OpenStack-Queens安装本地Zun、kuryr-libnetwork和Zun-ui服务及部署

郤瀚

2023-12-01

基于OpenStack-Queens搭建安装本地Zun、kuryr-libnetwork和Zun-ui服务：以controller和compute双节点搭建OpenStack-Queens为例安装三个服务及部署操作。
一、安装本地Zun服务
Zun是Openstack中提供容器管理服务的组件，Zun的目标是提供统一的Openstack API用于启动和管理容器，支持多种容器技术，包括Docker、Rkt、clear container等，目前只支持Docker。OpenStack Queens版本发布，由于容器社区的火热，一项值得关注的补充则为“Zun”，它在OpenStack项目中负责提供容器服务，旨在通过与Neutron、Cinder、Keystone以及其它核心OpenStack服务相集成以实现容器的快速普及。通过这种方式，OpenStack的原有网络、存储以及身份验证工具将全部适用于容器体系，从而确保容器能够满足安全与合规性要求。
Zun需要以下OpenStack服务来支持：Keystone、Neutron、Kuryr-libnetwork。
Zun也可以集成以下OpenStack服务（可选）：Cinder、Heat、Glance。
在使用Zun的时候，可以直接调用Zun的自带工具或API来创建和管理Docker的Workflow。Zun的用户功能（以及某些管理员功能）都通过REST API公开，可以直接使用。另外，也可以通过其他OpenStack组件的API或者SDK来间接调用Zun的API。
Horizon：通过OpenStack WebUI来调用；
OpenStack Client：通过OpenStack CLI来调用；
Zun Client：通过Zun的Python client来调用。
下面是Zun的架构图：

Zun API：处理 REST请求并确认输入参数；
Zun Compute：启动容器并调度计算资源；
Keystone：认证系统；
Neutron：提供容器网络；
Glance：用于存储docker镜像（另一种选择是使用DockerHub）；
Kuryr：用于连接容器网络和OpenStack Neutron的一种plugin。

首先在controller节点安装以下服务
(在OpenStack-Queens搭建完bashdoard开始操作)

1、创建数据库
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 125
Server version: 10.1.20-MariaDB MariaDB Server

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE zun;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on zun.* to 'zun'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on zun.* to 'zun'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit

2、创建zun用户
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt zun
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 30f17f5a1baf48febb4260d6526267e4 |
| name | zun |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+

3、添加admin角色到zun用户
[root@controller ~]# openstack role add --project service --user zun admin

4、创建zun服务实体
[root@controller ~]# openstack service create --name zun --description "Container Service" container
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Container Service |
| enabled | True |
| id | 8f23b99db9d8456a8a51535903322275 |
| name | zun |
| type | container |
+-------------+----------------------------------+

5、创建zun服务端点
[root@controller ~]# openstack endpoint create --region RegionOne container public http://controller:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8a5b474912a340d3993d094e21bcdc51 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8f23b99db9d8456a8a51535903322275 |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne container internal http://controller:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7ecfa6c448fe4a769617b26439e48598 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8f23b99db9d8456a8a51535903322275 |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne container admin http://controller:9517/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cfba36a4071b4cf187990ccea63b2161 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8f23b99db9d8456a8a51535903322275 |
| service_name | zun |
| service_type | container |
| url | http://controller:9517/v1 |
+--------------+----------------------------------+

6、创建zun用户、组
[root@controller ~]# groupadd --system zun
[root@controller ~]# useradd --home-dir "/var/lib/zun" --create-home --system --shell /bin/false -g zun zun

7、创建zun配置目录
[root@controller ~]# mkdir -p /etc/zun
[root@controller ~]# chown zun:zun /etc/zun

8、安装本地zun所需相关软件包
(整个搭建环境都是本地离线安装
所用到的yum源镜像：OpenStack-Queens-min-v1.4.iso和CentOS-7-x86_64-DVD-1804.iso)

[root@controller ~]# yum install python-pip -y
[root@controller ~]# yum install python-devel -y
[root@controller ~]# yum install gcc -y
[root@controller ~]# yum install git -y

