What is nova-compute-flex?
For the past couple of months I have been working on the OpenStack PoC called nova-compute-flex. Nova-compute-flex allows you to run native LXC containers using the python-lxc calls to liblxc. It creates small, fast, and reliable LXC containers on OpenStack. The main features of nova-compute-flex are the following:
- Secure by default (unprivileged containers, apparmor, etc)
- LXC 1.0.x
- python-lxc (python2 version)
- Uses btrfs for instance creation.
Nova-compute-flex (n-c-flex) is a new way of running native LXC containers on OpenStack. It is currently designed with Juno in mind since Juno is the latest release of OpenStack. This tutorial to get nova-compute-flex up and running assumes that you will be using Ubuntu 14.04 release and will be running devstack with it.
How does n-c-flex work?
N-c-flex works the same way as the other virt drivers in OpenStack. It will stop and start containers, use neutron for networking, etc. However it does not use qcow2 or raw images, it uses an image that we call “root-tar”.
“Root-tar” images are simply a tarball of the container which is similar to the ubuntu-cloud templates in LXC. They are relatively small and contain just enough to get you running a LXC container. These images are published by Ubuntu as well, and they can be found here.. If you wish to use other distros you can simply tar up the directories found on a given qcow2 image. As well as you could use the templates found in LXC. Its just that simple.
The way that nova-compute-flex works is the following:
- Download the tar ball from the glance server.
- Create a btrfs snapshot.
- Use lxc-usernsexec to un-tar the tar ball into the snapshot.
- When the instance starts create a copy of the snapshot.
- Create the LXC configuration files.
- Create the network for the container.
- Start the container.
It just takes seconds to create a new instance since it is just doing a copy of the btrfs snapshot when the image was downloaded from the glance server.
When the instance is created, the container is an unprivileged LXC container. This means that nova-compute-flex uses user-name-spaces with apparmor built in (if you are using Ubuntu). The instance behaves like a container, but it looks and feels like a normal OpenStack instance.
Getting Started with n-c-flex
Assuming that you already have btrfs-tools is installed and you don’t have a free partition. You will need to create the instances directory where your n-c-flex instances are going to live. To do that you simply have to do the following:
dd if=/dev/zero of=<name of your large file> bs=1024k count=2000
sudo mkfs.btrfs <name of your large file>
sudo mount -t brfs -o user_subvol_rm_allowed <name of your large file> <mount point>
To make the changes permanent, modify your /etc/fstab accordingly.
Installing devstack and n-c-flex
In your “/opt” directory, run the following commands:
This will prepare your devstack to install software like LXC that been back ported to the Ubuntu Cloud Archive. The reason for the back port is that some of the features that is needed in nova-compute-flex is not
found in the trusty version of LXC
After running the above commands you will have the following in your localrc:
To make your devstack more useful you should have the following in your localrc as well:
This will allow you to use the stable branches of juno with neutron support. After modifying your localrc, you can proceed to install by running the “./stack.sh” script.
Running your first instance
As said before nova-compute-flex uses a different kind of image compared to regular nova. To upload the image to the glance server you have to do the following:
glance image-create --name='lxc' --container-format=root-tar --disk-format=root-tar < utopic-server-cloudimg-amd64-root.tar.gz
After uploading the image you can run the regular way of creating instances by either using the python-novaclient tools or the euca2ools.
At the OpenStack Developrs Summit last week, Mark Shutleworth announced lxd (lex-dee). LXD is a container “hypervisor” that is built on top of the LXC project. LXD is meant to be used as system container, rather than application containers like Docker.
I will be using the knowledge that we have gained from working on nova-compute-flex and applying it nova-compute-lxd. LXD will have a Rest-API to interact with the LXD containers, so nova-compute-lxd will be the lxd api to stop/start containers and other functions one expects to find in Nova. More discussion will be going on at the lxc-devel mailing list over the next couple of months.
However, if you want to use nova-compute-flex now go for it! If you wish to submit patches, the github project can be found at https://github.com/zulcss/nova-compute-flex. The work will be fed back into the nova-compute-lxd project as well. It also has an issue tracker where you can submit bugs as well.
If you run into road blocks please let me know, and I will be happy to help.