diff options
Diffstat (limited to 'doc/book-enea-nfv-access-reference-guide-intel/doc/container_virtualization.xml')
| -rw-r--r-- | doc/book-enea-nfv-access-reference-guide-intel/doc/container_virtualization.xml | 137 |
1 files changed, 0 insertions, 137 deletions
diff --git a/doc/book-enea-nfv-access-reference-guide-intel/doc/container_virtualization.xml b/doc/book-enea-nfv-access-reference-guide-intel/doc/container_virtualization.xml deleted file mode 100644 index 06bfbb4..0000000 --- a/doc/book-enea-nfv-access-reference-guide-intel/doc/container_virtualization.xml +++ /dev/null | |||
| @@ -1,137 +0,0 @@ | |||
| 1 | <?xml version="1.0" encoding="ISO-8859-1"?> | ||
| 2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | ||
| 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | ||
| 4 | <chapter id="container-virtualization"> | ||
| 5 | <title>Container Virtualization</title> | ||
| 6 | |||
| 7 | <section id="docker"> | ||
| 8 | <title>Docker</title> | ||
| 9 | |||
| 10 | <para>Docker is an open-source project that automates the deployment of | ||
| 11 | applications inside software containers, by providing an additional layer | ||
| 12 | of abstraction and automation of operating-system-level virtualization on | ||
| 13 | Linux.</para> | ||
| 14 | |||
| 15 | <para>The software container mechanism uses resource isolation features | ||
| 16 | inside the Linux kernel, such as cgroups and kernel namespaces to allow | ||
| 17 | multiple containers to run within a single Linux instance, avoiding the | ||
| 18 | overhead of starting and maintaining virtual machines.</para> | ||
| 19 | |||
| 20 | <para>Containers are lightweight and include everything needed to run | ||
| 21 | themselves: code, runtime, system tools, system libraries and settings. | ||
| 22 | The main advantage provided by containers is that the encapsulated | ||
| 23 | software is isolated from its surroundings. For example, differences | ||
| 24 | between development and staging environments can be kept separate in order | ||
| 25 | to reduce conflicts between teams running different software on the same | ||
| 26 | infrastructure.</para> | ||
| 27 | |||
| 28 | <para>For a better understanding of what Docker is and how it works, the | ||
| 29 | official documentation provided on the Docker website should be consulted: | ||
| 30 | <ulink | ||
| 31 | url="https://docs.docker.com/">https://docs.docker.com/</ulink>.</para> | ||
| 32 | |||
| 33 | <section id="launch-docker-container"> | ||
| 34 | <title>Launching a Docker container</title> | ||
| 35 | |||
| 36 | <para>Docker provides a hello-world container which checks whether your | ||
| 37 | system is running the daemon correctly. This container can be launched | ||
| 38 | by simply running:</para> | ||
| 39 | |||
| 40 | <programlisting>docker run hello-world</programlisting> | ||
| 41 | |||
| 42 | <para>If your installation is working correctly, the following message | ||
| 43 | should be outputted:<programlisting>Hello from Docker!</programlisting></para> | ||
| 44 | </section> | ||
| 45 | |||
| 46 | <section id="run-enfv-guest-image"> | ||
| 47 | <title>Run a guest image inside Docker</title> | ||
| 48 | |||
| 49 | <para>Guest images can be run inside Docker as in any other container. | ||
| 50 | You can find an example below of how to configure and run a guest image. | ||
| 51 | Before starting a guest image, a root filesystem has to be imported in | ||
| 52 | Docker:</para> | ||
| 53 | |||
| 54 | <programlisting>docker import guest-qemux86-64.tar.gz guest</programlisting> | ||
| 55 | |||
| 56 | <para>To check that the Docker image has been imported successfully, | ||
| 57 | run:</para> | ||
| 58 | |||
| 59 | <programlisting>docker images</programlisting> | ||
| 60 | |||
| 61 | <para>Finally, start a container with <literal>bash</literal> running as | ||
