openstack(queens)部署Zun服務
zun安裝手冊
Zun是Openstack中提供容器管理服務的元件,本文使用的是centos7上的openstack(queens)環境
目錄
controller:192.168.152.101
compute:192.168.152.102
- 建立資料庫
controller節點
# mysql –uroot –p000000
MariaDB [(none)] CREATE DATABASE zun;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' IDENTIFIED BY 'ZUN_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' IDENTIFIED BY 'ZUN_DBPASS';
- 建立openstack使用者、服務、端點
controller節點
# . admin-openrc
# openstack user create --domain default --password-prompt zun
# openstack role add --project service --user zun admin
openstack service create --name zun \
--description "Container Service" container
openstack endpoint create --region RegionOne container public http://controller:9517/v1
openstack endpoint create --region RegionOne container internal http://controller:9517/v1
openstack endpoint create --region RegionOne container admin http://controller:9517/v1
3. 在controller節點上安裝zun服務
3.1 建立使用者、組
# groupadd --system zun
# useradd --home-dir "/var/lib/zun" --create-home --system --shell /bin/false -g zun zun
3.2 建立目錄
# mkdir -p /etc/zun
# chown zun:zun /etc/zun
3.3 安裝zun
# yum install python-pip -y
# cd /var/lib/zun
# git clone -b stable/queens https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install
3.4 生成示例配置檔案
# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun
3.5 複製api-paste.ini配置檔案
# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun
3.6 編輯配置檔案,在合適位置新增以下內容
# vi /etc/zun/zun.conf
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
[api]
host_ip = 192.168.152.101
port = 9517
[database]
connection = mysql+pymysql://zun:000000 @controller/zun
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
[keystone_authtoken]
...
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
[oslo_concurrency]
lock_path = /var/lib/zun/tmp
[oslo_messaging_notifications]
driver = messaging
[websocket_proxy]
wsproxy_host = 192.168.152.101
wsproxy_port = 6784
3.7 填充資料庫
# su -s /bin/sh -c "zun-db-manage upgrade" zun
3.8 建立啟動檔案
# vi /etc/systemd/system/zun-api.service
[Unit]
Description = OpenStack Container Service API
[Service]
ExecStart = /usr/ bin/zun-api
User = zun
[Install]
WantedBy = multi-user.target
# vi /etc/systemd/system/zun-wsproxy.service
[Unit]
Description = OpenStack Container Service Websocket Proxy
[Service]
ExecStart = /usr/bin/zun-wsproxy
User = zun
[Install]
WantedBy = multi-user.target
3.9 啟動服務
# systemctl enable zun-api zun-wsproxy
# systemctl start zun-api zun-wsproxy
# systemctl status zun-api zun-wsproxy
以下操作在compute節點上執行
4 在compute節點上安裝docker-ce
4.1 解除安裝舊版本的docker
# yum remove docker docker-common docker-selinux docker-engine –y
4.2 安裝依賴包
# yum install -y yum-utils device-mapper-persistent-data lvm2
4.3 新增yum阿里源
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
4.4 更新yum源
# yum makecache fast
4.5 安裝docker-ce
# yum install docker-ce
4.6 啟動docker-ce
# systemctl enable docker
# systemctl start docker
4.7 新增核心配置引數
# cat /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
# sysctl –p
5 在controller節點上新增kuryr-libnetwork使用者
5.1 建立kuryr使用者
# . admin-openrc
# openstack user create --domain default --password-prompt kuryr
5.2 新增角色
# openstack role add --project service --user kuryr admin
6 在compute節點安裝kuryr-libnetwork
6.1 建立使用者
# groupadd --system kuryr
# useradd --home-dir "/var/lib/kuryr" --create-home --system --shell /bin/false -g kuryr kuryr
6.2 建立目錄
# mkdir -p /etc/kuryr
# chown kuryr:kuryr /etc/kuryr
6.3 安裝kuryr-libnetwork
#yum install python-pip -y
# cd /var/lib/kuryr
# git clone -b stable/queens https://git.openstack.org/openstack/kuryr-libnetwork.git
# chown -R kuryr:kuryr kuryr-libnetwork
# cd kuryr-libnetwork
# pip install -r requirements.txt
# python setup.py install
6.4 生成示例配置檔案
# su -s /bin/sh -c "./tools/generate_config_file_samples.sh" kuryr
# su -s /bin/sh -c "cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf" kuryr
6.5 編輯配置檔案,新增以下內容
# vi /etc/kuryr/kuryr.conf
[DEFAULT]
