CoreOS is a Linux distribution that allows easy deployment of Docker environments. With CoreOS, users have the ability to deploy clustered Docker environments, or deploy zero downtime applications. Recently, I have blogged about how to deploy and use Docker on Eucalyptus cloud environments. This blog will focus on how to leverage cloud-init configuration with a CoreOS EMI to manage instance storage that will be used by Docker containers on Eucalyptus 4.0. The same cloud-init configuration file can be used on AWS with CoreOS AMIs, which is yet another example of how Eucalyptus has continued to maintain its focus on being the best on-premise AWS compatible cloud environment.
Prerequisites
Since Eucalyptus Identity and Access Management (IAM) is very similar to AWS’s IAM, at a minimum – the following Elastic Compute Cloud (EC2) actions need to be allowed:
- RegisterImage
- CreateKeyPair
- AuthorizeSecurityGroupIngress
- CreateSecurityGroup
- DescribeInstanceTypes (Eucalyptus-specific action)
- DescribeInstances
- RunInstances
In order to bundle, upload and register the CoreOS image, use the following AWS S3 policy (which can be generated using AWS Policy Generator):
{
"Statement": [
{
"Sid": "Stmt1402675433766",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
For more information about how to use Eucalyptus IAM, please refer to the Eucalyptus 4.0 Administrator documentation regarding access concepts and policy overview.
In addition to the correct IAM policy being applied to the user, here are the other prerequisites that need to be met:
- Eucalyptus credentials for the given user
- Euca2ools 3.1.0 installed
- CoreOS Image
Once these prerequisites are met, the Eucalyptus user will be able to implement the topic for this blog.
CoreOS CloudInit Config for Docker Storage Management
As mentioned in the CoreOS documentation regarding how to use CoreOS with Eucalyptus, the user needs to do the following:
- Download the CoreOS image
- Decompress the CoreOS image
- Bundle, upload and register the image
For example:
# wget -q http://beta.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2 # bunzip2 coreos_production_openstack_image.img.bz2 # qemu-img convert -O raw coreos_production_openstack_image.img coreos_production_openstack_image.raw
# euca-bundle-and-upload-image -i coreos_production_openstack_image.raw -b coreos-production-beta -r x86_64
# euca-register -n coreos-production coreos-production-beta/coreos_production_openstack_image.raw.manifest.xml --virtualization-type hvm IMAGE emi-98868F66
After the image is registered, create a security group and authorize port 22 for SSH access to the CoreOS instance:
# euca-create-group coreos-testing -d "Security Group for CoreOS Cluster" GROUP sg-C8E3B168 coreos-testing Security Group for CoreOS Cluster
# euca-authorize -P tcp -p ssh coreos-testing GROUP coreos-testing PERMISSION coreos-testing ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
Next, create a keypair that will be used to access the CoreOS instance:
# euca-create-keypair coreos > coreos.priv # chmod 0600 coreos.priv
Now, we are need to create the cloud-init configuration file. CoreOS implements a subset of cloud-init config spec with coreos-cloudinit. The cloud-init config below will do the following:
- wipe the the ephemeral device – /dev/vdb (since the CoreOS EMI is an instance store-backed HVM image, ephemeral device will be /dev/vdb)
- format the ephemeral device with BTRFS filesystem
- mount /dev/vdb to /var/lib/docker (which is the location for images used by the Docker containers)
Create a cloud-init.config file with the following information:
#cloud-config coreos: units: - name: format-ephemeral.service command: start content: | [Unit] Description=Formats the ephemeral drive [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/wipefs -f /dev/vdb ExecStart=/usr/sbin/mkfs.btrfs -f /dev/vdb - name: var-lib-docker.mount command: start content: | [Unit] Description=Mount ephemeral to /var/lib/docker Requires=format-ephemeral.service Before=docker.service [Mount] What=/dev/vdb Where=/var/lib/docker Type=btrfs
Use euca-describe-instance-types to select the desired instance type for the CoreOS instance (in this example, c1.medium will be used).
