Eric Windisch

Docker will be in OpenStack Icehouse

Eric Windisch

The preferred mechanism orchestrating Docker in OpenStack is via Heat, rather than treating Docker as a form of hypervisor in OpenStack Nova.

Our initial path towards enabling the use of Docker in OpenStack was to create a driver for Docker in OpenStack Compute (Nova), which enabled a Docker container to be used as if it were a virtual machine.

However, the OpenStack conference in Hong Kong, it became clear that there were disadvantages to this approach. For instance, the standard API extensions expect certain VM-specific functionality, not all of which makes sense in a Docker or container context. Furthermore, using Docker as a VM in Nova also makes it difficult to expose some of the more useful Docker functionality, such as linking containers. For these reasons, we have begun to apply Heat as a better alternative.

OpenStack Heat with Nova

OpenStack Heat with Nova (EDIT: OS::Heat::Docker should be DockerInc::Docker::Container)

OpenStack Orchestration (Heat) is a solution for providing orchestration of resources inside OpenStack clouds. It provides compatibility with AWS CloudFormation, allowing users to upload templates describing the system that they would like to deploy.

Using the Heat plugin, users may deploy and manage Docker Containers on top of traditional OpenStack deployments, making it compatible with existing OpenStack clouds. Our plugin for Heat has been accepted into OpenStack and will be in the Icehouse release.

See this example for using Heat to orchestrate Docker:

heat_template_version: 2013-05-23

description: Single compute instance running cirros in a Docker container.

    type: OS::Nova::Server
      key_name: ewindisch_key
      image: ubuntu-precise
      flavor: m1.large
      user_data: #include
    type: DockerInc::Docker::Container
    docker_endpoint: { get_attr: [my_instance, first_address] }
    image: cirros

In the above example, multiple containers may be created and linked together by simply adding more sections like “my_docker_container”. They’re not constrained by the OpenStack APIs and may leverage the full power of the Docker Remote API.

As for the Nova driver, it will be moving out of the Nova tree and into Stackforge. Feedback has been incredibly positive on the driver, but the lack of integration with Cinder and Neutron have been cited as barriers. Having the code live in Stackforge will allow us to more quickly iterate to hone our CI and integrate those features before exploring the re-introduction of an in-tree driver for OpenStack Juno.

Continue reading...


7 thoughts on “Docker will be in OpenStack Icehouse

  1. It’s probably worth mentioning that the plugin is in /contrib, so it isn’t installed by default and may not appear in many packages. That said, I’m definitely looking forward to a time when we’ll be able to authenticate to Docker with Keystone so that some version of this plugin can graduate into the main tree.

  2. In the diagram, the name of the resource should be DockerInc::Docker::Container. The OS::Heat::* namespace is reserved for Heat specific resources. The OS::*::* is reserved for OpenStack specific resources.

  3. In the diagram, where is Docker actually running? Is it running inside an instance already provisioned by Nova? If so does Heat handle the provisioning of that instance, or is the assumption that you already have a server (virtual or physical) with Docker installed somewhere that Heat can connect to?

    • Trevor Robets Jr

      Hello Blake,

      Diagram doesn’t make it obvious, but the Heat code shows the VM first being provisioned with Docker installed. Then, the container gets deployed there.


Leave a Reply