bindir = /usr/libexec/kuryr
[neutron]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:35357
username = kuryr
user_domain_name = default
password = 000000
project_name = service
project_domain_name = default
auth_type = password
6.6 建立啟動檔案
# vi /etc/systemd/system/kuryr-libnetwork.service
[Unit]
Description = Kuryr-libnetwork - Docker network plugin for Neutron
[Service]
ExecStart = /usr/bin/kuryr-server --config-file /etc/kuryr/kuryr.conf
CapabilityBoundingSet = CAP_NET_ADMIN
[Install]
WantedBy = multi-user.target
6.7 啟動服務
# systemctl enable kuryr-libnetwork
# systemctl start kuryr-libnetwork
# systemctl restart docker
6.8 驗證
6.8.1 建立kuryr網路
# docker network create --driver kuryr --ipam-driver kuryr --subnet 10.10.0.0/16 --gateway=10.10.0.1 test_net
6.8.2 檢視網路
# docker network ls
6.8.3 建立容器
# docker run --net test_net cirros ifconfig
7 在compute節點安裝zun服務
7.1 建立使用者
# groupadd --system zun
# useradd --home-dir "/var/lib/zun" --create-home --system --shell /bin/false -g zun zun
7.2 建立目錄
# mkdir -p /etc/zun
# chown zun:zun /etc/zun
7.3 安裝zun
# cd /var/lib/zun
# git clone -b stable/queens https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install
7.4 生成示例配置檔案
# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.conf /etc/zun/rootwrap.conf" zun
# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* /etc/zun/rootwrap.d/" zun
7.5 配置zun使用者
# echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap
7.6 編輯配置檔案,新增以下內容
# vi /etc/zun/zun.conf
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
state_path = /var/lib/zun
[database]
connection = mysql+pymysql://zun:000000 @controller/zun
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
[keystone_authtoken]
memcached_servers = controller:11211
www_authenticate_uri= http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
[websocket_proxy]
base_url = ws://controller:6784/
[oslo_concurrency]
lock_path = /var/lib/zun/tmp
7.7 配置docker和kuryr
7.7.1 建立docker配置資料夾
# mkdir -p /etc/systemd/system/docker.service.d
7.7.2 建立docker配置檔案
# vi /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379
7.7.3 重啟docker
# systemctl daemon-reload
# systemctl restart docker
7.7.4 編輯kuryr配置檔案,新增以下內容
# vi /etc/kuryr/kuryr.conf
[DEFAULT]
capability_scope = global
7.7.5 重啟kuryr
# systemctl restart kuryr-libnetwork
7.8 建立啟動檔案
# vi /etc/systemd/system/zun-compute.service
[Unit]
Description = OpenStack Container Service Compute Agent
[Service]
ExecStart = /usr /bin/zun-compute
User = zun
[Install]
WantedBy = multi-user.target
7.9 啟動zun-compute
# systemctl enable zun-compute
# systemctl start zun-compute
# systemctl status zun-compute
7.10 驗證
# pip install python-zunclient==1.1.0
# source admin-openrc
# openstack appcontainer service list
8 在controller節點啟動一個容器例項
8.1 檢視網路
# openstack network list
8.2 獲取網路id
# export NET_ID=$(openstack network list | awk '/ selfservice / { print $2 }')
8.3 建立容器
# openstack appcontainer run --name container --net network=$NET_ID cirros ping 8.8.8.8
8.4 檢視容器列表
# openstack appcontainer list
8.5 執行sh命令
# openstack appcontainer exec --interactive container /bin/sh
8.6 驗證網路
# ping -c 4 openstack.org;exit
8.7 停止容器
# openstack appcontainer stop container
8.8 刪除容器
# openstack appcontainer delete container
9 安裝zun-ui
9.1 下載zun原始檔
# git clone https://github.com/openstack/zun-ui
9.2 複製檔案
# cp /zun-ui/zun_ui/enabled/_1330_project_container_panelgroup.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/
# cp /zun-ui/zun_ui/enabled/_1331_project_container_containers_panel.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/
# cp./zun-ui/zun_ui/enabled/_2330_project_container_panelgroup.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/
# cp /zun-ui/zun_ui/enabled/_2331_project_container_images_panel.py openstack_dashboard/local/enabled
# cp /zun-ui/zun_ui/enabled/_0330_cloud_shell.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/
9.3 安裝ui模組
# pip install zun-ui
9.4 重啟服務
# systemctl restart httpd memcached