| Cody A.W. Somerville | baa35d0 | 2016-02-11 01:23:14 -0500 | [diff] [blame] | 1 | ================================ |
| 2 | All-In-One Single LXC Container |
| 3 | ================================ |
| 4 | |
| 5 | This guide walks you through the process of deploying OpenStack using devstack |
| 6 | in an LXC container instead of a VM. |
| 7 | |
| 8 | The primary benefits to running devstack inside a container instead of a VM is |
| 9 | faster performance and lower memory overhead while still providing a suitable |
| 10 | level of isolation. This can be particularly useful when you want to simulate |
| 11 | running OpenStack on multiple nodes. |
| 12 | |
| 13 | .. Warning:: Containers do not provide the same level of isolation as a virtual |
| 14 | machine. |
| 15 | |
| 16 | .. Note:: Not all OpenStack features support running inside of a container. See |
| 17 | `Limitations`_ section below for details. :doc:`OpenStack in a VM <single-vm>` |
| 18 | is recommended for beginners. |
| 19 | |
| 20 | Prerequisites |
| 21 | ============== |
| 22 | |
| 23 | This guide is written for Ubuntu 14.04 but should be adaptable for any modern |
| 24 | Linux distribution. |
| 25 | |
| 26 | Install the LXC package:: |
| 27 | |
| 28 | sudo apt-get install lxc |
| 29 | |
| 30 | You can verify support for containerization features in your currently running |
| 31 | kernel using the ``lxc-checkconfig`` command. |
| 32 | |
| 33 | Container Setup |
| 34 | =============== |
| 35 | |
| 36 | Configuration |
| 37 | --------------- |
| 38 | |
| 39 | For a successful run of ``stack.sh`` and to permit use of KVM to run the VMs you |
| 40 | launch inside your container, we need to use the following additional |
| 41 | configuration options. Place the following in a file called |
| 42 | ``devstack-lxc.conf``:: |
| 43 | |
| 44 | # Permit access to /dev/loop* |
| 45 | lxc.cgroup.devices.allow = b 7:* rwm |
| 46 | |
| 47 | # Setup access to /dev/net/tun and /dev/kvm |
| 48 | lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0 |
| 49 | lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0 |
| 50 | |
| 51 | # Networking |
| 52 | lxc.network.type = veth |
| 53 | lxc.network.flags = up |
| 54 | lxc.network.link = lxcbr0 |
| 55 | |
| 56 | |
| 57 | Create Container |
| 58 | ------------------- |
| 59 | |
| 60 | The configuration and rootfs for LXC containers are created using the |
| 61 | ``lxc-create`` command. |
| 62 | |
| 63 | We will name our container ``devstack`` and use the ``ubuntu`` template which |
| 64 | will use ``debootstrap`` to build a Ubuntu rootfs. It will default to the same |
| 65 | release and architecture as the host system. We also install the additional |
| 66 | packages ``bsdmainutils`` and ``git`` as we'll need them to run devstack:: |
| 67 | |
| 68 | sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git |
| 69 | |
| 70 | The first time it builds the rootfs will take a few minutes to download, unpack, |
| 71 | and configure all the necessary packages for a minimal installation of Ubuntu. |
| 72 | LXC will cache this and subsequent containers will only take seconds to create. |
| 73 | |
| 74 | .. Note:: To speed up the initial rootfs creation, you can specify a mirror to |
| 75 | download the Ubuntu packages from by appending ``--mirror=`` and then the URL |
| 76 | of a Ubuntu mirror. To see other other template options, you can run |
| 77 | ``lxc-create -t ubuntu -h``. |
| 78 | |
| 79 | Start Container |
| 80 | ---------------- |
| 81 | |
| 82 | To start the container, run:: |
| 83 | |
| 84 | sudo lxc-start -n devstack |
| 85 | |
| 86 | A moment later you should be presented with the login prompt for your container. |
| 87 | You can login using the username ``ubuntu`` and password ``ubuntu``. |
| 88 | |
| 89 | You can also ssh into your container. On your host, run |
| 90 | ``sudo lxc-info -n devstack`` to get the IP address (e.g. |
| bhargavaregalla | 69d3b79 | 2016-05-17 09:34:26 +0100 | [diff] [blame] | 91 | ``ssh ubuntu@$(sudo lxc-info -n devstack | awk '/IP/ { print $2 }')``). |
| Cody A.W. Somerville | baa35d0 | 2016-02-11 01:23:14 -0500 | [diff] [blame] | 92 | |
| 93 | Run Devstack |
| 94 | ------------- |
| 95 | |
| 96 | You should now be logged into your container and almost ready to run devstack. |
| 97 | The commands in this section should all be run inside your container. |
| 98 | |
| 99 | .. Tip:: You can greatly reduce the runtime of your initial devstack setup by |
| 100 | ensuring you have your apt sources.list configured to use a fast mirror. |
| 101 | Check and update ``/etc/apt/sources.list`` if necessary and then run |
| 102 | ``apt-get update``. |
| 103 | |
| 104 | #. Download DevStack |
| 105 | |
| 106 | :: |
| 107 | |
| 108 | git clone https://git.openstack.org/openstack-dev/devstack |
| 109 | |
| 110 | #. Configure |
| 111 | |
| 112 | Refer to :ref:`minimal-configuration` if you wish to configure the behaviour |
| 113 | of devstack. |
| 114 | |
| 115 | #. Start the install |
| 116 | |
| 117 | :: |
| 118 | |
| 119 | cd devstack |
| 120 | ./stack.sh |
| 121 | |
| 122 | Cleanup |
| 123 | ------- |
| 124 | |
| 125 | To stop the container:: |
| 126 | |
| 127 | lxc-stop -n devstack |
| 128 | |
| 129 | To delete the container:: |
| 130 | |
| 131 | lxc-destroy -n devstack |
| 132 | |
| 133 | Limitations |
| 134 | ============ |
| 135 | |
| 136 | Not all OpenStack features may function correctly or at all when ran from within |
| 137 | a container. |
| 138 | |
| 139 | Cinder |
| 140 | ------- |
| 141 | |
| 142 | Unable to create LVM backed volume |
| 143 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 144 | |
| 145 | In our configuration, we have not whitelisted access to device-mapper or LVM |
| 146 | devices. Doing so will permit your container to have access and control of LVM |
| 147 | on the host system. To enable, add the following to your |
| 148 | ``devstack-lxc.conf`` before running ``lxc-create``:: |
| 149 | |
| 150 | lxc.cgroup.devices.allow = c 10:236 rwm |
| 151 | lxc.cgroup.devices.allow = b 252:* rwm |
| 152 | |
| 153 | Additionally you'll need to set ``udev_rules = 0`` in the ``activation`` |
| 154 | section of ``/etc/lvm/lvm.conf`` unless you mount devtmpfs in your container. |
| 155 | |
| 156 | Unable to attach volume to instance |
| 157 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 158 | |
| 159 | It is not possible to attach cinder volumes to nova instances due to parts of |
| 160 | the Linux iSCSI implementation not being network namespace aware. This can be |
| 161 | worked around by using network pass-through instead of a separate network |
| 162 | namespace but such a setup significantly reduces the isolation of the |
| 163 | container (e.g. a ``halt`` command issued in the container will cause the host |
| 164 | system to shutdown). |