Re: [ovirt-users] [vdsm] status update: running containers alongside VMs

[Nathanaël Blanchet]

Hi Francesco,

I've just discovered your work on running containers along vms in ovirt 
and I'm really interested in it.


I found more recent details in 
https://fromanirh.github.io/containers-in-ovirt.html but except this 
mail and this blog, but it is difficult to find more. Nothing on the 
ovirt site as well about it, and nothing about finding the pre-built 
vdsm-containers rpm on jenkins.ovirt.org, I had to build it by my own 
form the source with the --enable-containers flag (doesn't seem to be 
present in jenkins build)


So before setting up this test environnment and maybe wasting some 
precious time, I prefer verfying that this feature is still under 
development, or even it might be included in the master branch in the 
near future.



Le 13/10/2016 à 12:40, Francesco Romani a écrit :

Hi everyone,

I'm happy to share some progress about the former "convirt"[1] project,
which aims to let Vdsm containers alongside VMs, on bare metal.

In the last couple of months I kept updating the patch series, which
is approaching the readiness to be merged in Vdsm.

Please read through this mail to see what the patchset can do now,
how you could try it *now*, even before it is merged.

Everyone is invited to share thoughts and ideas about how this effort
could evolve.
This will be a long mail; I will amend, enhance and polish the content
and make a blog post (on https://mojaves.github.io) to make it easier
to consume and to have some easy-to-find documentation. Later on the
same content will appear also on the oVirt blog.

Happy hacking!

+++

# How to try how the experimental container support for Vdsm.

Vdsm is gaining *experimental* support to run containers alongside VMs.
Vdsm had since long time the ability to manage VMs which run containers,
and recently gained support for
[atomic 
guests](http://www.projectatomic.io/blog/2015/01/running-ovirt-guest-agent-as-privileged-container/).

With the new support we are describing, you will be able to manage containers
with the same, proven infrastructure that let you manage VMs.

This feature is currently being developed and it is still not merged in the
Vdsm codebase, so some extra work is needed if you want to try it out.
We aiming to merge it in the oVirt 4.1.z cycle.

## What works, aka what to expect

The basic features are expected to work:
1. Run any docker image on the public docker registry
2. Make the container accessible from the outside (aka not just from localhost)
3. Use file-based storage for persistent volumes

## What does not yet work, aka what NOT to expect

Few things are planned and currently under active development:
1. Monitoring. Engine will not get any update from the container besides "VM" 
status (Up, Down...)
One important drawback is that you will not be told the IP of the container 
from Engine,
you will need to connect to the Vdsm host to discover it using standard 
docker tools.
2. Proper network integration. Some steps still need manual intervention
3. Stability and recovery - it's pre-alpha software after all! :)

## 1. Introduction and prerequisites

Trying out container support affects only the host and the Vdsm.
Besides add few custom properties (totally safe and supported since early
3.z), there are zero changes required to the DB and to Engine.
Nevertheless, we recommend to dedicate one oVirt 4.y environment,
or at least one 4.y host, to try out the container feature.

To get started, first thing you need is to setup a vanilla oVirt 4.y
installation. We will need to make changes to the Vdsm and to the
Vdsm host, so hosted engine and/or oVirt node may add extra complexity,
better to avoid them at the moment.

The reminder of this tutorial assumes you are using two hosts,
one for Vdsm (will be changed) and one for Engine (will require zero changes);
furthermore, we assume the Vdsm host is running on CentOS 7.y.

We require:
- one test host for Vdsm. This host need to have one NIC dedicated to 
containers.
   We will use the [docker macvlan 
driver](https://raesene.github.io/blog/2016/07/23/Docker-MacVLAN/),
   so this NIC *must not be* part of one bridge.
- docker >= 1.12
- oVirt >= 4.0.5 (Vdsm >= 4.18.15)
- CentOS >= 7.2

Docker >= 1.12 is avaialable for download 
[here](https://docs.docker.com/engine/installation/linux/centos/)

Caveats:
1. docker from official rpms conflicts con docker from CentOS, and has a 
different package name: docker-engine vs docker.
Please note that the kubernetes package from CentOS, for example, require 
'docker', not 'docker-engine'.
2. you may want to replace the default service file
[with this 
one](https://github.com/mojaves/convirt/blob/master/patches/centos72/systemd/docker/docker.service)
and to use this
[sysconfig 
file](https://github.com/mojaves/convirt/blob/master/patches/centos72/systemd/docker/docker-engine).
Here I'm just adding the storage options docker requires, much like the 
CentOS docker is configured.
Configuring docker like this can save you 

[ovirt-users] [vdsm] status update: running containers alongside VMs

[Francesco Romani]

Hi everyone,

I'm happy to share some progress about the former "convirt"[1] project,
which aims to let Vdsm containers alongside VMs, on bare metal.

