OpenStack Container Service组件：Zun

运维扫盲人 2021-07-12

2299

Overview

zun-api

An OpenStack-native REST API that processes API requests by sending them to the zun-compute
over Remote Procedure Call (RPC).

zun-compute

A worker daemon that creates and terminates containers or capsules (pods) through container engine API. Manage containers, capsules and compute resources in local host.

zun-wsproxy

Provides a proxy for accessing running containers through a websocket connection.

zun-cni-daemon

Provides a CNI daemon service that provides implementation for the Zun CNI plugin.

python-zunclient

A command-line interface (CLI) and python bindings for interacting with the Container service.

zun-ui

The Horizon plugin for providing Web UI for Zun.

第一部分 Controller配置

一、创建database

CREATE DATABASE zun;
GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' IDENTIFIED BY 'ZUN_DBPASS';
GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' IDENTIFIED BY 'ZUN_DBPASS';

二、添加服务用户

openstack user create --domain default --password-prompt zun
openstack role add --project service --user zun admin

三、创建服务

openstack service create --name zun --description "Container Service" container

四、创建服务API endpoints

openstack endpoint create --region RegionOne container public http://controller:9517/v1
openstack endpoint create --region RegionOne container internal http://controller:9517/v1
openstack endpoint create --region RegionOne container admin http://controller:9517/v1

五、安装配置服务

5.1 创建用户及其安装路径

groupadd --system zun
useradd --home-dir "/var/lib/zun" \
      --create-home \
      --system \
      --shell bin/false \
      -g zun \
      zun
mkdir -p /etc/zun
chown zun:zun etc/zun

5.2 clone程序文件并安装

apt-get install python3-pip git

cd var/lib/zun
git clone https://opendev.org/openstack/zun.git
chown -R zun:zun zun
cd zun
pip3 install -r requirements.txt
python3 setup.py install

TIPs：为了避免pips install超时可以设定pip3 install的下载源；

root@controller-01:/var/lib/zun/zun# cat root/.pip/pip.conf 
[global]
timeout = 6000
index-url = http://pypi.douban.com/simple 
extra-index-url= http://pypi.douban.com/simple/ 
trusted-host = pypi.douban.com

5.3 准备配置文件样例模板

su -s bin/sh -c "oslo-config-generator --config-file etc/zun/zun-config-generator.conf" zun
su -s /bin/sh -c "cp etc/zun/zun.conf.sample /etc/zun/zun.conf" zun
su -s bin/sh -c "cp etc/zun/api-paste.ini etc/zun" zun

5.4 生成database table

su -s bin/sh -c "zun-db-manage upgrade" zun

5.5 编辑配置文件

root@controller-01:~# cat etc/zun/zun.conf | egrep -v "^$|^#"
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api]
host_ip = 172.17.61.21
port = 9517
[cinder_client]
[cni_daemon]
[compute]
[cors]
[database]
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
[docker]
[glance]
[glance_client]
[healthcheck]
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
[keystone_authtoken]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
[network]
[neutron]
[neutron_client]
[oslo_concurrency]
lock_path = var/lib/zun/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
driver = messaging
[oslo_messaging_rabbit]
[oslo_policy]
[pci]
[placement_client]
[privsep]
[profiler]
[quota]
[scheduler]
[ssl]
[volume]
[websocket_proxy]
wsproxy_host = 172.17.61.21
wsproxy_port = 6784
base_url = ws://controller:6784/
[zun_client]

5.6 准备systemd文件

root@controller-01:~# cat lib/systemd/system/zun-api.service 
[Unit]
Description = OpenStack Container Service API


[Service]
ExecStart = usr/local/bin/zun-api
User = zun


[Install]
WantedBy = multi-user.target

root@controller-01:~# cat lib/systemd/system/zun-wsproxy.service 
[Unit]
Description = OpenStack Container Service Websocket Proxy


[Service]
ExecStart = usr/local/bin/zun-wsproxy
User = zun


[Install]
WantedBy = multi-user.target

5.7 启动服务

systemctl enable zun-api
systemctl enable zun-wsproxy.service
systemctl start zun-api.service 
systemctl start zun-wsproxy.service

