OpenStack + Docker + OpenContrail

Docker is a tool that simplifies the process of building container images. One of the issues with OpenStack is that building glance images is an off-line process. It is often difficult to track the contents of the images, how they where created and what software they contain. Docker also does not depend on virtualization; it creates linux container images that can be run directly by the host OS. This provides a much more efficient use of memory as well as better performance. It is a very attractive solution for DC operators that run a private infrastructure that serves in-house developed applications.

In order to run Docker as an openstack “hypervisor” start with devstack on ubuntu 12.04LTS. devstack includes a docker installer that will add a debian repository with the latest version of the docker packages.

After cloning the devstack repository one can issue the command:


For OpenContrail there isn’t yet a similar install tool. I built the OpenContrail packages from source and installed them manually, modifying the configuration files in order to have config, control and compute-node components all running locally.

Next, I edited the devstack localrc file to have the following settings:


disable_service n-net
enable_service neutron
enable_service q-svc


I also added the following file to devstack:

function has_neutron_plugin_security_group() {
    return 1

function neutron_plugin_configure_common() {

function neutron_plugin_configure_debug_command() {

function neutron_plugin_create_nova_conf() {

function neutron_plugin_configure_service() {
    iniset $NEUTRON_CONF quotas quota_driver neutron.quota.ConfDriver

function neutron_plugin_setup_interface_driver() {

function neutron_plugin_check_adv_test_requirements() {
    return 0

function is_neutron_ovs_base_plugin() {
    return 1

Unfortunately, the docker driver was moved out form the main nova code to stackforge. This requires the following change:

diff --git a/lib/nova_plugins/hypervisor-docker b/lib/nova_plugins/hypervisor-do
index cdbc4d1..b4c1db9 100644
--- a/lib/nova_plugins/hypervisor-docker
+++ b/lib/nova_plugins/hypervisor-docker
@@ -53,7 +53,8 @@ function cleanup_nova_hypervisor {
 # configure_nova_hypervisor - Set config files, create data dirs, etc
 function configure_nova_hypervisor {
-    iniset $NOVA_CONF DEFAULT compute_driver docker.DockerDriver
+    iniset $NOVA_CONF DEFAULT compute_driver novadocker.virt.docker.driver.DockerDriver
     iniset $GLANCE_API_CONF DEFAULT container_formats ami,ari,aki,bare,ovf,docker

The next step is to install the nova-docker package. The master branch is available at The fork that contains the opencontrail vif_driver is currently at in the branch “opencontrail”.

Before executing the nova-docker driver, i had create an extra rootwrap config file.

# novadocker/virt/docker/ 'ln', '-sf'

There is an additional change that needs to be performed. The nova configuration file requires following lines to execute the opencontrail vif_driver rather than the default:

vif_driver = novadocker.virt.docker.opencontrail.OpenContrailVIFDriver

After this steps, you can execute and boot an instance. The script creates a network called “private”. In order to start a docker container via nova one can issue the command:

nova boot --image {image-uuid} --nic net-id={network-uuid} --flavor 1 {image-name}

And thats all folks!…

If we take a peak at the vif_driver code above it is really striking how few lines of code are involved.

There is some additional work that needs to be done in the backend; the compute-node API that is used for nova, neutron, docker and netns provisioning needs to be extracted into a single library. That needs to be sorted out… more than anything else we need a simple tool to install opencontrail from a ppa.

But in my mind, docker + opencontrail are a great combination for clusters built to host internally developed applications such as is the case of SaaS providers. Entire application stacks can be deployed in minutes, at scale.

The only piece missing is a compute scheduler that is designed to manage the instant load of an application rather than virtual machines that come in “flavor” size increments of memory consumption.


5 thoughts on “OpenStack + Docker + OpenContrail

  1. Ive cloned devstack there is no tools/docker/ ??

    bobby@openstack:~/devstack/tools$ ls uec ironic jenkins xen


  2. @Bobby C

    1) I have tried Docker with Ubuntu 14.04 LTS + Icehouse (April 17 Released version) with KVM/QEMU Hypervisor with DevStack and it works perfectly – so that’s not a real issue 🙂
    IceHouse has a number of additional features – so I would recommend Icehouse version if you are experimenting..

    2) Heads up – I haven’t tried OpenContrail in specific – I tried “pure OpenStack” with Junos/Cirros images.Also, the Icehouse installation itself is pretty different from Havana installation. We do need another file “local.conf” and there are a few changes that you need to make in the devstack installation. Eg :-

    Nice blog !

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s