OpenStack(R版)配置Zun实现部署管理Docker(废弃)
上一个功能VPNaaS没实现,怎么都不能安装成功,不管了,继续新功能,在OpenStack中实现管理Docker等容器的功能,可以像管理实例一样管理容器。
warning
这个文章不要看了,最后功能并没有实现,可能是因为版本问题。
点击这里看这个文章:OpenStack(Stein)版配置Zun组件
然后这个文章我也懒得删除了,毕竟当初记录了挺久的,跳转到Stein版去看吧。
现有
社区好像有两个比较活跃的项目
- Magnum:是OpenStack中一个提供容器集群部署的服务,是一个Pass层的OpenStack项目。Magnum使用Heat部署一个包含Docker和Kubernetes的操作系统镜像,让容器集群运行在虚拟机(Virtual Machine)或者裸机(Bare Metal)中。 Magnum项目创建之初,项目目标以Caas为宗旨,即容器即服务。但在后续的发展过程中,社区更倾向于分离容器的集群部署功能和Docker容器集群的管理功能。因此Magnum重新修改了项目目标,Magnum本身专注于容器的集群部署功能。
- Zun:是Openstack中提供容器管理服务的组件,于2016年6月建立。Zun的目标是提供统一的OpenstackAPI用于启动和管理容器,支持多种容器技术。Zun原来称为Higgins,后改名为Zun。Zun计划支持多种容器技术,Docker,Rkt,clear container等,目前只支持Docker,k8s之类的在计划中。
好像nova本身有一个docker驱动,叫Nova Docker Driver,但是我不太懂,怕换了驱动原来的功能会影响,还是先不考旅。
区别
关于这三个区别,具体如下。
Nova Docker Driver
Openstack支持容器主要有Nova Docker driver,Heat Docker driver和Magnum等多个方案。Nova Docker driver方案将容器像虚拟机一样操作,通过增加 Nova Docker driver,实现对 Docker容器的启停、创建等常规虚拟机的操作。缺点是由于Docker和虚拟机差别,导致容器的许多功能无法实现,例如容器关联、端口映射等。
OpenStack集成Docker - 振宇要低调
Magnum
Magnum是OpenStack中一个提供容器集群部署的服务,通过Heat部署虚拟机和物理机,组成集群,然后调用COE接口完成容器的部署。Magnum项目创建之初,项目目标以Caas为宗旨,即容器即服务;在后续的发展中将功能集中在容器的集群部署上。Zun和Magnum的差异在于Zun目标是提供管理容器的API,而Magnum提供部署和管理容器编排引擎(COE)的API。
haoxiangjiushi
技术分享:OpenStack Magnum社区及项目介绍 - 晚来风急
官方文档-Container Infrastructure Management API
Zun
Zun目标在于解决 Nova Docker driver方案存在的问题,独立于 Nova 之外实现 Docker 部署调度框架,自身实现与 Glance、Neutron、Cinder等组件的集成,但并不实现对容器编排引擎(Container Orchestration Engines COE)的部署调度。Nova-docker通过Nova API访问容器,而Zun不受Nova API的限制。
Zun将容器作为Openstack管理的资源,为用户提供了创建和管理这些容器的接口。被Zun管理的容器和其他Openstack资源能够良好的集成在一起,例如Neutron网络和Cinder卷。用户使用统一的、简化的API接口来管理容器,而不需要关心不同容器技术的差异。
Zun不准备实现COE提供的很多先进的功能(例如容器保活、负载均衡等),而是提供基本的容器操作(CRUD),并和Openstack紧密集成。
Zun组件提供了大量的命令用于部署和管理容器。
OpenStack Zun组件详解 - 蒋暕青
OpenStack-Zun 使用 - MKY-门可意
源码方式安装openstack zun组件 - 云开源
官方文档-Welcome to Zun’s documentation!