六、安装配置Kuryr-libnetwork服务

Kuryr libnetwork driver以container image的形式利用neutron为container提供网路插件；

openstack user create --domain default --password-prompt kuryr
openstack role add --project service --user kuryr admin

七、安装配置etcd服务

7.1 安装应用

root@controller-01:~# apt-get install etcd

7.2 编辑配置文件

root@controller-01:~# cat  etc/default/etcd | egrep -v "^$|^#"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_WAL_DIR="/var/lib/etcd/controller/wal"
ETCD_LISTEN_PEER_URLS="http://172.17.61.21:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.17.61.21:2379,http://127.0.0.1:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.17.61.21:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.17.61.21:2379,http://127.0.0.1:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.17.61.21:2380,compute=http://172.17.61.22:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-wanma"
ETCD_INITIAL_CLUSTER_STATE="new"

7.3 启动服务

root@controller-01:~# systemctl enable etcd.service^C
root@controller-01:~# systemctl restart etcd.service

7.4 查看状态

root@controller-01:~# etcdctl member list
dc07a15a7ebf343: name=compute peerURLs=http://172.17.61.22:2380 clientURLs=http://127.0.0.1:2379,http://172.17.61.22:2379 isLeader=true
b62dcc7369969c7f: name=controller peerURLs=http://172.17.61.21:2380 clientURLs=http://127.0.0.1:2379,http://172.17.61.21:2379 isLeader=false
root@controller-01:~# etcdctl cluster-health
member dc07a15a7ebf343 is healthy: got healthy result from http://127.0.0.1:2379
member b62dcc7369969c7f is healthy: got healthy result from http://127.0.0.1:2379
cluster is healthy

第二部分 Compute配置

一、安装配置docker

1.1 安装软件包以允许apt通过HTTPS使用存储库

apt-get install \
     apt-transport-https \
     ca-certificates \
     curl \
     gnupg-agent \
     software-properties-common

1.2 添加Docker的官方GPG密钥

root@controller-01:~# curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add 
OK

root@controller-01:~# sudo apt-key fingerprint 0EBFCD88
pub   rsa4096 2017-02-22 [SCEA]
      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid           [ unknown] Docker Release (CE deb) <docker@docker.com>
sub   rsa4096 2017-02-22 [S]

1.3 添加仓库

sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
Hit:1 http://mirrors.aliyun.com/ubuntu bionic InRelease
Hit:2 http://mirrors.aliyun.com/ubuntu bionic-security InRelease                                     
Hit:3 http://mirrors.aliyun.com/ubuntu bionic-updates InRelease                                      
Hit:4 http://mirrors.aliyun.com/ubuntu bionic-proposed InRelease                                     
Hit:5 http://mirrors.aliyun.com/ubuntu bionic-backports InRelease                                    
Get:6 https://download.docker.com/linux/ubuntu bionic InRelease [64.4 kB]                            
Hit:7 http://ubuntu-cloud.archive.canonical.com/ubuntu bionic-updates/stein InRelease                
Get:8 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages [17.4 kB]
Fetched 81.9 kB in 2s (43.4 kB/s)   
Reading package lists... Done

1.4 安装docker-ce

sudo apt-get install docker-ce docker-ce-cli containerd.io

root@compute-01:~# docker version
Client: Docker Engine - Community
 Version:           20.10.5
 API version:       1.41
 Go version:        go1.13.15
 Git commit:        55c4c88
 Built:             Tue Mar  2 20:18:05 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true


Server: Docker Engine - Community
 Engine:
  Version:          20.10.5
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       363e9a8
  Built:            Tue Mar  2 20:16:00 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.4
  GitCommit:        05f951a3781f4f2c1911b05e61c160e9c30eaa8e
 runc:
  Version:          1.0.0-rc93
  GitCommit:        12644e614e25b05da6fd08a38ffa0cfe1903fdec
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

二、安装配置Kuryr-libnetwork服务

2.1 创建用户及其必要目录

groupadd --system kuryr
useradd --home-dir "/var/lib/kuryr" \
      --create-home \
      --system \
      --shell bin/false \
      -g kuryr \
      kuryr

mkdir -p /etc/kuryr
chown kuryr:kuryr /etc/kuryr

2.2 clone程序文件及安装

apt-get install python3-pip
cd /var/lib/kuryr
git clone -b master https://opendev.org/openstack/kuryr-libnetwork.git
chown -R kuryr:kuryr kuryr-libnetwork
cd kuryr-libnetwork
pip3 install -r requirements.txt
python3 setup.py install

