openstack/zun
Code Issues Proposed changes
zun/doc/source/install/compute-install-ubuntu.rst
Hongbin Lu e5a9190e1c Add a note about configuration of ws url 
The common problems that users ran into is that they are not
able to access the container's console in browser (via Horizon).
The reason is that the ws_proxy's URL is not accessible from
the browser. Either the configured IP address is not accessible
from outside or the port was blocked. This patch adds a note to
explain how to configure the websocket proxy's URL propertly.

Change-Id: Ifac45550f22409c2348e1b14ff46606a7bf09a89
2018-04-07 22:46:45 +00:00

6.4 KiB
Raw Blame History

Install and configure a compute node for Ubuntu

This section describes how to install and configure the Container service on a compute node for Ubuntu 16.04 (LTS).

Prerequisites

Before you install and configure Zun, you must have Docker and Kuryr-libnetwork installed properly in the compute node. Refer Get Docker for Docker installation and Kuryr libnetwork installation guide

Install and configure components

  1. Create zun user and necessary directories:

    • Create user:

      # groupadd --system zun
# useradd --home-dir "/var/lib/zun" \
      --create-home \
      --system \
      --shell /bin/false \
      -g zun \
      zun

    • Create directories:

      # mkdir -p /etc/zun
# chown zun:zun /etc/zun

  2. Clone and install zun:

    # apt-get install python-pip
# cd /var/lib/zun
# git clone https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install

  3. Generate a sample configuration file:

    # su -s /bin/sh -c "oslo-config-generator \
    --config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
    /etc/zun/zun.conf" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.conf \
    /etc/zun/rootwrap.conf" zun
# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* \
    /etc/zun/rootwrap.d/" zun

  4. Configure sudoers for zun users:

    # echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \
    /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap

  5. Edit the /etc/zun/zun.conf:

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    • In the [DEFAULT] section, configure the path that is used by Zun to store the states:

      [DEFAULT]
...
state_path = /var/lib/zun

    • In the [database] section, configure database access:

      [database]
...
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun

      Replace ZUN_DBPASS with the password you chose for the zun database.

    • In the [keystone_auth] section, configure Identity service access:

      [keystone_auth]
memcached_servers = controller:11211
auth_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:35357
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL

    • In the [keystone_authtoken] section, configure Identity service access:

      [keystone_authtoken]
...
memcached_servers = controller:11211
auth_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:35357
auth_type = password

      Replace ZUN_PASS with the password you chose for the zun user in the Identity service.

    • In the [websocket_proxy] section, configure the URL of the websocket proxy. This URL must match the websocket configuration in controller node:

      [websocket_proxy]
...
base_url = ws://controller:6784/

.. note::

  This URL will be used by end users to access the console of their
  containers so make sure this URL is accessible from your intended
  users.

    • In the [oslo_concurrency] section, configure the lock_path:

      [oslo_concurrency]
...
lock_path = /var/lib/zun/tmp

    Note

    Make sure that /etc/zun/zun.conf still have the correct permissions. You can set the permissions again with:

    # chown zun:zun /etc/zun/zun.conf

  6. Configure Docker and Kuryr:

    • Create the directory /etc/systemd/system/docker.service.d

      # mkdir -p /etc/systemd/system/docker.service.d

    • Create the file /etc/systemd/system/docker.service.d/docker.conf. Configure docker to listen to port 2375 as well as the default unix socket. Also, configure docker to use etcd3 as storage backend:

      [Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379

    • Restart Docker:

      # systemctl daemon-reload
# systemctl restart docker

    • Edit the Kuryr config file /etc/kuryr/kuryr.conf. Set capability_scope to global:

      [DEFAULT]
...
capability_scope = global

    • Restart Kuryr-libnetwork:

      # systemctl restart kuryr-libnetwork

Finalize installation

  1. Create an upstart config, it could be named as /etc/systemd/system/zun-compute.service:

    [Unit]
Description = OpenStack Container Service Compute Agent

[Service]
ExecStart = /usr/local/bin/zun-compute
User = zun

[Install]
WantedBy = multi-user.target

  2. Enable and start zun-compute:

    # systemctl enable zun-compute
# systemctl start zun-compute

  3. Verify that zun-compute services are running:

    # systemctl status zun-compute