This section describes how to install and configure the Container Infrastructure Management service for from source code.
Before you install and configure the Container Infrastructure Management service, you must create a database, service credentials, and API endpoints.
To create the database, complete these steps:
Use the database access client to connect to the database
server as the root
user:
$ mysql -u root -p
Create the magnum
database:
CREATE DATABASE magnum;
Grant proper access to the magnum
database:
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'localhost' \
IDENTIFIED BY 'MAGNUM_DBPASS';
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \
IDENTIFIED BY 'MAGNUM_DBPASS';
Replace MAGNUM_DBPASS
with a suitable password.
Exit the database access client.
Source the admin
credentials to gain access to
admin-only CLI commands:
$ . admin-openrc
To create the service credentials, complete these steps:
Create the magnum
user:
$ openstack user create --domain default \
--password-prompt magnum
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | a8ebafc275c54d389dfc1bff8b4fe286 |
| name | magnum |
+-----------+----------------------------------+
Add the admin
role to the magnum
user:
$ openstack role add --project service --user magnum admin
This command provides no output.
Create the magnum
service entity:
$ openstack service create --name magnum \
--description "OpenStack Container Infrastructure Management Service" \
container-infra
+-------------+-------------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------------+
| description | OpenStack Container Infrastructure Management Service |
| enabled | True |
| id | 194faf83e8fd4e028e5ff75d3d8d0df2 |
| name | magnum |
| type | container-infra |
+-------------+-------------------------------------------------------+
Create the Container Infrastructure Management service API endpoints:
$ openstack endpoint create --region RegionOne \
container-infra public http://CONTROLLER_IP:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cb137e6366ad495bb521cfe92d8b8858 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://CONTROLLER_IP:9511/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
container-infra internal http://CONTROLLER_IP:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 17cbc3b6f51449a0a818118d6d62868d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://CONTROLLER_IP:9511/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
container-infra admin http://CONTROLLER_IP:9511/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 30f8888e6b6646d7b5cd14354c95a684 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum |
| service_type | container-infra |
| url | http://CONTROLLER_IP:9511/v1 |
+--------------+----------------------------------+
Replace CONTROLLER_IP
with the IP magnum listens to. Alternatively,
you can use a hostname which is reachable by the Compute instances.
Magnum requires additional information in the Identity service to manage COE clusters. To add this information, complete these steps:
Create the magnum
domain that contains projects and users:
$ openstack domain create --description "Owns users and projects \
created by magnum" magnum
+-------------+-------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------+
| description | Owns users and projects created by magnum |
| enabled | True |
| id | 66e0469de9c04eda9bc368e001676d20 |
| name | magnum |
+-------------+-------------------------------------------+
Create the magnum_domain_admin
user to manage projects and users
in the magnum
domain:
$ openstack user create --domain magnum --password-prompt \
magnum_domain_admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 66e0469de9c04eda9bc368e001676d20 |
| enabled | True |
| id | 529b81cf35094beb9784c6d06c090c2b |
| name | magnum_domain_admin |
+-----------+----------------------------------+
Add the admin
role to the magnum_domain_admin
user in the
magnum
domain to enable administrative management privileges
by the magnum_domain_admin
user:
$ openstack role add --domain magnum --user-domain magnum --user \
magnum_domain_admin admin
This command provides no output.
Install Magnum from source:
Install OS-specific prerequisites:
Ubuntu 16.04 (xenial) or higher:
# apt update
# apt install python-dev libssl-dev libxml2-dev \
libmysqlclient-dev libxslt-dev libpq-dev git \
libffi-dev gettext build-essential
CentOS 7:
# yum install python-devel openssl-devel mariadb-devel \
libxml2-devel libxslt-devel postgresql-devel git \
libffi-devel gettext gcc
Fedora 21 / RHEL 7
# yum install python-devel openssl-devel mysql-devel \
libxml2-devel libxslt-devel postgresql-devel git \
libffi-devel gettext gcc
Fedora 22 or higher
# dnf install python-devel openssl-devel mysql-devel \
libxml2-devel libxslt-devel postgresql-devel git \
libffi-devel gettext gcc
openSUSE Leap 42.1
# zypper install git libffi-devel libmysqlclient-devel \
libopenssl-devel libxml2-devel libxslt-devel \
postgresql-devel python-devel gettext-runtime gcc
Create magnum user and necessary directories:
Create user:
# groupadd --system magnum
# useradd --home-dir "/var/lib/magnum" \
--create-home \
--system \
--shell /bin/false \
-g magnum \
magnum
Create directories:
# mkdir -p /var/log/magnum
# mkdir -p /etc/magnum
Set ownership to directories:
# chown magnum:magnum /var/log/magnum
# chown magnum:magnum /var/lib/magnum
# chown magnum:magnum /etc/magnum
Install virtualenv and python prerequisites:
Install virtualenv and create one for magnum’s installation:
# easy_install -U virtualenv
# su -s /bin/sh -c "virtualenv /var/lib/magnum/env" magnum
Install python prerequisites:
# su -s /bin/sh -c "/var/lib/magnum/env/bin/pip install tox pymysql \
python-memcached" magnum
Clone and install magnum:
# cd /var/lib/magnum
# git clone https://git.openstack.org/openstack/magnum.git
# chown -R magnum:magnum magnum
# cd magnum
# su -s /bin/sh -c "/var/lib/magnum/env/bin/pip install -r requirements.txt" magnum
# su -s /bin/sh -c "/var/lib/magnum/env/bin/python setup.py install" magnum
Copy api-paste.ini:
# su -s /bin/sh -c "cp etc/magnum/api-paste.ini /etc/magnum" magnum
Generate a sample configuration file:
# su -s /bin/sh -c "/var/lib/magnum/env/bin/tox -e genconfig" magnum
# su -s /bin/sh -c "cp etc/magnum/magnum.conf.sample /etc/magnum/magnum.conf" magnum
Optionally, if you want to customize the policies for Magnum API accesses,
you can generate a sample policy file, put it into /etc/magnum
folder
for further modifications:
# su -s /bin/sh -c "/var/lib/magnum/env/bin/tox -e genpolicy" magnum
# su -s /bin/sh -c "cp etc/magnum/policy.yaml.sample /etc/magnum/policy.yaml" magnum
Edit the /etc/magnum/magnum.conf
file:
In the [api]
section, configure the host:
[api]
...
host = CONTROLLER_IP
Replace CONTROLLER_IP
with the IP address on which you wish magnum api
should listen.