2.3 准备配置文件样例模板

su -s bin/sh -c "./tools/generate_config_file_samples.sh" kuryr
su -s bin/sh -c "cp etc/kuryr.conf.sample etc/kuryr/kuryr.conf" kuryr

2.4 编辑配置文件

root@compute-01:~# cat etc/kuryr/kuryr.conf | egrep -v "^$|^#"
[DEFAULT]
bindir = /usr/local/libexec/kuryr
[binding]
[neutron]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
username = kuryr
user_domain_name = default
password = KURYR
project_name = service
project_domain_name = default
auth_type = password

2.5 准备systemd.service文件

root@compute-01:~# cat /lib/systemd/system/kuryr-libnetwork.service
[Unit]
Description = Kuryr-libnetwork - Docker network plugin for Neutron


[Service]
ExecStart = /usr/local/bin/kuryr-server --config-file /etc/kuryr/kuryr.conf
CapabilityBoundingSet = CAP_NET_ADMIN
AmbientCapabilities = CAP_NET_ADMIN


[Install]
WantedBy = multi-user.target

2.6 启动kuryr-libnetwork程序

systemctl enable kuryr-libnetwork
systemctl start kuryr-libnetwork

systemctl restart docker

2.7 验证

root@compute-01:~# docker network create --driver kuryr --ipam-driver kuryr --subnet 10.20.0.0/16 --gateway=10.20.0.1 test_net
1407ee7de6698712a04f54a14a10ae5432010c2b051f4460e96206695da93d46

root@compute-01:~# docker network list
NETWORK ID     NAME       DRIVER    SCOPE
94950ff577c3   bridge     bridge    local
4eaa5efff9ba   host       host      local
bf7a5162f0d7   none       null      local
1407ee7de669   test_net   kuryr     local

root@compute-01:~# docker run --net test_net cirros ifconfig
Unable to find image 'cirros:latest' locally
latest: Pulling from library/cirros
d0b405be7a32: Pull complete 
bd054094a037: Pull complete 
c6a00de1ec8a: Pull complete 
Digest: sha256:4e8ac7a10251079ad68188b1aab16f6e94d8708d82d0602953c43ad48c2f08ed
Status: Downloaded newer image for cirros:latest
eth0      Link encap:Ethernet  HWaddr 02:42:EC:BD:0E:0D  
          inet addr:10.20.1.77  Bcast:10.20.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1212 (1.1 KiB)  TX bytes:266 (266.0 B)


lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

三、安装配置etcd服务

3.1 启动程序

root@compute-01:~# apt-get install etcd

3.2 编辑配置文件

root@compute-01:~# cat  /etc/default/etcd | egrep -v "^$|^#"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_DATA_DIR="/var/lib/etcd/compute/war"
ETCD_LISTEN_PEER_URLS="http://172.17.61.22:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.17.61.22:2379,http://127.0.0.1:2379"
ETCD_NAME="compute"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.17.61.22:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.17.61.22:2379,http://127.0.0.1:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.17.61.21:2380,compute=http://172.17.61.22:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-wanma"
ETCD_INITIAL_CLUSTER_STATE="new"

3.3 启动etcd服务

root@compute-01:~# systemctl enable etcd.service
root@compute-01:~# systemctl restart etcd.service

3.4 验证etcd服务状态

root@compute-01:~# etcdctl member list
dc07a15a7ebf343: name=compute peerURLs=http://172.17.61.22:2380 clientURLs=http://127.0.0.1:2379,http://172.17.61.22:2379 isLeader=true
b62dcc7369969c7f: name=controller peerURLs=http://172.17.61.21:2380 clientURLs=http://127.0.0.1:2379,http://172.17.61.21:2379 isLeader=false
root@compute-01:~# etcdctl cluster-health
member dc07a15a7ebf343 is healthy: got healthy result from http://127.0.0.1:2379
member b62dcc7369969c7f is healthy: got healthy result from http://127.0.0.1:2379
cluster is healthy

