How to run contrail docker containers

This document provide a step by step guide to run contrail in containers in single node. Multi-node setup would need more customization which is not explained in this guide.

NOTE: Steps mentioned in this guide works well with ubuntu 14.04 base operating system - other operating system need customizations to make agent container work properly.

An internal docker registry is created in sunnyvale office on IP (10.84.34.155) and a set of containers with 3.2.0.0-3004 has been created and pushed to this registry which are ready to use. Here are the steps:

• Install docker - refer https://docs.docker.com/engine/installation/ or just get script from https://get.docker.com/ and run it.
• Configure local docker to use insecure registry that is 10.84.34.155:5000

  • For systems use upstart (ubuntu 14.04 or older) - Edit /etc/default/docker and add the entry

    DOCKER_OPTS="--insecure-registry 10.84.34.155:5000"
    
    If you already have other DOCKER_OPTS, just append --insecure-registry to that line
    

  • For redhat/centos systems that doesn't use systemd for docker - edit /etc/sysconfig/docker and add below entry

    DOCKER_OPTS="--insecure-registry 10.84.34.155:5000"
    
    If you already have other DOCKER_OPTS, just append --insecure-registry to that line
    

  • For any systems which use systemd (ubuntu > 14.04, Redhat, Fedora, Centos) - edit the file /etc/systemd/system/docker.service.d/docker.conf and add below content

    [Service]
    ExecStart=
    ExecStart=/usr/bin/dockerd -H fd:// -D --insecure-registry 10.84.34.155:5000
    

• Then restart docker service
• Run controller container

$ docker run --privileged=true --name controller --cap-add=AUDIT_WRITE --pid=host --net=host -e CLOUD_ORCHESTRATOR=kubernetes -td 10.84.34.155:5000/contrail-controller-liberty:3.2.0.0-3004

This will run the controller container and use host network, i.e, all container ports will be listen on the host network and there is NO container bridge or any other network in between.

Also there are number of optional env can be passed using multiple "-e PARAM=value" you may refer https://github.com/Juniper/contrail-docker/blob/master/docker/controller/env.sh for available variables which can be passed. Example, adding command line parameter "-e IFMAP_SERVER_PORT=8088 -e CASSANDRA_SERVER_PORT=9162" to above command will make ifmap server to listen on 8088 and cassandra to listen on 9162 than their standard ports.

Check container startup logs using the command

$ docker logs -f controller

• Now you should be able to use webui from that machine's(wherever you run these containers) port 8080. Note that we are not using keystone and not containerizing openstack pieces right now, so you have to use static auth for webui, which is default to username: admin, password: contrail123. Once the container is fully up (it would take about 2-3 minutes to come up), you will be able to see all config, control, database components are up in webui, and you should be able to create network objects using webui or config api.

• Run analyticsdb container

$ docker run --privileged=true --name analyticsdb --cap-add=AUDIT_WRITE --pid=host --net=host -e CLOUD_ORCHESTRATOR=kubernetes -d 10.84.34.155:5000/contrail-analyticsdb:3.2.0.0-3004

• Run analytics container

$ docker run --privileged=true --name analytics --cap-add=AUDIT_WRITE --pid=host --net=host -e CLOUD_ORCHESTRATOR=kubernetes -d 10.84.34.155:5000/contrail-analytics-liberty:3.2.0.0-3004

Once analytics container is fully up, you will see analytics is up in the webui.

Note: Currently because of a known issue, webui would be shown an alarm saying "processes are not functional or something". This is harmless for testing right now, but we will fix it.

• Run vrouter agent container

# Install linux kernel headers on base operating system. This is reqquired to compile vrouter kernel module
# Run this in Redhat or Centos systems
$ sudo yum install kernel-devel-$(uname -r) kernel-headers-$(uname -r)

# Run below command for ubuntu
$ sudo apt-get install linux-headers-$(uname -r)

# Start the container
$ docker run --name agent -v /usr/src:/usr/src  -v /lib/modules:/lib/modules --privileged=true --cap-add=AUDIT_WRITE --pid=host --net=host -e CLOUD_ORCHESTRATOR=kubernetes -e VROUTER_PHYSICAL_INTERFACE=eth0 -d 10.84.34.155:5000/contrail-agent-liberty:3.2.0.0-3004

agent container will take 2-3 minutes to start completely, you may check console logs for the progress using the command "docker logs -f agent" If you are running vrouter on separate machine, you would need to provide extra env that is "-e CONFIG_IP=<controller_ip_address> NOTE that, VROUTER_PHYSICAL_INTERFACE in above command need to be provided with physical interface name if not eth0. If you have not provided VROUTER_PHYSICAL_INTERFACE parameter at all, container will try to auto detect, but it may not always work.

Once agent is up completely,

* you will see vrouter up in webui
* vrouter kernel module is loaded (you may check with command lsmod | grep vrouter)
* All vrouter related interfaces are created like pkt0, pkt1, vhost0
* The compute node physical interface IP is moved to vhost0

• Remove everything - run below commands

# Run below commands on all vrouter nodes
$ docker rm -f agent
$ service network restart or service networking restart

# Run below commands on controller node  
$ docker rm -f controller
$ docker rm -f analytics