diff options
Diffstat (limited to 'doc/book-enea-nfv-access-guide/doc/container_virtualization.xml')
-rw-r--r-- | doc/book-enea-nfv-access-guide/doc/container_virtualization.xml | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/doc/book-enea-nfv-access-guide/doc/container_virtualization.xml b/doc/book-enea-nfv-access-guide/doc/container_virtualization.xml new file mode 100644 index 0000000..58133ae --- /dev/null +++ b/doc/book-enea-nfv-access-guide/doc/container_virtualization.xml | |||
@@ -0,0 +1,136 @@ | |||
1 | <?xml version="1.0" encoding="ISO-8859-1"?> | ||
2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | ||
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | ||
4 | <chapter id="container-virtualization"> | ||
5 | <title>Container Virtualization</title> | ||
6 | |||
7 | <section id="docker"> | ||
8 | <title>Docker</title> | ||
9 | |||
10 | <para>Docker is an open-source project that automates the deployment of | ||
11 | applications inside software containers, by providing an additional layer | ||
12 | of abstraction and automation of operating-system-level virtualization on | ||
13 | Linux.</para> | ||
14 | |||
15 | <para>The software container mechanism uses resource isolation features | ||
16 | inside the Linux kernel, such as cgroups and kernel namespaces to allow | ||
17 | multiple containers to run within a single Linux instance, avoiding the | ||
18 | overhead of starting and maintaining virtual machines.</para> | ||
19 | |||
20 | <para>Containers are lightweight and include everything needed to run | ||
21 | themselves: code, runtime, system tools, system libraries and settings. | ||
22 | The main advantage provided by containers is that the encapsulated | ||
23 | software is isolated from its surroundings. For example, differences | ||
24 | between development and staging environments can be kept separate in order | ||
25 | to reduce conflicts between teams running different software on the same | ||
26 | infrastructure.</para> | ||
27 | |||
28 | <para>For a better understanding of what Docker is and how it works, the | ||
29 | official documentation provided on the Docker website should be consulted: | ||
30 | <ulink | ||
31 | url="https://docs.docker.com/">https://docs.docker.com/</ulink>.</para> | ||
32 | |||
33 | <section id="launch-docker-container"> | ||
34 | <title>Launching a Docker container</title> | ||
35 | |||
36 | <para>Docker provides a hello-world container which checks whether your | ||
37 | system is running the daemon correctly. This container can be launched | ||
38 | by simply running:</para> | ||
39 | |||
40 | <programlisting>docker run hello-world</programlisting> | ||
41 | |||
42 | <para>If your installation is working correctly, the following message | ||
43 | should be outputted:<programlisting>Hello from Docker!</programlisting></para> | ||
44 | </section> | ||
45 | |||
46 | <section id="run-enfv-guest-image"> | ||
47 | <title>Run an Enea NFV Access guest image</title> | ||
48 | |||
49 | <para>Enea NFV Access guest images can run inside Docker as any | ||
50 | other container can. Before starting an Enea NFV Access guest | ||
51 | image, a root filesystem has to be imported in Docker:</para> | ||
52 | |||
53 | <programlisting>docker import enea-linux-virtualization-guest-qemux86-64.tar.gz el7guest</programlisting> | ||
54 | |||
55 | <para>To check that the Docker image has been imported successfully, | ||
56 | run:</para> | ||
57 | |||
58 | <programlisting>docker images</programlisting> | ||
59 | |||
60 | <para>Finally, start an Enea NFV Access container with | ||
61 | <literal>bash</literal> running as the shell, by running:</para> | ||
62 | |||
63 | <programlisting>docker run -it el7guest /bin/bash</programlisting> | ||
64 | </section> | ||
65 | |||
66 | <section id="attach-ext-resources-docker-containers"> | ||
67 | <title>Attach external resources to Docker containers</title> | ||
68 | |||
69 | <para>Any system resource present on the host machine can be attached or | ||
70 | accessed by a Docker container.</para> | ||
71 | |||
72 | <para>Typically, if a file or folder on the host machine needs to be | ||
73 | attached to a container, that container should be launched with the | ||
74 | <literal>-v</literal> parameter. For example, to attach the | ||
75 | <literal>roots</literal> home folder to a container, the command line | ||
76 | for Docker should have the following format:</para> | ||
77 | |||
78 | <programlisting>docker run -it -v /home/root:/home/host_root/ el7guest /bin/bash</programlisting> | ||
79 | |||
80 | <para>To check that folders have been properly passed from the host to | ||
81 | the container, create a file in the source folder on the host root | ||
82 | filesystem and check for its existence inside the containers destination | ||
83 | location.</para> | ||
84 | |||
85 | <section id="attach-vhost-descriptors"> | ||
86 | <title>Attach vhost file descriptors</title> | ||
87 | |||
88 | <para>If OVS is running on the host and vhost file descriptors need to | ||
89 | be passed to the container, this can be done by either mapping the | ||
90 | folder where all the file descriptors are located or mapping the file | ||
91 | descriptor itself:</para> | ||
92 | |||
93 | <itemizedlist> | ||
94 | <listitem> | ||
95 | <para>Mapping the folder can be done as exemplified above:</para> | ||
96 | |||
97 | <programlisting>docker run -it --rm -v /var/run/openvswitch/:/var/run/openvswitch/ el7guest /bin/bash</programlisting> | ||
98 | </listitem> | ||
99 | |||
100 | <listitem> | ||
101 | <para>Mapping a file descriptor is done in a similar way, but the | ||
102 | <literal>-v</literal> flag needs to point directly to it:</para> | ||
103 | |||
104 | <programlisting>docker run -it --rm -v /var/run/openvswitch/vhost-user1 el7guest /bin/bash</programlisting> | ||
105 | </listitem> | ||
106 | </itemizedlist> | ||
107 | </section> | ||
108 | |||
109 | <section id="attach-hugepages-mount-folders"> | ||
110 | <title>Attach hugepages mount folders</title> | ||
111 | |||
112 | <para>Hugepages mount folders can also be accessed by a container | ||
113 | similarly to how a plain folder is mapped, as shown in 1.3.</para> | ||
114 | |||
115 | <para>For example, if the host system has hugepages mounted in the | ||
116 | <literal>/mnt/huge</literal> location, a container can also access | ||
117 | hugepages by being launched with:</para> | ||
118 | |||
119 | <programlisting>docker run -it -v /mnt/huge el7guest /bin/bash</programlisting> | ||
120 | </section> | ||
121 | |||
122 | <section id="access-pci-bus"> | ||
123 | <title>Access the PCI bus</title> | ||
124 | |||
125 | <para>If the host machine has multiple SRIOV instances created, a | ||
126 | container can access the instances by being given privileged access to | ||
127 | the host system. Unlike folders, PCI devices do not have to be mounted | ||
128 | explicitly in order to be accessed and will be available to the | ||
129 | container if the <literal>--privileged</literal> flag is passed to the | ||
130 | command line:</para> | ||
131 | |||
132 | <programlisting>docker run --privileged -it el7guest /bin/bash</programlisting> | ||
133 | </section> | ||
134 | </section> | ||
135 | </section> | ||
136 | </chapter> \ No newline at end of file | ||