在CentOS / Ubuntu上安裝OpenStack Magnum容器服務

Magnum是一項OpenStack API服務,旨在允許OpenStack用戶管理容器編排引擎,例如Kubernetes,Docker Swarm和Apache Mesos。 Magnum使用Heat調整OS映像(包括Docker和Kubernetes),並在虛擬機或集群配置中的裸機上運行該映像。

本指南介紹了在OpenStack上設置Magnum容器編排服務所需的步驟。在遵循本指南之前,您的OpenStack雲環境必須正常運行。對於開發環境,下面有您可以參考的指南。

使用DevStack在Ubuntu 18.04上進行OpenStack部署

使用Packstack在CentOS 7上進行OpenStack部署

在你開始之前

您需要訪問:

  • OpenStack服務使用的數據庫服務器
  • 根訪問權限以修改控制器中的Magnum配置文件
  • 訪問管理員憑據文件– .keystonerc或.admin-openrc

一旦可以訪問上述內容,就可以開始在OpenStack中設置Magnum容器服務。

步驟1:創建Magnum數據庫用戶

創建一個Magnum數據庫並允許對其進行適當的訪問。

$ mysql -u root -p
CREATE DATABASE magnum;
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'localhost' IDENTIFIED BY 'MagnumDBPassword';
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' IDENTIFIED BY 'MagnumDBPassword';
FLUSH PRIVILEGES;
q

用適合於magnum數據庫用戶的密碼替換MagnumDBPassword。

步驟2:創建Magnum服務用戶

要訪問僅管理員的CLI命令,請獲取管理員憑據。

$ source ~/.keystonerc

接下來,為Magnum Services創建一個用戶帳戶。

$ openstack user create --domain default --project service --password MagnumPass magnum
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 0766331616c7429a9b459d0d642cc4db |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 60e671d56e4148bca1d5be2e2a1197c4 |
| name                | magnum                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

將admin角色添加到magnum用戶。

$ openstack role add --project service --user magnum admin

創建一個Magnum服務實體。

$ openstack service create --name magnum --description "OpenStack Container Infrastructure Management Service" container-infra
+-------------+-------------------------------------------------------+
| Field       | Value                                                 |
+-------------+-------------------------------------------------------+
| description | OpenStack Container Infrastructure Management Service |
| enabled     | True                                                  |
| id          | c4f62b6df2694b489d8cdf8caf4f00e1                      |
| name        | magnum                                                |
| type        | container-infra                                       |
+-------------+-------------------------------------------------------+

步驟3:建立服務API端點

創建一個容器基礎結構管理服務API端點。

交換 控制者 Magnum偵聽的IP地址的值。這也可以是Compute實例可訪問的主機名。

$ export controller=192.168.1.10
$ openstack endpoint create --region RegionOne container-infra public http://$controller:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 49fa8d06927747fca27e33e4bbb71180 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c4f62b6df2694b489d8cdf8caf4f00e1 |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://192.168.1.10:9511/v1      |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne container-infra internal http://$controller:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1eeba15e78fd4d71b4319ac3479d4078 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c4f62b6df2694b489d8cdf8caf4f00e1 |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://192.168.1.10:9511/v1      |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne container-infra admin http://$controller:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 12719874757b4c6e9483c0f62a9154d5 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c4f62b6df2694b489d8cdf8caf4f00e1 |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://192.168.1.10:9511/v1      |
+--------------+----------------------------------+

步驟4:建立Magnum網域

創建一個包含容器服務項目和用戶的大域名。

$ openstack domain create --description "Owns users and projects created by magnum" magnum
+-------------+-------------------------------------------+
| Field       | Value                                     |
+-------------+-------------------------------------------+
| description | Owns users and projects created by magnum |
| enabled     | True                                      |
| id          | 602fe4ebda15445d87f42237a7af9240          |
| name        | magnum                                    |
| tags        | []                                        |
+-------------+-------------------------------------------+

創建magnum_domain_admin用戶以管理magnum域的項目和用戶

$ openstack user create --domain magnum --password aShuumoNg8ieche magnum_domain_admin
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | 602fe4ebda15445d87f42237a7af9240 |
| enabled             | True                             |
| id                  | 7339631f125a40d5b77b0f959990203e |
| name                | magnum_domain_admin              |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

將admin角色添加到magnum域中的magnum_domain_admin用戶中,以啟用管理員管理權限。

$ openstack role add --domain magnum --user-domain magnum --user magnum_domain_admin admin

步驟5:安裝和配置Magnum組件

現在,您可以安裝Magnum所需的軟件包。

---- CentOS ----
$ sudo yum -y install openstack-magnum-api openstack-magnum-conductor python-magnumclient

