diff options
Diffstat (limited to 'doc/book-enea-nfv-access-platform-guide/doc/container_virtualization.xml')
-rw-r--r-- | doc/book-enea-nfv-access-platform-guide/doc/container_virtualization.xml | 136 |
1 files changed, 133 insertions, 3 deletions
diff --git a/doc/book-enea-nfv-access-platform-guide/doc/container_virtualization.xml b/doc/book-enea-nfv-access-platform-guide/doc/container_virtualization.xml index 6f74061..c6ce223 100644 --- a/doc/book-enea-nfv-access-platform-guide/doc/container_virtualization.xml +++ b/doc/book-enea-nfv-access-platform-guide/doc/container_virtualization.xml | |||
@@ -1,8 +1,138 @@ | |||
1 | <?xml version="1.0" encoding="UTF-8"?> | 1 | <?xml version="1.0" encoding="ISO-8859-1"?> |
2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" | 2 | <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> | 3 | "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
4 | <chapter condition="hidden" id="workflow"> | 4 | <chapter id="container-virtualization"> |
5 | <title>Container Virtualization</title> | 5 | <title>Container Virtualization</title> |
6 | 6 | ||
7 | <para></para> | 7 | <section id="docker"> |
8 | <title>Docker</title> | ||
9 | |||
10 | <para>Docker is an open-source project that automates the deployment of | ||
11 | applications inside software containers, by providing an additional layer | ||
12 | of abstraction and automation of operating-system-level virtualization on | ||
13 | Linux.</para> | ||
14 | |||
15 | <para>The software container mechanism uses resource isolation features | ||
16 | inside the Linux kernel, such as cgroups and kernel namespaces to allow | ||
17 | multiple containers to run within a single Linux instance, avoiding the | ||
18 | overhead of starting and maintaining virtual machines. </para> | ||
19 | |||
20 | <para>Containers are lightweight and include everything needed to run | ||
21 | themselves: code, runtime, system tools, system libraries and settings. | ||
22 | The main advantage provided by containers is that the encapsulated | ||
23 | software is isolated from its surroundings. For example, differences | ||
24 | between development and staging environments can be kept separate in order | ||
25 | to reduce conflicts between teams running different software on the same | ||
26 | infrastructure. </para> | ||
27 | |||
28 | <para>For a better understanding of what Docker is and how it works, the | ||
29 | official documentation provided on the Docker website should be consulted: | ||
30 | <ulink | ||
31 | url="https://docs.docker.com/">https://docs.docker.com/</ulink>.</para> | ||
32 | |||
33 | <section id="launch-docker-container"> | ||
34 | <title>Launching a Docker container</title> | ||
35 | |||
36 | <para>Docker provides a hello-world container which checks whether your | ||
37 | system is running the daemon correctly. This container can be launched | ||
38 | by simply running:</para> | ||
39 | |||
40 | <programlisting>>docker run hello-world | ||
41 | |||
42 | Hello from Docker!</programlisting> | ||
43 | |||
44 | <para>This message shows that your installation appears to be working | ||
45 | correctly.</para> | ||
46 | </section> | ||
47 | |||
48 | <section id="run-enfv-guest-image"> | ||
49 | <title>Run an Enea NFV Access Platform guest image</title> | ||
50 | |||
51 | <para>Enea NFV Access Platform guest images can run inside Docker as any | ||
52 | other container can. Before starting an Enea NFV Access Platform guest | ||
53 | image, a root filesystem has to be imported in Docker:</para> | ||
54 | |||
55 | <programlisting>>docker import enea-linux-virtualization-guest-x86-64.tar.gz el7guest</programlisting> | ||
56 | |||
57 | <para>To check that the Docker image has been imported successfully, | ||
58 | run:</para> | ||
59 | |||
60 | <programlisting>>docker images</programlisting> | ||
