OpenStack-Queens安装本地Zun、kuryr
基于-搭建安装本地Zun、kuryr-和Zun-ui服务: 以和双节点搭建-为例安装三个服务及部署操作。 一、安装本地Zun服务
Zun是中提供容器管理服务的组件,Zun的目标是提供统一的 API用于启动和管理容器,支持多种容器技术,包括、Rkt、clear 等,目前只支持。 版本发布,由于容器社区的火热,一项值得关注的补充则为“Zun”,它在项目中负责提供容器服务,旨在通过与、、以及其它核心服务相集成以实现容器的快速普及。通过这种方式,的原有网络、存储以及身份验证工具将全部适用于容器体系,从而确保容器能够满足安全与合规性要求。
Zun需要以下服务来支持:、、Kuryr-。
Zun也可以集成以下服务(可选):、Heat、。
在使用Zun的时候,可以直接调用Zun的自带工具或API来创建和管理的。Zun的用户功能(以及某些管理员功能)都通过REST API公开,可以直接使用。另外,也可以通过其他组件的API或者SDK来间接调用Zun的API。
:通过 WebUI来调用;
:通过 CLI来调用;
Zun :通过Zun的 来调用。
下面是Zun的架构图:
Zun API:处理 REST请求并确认输入参数;
Zun :启动容器并调度计算资源;
:认证系统;
:提供容器网络;
:用于存储镜像(另一种选择是使用);
Kuryr:用于连接容器网络和 的一种。
首先在节点安装以下服务
(在-搭建完开始操作)
1、创建数据库
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 125
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE zun;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on zun.* to 'zun'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on zun.* to 'zun'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit2、创建zun用户
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt zun
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 30f17f5a1baf48febb4260d6526267e4 |
| name | zun |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+3、添加admin角色到zun用户
[root@controller ~]# openstack role add --project service --user zun admin4、创建zun服务实体
[root@controller ~]# openstack service create --name zun --description "Container Service" container
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Container Service |
| enabled | True |
| id | 8f23b99db9d8456a8a51535903322275 |
| name | zun |
| type | container |
+-------------+----------------------------------+5、创建zun服务端点
[root@controller ~]# openstack endpoint create --region RegionOne container public http://controller:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8a5b474912a340d3993d094e21bcdc51 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8f23b99db9d8456a8a51535903322275 |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne container internal http://controller:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7ecfa6c448fe4a769617b26439e48598 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8f23b99db9d8456a8a51535903322275 |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne container admin http://controller:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cfba36a4071b4cf187990ccea63b2161 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8f23b99db9d8456a8a51535903322275 |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+----------------------------------+6、创建zun用户、组
[root@controller ~]# groupadd --system zun
[root@controller ~]# useradd --home-dir "/var/lib/zun" --create-home --system --shell /bin/false -g zun zun7、创建zun配置目录
[root@controller ~]# mkdir -p /etc/zun
[root@controller ~]# chown zun:zun /etc/zun8、安装本地zun所需相关软件包
(整个搭建环境都是本地离线安装
所用到的yum源镜像:--min-v1.4.iso和-7--DVD-1804.iso)
[root@controller ~]# yum install python-pip -y
[root@controller ~]# yum install python-devel -y
[root@controller ~]# yum install gcc -y
[root@controller ~]# yum install git -y
查看本地zun服务包(压缩包在--min-v1.4.iso中 解压即可用)
将zun.tar 复制到/var/lib/zun/目录下进行解压
[root@controller ~]# cd /var/lib/zun/
[root@controller zun]# cp -rvf /opt/zun.tar /var/lib/zun/
[root@controller zun]# tar -zxvf zun.tar -C ./赋予权限
[root@controller zun]# chown -R zun:zun zun安装本地依赖库
离线依赖库包在zun.tar中的base/目录下
先安装pbr
[root@controller zun]# cd zun
[root@controller zun]# pip install pbr --no-index -f file:///var/lib/zun/zun/base/安装.txt中所需相关依赖库包
[root@controller zun]# pip install -r requirements.txt --no-index -f file:///var/lib/zun/zun/base/安装本地zun服务
[root@controller zun]# python setup.py install9、生成示例配置文件
[root@controller zun]# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
[root@controller zun]# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun10、生成api-paste.ini配置文件
[root@controller zun]# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun11、编辑/etc/zun/zun.conf配置文件
[root@controller zun]# vi /etc/zun/zun.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller[api]
host_ip = 172.24.19.10
port = 9517 [database]