四、安装配置zun服务

4.1 创建用户及其必要目录

groupadd --system zun
useradd --home-dir "/var/lib/zun" \
    --create-home \
    --system \
    --shell /bin/false \
    -g zun \
    zun

mkdir -p /etc/zun
chown zun:zun /etc/zun

mkdir -p /etc/cni/net.d
chown zun:zun /etc/cni/net.d

4.2 安装依赖

apt-get install python3-pip git numactl

4.3 clone并安装zun程序

cd /var/lib/zun
git clone https://opendev.org/openstack/zun.git
chown -R zun:zun zun
cd zun
pip3 install -r requirements.txt
python3 setup.py install

4.4 准备配置文件样例模板

su -s /bin/sh -c "oslo-config-generator   --config-file etc/zun/zun-config-generator.conf" zun
su -s /bin/sh -c "cp etc/zun/zun.conf.sample   /etc/zun/zun.conf" zun
su -s /bin/sh -c "cp etc/zun/rootwrap.conf   /etc/zun/rootwrap.conf" zun
su -s /bin/sh -c "mkdir -p /etc/zun/rootwrap.d" zun
su -s /bin/sh -c "cp etc/zun/rootwrap.d/*   /etc/zun/rootwrap.d/" zun
su -s /bin/sh -c "cp etc/cni/net.d/* /etc/cni/net.d/" zun

4.5 为zun用户配置sudoer

echo "zun ALL=(root) NOPASSWD: /usr/local/bin/zun-rootwrap  /etc/zun/rootwrap.conf *" | sudo tee /etc/sudoers.d/zun-rootwrap

4.6 编辑配置文件

root@compute-01:~# cat /etc/zun/zun.conf | egrep -v "^$|^#"
[DEFAULT]
capability_scope = global
process_external_connectivity = False
transport_url = rabbit://openstack:RABBIT_PASS@controller
state_path = /var/lib/zun
[api]
[cinder_client]
[cni_daemon]
[compute]
host_shared_with_nova = true
[cors]
[database]
connection = mysql+pymysql://zun:ZUN_DBPASS@controller/zun
[docker]
[glance]
[glance_client]
[healthcheck]
[keystone_auth]
memcached_servers = controller:11211
www_authenticate_uri = http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN
username = zun
auth_url = http://controller:5000
auth_type = password
auth_version = v3
auth_protocol = http
service_token_roles_required = True
endpoint_type = internalURL
[keystone_authtoken]
memcached_servers = controller:11211
www_authenticate_uri= http://controller:5000
project_domain_name = default
project_name = service
user_domain_name = default
password = ZUN
username = zun
auth_url = http://controller:5000
auth_type = password
[network]
[neutron]
[neutron_client]
[oslo_concurrency]
lock_path = /var/lib/zun/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[pci]
[placement_client]
[privsep]
[profiler]
[quota]
[scheduler]
[ssl]
[volume]
[websocket_proxy]
[zun_client]

4.7 配置docker

root@compute-01:~# cat  /lib/systemd/system/docker.service  | egrep  -v "^#|^$"
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket containerd.service
[Service]
Type=notify
ExecStart=/usr/bin/dockerd --group zun -H tcp://compute-01:2375 -H unix:///var/run/docker.sock --cluster-store etcd://controller:2379 
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target

4.8 配置containerd

4.8.1 生成配置文件

containerd config default > /etc/containerd/config.toml

4.8.2 获取GID并在配置文件替换为获取到的值

root@compute-01:~# getent group zun | cut -d: -f3
996

root@compute-01:~# chown zun:zun /etc/containerd/config.toml
root@compute-01:~# cat /etc/containerd/config.toml
version = 2
root = "/var/lib/containerd"
state = "/run/containerd"
plugin_dir = ""
disabled_plugins = []
required_plugins = []
oom_score = 0


[grpc]
  address = "/run/containerd/containerd.sock"
  tcp_address = ""
  tcp_tls_cert = ""
  tcp_tls_key = ""
  uid = 996
  gid = 996
  max_recv_message_size = 16777216
  max_send_message_size = 16777216


