Container-based virtualization affects all segments of IT, including cloud software stacks. As a result, the OpenStack community has developed a set of service modules that open up the option to run densely packed container instances on OpenStack-based private or hybrid clouds.
Magnum, the over-arching OpenStack container project, is now two-years old. It was conceived as a way to run container software, such as Docker Swarm, Kubernetes and Apache Mesos, and allow organizations to orchestrate containers on OpenStack. Magnum is a flexible tool, allowing the OS image with Swarm, for example, to run on either bare metal or inside a virtual machine.
OpenStack Magnum builds container structures inside a Nova instance. The service typically uses a lightweight OS, such as Core OS or Fedora Atomic, to underpin Docker. The appropriate orchestrator -- Swarm, Kubernetes or Mesos -- is included in this instance, as well. OpenStack Magnum creates a control structure in Heat to identify the instances and containers. This approach allows admins to use Heat templates, with the necessary storage, app image and network connections through the core set of OpenStack projects. Magnum also supports the Neutron load-balancer.
Recent OpenStack container advancements
The latest release of OpenStack, Ocata, introduced new features to help deploy and manage containers. These include:
- Kolla: A containerized OpenStack service that allows the three main container orchestrators -- Docker Swarm, Kubernetes and Apache Mesos -- to function within OpenStack and interact with other modules.
- Kuryr: Connects containers to Neutron for virtual network interconnection to other containers, VM instances and the outside world. It now supports Docker Swarm.
- Fuxi: A sub-project of Kuryr, Fuxi allows container access to Cinder block storage and Manila shared storage.
- Zun: An OpenStack container management service. The OpenStack Wiki defines Zun as the original intent of Magnum, which has evolved to host the big three container orchestration engines mentioned above.
Kuryr and Fuxi provide the networking and storage connectivity that moves containers from a limited to a full-app environment. Taken together, the first three modules in the list above allow a cluster of containers to interact with each other and share and store data.
Now that Kolla supports the three major container orchestration engines, Zun is an OpenStack-exclusive way to create containers and manage their lifecycle. This may not be desirable with hybrid clouds, since the portability of containers and their associated OS and app images is critical for smooth and efficient operation.
The use of standard orchestration environments in Kolla should help with portability into public cloud container services. Templates and images with container support in the Murano module should function across a hybrid cloud. However, there are still wrinkles in the APIs needed to support cross-cloud processes.
With these new features, Magnum becomes the easier path for OpenStack container deployment versus using Puppet or Ansible to build from the ground up. Still, both the OpenStack Magnum and DIY approach is more of a DevOps-level task than an end-user, policy-driven process.
What's next for OpenStack container services
One of the leaders in OpenStack usage is CERN, the European Organization for Nuclear Research. The organization built a 1,000-node cluster based on OpenStack Magnum and recently managed to reach 7 million Kubernetes requests per second. CERN's project reflects progress in scaling Kubernetes in OpenStack, and Kubernetes continues to tune its own performance.
Despite this progress, however, OpenStack container services still have some maturing to do. Project Navigator, a guide to all the official OpenStack projects, provides an objective measurement of project maturity and utilization.
Currently, according to Project Navigator, OpenStack Magnum is ranked two out of eight in maturity and is used in 11% of OpenStack installations. It's clear that OpenStack Magnum does not yet cover all the bases; integration with authentication, for example, is weak.
Other key integrations are in their infancy. Further integration, for instance, with Ansible and Puppet is required for those management environments to spill over into the OpenStack container world. In addition, simplified control mechanisms for container orchestration are essential if workloads start to shift from central IT admins out to departmental users. Extensions to template systems and policy-based management are part of this task.
Container technology is on a galloping pace of evolution, and OpenStack has to catch up. The maturity and stability of Magnum and related OpenStack container projects, however, should continue to improve through 2017.
Learn the key terms for cloud containers
Explore three container orchestration engines for OpenStack
Craft an OpenStack management strategy for private cloud