Openvswitch image build

Dockerfile to build Openvswitch image

The Kuryr driver for Swarm bay requires Openvswitch and the Neutron
L2 agent running on the nodes.  Since the Fedora Atomic does not
have these packages installed and it is preferrable to not use a
custom-built image,  we need to run these packages in a container.
This Dockerfile is used to build the Docker image hosted on
Docker Hub:

openstackmagnum/fedora23-neutron-ovs:testing

Partially implements: blueprint kuryr-swarm-integration
Change-Id: I5132ccc2bc5660aa9688430bbc51f6759f6b7a81
This commit is contained in:
Ton Ngo 2016-08-12 21:54:14 +00:00
parent 43ea1ab6f2
commit 3ee29655ff
3 changed files with 90 additions and 0 deletions

View File

@ -0,0 +1,18 @@
FROM fedora:23
MAINTAINER Ton Ngo "ton@us.ibm.com"
WORKDIR /
RUN dnf -y install openvswitch \
openstack-neutron-ml2 \
openstack-neutron-openvswitch \
bridge-utils \
git \
&& dnf clean all
RUN cd /opt \
&& git clone https://git.openstack.org/openstack/neutron \
&& cp neutron/etc/policy.json /etc/neutron/. \
&& rm -rf neutron \
&& dnf -y remove git
VOLUME /var/run/openvswitch
ADD run_openvswitch_neutron.sh /usr/bin/run_openvswitch_neutron.sh
CMD ["/usr/bin/run_openvswitch_neutron.sh"]

View File

@ -0,0 +1,68 @@
===================
Neutron Openvswitch
===================
This Dockerfile creates a Docker image based on Fedora 23 that runs
Openvswitch and the Neutron L2 agent for Openvswitch. This container
image is used by Magnum when a Swarm cluster is deployed with the
attribute::
--network-driver=kuryr
Magnum deploys this container on each Swarm node along with the
Kuryr container to support Docker advanced networking based on
the `Container Networking Model
<https://github.com/docker/libnetwork/blob/master/docs/design.md>`_.
To build the image, run this command in the same directory as the
Dockerfile::
docker build -t openstackmagnum/fedora23-neutron-ovs:testing .
This image is available on Docker Hub as::
openstackmagnum/fedora23-neutron-ovs:testing
To update the image with a new build::
docker push openstackmagnum/fedora23-neutron-ovs:testing
The 'testing' tag may be replaced with 'latest' or other tag as
needed.
This image is intended to run on the Fedora Atomic public image which
by default does not have these packages installed. The common
practice for Atomic OS is to run new packages in containers rather
than installing them in the OS.
For the Neutron agent, you will need to provide 3 files at these
locations:
- /etc/neutron/neutron.conf
- /etc/neutron/policy.json
- /etc/neutron/plugins/ml2/ml2_conf.ini
These files are typically installed in the same locations on the
Neutron controller node. The policy.json file is copied into the
Docker image because it is fairly static and does not require
customization for the bay. If it is changed in the Neutron master
repo, you just need to rebuild the Docker image to update the file.
Magnum will create the other 2 files on each bay node in the
directory /etc/kuryr and map them to the proper directories in
the container using the Docker -v option.
Since Openvswitch needs to operate on the host network name space,
the Docker container will need the -net=host option.
The /var/run/openvswitch directory is also mapped to the bay node
so that the Kuryr container can talk to openvswitch.
To run the image from Fedora Atomic::
docker run --net=host \
--cap-add=NET_ADMIN \
--privileged=true \
-v /var/run/openvswitch:/var/run/openvswitch \
-v /lib/modules:/lib/modules:ro \
-v /etc/kuryr/neutron.conf:/etc/neutron/neutron.conf \
-v /etc/kuryr/ml2_conf.ini:/etc/neutron/plugins/ml2/ml2_conf.ini \
--name openvswitch-agent \
openstackmagnum/fedora23-neutron-ovs:testing

View File

@ -0,0 +1,4 @@
#!/bin/bash
/usr/share/openvswitch/scripts/ovs-ctl start --system-id=random
/usr/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --log-file /var/log/neutron/openvswitch-agent.log