zun安装手册

Zun是Openstack中提供容器管理服务的组件，本文使用的是centos7上的openstack（queens）环境

zun安装手册

3. 在controller节点上安装zun服务

3.1 创建用户、组

3.2 创建目录

3.3 安装zun

3.4 生成示例配置文件

3.5 复制api-paste.ini配置文件

3.7 填充数据库

3.8 创建启动文件

3.9 启动服务

4 在compute节点上安装docker-ce

4.1 卸载旧版本的docker

4.2 安装依赖包

4.3 添加yum阿里源

4.4 更新yum源

4.5 安装docker-ce

4.6 启动docker-ce

4.7 添加内核配置参数

5 在controller节点上添加kuryr-libnetwork用户

5.1 创建kuryr用户

5.2 添加角色

6 在compute节点安装kuryr-libnetwork

6.1 创建用户

6.2 创建目录

6.3 安装kuryr-libnetwork

6.4 生成示例配置文件

6.5 编辑配置文件，添加以下内容

6.6 创建启动文件

6.7 启动服务

6.8 验证

7 在compute节点安装zun服务

7.1 创建用户

7.2 创建目录

7.3 安装zun

7.4 生成示例配置文件

7.5 配置zun用户

7.6 编辑配置文件，添加以下内容

7.7 配置docker和kuryr

7.8 创建启动文件

7.9 启动zun-compute

7.10 验证

8 在controller节点启动一个容器实例

9 安装zun-ui

9.1 下载zun源文件

9.2 复制文件

9.3 安装ui模块

9.4 重启服务

controller：192.168.152.101

compute：192.168.152.102

创建数据库

controller节点

# mysql –uroot –p000000

MariaDB [（none）] CREATE DATABASE zun;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' IDENTIFIED BY 'ZUN_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' IDENTIFIED BY 'ZUN_DBPASS';

创建openstack用户、服务、端点

controller节点

# . admin-openrc

# openstack user create --domain default --password-prompt zun

# openstack role add --project service --user zun admin

openstack service create --name zun \

--description "Container Service" container

openstack endpoint create --region RegionOne container public http://controller:9517/v1

openstack endpoint create --region RegionOne container internal http://controller:9517/v1

openstack endpoint create --region RegionOne container admin http://controller:9517/v1

3. 在controller节点上安装zun服务

3.1 创建用户、组

# groupadd --system zun

# useradd --home-dir "/var/lib/zun" --create-home --system --shell /bin/false -g zun zun

3.2 创建目录

# mkdir -p /etc/zun

# chown zun:zun /etc/zun

3.3 安装zun

# yum install python-pip -y

# cd /var/lib/zun

# git clone -b stable/queens https://git.openstack.org/openstack/zun.git

# chown -R zun:zun zun

# cd zun

# pip install -r requirements.txt

# python setup.py install

3.4 生成示例配置文件

# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun

# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun

3.5 复制api-paste.ini配置文件

# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun

3.6 编辑配置文件,在合适位置添加以下内容

# vi /etc/zun/zun.conf

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

[api]

host_ip = 192.168.152.101

port = 9517

[database]

connection = mysql+pymysql://zun:000000 @controller/zun

[keystone_auth]

memcached_servers = controller:11211

www_authenticate_uri = http://controller:5000

project_domain_name = default

project_name = service

user_domain_name = default

password = 000000

username = zun

auth_url = http://controller:5000

auth_type = password

auth_version = v3

auth_protocol = http

service_token_roles_required = True

endpoint_type = internalURL

[keystone_authtoken]

...

memcached_servers = controller:11211

www_authenticate_uri = http://controller:5000

project_domain_name = default

project_name = service

user_domain_name = default

password = 000000

username = zun

auth_url = http://controller:5000

auth_type = password

auth_version = v3

auth_protocol = http

service_token_roles_required = True

endpoint_type = internalURL

[oslo_concurrency]

lock_path = /var/lib/zun/tmp

[oslo_messaging_notifications]

driver = messaging

[websocket_proxy]

wsproxy_host = 192.168.152.101

wsproxy_port = 6784

3.7 填充数据库

# su -s /bin/sh -c "zun-db-manage upgrade" zun

3.8 创建启动文件

# vi /etc/systemd/system/zun-api.service

[Unit]

Description = OpenStack Container Service API

[Service]

ExecStart = /usr/ bin/zun-api

User = zun

[Install]

WantedBy = multi-user.target

# vi /etc/systemd/system/zun-wsproxy.service

[Unit]

