Merge "Add guide on running devstack in lxc container"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
886410eade
164
doc/source/guides/lxc.rst
Normal file
164
doc/source/guides/lxc.rst
Normal file
@ -0,0 +1,164 @@
|
||||
================================
|
||||
All-In-One Single LXC Container
|
||||
================================
|
||||
|
||||
This guide walks you through the process of deploying OpenStack using devstack
|
||||
in an LXC container instead of a VM.
|
||||
|
||||
The primary benefits to running devstack inside a container instead of a VM is
|
||||
faster performance and lower memory overhead while still providing a suitable
|
||||
level of isolation. This can be particularly useful when you want to simulate
|
||||
running OpenStack on multiple nodes.
|
||||
|
||||
.. Warning:: Containers do not provide the same level of isolation as a virtual
|
||||
machine.
|
||||
|
||||
.. Note:: Not all OpenStack features support running inside of a container. See
|
||||
`Limitations`_ section below for details. :doc:`OpenStack in a VM <single-vm>`
|
||||
is recommended for beginners.
|
||||
|
||||
Prerequisites
|
||||
==============
|
||||
|
||||
This guide is written for Ubuntu 14.04 but should be adaptable for any modern
|
||||
Linux distribution.
|
||||
|
||||
Install the LXC package::
|
||||
|
||||
sudo apt-get install lxc
|
||||
|
||||
You can verify support for containerization features in your currently running
|
||||
kernel using the ``lxc-checkconfig`` command.
|
||||
|
||||
Container Setup
|
||||
===============
|
||||
|
||||
Configuration
|
||||
---------------
|
||||
|
||||
For a successful run of ``stack.sh`` and to permit use of KVM to run the VMs you
|
||||
launch inside your container, we need to use the following additional
|
||||
configuration options. Place the following in a file called
|
||||
``devstack-lxc.conf``::
|
||||
|
||||
# Permit access to /dev/loop*
|
||||
lxc.cgroup.devices.allow = b 7:* rwm
|
||||
|
||||
# Setup access to /dev/net/tun and /dev/kvm
|
||||
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0
|
||||
lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
|
||||
|
||||
# Networking
|
||||
lxc.network.type = veth
|
||||
lxc.network.flags = up
|
||||
lxc.network.link = lxcbr0
|
||||
|
||||
|
||||
Create Container
|
||||
-------------------
|
||||
|
||||
The configuration and rootfs for LXC containers are created using the
|
||||
``lxc-create`` command.
|
||||
|
||||
We will name our container ``devstack`` and use the ``ubuntu`` template which
|
||||
will use ``debootstrap`` to build a Ubuntu rootfs. It will default to the same
|
||||
release and architecture as the host system. We also install the additional
|
||||
packages ``bsdmainutils`` and ``git`` as we'll need them to run devstack::
|
||||
|
||||
sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git
|
||||
|
||||
The first time it builds the rootfs will take a few minutes to download, unpack,
|
||||
and configure all the necessary packages for a minimal installation of Ubuntu.
|
||||
LXC will cache this and subsequent containers will only take seconds to create.
|
||||
|
||||
.. Note:: To speed up the initial rootfs creation, you can specify a mirror to
|
||||
download the Ubuntu packages from by appending ``--mirror=`` and then the URL
|
||||
of a Ubuntu mirror. To see other other template options, you can run
|
||||
``lxc-create -t ubuntu -h``.
|
||||
|
||||
Start Container
|
||||
----------------
|
||||
|
||||
To start the container, run::
|
||||
|
||||
sudo lxc-start -n devstack
|
||||
|
||||
A moment later you should be presented with the login prompt for your container.
|
||||
You can login using the username ``ubuntu`` and password ``ubuntu``.
|
||||
|
||||
You can also ssh into your container. On your host, run
|
||||
``sudo lxc-info -n devstack`` to get the IP address (e.g.
|
||||
``ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')``).
|
||||
|
||||
Run Devstack
|
||||
-------------
|
||||
|
||||
You should now be logged into your container and almost ready to run devstack.
|
||||
The commands in this section should all be run inside your container.
|
||||
|
||||
.. Tip:: You can greatly reduce the runtime of your initial devstack setup by
|
||||
ensuring you have your apt sources.list configured to use a fast mirror.
|
||||
Check and update ``/etc/apt/sources.list`` if necessary and then run
|
||||
``apt-get update``.
|
||||
|
||||
#. Download DevStack
|
||||
|
||||
::
|
||||
|
||||
git clone https://git.openstack.org/openstack-dev/devstack
|
||||
|
||||
#. Configure
|
||||
|
||||
Refer to :ref:`minimal-configuration` if you wish to configure the behaviour
|
||||
of devstack.
|
||||
|
||||
#. Start the install
|
||||
|
||||
::
|
||||
|
||||
cd devstack
|
||||
./stack.sh
|
||||
|
||||
Cleanup
|
||||
-------
|
||||
|
||||
To stop the container::
|
||||
|
||||
lxc-stop -n devstack
|
||||
|
||||
To delete the container::
|
||||
|
||||
lxc-destroy -n devstack
|
||||
|
||||
Limitations
|
||||
============
|
||||
|
||||
Not all OpenStack features may function correctly or at all when ran from within
|
||||
a container.
|
||||
|
||||
Cinder
|
||||
-------
|
||||
|
||||
Unable to create LVM backed volume
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
In our configuration, we have not whitelisted access to device-mapper or LVM
|
||||
devices. Doing so will permit your container to have access and control of LVM
|
||||
on the host system. To enable, add the following to your
|
||||
``devstack-lxc.conf`` before running ``lxc-create``::
|
||||
|
||||
lxc.cgroup.devices.allow = c 10:236 rwm
|
||||
lxc.cgroup.devices.allow = b 252:* rwm
|
||||
|
||||
Additionally you'll need to set ``udev_rules = 0`` in the ``activation``
|
||||
section of ``/etc/lvm/lvm.conf`` unless you mount devtmpfs in your container.
|
||||
|
||||
Unable to attach volume to instance
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
It is not possible to attach cinder volumes to nova instances due to parts of
|
||||
the Linux iSCSI implementation not being network namespace aware. This can be
|
||||
worked around by using network pass-through instead of a separate network
|
||||
namespace but such a setup significantly reduces the isolation of the
|
||||
container (e.g. a ``halt`` command issued in the container will cause the host
|
||||
system to shutdown).
|
||||
@ -76,6 +76,7 @@ Walk through various setups used by stackers
|
||||
|
||||
guides/single-vm
|
||||
guides/single-machine
|
||||
guides/lxc
|
||||
guides/multinode-lab
|
||||
guides/neutron
|
||||
guides/devstack-with-nested-kvm
|
||||
@ -96,6 +97,13 @@ Run :doc:`OpenStack on dedicated hardware <guides/single-machine>` This can inc
|
||||
server-class machine or a laptop at home.
|
||||
:doc:`[Read] <guides/single-machine>`
|
||||
|
||||
All-In-One LXC Container
|
||||
-------------------------
|
||||
|
||||
Run :doc:`OpenStack in a LXC container <guides/lxc>`. Beneficial for intermediate
|
||||
and advanced users. The VMs launched in this cloud will be fully accelerated but
|
||||
not all OpenStack features are supported. :doc:`[Read] <guides/lxc>`
|
||||
|
||||
Multi-Node Lab
|
||||
--------------
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user