Sunday, March 30, 2014

Running Docker container in oVirt

Overview

I recently wrote a new UI plugin in oVirt, that allows creating a VM that will run a Docker container inside it. This post shares the information about it, explains how to use it and what are the prerequisites.

What is it good for?

Well, Docker gives a very cool wrapping on top of linux containers. In addition, it also gives a public repository people can use! That makes it very easy to both create and consume container images that give different services, such as application servers, databases and many other services. Using the UI plugin to run that inside oVirt makes the job of deploying an existent service as easy as clicking a button (well... some steps are required first, but not too much steps :-) ).

Setting it up

In order to use the UI plugin you first need to fetch it from the samples-uiplugins git repository. The git repository is in git://gerrit.ovirt.org/samples-uiplugins. The plugin is currently being reviewed, so it is available at Docker-Plugin-Patch. Copy the plugin files to /usr/share/ovirt-engine/ui-plugins, so that you'll have the following directory structure:
  • docker.json
  • docker-resources/
  • docker-resources/plugin.html
  • docker-resources/icon_help.png
  • docker-resources/launch-docker-dialog.html
  • docker-resources/progress.gif

Then, you need to configure it. I usually do that using the docker.json file, although you can create a user-specific file as well. The relevant entries to configure are:
  1. allowedOrigins - that entry is used in order to pass messages between the UI plugin infrastructure and the plugin itself. I'll make it simple and just say you need to put the engine URL there, at the same way you access it with your browser (http://engine-server:port, or https://engine-server:port)
  2. apiEntryPoint - API entry point. Usually something like http(s)://engine-server:port/ovirt-engine/api
  3. dockerImages - Images you wish to be able to run. It can be either just an image name, or something more specific like user/image:label

Using the plugin


How does it work?

  • The UI plugin that allows the user to create a new oVirt VM, that runs a selected docker image running a specified command
  • It uses the cloud-init integration in order to pass the docker commands to the guest
  • docker image is downloaded from the public registry to the VM on first launch

Prerequisites

The plugin is based on creating a new oVirt VM from a template, passing cloud-init arguments that will configure and run the docker container.
Thus, in order to use it you need to have a Fedora image with docker service (with -r option to make containers start also after VM), cloud-init, and ovirt-guest-agent

It works only in cluster level 3.4 and above, as it requires persisting the cloud-init properties

Make sure the template you create have enough storage, as it might be required when downloading docker images. If you're interested in specific images then I recommend to pull them to the VM you create the template from, that way they'll be available, and won't require downloading the image when starting the container.

Plugin in action

1. You first login to the oVirt admin portal, and go the the VM main tab:



2. There you'll see the "Create Docker VM" button.
3. Press on it, and you'll see the following dialog:


4. Fill in the details:
  • Choose a DC
  • Choose a Cluster
  • Choose a Template that follows the prerequisites above
  • Fill in other VM properties
  • Fill in the Docker details (image, port mapping, and command). The command is mandatory only in case the image doesn't have an ENTRYPOINT.
  • Fill in the cloud-init details (I've decided to put only host name and SSH key, for the sake of simplicity).
5. Press OK


The VM is being created now. Once finished you can run it. After a few minutes, the IP address of it will appear in the admin portal, so you can either connect to it via SSH if you want (using the public SSH key you've passed), or just use the service it is supplying. In the screenshot I've created a Jboss instance, so I can just see that browsing results in a Test Page. Here is a screenshot showing the IP address:



And here is the result of browsing to this VM (we have mapped port 80 of the container to port 80 of the VM):


Pre-defined image in glance.ovirt.org

In order to ease the process of using this UI plugin, I've created an image you can import from the public oVirt Glance repository, "CentOS 6.5 64-Bit Docker".
You can import it using the guide available in my previous post (Importing Glance images as oVirt templates). It is based on the CentOS 6.5 cloud image. Make sure to create a virtual NIC in the template after importing, and also to set the relevant OS.

