is a cluster store plugged into the docker engine. +* LOG_LEVEL for defining, for example, "DEBUG" logging messages. +* PROCESSES for defining how many kuryr processes to use to handle the +libnetwork requests. +* THREADS for defining how many threads per process to use to handle the +libnetwork requests. + +Note that you will probably have to change the 127.0.0.1 IDENTITY_URL address +for the address where your Keystone is running. In this case it is 127.0.0.1 +because the example assumes running the container with *--net=host* on an all +in one deployment where Keystone is also binding locally. + +Alternatively, if you have an existing kuryr.conf, you can use it for the +container:: + + docker run --name kuryr-libnetwork \ + --net host \ + --cap-add NET_ADMIN \ + -v /etc/kuryr:/etc/kuryr:ro \ + -v /var/log/kuryr:/var/log/kuryr:rw \ + -v /var/run/openvswitch:/var/run/openvswitch:rw \ + kuryr/libnetwork + + +Getting it from source +---------------------- :: @@ -40,7 +129,7 @@ Getting Code Prerequisites -------------- +~~~~~~~~~~~~~ :: @@ -48,7 +137,7 @@ Prerequisites Installing Kuryr's libnetwork driver ------------------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Running the following will grab the requirements and install kuryr:: @@ -56,11 +145,11 @@ Running the following will grab the requirements and install kuryr:: Configuring Kuryr ------------------ +~~~~~~~~~~~~~~~~~ Generate sample config, `etc/kuryr.conf.sample`, running the following:: - $ tox -e genconfig + $ ./tools/generate_config_file_samples.sh Rename and copy config file at required path:: @@ -68,22 +157,27 @@ Rename and copy config file at required path:: $ cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf -Edit keystone section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD:: +Edit Neutron section in `/etc/kuryr/kuryr.conf`, replace ADMIN_PASSWORD:: - auth_uri = http://127.0.0.1:35357/v2.0 - admin_user = admin - admin_tenant_name = service - admin_password = ADMIN_PASSWORD + [neutron] + auth_url = http://127.0.0.1:35357/v3/ + username = admin + user_domain_name = Default + password = ADMIN_PASSWORD + project_name = service + project_domain_name = Default + auth_type = password In the same file uncomment the `bindir` parameter with the path for the Kuryr -vif binding executables:: +vif binding executables. For example, if you installed it on Debian or Ubuntu:: + [DEFAULT] bindir = /usr/local/libexec/kuryr Running Kuryr -------------- +~~~~~~~~~~~~~ Currently, Kuryr utilizes a bash script to start the service. Make sure that you have installed `tox` before the execution of the command below:: @@ -106,7 +200,8 @@ Testing Kuryr For a quick check that Kuryr is working, create a network:: - $ docker network create --driver kuryr test_net + $ docker network create --driver kuryr --ipam-driver kuryr \ + --subnet 10.10.0.0/16 test_net 785f8c1b5ae480c4ebcb54c1c48ab875754e4680d915b270279e4f6a1aa52283 $ docker network ls NETWORK ID NAME DRIVER diff --git a/contrib/docker/libnetwork/Dockerfile b/contrib/docker/libnetwork/Dockerfile deleted file mode 100644 index 93015fec..00000000 --- a/contrib/docker/libnetwork/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM alpine:3.3 -MAINTAINER Antoni Segura Puimedon "toni@kuryr.org" -WORKDIR / -RUN apk add --no-cache \ - bash \ - iproute2 \ - openvswitch \ - py-pip \ - python \ - uwsgi-python && \ - apk add --no-cache --virtual build-deps \ - gcc \ - git \ - linux-headers \ - musl-dev \ - python-dev && \ - pip install -U pip setuptools && \ - git clone https://github.com/openstack/kuryr && \ - cd /kuryr && \ - pip install . && \ - cd / && \ - rm -fr /kuryr && \ - apk del build-deps - -ENV SERVICE_USER="admin" -ENV SERVICE_TENANT_NAME="admin" -ENV SERVICE_PASSWORD="pass" -ENV IDENTITY_URL="http://127.0.0.1:35357/v2.0" -ENV OS_URL="http://127.0.0.1:9696" -ENV CAPABILITY_SCOPE="local" -ENV LOG_LEVEL="INFO" -ENV PROCESSES=2 -ENV THREADS=2 - -VOLUME /var/log/kuryr - -ADD run_kuryr.sh /usr/bin/run_kuryr.sh - -CMD ["/usr/bin/run_kuryr.sh"] diff --git a/contrib/docker/libnetwork/README.rst b/contrib/docker/libnetwork/README.rst deleted file mode 100644 index cb778806..00000000 --- a/contrib/docker/libnetwork/README.rst +++ /dev/null @@ -1,84 +0,0 @@ -================================= -Kuryr Docker libnetwork container -================================= - -This is the container generation file for Kuryr's Docker libnetwork driver, -useful for single Docker engine usage as well as Docker Swarm usage. - -How to build the container --------------------------- - -If you want to build your own container, you can just build it by running the -following command from this