在CentOS/Ubuntu上安装OpenStack Magnum容器服务
时间:2020-02-23 14:31:35 来源:igfitidea点击:
Magnum是一项OpenStack API服务,旨在帮助OpenStack用户管理容器编排引擎,例如Kubernetes,Docker Swarm和Apache Mesos。 Magnum使用Heat来编排包含Docker和Kubernetes的OS镜像,并在虚拟机或者群集配置中的裸机上运行该镜像。
在本教程中,我们将介绍在OpenStack中设置Magnum Container Orchestration Service所需的步骤。在遵循本教程之前,我们应该拥有一个可运行的OpenStack云环境。
在你开始之前
我们需要访问以下内容:OpenStack服务正在使用的数据库服务器根访问权限可以更改控制器中的Magnum配置文件访问管理凭据文件.keystonerc或者.admin-openrc
一旦确认对上述内容的访问权,就可以开始在OpenStack中设置Magnum容器服务。
创建Magnum数据库用户
创建magnum数据库并授予对magnum数据库的适当访问权限:
$mysql -u root -p CREATE DATABASE magnum; GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'localhost' IDENTIFIED BY 'MagnumDBPassword'; GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' IDENTIFIED BY 'MagnumDBPassword'; FLUSH PRIVILEGES; \q
用适用于magnum数据库用户的密码替换MagnumDBPassword。
建立magnum服务使用者
取得管理员凭据,以访问仅管理员的CLI命令:
$source ~/.keystonerc
然后创建一个大客户服务用户帐户。
$openstack user create --domain default --project service --password MagnumPass magnum
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 0766331616c7429a9b459d0d642cc4db |
| domain_id | default |
| enabled | True |
| id | 60e671d56e4148bca1d5be2e2a1197c4 |
| name | magnum |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将admin角色添加到magnum用户:
$openstack role add --project service --user magnum admin
创建大酒瓶服务实体:
$openstack service create --name magnum --description "OpenStack Container Infrastructure Management Service" container-infra +-------------+-------------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------------+ | description | OpenStack Container Infrastructure Management Service | | enabled | True | | id | c4f62b6df2694b489d8cdf8caf4f00e1 | | name | magnum | | type | container-infra | +-------------+-------------------------------------------------------+
建立服务API端点
创建容器基础结构管理服务API端点。
用大酒瓶监听的IP地址替换控制器值。这也可以是Compute实例可访问的主机名。
$export controller=192.168.1.10 $openstack endpoint create --region RegionOne container-infra public http://$controller:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 49fa8d06927747fca27e33e4bbb71180 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | c4f62b6df2694b489d8cdf8caf4f00e1 | | service_name | magnum | | service_type | container-infra | | url | http://192.168.1.10:9511/v1 | +--------------+----------------------------------+ $openstack endpoint create --region RegionOne container-infra internal http://$controller:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1eeba15e78fd4d71b4319ac3479d4078 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c4f62b6df2694b489d8cdf8caf4f00e1 | | service_name | magnum | | service_type | container-infra | | url | http://192.168.1.10:9511/v1 | +--------------+----------------------------------+ $openstack endpoint create --region RegionOne container-infra admin http://$controller:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 12719874757b4c6e9483c0f62a9154d5 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | c4f62b6df2694b489d8cdf8caf4f00e1 | | service_name | magnum | | service_type | container-infra | | url | http://192.168.1.10:9511/v1 | +--------------+----------------------------------+
建立Magnum网域
创建包含用于容器服务的项目和用户的magnum域。
$openstack domain create --description "Owns users and projects created by magnum" magnum +-------------+-------------------------------------------+ | Field | Value | +-------------+-------------------------------------------+ | description | Owns users and projects created by magnum | | enabled | True | | id | 602fe4ebda15445d87f42237a7af9240 | | name | magnum | | tags | [] | +-------------+-------------------------------------------+
