[ovs-discuss] Regarding http://patchwork.openvswitch.org/patch/6679/

[Gurucharan Shetty]

On Fri, Nov 7, 2014 at 2:56 AM, Santosh Kumar
<Santosh8.Kumar at aricent.com> wrote:
> Hi,
>
> I will really appreciate if you can please confirm my understanding .
>
> Set up :
>
> 1. ( Controller + Network ) on Single Node.
> 2. On Second Node, I have installed Docker and spawned containers successfully, where each container is running nova-compute service.

>
>
> Use Case :
>
> I want to spawn VM on Docker Containers Using above setup.
I think I don't understand what the above means. You want to spawn a
VM from inside a container? i.e., you want to treat an individual
container as a hypervisor and have OVS run in each container?

If so, I think it will be quite tricky to implement. As you know, OVS
uses the Linux kernel module to create its bridges and interfaces and
the Linux kernel is shared by all containers. You can have OVS run
inside a container if you run it in privileged mode. Otherwise it will
complain that it does not have permission to create network
interfaces.

> Now my doubt is where openVswitch will be placed.
> Is it like inside each container there will be a openvswitch or There will be a single openvswitch in Node where all Containers  will have
> There interfaces like VMs do.
If you want OVS to run inside each container, I think you should try
with the userspace datapath instead of the kernel datapath. I think
you will need permissions to create tap devices from inside a
container though ( I haven't tried this, so I don't know what else is
needed).



> If answer is yes in first case that in each container there will be a openvswitch , Then executing this I found that it does not
> Create ovs-system as its interface in ifconfig. So it seems it cannot manage NIC from inside the Container.
>
>
> It will be great help , if anybody can give some direction here.
The use case that I have been thinking about (and what the patch in
question is useful for) is mostly to treat each container as a VM and
attach its interfaces to a OVS bridge running in the root names space.

>
> Regards,
> Santosh Kumar
>
>
>
> -----Original Message-----
> From: Gurucharan Shetty [mailto:shettyg at nicira.com]
> Sent: Wednesday, November 05, 2014 7:12 PM
> To: Santosh Kumar
> Cc: discuss
> Subject: Re: Regarding http://patchwork.openvswitch.org/patch/6679/
>
> [Adding ovs-discuss as others may find it useful, I hope you don't mind.]
>
> Yes, my patch is doing the same. But be aware that 'ovs-docker' is just a very simple script that adds an interface into the container after it is created. So you will need some mechanism inside the container to prevent the application from starting before the network interfaces are added (I am not aware of a native way to do it, but it looks like there are multiple hacks to achieve that. I liked the Kubernetes way). If you wait for a couple of months, it is likely that there will be some mechanism natively available in Docker to do it.
>
>
>
>
>
> On Wed, Nov 5, 2014 at 4:28 AM, Santosh Kumar <Santosh8.Kumar at aricent.com> wrote:
>> Hi Gurucharan,
>>
>>
>> We are trying to implement docker with Nova-compute. For that we are
>>
>> following below steps :
>>
>>
>> 1. On Ubunut 14.04 we have installed docker successfully.
>>
>> 2. Launched Containers from docker image.
>>
>>
>> Now in my understanding, I should have two nics attached to container.
>>
>> one of which will act as Data and another one as Mgt Network to talk
>> to my
>>
>> controller. So i just want to add another nic to contanier and if my
>>
>> understanding is correct , your patch is doing the same.
>>
>>
>> Can you please confirm that if my understanding is correct and how can
>> i use
>>
>> the patch provided by you for the same.
>>
>>
>> Looking for your support.
>>
>>
>> Regards,
>>
>> Santosh Kumar
>>
>>
>> "DISCLAIMER: This message is proprietary to Aricent and is intended
>> solely for the use of the individual to whom it is addressed. It may
>> contain privileged or confidential information and should not be
>> circulated or used for any purpose other than for what it is intended.
>> If you have received this message in error, please notify the
>> originator immediately. If you are not the intended recipient, you are
>> notified that you are strictly prohibited from using, copying,
>> altering, or disclosing the contents of this message. Aricent accepts
>> no responsibility for loss or damage arising from the use of the
>> information transmitted by this email including damage from virus."
> "DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."