---- Ubuntu ----
$ sudo apt -y install magnum-api magnum-conductor python-magnumclient

編輯/etc/magnum/magnum.conf文件,並使用以下命令配置主機 [api] 部分:

[api]
...
host = CONTROLLER_IP

[certificates] 在該部分中,選擇外堡(如果未安裝外堡,則選擇x509keypair)。


[certificates]
...
cert_manager_type = x509keypair

在 [cinder_client] 在該部分中,配置區域名稱。

[cinder_client]
...
region_name = RegionOne

[database] 部分,數據庫訪問的配置:

[database]
...
connection = mysql+pymysql://magnum:[email protected]/magnum

將MAGNUM_DBPASS替換為您為magnum數據庫選擇的密碼。

在 [keystone_authtoken] 和 [trust] 本部分配置身份服務訪問。

[keystone_authtoken]
...
memcached_servers = controller:11211
auth_version = v3
www_authenticate_uri = http://controller:5000/v3
project_domain_id = default
project_name = service
user_domain_id = default
password = MAGNUM_PASS
username = magnum
auth_url = http://controller:5000
auth_type = password
admin_user = magnum
admin_password = MAGNUM_PASS
admin_tenant_name = service


[trust]
...
trustee_domain_name = magnum
trustee_domain_admin_name = magnum_domain_admin
trustee_domain_admin_password = DOMAIN_ADMIN_PASS
trustee_keystone_interface = KEYSTONE_INTERFACE
  • 交換 MAGNUM_PASS 使用您為身份服務中的大型用戶選擇的密碼
  • DOMAIN_ADMIN_PASS 使用您為magnum_domain_admin用戶選擇的密碼。
  • KEYSTONE_INTERFACE 使用公共的還是內部的,取決於您的網絡配置。

在 [oslo_messaging_notifications] 在該部分中,配置驅動程序。

[oslo_messaging_notifications]
...
driver = messaging

[DEFAULT] 在該部分中,配置RabbitMQ消息隊列訪問。

[DEFAULT]
...
transport_url = rabbit://openstack:[email protected]
  • 將RABBIT_PASS替換為您為Rabbit MQ Openstack帳戶選擇的密碼。

編輯/etc/magnum/magnum.conf文件並在下面設置lock_path [oslo_concurrency] 部分:

