Install and configure for openSUSE and SUSE Linux Enterprise¶
This section describes how to install and configure the Container Infrastructure Management service for openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2.
Prerequisites¶
Before you install and configure the Container Infrastructure Management service, you must create a database, service credentials, and API endpoints.
To create the database, complete these steps:
Use the database access client to connect to the database server as the
root
user:# mysql
Create the
magnum
database:CREATE DATABASE magnum;
Grant proper access to the
magnum
database:GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'localhost' \ IDENTIFIED BY 'MAGNUM_DBPASS'; GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \ IDENTIFIED BY 'MAGNUM_DBPASS';
Replace
MAGNUM_DBPASS
with a suitable password.Exit the database access client.
Source the
admin
credentials to gain access to admin-only CLI commands:$ . admin-openrc
To create the service credentials, complete these steps:
Create the
magnum
user:$ openstack user create --domain default \ --password-prompt magnum User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | a8ebafc275c54d389dfc1bff8b4fe286 | | name | magnum | +-----------+----------------------------------+
Add the
admin
role to themagnum
user:$ openstack role add --project service --user magnum admin
Note
This command provides no output.
Create the
magnum
service entity:$ openstack service create --name magnum \ --description "OpenStack Container Infrastructure Management Service" \ container-infra +-------------+-------------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------------+ | description | OpenStack Container Infrastructure Management Service | | enabled | True | | id | 194faf83e8fd4e028e5ff75d3d8d0df2 | | name | magnum | | type | container-infra | +-------------+-------------------------------------------------------+
Create the Container Infrastructure Management service API endpoints:
$ openstack endpoint create --region RegionOne \ container-infra public http://CONTROLLER_IP:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cb137e6366ad495bb521cfe92d8b8858 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://CONTROLLER_IP:9511/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ container-infra internal http://CONTROLLER_IP:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 17cbc3b6f51449a0a818118d6d62868d | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://CONTROLLER_IP:9511/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ container-infra admin http://CONTROLLER_IP:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 30f8888e6b6646d7b5cd14354c95a684 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://CONTROLLER_IP:9511/v1 | +--------------+----------------------------------+
Replace
CONTROLLER_IP
with the IP magnum listens to. Alternatively, you can use a hostname which is reachable by the Compute instances.Magnum requires additional information in the Identity service to manage COE clusters. To add this information, complete these steps:
Create the
magnum
domain that contains projects and users:$ openstack domain create --description "Owns users and projects \ created by magnum" magnum +-------------+-------------------------------------------+ | Field | Value | +-------------+-------------------------------------------+ | description | Owns users and projects created by magnum | | enabled | True | | id | 66e0469de9c04eda9bc368e001676d20 | | name | magnum | +-------------+-------------------------------------------+
Create the
magnum_domain_admin
user to manage projects and users in themagnum
domain:$ openstack user create --domain magnum --password-prompt \ magnum_domain_admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 66e0469de9c04eda9bc368e001676d20 | | enabled | True | | id | 529b81cf35094beb9784c6d06c090c2b | | name | magnum_domain_admin | +-----------+----------------------------------+
Add the
admin
role to themagnum_domain_admin
user in themagnum
domain to enable administrative management privileges by themagnum_domain_admin
user:$ openstack role add --domain magnum --user-domain magnum --user \ magnum_domain_admin admin
Note
This command provides no output.
Install and configure components¶
Install the packages:
# zypper install openstack-magnum-api openstack-magnum-conductor python-magnumclient
Edit the
/etc/magnum/magnum.conf
file:In the
[api]
section, configure the host:[api] ... host = CONTROLLER_IP
Replace
CONTROLLER_IP
with the IP address on which you wish magnum api should listen.In the
[certificates]
section, selectbarbican
(orx509keypair
if you don’t have barbican installed):Use barbican to store certificates:
[certificates] ... cert_manager_type = barbican
Important
Barbican is recommended for production environments.
To store x509 certificates in magnum’s database:
[certificates] ... cert_manager_type = x509keypair
In the
[cinder_client]
section, configure the region name:[cinder_client] ... region_name = RegionOne
In the
[database]
section, configure database access:[database] ... connection = mysql+pymysql://magnum:MAGNUM_DBPASS@controller/magnum
Replace
MAGNUM_DBPASS
with the password you chose for the magnum database.In the
[keystone_authtoken]
and[trust]
sections, configure Identity service access:[keystone_authtoken] ... memcached_servers = controller:11211 auth_version = v3 www_authenticate_uri = http://controller:5000/v3 project_domain_id = default project_name = service user_domain_id = default password = MAGNUM_PASS username = magnum auth_url = http://controller:5000 auth_type = password admin_user = magnum admin_password = MAGNUM_PASS admin_tenant_name = service [trust] ... trustee_domain_name = magnum trustee_domain_admin_name = magnum_domain_admin trustee_domain_admin_password = DOMAIN_ADMIN_PASS trustee_keystone_interface = KEYSTONE_INTERFACE
Replace MAGNUM_PASS with the password you chose for the magnum user in the Identity service and DOMAIN_ADMIN_PASS with the password you chose for the
magnum_domain_admin
user.Replace KEYSTONE_INTERFACE with either
public
orinternal
depending on your network configuration. If your instances cannot reach internal keystone endpoint which is often the case in production environments it should be set topublic
. Default topublic
In the
[oslo_messaging_notifications]
section, configure thedriver
:[oslo_messaging_notifications] ... driver = messaging
In the
[DEFAULT]
section, configureRabbitMQ
message queue access:[DEFAULT] ... transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace
RABBIT_PASS
with the password you chose for theopenstack
account inRabbitMQ
.
Populate Magnum database:
# su -s /bin/sh -c "magnum-db-manage upgrade" magnum
Finalize installation¶
Start the Container Infrastructure Management services and configure them to start when the system boots:
# systemctl enable openstack-magnum-api.service \ openstack-magnum-conductor.service # systemctl start openstack-magnum-api.service \ openstack-magnum-conductor.service