Manual Installation¶
Note
The content of this document has been confirmed to work using Tacker 2024.2 Dalmatian.
Note
This installation guide contents are specific to Ubuntu. Some steps in this installation guide may be invalid for other distributions.
This document describes how to install and run Tacker manually.
Pre-requisites¶
Install required components.
Ensure that all minimum OpenStack components that is required by Tacker such as Keystone and Barbican are installed. Refer the list below for installation of required OpenStack components.
Create
admin-openrcfor environment variables.$ vi admin-openrc export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=<ADMIN_PASSWORD> export OS_AUTH_URL=http://<KEYSTONE_IP>/identity export OS_INTERFACE=public export OS_IDENTITY_API_VERSION=3 export OS_REGION_NAME=RegionOne
Guide¶
Installing Tacker Server¶
Note
If you would like to use PostgreSQL, please reference Install via Devstack document.
Create MySQL database and user.
$ mysql -uroot -p
Create database
tackerand grant privileges totackeruser with password<TACKERDB_PASSWORD>on all tables.mysql> CREATE DATABASE tacker; Query OK, 1 row affected (0.30 sec) mysql> CREATE USER 'tacker'@'localhost' IDENTIFIED BY '<TACKERDB_PASSWORD>'; Query OK, 0 rows affected (0.58 sec) mysql> GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'localhost'; Query OK, 0 rows affected (0.18 sec) mysql> CREATE USER 'tacker'@'%' IDENTIFIED BY '<TACKERDB_PASSWORD>'; Query OK, 0 rows affected (0.21 sec) mysql> GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%'; Query OK, 0 rows affected (0.28 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.18 sec) mysql> exit; bye
Create OpenStack user, role and endpoint.
Set admin credentials to gain access to admin-only CLI commands.
$ source admin-openrc
Create
tackeruser and set admin role ofserviceproject.Note
Project name can be
serviceorservicesdepending on your OpenStack distribution.$ openstack user create --domain default \ --password <TACKER_SERVICE_USER_PASSWORD> tacker +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | default_project_id | None | | domain_id | default | | email | None | | enabled | True | | id | 60c2c54a22db42e2936dc45704760067 | | name | tacker | | description | None | | password_expires_at | None | +---------------------+----------------------------------+ $ openstack role add --project service --user tacker admin
Create
tackerservice.$ openstack service create --name tacker \ --description "Tacker Project" nfv-orchestration +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | id | 88c795ad82da450eb642747efabb6594 | | name | tacker | | type | nfv-orchestration | | enabled | True | | description | Tacker Project | +-------------+----------------------------------+
Provide an endpoint to
tackerservice.$ openstack endpoint create --region RegionOne nfv-orchestration \ public http://<TACKER_NODE_IP>:9890/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 94b7c6175cdd4f51a26bb61676e9afea | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 644e7c170eac450f90cddc9ac3c6a6b1 | | service_name | tacker | | service_type | nfv-orchestration | | url | http://<TACKER_NODE_IP>:9890 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne nfv-orchestration \ internal http://<TACKER_NODE_IP>:9890/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 8c9ede5c124a4afb9cc9da12486538cb | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 644e7c170eac450f90cddc9ac3c6a6b1 | | service_name | tacker | | service_type | nfv-orchestration | | url | http://<TACKER_NODE_IP>:9890 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne nfv-orchestration \ admin http://<TACKER_NODE_IP>:9890/ +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 519c22404027446cba4bd9399f72cc54 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 644e7c170eac450f90cddc9ac3c6a6b1 | | service_name | tacker | | service_type | nfv-orchestration | | url | http://<TACKER_NODE_IP>:9890 | +--------------+----------------------------------+
Clone Tacker repository.
Note
You should install Tacker with the user that you installed the other Openstack components. Make sure to change the user before Installing. If you had specific python environment for openstack components, make sure to change python environment, too.
Note
Replace the
<branch_name>in command with specific branch name, such asstable/2024.2.$ cd ~ $ git clone https://opendev.org/openstack/tacker.git -b <branch_name>
Install Tacker server.
$ pip3 install ./tacker
Create directories for Tacker.
Directories for storing logs and extracted CSAR files are required.
Note
In case of multi node deployment,
csar_filesdirectory should be configured on a shared storage.$ mkdir -p log/tacker \ data/tacker/vnfpackages \ data/tacker/csar_files
Generate the sample Tacker configuration file and edit as necessary.