same directory: - -:: - - docker build -t your_docker_username/libnetwork:latest . - -How to get the container ------------------------- - -To get the upstream docker libnetwork container with ovs, you can just do: - -:: - - docker pull kuryr/libnetwork:latest - -It is expected that different vendors may have their own versions of the -Kuryr libnetwork container in their docker hub namespaces, for example: - -:: - - docker pull midonet/libnetwork:latest - -The reason for this is that some vendors' binding scripts need different (and -potentially non-redistributable) userspace tools in the container. - -How to run the container ------------------------- - -First we prepare Docker to find the driver - -:: - - sudo mkdir -p /usr/lib/docker/plugins/kuryr - sudo curl -o /usr/lib/docker/plugins/kuryr/kuryr.spec \ - https://raw.githubusercontent.com/openstack/kuryr/master/etc/kuryr.spec - sudo service docker restart - -Then we start the container - -:: - - docker run --name kuryr-libnetwork \ - --net=host \ - --cap-add=NET_ADMIN \ - -e SERVICE_USER=admin \ - -e SERVICE_TENANT_NAME=admin \ - -e SERVICE_PASSWORD=admin \ - -e IDENTITY_URL=http://127.0.0.1:35357/v2.0 \ - -e OS_URL=http://127.0.0.1:9696 \ - -v /var/log/kuryr:/var/log/kuryr \ - -v /var/run/openvswitch:/var/run/openvswitch \ - kuryr/libnetwork - -Where: -* SERVICE_USER, SERVICE_TENANT_SERVICE_PASSWORD are OpenStack credentials -* IDENTITY_URL is the url to OpenStack Keystone -* OS_URL is the url to OpenStack Neutron -* k8S_API is the url to the Kubernetes API server -* A volume is created so that the logs are available on the host -* NET_ADMIN capabilities are given in order to perform network operations on -the host namespace like ovs-vsctl - -Other options: -* CAPABILITY_SCOPE can be "local" or "global", the latter being for when there -is a cluster store plugged into the docker engine. -* LOG_LEVEL for defining, for example, "DEBUG" logging messages. -* PROCESSES for defining how many kuryr processes to use to handle the -libnetwork requests. -* THREADS for defining how many threads per process to use to handle the -libnetwork requests. - -Note that the 127.0.0.1 are most likely to have to be changed unless you are -running everything on a single machine with `--net=host`. diff --git a/contrib/docker/libnetwork/run_kuryr.sh b/contrib/docker/libnetwork/run_kuryr.sh deleted file mode 100755 index c03fe05c..00000000 --- a/contrib/docker/libnetwork/run_kuryr.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -mkdir -p /etc/kuryr -cat > /etc/kuryr/kuryr.conf << EOF -[DEFAULT] - -bindir = /usr/libexec/kuryr -capability_scope = $CAPABILITY_SCOPE -EOF - -/usr/sbin/uwsgi \ - --plugin /usr/lib/uwsgi/python \ - --http-socket :23750 \ - -w kuryr.server:app \ - --master \ - --processes "$PROCESSES" \ - --threads "$THREADS" diff --git a/contrib/docker/run_kuryr.sh b/contrib/docker/run_kuryr.sh new file mode 100755 index 00000000..3a64a333 --- /dev/null +++ b/contrib/docker/run_kuryr.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +if [ ! -d /etc/kuryr ]; then + mkdir -p /etc/kuryr + cat > /etc/kuryr/kuryr.conf << EOF +[DEFAULT] + +bindir = /usr/libexec/kuryr +capability_scope = $CAPABILITY_SCOPE + +[neutron] +project_domain_name = $USER_DOMAIN_NAME +project_name = $SERVICE_PROJECT_NAME +user_domain_name = $SERVICE_DOMAIN_NAME +password = $SERVICE_PASSWORD +username = $SERVICE_USER +auth_url = $IDENTITY_URL +auth_type = password +EOF + +fi + +/usr/sbin/uwsgi \ + --plugin /usr/lib/uwsgi/python \ + --http-socket :23750 \ + -w kuryr_libnetwork.server:app \ + --master \ + --processes "$PROCESSES" \ + --threads "$THREADS" diff --git a/kuryr_libnetwork/server.py b/kuryr_libnetwork/server.py index 0ab0fe79..92bfc836 100644 --- a/kuryr_libnetwork/server.py +++ b/kuryr_libnetwork/server.py @@ -9,7 +9,7 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. - +import os import sys from oslo_log import log @@ -20,16 +20,24 @@ from kuryr_libnetwork import config from kuryr_libnetwork import controllers -def start(): +def configure_app(): config.init(sys.argv[1:]) log.setup(config.CONF, 'kuryr') controllers.neutron_client() controllers.check_for_neutron_ext_support() controllers.check_for_neutron_ext_tag() + +def start(): + configure_app() kuryr_uri = parse.urlparse(config.CONF.kuryr_uri) app.run(kuryr_uri.hostname, kuryr_uri.port) if __name__ == '__main__': start() +elif 'UWSGI_ORIGINAL_PROC_NAME' in os.environ: + # The module is being loaded by uWSGI to get the Flask app running under + # it. This allows Neutron to be set, since uWSGI does not run 'start', + # which would trigger the embedded Flask wsgi development server. + configure_app()