Install and configure a compute node for Ubuntu

Install and configure a compute node for Ubuntu

This section describes how to install and configure the Container service on a compute node for Ubuntu 16.04 (LTS).

Prerequisites

Before you install and configure Zun, you must have Docker and Kuryr-libnetwork installed properly in the compute node. Refer Get Docker for Docker installation and Kuryr libnetwork installation guide

Install and configure components

  1. Create zun user and necessary directories:

    • Create user:

      # groupadd --system zun
      # useradd --home-dir "/var/lib/zun" \
            --create-home \
            --system \
            --shell /bin/false \
            -g zun \
            zun
      
    • Create directories:

      # mkdir -p /etc/zun
      # chown zun:zun /etc/zun
      
  2. Clone and install zun:

    # cd /var/lib/zun
    # git clone -b stable/queens https://git.openstack.org/openstack/zun.git
    # chown -R zun:zun zun
    # cd zun
    # pip install -r requirements.txt
    # python setup.py install
    
  3. Generate a sample configuration file:

    # su -s /bin/sh -c "oslo-config-generator \
        --config-file etc/zun/zun-config-generator.conf" zun
    # su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
        /etc/zun/zun.conf" zun
    # su -s /bin/sh -c "cp etc/zun/rootwrap.conf \
        /etc/zun/rootwrap.conf" zun
    # su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
    # su -s /bin/sh -c "cp etc/zun/rootwrap.d/* \
        /etc/zun/rootwrap.d/" zun
    
  4. Configure sudoers for zun users:

    # echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \
        /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap
    
  5. Edit the /etc/zun/zun.conf:

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
      ...
      transport_url = rabbit://openstack:RABBIT_PASS@controller
      

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    • In the [DEFAULT] section, configure the path that is used by Zun to store the states:

      [DEFAULT]
      ...
      state_path = /var/lib/zun
      
    • In the [database] section, configure database access:

      [database]
      ...
      connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
      

      Replace ZUN_DBPASS with the password you chose for the zun database.

    • In the [keystone_auth] section, configure Identity service access:

      [keystone_auth]
      memcached_servers = controller:11211
      auth_uri = http://controller:5000
      project_domain_name = default
      project_name = service
      user_domain_name = default
      password = ZUN_PASS
      username = zun
      auth_url = http://controller:35357
      auth_type = password
      auth_version = v3
      auth_protocol = http
      service_token_roles_required = True
      endpoint_type = internalURL
      
    • In the [keystone_authtoken] section, configure Identity service access:

      [keystone_authtoken]
      ...
      memcached_servers = controller:11211
      auth_uri = http://controller:5000
      project_domain_name = default
      project_name = service
      user_domain_name = default
      password = ZUN_PASS
      username = zun
      auth_url = http://controller:35357
      auth_type = password
      

      Replace ZUN_PASS with the password you chose for the zun user in the Identity service.

    • In the [websocket_proxy] section, configure the URL of the websocket proxy. This URL must match the websocket configuration in controller node:

       [websocket_proxy]
       ...
       base_url = ws://controller:6784/
      
      .. note::
      
         This URL will be used by end users to access the console of their
         containers so make sure this URL is accessible from your intended
         users.
      
    • In the [oslo_concurrency] section, configure the lock_path:

      [oslo_concurrency]
      ...
      lock_path = /var/lib/zun/tmp
      

    Note

    Make sure that /etc/zun/zun.conf still have the correct permissions. You can set the permissions again with:

    # chown zun:zun /etc/zun/zun.conf

  6. Configure Docker and Kuryr:

    • Create the directory /etc/systemd/system/docker.service.d

      # mkdir -p /etc/systemd/system/docker.service.d
      
    • Create the file /etc/systemd/system/docker.service.d/docker.conf. Configure docker to listen to port 2375 as well as the the default unix socket. Also, configure docker to use etcd3 as storage backend:

      [Service]
      ExecStart=
      ExecStart=/usr/bin/dockerd --group zun -H tcp://compute1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379
      
    • Restart Docker:

      # systemctl daemon-reload
      # systemctl restart docker
      
    • Edit the Kuryr config file /etc/kuryr/kuryr.conf. Set capability_scope to global:

      [DEFAULT]
      ...
      capability_scope = global
      
    • Restart Kuryr-libnetwork:

      # systemctl restart kuryr-libnetwork
      

Finalize installation

  1. Create an upstart config, it could be named as /etc/systemd/system/zun-compute.service:

    [Unit]
    Description = OpenStack Container Service Compute Agent
    
    [Service]
    ExecStart = /usr/local/bin/zun-compute
    User = zun
    
    [Install]
    WantedBy = multi-user.target
    
  2. Enable and start zun-compute:

    # systemctl enable zun-compute
    # systemctl start zun-compute
    
  3. Verify that zun-compute services are running:

    # systemctl status zun-compute
    
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.