Note
You can reference how to generate sample Tacker configuration file also in README of etc/tacker.
Note
Ignore any warnings generated while using the
generate_config_file_sample.sh.$ cd tacker/ $ bash tools/generate_config_file_sample.sh
Note
The path of
tacker-rootwrapvaries according to the operating system. You can find the path oftacker-rootwrapby the following command.$ which tacker-rootwrapMinimum configurations shown below should be in Tacker configuration file.
$ sudo vi etc/tacker/tacker.conf.sample [DEFAULT] auth_strategy = keystone debug = True use_syslog = False log_dir = <HOME_DIR>/log/tacker state_path = <HOME_DIR>/data/tacker transport_url = rabbit://<RABBIT_USERID>:<RABBIT_PASSWORD>@<TACKER_NODE_IP>:5672/ ... [keystone_authtoken] memcached_servers = <TACKER_NODE_IP>:11211 region_name = RegionOne project_domain_name = Default project_name = service user_domain_name = Default password = <TACKER_SERVICE_USER_PASSWORD> username = tacker auth_url = http://<KEYSTONE_IP>/identity interface = public auth_type = password ... [glance_store] default_backend = file filesystem_store_datadir = <HOME_DIR>/data/tacker/csar_files ... [vnf_package] vnf_package_csar_path = <HOME_DIR>/data/tacker/vnfpackages ... [agent] root_helper = sudo <PATH_TO_TACKER_ROOTWRAP>/tacker-rootwrap /etc/tacker/rootwrap.conf ... [database] connection = mysql+pymysql://tacker:<TACKERDB_PASSWORD>@<MYSQL_IP>:3306/tacker?charset=utf8
Setting rootwrap for Tacker.
$ echo "$USER ALL=(root) NOPASSWD: $(which tacker-rootwrap) \ /etc/tacker/rootwrap.conf *" > temp_file $ chmod 0440 temp_file $ sudo chown root:root temp_file $ sudo mv temp_file /etc/sudoers.d/tacker-rootwrap
Create the
/etc/tacker/directory and copy the contents ofetc/tackerto created directory.$ sudo install -d -o $USER /etc/tacker $ cp etc/tacker/tacker.conf.sample /etc/tacker/tacker.conf $ cp etc/tacker/api-paste.ini /etc/tacker/ $ cp etc/tacker/rootwrap.conf /etc/tacker/ $ cp -r etc/tacker/rootwrap.d/ /etc/tacker/ $ cp etc/tacker/prometheus-plugin.yaml /etc/tacker/
Populate Tacker database.
$ tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head
To make Tacker be controlled from systemd, edit and copy
tacker.serviceandtacker-conductor.servicefile to/etc/systemd/system/directory, and restartsystemctldaemon. Before copying to system folder, be sure to add user used to install Tacker to service user and be sure to change the path of Tacker-server and Tacker-conductor to correct path.$ sed -i "/^\[Service\]/a User = $USER" \ etc/systemd/system/tacker.service $ sed -i "s|/usr/local/bin/tacker-server|$(which tacker-server)|g" \ etc/systemd/system/tacker.service $ sudo cp etc/systemd/system/tacker.service /etc/systemd/system/ $ sed -i "/^\[Service\]/a User = $USER" \ etc/systemd/system/tacker-conductor.service $ sed -i "s|/usr/local/bin/tacker-conductor|$(which tacker-conductor)|g" \ etc/systemd/system/tacker-conductor.service $ sudo cp etc/systemd/system/tacker-conductor.service /etc/systemd/system/ $ sudo systemctl daemon-reload
Start Tacker server. And enable Tacker server to start Tacker server every time system is restarted.
$ sudo systemctl start tacker.service $ sudo systemctl start tacker-conductor.service $ sudo systemctl enable tacker.service $ sudo systemctl enable tacker-conductor.service
Note
When using openstack commands to access Tacker APIs, the openrc file for Tacker should be created with the user created above. And see Command-Line Interface Reference for how to use openstack commands for Tacker.
$ vi tacker-openrc export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=service export OS_USERNAME=tacker export OS_PASSWORD=<TACKER_SERVICE_USER_PASSWORD> export OS_AUTH_URL=http://<KEYSTONE_IP>/identity export OS_INTERFACE=public export OS_IDENTITY_API_VERSION=3 export OS_REGION_NAME=RegionOne