Zun
我打算用Zun,主要是Magnum随便找了找,没看到有什么有用的,但是Zun有使用,不想费神了,而且这个专注Docker的管理,就这个试试,而且也有官方API。
它需要三个组件:
- Neutron
- Keystone
- kuryr-libnetwork
其中第三个是没有的,安装第三个,这是官方文档
安装Docker
执行yum install -y yum-utils device-mapper-persistent-data lvm2安装一些需要的软件包和依赖。
设置一下源,下面两个二选一
yum-config-manager --add-repo http://download.docker.com/linux/centos/docker-ce.repo(中央仓库)
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo(阿里仓库)
执行yum list docker-ce --showduplicates | sort -r查看一下所有的Docker版本
[root@controller ~(keystone_admin)]# yum list docker-ce --showduplicates | sort -r
* updates: mirrors.aliyun.com
Loading mirror speeds from cached hostfile
Loaded plugins: fastestmirror, langpacks
* extras: mirrors.aliyun.com
* epel: download.nus.edu.sg
docker-ce.x86_64 3:19.03.9-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.8-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.7-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.6-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.5-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.1-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.12-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.11-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.10-3.el7 docker-ce-stable
docker-ce.x86_64 3:19.03.0-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.9-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.8-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.7-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.6-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.5-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.4-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.3-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.2-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.1-3.el7 docker-ce-stable
docker-ce.x86_64 3:18.09.0-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.3.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.2.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.1.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.06.0.ce-3.el7 docker-ce-stable
docker-ce.x86_64 18.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 18.03.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.12.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.09.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.06.0.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.3.ce-1.el7 docker-ce-stable
docker-ce.x86_64 17.03.2.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
* base: mirrors.aliyun.com
Available Packages
然后呢,版本选了18.03.1.ce,执行yum install docker-ce-18.03.1.ce安装。
启动服务并设置开机自启动
systemctl start docker
systemctl enable docker
执行docker version可以看到如下输出就是安装成功了。
[root@controller ~(keystone_admin)]# docker version
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:20:16 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Thu Apr 26 07:23:58 2018
OS/Arch: linux/amd64
Experimental: false
然后还需要安装containerd.io
yum install containerd.io
重启并设置自启动
systemctl enable containerd
systemctl start containerd
安装kuryr-libnetwork
控制节点
切换到keystone_admin,执行openstack user create --domain default --password-prompt kuryr创建用户,密码是kuryr
[root@controller ~(keystone_admin)]# openstack user create --domain default --password-prompt kuryr
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4a69459aa5b445ad9f7cc0fab4280103 |
| name | kuryr |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
执行openstack role add --project services --user kuryr admin赋予角色。
然后好像这样就完了。上面是控制节点的配置,下面是计算节点的配置
计算节点
创建user
groupadd --system kuryr
useradd --home-dir "/var/lib/kuryr" --create-home --system --shell /bin/false -g kuryr kuryr
创建目录
mkdir -p /etc/kuryr
chown kuryr:kuryr /etc/kuryr
github获取源码
git clone -b master https://opendev.org/openstack/kuryr-libnetwork.git
修改权限所有者,切换路径
chown -R kuryr:kuryr kuryr-libnetwork
cd kuryr-libnetwork
安装依赖,安装
pip3 install -r requirements.txt
python3 setup.py install
可能会报错<font color="red">fatal error: Python.h: No such file or directory</font>,是因为没有对应的py-dev包,执行yum install python3-devel安装,重新安装依赖。
生成配置文件
su -s /bin/sh -c "./tools/generate_config_file_samples.sh" kuryr
su -s /bin/sh -c "cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf" kuryr
修改配置文件/etc/kuryr/kuryr.conf
[DEFAULT]
bindir=/usr/local/libexec/kuryr
......