[oslo_concurrency]
...
lock_path = /var/lib/magnum/tmp

將數據輸入到Magnum數據庫中。

$ sudo su -s /bin/sh -c "magnum-db-manage upgrade" magnum
su -s /bin/sh -c "magnum-db-manage upgrade" magnum
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> 2581ebaf0cb2, initial migration
INFO  [alembic.runtime.migration] Running upgrade 2581ebaf0cb2 -> 3bea56f25597, Multi Tenant Support
INFO  [alembic.runtime.migration] Running upgrade 3bea56f25597 -> 5793cd26898d, Add bay status
INFO  [alembic.runtime.migration] Running upgrade 5793cd26898d -> 3a938526b35d, Add docker volume size column
INFO  [alembic.runtime.migration] Running upgrade 3a938526b35d -> 35cff7c86221, add private network to baymodel
INFO  [alembic.runtime.migration] Running upgrade 35cff7c86221 -> 1afee1db6cd0, Add master flavor
INFO  [alembic.runtime.migration] Running upgrade 1afee1db6cd0 -> 2d1354bbf76e, ssh authorized key
INFO  [alembic.runtime.migration] Running upgrade 2d1354bbf76e -> 29affeaa2bc2, rename-bay-master-address
INFO  [alembic.runtime.migration] Running upgrade 29affeaa2bc2 -> 2ace4006498, rename-bay-minions-address
INFO  [alembic.runtime.migration] Running upgrade 2ace4006498 -> 456126c6c9e9, create baylock table
INFO  [alembic.runtime.migration] Running upgrade 456126c6c9e9 -> 4ea34a59a64c, add-discovery-url-to-bay
INFO  [alembic.runtime.migration] Running upgrade 4ea34a59a64c -> e772b2598d9, add-container-command
INFO  [alembic.runtime.migration] Running upgrade e772b2598d9 -> 2d8657c0cdc, add bay uuid
INFO  [alembic.runtime.migration] Running upgrade 2d8657c0cdc -> 4956f03cabad, add cluster distro
INFO  [alembic.runtime.migration] Running upgrade 4956f03cabad -> 592131657ca1, Add coe column to BayModel
INFO  [alembic.runtime.migration] Running upgrade 592131657ca1 -> 3b6c4c42adb4, Add unique constraints
INFO  [alembic.runtime.migration] Running upgrade 3b6c4c42adb4 -> 2b5f24dd95de, rename service port
INFO  [alembic.runtime.migration] Running upgrade 2b5f24dd95de -> 59e7664a8ba1, add_container_status
INFO  [alembic.runtime.migration] Running upgrade 59e7664a8ba1 -> 156ceb17fb0a, add_bay_status_reason
INFO  [alembic.runtime.migration] Running upgrade 156ceb17fb0a -> 1c1ff5e56048, rename_container_image_id
INFO  [alembic.runtime.migration] Running upgrade 1c1ff5e56048 -> 53882537ac57, add host column to pod
INFO  [alembic.runtime.migration] Running upgrade 53882537ac57 -> 14328d6a57e3, add master count to bay
INFO  [alembic.runtime.migration] Running upgrade 14328d6a57e3 -> 421102d1f2d2, create x509keypair table
INFO  [alembic.runtime.migration] Running upgrade 421102d1f2d2 -> 6f21dc998bb, Add master_addresses to bay
INFO  [alembic.runtime.migration] Running upgrade 6f21dc998bb -> 966a99e70ff, add-proxy
INFO  [alembic.runtime.migration] Running upgrade 966a99e70ff -> 6f21dc920bb, Add cert_uuuid to bay
INFO  [alembic.runtime.migration] Running upgrade 6f21dc920bb -> 5518af8dbc21, Rename cert_uuid
INFO  [alembic.runtime.migration] Running upgrade 5518af8dbc21 -> 4e263f236334, Add registry_enabled
INFO  [alembic.runtime.migration] Running upgrade 4e263f236334 -> 3be65537a94a, add_network_driver_baymodel_column
INFO  [alembic.runtime.migration] Running upgrade 3be65537a94a -> 1481f5b560dd, add labels column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade 1481f5b560dd -> 1d045384b966, add-insecure-baymodel-attr
INFO  [alembic.runtime.migration] Running upgrade 1d045384b966 -> 27ad304554e2, adding magnum_service functionality
INFO  [alembic.runtime.migration] Running upgrade 27ad304554e2 -> 5ad410481b88, rename-insecure
INFO  [alembic.runtime.migration] Running upgrade 5ad410481b88 -> 2ae93c9c6191, add public column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade 2ae93c9c6191 -> 33ef79969018, Add memory to container
INFO  [alembic.runtime.migration] Running upgrade 33ef79969018 -> 417917e778f5, Add server_type column to baymodel
INFO  [alembic.runtime.migration] Running upgrade 417917e778f5 -> 5977879072a7, add-env-to-container
INFO  [alembic.runtime.migration] Running upgrade 5977879072a7 -> 40f325033343, add bay_create_timeout to bay
INFO  [alembic.runtime.migration] Running upgrade 40f325033343 -> adc3b7679ae, add registry_trust_id to bay
INFO  [alembic.runtime.migration] Running upgrade adc3b7679ae -> 57fbdf2327a2, remove baylock
INFO  [alembic.runtime.migration] Running upgrade 57fbdf2327a2 -> 05d3e97de9ee, add volume driver
INFO  [alembic.runtime.migration] Running upgrade 05d3e97de9ee -> bb42b7cad130, remove node object
INFO  [alembic.runtime.migration] Running upgrade bb42b7cad130 -> 5d4caa6e0a42, create trustee for each bay
INFO  [alembic.runtime.migration] Running upgrade 5d4caa6e0a42 -> ee92b41b8809, Introduce Quotas
INFO  [alembic.runtime.migration] Running upgrade ee92b41b8809 -> 049f81f6f584, remove_ssh_authorized_key_from_baymodel
INFO  [alembic.runtime.migration] Running upgrade 049f81f6f584 -> e647f5931da8, add insecure_registry to baymodel
INFO  [alembic.runtime.migration] Running upgrade e647f5931da8 -> ef08a5e057bd, remove pod object
INFO  [alembic.runtime.migration] Running upgrade ef08a5e057bd -> d072f58ab240, modify x509keypair table
INFO  [alembic.runtime.migration] Running upgrade d072f58ab240 -> a1136d335540, Add docker storage driver column
INFO  [alembic.runtime.migration] Running upgrade a1136d335540 -> 085e601a39f6, remove service object
INFO  [alembic.runtime.migration] Running upgrade 085e601a39f6 -> 68ce16dfd341, add master_lb_enabled column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade 68ce16dfd341 -> e0653b2d5271, Add fixed_subnet column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade e0653b2d5271 -> 1f196a3dabae, remove container object
INFO  [alembic.runtime.migration] Running upgrade 1f196a3dabae -> 859fb45df249, remove replication controller
INFO  [alembic.runtime.migration] Running upgrade 859fb45df249 -> b1f612248cab, Add floating_ip_enabled column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade b1f612248cab -> fcb4efee8f8b, add version info to bay
INFO  [alembic.runtime.migration] Running upgrade fcb4efee8f8b -> fb03fdef8919, rename_baymodel_to_clustertemplate
INFO  [alembic.runtime.migration] Running upgrade fb03fdef8919 -> 720f640f43d1, rename bay table to cluster
INFO  [alembic.runtime.migration] Running upgrade 720f640f43d1 -> bc46ba6cf949, add keypair to cluster
INFO  [alembic.runtime.migration] Running upgrade bc46ba6cf949 -> aa0cc27839af, add docker_volume_size to cluster
INFO  [alembic.runtime.migration] Running upgrade aa0cc27839af -> a0e7c8450ab1, add labels to cluster
INFO  [alembic.runtime.migration] Running upgrade a0e7c8450ab1 -> 52bcaf58fecb, add master_flavor_id to cluster
INFO  [alembic.runtime.migration] Running upgrade 52bcaf58fecb -> 04c625aa95ba, change storage driver to string
INFO  [alembic.runtime.migration] Running upgrade 04c625aa95ba -> 041d9a0f1159, add flavor_id to cluster
INFO  [alembic.runtime.migration] Running upgrade 041d9a0f1159 -> 9a1539f1cd2c, "add federation table
INFO  [alembic.runtime.migration] Running upgrade 9a1539f1cd2c -> cbbc65a86986, Add health_status and health_status_reason to cluster
INFO  [alembic.runtime.migration] Running upgrade cbbc65a86986 -> 87e62e3c7abc, add hidden to cluster template

