Tibor's Musings

Deploying Dockerised Applications on CERN OpenStack

In a previous blog post we have seen how to use Docker for developing Python web applications. In this blog post we shall see how to deploy thusly dockerised web application on the CERN OpenStack cloud, for example to demonstrate the application to colleagues.

Simple approach

Ideally, we would use the new docker-machine management tool that permits to easily create and manage Docker containers on various remote cloud platforms, including OpenStack. However, docker-machine is still at a relatively early development stage; its OpenStack driver supports only the Ubuntu host systems, while we would like to use the vanilla CERN OpenStack cloud with its usual offer of CERN Linux images.

Let us therefore use a simple approach that will consist of (1) creating naked OpenStack virtual machine, (2) provisioning it with Docker, after which we (3) deploy our web application by "exporting" it from the local development environment and "importing" it into the remote Docker instance by using ssh. We shall create some useful bash aliases to ease the job.

We shall use the "hello world" example web application from the previous blog post, deploying it on a new CERN CentOS 7 virtual machine on CERN OpenStack.

Create CERN CentOS 7 VM

We start by creating a fresh new vanilla CERN CentOS 7 virtual machine on the CERN OpenStack, named simko-testvm-cc7, using CC7 Extra - x86_64 [2015-02-10] image:

$ source ./Personal\ simko-openrc.sh

$ openstack server create \
    --key-name simko_openstack_key \
    --image "CC7 Extra - x86_64 [2015-02-10]" \
    --flavor m1.medium \
  simko-testvm-cc7

(We could also use the web interface to create it.)

Define useful local shell functions

While the machine is being created, let us define two convenient local shell functions so that we could work with the remote VM from the laptop. Here, rssh stands for "remote ssh" and rdocker stands for "remote docker":

$ function rssh() { ssh -C -i ~/.ssh/cernopenstack.pem root@$RDOCKERHOST "$@" ;}
$ function rdocker() { ssh -C -i ~/.ssh/cernopenstack.pem root@$RDOCKERHOST "docker $@" ;}

The remote machine we'd like to manage can be changed anytime by setting the environment variable RDOCKERHOST. Our new VM is called simko-testvm-cc7, so:

$ export RDOCKERHOST=simko-testvm-cc7.cern.ch

We can now use rssh and rdocker commands to work comfortably with the remote VM from our laptop.

Provision newly created remote VM

Once the VM is up and running, we provision it by simply installing and enabling Docker:

$ rssh yum install -y docker-io
$ rssh systemctl start docker
$ rssh systemctl enable docker

We also need to open the HTTP port in the firewall:

$ rssh yum install -y firewalld
$ rssh systemctl start firewalld
$ rssh firewall-cmd --add-service http --permanent
$ rssh firewall-cmd --reload
$ rssh systemctl enable firewalld

That's it! Our new virtual machine is now fully ready to serve dockerised applications.

Deploy application image

Before deploying the application, let us build it one last time:

$ cd ~/private/src/helloworld
$ docker-compose build

We can now use docker save on the laptop to "export" freshly built application image, pipe it to the provisioned OpenStack machine via ssh, where it shall be "imported" by means of docker load. Using our handy shell functions, the operation is simple:

$ docker save helloworld_web | rdocker load

The image transfer takes about two minutes, the image size being about 750 MB.

Run dockerised application

The application image should now appear on the remote VM. Let us confirm that the image was well transferred:

$ rdocker images
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
helloworld_web      latest              d7f9887ccdab        18 hours ago        752.6 MB

We can now start the application on the remote machine:

$ rdocker run -d -p 80:5000 helloworld_web
e0da6d79f780bff22d29bf0a7b3b1a03d7617b38b8696c839043c910a48bc705

Let us verify that it correctly runs:

$ firefox http://simko-testvm-cc7.cern.ch

We can also remotely check its logs:

$ rdocker logs -f e0da6d79f780
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
 * Restarting with stat
128.141.95.173 - - [25/Feb/2015 18:48:27] "GET / HTTP/1.1" 200 -

Conclusions

Using a few simple bash functions, we can easily deploy dockerised local applications on the remote CERN OpenStack cloud, for example to demo our developments to colleagues.

Appendix: Scientific Linux CERN 6

If you would like to use the Scientific Linux CERN 6 virtual machine as a host, the provisioning step would look like:

$ export RDOCKERHOST=simko-testvm-slc6.cern.ch
$ rssh yum install -y docker-io
$ rssh service docker start
$ rssh /sbin/iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ rssh /etc/init.d/iptables save

The rest of the procedures remain exactly the same.

Side note: if the SLC6 system does not show its full disk space capacity on the root partition (e.g. it shows only 8 GB instead of 40 GB), one needs to extend the partition as follows:

# growpart /dev/vda 2
# reboot  # ... and after reboot ...
# pvresize /dev/vda2
# lvextend -l +100%FREE /dev/mapper/VolGroup00-LogVol00
# resize2fs /dev/mapper/VolGroup00-LogVol00

Posted by Tibor Šimko docker