Docker Network Plugin utilizing Neutron

Registered by Mohammad Banikazemi on 2015-08-05

Create a containerized version of the Kuryr Docker network plugin. This docker remote plugin utilizes Neutron to realize Docker networking as described in Docker Container Network Model (CNM) defined at [1].

Motivation:
1. One objectives of kolla is to deploy the big tent. Since kuryr is part of the big tent, it makes sense to include Kuryr with kolla (from sdake).
2. Kuryr depends on several components (keystone, neutron, database) of Kolla. Since kolla is a very nice way to deploy OpenStack, enabling kuryr within Kolla will offer clear benefit to kuryr (from Banix).
3. Kuryr is created mainly for container resources. If kolla will support multiple types of computing resources (kvm, xen), it certainly makes sense to have docker as a class of resources [2]. Therefore, having kuryr in kolla will provide an appropriate networking implementation for the container resources.

[1] https://github.com/docker/libnetwork/blob/master/docs/design.md
[2] https://blueprints.launchpad.net/kolla/+spec/nova-docker-container

Blueprint information

Status:
Complete
Approver:
Steven Dake
Priority:
High
Drafter:
Mohammad Banikazemi
Direction:
Approved
Assignee:
Hui Kang
Definition:
Approved
Series goal:
Accepted for newton
Implementation:
Implemented
Milestone target:
milestone icon newton-rc1
Started by
Steven Dake on 2016-03-27
Completed by
Steven Dake on 2016-09-17

Related branches

Sprints

Whiteboard

This feature is at risk for removal from rc1. --steak

We have granted an FFE for this feature. This feature must land by August 15th. If you can't make that deadline, please inform on irc, mailing list, or in launchpad. Thanks! --steak

Hui,

This is still targeted for newton and the kuryr cats have said they will get keystone v3 support implemented in time. Please keep with it, and try to comunicate with the kuryr folks about their timeline or implementation of keystone v3 so we can move things along. Deadline is 15th of August for all merging to be complete. --steak

Hui
Please fill out the work items - I am open to bouncing this out of Mitaka if there isn't sufficient support from the kur* team.
Blocked: kuryr requires docker-1.9.1 due to its dependency on libnetwork on the upstream docker. However, kolla does not work well will docker-1.9.1 due to the docker-py ansible module. - Hui
kolla recently works with docker-1.9.1. We should be able to proceed now. - Hui

Low or Medium priority blueprint not in Good Progress state or better. Removing this from Mitaka release. Will re-evaluate for inclusion in Newton. --sdake

Hui,

Is kuryr a docker plugin, an openstack plugin, or what? if it is a plugin, I don't understand the need for a separate container unless the intent is to use the volumes_from operation to import the plugin code into the system. It would be interesting to see a named volume for this type of problem where a container starts up, and creates the named volumes required for all neutron plugins. Without knowing how kuryr fits into the system, its hard to make a judgement call. That said, I've moved this blueprint to pending approval for newton 1, since I think it makes sense to tackle this work early in the cycle (plugins in general). Can you answer my questions? --sdake

Hi, Steven, kuryr is a network plugin for docker containers. It uses keystone and neutron only from OpenStack. From my understanding, kuryr should be running as a container, like openvswitch-agent and openvswitchd in a regular neutron OVS plugin.

Banix, please correct me if I am wrong. Thanks. -Hui

Hui,
Is etcd an option for the KV store? I am really reluctant to introduce consul into the system. I don't know if Consul is horizontally scalable and provides high availability functionality. If the answer is no, I am pretty much -2 on Consul as the only way to deploy. etcd is a KV store and has a nice HA story which is easy to implement. Would appreciate responses here. --sdake

That said I have moved this to approved.

Hi, Steven,
I have abandoned that large set and will submit 4 smaller ones. Regarding consul and etcd, they have similar scale out capability and HA because they are based on the same Raft algorithm. Plus, consul provides other functions like monitoring and a nice UI, which I feel can be used by the Kolla project in the future.

But certainly we can provide the etcd containers for kuryr usage as a sub patch set for this bp. - Hui

Hui,

I wished you hadn't abandoned that change so we don't lose all the comments. it literally took me 3 hours to review, and I am not keen to go through all that again. We could have broken it apart after the original issues were addressed. As for etcd, I am ok with an optional either way, but I want etcd implemented before this stream goes in. This is really a familiarily thing for me - I am super familiar with etcd and not familiar at all with Consul. I'd like to lead with etcd for key/value storage rather then Consul. Also the requirement of docs of changing the commands for docker running - That really concerns me as well, and I'd like to understand that in more detail in the original review. can you respond to all of my questions in the original review so I can maintain context on the change, and then you can split it apart later once I run out of things to complain about :) --steak

Hui,
could you explain more for why we need kuryr in Kolla? I do not see the requirement for this. -- Jeffrey4l

Lei,
I'd like to hear Hui's viewpoint on this too, but one of the objectives of our project is to deploy the big tent. That was my motive for approving the blueprint combined with someone offering to do the work. --sdake

Hui,
The work items are incompletely implemented. A special requirement for projects to be implemented in Kolla is some form of redundancy - implementing part of the HA feature requirements. Therefore I moved the blueprint from needs code review to good progress. --sdake

Hi, Jeffrey and sdake,
Thanks for your comments. I add the motivations in the project description.

To Mohammad: please add more if I miss anything. Thanks. - Hui

From my understanding, kolla supports keystone v3 only, while kuryr now lacks the support for v3. This patch (https://review.openstack.org/#/c/316320/) in kuryr resolves this issue.

moving to newton-3 expected to be released on 2016-09-02. Please try to finish it before that otherwise it will be moved to Octata. - coolsvap

Gerrit topic: https://review.openstack.org/#q,topic:bp/kuryr-docker-plugin,n,z

Addressed by: https://review.openstack.org/297987
    Implement kuryr neutron plugin
(This patch is too big to review. So it is separated into the following smaller ones.)

Addressed by: https://review.openstack.org/298000
    Add Kuryr Docker container

Addressed by: https://review.openstack.org/298001
    Add consul Docker container

Addressed by: https://review.openstack.org/298451
    Add etcd Docker container

Addressed by: https://review.openstack.org/298894
    Add Kuryr ansible role

Addressed by: https://review.openstack.org/355156
    Add etcd container

Addressed by: https://review.openstack.org/364662
    Add etcd ansible role

Addressed by: https://review.openstack.org/370382
    Add kuryr-libnetwork Dockerfile

(?)

Work Items

Work items:
kuryr container: DONE
consul container: DONE
kuryr ansible: DONE
consul ansible: DONE
etcd container: DONE
etcd ansible: DONE
consul HA: TODO
etcd HA: TODO
Droproot: DONE

This blueprint contains Public information 
Everyone can see this information.