啟動容器基礎結構管理服務,並將其配置為在系統啟動時啟動。

--- Ubuntu ---
sudo systemctl restart magnum-api
sudo systemctl restart magnum-conductor

--- CentOS ---
sudo systemctl enable --now openstack-magnum-api.service openstack-magnum-conductor.service

檢查服務狀態

$ systemctl status openstack-magnum-api.service openstack-magnum-conductor.service
● openstack-magnum-api.service - OpenStack Magnum API Service
   Loaded: loaded (/usr/lib/systemd/system/openstack-magnum-api.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-01-12 10:06:18 EAT; 13s ago
 Main PID: 21961 (magnum-api)
   CGroup: /system.slice/openstack-magnum-api.service
           └─21961 /usr/bin/python2 /usr/bin/magnum-api

Jan 12 10:06:18 dserver.computingforgeeks.com systemd[1]: Started OpenStack Magnum API Service.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: Using RPC transport for notifications. Please use get_notification_transport t...tance.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:18.964 21961 INFO magnum.api.app [-] Full WSGI config used: /...te.ini
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: PkgResourcesDepr...ately.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:19.107 21961 WARNING keystonemiddleware.auth_token [-] AuthTo... True.
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:19.118 21961 INFO magnum.cmd.api [-] Starting server in PID 21961
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:19.127 21961 INFO magnum.cmd.api [-] Server will handle each ...cesses

● openstack-magnum-conductor.service - Openstack Magnum Conductor Service
   Loaded: loaded (/usr/lib/systemd/system/openstack-magnum-conductor.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-01-12 10:06:18 EAT; 13s ago
 Main PID: 21962 (magnum-conducto)
   CGroup: /system.slice/openstack-magnum-conductor.service
           ├─21962 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22001 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22002 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22003 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22004 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22005 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22006 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22007 /usr/bin/python2 /usr/bin/magnum-conductor
           └─22008 /usr/bin/python2 /usr/bin/magnum-conductor

Jan 12 10:06:18 dserver.computingforgeeks.com systemd[1]: Started Openstack Magnum Conductor Service.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-conductor[21962]: Using RPC transport for notifications. Please use get_notification_trans...tance.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-conductor[21962]: 2020-01-12 10:06:18.947 21962 INFO magnum.cmd.conductor [-] Starting ser... 21962
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-conductor[21962]: 2020-01-12 10:06:18.989 21962 INFO oslo_service.service [-] Starting 8 workers
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-conductor[21962]: 2020-01-12 10:06:19.027 21962 WARNING oslo_log.versionutils [req-b8390f4...seded.
Hint: Some lines were ellipsized, use -l to show in full.

要列出Magnum內部服務或指揮的狀態,請使用:

$ openstack coe service list
+----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+
| id | host | binary           | state | disabled | disabled_reason | created_at                | updated_at                |
+----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+
|  1 | None | magnum-conductor | up    | False    | None            | 2020-01-12T07:06:19+00:00 | 2020-01-12T07:37:58+00:00 |
+----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+

以下指南介紹了如何使用OpenStack Magnum創建Docker和Kubernetes集群。

Sidebar