[ttrpc]
  address = ""
  uid = 0
  gid = 0


[debug]
  address = ""
  uid = 0
  gid = 0
  level = ""


[metrics]
  address = ""
  grpc_histogram = false


[cgroup]
  path = ""


[timeouts]
  "io.containerd.timeout.shim.cleanup" = "5s"
  "io.containerd.timeout.shim.load" = "5s"
  "io.containerd.timeout.shim.shutdown" = "3s"
  "io.containerd.timeout.task.state" = "2s"


[plugins]
  [plugins."io.containerd.gc.v1.scheduler"]
    pause_threshold = 0.02
    deletion_threshold = 0
    mutation_threshold = 100
    schedule_delay = "0s"
    startup_delay = "100ms"
  [plugins."io.containerd.grpc.v1.cri"]
    disable_tcp_service = true
    stream_server_address = "127.0.0.1"
    stream_server_port = "0"
    stream_idle_timeout = "4h0m0s"
    enable_selinux = false
    selinux_category_range = 1024
    sandbox_image = "k8s.gcr.io/pause:3.2"
    stats_collect_period = 10
    systemd_cgroup = false
    enable_tls_streaming = false
    max_container_log_line_size = 16384
    disable_cgroup = false
    disable_apparmor = false
    restrict_oom_score_adj = false
    max_concurrent_downloads = 3
    disable_proc_mount = false
    unset_seccomp_profile = ""
    tolerate_missing_hugetlb_controller = true
    disable_hugetlb_controller = true
    ignore_image_defined_volumes = false
    [plugins."io.containerd.grpc.v1.cri".containerd]
      snapshotter = "overlayfs"
      default_runtime_name = "runc"
      no_pivot = false
      disable_snapshot_annotations = true
      discard_unpacked_layers = false
      [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime]
        runtime_type = ""
        runtime_engine = ""
        runtime_root = ""
        privileged_without_host_devices = false
        base_runtime_spec = ""
      [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime]
        runtime_type = ""
        runtime_engine = ""
        runtime_root = ""
        privileged_without_host_devices = false
        base_runtime_spec = ""
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
          runtime_type = "io.containerd.runc.v2"
          runtime_engine = ""
          runtime_root = ""
          privileged_without_host_devices = false
          base_runtime_spec = ""
          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/cni/bin"
      conf_dir = "/etc/cni/net.d"
      max_conf_num = 1
      conf_template = ""
    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://registry-1.docker.io"]
    [plugins."io.containerd.grpc.v1.cri".image_decryption]
      key_model = ""
    [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
      tls_cert_file = ""
      tls_key_file = ""
  [plugins."io.containerd.internal.v1.opt"]
    path = "/opt/containerd"
  [plugins."io.containerd.internal.v1.restart"]
    interval = "10s"
  [plugins."io.containerd.metadata.v1.bolt"]
    content_sharing_policy = "shared"
  [plugins."io.containerd.monitor.v1.cgroups"]
    no_prometheus = false
  [plugins."io.containerd.runtime.v1.linux"]
    shim = "containerd-shim"
    runtime = "runc"
    runtime_root = ""
    no_shim = false
    shim_debug = false
  [plugins."io.containerd.runtime.v2.task"]
    platforms = ["linux/amd64"]
  [plugins."io.containerd.service.v1.diff-service"]
    default = ["walking"]
  [plugins."io.containerd.snapshotter.v1.devmapper"]
    root_path = ""
    pool_name = ""
    base_image_size = ""
    async_remove = false

4.8.3 重启docker containerd

root@compute-01:~# systemctl restart containerd

4.9 配置CNI

4.9.1 下载安装CNI lookup plugin

mkdir -p /opt/cni/bin
curl -L https://github.com/containernetworking/plugins/releases/download/v0.7.1/cni-plugins-amd64-v0.7.1.tgz | tar -C /opt/cni/bin -xzvf - ./loopback

4.9.2 安装Zun CNI plugin

root@compute-01:~# install -o zun -m 0555 -D /usr/local/bin/zun-cni /opt/cni/bin/zun-cni

4.10 启动zun服务

4.10.1 准备zun服务systemd.service文件

root@compute-01:~# cat /lib/systemd/system/zun-compute.service 
[Unit]
Description = OpenStack Container Service Compute Agent