创建magnum_domain_admin用户以管理magnum域中的项目和用户
$openstack user create --domain magnum --password aShuumoNg8ieche magnum_domain_admin
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 602fe4ebda15445d87f42237a7af9240 |
| enabled | True |
| id | 7339631f125a40d5b77b0f959990203e |
| name | magnum_domain_admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将admin角色添加到magnum域中的magnum_domain_admin用户中,以启用管理权限:
$openstack role add --domain magnum --user-domain magnum --user magnum_domain_admin admin
安装和配置Magnum组件
现在,我们可以安装Magnum所需的软件包。
---- CentOS --- $sudo yum -y install openstack-magnum-api openstack-magnum-conductor python-magnumclient ---- Ubuntu --- $sudo apt -y install magnum-api magnum-conductor python-magnumclient
编辑/etc/magnum/magnum.conf文件并在[api]部分中配置主机:
[api] ... host = CONTROLLER_IP
在[证书]部分中,选择barbican(如果没有安装Barbican,则选择x509keypair):
[certificates] ... cert_manager_type = x509keypair
在[cinder_client]部分中,配置区域名称:
[cinder_client] ... region_name = RegionOne
在[数据库]部分中,配置数据库访问:
[database] ... connection = mysql+pymysql://magnum:theitroad@localhost/magnum
将MAGNUM_DBPASS替换为我们为magnum数据库选择的密码。
在[keystone_authtoken]和[trust]部分中,配置身份服务访问:
[keystone_authtoken] ... memcached_servers = controller:11211 auth_version = v3 www_authenticate_uri = http://controller:5000/v3 project_domain_id = default project_name = service user_domain_id = default password = MAGNUM_PASS username = magnum auth_url = http://controller:5000 auth_type = password admin_user = magnum admin_password = MAGNUM_PASS admin_tenant_name = service [trust] ... trustee_domain_name = magnum trustee_domain_admin_name = magnum_domain_admin trustee_domain_admin_password = DOMAIN_ADMIN_PASS trustee_keystone_interface = KEYSTONE_INTERFACE
将MAGNUM_PASS替换为我们在身份服务DOMAIN_ADMIN_PASS中为magnum用户选择的密码,并将其替换为我们为magnum_domain_admin用户选择的密码。
在[oslo_messaging_notifications]部分中,配置驱动程序:
[oslo_messaging_notifications] ... driver = messaging
在[DEFAULT]部分中,配置RabbitMQ消息队列访问:
[DEFAULT] ... transport_url = rabbit://openstack:theitroad@localhost
将RABBIT_PASS替换为我们为RabbitMQ中的openstack帐户选择的密码。
编辑/etc/magnum/magnum.conf文件,并在[oslo_concurrency]部分下设置lock_path:
[oslo_concurrency] ... lock_path = /var/lib/magnum/tmp
填充Magnum数据库:
$sudo su -s /bin/sh -c "magnum-db-manage upgrade" magnum su -s /bin/sh -c "magnum-db-manage upgrade" magnum INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> 2581ebaf0cb2, initial migration INFO [alembic.runtime.migration] Running upgrade 2581ebaf0cb2 -> 3bea56f25597, Multi Tenant Support INFO [alembic.runtime.migration] Running upgrade 3bea56f25597 -> 5793cd26898d, Add bay status INFO [alembic.runtime.migration] Running upgrade 5793cd26898d -> 3a938526b35d, Add docker volume size column INFO [alembic.runtime.migration] Running upgrade 3a938526b35d -> 35cff7c86221, add private network to baymodel INFO [alembic.runtime.migration] Running upgrade 35cff7c86221 -> 1afee1db6cd0, Add master flavor INFO [alembic.runtime.migration] Running upgrade 1afee1db6cd0 -> 2d1354bbf76e, ssh authorized key INFO [alembic.runtime.migration] Running upgrade 2d1354bbf76e -> 29affeaa2bc2, rename-bay-master-address INFO [alembic.runtime.migration] Running upgrade 29affeaa2bc2 -> 2ace4006498, rename-bay-minions-address INFO [alembic.runtime.migration] Running