Install and configure for Red Hat Enterprise Linux and CentOS¶
This section describes how to install and configure the Container Infrastructure Management service for Red Hat Enterprise Linux 7 and CentOS 7.
Prerequisites¶
Before you install and configure the Container Infrastructure Management service, you must create a database, service credentials, and API endpoints.
- To create the database, complete these steps: - Use the database access client to connect to the database server as the - rootuser:- # mysql
- Create the - magnumdatabase:- CREATE DATABASE magnum;
- Grant proper access to the - magnumdatabase:- GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'localhost' \ IDENTIFIED BY 'MAGNUM_DBPASS'; GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \ IDENTIFIED BY 'MAGNUM_DBPASS'; - Replace - MAGNUM_DBPASSwith a suitable password.
- Exit the database access client. 
 
- Source the - admincredentials to gain access to admin-only CLI commands:- $ . admin-openrc
- To create the service credentials, complete these steps: - Create the - magnumuser:- $ openstack user create --domain default \ --password-prompt magnum User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | a8ebafc275c54d389dfc1bff8b4fe286 | | name | magnum | +-----------+----------------------------------+ 
- Add the - adminrole to the- magnumuser:- $ openstack role add --project service --user magnum admin- Note - This command provides no output. 
- Create the - magnumservice entity:- $ openstack service create --name magnum \ --description "OpenStack Container Infrastructure Management Service" \ container-infra +-------------+-------------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------------+ | description | OpenStack Container Infrastructure Management Service | | enabled | True | | id | 194faf83e8fd4e028e5ff75d3d8d0df2 | | name | magnum | | type | container-infra | +-------------+-------------------------------------------------------+ 
 
- Create the Container Infrastructure Management service API endpoints: - $ openstack endpoint create --region RegionOne \ container-infra public http://CONTROLLER_IP:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cb137e6366ad495bb521cfe92d8b8858 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://CONTROLLER_IP:9511/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ container-infra internal http://CONTROLLER_IP:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 17cbc3b6f51449a0a818118d6d62868d | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://CONTROLLER_IP:9511/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ container-infra admin http://CONTROLLER_IP:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 30f8888e6b6646d7b5cd14354c95a684 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://CONTROLLER_IP:9511/v1 | +--------------+----------------------------------+ - Replace - CONTROLLER_IPwith the IP magnum listens to. Alternatively, you can use a hostname which is reachable by the Compute instances.
- Magnum requires additional information in the Identity service to manage COE clusters. To add this information, complete these steps: - Create the - magnumdomain that contains projects and users:- $ openstack domain create --description "Owns users and projects \ created by magnum" magnum +-------------+-------------------------------------------+ | Field | Value | +-------------+-------------------------------------------+ | description | Owns users and projects created by magnum | | enabled | True | | id | 66e0469de9c04eda9bc368e001676d20 | | name | magnum | +-------------+-------------------------------------------+ 
- Create the - magnum_domain_adminuser to manage projects and users in the- magnumdomain:- $ openstack user create --domain magnum --password-prompt \ magnum_domain_admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 66e0469de9c04eda9bc368e001676d20 | | enabled | True | | id | 529b81cf35094beb9784c6d06c090c2b | | name | magnum_domain_admin | +-----------+----------------------------------+ 
- Add the - adminrole to the- magnum_domain_adminuser in the- magnumdomain to enable administrative management privileges by the- magnum_domain_adminuser:- $ openstack role add --domain magnum --user-domain magnum --user \ magnum_domain_admin admin - Note - This command provides no output. 
 
Install and configure components¶
- Install the packages: - # yum install openstack-magnum-api openstack-magnum-conductor python-magnumclient
- Edit the - /etc/magnum/magnum.conffile:- In the - [api]section, configure the host:- [api] ... host = CONTROLLER_IP - Replace - CONTROLLER_IPwith the IP address on which you wish magnum api should listen.
- In the - [certificates]section, select- barbican(or- x509keypairif you don’t have barbican installed):- Use barbican to store certificates: - [certificates] ... cert_manager_type = barbican 
 - Important - Barbican is recommended for production environments. - To store x509 certificates in magnum’s database: - [certificates] ... cert_manager_type = x509keypair 
 
- In the - [cinder_client]section, configure the region name:- [cinder_client] ... region_name = RegionOne 
- In the - [database]section, configure database access:- [database] ... connection = mysql+pymysql://magnum:MAGNUM_DBPASS@controller/magnum - Replace - MAGNUM_DBPASSwith the password you chose for the magnum database.
- In the - [keystone_authtoken]and- [trust]sections, configure Identity service access:- [keystone_authtoken] ... memcached_servers = controller:11211 auth_version = v3 www_authenticate_uri = http://controller:5000/v3 project_domain_id = default project_name = service user_domain_id = default password = MAGNUM_PASS username = magnum auth_url = http://controller:5000 auth_type = password admin_user = magnum admin_password = MAGNUM_PASS admin_tenant_name = service [trust] ... trustee_domain_name = magnum trustee_domain_admin_name = magnum_domain_admin trustee_domain_admin_password = DOMAIN_ADMIN_PASS trustee_keystone_interface = KEYSTONE_INTERFACE - Replace MAGNUM_PASS with the password you chose for the magnum user in the Identity service and DOMAIN_ADMIN_PASS with the password you chose for the - magnum_domain_adminuser.- Replace KEYSTONE_INTERFACE with either - publicor- internaldepending on your network configuration. If your instances cannot reach internal keystone endpoint which is often the case in production environments it should be set to- public. Default to- public
- In the - [oslo_messaging_notifications]section, configure the- driver:- [oslo_messaging_notifications] ... driver = messaging 
- In the - [DEFAULT]section, configure- RabbitMQmessage queue access:- [DEFAULT] ... transport_url = rabbit://openstack:RABBIT_PASS@controller - Replace - RABBIT_PASSwith the password you chose for the- openstackaccount in- RabbitMQ.
 
- Additionally, edit the - /etc/magnum/magnum.conffile:- In the - [oslo_concurrency]section, configure the- lock_path:- [oslo_concurrency] ... lock_path = /var/lib/magnum/tmp 
 
- Populate Magnum database: - # su -s /bin/sh -c "magnum-db-manage upgrade" magnum 
Finalize installation¶
- Start the Container Infrastructure Management services and configure them to start when the system boots: - # systemctl enable openstack-magnum-api.service \ openstack-magnum-conductor.service # systemctl start openstack-magnum-api.service \ openstack-magnum-conductor.service 