查看本地zun服务包（压缩包在OpenStack-Queens-min-v1.4.iso中解压即可用）

将zun.tar 复制到/var/lib/zun/目录下进行解压

[root@controller ~]# cd /var/lib/zun/
[root@controller zun]# cp -rvf /opt/zun.tar /var/lib/zun/
[root@controller zun]# tar -zxvf zun.tar -C ./

赋予权限

[root@controller zun]# chown -R zun:zun zun

安装本地依赖库
离线依赖库包在zun.tar中的base/目录下
先安装pbr

[root@controller zun]# cd zun
[root@controller zun]# pip install pbr --no-index -f file:///var/lib/zun/zun/base/

安装requirements.txt中所需相关依赖库包

[root@controller zun]# pip install -r requirements.txt --no-index -f file:///var/lib/zun/zun/base/

安装本地zun服务

[root@controller zun]# python setup.py install

9、生成示例配置文件
[root@controller zun]# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
[root@controller zun]# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun

10、生成api-paste.ini配置文件
[root@controller zun]# su -s /bin/sh -c "cp etc/zun/api-paste.ini /etc/zun" zun

11、编辑/etc/zun/zun.conf配置文件
[root@controller zun]# vi /etc/zun/zun.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller

[api]
host_ip = 172.24.19.10
port = 9517

[database]
connection = mysql+pymysql://zun:000000@controller/zun

[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL

[keystone_authtoken]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL

[oslo_concurrency]
lock_path = /var/lib/zun/tmp

[oslo_messaging_notifications]
driver = messaging

[websocket_proxy]
wsproxy_host = 172.24.19.10
wsproxy_port = 6784

12、填充数据库
[root@controller zun]# su -s /bin/sh -c "zun-db-manage upgrade" zun

13、创建启动文件
[root@controller ~]# vi /etc/systemd/system/zun-api.service
[Unit]
Description = OpenStack Container Service API

[Service]
ExecStart = /usr/bin/zun-api
User = zun

[Install]
WantedBy = multi-user.target

[root@controller ~]# vi /etc/systemd/system/zun-wsproxy.service
[Unit]
Description = OpenStack Container Service Websocket Proxy

[Service]
ExecStart = /usr/bin/zun-wsproxy
User = zun

[Install]
WantedBy = multi-user.target

14、启动zun相关服务
[root@controller zun]# systemctl start zun-api zun-wsproxy
[root@controller zun]# systemctl enable zun-api zun-wsproxy
[root@controller zun]# systemctl status zun-api zun-wsproxy

以下操作在compute节点上执行
二、在controller节点上安装本地kuryr-libnetwork服务
1、卸载旧版本的docker
[root@compute ~]# yum remove docker docker-common docker-selinux docker-engine -y
1
2、安装依赖包
[root@compute ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
1
3、安装docker-ce
[root@compute ~]# yum install docker-ce -y
1
4、启动docker-ce
[root@compute ~]# systemctl start docker
sys[root@compute ~]# systemctl enable docker
1
2
5、添加内核配置参数
[root@compute ~]# vi /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1
[root@compute ~]# sysctl -p
net.ipv4.ip_forward = 1

6、在controller节点上添加kuryr-libnetwork用户
6.1、创建kuryr用户

root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt kuryr
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 41dc08dfaec64b8c808fc4dcb4d29bfe |
| name | kuryr |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+