upgrade 2ace4006498 -> 456126c6c9e9, create baylock table INFO [alembic.runtime.migration] Running upgrade 456126c6c9e9 -> 4ea34a59a64c, add-discovery-url-to-bay INFO [alembic.runtime.migration] Running upgrade 4ea34a59a64c -> e772b2598d9, add-container-command INFO [alembic.runtime.migration] Running upgrade e772b2598d9 -> 2d8657c0cdc, add bay uuid INFO [alembic.runtime.migration] Running upgrade 2d8657c0cdc -> 4956f03cabad, add cluster distro INFO [alembic.runtime.migration] Running upgrade 4956f03cabad -> 592131657ca1, Add coe column to BayModel INFO [alembic.runtime.migration] Running upgrade 592131657ca1 -> 3b6c4c42adb4, Add unique constraints INFO [alembic.runtime.migration] Running upgrade 3b6c4c42adb4 -> 2b5f24dd95de, rename service port INFO [alembic.runtime.migration] Running upgrade 2b5f24dd95de -> 59e7664a8ba1, add_container_status INFO [alembic.runtime.migration] Running upgrade 59e7664a8ba1 -> 156ceb17fb0a, add_bay_status_reason INFO [alembic.runtime.migration] Running upgrade 156ceb17fb0a -> 1c1ff5e56048, rename_container_image_id INFO [alembic.runtime.migration] Running upgrade 1c1ff5e56048 -> 53882537ac57, add host column to pod INFO [alembic.runtime.migration] Running upgrade 53882537ac57 -> 14328d6a57e3, add master count to bay INFO [alembic.runtime.migration] Running upgrade 14328d6a57e3 -> 421102d1f2d2, create x509keypair table INFO [alembic.runtime.migration] Running upgrade 421102d1f2d2 -> 6f21dc998bb, Add master_addresses to bay INFO [alembic.runtime.migration] Running upgrade 6f21dc998bb -> 966a99e70ff, add-proxy INFO [alembic.runtime.migration] Running upgrade 966a99e70ff -> 6f21dc920bb, Add cert_uuuid to bay INFO [alembic.runtime.migration] Running upgrade 6f21dc920bb -> 5518af8dbc21, Rename cert_uuid INFO [alembic.runtime.migration] Running upgrade 5518af8dbc21 -> 4e263f236334, Add registry_enabled INFO [alembic.runtime.migration] Running upgrade 4e263f236334 -> 3be65537a94a, add_network_driver_baymodel_column INFO [alembic.runtime.migration] Running upgrade 3be65537a94a -> 1481f5b560dd, add labels column to baymodel table INFO [alembic.runtime.migration] Running upgrade 1481f5b560dd -> 1d045384b966, add-insecure-baymodel-attr INFO [alembic.runtime.migration] Running upgrade 1d045384b966 -> 27ad304554e2, adding magnum_service functionality INFO [alembic.runtime.migration] Running upgrade 27ad304554e2 -> 5ad410481b88, rename-insecure INFO [alembic.runtime.migration] Running upgrade 5ad410481b88 -> 2ae93c9c6191, add public column to baymodel table INFO [alembic.runtime.migration] Running upgrade 2ae93c9c6191 -> 33ef79969018, Add memory to container INFO [alembic.runtime.migration] Running upgrade 33ef79969018 -> 417917e778f5, Add server_type column to baymodel INFO [alembic.runtime.migration] Running upgrade 417917e778f5 -> 5977879072a7, add-env-to-container INFO [alembic.runtime.migration] Running upgrade 5977879072a7 -> 40f325033343, add bay_create_timeout to bay INFO [alembic.runtime.migration] Running upgrade 40f325033343 -> adc3b7679ae, add registry_trust_id to bay INFO [alembic.runtime.migration] Running upgrade adc3b7679ae -> 57fbdf2327a2, remove baylock INFO [alembic.runtime.migration] Running upgrade 57fbdf2327a2 -> 05d3e97de9ee, add volume driver INFO [alembic.runtime.migration] Running upgrade 05d3e97de9ee -> bb42b7cad130, remove node object INFO [alembic.runtime.migration] Running upgrade bb42b7cad130 -> 