Install and configure a compute node

Install and configure a compute node

This section describes how to install and configure the Compute service on a compute node.

Note

This section assumes that you are following the instructions in this guide step-by-step to configure the first compute node. If you want to configure additional compute nodes, prepare them in a similar fashion. Each additional compute node requires a unique IP address.

Prerequisites

Before you install and configure Zun, you must have Docker and Kuryr-libnetwork installed properly in the compute node, and have Etcd installed properly in the controller node. Refer Get Docker for Docker installation and Kuryr libnetwork installation guide, Etcd installation guide

Install and configure components

  1. Create zun user and necessary directories:

    • Create user:

      # groupadd --system zun
      # useradd --home-dir "/var/lib/zun" \
            --create-home \
            --system \
            --shell /bin/false \
            -g zun \
            zun
      
    • Create directories:

      # mkdir -p /etc/zun
      # chown zun:zun /etc/zun
      
  2. Install the following dependencies:

    For Ubuntu, run:

    # apt-get install python-pip git
    

    For CentOS, run:

    # yum install python-pip git python-devel libffi-devel gcc openssl-devel
    

    Note

    python-pip package is not in CentOS base repositories, may need to install EPEL repository in order to have python-pip available.

  3. Clone and install zun:

    # cd /var/lib/zun
    # git clone -b stable/stein https://git.openstack.org/openstack/zun.git
    # chown -R zun:zun zun
    # cd zun
    # pip install -r requirements.txt
    # python setup.py install
    
  4. Generate a sample configuration file:

    # su -s /bin/sh -c "oslo-config-generator \
        --config-file etc/zun/zun-config-generator.conf" zun
    # su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
        /etc/zun/zun.conf" zun
    # su -s /bin/sh -c "cp etc/zun/rootwrap.conf \
        /etc/zun/rootwrap.conf" zun
    # su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
    # su -s /bin/sh -c "cp etc/zun/rootwrap.d/* \
        /etc/zun/rootwrap.d/" zun
    
  5. Configure sudoers for zun users:

    Note

    CentOS install binary files into /usr/bin/, replace /usr/local/bin/ directory with the correct in the following command.

    # echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \
        /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap
    
  6. Edit the /etc/zun/zun.conf:

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
      ...
      transport_url = rabbit://openstack:RABBIT_PASS@controller
      

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    • In the [DEFAULT] section, configure the path that is used by Zun to store the states:

      [DEFAULT]
      ...
      state_path = /var/lib/zun
      
    • In the [database] section, configure database access:

      [database]
      ...
      connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
      

      Replace ZUN_DBPASS with the password you chose for the zun database.

    • In the [keystone_auth] section, configure Identity service access:

      [keystone_auth]
      memcached_servers = controller:11211
      www_authenticate_uri = http://controller:5000
      project_domain_name = default
      project_name = service
      user_domain_name = default
      password = ZUN_PASS
      username = zun
      auth_url = http://controller:5000
      auth_type = password
      auth_version = v3
      auth_protocol = http
      service_token_roles_required = True
      endpoint_type = internalURL
      
    • In the [keystone_authtoken] section, configure Identity service access:

      [keystone_authtoken]
      ...
      memcached_servers = controller:11211
      www_authenticate_uri= http://controller:5000
      project_domain_name = default
      project_name = service
      user_domain_name = default
      password = ZUN_PASS
      username = zun
      auth_url = http://controller:5000
      auth_type = password
      

      Replace ZUN_PASS with the password you chose for the zun user in the Identity service.

    • In the [oslo_concurrency] section, configure the lock_path:

      [oslo_concurrency]
      ...
      lock_path = /var/lib/zun/tmp
      

    Note

    Make sure that /etc/zun/zun.conf still have the correct permissions. You can set the permissions again with:

    # chown zun:zun /etc/zun/zun.conf

  7. Configure Docker and Kuryr:

    • Create the directory /etc/systemd/system/docker.service.d

      # mkdir -p /etc/systemd/system/docker.service.d
      
    • Create the file /etc/systemd/system/docker.service.d/docker.conf. Configure docker to listen to port 2375 as well as the default unix socket. Also, configure docker to use etcd3 as storage backend:

      [Service]
      ExecStart=
      ExecStart=/usr/bin/dockerd --group zun -H tcp://compute1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379
      
    • Restart Docker:

      # systemctl daemon-reload
      # systemctl restart docker
      
    • Edit the Kuryr config file /etc/kuryr/kuryr.conf. Set capability_scope to global and process_external_connectivity to False:

      [DEFAULT]
      ...
      capability_scope = global
      process_external_connectivity = False
      
    • Restart Kuryr-libnetwork:

      # systemctl restart kuryr-libnetwork
      

Finalize installation

  1. Create an upstart config, it could be named as /etc/systemd/system/zun-compute.service:

    Note

    CentOS install binary files into /usr/bin/, replace /usr/local/bin/ directory with the correct in the following example file.

    [Unit]
    Description = OpenStack Container Service Compute Agent
    
    [Service]
    ExecStart = /usr/local/bin/zun-compute
    User = zun
    
    [Install]
    WantedBy = multi-user.target
    
  2. Enable and start zun-compute:

    # systemctl enable zun-compute
    # systemctl start zun-compute
    
  3. Verify that zun-compute services are running:

    # systemctl status zun-compute
    
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.