diff options
Diffstat (limited to 'doc/book-enea-nfv-access-guide/doc/container_virtualization.xml')
| -rw-r--r-- | doc/book-enea-nfv-access-guide/doc/container_virtualization.xml | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/doc/book-enea-nfv-access-guide/doc/container_virtualization.xml b/doc/book-enea-nfv-access-guide/doc/container_virtualization.xml new file mode 100644 index 0000000..58133ae --- /dev/null +++ b/doc/book-enea-nfv-access-guide/doc/container_virtualization.xml | |||
| @@ -0,0 +1,136 @@ | |||
| 1 | <?xml version="1.0" encoding="ISO-8859-1"?> | ||
| 2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | ||
| 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | ||
| 4 | <chapter id="container-virtualization"> | ||
| 5 | <title>Container Virtualization</title> | ||
| 6 | |||
| 7 | <section id="docker"> | ||
| 8 | <title>Docker</title> | ||
| 9 | |||
| 10 | <para>Docker is an open-source project that automates the deployment of | ||
| 11 | applications inside software containers, by providing an additional layer | ||
| 12 | of abstraction and automation of operating-system-level virtualization on | ||
| 13 | Linux.</para> | ||
| 14 | |||
| 15 | <para>The software container mechanism uses resource isolation features | ||
| 16 | inside the Linux kernel, such as cgroups and kernel namespaces to allow | ||
| 17 | multiple containers to run within a single Linux instance, avoiding the | ||
| 18 | overhead of starting and maintaining virtual machines.</para> | ||
| 19 | |||
| 20 | <para>Containers are lightweight and include everything needed to run | ||
| 21 | themselves: code, runtime, system tools, system libraries and settings. | ||
| 22 | The main advantage provided by containers is that the encapsulated | ||
| 23 | software is isolated from its surroundings. For example, differences | ||
| 24 | between development and staging environments can be kept separate in order | ||
| 25 | to reduce conflicts between teams running different software on the same | ||
| 26 | infrastructure.</para> | ||
| 27 | |||
| 28 | <para>For a better understanding of what Docker is and how it works, the | ||
| 29 | official documentation provided on the Docker website should be consulted: | ||
| 30 | <ulink | ||
| 31 | url="https://docs.docker.com/">https://docs.docker.com/</ulink>.</para> | ||
| 32 | |||
| 33 | <section id="launch-docker-container"> | ||
| 34 | <title>Launching a Docker container</title> | ||
| 35 | |||
| 36 | <para>Docker provides a hello-world container which checks whether your | ||
| 37 | system is running the daemon correctly. This container can be launched | ||
| 38 | by simply running:</para> | ||
| 39 | |||
| 40 | <programlisting>docker run hello-world</programlisting> | ||
| 41 | |||
| 42 | <para>If your installation is working correctly, the following message | ||
| 43 | should be outputted:<programlisting>Hello from Docker!</programlisting></para> | ||
| 44 | </section> | ||
| 45 | |||
| 46 | <section id="run-enfv-guest-image"> | ||
| 47 | <title>Run an Enea NFV Access guest image</title> | ||
| 48 | |||
| 49 | <para>Enea NFV Access guest images can run inside Docker as any | ||
| 50 | other container can. Before starting an Enea NFV Access guest | ||
| 51 | image, a root filesystem has to be imported in Docker:</para> | ||
| 52 | |||
| 53 | <programlisting>docker import enea-linux-virtualization-guest-qemux86-64.tar.gz el7guest</programlisting> | ||
| 54 | |||
| 55 | <para>To check that the Docker image has been imported successfully, | ||
| 56 | run:</para> | ||
| 57 | |||
| 58 | <programlisting>docker images</programlisting> | ||
| 59 | |||
| 60 | <para>Finally, start an Enea NFV Access container with | ||
| 61 | <literal>bash</literal> running as the shell, by running:</para> | ||