6.2、添加角色

[root@controller ~]# openstack role add --project service --user kuryr admin

在compute节点安装kuryr-libnetwork
kuryr-libnetwork是运行在Libnetwork框架下的一个plugin。要理解kuryr-libnetwork如何工作，首先要看一下Libnetwork。Libnetwork是从DockerEngine和libcontainer中将网络逻辑模块化之后独立出来的项目，并且替代了原有的DockerEngine网络子系统。Libnetwork定义了一个灵活的模型，使用local或者remotedriver来向container提供网络服务。kuryr-libnetwork就是Libnetwork的一个remotedriver实现，现在已经成为Docker官网推荐的一个remotedriver。
Libnetwork的driver可以看是Docker的一个plugin，与Docker的其他plugin共用一套plugin管理框架。也就是说，Libnetwork的remotedriver与Docker Engine中的其他plugin用一样的方式激活，并使用同样的协议。有关Libnetwork remotedriver需要实现的接口在Libnetwork的Git上都有详细的描述。
kuryr-libnetwork需要做的就是实现这些接口。可以从kuryr-libnetwork的代码中看出来。Libnetwork通过调用remotedriver的Plugin.Activate接口，来查看remotedriver实现了什么内容。从kuryr-libnetwork的代码中能看到，它实现了两个功能：NetworkDriver和IPAMDriver。

7、创建用户
[root@compute ~]# groupadd --system kuryr
[root@compute ~]# useradd --home-dir "/var/lib/kuryr" --create-home --system --shell /bin/false -g kuryr kuryr

8、创建目录
[root@compute ~]# mkdir -p /etc/kuryr
[root@compute ~]# chown kuryr:kuryr /etc/kuryr

9、安装本地kuryr-libnetwork服务相关包
[root@compute ~]# yum install python-pip -y
[root@compute ~]# yum install python-devel -y
[root@compute ~]# yum install gcc -y
[root@compute ~]# yum install git -y
[root@compute ~]# cd /var/lib/kuryr

将kuryr-libnetwork.tar 复制到/var/lib/kuryr/目录下进行解压

[root@compute kuryr]# cp -rvf /opt/kuryr-libnetwork.tar /var/lib/kuryr/
[root@compute kuryr]# tar -zxvf kuryr-libnetwork.tar -C /var/lib/kuryr/

赋予权限

[root@compute kuryr]# chown -R kuryr:kuryr kuryr-libnetwork

安装本地依赖库

[root@compute kuryr]# cd kuryr-libnetwork
[root@compute kuryr-libnetwork]# pip install -r requirements.txt --no-index -f file:///var/lib/kuryr/kuryr-libnetwork/base/

安装本地kuryr-libnetwork服务

[root@compute kuryr-libnetwork]# python setup.py install

10、生成示例配置文件
[root@compute kuryr-libnetwork]# su -s /bin/sh -c "./tools/generate_config_file_samples.sh" kuryr
[root@compute kuryr-libnetwork]# su -s /bin/sh -c "cp etc/kuryr.conf.sample /etc/kuryr/kuryr.conf" kuryr

11、编辑/etc/kuryr/kuryr.conf配置文件
[root@compute ~]# vi /etc/kuryr/kuryr.conf
[DEFAULT]
bindir = /usr/libexec/kuryr

[neutron]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:35357
username = kuryr
user_domain_name = default
password = 000000
project_name = service
project_domain_name = default
auth_type = password

12、创建启动文件
[root@compute ~]# vi /etc/systemd/system/kuryr-libnetwork.service
[Unit]
Description = Kuryr-libnetwork - Docker network plugin for Neutron

[Service]
ExecStart = /usr/bin/kuryr-server --config-file /etc/kuryr/kuryr.conf
CapabilityBoundingSet = CAP_NET_ADMIN

[Install]
WantedBy = multi-user.target

13、启动服务
[root@compute kuryr-libnetwork]# systemctl enable kuryr-libnetwork
[root@compute kuryr-libnetwork]# systemctl start kuryr-libnetwork
[root@compute kuryr-libnetwork]# systemctl restart docker

14、验证
创建kuryr网络

[root@compute kuryr-libnetwork]# docker network create --driver kuryr --ipam-driver kuryr --subnet 10.10.0.0/16 --gateway=10.10.0.1 test_net
9ab4903d7e7056070da97a667cbb7b2c0801ee25bb9f38fafab6798f087c2dae

查看网络

[root@compute kuryr-libnetwork]# docker network ls
NETWORK ID NAME DRIVER SCOPE
3eadaa82b6d7 bridge bridge local
8c9b9f0285cc host host local
e340dd89e780 none null local
9ab4903d7e70 test_net kuryr local