5d4caa6e0a42, create trustee for each bay INFO [alembic.runtime.migration] Running upgrade 5d4caa6e0a42 -> ee92b41b8809, Introduce Quotas INFO [alembic.runtime.migration] Running upgrade ee92b41b8809 -> 049f81f6f584, remove_ssh_authorized_key_from_baymodel INFO [alembic.runtime.migration] Running upgrade 049f81f6f584 -> e647f5931da8, add insecure_registry to baymodel INFO [alembic.runtime.migration] Running upgrade e647f5931da8 -> ef08a5e057bd, remove pod object INFO [alembic.runtime.migration] Running upgrade ef08a5e057bd -> d072f58ab240, modify x509keypair table INFO [alembic.runtime.migration] Running upgrade d072f58ab240 -> a1136d335540, Add docker storage driver column INFO [alembic.runtime.migration] Running upgrade a1136d335540 -> 085e601a39f6, remove service object INFO [alembic.runtime.migration] Running upgrade 085e601a39f6 -> 68ce16dfd341, add master_lb_enabled column to baymodel table INFO [alembic.runtime.migration] Running upgrade 68ce16dfd341 -> e0653b2d5271, Add fixed_subnet column to baymodel table INFO [alembic.runtime.migration] Running upgrade e0653b2d5271 -> 1f196a3dabae, remove container object INFO [alembic.runtime.migration] Running upgrade 1f196a3dabae -> 859fb45df249, remove replication controller INFO [alembic.runtime.migration] Running upgrade 859fb45df249 -> b1f612248cab, Add floating_ip_enabled column to baymodel table INFO [alembic.runtime.migration] Running upgrade b1f612248cab -> fcb4efee8f8b, add version info to bay INFO [alembic.runtime.migration] Running upgrade fcb4efee8f8b -> fb03fdef8919, rename_baymodel_to_clustertemplate INFO [alembic.runtime.migration] Running upgrade fb03fdef8919 -> 720f640f43d1, rename bay table to cluster INFO [alembic.runtime.migration] Running upgrade 720f640f43d1 -> bc46ba6cf949, add keypair to cluster INFO [alembic.runtime.migration] Running upgrade bc46ba6cf949 -> aa0cc27839af, add docker_volume_size to cluster INFO [alembic.runtime.migration] Running upgrade aa0cc27839af -> a0e7c8450ab1, add labels to cluster INFO [alembic.runtime.migration] Running upgrade a0e7c8450ab1 -> 52bcaf58fecb, add master_flavor_id to cluster INFO [alembic.runtime.migration] Running upgrade 52bcaf58fecb -> 04c625aa95ba, change storage driver to string INFO [alembic.runtime.migration] Running upgrade 04c625aa95ba -> 041d9a0f1159, add flavor_id to cluster INFO [alembic.runtime.migration] Running upgrade 041d9a0f1159 -> 9a1539f1cd2c, "add federation table INFO [alembic.runtime.migration] Running upgrade 9a1539f1cd2c -> cbbc65a86986, Add health_status and health_status_reason to cluster INFO [alembic.runtime.migration] Running upgrade cbbc65a86986 -> 87e62e3c7abc, add hidden to cluster template
启动容器基础结构管理服务,并将其配置为在系统启动时启动:
--- Ubuntu -- sudo systemctl restart magnum-api sudo systemctl restart magnum-conductor --- CentOS -- sudo systemctl enable --now openstack-magnum-api.service openstack-magnum-conductor.service
检查服务状态
$systemctl status openstack-magnum-api.service openstack-magnum-conductor.service
● openstack-magnum-api.service - OpenStack Magnum API Service
Loaded: loaded (/usr/lib/systemd/system/openstack-magnum-api.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2017-01-12 10:06:18 EAT; 13s ago
Main PID: 21961 (magnum-api)
CGroup: /system.slice/openstack-magnum-api.service
└─21961 /usr/bin/python2 /usr/bin/magnum-api
Jan 12 10:06:18 dserver.theitroad.local systemd[1]: Started OpenStack Magnum API Service.