connection = mysql+pymysql://zun:000000@controller/zun[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL[keystone_authtoken]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL[oslo_concurrency]
lock_path = /var/lib/zun/tmp[oslo_messaging_notifications]
driver = messaging[websocket_proxy]
wsproxy_host = 172.24.19.10
wsproxy_port = 678412、填充数据库
[root@controller zun]# su -s /bin/sh -c "zun-db-manage upgrade" zun13、创建启动文件
[root@controller ~]# vi /etc/systemd/system/zun-api.service
[Unit]
Description = OpenStack Container Service API[Service]
ExecStart = /usr/bin/zun-api
User = zun[Install]
WantedBy = multi-user.target[root@controller ~]# vi /etc/systemd/system/zun-wsproxy.service
[Unit]
Description = OpenStack Container Service Websocket Proxy[Service]
ExecStart = /usr/bin/zun-wsproxy
User = zun[Install]
WantedBy = multi-user.target14、启动zun相关服务
[root@controller zun]# systemctl start zun-api zun-wsproxy
[root@controller zun]# systemctl enable zun-api zun-wsproxy
[root@controller zun]# systemctl status zun-api zun-wsproxy 以下操作在节点上执行 二、在节点上安装本地kuryr-服务 1、卸载旧版本的
[root@compute ~]# yum remove docker docker-common docker-selinux docker-engine -y2、安装依赖包
[root@compute ~]# yum install -y yum-utils device-mapper-persistent-data lvm23、安装-ce
[root@compute ~]# yum install docker-ce -y 4、启动-ce
[root@compute ~]# systemctl start docker
sys[root@compute ~]# systemctl enable docker5、添加内核配置参数
[root@compute ~]# vi /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1
[root@compute ~]# sysctl -p
net.ipv4.ip_forward = 16、在节点上添加kuryr-用户
6.1、创建kuryr用户
root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt kuryr
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 41dc08dfaec64b8c808fc4dcb4d29bfe |
| name | kuryr |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+6.2、添加角色
[root@controller ~]# openstack role add --project service --user kuryr admin在节点安装kuryr-
kuryr-是运行在框架下的一个。要理解kuryr-如何工作,首先要看一下。是从和中将网络逻辑模块化之后独立出来的项目,并且替代了原有的网络子系统。定义了一个灵活的模型,使用local或者来向提供网络服务。kuryr-就是的一个实现,现在已经成为官网推荐的一个。
的可以看是的一个,与的其他共用一套管理框架。也就是说,的与 中的其他用一样的方式激活,并使用同样的协议。有关 需要实现的接口在的Git上都有详细的描述。
kuryr-需要做的就是实现这些接口。可以从kuryr-的代码中看出来。通过调用的.接口,来查看实现了什么内容。从kuryr-的代码中能看到,它实现了两个功能:和。
7、 创建用户
[root@compute ~]# groupadd --system kuryr
[root@compute ~]# useradd --home-dir "/var/lib/kuryr" --create-home --system --shell /bin/false -g kuryr kuryr8、创建目录
[root@compute ~]# mkdir -p /etc/kuryr
[root@compute ~]# chown kuryr:kuryr /etc/kuryr9、安装本地kuryr-服务相关包
[root@compute ~]# yum install python-pip -y
[root@compute ~]# yum install python-devel -y
[root@compute ~]# yum install gcc -y
[root@compute ~]# yum install git -y
[root@compute ~]# cd /var/lib/kuryr将kuryr-.tar 复制到/var/lib/kuryr/目录下进行解压
[root@compute kuryr]# cp -rvf /opt/kuryr-libnetwork.tar /var/lib/kuryr/
[root@compute kuryr]# tar -zxvf kuryr-libnetwork.tar -C /var/lib/kuryr/赋予权限
[root@compute kuryr]# chown -R kuryr:kuryr kuryr-libnetwork安装本地依赖库
[root@compute kuryr]# cd kuryr-libnetwork
[root@compute kuryr-libnetwork]# pip install -r requirements.txt --no-index -f file:///var/lib/kuryr/kuryr-libnetwork/base/安装本地kuryr-服务
[root@compute kuryr-libnetwork]# python setup.py install10、生成示例配置文件
[root@compute kuryr-libnetwork]# su -s /bin/sh -c "./tools/generate_config_file_samples.sh" kuryr
[root@compute kuryr-libnetwork]# su -s /bin/sh -c "cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf" kuryr11、编辑/etc/kuryr/kuryr.conf配置文件
[root@compute ~]# vi /etc/kuryr/kuryr.conf
[DEFAULT]
bindir = /usr/libexec/kuryr[neutron]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:35357
username = kuryr
user_domain_name = default
password = 000000
project_name = service
project_domain_name = default
auth_type = password12、创建启动文件
[root@compute ~]# vi /etc/systemd/system/kuryr-libnetwork.service
[Unit]
Description = Kuryr-libnetwork - Docker network plugin for Neutron[Service]
ExecStart = /usr/bin/kuryr-server --config-file /etc/kuryr/kuryr.conf
CapabilityBoundingSet = CAP_NET_ADMIN[Install]
WantedBy = multi-user.target13、启动服务
[root@compute kuryr-libnetwork]# systemctl enable kuryr-libnetwork