[neutron]
uth_url=http://192.168.1.106:5000
username=kuryr
user_domain_name=default
password=kuryr
project_name=services
project_domain_name=default
auth_type=password
创建一个启动服务的文件/etc/systemd/system/kuryr-libnetwork.service
[Unit]
Description = Kuryr-libnetwork - Docker network plugin for Neutron
[Service]
ExecStart = /usr/local/bin/kuryr-server --config-file /etc/kuryr/kuryr.conf
CapabilityBoundingSet = CAP_NET_ADMIN
[Install]
WantedBy = multi-user.target
最后,把kuryr添加到自启动里,启动服务,重启docker
systemctl enable kuryr-libnetwork
systemctl start kuryr-libnetwork
systemctl restart docker
安装Etcd
执行yum install etcd安装。
修改配置文件/etc/etcd/etcd.conf
[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.1.106:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.1.106:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.1.106:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.1.106:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.1.106:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
重启服务设置自启动
systemctl enable etcd
systemctl start etcd
安装Zun
现在是安装Zun。安装分为控制节点和计算节点,我觉得我应该安装计算节点。
创建数据库,授予权限,密码还是zun吧,我也不知道这个密码是什么,乱死了。自己的用户用自己的密码。
CREATE DATABASE zun;
MariaDB [(none)]> CREATE DATABASE zun;
Query OK, 1 row affected (0.03 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' IDENTIFIED BY 'zun';
Query OK, 0 rows affected (0.34 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' IDENTIFIED BY 'zun';
Query OK, 0 rows affected (0.00 sec)
创建用户,密码是zun
[root@controller kuryr-libnetwork(keystone_admin)]# openstack user create --domain default --password-prompt zun
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fe449d6ab82b40188dd5b6c174a01eb2 |
| name | zun |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
授予权限
openstack role add --project services --user zun admin
创建服务入口
[root@controller kuryr-libnetwork(keystone_admin)]# openstack service create --name zun --description "Container Service" container
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Container Service |
| enabled | True |
| id | db1b935968864900aa60e36a91e463e4 |
| name | zun |
| type | container |
+-------------+----------------------------------+
创建服务API endpoint
[root@controller kuryr-libnetwork(keystone_admin)]# openstack endpoint create --region RegionOne container public http://192.168.1.106:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b02e3cfa33e94bf8986ca38d095bb897 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | db1b935968864900aa60e36a91e463e4 |
| service_name | zun |
| service_type | container |
| url | http://192.168.1.106:9517/v1 |
+--------------+----------------------------------+
[root@controller kuryr-libnetwork(keystone_admin)]# openstack endpoint create --region RegionOne container internal http://192.168.1.106:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c27224220fca4f9ea8c8c33dd0c6895d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | db1b935968864900aa60e36a91e463e4 |
| service_name | zun |
| service_type | container |
| url | http://192.168.1.106:9517/v1 |
+--------------+----------------------------------+
[root@controller kuryr-libnetwork(keystone_admin)]# openstack endpoint create --region RegionOne container admin http://192.168.1.106:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 66a8abf2a3c34c2ca9c9aa560a516a06 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | db1b935968864900aa60e36a91e463e4 |
| service_name | zun |
| service_type | container |
| url | http://192.168.1.106:9517/v1 |
+--------------+----------------------------------+
在系统中创建用户和必要的目录
groupadd --system zun
useradd --home-dir "/var/lib/zun" --create-home --system --shell /bin/false -g zun zun
mkdir -p /etc/zun
chown zun:zun /etc/zun
mkdir -p /etc/cni/net.d
chown zun:zun /etc/cni/net.d
安装依赖
yum install python3-pip git python3-devel libffi-devel gcc openssl-devel
下载zun安装,步骤和上面的kuryr其实一样诶
cd /var/lib/zun
git clone https://opendev.org/openstack/zun.git
chown -R zun:zun zun
cd zun
pip3 install -r requirements.txt
python3 setup.py install
生成配置文件
su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun
su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun
su -s /bin/sh -c "cp etc/zun/rootwrap.conf /etc/zun/rootwrap.conf" zun
su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
su -s /bin/sh -c "cp etc/zun/rootwrap.d/* /etc/zun/rootwrap.d/" zun
su -s /bin/sh -c "cp etc/cni/net.d/* /etc/cni/net.d/" zun
执行一个我也不知道在干什么的步骤,如果二进制文件路径是/usr/bin,那就换一下路径。
echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap
修改配置文件etc/zun/zun.conf,数据库中第二个zun就是密码
[DEFAULT]
transport_url=rabbit://guest:guest@192.168.1.106:5672/
state_path=/var/lib/zun
......
[api]
host_ip=192.168.1.106
port=9517
......
[database]
connection=mysql+pymysql://zun:zun@192.168.1.106/zun
......
[keystone_auth]
memcached_servers=192.168.1.106:11211
www_authenticate_uri=http://192.168.1.106:5000
project_domain_name = default
project_name = services
user_domain_name = default
password = zun
username = zun
auth_url = http://192.168.1.106:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
......
[keystone_authtoken]
memcached_servers = 192.168.1.106:11211
www_authenticate_uri = http://192.168.1.106:5000
project_domain_name = default
project_name = services
user_domain_name = default
password = zun
username = zun
auth_url = http://192.168.1.106:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
......
[oslo_concurrency]
lock_path=/var/lib/zun/tmp
......
[oslo_messaging_notifications]
driver=messaging
......
[websocket_proxy]
wsproxy_host=192.168.1.106
wsproxy_port=6784
base_url=ws://192.168.1.106:6784
......
