The document discusses various OpenStack projects that are focused on containers. It describes projects like Nova-docker and Heat-docker that allow managing containers alongside virtual machines in OpenStack. It also covers container orchestration engines (COEs) running on infrastructure provided by Magnum, and application catalogs for containers provided by projects like Murano and Solum. Overall, the document provides an overview of the different ways containers are integrated and managed within the OpenStack cloud platform.

1. State of Containers in Openstack
Madhuri Kumari
Intel

2. Agenda
• Containers vs VMs
• Why Containers?
• Containers on Openstack
• Openstack Components
– Nova-docker
– Heat Docker
– Magnum
– Murano
– Zun
– Solum
• Other Container Focused Components
– Kolla
– Kuryr

3. Containers vs VMs

4. Containers vs VMs
Containers VMs
Principle Lightweight, high packing density, with fewer
resources to achieve rapid deployment,
migrate easily.
Isolated, Hardware
virtualization, large,
performance overhead,
migrate easily.
Resource Usage Efficient sharing of resources. Take up more resources.
Flexibility &
Security
Less appropriate for multi-tenant
environments, because of potential security
risks.
Fully isolated from one
another and malware,
application crashes and
other problems impact only
the affected VM.
Use cases Web servers, micro-services VMs may contain other
enterprise workloads such
as database, ERP, CRM,
email server, media server,
web server or other
business applications.

5. Why Containers?
WHY NOT??

6. Containers in Openstack
• OpenStack is above all an integration engine, bringing various
technologies together through common APIs. Therefore, containers
have naturally been plugged into several existing projects and will
find their way into other areas as well.

7. Openstack Containers Project
Nova-docker
A Docker hypervisor driver
for Nova Compute to treat
containers and images as the
same type of resource as
virtual machines.
Heat Docker
A plugin template for
orchestrating Docker
resources on top of
OpenStack resources. Allows
access to full Docker API.
Murano
Provides an application
catalog of containerized
applications that can be
deployed to an OpenStack
cloud.
Magnum
Provides an API to manage
multitenant containers
infrastructure leveraging
Heat, Nova, and Neutron.
Zun
Container service for
OpenStack. Provides API(s)
for launching and managing
containers backed by
different container
technologies.
Solum
An OpenStack project
designed to make cloud
services easier to consume
and integrate into your
application development
process.

8. Nova-docker
• Drivers for OpenStack Nova
• Use Nova API to access containers
• Interface with container backend (i.e. Docker
daemon, libvirt-lxc)
• Fetch container images from Glance

9. Nova-docker Practice
• nova.conf:
compute_driver=novadocker.virt.docker.DockerDriver
• glance-api.conf:
container_formats=ami,ari,aki,bare,ovf,ova,docker
• docker save busybox | openstack image create busybox --public --
container-format docker --disk-format raw
• nova boot --flavor m1.small --image busybox --key-name mykey test1

10. Heat Docker
• Provide a Heat resource type for Docker.
• Need to specify docker endpoint
• Can orchestrate docker containers with other Heat resources

11. Heat Practice
• Install heat-docker plugin
• Docker.yml
heat_template_version: 2013-05-23
description: Test template
resources:
apache:
type: DockerInc::Docker::Container
properties:
image: marouen/apache
port_specs:
- 80
docker_endpoint: http://host:2375
• heat stack-create -f docker.yaml docker-stack

12. Magnum
• Founded at the end of 2014
• Integrates various container orchestration engine (COE).
• Leverage other Openstack components lie Heat, Nova, Neutron,
Cinder etc
• Manages infrastructure for running containers on Openstack.
• Runs containers under VM/baremetal
• COE: Swarm, kubernetes, Mesos

13. Magnum Architecture

14. Magnum Practice
• magnum baymodel-create --name k8sbaymodel --image-id fedora-
atomic-latest --keypair-id testkey --external-network-id public
--flavor-id m1.small --docker-volume-size 5 --network-driver flannel
--coe kubernetes
• magnum bay-create --name k8sbay --baymodel k8sbaymodel
• magnum ca-sign --bay k8sbay --csr client.csr > client.crt
• magnum ca-show --bay k8sbay > ca.crt

15. Murano
• Application catalog to Openstack.
• Provide a variety of applications and services, publishing and
lifecycle management , and provide UI and API. The application is
defined as anything YAQL language templates defined application.

16. Murano UI

17. Zun
• Zun (Higgins) is a Container service for OpenStack.
• Aim to provide OpenStack API(s) for launching and managing
containers backed by different container technologies.
• Container runtimes: Docker, Rkt, Clear Conainer, etc.
• COEs: Kubernetes, Docker Swarm, etc.

18. Zun
• One platform for containers/VMs/baremetals
• Neutron
• Cinder
• Glance
• Horizon
• Nova
• ...
Images Container/
VM/
Baremetal
Glance
Neutron Cinder
HorizonNova
Networks
Volumes
UI
Provisions

19. Solum
• Solum is an application lifecycle management system which allows
you to deploy your applications starting from the source code onto
Openstack cloud.
• For developers, Solum provides an easy-to-use platform for building,
testing, and deploying applications on OpenStack clouds
• For operators, Solum provides ability to make their OpenStack cloud
more useful to their application developers by enabling CI/CD
capabilities for applications to OpenStack clouds

20. Solum Architecture
Solum
API
Solum
Worker
Solum
Deployer
Queue Queue
Queue
Solum
Conductor
Heat
Database
Glance/Swift
Builds LP; run unit
tests; Build DU
Deploys DU

21. Solum Practice
• solum languagepack create <NAME> <GIT_REPO>
• solum app create --app-file <app_file> [--param-file param_file]
• solum app deploy <UUID>

22. Other Openstack Container Focused Projects
Kolla
Kolla provides production-
ready containers and
deployment tools for
operating OpenStack clouds.
Kuryr
A Docker network plugin
that uses Neutron to provide
networking services to
Docker containers. It provides
containerised images for the
common Neutron plugins.

23. Kolla
• Established in September 14.
• Allows packaging and deployment using Docker and Ansible
• Provides production ready Openstack service.
• Ease of deployment , simplified operation, upgrade and
maintenance to enhance devops and operators experience.
• Faster than devstack(comparison devstack 14mins ~ 9 mins)

24. Kuryr
• Its objective is to enable Neutron as the production ready networking
abstraction containers need!
• Map container networking abstractions to the Neutron API
• Bring your container and VM networking together under one API
• Implement all the common code for Neutron vendors allowing them
to get to container networking by just having a binding script
• Leverage Neutron advanced networking like LBaaS, FWaaS,
VPNaaS, Security Groups / NAT
• Aims to support different Container Orchestration Engines like
Kubernetes, Mesos, Docker Swarm

25. Summary
• OpenStack virtual machine management / physical and running on
the container (Magnum, Murano, Solum)
Advantage:
• Resource sharing, unified management by the OpenStack Nova
Disadvantages:
• Performance loss running VM container
• Network performance

26. Summary
• COEs run on a variety of hosts managed container OpenStack services
(k8s, mesos)
Advantage:
• Container performance guarantees
• More efficient use of resources
Disadvantages:
• Container isolation
• VM network storage
• Complexity OpenStack services

27. Summary
• Manage containers and virtual machines (Nova-docker, heat-docker,
Nova-lxc / lxd, Nova + Zun)
Advantage:
• simple
• Integration of existing resources, such as network, storage
Disadvantages:
• Not production ready