# euca-describe-instance-types INSTANCETYPE Name CPUs Memory (MiB) Disk (GiB) INSTANCETYPE t1.micro 1 256 5 INSTANCETYPE m1.small 1 512 10 INSTANCETYPE m1.medium 1 1024 10 INSTANCETYPE c1.xlarge 2 2048 10 INSTANCETYPE m1.large 2 1024 15 INSTANCETYPE c1.medium 1 1024 20 INSTANCETYPE m1.xlarge 2 1024 30 INSTANCETYPE m2.2xlarge 2 4096 30 INSTANCETYPE m3.2xlarge 4 4096 30 INSTANCETYPE m2.xlarge 2 2048 40 INSTANCETYPE m3.xlarge 2 2048 50 INSTANCETYPE cc1.4xlarge 8 3072 60 INSTANCETYPE m2.4xlarge 8 4096 60 INSTANCETYPE hi1.4xlarge 8 6144 120 INSTANCETYPE cc2.8xlarge 16 6144 120 INSTANCETYPE cg1.4xlarge 16 12288 200 INSTANCETYPE cr1.8xlarge 16 16384 240 INSTANCETYPE hs1.8xlarge 48 119808 24000
Use euca-run-instances to launch the CoreOS image as an instance, passing the cloud-init.config file using the –user-data-file option:
# euca-run-instances -k coreos -t c1.medium emi-98868F66 --user-data-file cloud-init-docker-storage.config RESERVATION r-FC799274 408396244283 default INSTANCE i-AF303D5D emi-98868F66 pending coreos 0 c1.medium 2014-06-12T13:38:31.008Z ViciousLiesAndDangerousRumors monitoring-disabled 0.0.0.0 0.0.0.0 instance-store hvm sg-A5133B59
Once the instance reaches the ‘running’ state, SSH into the instance to see the ephemeral storage mounted and formatted correctly:
# euca-describe-instances i-AF303D5D --region account1-user01@ RESERVATION r-FC799274 408396244283 default INSTANCE i-AF303D5D emi-98868F66 euca-10-104-6-236.bigboi.acme.eucalyptus-systems.com euca-172-18-238-171.bigboi.internal running coreos 0 c1.medium 2014-06-12T13:38:31.008Z ViciousLiesAndDangerousRumors monitoring-disabled 10.104.6.236 172.18.238.17 instance-store hvm sg-A5133B59
# ssh -i coreos.priv core@euca-10-104-6-236.bigboi.acme.eucalyptus-systems.com CoreOS (beta) core@localhost ~ $ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 254:0 0 8.3G 0 disk |-vda1 254:1 0 128M 0 part |-vda2 254:2 0 64M 0 part |-vda3 254:3 0 1G 0 part |-vda4 254:4 0 1G 0 part /usr |-vda6 254:6 0 128M 0 part /usr/share/oem `-vda9 254:9 0 6G 0 part / vdb 254:16 0 11.7G 0 disk /var/lib/docker
core@localhost ~ $ mount ....... /dev/vda6 on /usr/share/oem type ext4 (rw,nodev,relatime,commit=600,data=ordered /dev/vdb on /var/lib/docker type btrfs (rw,relatime,space_cache)
The instance is now ready for docker containers to be created. For some docker container examples, check out the CoreOS documentation and the Docker documentation.
Enjoy!
More Mind Spew-age from Harold Spencer Jr. 
[…] key prerequisites for this blog were mentioned in my previous blog, which discusses how to bundle, upload and register a CoreOS EMI. In addition, to these prerequisites, the following EC2 actions are needed for the Eucalyptus IAM […]
[…] The IAM permissions mentioned in Prerequisites section one of my previous blog entries – “CoreOS CloudInit Config for Docker Storage Management“ […]