Document CentOS installation

This change adds required config to install zun
in CentOS, differences with Ubuntu are minimal,
just few package names and binary paths, so
install *install-ubuntu.rst has been merged into *-install.rst

Change-Id: I475a5492826d52969ef94f51925b95b42fa2d834
Implements: blueprint installation-guide-for-centos
This commit is contained in:
Eduardo Gonzalez 2018-11-23 18:03:48 +01:00
parent 43552ddcad
commit 3de7feff8b
4 changed files with 660 additions and 620 deletions

View File

@ -1,236 +0,0 @@
Install and configure a compute node for Ubuntu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This section describes how to install and configure the Container service on a
compute node for Ubuntu 16.04 (LTS).
Prerequisites
-------------
Before you install and configure Zun, you must have Docker and
Kuryr-libnetwork installed properly in the compute node, and have Etcd
installed properly in the controller node. Refer `Get Docker
<https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/>`_
for Docker installation and `Kuryr libnetwork installation guide
<https://docs.openstack.org/kuryr-libnetwork/latest/install>`_,
`Etcd installation guide
<https://docs.openstack.org/install-guide/environment-etcd.html>`_
Install and configure components
--------------------------------
#. Create zun user and necessary directories:
* Create user:
.. code-block:: console
# groupadd --system zun
# useradd --home-dir "/var/lib/zun" \
--create-home \
--system \
--shell /bin/false \
-g zun \
zun
* Create directories:
.. code-block:: console
# mkdir -p /etc/zun
# chown zun:zun /etc/zun
#. Clone and install zun:
.. code-block:: console
# apt-get install python-pip
# cd /var/lib/zun
# git clone https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install
#. Generate a sample configuration file:
.. code-block:: console
# su -s /bin/sh -c "oslo-config-generator \
--config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
/etc/zun/zun.conf" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.conf \
/etc/zun/rootwrap.conf" zun
# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* \
/etc/zun/rootwrap.d/" zun
#. Configure sudoers for ``zun`` users:
.. code-block:: console
# echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \
/etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap
#. Edit the ``/etc/zun/zun.conf``:
* In the ``[DEFAULT]`` section,
configure ``RabbitMQ`` message queue access:
.. code-block:: ini
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in ``RabbitMQ``.
* In the ``[DEFAULT]`` section,
configure the path that is used by Zun to store the states:
.. code-block:: ini
[DEFAULT]
...
state_path = /var/lib/zun
* In the ``[database]`` section, configure database access:
.. code-block:: ini
[database]
...
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
Replace ``ZUN_DBPASS`` with the password you chose for
the zun database.
* In the ``[keystone_auth]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
* In the ``[keystone_authtoken]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_authtoken]
...
memcached_servers = controller:11211
www_authenticate_uri= http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
Replace ZUN_PASS with the password you chose for the zun user in the
Identity service.
* In the ``[oslo_concurrency]`` section, configure the ``lock_path``:
.. code-block:: ini
[oslo_concurrency]
...
lock_path = /var/lib/zun/tmp
.. note::
Make sure that ``/etc/zun/zun.conf`` still have the correct
permissions. You can set the permissions again with:
# chown zun:zun /etc/zun/zun.conf
#. Configure Docker and Kuryr:
* Create the directory ``/etc/systemd/system/docker.service.d``
.. code-block:: console
# mkdir -p /etc/systemd/system/docker.service.d
* Create the file ``/etc/systemd/system/docker.service.d/docker.conf``.
Configure docker to listen to port 2375 as well as the default
unix socket. Also, configure docker to use etcd3 as storage backend:
.. code-block:: ini
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379
* Restart Docker:
.. code-block:: console
# systemctl daemon-reload
# systemctl restart docker
* Edit the Kuryr config file ``/etc/kuryr/kuryr.conf``.
Set ``capability_scope`` to ``global`` and
``process_external_connectivity`` to ``False``:
.. code-block:: ini
[DEFAULT]
...
capability_scope = global
process_external_connectivity = False
* Restart Kuryr-libnetwork:
.. code-block:: console
# systemctl restart kuryr-libnetwork
Finalize installation
---------------------
#. Create an upstart config, it could be named as
``/etc/systemd/system/zun-compute.service``:
.. code-block:: bash
[Unit]
Description = OpenStack Container Service Compute Agent
[Service]
ExecStart = /usr/local/bin/zun-compute
User = zun
[Install]
WantedBy = multi-user.target
#. Enable and start zun-compute:
.. code-block:: console
# systemctl enable zun-compute
# systemctl start zun-compute
#. Verify that zun-compute services are running:
.. code-block:: console
# systemctl status zun-compute