Description = OpenStack Container Service Websocket Proxy

[Service]

ExecStart = /usr/bin/zun-wsproxy

User = zun

[Install]

WantedBy = multi-user.target

3.9 启动服务

# systemctl enable zun-api zun-wsproxy

# systemctl start zun-api zun-wsproxy

# systemctl status zun-api zun-wsproxy

以下操作在compute节点上执行

4 在compute节点上安装docker-ce

4.1 卸载旧版本的docker

# yum remove docker docker-common docker-selinux docker-engine –y

4.2 安装依赖包

# yum install -y yum-utils device-mapper-persistent-data lvm2

4.3 添加yum阿里源

# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

4.4 更新yum源

# yum makecache fast

4.5 安装docker-ce

# yum install docker-ce

4.6 启动docker-ce

# systemctl enable docker

# systemctl start docker

4.7 添加内核配置参数

# cat /etc/sysctl.conf

net.bridge.bridge-nf-call-ip6tables = 1

net.bridge.bridge-nf-call-iptables = 1

net.ipv4.ip_forward = 1

# sysctl –p

5 在controller节点上添加kuryr-libnetwork用户

5.1 创建kuryr用户

# . admin-openrc

# openstack user create --domain default --password-prompt kuryr

5.2 添加角色

# openstack role add --project service --user kuryr admin

6 在compute节点安装kuryr-libnetwork

6.1 创建用户

# groupadd --system kuryr

# useradd --home-dir "/var/lib/kuryr" --create-home --system --shell /bin/false -g kuryr kuryr

6.2 创建目录

# mkdir -p /etc/kuryr

# chown kuryr:kuryr /etc/kuryr

6.3 安装kuryr-libnetwork

#yum install python-pip -y

# cd /var/lib/kuryr

# git clone -b stable/queens https://git.openstack.org/openstack/kuryr-libnetwork.git

# chown -R kuryr:kuryr kuryr-libnetwork

# cd kuryr-libnetwork

# pip install -r requirements.txt

# python setup.py install

6.4 生成示例配置文件

# su -s /bin/sh -c "./tools/generate_config_file_samples.sh" kuryr

# su -s /bin/sh -c "cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf" kuryr

6.5 编辑配置文件，添加以下内容

# vi /etc/kuryr/kuryr.conf

[DEFAULT]

bindir = /usr/libexec/kuryr

[neutron]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:35357

username = kuryr

user_domain_name = default

password = 000000

project_name = service

project_domain_name = default

auth_type = password

6.6 创建启动文件

# vi /etc/systemd/system/kuryr-libnetwork.service

[Unit]

Description = Kuryr-libnetwork - Docker network plugin for Neutron

[Service]

ExecStart = /usr/bin/kuryr-server --config-file /etc/kuryr/kuryr.conf

CapabilityBoundingSet = CAP_NET_ADMIN

[Install]

WantedBy = multi-user.target

6.7 启动服务

# systemctl enable kuryr-libnetwork

# systemctl start kuryr-libnetwork

# systemctl restart docker

6.8 验证

6.8.1 创建kuryr网络

# docker network create --driver kuryr --ipam-driver kuryr --subnet 10.10.0.0/16 --gateway=10.10.0.1 test_net

6.8.2 查看网络

# docker network ls

6.8.3 创建容器

# docker run --net test_net cirros ifconfig

7 在compute节点安装zun服务

7.1 创建用户

# groupadd --system zun

# useradd --home-dir "/var/lib/zun" --create-home --system --shell /bin/false -g zun zun

7.2 创建目录

# mkdir -p /etc/zun

# chown zun:zun /etc/zun

7.3 安装zun

# cd /var/lib/zun

# git clone -b stable/queens https://git.openstack.org/openstack/zun.git

# chown -R zun:zun zun

# cd zun

# pip install -r requirements.txt

# python setup.py install

7.4 生成示例配置文件

# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun

# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun

# su -s /bin/sh -c "cp etc/zun/rootwrap.conf /etc/zun/rootwrap.conf" zun

# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun

# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* /etc/zun/rootwrap.d/" zun

