854a8028b6
This patch introduces a new hierarchy of drivers to perform the port binding and unbinding in a similar fashion as how it is done with Neutron plugins. The initial three drivers are: * veth: The one that we have been using up until now and that uses the usr/libexec/kuryr/* scripts to bind the host side * ipvlan: L2 ipvlan motivated mostly container-in-vm use cases so that the instance interface will have linked devices that get addresses of other ports of the same subnet. * macvlan: bridged mode ipvlan for OSes that do not support vlan. Co-Authored-by: Louise Daly <louise.m.daly@intel.com> Implements: blueprint driver-binding-ipvlan Change-Id: I1d94ab324ab2a65a6d3e782e23ea6c59b110ff67 |
||
|---|---|---|
| doc | ||
| etc | ||
| kuryr | ||
| releasenotes/notes | ||
| tools | ||
| usr/libexec/kuryr | ||
| __init__.py | ||
| .coveragerc | ||
| .gitignore | ||
| .gitreview | ||
| .testr.conf | ||
| babel.cfg | ||
| CONTRIBUTING.rst | ||
| HACKING.rst | ||
| LICENSE | ||
| MANIFEST.in | ||
| README.rst | ||
| requirements.txt | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
kuryr
Docker for OpenStack Neutron
Kuryr is a Docker network plugin that uses Neutron to provide networking services to Docker containers. It provides containerised images for the common Neutron plugins.
- Free software: Apache license
- Documentation: http://docs.openstack.org/developer/kuryr
- Source: http://git.openstack.org/cgit/openstack/kuryr
- Bugs: http://bugs.launchpad.net/kuryr
Features
- TODO
Getting Code
$ git clone https://git.openstack.org/openstack/kuryr.git
$ cd kuryrPrerequisites
$ sudo pip install -r requirements.txtInstalling Kuryr's libnetwork driver
For kuryr-libnetwork driver installation refer:
http://docs.openstack.org/developer/kuryr-libnetwork/readme.html
Configuring Kuryr
Generate sample config, etc/kuryr.conf.sample, running the following
$ tox -e genconfigRename and copy config file at required path
$ cp etc/kuryr.conf.sample /etc/kuryr/kuryr.confEdit keystone section in /etc/kuryr/kuryr.conf, replace ADMIN_PASSWORD:
auth_uri = http://127.0.0.1:35357/v2.0
admin_user = admin
admin_tenant_name = service
admin_password = ADMIN_PASSWORDIn the same file uncomment the bindir parameter with the path for the Kuryr vif binding executables:
bindir = /usr/local/libexec/kuryrBy default, Kuryr will use veth pairs for performing the binding. However, the Kuryr library ships with two other drivers that you can configure in the binding section:
[binding]
#driver = kuryr.lib.binding.drivers.ipvlan
#driver = kuryr.lib.binding.drivers.macvlanDrivers may make use of other binding options. Both Kuryr library drivers in the previous snippet can be further configured setting the interface that will act as link interface for the virtual devices:
link_iface = enp4s0Running Kuryr
Currently, Kuryr utilizes a bash script to start the service. Make sure that you have installed tox before the execution of the below command.
$ sudo ./scripts/run_kuryr.shAfter the booting, please restart your Docker service, e.g.,
$ sudo service docker restartThe bash script creates the following file if it is missing.
/usr/lib/docker/plugins/kuryr/kuryr.json: Json spec file for libnetwork.
Note the root privilege is required for creating and deleting the veth pairs with pyroute2 to run.
Testing Kuryr
For a quick check that Kuryr is working create a network:
$ docker network create --driver kuryr test_net
785f8c1b5ae480c4ebcb54c1c48ab875754e4680d915b270279e4f6a1aa52283
$ docker network ls
NETWORK ID NAME DRIVER
785f8c1b5ae4 test_net kuryrTo test it with tox:
$ toxYou can also run specific test cases using the -e flag,
e.g., to only run the fullstack test case.
$ tox -e fullstackGenerating Documentation
We use Sphinx to maintain the documentation. You can install Sphinx using pip.
$ pip install -U SphinxIn addition to Sphinx you will also need the following requirements (not covered by requirements.txt):
$ pip install oslosphinx reno 'reno[sphinx]'The source code of the documentation are under doc, you can generate the html files using the following command. If the generation succeeds,a build/html dir will be created under doc.
$ cd doc
$ make htmlNow you can serve the documentation at http://localhost:8080 as a simple website.
$ cd build/html
$ python -m SimpleHTTPServer 8080Limitations
To create Docker networks with subnets having same/overlapping cidr, it is expected to pass unique pool name for each such network creation Docker command. Docker cli options -o and --ipam-opt should be used to pass pool names as shown below:
$ sudo docker network create --driver=kuryr --ipam-driver=kuryr \
--subnet 10.0.0.0/16 --ip-range 10.0.0.0/24 \
-o neutron.pool.name=neutron_pool1 \
--ipam-opt=neutron.pool.name=neutron_pool1 \
foo
eddb51ebca09339cb17aaec05e48ffe60659ced6f3fc41b020b0eb506d364Now Docker user creates another network with same cidr as the previous one, i.e 10.0.0.0/16, but with different pool name, neutron_pool2:
$ sudo docker network create --driver=kuryr --ipam-driver=kuryr \
--subnet 10.0.0.0/16 --ip-range 10.0.0.0/24 \
-o neutron.pool.name=neutron_pool2 \
--ipam-opt=neutron.pool.name=neutron_pool2 \
bar
397badb51ebca09339cb17aaec05e48ffe60659ced6f3fc41b020b0eb506d786