It appears that this library is typically run as the root user which shouldn't require 'run_as_root'. When running as an unprivileged user the required permissions can be granted by specifying 'AmbientCapabilities = CAP_NET_ADMIN' in the service, rather than 'CapabilityBoundingSet'. An alternative approach would be to specify a 'root_helper' or to switch to oslo.privsep, but these don't fully solve the problem as the 'pyroute2' library also requires 'CAP_NET_ADMIN'. Closes-Bug: #1852105 Change-Id: I9d0942f1cfc06cc3a7585683a030516096297767 (cherry picked from commit
|2 years ago|
|contrib/busybox||6 years ago|
|doc||2 years ago|
|etc||6 years ago|
|kuryr||2 years ago|
|releasenotes||2 years ago|
|usr/libexec/kuryr||6 years ago|
|.coveragerc||6 years ago|
|.gitignore||3 years ago|
|.gitreview||2 years ago|
|.stestr.conf||3 years ago|
|.zuul.yaml||3 years ago|
|CONTRIBUTING.rst||7 years ago|
|HACKING.rst||5 years ago|
|LICENSE||7 years ago|
|README.rst||3 years ago|
|__init__.py||6 years ago|
|babel.cfg||7 years ago|
|lower-constraints.txt||2 years ago|
|requirements.txt||2 years ago|
|setup.cfg||3 years ago|
|setup.py||3 years ago|
|test-requirements.txt||2 years ago|
|tox.ini||2 years ago|
Team and repository tags
Docker for OpenStack Neutron
Kuryr is a Docker network plugin that uses Neutron to provide networking services to Docker containers. It provides containerised images for the common Neutron plugins.
- Free software: Apache license
- Documentation: https://docs.openstack.org/kuryr/latest/
- Source: https://opendev.org/openstack/kuryr
- Bugs: https://bugs.launchpad.net/kuryr
$ git clone https://opendev.org/openstack/kuryr.git $ cd kuryr
$ sudo pip install -r requirements.txt
Installing Kuryr's libnetwork driver
For kuryr-libnetwork driver installation refer:
Generate sample config, etc/kuryr.conf.sample, running the following
$ tox -e genconfig
Rename and copy config file at required path
$ cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf
Edit keystone section in /etc/kuryr/kuryr.conf, replace ADMIN_PASSWORD:
auth_type = v3password auth_url = http://127.0.0.1:5000 region_name = regionOne user_doamin_name = Default username = admin project_domain_name = Default project_name = service password = ADMIN_PASSWORD
In the same file uncomment the bindir parameter with the path for the Kuryr vif binding executables:
bindir = /usr/local/libexec/kuryr
By default, Kuryr will use veth pairs for performing the binding. However, the Kuryr library ships with two other drivers that you can configure in the binding section:
[binding] #driver = kuryr.lib.binding.drivers.ipvlan #driver = kuryr.lib.binding.drivers.macvlan
Drivers may make use of other binding options. Both Kuryr library drivers in the previous snippet can be further configured setting the interface that will act as link interface for the virtual devices:
link_iface = enp4s0
Currently, Kuryr utilizes a bash script to start the service. Make sure that you have installed tox before the execution of the below command.
$ sudo ./scripts/run_kuryr.sh
After the booting, please restart your Docker service, e.g.,
$ sudo service docker restart
The bash script creates the following file if it is missing.
/usr/lib/docker/plugins/kuryr/kuryr.json: Json spec file for libnetwork.
Note the root privilege is required for creating and deleting the veth pairs with pyroute2 to run.
For a quick check that Kuryr is working create a network:
$ docker network create --driver kuryr test_net 785f8c1b5ae480c4ebcb54c1c48ab875754e4680d915b270279e4f6a1aa52283 $ docker network ls NETWORK ID NAME DRIVER 785f8c1b5ae4 test_net kuryr
To test it with tox:
You can also run specific test cases using the
-e flag, e.g., to only run the fullstack test case.
$ tox -e fullstack
We use Sphinx to maintain the documentation. You can install Sphinx using pip.
$ pip install -U Sphinx
In addition to Sphinx you will also need the following requirements (not covered by requirements.txt):
$ pip install openstackdocstheme reno 'reno[sphinx]'
The source code of the documentation are under doc, you can generate the html files using the following command. If the generation succeeds,a build/html dir will be created under doc.
$ cd doc $ make html
Now you can serve the documentation at http://localhost:8080 as a simple website.
$ cd build/html $ python -m SimpleHTTPServer 8080