[compute]
host_share_with_nova=true
再次授权一下chown zun:zun /etc/zun/zun.conf
同步数据库
su -s /bin/sh -c "zun-db-manage upgrade" zun
这里我报错了,没有安装pymysql,执行pip3 install pymysql即可。
配置一下docker和kuryr
执行mkdir -p /etc/systemd/system/docker.service.d创建一个目录,创建配置文件 /etc/systemd/system/docker.service.d/docker.conf,内容如下
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://192.168.1.106:2375 -H unix:///var/run/docker.sock --cluster-store etcd://192.168.1.106:2379
重启docker
systemctl daemon-reload
systemctl restart docker
编辑kuryr配置文件/etc/kuryr/kuryr.conf,
[DEFAULT]
capability_scpoe=global
process_external_connectivity=False
重启kuryr
systemctl restart kuryr-libnetwork
生成容器的配置文件
containerd config default > /etc/containerd/config.toml
编辑配置文件/etc/containerd/config.toml,修改grpc下的gid,gid的获取可以通过getent group zun | cut -d: -f3获取,我是971
[grpc]
address = "/run/containerd/containerd.sock"
uid = 0
gid = 971
max_recv_message_size = 16777216
max_send_message_size = 16777216
授权一下
chown zun:zun /etc/containerd/config.toml
重启一下containerd
systemctl restart containerd
配置一下CNI,下载并安装插件
mkdir -p /opt/cni/bin
curl -L https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz | tar -C /opt/cni/bin -xzvf - ./loopback
安装Zun CNI插件
install -o zun -m 0555 -D /usr/local/bin/zun-cni /opt/cni/bin/zun-cni
现在就差不多安装完了,编辑一下service的文件/etc/systemd/system/zun-api.service
[Unit]
Description = OpenStack Container Service API
[Service]
ExecStart = /usr/local/bin/zun-api
User = zun
[Install]
WantedBy = multi-user.target
/etc/systemd/system/zun-wsproxy.service
[Unit]
Description = OpenStack Container Service Websocket Proxy
[Service]
ExecStart = /usr/local/bin/zun-wsproxy
User = zun
[Install]
WantedBy = multi-user.target
/etc/systemd/system/zun-compute.service
[Unit]
Description = OpenStack Container Service Compute Agent
[Service]
ExecStart = /usr/local/bin/zun-compute
User = zun
[Install]
WantedBy = multi-user.target
/etc/systemd/system/zun-cni-daemon.service
[Unit]
Description = OpenStack Container Service CNI daemon
[Service]
ExecStart = /usr/local/bin/zun-cni-daemon
User = zun
[Install]
WantedBy = multi-user.target
设置开机自启动并启动服务
systemctl enable zun-api
systemctl enable zun-wsproxy
systemctl enable zun-compute
systemctl enable zun-cni-daemon
systemctl start zun-api
systemctl start zun-wsproxy
systemctl start zun-zonpute
systemctl start zun-cni-daemon
通过status查看是否正常
[root@controller zun(keystone_admin)]# systemctl status zun-api
● zun-api.service - OpenStack Container Service API
Loaded: loaded (/etc/systemd/system/zun-api.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-08-25 13:13:01 CST; 1min 4s ago
Main PID: 127108 (zun-api)
Tasks: 5
Memory: 93.9M
CGroup: /system.slice/zun-api.service
├─127108 /usr/bin/python3 /usr/local/bin/zun-api
├─127138 /usr/bin/python3 /usr/local/bin/zun-api
├─127139 /usr/bin/python3 /usr/local/bin/zun-api
├─127140 /usr/bin/python3 /usr/local/bin/zun-api
└─127141 /usr/bin/python3 /usr/local/bin/zun-api
Aug 25 13:13:01 controller systemd[1]: Started OpenStack Container Service API.
Aug 25 13:13:04 controller zun-api[127108]: 2020-08-25 13:13:04.549 127108 INFO zun.api.ap…ini
Aug 25 13:13:04 controller zun-api[127108]: 2020-08-25 13:13:04.959 127108 INFO oslo.servi…517
Aug 25 13:13:04 controller zun-api[127108]: 2020-08-25 13:13:04.959 127108 INFO oslo_servi…ers
Aug 25 13:13:05 controller zun-api[127108]: 2020-08-25 13:13:04.982 127138 INFO eventlet.w…517
Aug 25 13:13:05 controller zun-api[127108]: 2020-08-25 13:13:05.075 127140 INFO eventlet.w…517
Aug 25 13:13:05 controller zun-api[127108]: 2020-08-25 13:13:05.076 127139 INFO eventlet.w…517
Aug 25 13:13:05 controller zun-api[127108]: 2020-08-25 13:13:05.086 127141 INFO eventlet.w…517
Hint: Some lines were ellipsized, use -l to show in full.