View File

@ -11,7 +11,266 @@ compute node.
additional compute nodes, prepare them in a similar fashion. Each additional
compute node requires a unique IP address.
.. toctree::
:glob:
Prerequisites
-------------
Before you install and configure Zun, you must have Docker and
Kuryr-libnetwork installed properly in the compute node, and have Etcd
installed properly in the controller node. Refer `Get Docker
<https://docs.docker.com/install/#supported-platforms>`_
for Docker installation and `Kuryr libnetwork installation guide
<https://docs.openstack.org/kuryr-libnetwork/latest/install>`_,
`Etcd installation guide
<https://docs.openstack.org/install-guide/environment-etcd.html>`_
Install and configure components
--------------------------------
#. Create zun user and necessary directories:
* Create user:
.. code-block:: console
# groupadd --system zun
# useradd --home-dir "/var/lib/zun" \
--create-home \
--system \
--shell /bin/false \
-g zun \
zun
* Create directories:
.. code-block:: console
# mkdir -p /etc/zun
# chown zun:zun /etc/zun
#. Install the following dependencies:
For Ubuntu, run:
.. code-block:: console
# apt-get install python-pip git
For CentOS, run:
.. code-block:: console
# yum install python-pip git python-devel libffi-devel gcc openssl-devel
.. note::
``python-pip`` package is not in CentOS base repositories,
may need to install EPEL repository in order to have
``python-pip`` available.
#. Clone and install zun:
.. code-block:: console
# cd /var/lib/zun
# git clone https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install
#. Generate a sample configuration file:
.. code-block:: console
# su -s /bin/sh -c "oslo-config-generator \
--config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
/etc/zun/zun.conf" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.conf \
/etc/zun/rootwrap.conf" zun
# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* \
/etc/zun/rootwrap.d/" zun
#. Configure sudoers for ``zun`` users:
.. note::
CentOS install binary files into ``/usr/bin/``,
replace ``/usr/local/bin/`` directory with the correct
in the following command.
.. code-block:: console
# echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \
/etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap
#. Edit the ``/etc/zun/zun.conf``:
* In the ``[DEFAULT]`` section,
configure ``RabbitMQ`` message queue access:
.. code-block:: ini
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in ``RabbitMQ``.
* In the ``[DEFAULT]`` section,
configure the path that is used by Zun to store the states:
.. code-block:: ini
[DEFAULT]
...
state_path = /var/lib/zun
* In the ``[database]`` section, configure database access:
.. code-block:: ini
[database]
...
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
Replace ``ZUN_DBPASS`` with the password you chose for
the zun database.
* In the ``[keystone_auth]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
* In the ``[keystone_authtoken]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_authtoken]
...
memcached_servers = controller:11211
www_authenticate_uri= http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
Replace ZUN_PASS with the password you chose for the zun user in the
Identity service.
* In the ``[oslo_concurrency]`` section, configure the ``lock_path``:
.. code-block:: ini
[oslo_concurrency]
...
lock_path = /var/lib/zun/tmp
.. note::
Make sure that ``/etc/zun/zun.conf`` still have the correct
permissions. You can set the permissions again with:
# chown zun:zun /etc/zun/zun.conf
#. Configure Docker and Kuryr:
* Create the directory ``/etc/systemd/system/docker.service.d``
.. code-block:: console
# mkdir -p /etc/systemd/system/docker.service.d
* Create the file ``/etc/systemd/system/docker.service.d/docker.conf``.
Configure docker to listen to port 2375 as well as the default
unix socket. Also, configure docker to use etcd3 as storage backend:
.. code-block:: ini
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379
* Restart Docker:
.. code-block:: console
# systemctl daemon-reload
# systemctl restart docker
* Edit the Kuryr config file ``/etc/kuryr/kuryr.conf``.
Set ``capability_scope`` to ``global`` and
``process_external_connectivity`` to ``False``:
.. code-block:: ini
[DEFAULT]
...
capability_scope = global
process_external_connectivity = False
* Restart Kuryr-libnetwork:
.. code-block:: console
# systemctl restart kuryr-libnetwork
Finalize installation
---------------------
#. Create an upstart config, it could be named as
``/etc/systemd/system/zun-compute.service``:
.. note::
CentOS install binary files into ``/usr/bin/``,
replace ``/usr/local/bin/`` directory with the correct
in the following example file.
.. code-block:: bash
[Unit]
Description = OpenStack Container Service Compute Agent
[Service]
ExecStart = /usr/local/bin/zun-compute
User = zun
[Install]
WantedBy = multi-user.target
#. Enable and start zun-compute:
.. code-block:: console
# systemctl enable zun-compute
# systemctl start zun-compute
#. Verify that zun-compute services are running:
.. code-block:: console
# systemctl status zun-compute
compute-install-ubuntu.rst