上传镜像

[root@compute kuryr-libnetwork]# docker load -i /opt/docker-images/centos_latest.tar
[root@compute kuryr-libnetwork]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> ff426288ea90 7 months ago 207MB
[root@compute kuryr-libnetwork]# docker tag ff426288ea90 docker.io/centos:latest
[root@compute kuryr-libnetwork]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest ff426288ea90 7 months ago 207MB

三、在compute节点安装本地zun服务（步骤一中6-8操作一致）
接下来操作:
1、生成示例配置文件
[root@compute zun]# su -s /bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
[root@compute zun]# su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun
[root@compute zun]# su -s /bin/sh -c "cp etc/zun/rootwrap.conf /etc/zun/rootwrap.conf" zun
[root@compute zun]# su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
[root@compute zun]# su -s /bin/sh -c "cp etc/zun/rootwrap.d/* /etc/zun/rootwrap.d/" zun

2、配置zun的 sudoers
[root@compute zun]# echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap \
/etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap

3、编辑配置文件，添加以下内容
[root@compute ~]# vi /etc/zun/zun.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller

[DEFAULT]
state_path = /var/lib/zun

[database]
connection = mysql+pymysql://zun:000000@controller/zun

[keystone_authtoken]
memcached_servers = controller:11211
www_authenticate_uri= http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = 000000
username = zun
auth_url = http://controller:5000
auth_type = password

[websocket_proxy]
base_url = ws://controller:6784/

[oslo_concurrency]
lock_path = /var/lib/zun/tmp

4、配置docker和kuryr
创建docker配置文件夹
[root@compute zun]# mkdir -p /etc/systemd/system/docker.service.d
1
创建docker配置文件
[root@compute ~]# vi /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379

重启docker
[root@compute zun]# systemctl daemon-reload
[root@compute zun]# systemctl restart docker

编辑kuryr配置文件，添加以下内容
[root@compute zun]# vi /etc/kuryr/kuryr.conf
[DEFAULT]
capability_scope = global

重启kuryr
[root@compute zun]# systemctl restart kuryr-libnetwork

5、创建启动文件
[root@compute ~]# vi /etc/systemd/system/zun-compute.service
[Unit]
Description = OpenStack Container Service Compute Agent

[Service]
ExecStart = /usr/bin/zun-compute
User = zun

[Install]
WantedBy = multi-user.target

6、启动zun-compute
[root@compute zun]# systemctl start zun-compute
[root@compute zun]# systemctl enable zun-compute
[root@compute zun]# systemctl status zun-compute
1
2
3
7、验证
controller节点验证
安装zun客户端
[root@controller ~]# pip install python-zunclient==1.1.0 --no-index -f file:///var/lib/zun/zun/base/
1
查看zun服务状态
[root@controller ~]# openstack appcontainer service list
1
三、在controller节点启动一个容器实例
1、查看网络
[root@controller ~]# openstack network list
1
2、获取网络id
[root@controller ~]# export NET_ID=$(openstack network list | awk '/ selfservice / { print $2 }')
1
3、创建容器
[root@controller ~]# openstack appcontainer run --name container --net network=$NET_ID cirros
1
4、查看容器列表,/h4>
[root@controller ~]# openstack appcontainer list
1
四、在controller节点安装zun-ui
1、将zun-ui.tar 复制到/root/目录下进行解压
[root@controller ~]# cp -rvf /opt/zun-ui.tar /root/
[root@controller ~]# tar -zxvf zun-ui.tar -C ./

2、复制文件
[root@controller ~]# cd zun-ui
[root@controller zun-ui]# cp -rvf base/* /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/

3、安装ui模块
[root@controller zun-ui]# cd /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/
[root@controller enabled]# pip install zun-ui --no-index -f file:///usr/share/openstack-dashboard/openstack_dashboard/local/enabled/zun-ui/

4、重启服务
[root@controller enabled]# systemctl restart httpd memcached

5、浏览器访问
浏览器访问http://ip/dashboard

OpenStack-Queens安装本地Zun、kuryr-libnetwork和Zun-ui服务及部署

相关阅读

相关文章

相关问答

相关文档