Want to install Magnum (Containers as a Service) in an OpenStack environment based on packages from RDO project? Here are the steps to do it:
|Primary steps are the same as official Magnum guide, major differences come from DevStack or manual installations vs packages from RDO project.
Also, some of the steps are explained to show how Magnum should work, as well this guide can help you understand Magnum integration with your current environment.
I\'m not going to use Barbican service for certs management, you will see how to use Magnum without Barbican too.
For now, there is not RDO packages for magnum, so we are going to
install it from source code.
As i know, currently magnum packages are under development and will
be added in future OpenStack versions to RDO project packages.
(Probably Mitaka or Newton)
Passwords used at this demo are:
temporal (Databases and OpenStack users)
guest (RabbitMQ)
IPs used are:
192.168.200.208 (Service APIs)
192.168.100.0/24 (External network range)
10.0.0.0/24 (Tenant network range)
8.8.8.8 (Google DNS server)
First we need to install some dependencies and packages needed for next steps.
Clone Magnum source code from OpenStack git repository, ensure you use Liberty branch, if not, Magnum dependencies will break all OpenStack services dependencies and lost your current environment (Trust me, i\'m talking from my own experience)
Move to your newly created folder and install Magnum (dependency requirements and Magnum)
cd magnum
sudo pip install -e .
Once Magnum is installed, create Magnum database and Magnum user
mysql -uroot -p
CREATE DATABASE IF NOT EXISTS magnum DEFAULT CHARACTER SET utf8;
GRANT ALL PRIVILEGES ON magnum.* TO'magnum'@'localhost' IDENTIFIED BY 'temporal';
GRANT ALL PRIVILEGES ON magnum.* TO'magnum'@'%' IDENTIFIED BY 'temporal';
Create Magnum folder and copy sample configuration files.
Bind Magnum API port to listen on all the interfaces, you can also especify on which IP Magnum API will be listening if you are concerned about security risks.
Open two terminal session and execute one command on each terminal to start both services. If you encounter any issue, logs can be found at these terminal
nova keypair-add --pub-key ~/.ssh/id_rsa.pub egonzalez
| Now we are going to test our new Magnum service, you have various methods to do it. | I will use Docker Swarm method because is the simplest one for this demo purposes. Go through Magnum documentation to check other container methods as Kubernetes is.
Create a baymodel with atomic image and swarm, select a flavor with at least 10GB of disk
If all is going fine, nova should have two new instances(in ACTIVE state), one for the master node and second for the worker.
nova list
+--------------------------------------+-------------------------------------------------------+--------+------------+-------------+-------------------------------------------------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------------------------------------------------------+--------+------------+-------------+-------------------------------------------------------------------------------+
| e38eb88c-bb6b-427d-a2c5-cdfe868796f0 | de-44kx2l4q4wc-0-d6j5svvjxmne-swarm_node-xafkm2jskf5j | ACTIVE | - | Running | demoswarmbay-agf6y3qnjoyw-fixed_network-g37bcmc52akv=10.0.0.4, 192.168.100.16 |
| 5acc579d-152a-4656-9eb8-e800b7ab3bcf | demoswarmbay-agf6y3qnjoyw-swarm_master-fllwhrpuabbq | ACTIVE | - | Running | demoswarmbay-agf6y3qnjoyw-fixed_network-g37bcmc52akv=10.0.0.3, 192.168.100.15 |
+--------------------------------------+-------------------------------------------------------+--------+------------+-------------+-------------------------------------------------------------------------------+
| Container is created, but not started. | Start the container
magnum container-start demo-container
Check container logs, you should see 4 pings succeed to our external router gateway.
magnum container-logs demo-container
PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=0.083 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=0.068 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=0.043 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=0.099 ms
You can delete the container
magnum container-delete demo-container
While doing this demo, i missed adding branch name while cloning Magnum source code, when i installed Magnum all package dependencies where installed from master, who was Mitaka instead of Liberty, which broke my environment.
I suffered the following issues:
Issues with packages
ImportError: No module named MySQLdb
Was solved installing MySQL-python from pip instead of yum
pip install MySQL-python
Issues with policies, admin privileges weren\'t recognized by Magnum api.
PolicyNotAuthorized: magnum-service:get_all{{ bunch of stuff }} disallowed by policy
Was solved removing admin_api rule at Magnum policy.json file
vi /etc/magnum/policy.json
# "admin_api": "rule:context_is_admin",
| Unfortunately, nova was completely broken and it was not working at all, so i installed a new environment and added branch while cloning source code. | Next issue i found was Barbican, who was not installed, i used the steps mentioned at this post to solve this issue.
Hope this guide helps you integrating Magnum Container as a Service in OpenStack.