View File

@ -1,378 +0,0 @@
Install and configure controller node for Ubuntu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This section describes how to install and configure the Container
service for Ubuntu 16.04 (LTS).
Prerequisites
-------------
Before you install and configure Zun, you must create a database,
service credentials, and API endpoints.
#. To create the database, complete these steps:
* Use the database access client to connect to the database
server as the ``root`` user:
.. code-block:: console
# mysql
* Create the ``zun`` database:
.. code-block:: console
MariaDB [(none)] CREATE DATABASE zun;
* Grant proper access to the ``zun`` database:
.. code-block:: console
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' \
IDENTIFIED BY 'ZUN_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' \
IDENTIFIED BY 'ZUN_DBPASS';
Replace ``ZUN_DBPASS`` with a suitable password.
* Exit the database access client.
#. Source the ``admin`` credentials to gain access to
admin-only CLI commands:
.. code-block:: console
$ . admin-openrc
#. To create the service credentials, complete these steps:
* Create the ``zun`` user:
.. code-block:: console
$ openstack user create --domain default --password-prompt zun
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ca2e175b851943349be29a328cc5e360 |
| name | zun |
+-----------+----------------------------------+
* Add the ``admin`` role to the ``zun`` user:
.. code-block:: console
$ openstack role add --project service --user zun admin
.. note::
This command provides no output.
* Create the ``zun`` service entities:
.. code-block:: console
$ openstack service create --name zun \
--description "Container Service" container
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Container Service |
| enabled | True |
| id | 727841c6f5df4773baa4e8a5ae7d72eb |
| name | zun |
| type | container |
+-------------+----------------------------------+
#. Create the Container service API endpoints:
.. code-block:: console
$ openstack endpoint create --region RegionOne \
container public http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
container internal http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 9489f78e958e45cc85570fec7e836d98 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
container admin http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 76091559514b40c6b7b38dde790efe99 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
Install and configure components
--------------------------------
#. Create zun user and necessary directories:
* Create user:
.. code-block:: console
# groupadd --system zun
# useradd --home-dir "/var/lib/zun" \
--create-home \
--system \
--shell /bin/false \
-g zun \
zun
* Create directories:
.. code-block:: console
# mkdir -p /etc/zun
# chown zun:zun /etc/zun
#. Clone and install zun:
.. code-block:: console
# apt-get install python-pip
# cd /var/lib/zun
# git clone https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install
#. Generate a sample configuration file:
.. code-block:: console
# su -s /bin/sh -c "oslo-config-generator \
--config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
/etc/zun/zun.conf" zun
#. Copy api-paste.ini:
.. code-block:: console
# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun
#. Edit the ``/etc/zun/zun.conf``:
* In the ``[DEFAULT]`` section,
configure ``RabbitMQ`` message queue access:
.. code-block:: ini
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in ``RabbitMQ``.
* In the ``[api]`` section, configure the IP address that Zun API
server is going to listen:
.. code-block:: ini
[api]
...
host_ip = 10.0.0.11
port = 9517
Replace ``10.0.0.11`` with the management interface IP address
of the controller node if different.
* In the ``[database]`` section, configure database access:
.. code-block:: ini
[database]
...
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
Replace ``ZUN_DBPASS`` with the password you chose for
the zun database.
* In the ``[keystone_auth]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
* In the ``[keystone_authtoken]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_authtoken]
...
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
Replace ZUN_PASS with the password you chose for the zun user in the
Identity service.
* In the ``[oslo_concurrency]`` section, configure the ``lock_path``:
.. code-block:: ini
[oslo_concurrency]
...
lock_path = /var/lib/zun/tmp
* In the ``[oslo_messaging_notifications]`` section, configure the
``driver``:
.. code-block:: ini
[oslo_messaging_notifications]
...
driver = messaging
* In the ``[websocket_proxy]`` section, configure the IP address that
the websocket proxy is going to listen to:
.. code-block:: ini
[websocket_proxy]
...
wsproxy_host = 10.0.0.11
wsproxy_port = 6784
base_url = ws://controller:6784/
.. note::
This ``base_url`` will be used by end users to access the console of
their containers so make sure this URL is accessible from your
intended users and the port ``6784`` is not blocked by firewall.
Replace ``10.0.0.11`` with the management interface IP address
of the controller node if different.
.. note::
Make sure that ``/etc/zun/zun.conf`` still have the correct
permissions. You can set the permissions again with:
# chown zun:zun /etc/zun/zun.conf
#. Populate Zun database:
.. code-block:: console
# su -s /bin/sh -c "zun-db-manage upgrade" zun
Finalize installation
---------------------
#. Create an upstart config, it could be named as
``/etc/systemd/system/zun-api.service``:
.. code-block:: bash
[Unit]
Description = OpenStack Container Service API
[Service]
ExecStart = /usr/local/bin/zun-api
User = zun
[Install]
WantedBy = multi-user.target
#. Create an upstart config, it could be named as
``/etc/systemd/system/zun-wsproxy.service``:
.. code-block:: bash
[Unit]
Description = OpenStack Container Service Websocket Proxy
[Service]
ExecStart = /usr/local/bin/zun-wsproxy
User = zun
[Install]
WantedBy = multi-user.target
#. Enable and start zun-api and zun-wsproxy:
.. code-block:: console
# systemctl enable zun-api
# systemctl enable zun-wsproxy
.. code-block:: console
# systemctl start zun-api
# systemctl start zun-wsproxy
#. Verify that zun-api and zun-wsproxy services are running:
.. code-block:: console
# systemctl status zun-api
# systemctl status zun-wsproxy

