Install and configure for Red Hat Enterprise Linux and CentOS

this page last updated: 2019-03-25 10:48

Install and configure for Red Hat Enterprise Linux and CentOS¶

This section describes how to install and configure the Container Infrastructure Management service for Red Hat Enterprise Linux 7 and CentOS 7.

Prerequisites¶

Before you install and configure the Container Infrastructure Management service, you must create a database, service credentials, and API endpoints.

To create the database, complete these steps:
- Use the database access client to connect to the database server as the root user:
```
$ mysql -u root -p
```
- Create the magnum database:
```
CREATE DATABASE magnum;
```
- Grant proper access to the magnum database:
```
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'controller' \
  IDENTIFIED BY 'MAGNUM_DBPASS';
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \
  IDENTIFIED BY 'MAGNUM_DBPASS';
```
  Replace MAGNUM_DBPASS with a suitable password.
- Exit the database access client.
Source the admin credentials to gain access to admin-only CLI commands:
```
$ . admin-openrc
```

To create the service credentials, complete these steps:

Create the magnum user:

$ openstack user create --domain default \
  --password-prompt magnum
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | a8ebafc275c54d389dfc1bff8b4fe286 |
| name      | magnum                           |
+-----------+----------------------------------+

Add the admin role to the magnum user:
```
$ openstack role add --project service --user magnum admin
```
Note

This command provides no output.

Create the magnum service entity:

$ openstack service create --name magnum \
  --description "OpenStack Container Infrastructure Management Service" \
  container-infra
+-------------+-------------------------------------------------------+
| Field       | Value                                                 |
+-------------+-------------------------------------------------------+
| description | OpenStack Container Infrastructure Management Service |
| enabled     | True                                                  |
| id          | 194faf83e8fd4e028e5ff75d3d8d0df2                      |
| name        | magnum                                                |
| type        | container-infra                                       |
+-------------+-------------------------------------------------------+

Create the Container Infrastructure Management service API endpoints:

$ openstack endpoint create --region RegionOne \
  container-infra public http://CONTROLLER_IP:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cb137e6366ad495bb521cfe92d8b8858 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://CONTROLLER_IP:9511/v1     |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne \
  container-infra internal http://CONTROLLER_IP:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 17cbc3b6f51449a0a818118d6d62868d |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://CONTROLLER_IP:9511/v1     |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne \
  container-infra admin http://CONTROLLER_IP:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 30f8888e6b6646d7b5cd14354c95a684 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0f7f62a1f1a247d2a4cb237642814d0e |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://CONTROLLER_IP:9511/v1     |
+--------------+----------------------------------+

Replace CONTROLLER_IP with the IP magnum listens to. Alternatively, you can use a hostname which is reachable by the Compute instances.

Magnum requires additional information in the Identity service to manage COE clusters. To add this information, complete these steps:

Create the magnum domain that contains projects and users:

$ openstack domain create --description "Owns users and projects \
  created by magnum" magnum
  +-------------+-------------------------------------------+
  | Field       | Value                                     |
  +-------------+-------------------------------------------+
  | description | Owns users and projects created by magnum |
  | enabled     | True                                      |
  | id          | 66e0469de9c04eda9bc368e001676d20          |
  | name        | magnum                                    |
  +-------------+-------------------------------------------+

Create the magnum_domain_admin user to manage projects and users in the magnum domain:

$ openstack user create --domain magnum --password-prompt \
  magnum_domain_admin
  User Password:
  Repeat User Password:
  +-----------+----------------------------------+
  | Field     | Value                            |
  +-----------+----------------------------------+
  | domain_id | 66e0469de9c04eda9bc368e001676d20 |
  | enabled   | True                             |
  | id        | 529b81cf35094beb9784c6d06c090c2b |
  | name      | magnum_domain_admin              |
  +-----------+----------------------------------+

Add the admin role to the magnum_domain_admin user in the magnum domain to enable administrative management privileges by the magnum_domain_admin user:
```
$ openstack role add --domain magnum --user-domain magnum --user \
  magnum_domain_admin admin
```
Note

This command provides no output.

Install and configure components¶

Install the packages:

# yum install openstack-magnum-api openstack-magnum-conductor python-magnumclient

Edit the /etc/magnum/magnum.conf file:
- In the [api] section, configure the host:
```
[api]
...
host = CONTROLLER_IP
```
  Replace CONTROLLER_IP with the IP address on which you wish magnum api should listen.
- In the [certificates] section, select barbican (or x509keypair if you don’t have barbican installed):
  - Use barbican to store certificates:
    [certificates] ... cert_manager_type = barbican
  Important
  
  Barbican is recommended for production environments.
  - To store x509 certificates in magnum’s database:
    [certificates] ... cert_manager_type = x509keypair
- In the [cinder_client] section, configure the region name:
```
[cinder_client]
...
region_name = RegionOne
```
- In the [database] section, configure database access:
```
[database]
...
connection = mysql+pymysql://magnum:MAGNUM_DBPASS@controller/magnum
```
  Replace MAGNUM_DBPASS with the password you chose for the magnum database.
- In the [keystone_authtoken] and [trust] sections, configure Identity service access:
```
[keystone_authtoken]
...
memcached_servers = controller:11211
auth_version = v3
auth_uri = http://controller:5000/v3
project_domain_id = default
project_name = service
user_domain_id = default
password = MAGNUM_PASS
username = magnum
auth_url = http://controller:35357
auth_type = password

[trust]
...
trustee_domain_name = magnum
trustee_domain_admin_name = magnum_domain_admin
trustee_domain_admin_password = DOMAIN_ADMIN_PASS
trustee_keystone_interface = KEYSTONE_INTERFACE
```
  Replace MAGNUM_PASS with the password you chose for the magnum user in the Identity service and DOMAIN_ADMIN_PASS with the password you chose for the magnum_domain_admin user.
  
  Replace KEYSTONE_INTERFACE with either public or internal depending on your network configuration. If your instances cannot reach internal keystone endpoint which is often the case in production environments it should be set to public. Default to public
- In the [oslo_messaging_notifications] section, configure the driver:
```
[oslo_messaging_notifications]
...
driver = messaging
```
- In the [DEFAULT] section, configure RabbitMQ message queue access:
```
[DEFAULT]
...
transport_url = rabbit://openstack:RABBIT_PASS@controller
```
  Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

Additionally, edit the /etc/magnum/magnum.conf file:
- In the [oslo_concurrency] section, configure the lock_path:
```
[oslo_concurrency]
...
lock_path = /var/lib/magnum/tmp
```

Populate Magnum database:

# su -s /bin/sh -c "magnum-db-manage upgrade" magnum

Finalize installation¶

Start the Container Infrastructure Management services and configure them to start when the system boots:

# systemctl enable openstack-magnum-api.service \
  openstack-magnum-conductor.service
# systemctl start openstack-magnum-api.service \
  openstack-magnum-conductor.service

this page last updated: 2019-03-25 10:48

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.