10.1通过脚本安装Zun服务
10.2-10.12zun服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-zun-controller.sh进行安装
#Compute节点
执行脚本iaas-install-zun-compute.sh进行安装
10.2 安装zun服务软件包
#Controller节点
# yum install python-pip git openstack-zun openstack-zun-ui –y
10.3 创建数据库
# mysql -u root -p
mysql> CREATE DATABASE zun;
mysql> GRANT ALL PRIVILEGES ON zun.* TO zun@'localhost' IDENTIFIED BY '$ZUN_DBPASS';
mysql> GRANT ALL PRIVILEGES ON zun.* TO zun@'%' IDENTIFIED BY '$ZUN_DBPASS';
10.4 创建用户
# openstack user create --domain $DOMAIN_NAME --password $ZUN_PASS zun
# openstack role add --project service --user zun admin
# openstack user create --domain $DOMAIN_NAME --password $KURYR_PASS kuryr
# openstack role add --project service --user kuryr admin
10.5 创建Endpoint和API端点
# openstack service create --name zun --description "Container Service" container
# openstack endpoint create --region RegionOne container public http://$HOST_NAME:9517/v1
# openstack endpoint create --region RegionOne container internal http://$HOST_NAME:9517/v1
# openstack endpoint create --region RegionOne container admin http://$HOST_NAME:9517/v1
10.6 配置zun服务
# crudini --set /etc/zun/zun.conf DEFAULT transport_url rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
# crudini --set /etc/zun/zun.conf DEFAULT log_file /var/log/zun
# crudini --set /etc/zun/zun.conf api host_ip $HOST_IP
# crudini --set /etc/zun/zun.conf api port 9517
# crudini --set /etc/zun/zun.conf database connection mysql+pymysql://zun:$ZUN_DBPASS@$HOST_NAME/zun
# crudini --set /etc/zun/zun.conf keystone_auth memcached_servers $HOST_NAME:11211
# crudini --set /etc/zun/zun.conf keystone_auth auth_uri http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_auth project_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_auth project_name service
# crudini --set /etc/zun/zun.conf keystone_auth user_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_auth password $ZUN_PASS
# crudini --set /etc/zun/zun.conf keystone_auth username zun
# crudini --set /etc/zun/zun.conf keystone_auth auth_url http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_auth auth_type password
# crudini --set /etc/zun/zun.conf keystone_auth auth_version v3
# crudini --set /etc/zun/zun.conf keystone_auth auth_protocol http
# crudini --set /etc/zun/zun.conf keystone_auth service_token_roles_required True
# crudini --set /etc/zun/zun.conf keystone_auth endpoint_type internalURL
# crudini --set /etc/zun/zun.conf keystone_authtoken memcached_servers $HOST_NAME:11211
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_uri http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_authtoken project_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_authtoken project_name service
# crudini --set /etc/zun/zun.conf keystone_authtoken user_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_authtoken password $ZUN_PASS
# crudini --set /etc/zun/zun.conf keystone_authtoken username zun
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_url http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_type password
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_version v3
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_protocol http
# crudini --set /etc/zun/zun.conf keystone_authtoken service_token_roles_required True
# crudini --set /etc/zun/zun.conf keystone_authtoken endpoint_type internalURL
# crudini --set /etc/zun/zun.conf oslo_concurrency lock_path /var/lib/zun/tmp
# crudini --set /etc/zun/zun.conf oslo_messaging_notifications driver messaging
# crudini --set /etc/zun/zun.conf websocket_proxy wsproxy_host $HOST_IP
# crudini --set /etc/zun/zun.conf websocket_proxy wsproxy_port 6784
10.7 创建数据库
# su -s /bin/sh -c "zun-db-manage upgrade" zun
10.8 启动服务
# systemctl enable zun-api zun-wsproxy
# systemctl restart zun-api zun-wsproxy
# systemctl restart httpd memcached
10.9 安装软件包
#compute节点
# yum install -y yum-utils device-mapper-persistent-data lvm2
# yum install docker-ce python-pip git kuryr-libnetwork openstack-zun-compute –y
10.10 配置服务
