Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alfonso, UPV


Published on

Containers have recently grown in interest in the virtualization community because they are a lightweight alternative to full machine virtualization. Containers offer an operating system level virtualization, where the kernel controls the isolation of the different containers. That means less isolation than virtual machines, but also less overhead in the system because they share parts of the kernel. The most important developments in the Open Source community are LXC and Docker. ONEDock is a set of extensions for OpenNebula to use Docker as a hypervisor in ONE, to provide containers as if they were lightweight Virtual Machines (VM). The underlying idea is that when OpenNebula is asked for a VM, a Docker container will be deployed instead. In the context of OpenNebula, it is managed as if it was a VM, and the user will be able to use IP addresses to access to the container. In this session we will learn about the integration of Docker and ONE, wich kind of the available features in ONE have been incorporated to the Docker containers, and how the operations on VMs are translated to the containers in the context of ONE. Moreover we will discuss some technical details and technical decissions taken in ONEDock, and how the other operations (that have not been implemented yet) will be integrated in ONEDock.

Published in: Technology
  • Be the first to comment

OpenNebulaConf 2016 - ONEDock: Docker as a hypervisor in ONE by Carlos de Alfonso, UPV

  1. 1. ONEDOCK: DOCKER AS A HYPERVISOR IN ONE Instituto de Instrumentación para Imagen Molecular (I3M). Centro mixto CSIC - Universitat Politècnica deValència - CIEMAT Carlos de Alfonso
  2. 2. ONEDOCK IN ONETWEET ONEDock is a set of extensions for OpenNebula to use Docker containers as first-class entities, as if they were lightweightVirtual Machines
  3. 3. ONEDOCK • ONEDock tries to integrate Docker as any other hypervisor available in ONE (KVM, VMWare, Xen, etc.) • When ONE is asked for oneVM, ONEDock will make that ONE delivers the user a Docker container. • The lifecycle of the containers is carried out as ONE manages the lifecycle of aVM: • Creating, destroying, saving, migrating, etc.
  4. 4. WHY DOCKER FOR ONE? • Container technologies have gained significant momentum in the last years. • Docker includes unique features • Docker Hub with lots of applications already packed. • The Dockerfile mechanism that eases the creation and distribution of images. • The usage of layered file systems that reduce the footprint of the image of the container. • Docker seems to be the winner hype.
  5. 5. WHY NOT DOCKER FOR ONE? • Docker is mainly conceived for application delivery and not for behaving as a long-lasting VM. • LXC/LXD will probably be a more natural solution.
  6. 6. ONEDOCK COMPONENTS (I) • A ONEDock datastore is created to use the features of Dockerfiles and the usage and creation of the container images • ONEDock installs a private Docker index. • Use images from Docker Hub or import from exported Docker containers. • The ONEDock transfer manager gets the Docker images from the ONEDock datastore.
  7. 7. ONEDOCK COMPONENTS (II) • The ONEDock monitoring driver provides ONE with information about the running containers and the state of the Docker hypervisor. • The ONEDock virtual machine manager translates the operations of the lifecycle of the “ONEVMs” into Docker operations • Currently only the basic operations of the lifecycle ofVMs are available (e.g. creating, destroying, etc. • Not all of the operations will be posible, because of the concept of Docker (e.g hot attaching a volume).
  8. 8. ONEDOCK WORKFLOW 1. A Docker image is registered in ONE • The process consists of downloading the image into the private registry to reduce the external traffic and to match the concept of image in ONE. 2. A ONEDock VM is created and scheduled • The host downloads the image from the private registry and starts the container. • Configures the container to act “like a ONEVM” • Configure aVNC console, give full access to the network. 3. The container is accesible as if it were aVM.
  9. 9. TECHNICAL DETAILS (I) • The concept of Docker does not match the concept of aVM. • Containers do not have full access to the network • ONEDock hacks the network to deliver full working IPs instead of exposing individual ports. • Docker containers do not have a “console”. • ONEDock uses SVNCterm that emulates aVNC console on a command execution (i.e. bash inside the container). • A Docker container executes an application. • It is important to ensure that the application will not end, to keep the container running.
  10. 10. TECHNICAL DETAILS (II) • Some features of theVMs need that containers are granted with specific privileges when mapped to Docker (e. g. mounting block devices) • It is a security issue that is difficult to solve. • Some workarounds are included in ONEDock. • Mounting the devices in the host and then mapping folders to the container filesystem. • It is difficult to translate some concepts of the VMs to the containers. • e. g. hot attaching volumes or NICs.
  11. 11. MORE INFO ON ONEDOCK • ONEDock • Can be obtained from the public repository • Distributed under the Apache 2.0 license. • Developed in the framework of the INDIGO- DataCloud project (grant agreement RIA 653549).