67de6c537a
We must add the user-domain to ensure than the user is from the magnum domain. Change-Id: I8defb35f745f7df2e20deea759a43ef1bb47d248 Closes-bug: #1635202
7.5 KiB
Prerequisites
Before you install and configure the Container Infrastructure Management service, you must create a database, service credentials, and API endpoints.
To create the database, complete these steps:
Use the database access client to connect to the database server as the
rootuser:$ mysql -u root -pCreate the
magnumdatabase:CREATE DATABASE magnum;Grant proper access to the
magnumdatabase:GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'controller' \ IDENTIFIED BY 'MAGNUM_DBPASS'; GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \ IDENTIFIED BY 'MAGNUM_DBPASS';Replace
MAGNUM_DBPASSwith a suitable password.Exit the database access client.
Source the
admincredentials to gain access to admin-only CLI commands:$ . admin-openrcTo create the service credentials, complete these steps:
Create the
magnumuser:$ openstack user create --domain default \ --password-prompt magnum User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | a8ebafc275c54d389dfc1bff8b4fe286 | | name | magnum | +-----------+----------------------------------+Add the
adminrole to themagnumuser:$ openstack role add --project service --user magnum adminNote
This command provides no output.
Create the
magnumservice entity:$ openstack service create --name magnum \ --description "OpenStack Container Infrastructure Management Service" \ container-infra +-------------+-------------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------------+ | description | OpenStack Container Infrastructure Management Service | | enabled | True | | id | 194faf83e8fd4e028e5ff75d3d8d0df2 | | name | magnum | | type | container-infra | +-------------+-------------------------------------------------------+
Create the Container Infrastructure Management service API endpoints:
$ openstack endpoint create --region RegionOne \ container-infra public http://controller:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cb137e6366ad495bb521cfe92d8b8858 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://controller:9511/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ container-infra internal http://controller:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 17cbc3b6f51449a0a818118d6d62868d | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://controller:9511/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ container-infra admin http://controller:9511/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 30f8888e6b6646d7b5cd14354c95a684 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 0f7f62a1f1a247d2a4cb237642814d0e | | service_name | magnum | | service_type | container-infra | | url | http://controller:9511/v1 | +--------------+----------------------------------+Magnum requires additional information in the Identity service to manage COE clusters. To add this information, complete these steps:
Create the
magnumdomain that contains projects and users:$ openstack domain create --description "Owns users and projects \ created by magnum" magnum +-------------+-------------------------------------------+ | Field | Value | +-------------+-------------------------------------------+ | description | Owns users and projects created by magnum | | enabled | True | | id | 66e0469de9c04eda9bc368e001676d20 | | name | magnum | +-------------+-------------------------------------------+Create the
magnum_domain_adminuser to manage projects and users in themagnumdomain:$ openstack user create --domain magnum --password-prompt \ magnum_domain_admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 66e0469de9c04eda9bc368e001676d20 | | enabled | True | | id | 529b81cf35094beb9784c6d06c090c2b | | name | magnum_domain_admin | +-----------+----------------------------------+Add the
adminrole to themagnum_domain_adminuser in themagnumdomain to enable administrative management privileges by themagnum_domain_adminuser:$ openstack role add --domain magnum --user-domain magnum --user \ magnum_domain_admin adminNote
This command provides no output.