[root@controller zun(keystone_admin)]# systemctl status zun-wsproxy.service
● zun-wsproxy.service - OpenStack Container Service Websocket Proxy
Loaded: loaded (/etc/systemd/system/zun-wsproxy.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-08-25 13:13:07 CST; 1min 4s ago
Main PID: 127149 (zun-wsproxy)
Tasks: 4
Memory: 77.8M
CGroup: /system.slice/zun-wsproxy.service
└─127149 /usr/bin/python3 /usr/local/bin/zun-wsproxy
Aug 25 13:13:07 controller systemd[1]: Started OpenStack Container Service Websocket Proxy.
Aug 25 13:13:09 controller zun-wsproxy[127149]: 2020-08-25 13:13:09.962 127149 INFO zun.cmd…xy
Aug 25 13:13:09 controller zun-wsproxy[127149]: 2020-08-25 13:13:09.963 127149 INFO zun.web…s:
Aug 25 13:13:09 controller zun-wsproxy[127149]: 2020-08-25 13:13:09.963 127149 INFO zun.web…84
Aug 25 13:13:09 controller zun-wsproxy[127149]: 2020-08-25 13:13:09.963 127149 INFO zun.web…rt
Aug 25 13:13:10 controller zun-wsproxy[127149]: 2020-08-25 13:13:10.004 127149 INFO zun.web…ne
Hint: Some lines were ellipsized, use -l to show in full.
安装Zun-ui
下载
git clone https://github.com/openstack/zun-ui
又完蛋
我的openstack是python2.7的,Django是1.11的,安装的zun-ui是python3.6的,Django2.2以上,所以,装不成了。
按照官网的可以安装,但是用不成
不知道是不是配置的问题
点击这里在github底下有安装方法
验证Zun
1
执行openstack appcontainer list报错
Internal Server Error (HTTP 500)
这里呢,需要把日志功能打开,修改/etc/zun/zun.conf的log_dir,改为log_dir=/var/log/zun,然后需要自己创建一个zun文件夹授权
mkdir -p /var/log/zun
chown zun:zun /var/log/zun
重启systemctl restart zun-api,再次执行openstack appcontainer list,虽然还会报错,但是这次可以把报错记录在日志里了。
File "/usr/local/lib/python3.6/site-packages/webob/request.py", line 1278, in call_application
app_iter = application(self.environ, start_response)
File "/usr/local/lib/python3.6/site-packages/zun/api/middleware/auth_token.py", line 61, in __call__
return super(AuthTokenMiddleware, self).__call__(env, start_response)
File "/usr/local/lib/python3.6/site-packages/webob/dec.py", line 129, in __call__
resp = self.call_func(req, *args, **kw)
File "/usr/local/lib/python3.6/site-packages/webob/dec.py", line 193, in call_func
return self.func(req, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/keystonemiddleware/auth_token/__init__.py", line 338, in __call__
response = self.process_request(req)
File "/usr/local/lib/python3.6/site-packages/keystonemiddleware/auth_token/__init__.py", line 659, in process_request
resp = super(AuthProtocol, self).process_request(request)
File "/usr/local/lib/python3.6/site-packages/keystonemiddleware/auth_token/__init__.py", line 411, in process_request
allow_expired=allow_expired)
File "/usr/local/lib/python3.6/site-packages/keystonemiddleware/auth_token/__init__.py", line 445, in _do_fetch_token
data = self.fetch_token(token, **kwargs)
File "/usr/local/lib/python3.6/site-packages/keystonemiddleware/auth_token/__init__.py", line 736, in fetch_token
cached = self._token_cache.get(token)
File "/usr/local/lib/python3.6/site-packages/keystonemiddleware/auth_token/_cache.py", line 226, in get
with self._cache_pool.reserve() as cache:
File "/usr/lib64/python3.6/contextlib.py", line 81, in __enter__
return next(self.gen)
File "/usr/local/lib/python3.6/site-packages/keystonemiddleware/auth_token/_cache.py", line 77, in reserve
import memcache
ModuleNotFoundError: No module named 'memcache'
2020-08-27 15:55:13.524 23458 INFO eventlet.wsgi.server [req-c0a0724d-012d-4c7f-ac6a-be18dcf10235 - - - - -] 192.168.1.106 "GET /v1/containers HTTP/1.1" status: 500 len: 139 time: 0.0031943
可以看到,其实这个报错是缺少一个库。安装一下就好了pip3 install python3-memcached。
2
执行openstack appcontainer service list,报错
Policy doesn't allow zun-service:get_all to be performed. (HTTP 403) (Request-ID: req-669eca3e-2a5b-4db6-9820-d09653c801f1)
这个很简单,权限不够,需要在policy配置权限。
执行source keystonerc_admin即可,换成admin。也可以修改policy,但是好麻烦。
Zun的使用
执行openstack network list查看网络id,因为容易可以使用neutron的网络
[root@controller ~(keystone_demo)]# openstack network list
+--------------------------------------+----------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------------+--------------------------------------+
| 2e75d6ce-be01-4c96-ae51-e6a0bb4339cb | public | 54a8657c-0b8a-414b-855b-a89b40f79520 |
| 57073684-fe59-47a8-b6ff-59778533303b | vxlan-net1 | 676cd330-096f-4f02-b9d2-ed32f263cbc0 |
| 97280905-2b19-4056-a0a3-2116b15900f4 | private-demo-2 | 203c710b-bf17-4999-91d9-71e93ff36ae2 |