| 62 | |||
| 63 | <programlisting>docker run -it el7guest /bin/bash</programlisting> | ||
| 64 | </section> | ||
| 65 | |||
| 66 | <section id="attach-ext-resources-docker-containers"> | ||
| 67 | <title>Attach external resources to Docker containers</title> | ||
| 68 | |||
| 69 | <para>Any system resource present on the host machine can be attached or | ||
| 70 | accessed by a Docker container.</para> | ||
| 71 | |||
| 72 | <para>Typically, if a file or folder on the host machine needs to be | ||
| 73 | attached to a container, that container should be launched with the | ||
| 74 | <literal>-v</literal> parameter. For example, to attach the | ||
| 75 | <literal>roots</literal> home folder to a container, the command line | ||
| 76 | for Docker should have the following format:</para> | ||
| 77 | |||
| 78 | <programlisting>docker run -it -v /home/root:/home/host_root/ el7guest /bin/bash</programlisting> | ||
| 79 | |||
| 80 | <para>To check that folders have been properly passed from the host to | ||
| 81 | the container, create a file in the source folder on the host root | ||
| 82 | filesystem and check for its existence inside the containers destination | ||
| 83 | location.</para> | ||
| 84 | |||
| 85 | <section id="attach-vhost-descriptors"> | ||
| 86 | <title>Attach vhost file descriptors</title> | ||
| 87 | |||
| 88 | <para>If OVS is running on the host and vhost file descriptors need to | ||
| 89 | be passed to the container, this can be done by either mapping the | ||
| 90 | folder where all the file descriptors are located or mapping the file | ||
| 91 | descriptor itself:</para> | ||
| 92 | |||
| 93 | <itemizedlist> | ||
| 94 | <listitem> | ||
| 95 | <para>Mapping the folder can be done as exemplified above:</para> | ||
| 96 | |||
| 97 | <programlisting>docker run -it --rm -v /var/run/openvswitch/:/var/run/openvswitch/ el7guest /bin/bash</programlisting> | ||
| 98 | </listitem> | ||
| 99 | |||
| 100 | <listitem> | ||
| 101 | <para>Mapping a file descriptor is done in a similar way, but the | ||
| 102 | <literal>-v</literal> flag needs to point directly to it:</para> | ||
| 103 | |||
| 104 | <programlisting>docker run -it --rm -v /var/run/openvswitch/vhost-user1 el7guest /bin/bash</programlisting> | ||
| 105 | </listitem> | ||
| 106 | </itemizedlist> | ||
| 107 | </section> | ||
| 108 | |||
| 109 | <section id="attach-hugepages-mount-folders"> | ||
| 110 | <title>Attach hugepages mount folders</title> | ||
| 111 | |||
| 112 | <para>Hugepages mount folders can also be accessed by a container | ||
| 113 | similarly to how a plain folder is mapped, as shown in 1.3.</para> | ||
| 114 | |||
| 115 | <para>For example, if the host system has hugepages mounted in the | ||
| 116 | <literal>/mnt/huge</literal> location, a container can also access | ||
| 117 | hugepages by being launched with:</para> | ||
| 118 | |||
| 119 | <programlisting>docker run -it -v /mnt/huge el7guest /bin/bash</programlisting> | ||
| 120 | </section> | ||
| 121 | |||
| 122 | <section id="access-pci-bus"> | ||
| 123 | <title>Access the PCI bus</title> | ||
| 124 | |||
| 125 | <para>If the host machine has multiple SRIOV instances created, a | ||
| 126 | container can access the instances by being given privileged access to | ||
| 127 | the host system. Unlike folders, PCI devices do not have to be mounted | ||
| 128 | explicitly in order to be accessed and will be available to the | ||
| 129 | container if the <literal>--privileged</literal> flag is passed to the | ||
| 130 | command line:</para> | ||
| 131 | |||
| 132 | <programlisting>docker run --privileged -it el7guest /bin/bash</programlisting> | ||
| 133 | </section> | ||
| 134 | </section> | ||
| 135 | </section> | ||
| 136 | </chapter> \ No newline at end of file | ||