[Service]
ExecStart = /usr/local/bin/zun-compute
User = zun


[Install]
WantedBy = multi-user.target

root@compute-01:~# cat /lib/systemd/system/zun-cni-daemon.service 
[Unit]
Description = OpenStack Container Service CNI daemon


[Service]
ExecStart = /usr/local/bin/zun-cni-daemon
User = zun


[Install]
WantedBy = multi-user.target

4.10.2 启动服务

systemctl enable zun-compute
systemctl start zun-compute
systemctl enable zun-cni-daemon
systemctl start zun-cni-daemon

第三部分验证

一、安装python-zunclinet配置zun服务

root@controller-01:~# pip3 install python-zunclient

二、验证component安装状态

root@controller-01:~# openstack appcontainer host list
+--------------------------------------+------------+-----------+------+------------+
| uuid                                 | hostname   | mem_total | cpus | disk_total |
+--------------------------------------+------------+-----------+------+------------+
| 17dfd24a-1b19-46ad-886d-191639bc9c41 | compute-01 |      7976 |    4 |         15 |
+--------------------------------------+------------+-----------+------+------------+

root@controller-01:~# openstack appcontainer service list
+----+------------+-------------+-------+----------+-----------------+----------------------------+-------------------+
| Id | Host       | Binary      | State | Disabled | Disabled Reason | Updated At                 | Availability Zone |
+----+------------+-------------+-------+----------+-----------------+----------------------------+-------------------+
| 1 | compute-01 | zun-compute | up    | False    | None            | 2021-03-26T13:30:17.000000 | nova              |
+----+------------+-------------+-------+----------+-----------------+----------------------------+-------------------+

三、Launch a Container

3.1 确定可用网络

root@controller-01:~# openstack network list
+--------------------------------------+--------------------+--------------------------------------+
| ID                                   | Name               | Subnets                              |
+--------------------------------------+--------------------+--------------------------------------+
| 3c3dd4da-5865-48bf-8cb4-1c5941ca8f86 | kuryr-net-1407ee7d | 4cebae65-eb49-44e3-af52-3677bdbe3c36 |
| 42adde0f-95d7-49e0-8b69-3a48276b492d | selfservice        | b08bf9e9-2488-45d3-98fa-8720ed7f05f5 |
| e5874e6a-3282-4bd8-b82a-05b998ee0909 | provider           | f4bc642c-adb0-48a8-b010-6357dca7f59b |
+--------------------------------------+--------------------+--------------------------------------+

root@controller-01:~# openstack subnet list
+--------------------------------------+---------------------------+--------------------------------------+---------------+
| ID                                   | Name                      | Network                              | Subnet        |
+--------------------------------------+---------------------------+--------------------------------------+---------------+
| 4cebae65-eb49-44e3-af52-3677bdbe3c36 | kuryr-subnet-10.20.0.0/16 | 3c3dd4da-5865-48bf-8cb4-1c5941ca8f86 | 10.20.0.0/16  |
| b08bf9e9-2488-45d3-98fa-8720ed7f05f5 | selfservice               | 42adde0f-95d7-49e0-8b69-3a48276b492d | 192.0.2.0/24  |
| f4bc642c-adb0-48a8-b010-6357dca7f59b | provider                  | e5874e6a-3282-4bd8-b82a-05b998ee0909 | 10.1.112.0/24 |
+--------------------------------------+---------------------------+--------------------------------------+---------------+

3.2 运行一个container

export NET_ID=$(openstack network list | awk '/ selfservice / { print $2 }')