[root@compute kuryr-libnetwork]# systemctl start kuryr-libnetwork
[root@compute kuryr-libnetwork]# systemctl restart docker14、验证
创建kuryr网络
[root@compute kuryr-libnetwork]# docker network create --driver kuryr --ipam-driver kuryr --subnet 10.10.0.0/16 --gateway=10.10.0.1 test_net
9ab4903d7e7056070da97a667cbb7b2c0801ee25bb9f38fafab6798f087c2dae查看网络
[root@compute kuryr-libnetwork]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3eadaa82b6d7 bridge bridge local
8c9b9f0285cc host host local
e340dd89e780 none null local
9ab4903d7e70 test_net kuryr local上传镜像
[root@compute kuryr-libnetwork]# docker load -i /opt/docker-images/centos_latest.tar
[root@compute kuryr-libnetwork]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ff426288ea90 7 months ago 207MB
[root@compute kuryr-libnetwork]# docker tag ff426288ea90 docker.io/centos:latest
[root@compute kuryr-libnetwork]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest ff426288ea90 7 months ago 207MB 三、在节点安装本地zun服务(步骤一中6-8操作一致) 接下来操作: 1、生成示例配置文件
[root@compute zun]# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
[root@compute zun]# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun
[root@compute zun]# su -s /bin/sh -c "cp etc/zun/rootwrap.conf /etc/zun/rootwrap.conf" zun
[root@compute zun]# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
[root@compute zun]# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* /etc/zun/rootwrap.d/" zun2、配置zun的
[root@compute zun]# echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \/etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap3、编辑配置文件,添加以下内容
[root@compute ~]# vi /etc/zun/zun.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller[DEFAULT]
state_path = /var/lib/zun[database]
connection = mysql+pymysql://zun:000000@controller/zun[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL[keystone_authtoken]
memcached_servers = controller:11211
www_authenticate_uri= http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password[websocket_proxy]
base_url = ws://controller:6784/[oslo_concurrency]
lock_path = /var/lib/zun/tmp4、 配置和kuryr 创建配置文件夹
[root@compute zun]# mkdir -p /etc/systemd/system/docker.service.d创建配置文件
[root@compute ~]# vi /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379重启
[root@compute zun]# systemctl daemon-reload
[root@compute zun]# systemctl restart docker编辑kuryr配置文件,添加以下内容
[root@compute zun]# vi /etc/kuryr/kuryr.conf
[DEFAULT]
capability_scope = global重启kuryr
[root@compute zun]# systemctl restart kuryr-libnetwork5、创建启动文件
[root@compute ~]# vi /etc/systemd/system/zun-compute.service
[Unit]
Description = OpenStack Container Service Compute Agent[Service]
ExecStart = /usr/bin/zun-compute
User = zun[Install]
WantedBy = multi-user.target
6、启动zun-
[root@compute zun]# systemctl start zun-compute
[root@compute zun]# systemctl enable zun-compute
[root@compute zun]# systemctl status zun-compute7、验证 节点验证 安装zun客户端
[root@controller ~]# pip install python-zunclient==1.1.0 --no-index -f file:///var/lib/zun/zun/base/查看zun服务状态
[root@controller ~]# openstack appcontainer service list三、在节点启动一个容器实例 1、查看网络
[root@controller ~]# openstack network list2、获取网络id
[root@controller ~]# export NET_ID=$(openstack network list | awk '/ selfservice / { print $2 }')3、创建容器
[root@controller ~]# openstack appcontainer run --name container --net network=$NET_ID cirros4、查看容器列表,/h4>
[root@controller ~]# openstack appcontainer list四、在节点安装zun-ui1、将zun-ui.tar 复制到/root/目录下进行解压
[root@controller ~]# cp -rvf /opt/zun-ui.tar /root/
[root@controller ~]# tar -zxvf zun-ui.tar -C ./2、复制文件
[root@controller ~]# cd zun-ui
[root@controller zun-ui]# cp -rvf base/* /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/3、安装ui模块
[root@controller zun-ui]# cd /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/
[root@controller enabled]# pip install zun-ui --no-index -f file:///usr/share/openstack-dashboard/openstack_dashboard/local/enabled/zun-ui/4、重启服务
[root@controller enabled]# systemctl restart httpd memcached5、浏览器访问
浏览器访问
相关本地服务包和镜像可在我博客中下载
第一次写博客格式规范不到位请多多包涵!!
