Project:Docker OpenStackVM

From MaRDI portal
Revision as of 14:07, 19 April 2022 by EloiFerrer (talk | contribs) (add command to create a network with the right mtu value)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Instructions for using Docker with OpenStack VMs at ZIB

Setting up the OpenStack VM

  1. Request access via jira ticket
  2. Log in to https://rise-control.zib.de with your zib account.
  3. In the navigation menu, go to "Compute" --> "Key pairs" to create or import a key pair.
  4. Under "Images" check the available linux images. Additional images, for instance from [1], can be uploaded here with the "Create Image" button.
  5. Create an instance by clicking "Launch" next to the desired linux image.
  6. Under "details", set instance name.
  7. Under "source", select "No" under "Create New Volume" and make sure the correct image is selected (otherwise, select it from the list below by clicking on the arrow on the right).
  8. Under "Flavor", select a suitable flavor, i.e., the desired virtual hardware of the virtual machine.
  9. Under "Networks", select mardi.
  10. Under "Key Pair", select your key pair.
  11. Click "Launch Instance".
  12. In the instance overview, select "Associate floating IP" in the actions menu.
  13. You can now connect to the VM if you are in the VPN or at ZIB with ssh  -i <your-key.pem> <vm-user>@<floating_ip>, specifying the initially created key file and the associated floating IP. <vm-user> depends on the linux image, e.g., ubuntu for Ubuntu and arch for ArchLinux.
  14. To access services running in the VM with the browser on the host system, use SSH port forwarding, see below: #SSH port forwarding

Fixing Docker networking problems

If the internet docker is unreachable on OpenStack VMs, causing commands like apt-get or curl to fail (connection timeout; in cases of "host not reachble" errors this is probably a DNS problem), this may be due to wrong network settings. Check the MTU settings with ip link, e.g.,

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether fa:16:3e:20:67:be brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ae:d6:94:20 brd ff:ff:ff:ff:ff:ff

The docker MTU needs to be less or equal to the physical network setting (here eth0). This can be fixed for docker containers by setting by setting in /etc/docker/daemon.json:

{
    "mtu": 1450
}

and for docker-compose by adding the following to docker-compose-dev.yml (or *.override.yml):

networks:                                
  default:                               
    driver: bridge                       
    driver_opts:                         
      com.docker.network.driver.mtu: 1450

MTU option when creating a network

When an external network is used (e.g. when running portal-examples) it may be necessary to initiate directly the network with the right MTU value. In this case, pass the option "com.docker.network.driver.mtu=1450" when creating the network:

$ docker network create -o "com.docker.network.driver.mtu=1450" portal-compose_default

SSH port forwarding

In order to access the web services running within the virtual machine via the browser on the host system, use ssh with port forwarding. The following command forwards 127.0.0.1:8080 (it might be required to add the line 127.0.0.1 localhost to the file /etc/hosts on the VM) through port 8000 on the host system:

$ ssh -L 8000:127.0.0.1:8080 <vm-user>@<floating-ip>

The service running on port 8080 on the VM is now reachable on the host system at http://localhost:8000.

workflow recommendations

... TODO ...