In the [certificates]
section, select barbican
(or x509keypair
if
you don’t have barbican installed):
Use barbican to store certificates:
[certificates]
...
cert_manager_type = barbican
Barbican is recommended for production environments.
To store x509 certificates in magnum’s database:
[certificates]
...
cert_manager_type = x509keypair
In the [cinder_client]
section, configure the region name:
[cinder_client]
...
region_name = RegionOne
In the [database]
section, configure database access:
[database]
...
connection = mysql+pymysql://magnum:MAGNUM_DBPASS@controller/magnum
Replace MAGNUM_DBPASS
with the password you chose for
the magnum database.
In the [keystone_authtoken]
and [trust]
sections, configure
Identity service access:
[keystone_authtoken]
...
memcached_servers = controller:11211
auth_version = v3
auth_uri = http://controller:5000/v3
project_domain_id = default
project_name = service
user_domain_id = default
password = MAGNUM_PASS
username = magnum
auth_url = http://controller:35357
auth_type = password
admin_user = magnum
admin_password = MAGNUM_PASS
admin_tenant_name = service
[trust]
...
trustee_domain_name = magnum
trustee_domain_admin_name = magnum_domain_admin
trustee_domain_admin_password = DOMAIN_ADMIN_PASS
trustee_keystone_interface = KEYSTONE_INTERFACE
Replace MAGNUM_PASS with the password you chose for the magnum user in the
Identity service and DOMAIN_ADMIN_PASS with the password you chose for the
magnum_domain_admin
user.
Replace KEYSTONE_INTERFACE with either public
or internal
depending on your network configuration. If your instances cannot reach
internal keystone endpoint which is often the case in production
environments it should be set to public
. Default to public
In the [oslo_messaging_notifications]
section, configure the
driver
:
[oslo_messaging_notifications]
...
driver = messaging
In the [DEFAULT]
section,
configure RabbitMQ
message queue access:
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace RABBIT_PASS
with the password you chose for the
openstack
account in RabbitMQ
.
Additionally, edit the /etc/magnum/magnum.conf
file:
In the [oslo_concurrency]
section, configure the lock_path
:
[oslo_concurrency]
...
lock_path = /var/lib/magnum/tmp
If you decide to customize Magnum policies in
1.e
, then in the[oslo_policy]
section, configure thepolicy_file
:[oslo_policy] ... policy_file = /etc/magnum/policy.yamlNoteMake sure that
/etc/magnum/magnum.conf
still have the correct permissions. You can set the permissions again with:# chown magnum:magnum /etc/magnum/magnum.conf
Populate Magnum database:
# su -s /bin/sh -c "/var/lib/magnum/env/bin/magnum-db-manage upgrade" magnum
Set magnum for log rotation:
# cd /var/lib/magnum/magnum
# cp doc/examples/etc/logrotate.d/magnum.logrotate /etc/logrotate.d/magnum
Create init scripts and services:
Ubuntu 16.04 or higher, Fedora 21 or higher/RHEL 7/CentOS 7 or openSUSE Leap 42.1:
# cd /var/lib/magnum/magnum
# cp doc/examples/etc/systemd/system/magnum-api.service \
/etc/systemd/system/magnum-api.service
# cp doc/examples/etc/systemd/system/magnum-conductor.service \
/etc/systemd/system/magnum-conductor.service
Start magnum-api and magnum-conductor:
Ubuntu 16.04 or higher, Fedora 21 or higher/RHEL 7/CentOS 7 or openSUSE Leap 42.1:
# systemctl enable magnum-api
# systemctl enable magnum-conductor
# systemctl start magnum-api
# systemctl start magnum-conductor
Verify that magnum-api and magnum-conductor services are running:
Ubuntu 16.04 or higher, Fedora 21 or higher/RHEL 7/CentOS 7 or openSUSE Leap 42.1:
# systemctl status magnum-api
# systemctl status magnum-conductor
Install OS-specific prerequisites:
Fedora 21/RHEL 7/CentOS 7
# yum install python-devel openssl-devel python-virtualenv \
libffi-devel git gcc
Fedora 22 or higher
# dnf install python-devel openssl-devel python-virtualenv \
libffi-devel git gcc
Ubuntu
# apt update
# apt install python-dev libssl-dev python-virtualenv \
libffi-dev git gcc
openSUSE Leap 42.1
# zypper install python-devel libopenssl-devel python-virtualenv \
libffi-devel git gcc
Install the client in a virtual environment:
$ cd ~
$ git clone https://git.openstack.org/openstack/python-magnumclient.git
$ cd python-magnumclient
$ virtualenv .magnumclient-env
$ .magnumclient-env/bin/pip install -r requirements.txt
$ .magnumclient-env/bin/python setup.py install
Now, you can export the client in your PATH:
$ export PATH=$PATH:${PWD}/.magnumclient-env/bin/magnum
The command-line client can be installed on the controller node or on a different host than the service. It is good practice to install it as a non-root user.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.