Install and configure controller node¶
This section describes how to install and configure the Container service on the controller node for Ubuntu 16.04 (LTS) and CentOS 7.
Prerequisites¶
Before you install and configure Zun, you must create a database, service credentials, and API endpoints.
To create the database, complete these steps:
Use the database access client to connect to the database server as the
rootuser:# mysqlCreate the
zundatabase:MariaDB [(none)] CREATE DATABASE zun;Grant proper access to the
zundatabase:MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' \ IDENTIFIED BY 'ZUN_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' \ IDENTIFIED BY 'ZUN_DBPASS';
Replace
ZUN_DBPASSwith a suitable password.Exit the database access client.
Source the
admincredentials to gain access to admin-only CLI commands:$ . admin-openrc
To create the service credentials, complete these steps:
Create the
zunuser:$ openstack user create --domain default --password-prompt zun User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | e0353a670a9e496da891347c589539e9 | | enabled | True | | id | ca2e175b851943349be29a328cc5e360 | | name | zun | +-----------+----------------------------------+
Add the
adminrole to thezunuser:$ openstack role add --project service --user zun admin
Note
This command provides no output.
Create the
zunservice entities:$ openstack service create --name zun \ --description "Container Service" container +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Container Service | | enabled | True | | id | 727841c6f5df4773baa4e8a5ae7d72eb | | name | zun | | type | container | +-------------+----------------------------------+
Create the Container service API endpoints:
$ openstack endpoint create --region RegionOne \ container public http://controller:9517/v1 +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 3f4dab34624e4be7b000265f25049609 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | zun | | service_type | container | | url | http://controller:9517/v1 | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ container internal http://controller:9517/v1 +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 9489f78e958e45cc85570fec7e836d98 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | zun | | service_type | container | | url | http://controller:9517/v1 | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ container admin http://controller:9517/v1 +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 76091559514b40c6b7b38dde790efe99 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | zun | | service_type | container | | url | http://controller:9517/v1 | +--------------+-----------------------------------------+
Install and configure components¶
Create zun user and necessary directories:
Create user:
# groupadd --system zun # useradd --home-dir "/var/lib/zun" \ --create-home \ --system \ --shell /bin/false \ -g zun \ zun
Create directories:
# mkdir -p /etc/zun # chown zun:zun /etc/zun
Install the following dependencies:
For Ubuntu, run:
# apt-get install python3-pip git
For CentOS, run:
# yum install python3-pip git python3-devel libffi-devel gcc openssl-devel
Clone and install zun:
# cd /var/lib/zun # git clone https://opendev.org/openstack/zun.git # chown -R zun:zun zun # git config --global --add safe.directory /var/lib/zun/zun # cd zun # pip3 install -r requirements.txt # python3 setup.py install
Generate a sample configuration file:
# su -s /bin/sh -c "oslo-config-generator \ --config-file etc/zun/zun-config-generator.conf" zun # su -s /bin/sh -c "cp etc/zun/zun.conf.sample \ /etc/zun/zun.conf" zun
Copy api-paste.ini:
# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun
Edit the
/etc/zun/zun.conf:In the
[DEFAULT]section, configureRabbitMQmessage queue access:[DEFAULT] ... transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace
RABBIT_PASSwith the password you chose for theopenstackaccount inRabbitMQ.In the
[api]section, configure the IP address that Zun API server is going to listen:[api] ... host_ip = 10.0.0.11 port = 9517
Replace
10.0.0.11with the management interface IP address of the controller node if different.In the
[database]section, configure database access:[database] ... connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
Replace
ZUN_DBPASSwith the password you chose for the zun database.In the
[keystone_auth]section, configure Identity service access:[keystone_auth] memcached_servers = controller:11211 www_authenticate_uri = http://controller:5000 project_domain_name = default project_name = service user_domain_name = default password = ZUN_PASS username = zun auth_url = http://controller:5000 auth_type = password auth_version = v3 auth_protocol = http service_token_roles_required = True endpoint_type = internalURL
In the
[keystone_authtoken]section, configure Identity service access:[keystone_authtoken] ... memcached_servers = controller:11211 www_authenticate_uri = http://controller:5000 project_domain_name = default project_name = service user_domain_name = default password = ZUN_PASS username = zun auth_url = http://controller:5000 auth_type = password auth_version = v3 auth_protocol = http service_token_roles_required = True endpoint_type = internalURL
Replace ZUN_PASS with the password you chose for the zun user in the Identity service.
In the
[oslo_concurrency]section, configure thelock_path:[oslo_concurrency] ... lock_path = /var/lib/zun/tmp
In the
[oslo_messaging_notifications]section, configure thedriver:[oslo_messaging_notifications] ... driver = messaging
In the
[websocket_proxy]section, configure the IP address that the websocket proxy is going to listen to:[websocket_proxy] ... wsproxy_host = 10.0.0.11 wsproxy_port = 6784 base_url = ws://controller:6784/
Note
This
base_urlwill be used by end users to access the console of their containers so make sure this URL is accessible from your intended users and the port6784is not blocked by firewall.Replace
10.0.0.11with the management interface IP address of the controller node if different.
Note
Make sure that
/etc/zun/zun.confstill have the correct permissions. You can set the permissions again with:# chown zun:zun /etc/zun/zun.conf
Populate Zun database:
# su -s /bin/sh -c "zun-db-manage upgrade" zun
Finalize installation¶
Create an upstart config, it could be named as
/etc/systemd/system/zun-api.service:Note
CentOS might install binary files into
/usr/bin/. If it does, replace/usr/local/bin/directory with the correct in the following example files.[Unit] Description = OpenStack Container Service API [Service] ExecStart = /usr/local/bin/zun-api User = zun [Install] WantedBy = multi-user.target
Create an upstart config, it could be named as
/etc/systemd/system/zun-wsproxy.service:[Unit] Description = OpenStack Container Service Websocket Proxy [Service] ExecStart = /usr/local/bin/zun-wsproxy User = zun [Install] WantedBy = multi-user.target
Enable and start zun-api and zun-wsproxy:
# systemctl enable zun-api # systemctl enable zun-wsproxy
# systemctl start zun-api # systemctl start zun-wsproxy
Verify that zun-api and zun-wsproxy services are running:
# systemctl status zun-api # systemctl status zun-wsproxy