# crudini --set /etc/kuryr/kuryr.conf DEFAULT bindir /usr/libexec/kuryr
# crudini --set /etc/kuryr/kuryr.conf neutron auth_uri http://$HOST_NAME:5000
# crudini --set /etc/kuryr/kuryr.conf neutron auth_url http://$HOST_NAME:35357
# crudini --set /etc/kuryr/kuryr.conf neutron username kuryr
# crudini --set /etc/kuryr/kuryr.conf neutron user_domain_name $DOMAIN_NAME
# crudini --set /etc/kuryr/kuryr.conf neutron password $KURYR_PASS
# crudini --set /etc/kuryr/kuryr.conf neutron project_name service
# crudini --set /etc/kuryr/kuryr.conf neutron project_domain_name $DOMAIN_NAME
# crudini --set /etc/kuryr/kuryr.conf neutron auth_type password
# crudini --set /etc/zun/zun.conf DEFAULT transport_url rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
# crudini --set /etc/zun/zun.conf DEFAULT state_path /var/lib/zun
# crudini --set /etc/zun/zun.conf DEFAULT log_file /var/log/zun
# crudini --set /etc/zun/zun.conf database connection mysql+pymysql://zun:$ZUN_DBPASS@$HOST_NAME/zun
# crudini --set /etc/zun/zun.conf keystone_auth memcached_servers $HOST_NAME:11211
# crudini --set /etc/zun/zun.conf keystone_auth auth_uri http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_auth project_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_auth project_name service
# crudini --set /etc/zun/zun.conf keystone_auth user_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_auth password $ZUN_PASS
# crudini --set /etc/zun/zun.conf keystone_auth username zun
# crudini --set /etc/zun/zun.conf keystone_auth auth_url http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_auth auth_type password
# crudini --set /etc/zun/zun.conf keystone_auth auth_version v3
# crudini --set /etc/zun/zun.conf keystone_auth auth_protocol http
# crudini --set /etc/zun/zun.conf keystone_auth service_token_roles_required True
# crudini --set /etc/zun/zun.conf keystone_auth endpoint_type internalURL
# crudini --set /etc/zun/zun.conf keystone_authtoken memcached_servers $HOST_NAME:11211
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_uri http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_authtoken project_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_authtoken project_name service
# crudini --set /etc/zun/zun.conf keystone_authtoken user_domain_name $DOMAIN_NAME
# crudini --set /etc/zun/zun.conf keystone_authtoken password $ZUN_PASS
# crudini --set /etc/zun/zun.conf keystone_authtoken username zun
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_url http://$HOST_NAME:5000
# crudini --set /etc/zun/zun.conf keystone_authtoken auth_type password
# crudini --set /etc/zun/zun.conf websocket_proxy base_url ws://$HOST_NAME:6784/
# crudini --set /etc/zun/zun.conf oslo_concurrency lock_path /var/lib/zun/tmp
# crudini --set /etc/kuryr/kuryr.conf DEFAULT capability_scope global
10.11 修改内核参数
修改/etc/sysctl.conf文件,添加以下内容:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
生效配置
# sysctl –p
10.12 启动服务
# mkdir -p /etc/systemd/system/docker.service.d
修改mkdir -p /etc/systemd/system/docker.service.d文件,添加以下内容:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://$HOST_NAME_NODE:2375 -H unix:///var/run/docker.sock --cluster-store etcd://$HOST_NAME:2379
# systemctl daemon-reload
# systemctl restart docker
# systemctl enable docker
# systemctl enable kuryr-libnetwork
# systemctl restart kuryr-libnetwork
# systemctl enable zun-compute
# systemctl restart zun-compute
10.13 上传镜像
以CentOS7_1804.tar镜像为例,CentOS7_1804.tar镜像包存放在XianDian-IaaS-v2.4.iso镜像包中。将docker镜像上传到glance中,通过openstack使用镜像启动容器。
# source /etc/keystone/admin-openrc.sh
# openstack image create centos7.5 --public --container-format docker --disk-format raw < CentOS7_1804.tar
10.14 启动容器
通过glance存储镜像启动容器
# zun run --image-driver glance centos7.5
# zun list
+--------------------------------------+--------------------+-----------+---------+------------+--------------+-------+ | uuid | name | image | status | task_state | addresses | ports | +--------------------------------------+--------------------+-----------+---------+------------+--------------+-------+ | c01d89b6-b927-4a5e-9889-356f572e184d | psi-9-container | centos7.5 | Running | None | 172.30.15.9 | [22] | | +--------------------------------------+--------------------+-----------+---------+------------+--------------+-------+