7.5 配置zun用户

# echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap

7.6 编辑配置文件，添加以下内容

# vi /etc/zun/zun.conf

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

state_path = /var/lib/zun

[database]

connection = mysql+pymysql://zun:000000 @controller/zun

[keystone_auth]

memcached_servers = controller:11211

www_authenticate_uri = http://controller:5000

project_domain_name = default

project_name = service

user_domain_name = default

password = 000000

username = zun

auth_url = http://controller:5000

auth_type = password

auth_version = v3

auth_protocol = http

service_token_roles_required = True

endpoint_type = internalURL

[keystone_authtoken]

memcached_servers = controller:11211

www_authenticate_uri= http://controller:5000

project_domain_name = default

project_name = service

user_domain_name = default

password = 000000

username = zun

auth_url = http://controller:5000

auth_type = password

[websocket_proxy]

base_url = ws://controller:6784/

[oslo_concurrency]

lock_path = /var/lib/zun/tmp

7.7 配置docker和kuryr

7.7.1 创建docker配置文件夹

# mkdir -p /etc/systemd/system/docker.service.d

7.7.2 创建docker配置文件

# vi /etc/systemd/system/docker.service.d/docker.conf

[Service]

ExecStart=

ExecStart=/usr/bin/dockerd --group zun -H tcp://compute:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379

7.7.3 重启docker

# systemctl daemon-reload

# systemctl restart docker

7.7.4 编辑kuryr配置文件，添加以下内容

# vi /etc/kuryr/kuryr.conf

[DEFAULT]

capability_scope = global

7.7.5 重启kuryr

# systemctl restart kuryr-libnetwork

7.8 创建启动文件

# vi /etc/systemd/system/zun-compute.service

[Unit]

Description = OpenStack Container Service Compute Agent

[Service]

ExecStart = /usr /bin/zun-compute

User = zun

[Install]

WantedBy = multi-user.target

7.9 启动zun-compute

# systemctl enable zun-compute

# systemctl start zun-compute

# systemctl status zun-compute

7.10 验证

# pip install python-zunclient==1.1.0

# source admin-openrc

# openstack appcontainer service list

8 在controller节点启动一个容器实例

8.1 查看网络

# openstack network list

8.2 获取网络id

# export NET_ID=$(openstack network list | awk '/ selfservice / { print $2 }')

8.3 创建容器

# openstack appcontainer run --name container --net network=$NET_ID cirros ping 8.8.8.8

8.4 查看容器列表

# openstack appcontainer list

8.5 执行sh命令

# openstack appcontainer exec --interactive container /bin/sh

8.6 验证网络

# ping -c 4 openstack.org;exit

8.7 停止容器

# openstack appcontainer stop container

8.8 删除容器

# openstack appcontainer delete container

9 安装zun-ui

9.1 下载zun源文件

# git clone https://github.com/openstack/zun-ui

9.2 复制文件

# cp /zun-ui/zun_ui/enabled/_1330_project_container_panelgroup.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/

# cp /zun-ui/zun_ui/enabled/_1331_project_container_containers_panel.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/

# cp./zun-ui/zun_ui/enabled/_2330_project_container_panelgroup.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/

# cp /zun-ui/zun_ui/enabled/_2331_project_container_images_panel.py openstack_dashboard/local/enabled

# cp /zun-ui/zun_ui/enabled/_0330_cloud_shell.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/

9.3 安装ui模块

# pip install zun-ui

9.4 重启服务

# systemctl restart httpd memcached

openstack（queens）部署Zun服务

zun安装手册

3. 在controller节点上安装zun服务

3.1 创建用户、组

3.2 创建目录

3.3 安装zun

3.4 生成示例配置文件

3.5 复制api-paste.ini配置文件

3.7 填充数据库

3.8 创建启动文件

3.9 启动服务

4 在compute节点上安装docker-ce

4.1 卸载旧版本的docker

4.2 安装依赖包

4.3 添加yum阿里源

4.4 更新yum源

4.5 安装docker-ce

4.6 启动docker-ce

4.7 添加内核配置参数

5 在controller节点上添加kuryr-libnetwork用户

5.1 创建kuryr用户

5.2 添加角色

6 在compute节点安装kuryr-libnetwork

6.1 创建用户

6.2 创建目录

6.3 安装kuryr-libnetwork

6.4 生成示例配置文件

6.5 编辑配置文件，添加以下内容

6.6 创建启动文件

6.7 启动服务

6.8 验证

7 在compute节点安装zun服务

7.1 创建用户

7.2 创建目录

7.3 安装zun

7.4 生成示例配置文件

7.5 配置zun用户

7.6 编辑配置文件，添加以下内容

7.7 配置docker和kuryr

7.8 创建启动文件

7.9 启动zun-compute

7.10 验证

8 在controller节点启动一个容器实例

9 安装zun-ui

9.1 下载zun源文件

9.2 复制文件

9.3 安装ui模块

9.4 重启服务