This section describes how to install and configure the Container service on the controller node for Ubuntu 16.04 (LTS) and CentOS 7.
Before you install and configure Zun, you must create a database, service credentials, and API endpoints.
To create the database, complete these steps:
Use the database access client to connect to the database
server as the root
user:
# mysql
Create the zun
database:
MariaDB [(none)] CREATE DATABASE zun;
Grant proper access to the zun
database:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' \
IDENTIFIED BY 'ZUN_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' \
IDENTIFIED BY 'ZUN_DBPASS';
Replace ZUN_DBPASS
with a suitable password.
Exit the database access client.
Source the admin
credentials to gain access to
admin-only CLI commands:
$ . admin-openrc
To create the service credentials, complete these steps:
Create the zun
user:
$ openstack user create --domain default --password-prompt zun
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ca2e175b851943349be29a328cc5e360 |
| name | zun |
+-----------+----------------------------------+
Add the admin
role to the zun
user:
$ openstack role add --project service --user zun admin
Note
This command provides no output.
Create the zun
service entities:
$ openstack service create --name zun \
--description "Container Service" container
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Container Service |
| enabled | True |
| id | 727841c6f5df4773baa4e8a5ae7d72eb |
| name | zun |
| type | container |
+-------------+----------------------------------+
Create the Container service API endpoints:
$ openstack endpoint create --region RegionOne \
container public http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
container internal http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 9489f78e958e45cc85570fec7e836d98 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
container admin http://controller:9517/v1
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 76091559514b40c6b7b38dde790efe99 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+-----------------------------------------+
Create zun user and necessary directories:
Create user:
# groupadd --system zun
# useradd --home-dir "/var/lib/zun" \
--create-home \
--system \
--shell /bin/false \
-g zun \
zun
Create directories:
# mkdir -p /etc/zun
# chown zun:zun /etc/zun
Install the following dependencies:
For Ubuntu, run:
# apt-get install python-pip git
For CentOS, run:
# yum install python-pip git python-devel libffi-devel gcc openssl-devel
Note
python-pip
package is not in CentOS base repositories,
may need to install EPEL repository in order to have
python-pip
available.
Clone and install zun:
# cd /var/lib/zun
# git clone -b stable/stein https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install
Generate a sample configuration file:
# su -s /bin/sh -c "oslo-config-generator \
--config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
/etc/zun/zun.conf" zun
Copy api-paste.ini:
# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun
Edit the /etc/zun/zun.conf
:
In the [DEFAULT]
section,
configure RabbitMQ
message queue access:
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller
Replace RABBIT_PASS
with the password you chose for the
openstack
account in RabbitMQ
.
In the [api]
section, configure the IP address that Zun API
server is going to listen:
[api]
...
host_ip = 10.0.0.11
port = 9517
Replace 10.0.0.11
with the management interface IP address
of the controller node if different.
In the [database]
section, configure database access:
[database]
...
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
Replace ZUN_DBPASS
with the password you chose for
the zun database.
In the [keystone_auth]
section, configure
Identity service access:
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
In the [keystone_authtoken]
section, configure
Identity service access:
[keystone_authtoken]
...
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
Replace ZUN_PASS with the password you chose for the zun user in the Identity service.
In the [oslo_concurrency]
section, configure the lock_path
:
[oslo_concurrency]
...
lock_path = /var/lib/zun/tmp
In the [oslo_messaging_notifications]
section, configure the
driver
:
[oslo_messaging_notifications]
...
driver = messaging
In the [websocket_proxy]
section, configure the IP address that
the websocket proxy is going to listen to:
[websocket_proxy]
...
wsproxy_host = 10.0.0.11
wsproxy_port = 6784
base_url = ws://controller:6784/
.. note::
This ``base_url`` will be used by end users to access the console of
their containers so make sure this URL is accessible from your
intended users and the port ``6784`` is not blocked by firewall.
Replace 10.0.0.11
with the management interface IP address
of the controller node if different.
Note
Make sure that /etc/zun/zun.conf
still have the correct
permissions. You can set the permissions again with:
# chown zun:zun /etc/zun/zun.conf
Populate Zun database:
# su -s /bin/sh -c "zun-db-manage upgrade" zun
Create an upstart config, it could be named as
/etc/systemd/system/zun-api.service
:
Note
CentOS install binary files into /usr/bin/
,
replace /usr/local/bin/
directory with the correct
in the following example files.
[Unit]
Description = OpenStack Container Service API
[Service]
ExecStart = /usr/local/bin/zun-api
User = zun
[Install]
WantedBy = multi-user.target
Create an upstart config, it could be named as
/etc/systemd/system/zun-wsproxy.service
:
[Unit]
Description = OpenStack Container Service Websocket Proxy
[Service]
ExecStart = /usr/local/bin/zun-wsproxy
User = zun
[Install]
WantedBy = multi-user.target
Enable and start zun-api and zun-wsproxy:
# systemctl enable zun-api
# systemctl enable zun-wsproxy
# systemctl start zun-api
# systemctl start zun-wsproxy
Verify that zun-api and zun-wsproxy services are running:
# systemctl status zun-api
# systemctl status zun-wsproxy
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.