61 | |||
62 | <para>Finally, start an Enea NFV Access Platform container with | ||
63 | <literal>bash</literal> running as the shell, by running:</para> | ||
64 | |||
65 | <programlisting>>docker run -it el7guest /bin/bash</programlisting> | ||
66 | </section> | ||
67 | |||
68 | <section id="attach-ext-resources-docker-containers"> | ||
69 | <title>Attach external resources to Docker containers</title> | ||
70 | |||
71 | <para>Any system resource present on the host machine can be attached or | ||
72 | accessed by a Docker container.</para> | ||
73 | |||
74 | <para>Typically, if a file or folder on the host machine needs to be | ||
75 | attached to a container, that container should be launched with the | ||
76 | <literal>-v</literal> parameter. For example, to attach the | ||
77 | <literal>roots</literal> home folder to a container, the command line | ||
78 | for Docker should have the following format:</para> | ||
79 | |||
80 | <programlisting>>docker run -it -v /home/root:/home/host_root/ el7guest /bin/bash</programlisting> | ||
81 | |||
82 | <para>To check that folders have been properly passed from the host to | ||
83 | the container, create a file in the source folder on the host root | ||
84 | filesystem and check for its existence inside the containers destination | ||
85 | location.</para> | ||
86 | |||
87 | <section id="attach-vhost-descriptors"> | ||
88 | <title>Attach vhost file descriptors</title> | ||
89 | |||
90 | <para>If OVS is running on the host and vhost file descriptors need to | ||
91 | be passed to the container, this can be done by either mapping the | ||
92 | folder where all the file descriptors are located or mapping the file | ||
93 | descriptor itself:</para> | ||
94 | |||
95 | <itemizedlist> | ||
96 | <listitem> | ||
97 | <para>Mapping the folder can be done as exemplified above:</para> | ||
98 | |||
99 | <programlisting>docker run -it --rm -v /var/run/openvswitch/:/var/run/openvswitch/ el7guest /bin/bash</programlisting> | ||
100 | </listitem> | ||
101 | |||
102 | <listitem> | ||
103 | <para>Mapping a file descriptor is done in a similar way, but the | ||
104 | <literal>-v</literal> flag needs to point directly to it:</para> | ||
105 | |||
106 | <programlisting>>docker run -it --rm -v /var/run/openvswitch/vhost-user1 el7guest /bin/bash</programlisting> | ||
107 | </listitem> | ||
108 | </itemizedlist> | ||
109 | </section> | ||
110 | |||
111 | <section id="attach-hugepages-mount-folders"> | ||
112 | <title>Attach hugepages mount folders</title> | ||
113 | |||
114 | <para>Hugepages mount folders can also be accessed by a container | ||
115 | similarly to how a plain folder is mapped, as shown in 1.3.</para> | ||
116 | |||
117 | <para>For example, if the host system has hugepages mounted in the | ||
118 | <literal>/mnt/huge</literal> location, a container can also access | ||
119 | hugepages by being launched with:</para> | ||
120 | |||
121 | <programlisting>>docker run -it -v /mnt/huge el7guest /bin/bash</programlisting> | ||
122 | </section> | ||
123 | |||
124 | <section id="access-pci-bus"> | ||
125 | <title>Access the PCI bus</title> | ||
126 | |||
127 | <para>If the host machine has multiple SRIOV instances created, a | ||
128 | container can access the instances by being given privileged access to | ||
129 | the host system. Unlike folders, PCI devices do not have to be mounted | ||
130 | explicitly in order to be accessed and will be available to the | ||
131 | container if the <literal>--privileged</literal> flag is passed to the | ||
132 | command line:</para> | ||
133 | |||
134 | <programlisting>>docker run --privileged -it el7guest /bin/bash</programlisting> | ||
135 | </section> | ||
136 | </section> | ||
137 | </section> | ||
8 | </chapter> \ No newline at end of file | 138 | </chapter> \ No newline at end of file |