In the last couple of months I kept updating the patch series, which
is approaching the readiness to be merged in Vdsm.

Please read through this mail to see what the patchset can do now,
how you could try it *now*, even before it is merged.

Everyone is invited to share thoughts and ideas about how this effort
could evolve.
This will be a long mail; I will amend, enhance and polish the content
and make a blog post (on https://mojaves.github.io) to make it easier
to consume and to have some easy-to-find documentation. Later on the
same content will appear also on the oVirt blog.

Happy hacking!

+++

# How to try how the experimental container support for Vdsm.

Vdsm is gaining *experimental* support to run containers alongside VMs.
Vdsm had since long time the ability to manage VMs which run containers,
and recently gained support for
[atomic 
guests](http://www.projectatomic.io/blog/2015/01/running-ovirt-guest-agent-as-privileged-container/).

With the new support we are describing, you will be able to manage containers
with the same, proven infrastructure that let you manage VMs.

This feature is currently being developed and it is still not merged in the
Vdsm codebase, so some extra work is needed if you want to try it out.
We aiming to merge it in the oVirt 4.1.z cycle.

## What works, aka what to expect

The basic features are expected to work:
1. Run any docker image on the public docker registry
2. Make the container accessible from the outside (aka not just from localhost)
3. Use file-based storage for persistent volumes

## What does not yet work, aka what NOT to expect

Few things are planned and currently under active development:
1. Monitoring. Engine will not get any update from the container besides "VM" 
status (Up, Down...)
   One important drawback is that you will not be told the IP of the container 
from Engine,
   you will need to connect to the Vdsm host to discover it using standard 
docker tools.
2. Proper network integration. Some steps still need manual intervention
3. Stability and recovery - it's pre-alpha software after all! :)

## 1. Introduction and prerequisites

Trying out container support affects only the host and the Vdsm.
Besides add few custom properties (totally safe and supported since early
3.z), there are zero changes required to the DB and to Engine.
Nevertheless, we recommend to dedicate one oVirt 4.y environment,
or at least one 4.y host, to try out the container feature.

To get started, first thing you need is to setup a vanilla oVirt 4.y
installation. We will need to make changes to the Vdsm and to the
Vdsm host, so hosted engine and/or oVirt node may add extra complexity,
better to avoid them at the moment.

The reminder of this tutorial assumes you are using two hosts,
one for Vdsm (will be changed) and one for Engine (will require zero changes);
furthermore, we assume the Vdsm host is running on CentOS 7.y.

We require:
- one test host for Vdsm. This host need to have one NIC dedicated to 
containers.
  We will use the [docker macvlan 
driver](https://raesene.github.io/blog/2016/07/23/Docker-MacVLAN/),
  so this NIC *must not be* part of one bridge.
- docker >= 1.12
- oVirt >= 4.0.5 (Vdsm >= 4.18.15)
- CentOS >= 7.2

Docker >= 1.12 is avaialable for download 
[here](https://docs.docker.com/engine/installation/linux/centos/)

Caveats:
1. docker from official rpms conflicts con docker from CentOS, and has a 
different package name: docker-engine vs docker.
   Please note that the kubernetes package from CentOS, for example, require 
'docker', not 'docker-engine'.
2. you may want to replace the default service file
   [with this 
one](https://github.com/mojaves/convirt/blob/master/patches/centos72/systemd/docker/docker.service)
   and to use this
   [sysconfig 
file](https://github.com/mojaves/convirt/blob/master/patches/centos72/systemd/docker/docker-engine).
   Here I'm just adding the storage options docker requires, much like the 
CentOS docker is configured.
   Configuring docker like this can save you some troubleshooting, especially 
if you had docker from CentOS installed
   on the testing box.

## 2. Patch Vdsm to support containers

You need to patch and rebuild Vdsm.
Fetch [this 
patch](https://github.com/mojaves/convirt/blob/master/patches/vdsm/4.18.15.1/0001-container-support-for-Vdsm.patch.gz)
and apply it against Vdsm 4.18.15.1. Vdsm 4.18.15.{1,2,...} are supported as 
well.

Rebuild Vdsm and reinstall on your box.
[centos 7.2 packages are 
here](https://github.com/mojaves/convirt/tree/master/rpms/centos72)
Make sure you install the Vdsm command line client (vdsm-cli)

Restart *both* Vdsm and Supervdsm, make sure Engine still works flawlessly with 
patched Vdsm.
This ensure that no regression is introduced, and that your environment can run 
VMs just as before.
Now we can proceed adding the