Note that I tested the plugin both using this template, and using a Fedora 19 template, installed from scratch. Using the Fedora 19 cloud image didn't work well for me, as the docker container got stuck on startup.

That's it! Start running containers in oVirt!

Monday, March 3, 2014

Importing Glance images as oVirt templates

Overview



In oVirt 3.4 we extended the integration with Glance, allowing to import Glance images of type QCOW2 or RAW as oVirt templates.
When importing an image you can do one of the following:
  • Import the image as a disk - useful when you want to take an image and attach it to a VM
  • Import the image as a template - useful when you would like to take existing image from Glance and use that in order to create several VMs

We also added a public Glance repository to be used by oVirt deployments. A reference to this repository is automatically added in 3.4, so you'll see it in the UI by default, under the name "ovirt-image-repository". You can either use it, or add your own Glance provider, using the steps outlined below.
The public repository currently contains a small amount of images, but we hope to add more images in the near future.

Setting it up

In this section I assume you already have an active Data-Center and Cluster. The DC level should be 3.4 and above for the import and VM creation to work.
Using Glance from within oVirt is pretty easy. If you plan to use the public repository, then all you have to do is:
  1. Go to the Storage main tab
  2. Storage Main Tab
  3. Select the "ovirt-image-repository" domain
  4. In the images sub-tab you'll see a list of available images
  5. Select an image
  6. Selecting an Image
  7. Press Import
  8. Select Data-Center, Storage domain and Quota (I'm not using Quota so it is disabled)
  9. Check the "import as template" checkbox
  10. Select a Cluster
  11. Press OK
  12. Import Image Dialog

Then you'll see that there is a new task running:
Task Progress

Once finished, a new template was created, with default configuration, name that starts with "GlanceTemplate", and description that contains the original image name:
Template Main Tab

You can rename it, and change different properties in it, and then use it as any other template, in order to create new VMs. Before use you should also change the OS type of the template, according to the selected image. The OS type determines whether you can use cloud-init on the VM or not. The current images are cloud-images, so you'll need to use the integration with cloud-init in order to be able to login/connect to the VM. In order to do that you need to change the OS type of the template, and in case of linux based OS you'll have the option to use cloud-init when adding VMs.

Adding your own Glance provider

In the steps above I used the public Glance repository, which exists by default in 3.4 deployments. You can also add a reference to your own Glance instance. If your instance doesn't allow anonymous read-only access, then you also have to configure the Keystone details in the oVirt engine, so let's do that first:
  1. Open a shell in the server where the engine is installed
  2. Enter the command:
  3. Restart the oVirt engine
  1. In the Tree on the list, select the External Providers branch
  2. Provider Main Tab
  3. Press Add
  4. Fill in the details
  5. If your provider requires authentication then select "requires authentication", and fill in the relevant credentials
  6. Press Test-Connection to check that the provided details are correct
  7. Press OK
  8. Provider Details
Now go the the storage main tab, there you'll see your new domain, and follow the steps from the same steps outlined above in order to import glance images.

Important notes:
  • As I wrote earlier, we only supports RAW and QCOW2 images
  • We currently don't support SSL communication with Glance
  • The import of these templates and the usage of them is only supported on DC Level 3.4 and above
  • The Fedora and CentOS images that exist in the public repo are cloud-images, and designed to be initialized using cloud-init. For more information about cloud-init integration in oVirt have a look at Cloud-Init integration and Persistent VM init data
  • As stated above, import as a template work only on Data-Centers with compatibility level that's 3.4 and above. Currently we also allow that on 3.3, but that's a bug, as the template will be created, but you won't be able to create VMs from it. This will be addressed in 3.4.1.

Sunday, March 2, 2014

Advanced integration with Red Hat Enterprise Virtualization Manager (RHEV-M)

At CloudOpen Europe 2013, in Edinburgh, I presented a talk about advanced integration with the oVirt engine.
I wrote a technical article covering that in the Red-Hat developer blog.
Feel free to have a look....
Advanced integration with RHEV-M- part 1
Advanced integration with RHEV-M- part 2

Enjoy!
Oved