Jan 12 10:06:18 dserver.theitroad.local magnum-api[21961]: Using RPC transport for notifications. Please use get_notification_transport t...tance.
Jan 12 10:06:18 dserver.theitroad.local magnum-api[21961]: 2017-01-12 10:06:18.964 21961 INFO magnum.api.app [-] Full WSGI config used: /...te.ini
Jan 12 10:06:18 dserver.theitroad.local magnum-api[21961]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: PkgResourcesDepr...ately.
Jan 12 10:06:18 dserver.theitroad.local magnum-api[21961]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Jan 12 10:06:19 dserver.theitroad.local magnum-api[21961]: 2017-01-12 10:06:19.107 21961 WARNING keystonemiddleware.auth_token [-] AuthTo... True.
Jan 12 10:06:19 dserver.theitroad.local magnum-api[21961]: 2017-01-12 10:06:19.118 21961 INFO magnum.cmd.api [-] Starting server in PID 21961
Jan 12 10:06:19 dserver.theitroad.local magnum-api[21961]: 2017-01-12 10:06:19.127 21961 INFO magnum.cmd.api [-] Server will handle each ...cesses
● openstack-magnum-conductor.service - Openstack Magnum Conductor Service
Loaded: loaded (/usr/lib/systemd/system/openstack-magnum-conductor.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2017-01-12 10:06:18 EAT; 13s ago
Main PID: 21962 (magnum-conducto)
CGroup: /system.slice/openstack-magnum-conductor.service
├─21962 /usr/bin/python2 /usr/bin/magnum-conductor
├─22001 /usr/bin/python2 /usr/bin/magnum-conductor
├─22002 /usr/bin/python2 /usr/bin/magnum-conductor
├─22003 /usr/bin/python2 /usr/bin/magnum-conductor
├─22004 /usr/bin/python2 /usr/bin/magnum-conductor
├─22005 /usr/bin/python2 /usr/bin/magnum-conductor
├─22006 /usr/bin/python2 /usr/bin/magnum-conductor
├─22007 /usr/bin/python2 /usr/bin/magnum-conductor
└─22008 /usr/bin/python2 /usr/bin/magnum-conductor
Jan 12 10:06:18 dserver.theitroad.local systemd[1]: Started Openstack Magnum Conductor Service.
Jan 12 10:06:18 dserver.theitroad.local magnum-conductor[21962]: Using RPC transport for notifications. Please use get_notification_trans...tance.
Jan 12 10:06:18 dserver.theitroad.local magnum-conductor[21962]: 2017-01-12 10:06:18.947 21962 INFO magnum.cmd.conductor [-] Starting ser... 21962
Jan 12 10:06:18 dserver.theitroad.local magnum-conductor[21962]: 2017-01-12 10:06:18.989 21962 INFO oslo_service.service [-] Starting 8 workers
Jan 12 10:06:19 dserver.theitroad.local magnum-conductor[21962]: 2017-01-12 10:06:19.027 21962 WARNING oslo_log.versionutils [req-b8390f4...seded.
Hint: Some lines were ellipsized, use -l to show in full.
要列出内部服务(即指挥官)的健康状况,请使用:
$openstack coe service list +----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+ | id | host | binary | state | disabled | disabled_reason | created_at | updated_at | +----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+ | 1 | None | magnum-conductor | up | False | None | 2017-01-12T07:06:19+00:00 | 2017-01-12T07:37:58+00:00 | +----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+