View File

@ -2,8 +2,403 @@ Install and configure controller node
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This section describes how to install and configure the Container service
on the controller node.
on the controller node for Ubuntu 16.04 (LTS) and CentOS 7.
.. toctree::
Prerequisites
-------------
Before you install and configure Zun, you must create a database,
service credentials, and API endpoints.
#. To create the database, complete these steps:
* Use the database access client to connect to the database
server as the ``root`` user:
.. code-block:: console
# mysql
* Create the ``zun`` database:
.. code-block:: console
MariaDB [(none)] CREATE DATABASE zun;
* Grant proper access to the ``zun`` database:
.. code-block:: console
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' \
IDENTIFIED BY 'ZUN_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' \
IDENTIFIED BY 'ZUN_DBPASS';
Replace ``ZUN_DBPASS`` with a suitable password.
* Exit the database access client.
#. Source the ``admin`` credentials to gain access to
admin-only CLI commands:
.. code-block:: console
$ . admin-openrc
#. To create the service credentials, complete these steps:
* Create the ``zun`` user:
.. code-block:: console
$ openstack user create --domain default --password-prompt zun
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ca2e175b851943349be29a328cc5e360 |
| name | zun |
+-----------+----------------------------------+
* Add the ``admin`` role to the ``zun`` user:
.. code-block:: console
$ openstack role add --project service --user zun admin
.. note::
This command provides no output.
* Create the ``zun`` service entities:
.. code-block:: console
$ openstack service create --name zun \
--description "Container Service" container
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Container Service |
| enabled | True |
| id | 727841c6f5df4773baa4e8a5ae7d72eb |
| name | zun |
| type | container |
+-------------+----------------------------------+
#. Create the Container service API endpoints:
.. code-block:: console
$ openstack endpoint create --region RegionOne \
container public http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
container internal http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 9489f78e958e45cc85570fec7e836d98 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
container admin http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 76091559514b40c6b7b38dde790efe99 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
Install and configure components
--------------------------------
#. Create zun user and necessary directories:
* Create user:
.. code-block:: console
# groupadd --system zun
# useradd --home-dir "/var/lib/zun" \
--create-home \
--system \
--shell /bin/false \
-g zun \
zun
* Create directories:
.. code-block:: console
# mkdir -p /etc/zun
# chown zun:zun /etc/zun
#. Install the following dependencies:
For Ubuntu, run:
.. code-block:: console
# apt-get install python-pip git
For CentOS, run:
.. code-block:: console
# yum install python-pip git python-devel libffi-devel gcc openssl-devel
.. note::
``python-pip`` package is not in CentOS base repositories,
may need to install EPEL repository in order to have
``python-pip`` available.
#. Clone and install zun:
.. code-block:: console
# cd /var/lib/zun
# git clone https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install
#. Generate a sample configuration file:
.. code-block:: console