root@controller-01:~# openstack appcontainer run --name container --net network=$NET_ID cirros ping 8.8.8.8
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field             | Value                                                                                                                                                                                                         |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| uuid              | a6967e07-2e90-4cf4-9b7c-82ab026921ab                                                                                                                                                                          |
| links             | [{'href': 'http://controller:9517/v1/containers/a6967e07-2e90-4cf4-9b7c-82ab026921ab', 'rel': 'self'}, {'href': 'http://controller:9517/containers/a6967e07-2e90-4cf4-9b7c-82ab026921ab', 'rel': 'bookmark'}] |
| name              | container                                                                                                                                                                                                     |
| project_id        | ded04e0f8ea5491582278519ce380edc                                                                                                                                                                              |
| user_id           | 6b2cb6a662404f40b02fa00364b70017                                                                                                                                                                              |
| image             | cirros                                                                                                                                                                                                        |
| cpu               | 1.0                                                                                                                                                                                                           |
| cpu_policy        | shared                                                                                                                                                                                                        |
| memory            | 512                                                                                                                                                                                                           |
| command           | ['ping', '8.8.8.8']                                                                                                                                                                                           |
| status            | Creating                                                                                                                                                                                                      |
| status_reason     | None                                                                                                                                                                                                          |
| task_state        | None                                                                                                                                                                                                          |
| environment       | {}                                                                                                                                                                                                            |
| workdir           | None                                                                                                                                                                                                          |
| auto_remove       | False                                                                                                                                                                                                         |
| ports             | None                                                                                                                                                                                                          |
| hostname          | None                                                                                                                                                                                                          |
| labels            | {}                                                                                                                                                                                                            |
| addresses         | None                                                                                                                                                                                                          |
| image_pull_policy | None                                                                                                                                                                                                          |
| host              | None                                                                                                                                                                                                          |
| restart_policy    | None                                                                                                                                                                                                          |
| status_detail     | None                                                                                                                                                                                                          |
| interactive       | False                                                                                                                                                                                                         |
| tty               | False                                                                                                                                                                                                         |
| image_driver      | docker                                                                                                                                                                                                        |
| security_groups   | None                                                                                                                                                                                                          |
| runtime           | None                                                                                                                                                                                                          |
| disk              | 0                                                                                                                                                                                                             |
| auto_heal         | False                                                                                                                                                                                                         |
| privileged        | False                                                                                                                                                                                                         |
| healthcheck       | None                                                                                                                                                                                                          |
| registry_id       | None                                                                                                                                                                                                          |
| entrypoint        | None                                                                                                                                                                                                          |
+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

3.3 获取container状态

root@controller-01:~# openstack appcontainer list
+--------------------------------------+-----------+--------+---------+------------+-------------+-------+
| uuid                                 | name      | image  | status  | task_state | addresses   | ports |
+--------------------------------------+-----------+--------+---------+------------+-------------+-------+
| a6967e07-2e90-4cf4-9b7c-82ab026921ab | container | cirros | Running | None       | 192.0.2.149 | []    |
+--------------------------------------+-----------+--------+---------+------------+-------------+-------+

3.4 验证container 网络的连通性

root@compute-01:~# docker exec -it 1307e1ae6798 /bin/sh
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr FA:16:3E:85:0B:5C  
          inet addr:192.0.2.149  Bcast:192.0.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:169 errors:0 dropped:0 overruns:0 frame:0
          TX packets:156 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15686 (15.3 KiB)  TX bytes:14432 (14.0 KiB)


lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:896 (896.0 B)  TX bytes:896 (896.0 B)


/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=109 time=92.071 ms
64 bytes from 8.8.8.8: seq=1 ttl=109 time=91.942 ms

TIPs：container会运行为compute节点上的docker ps；

3.5 管理容器

root@controller-01:~# openstack appcontainer stop container
Request to stop container container has been accepted.
root@controller-01:~# openstack appcontainer delete container
Request to delete container container has been accepted.

第四部分 Zun UI

https://docs.openstack.org/zun-ui/latest/install/index.html
https://github.com/openstack/zun-ui/tree/stable/stein

一、clone程序文件并安装

git clone https://github.com/openstack/zun-ui
cd zun-ui/
git checkout stable/stein
pip3 install .
cp zun_ui/enabled/* /usr/share/openstack-dashboard/openstack_dashboard/enabled/
cd /usr/share/openstack-dashboard
python3 manage.py collectstatic
python3 manage.py compress
systemctl restart apache2

二、验证

文章转载自运维扫盲人，如果涉嫌侵权，请发送邮件至：contact@modb.pro进行举报，并提供相关证据，一经查实，墨天轮将立刻删除相关内容。

OpenStack Container Service组件：Zun

1.1 安装软件包以允许apt通过HTTPS使用存储库

1.2 添加Docker的官方GPG密钥

评论