| feb92560-bb6b-4fdf-a953-d2a68a1bfc33 | private | 5f8a0758-534c-4c79-9792-cb76da676b1e |
+--------------------------------------+----------------+--------------------------------------+
试图创建一个容器
openstack appcontainer run --name mycontainer --net network=57073684-fe59-47a8-b6ff-59778533303b /home/kang/Desktop/mydir/OpenStack/IMAGE/cirros-0.3.4-x86_64-disk.img ping 114.114.114.114
喜闻乐见报错500,查看日志/var/log/zun-api.log
这个无解了
2020-08-27 16:31:57.190 25614 INFO eventlet.wsgi.server [req-a542f745-d068-4fb3-b725-8caee9814392 - - - - -] 192.168.1.106 "GET / HTTP/1.1" status: 200 len: 647 time: 0.0100086
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception [req-624f117c-88c0-471e-951c-cdc89df431df - - - - -] 6613e587-91b2-46d1-9ea1-e54419f8caba:Not Acceptable (HTTP 406) (Request-ID: req-83d96414-e093-4a63-a665-8f3e2ad2611a): keystoneauth1.exceptions.http.NotAcceptable: Not Acceptable (HTTP 406) (Request-ID: req-83d96414-e093-4a63-a665-8f3e2ad2611a)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception Traceback (most recent call last):
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/common/exception.py", line 109, in wrapped
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception return func(*args, **kwargs)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/api/validation/__init__.py", line 55, in wrapper
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception return func(*args, **kwargs)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/api/validation/__init__.py", line 33, in wrapper
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception return func(*args, **kwargs)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/api/controllers/v1/containers.py", line 303, in post
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception return self._do_post(run, **container_dict)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/api/controllers/v1/containers.py", line 446, in _do_post
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception compute_api.container_create(context, new_container, **kwargs)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/osprofiler/profiler.py", line 160, in wrapper
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception result = f(*args, **kwargs)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/compute/api.py", line 56, in container_create
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception extra_spec)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/compute/api.py", line 134, in _schedule_container
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception extra_spec)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/scheduler/client/query.py", line 62, in select_destinations
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception resources)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/scheduler/client/report.py", line 284, in get_allocation_candidates
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception global_request_id=context.global_id)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/zun/scheduler/client/report.py", line 213, in get
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception logger=LOG)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 395, in get
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception return self.request(url, 'GET', **kwargs)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 257, in request
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception return self.session.request(url, method, **kwargs)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception File "/usr/local/lib/python3.6/site-packages/keystoneauth1/session.py", line 976, in request
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception raise exceptions.from_response(resp, method, url)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception keystoneauth1.exceptions.http.NotAcceptable: Not Acceptable (HTTP 406) (Request-ID: req-83d96414-e093-4a63-a665-8f3e2ad2611a)
2020-08-27 16:31:59.234 25614 ERROR zun.common.exception
2020-08-27 16:31:59.315 25614 INFO eventlet.wsgi.server [req-624f117c-88c0-471e-951c-cdc89df431df - - - - -] 192.168.1.106 "POST /v1/containers?run=true HTTP/1.1" status: 500 len: 640 time: 2.1216514