# su -s /bin/sh -c "oslo-config-generator \
--config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
/etc/zun/zun.conf" zun
#. Copy api-paste.ini:
.. code-block:: console
# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun
#. Edit the ``/etc/zun/zun.conf``:
* In the ``[DEFAULT]`` section,
configure ``RabbitMQ`` message queue access:
.. code-block:: ini
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in ``RabbitMQ``.
* In the ``[api]`` section, configure the IP address that Zun API
server is going to listen:
.. code-block:: ini
[api]
...
host_ip = 10.0.0.11
port = 9517
Replace ``10.0.0.11`` with the management interface IP address
of the controller node if different.
* In the ``[database]`` section, configure database access:
.. code-block:: ini
[database]
...
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
Replace ``ZUN_DBPASS`` with the password you chose for
the zun database.
* In the ``[keystone_auth]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
* In the ``[keystone_authtoken]`` section, configure
Identity service access:
.. code-block:: ini
[keystone_authtoken]
...
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
Replace ZUN_PASS with the password you chose for the zun user in the
Identity service.
* In the ``[oslo_concurrency]`` section, configure the ``lock_path``:
.. code-block:: ini
[oslo_concurrency]
...
lock_path = /var/lib/zun/tmp
* In the ``[oslo_messaging_notifications]`` section, configure the
``driver``:
.. code-block:: ini
[oslo_messaging_notifications]
...
driver = messaging
* In the ``[websocket_proxy]`` section, configure the IP address that
the websocket proxy is going to listen to:
.. code-block:: ini
[websocket_proxy]
...
wsproxy_host = 10.0.0.11
wsproxy_port = 6784
base_url = ws://controller:6784/
.. note::
This ``base_url`` will be used by end users to access the console of
their containers so make sure this URL is accessible from your
intended users and the port ``6784`` is not blocked by firewall.
Replace ``10.0.0.11`` with the management interface IP address
of the controller node if different.
.. note::
Make sure that ``/etc/zun/zun.conf`` still have the correct
permissions. You can set the permissions again with:
# chown zun:zun /etc/zun/zun.conf
#. Populate Zun database:
.. code-block:: console
# su -s /bin/sh -c "zun-db-manage upgrade" zun
Finalize installation
---------------------
#. Create an upstart config, it could be named as
``/etc/systemd/system/zun-api.service``:
.. note::
CentOS install binary files into ``/usr/bin/``,
replace ``/usr/local/bin/`` directory with the correct
in the following example files.
.. code-block:: bash
[Unit]
Description = OpenStack Container Service API
[Service]
ExecStart = /usr/local/bin/zun-api
User = zun
[Install]
WantedBy = multi-user.target
#. Create an upstart config, it could be named as
``/etc/systemd/system/zun-wsproxy.service``:
.. code-block:: bash
[Unit]
Description = OpenStack Container Service Websocket Proxy
[Service]
ExecStart = /usr/local/bin/zun-wsproxy
User = zun
[Install]
WantedBy = multi-user.target
#. Enable and start zun-api and zun-wsproxy:
.. code-block:: console
# systemctl enable zun-api
# systemctl enable zun-wsproxy
.. code-block:: console
# systemctl start zun-api
# systemctl start zun-wsproxy
#. Verify that zun-api and zun-wsproxy services are running:
.. code-block:: console
# systemctl status zun-api
# systemctl status zun-wsproxy
controller-install-ubuntu.rst