Monday, March 23, 2015

Setup the most recent Nova Docker Driver via Devstack on F21

********************************************************************************
UPDATE as 03/26/2015
********************************************************************************
To make devstack configuration persistent between reboots on Fedora 21,
e.g. restart-able via ./rejoin-stack.sh, following services must be enabled :-

   systemctl enable rabbitmq-server 
  systemctl enable openvswitch 
  systemctl enable httpd 
  systemctl enable mariadb 
  systemctl enable mysqld

 File /etc/rc.d/rc.local should contain ( in my case ) :-

#!/bin/bash
ip addr flush dev br-ex ;
ip addr add 192.168.10.15/24 dev br-ex ;
ip link set br-ex up ;
route add -net 10.254.1.0/24 gw 192.168.10.15 ;
System is supposed to be shutdown via :-
$sudo ./unstack.sh
********************************************************************************
     Due to  switching Nova in Kilo Openstack release to  oslo logging, nova docker driver was also switched to oslo logging,what makes impossible test this driver with nova-compute service been built for Juno Release. Running devstack on systems different from Ubuntu 14.04 is affected usually by lower version of python modules then required by devstack.Post bellow is solving this issue on Fedora 21 upgrading requiered modules via Fedora Rawhide and also provides workaround for dropping python-six version caused by driver build,which is specific F21 bug. Shortly , it's brief instruction how to run devstack on Fedora 21 without crashing. It is targeting only development issues.
Actually, it  follows up http://blog.oddbit.com/2015/02/06/installing-nova-docker-on-fedora-21/  however , RDO Juno is not pre-installed and Nova Docker driver is built first based on the top commit of https://git.openstack.org/cgit/stackforge/nova-docker/ , next step is :-

$ git clone https://git.openstack.org/openstack-dev/devstack
$ cd devstack

Creating local.conf under devstack following any of two links provided
and run ./stack.sh performing AIO Openstack installation, like it does
it on Ubuntu 14.04. All steps preventing stack.sh from crash on F21 described
right bellow.

 # yum -y install git docker-io python-six  fedora-repos-rawhide
 # yum --enablerepo=rawhide install  python-pip python-pbr systemd
 # systemctl enable docker.service
 # systemctl start docker.service
 # groupadd nova

  Edit  /etc/sysconfig/docker

   OPTIONS='--selinux-enabled -G nova'
 
 # systemctl restart docker.service
 # reboot

 Next

 # chmod 666 /var/run/docker.sock
 # yum - y install gcc python-devel ( required for driver build )

 $ git clone http://github.com/stackforge/nova-docker.git
 $ cd nova-docker
 $ sudo pip install . 

  You might experience problems with cloning nova-docker.git
  to fedora box (vm), then install Ubuntu 14.04.2 VM
  ( for instance @KVM F21 Hypervisor)
  Log into VM and run:-

  # git clone git://github.com/stackforge/nova-docker.git
  # scp -r nova-docker    fedora21-box-ip:/root

 To encrease to 1.9 version python-six dropped to 1.2 during driver's build

   # yum -y reinstall python-six
   # mkdir -p /opt/stack
   # chmod -R 755 /opt/stack

 Run devstack as user stack:-

  $ git clone https://git.openstack.org/openstack-dev/devstack
  $ cd devstack
  1. Create local.conf
  2. Verify docker service availability
   $ docker version
      Client version: 1.5.0
      Client API version: 1.17
      Go version (client): go1.3.3
      Git commit (client): a8a31ef/1.5.0
      OS/Arch (client): linux/amd64
      Server version: 1.5.0
      Server API version: 1.17
      Go version (server): go1.3.3
      Git commit (server): a8a31ef/1.5.0

 3. Then run :-
  $ ./stack.sh

per http://blog.oddbit.com/2015/02/11/installing-novadocker-with-devstack/
or view  http://bderzhavets.blogspot.com/2015/02/set-up-nova-docker-driver-on-ubuntu.html   for another version of local.conf

*****************************************************************************
My version of local.conf which allows define floating pool as you need,
a bit more flexible then original
*****************************************************************************
[[local|localrc]]
HOST_IP=192.168.1.57
ADMIN_PASSWORD=secret
MYSQL_PASSWORD=secret
RABBIT_PASSWORD=secret
SERVICE_PASSWORD=secret
FLOATING_RANGE=192.168.10.0/24
FLAT_INTERFACE=eth0
Q_FLOATING_ALLOCATION_POOL=start=192.168.10.150,end=192.168.10.254
PUBLIC_NETWORK_GATEWAY=192.168.10.15

SERVICE_TOKEN=super-secret-admin-token
VIRT_DRIVER=novadocker.virt.docker.DockerDriver

DEST=$HOME/stack
SERVICE_DIR=$DEST/status
DATA_DIR=$DEST/data
LOGFILE=$DEST/logs/stack.sh.log
LOGDIR=$DEST/logs

# The default fixed range (10.0.0.0/24) conflicted with an address
# range I was using locally.
FIXED_RANGE=10.254.1.0/24
NETWORK_GATEWAY=10.254.1.1

# Services
disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service horizon
disable_service tempest

# Introduce glance to docker images
[[post-config|$GLANCE_API_CONF]]
[DEFAULT]
container_formats=ami,ari,aki,bare,ovf,ova,docker

# Configure nova to use the nova-docker driver
[[post-config|$NOVA_CONF]]
[DEFAULT]
compute_driver=novadocker.virt.docker.DockerDriver

**************************************************************************************
After stack.sh completion disable firewalld, because devstack has no interaction with fedoras firewalld bringing up openstack daemons requiring corresponding ports  to be opened
***************************************************************************************
$ sudo cp nova-docker/etc/nova/rootwrap.d/docker.filters \
  /etc/nova/rootwrap.d/
 
#  systemctl stop firewalld
#  systemtcl disable firewalld

$ cd dev*
$ . openrc demo 

$ neutron security-group-rule-create --protocol icmp \
  --direction ingress --remote-ip-prefix 0.0.0.0/0 default

$ neutron security-group-rule-create --protocol tcp \
  --port-range-min 22 --port-range-max 22 \
  --direction ingress --remote-ip-prefix 0.0.0.0/0 default

$ neutron security-group-rule-create --protocol tcp \
  --port-range-min 80 --port-range-max 80 \
  --direction ingress --remote-ip-prefix 0.0.0.0/0 default

Uploading docker image to glance
$ . openrc admin
$  docker pull rastasheep/ubuntu-sshd:14.04
$  docker save rastasheep/ubuntu-sshd:14.04 | glance image-create --is-public=True   --container-format=docker --disk-format=raw --name rastasheep/ubuntu-sshd:14.04

Launch new instance via uploaded image :-
$ . openrc demo
$  nova boot --image "rastasheep/ubuntu-sshd:14.04" --flavor m1.tiny
    --nic net-id=private-net-id UbuntuDocker

To provide internet access for launched nova-docker instance run :-


# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

************************
On real F21 box
************************
# iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE

    or whatever ifconfig reports on machine

# iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE

   *************************
   To use Horizon
   *************************
   # yum -y install nodejs
   # systemctl restart httpd.service

 



 

     

 
   System has been setup on real F21 box :-
    


  

  



References
http://blog.oddbit.com/2015/02/06/installing-nova-docker-on-fedora-21/
https://www.berrange.com/posts/2012/11/19/walk-through-of-running-openstack-on-fedora-17-using-devstack/