Install and configure a compute node for Ubuntu

updated: 2019-05-18 18:57

Install and configure a compute node for Ubuntu

This section describes how to install and configure the Container service on a compute node for Ubuntu 16.04 (LTS).

Prerequisites

Before you install and configure Zun, you must have Docker and Kuryr-libnetwork installed properly in the compute node. Refer Get Docker for Docker installation and Kuryr libnetwork installation guide

Install and configure components

  1. Create zun user and necessary directories:

    • Create user:

      # groupadd --system zun
# useradd --home-dir "/var/lib/zun" \
      --create-home \
      --system \
      --shell /bin/false \
      -g zun \
      zun

    • Create directories:

      # mkdir -p /etc/zun
# chown zun:zun /etc/zun

  2. Clone and install zun:

    # cd /var/lib/zun
# git clone -b stable/queens https://git.openstack.org/openstack/zun.git
# chown -R zun:zun zun
# cd zun
# pip install -r requirements.txt
# python setup.py install

  3. Generate a sample configuration file:

    # su -s /bin/sh -c "oslo-config-generator \
    --config-file etc/zun/zun-config-generator.conf" zun
# su -s /bin/sh -c "cp etc/zun/zun.conf.sample \
    /etc/zun/zun.conf" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.conf \
    /etc/zun/rootwrap.conf" zun
# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* \
    /etc/zun/rootwrap.d/" zun

  4. Configure sudoers for zun users:

    # echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \
    /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap

  5. Edit the /etc/zun/zun.conf:

    • In the [DEFAULT] section, configure RabbitMQ message queue access:

      [DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller

      Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

    • In the [DEFAULT] section, configure the path that is used by Zun to store the states:

      [DEFAULT]
...
state_path = /var/lib/zun

    • In the [database] section, configure database access:

      [database]
...
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun

      Replace ZUN_DBPASS with the password you chose for the zun database.

    • In the [keystone_auth] section, configure Identity service access:

      [keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL

    • In the [keystone_authtoken] section, configure Identity service access:

      [keystone_authtoken]
...
memcached_servers = controller:11211
www_authenticate_uri= http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN_PASS
username = zun
auth_url = http://controller:5000
auth_type = password

      Replace ZUN_PASS with the password you chose for the zun user in the Identity service.

    • In the [websocket_proxy] section, configure the URL of the websocket proxy. This URL must match the websocket configuration in controller node:

       [websocket_proxy]
 ...
 base_url = ws://controller:6784/

.. note::

   This URL will be used by end users to access the console of their
   containers so make sure this URL is accessible from your intended
   users.

    • In the [oslo_concurrency] section, configure the lock_path:

      [oslo_concurrency]
...
lock_path = /var/lib/zun/tmp

    Note

    Make sure that /etc/zun/zun.conf still have the correct permissions. You can set the permissions again with:

    # chown zun:zun /etc/zun/zun.conf

  6. Configure Docker and Kuryr:

    • Create the directory /etc/systemd/system/docker.service.d

      # mkdir -p /etc/systemd/system/docker.service.d

    • Create the file /etc/systemd/system/docker.service.d/docker.conf. Configure docker to listen to port 2375 as well as the the default unix socket. Also, configure docker to use etcd3 as storage backend:

      [Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute1:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379

    • Restart Docker:

      # systemctl daemon-reload
# systemctl restart docker

    • Edit the Kuryr config file /etc/kuryr/kuryr.conf. Set capability_scope to global:

      [DEFAULT]
...
capability_scope = global

    • Restart Kuryr-libnetwork:

      # systemctl restart kuryr-libnetwork

Finalize installation

  1. Create an upstart config, it could be named as /etc/systemd/system/zun-compute.service:

    [Unit]
Description = OpenStack Container Service Compute Agent

[Service]
ExecStart = /usr/local/bin/zun-compute
User = zun

[Install]
WantedBy = multi-user.target

  2. Enable and start zun-compute:

    # systemctl enable zun-compute
# systemctl start zun-compute

  3. Verify that zun-compute services are running:

    # systemctl status zun-compute
updated: 2019-05-18 18:57
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?