| 62 | the shell, by running:</para> | ||
| 63 | |||
| 64 | <programlisting>docker run -it guest /bin/bash</programlisting> | ||
| 65 | </section> | ||
| 66 | |||
| 67 | <section id="attach-ext-resources-docker-containers"> | ||
| 68 | <title>Attach external resources to Docker containers</title> | ||
| 69 | |||
| 70 | <para>Any system resource present on the host machine can be attached or | ||
| 71 | accessed by a Docker container.</para> | ||
| 72 | |||
| 73 | <para>Typically, if a file or folder on the host machine needs to be | ||
| 74 | attached to a container, that container should be launched with the | ||
| 75 | <literal>-v</literal> parameter. For example, to attach the | ||
| 76 | <literal>roots</literal> home folder to a container, the command line | ||
| 77 | for Docker should have the following format:</para> | ||
| 78 | |||
| 79 | <programlisting>docker run -it -v /home/root:/home/host_root/ guest /bin/bash</programlisting> | ||
| 80 | |||
| 81 | <para>To check that folders have been properly passed from the host to | ||
| 82 | the container, create a file in the source folder on the host root | ||
| 83 | filesystem and check for its existence inside the containers destination | ||
| 84 | location.</para> | ||
| 85 | |||
| 86 | <section id="attach-vhost-descriptors"> | ||
| 87 | <title>Attach vhost file descriptors</title> | ||
| 88 | |||
| 89 | <para>If OVS is running on the host and vhost file descriptors need to | ||
| 90 | be passed to the container, this can be done by either mapping the | ||
| 91 | folder where all the file descriptors are located or mapping the file | ||
| 92 | descriptor itself:</para> | ||
| 93 | |||
| 94 | <itemizedlist> | ||
| 95 | <listitem> | ||
| 96 | <para>Mapping the folder can be done as exemplified above:</para> | ||
| 97 | |||
| 98 | <programlisting>docker run -it --rm -v /var/run/openvswitch/:/var/run/openvswitch/ guest /bin/bash</programlisting> | ||
| 99 | </listitem> | ||
| 100 | |||
| 101 | <listitem> | ||
| 102 | <para>Mapping a file descriptor is done in a similar way, but the | ||
| 103 | <literal>-v</literal> flag needs to point directly to it:</para> | ||
| 104 | |||
| 105 | <programlisting>docker run -it --rm -v /var/run/openvswitch/vhost-user1 guest /bin/bash</programlisting> | ||
| 106 | </listitem> | ||
| 107 | </itemizedlist> | ||
| 108 | </section> | ||
| 109 | |||
| 110 | <section id="attach-hugepages-mount-folders"> | ||
| 111 | <title>Attach hugepages mount folders</title> | ||
| 112 | |||
| 113 | <para>Hugepages mount folders can also be accessed by a container | ||
| 114 | similarly to how a plain folder is mapped, as shown in 1.3.</para> | ||
| 115 | |||
| 116 | <para>For example, if the host system has hugepages mounted in the | ||
| 117 | <literal>/mnt/huge</literal> location, a container can also access | ||
| 118 | hugepages by being launched with:</para> | ||
| 119 | |||
| 120 | <programlisting>docker run -it -v /mnt/huge guest /bin/bash</programlisting> | ||
| 121 | </section> | ||
| 122 | |||
| 123 | <section id="access-pci-bus"> | ||
| 124 | <title>Access the PCI bus</title> | ||
| 125 | |||
| 126 | <para>If the host machine has multiple SRIOV instances created, a | ||
| 127 | container can access the instances by being given privileged access to | ||
| 128 | the host system. Unlike folders, PCI devices do not have to be mounted | ||
| 129 | explicitly in order to be accessed and will be available to the | ||
| 130 | container if the <literal>--privileged</literal> flag is passed to the | ||
| 131 | command line:</para> | ||
| 132 | |||
| 133 | <programlisting>docker run --privileged -it guest /bin/bash</programlisting> | ||
| 134 | </section> | ||
| 135 | </section> | ||
| 136 | </section> | ||
| 137 | </chapter> | ||