e160a9fa8c
Register endpoints using the controller IP and not the controller alias. Having the endpoints set with the alias doesn't allow compute instances created by magnum to access magnum's API. Change-Id: I475ede00123765823cefc47d2e0c75776a2cbc06
192 lines
7.6 KiB
ReStructuredText
192 lines
7.6 KiB
ReStructuredText
Prerequisites
|
|
-------------
|
|
|
|
Before you install and configure the Container Infrastructure Management
|
|
service, you must create a database, service credentials, and API endpoints.
|
|
|
|
#. To create the database, complete these steps:
|
|
|
|
* Use the database access client to connect to the database
|
|
server as the ``root`` user:
|
|
|
|
.. code-block:: console
|
|
|
|
$ mysql -u root -p
|
|
|
|
* Create the ``magnum`` database:
|
|
|
|
.. code-block:: console
|
|
|
|
CREATE DATABASE magnum;
|
|
|
|
* Grant proper access to the ``magnum`` database:
|
|
|
|
.. code-block:: console
|
|
|
|
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'controller' \
|
|
IDENTIFIED BY 'MAGNUM_DBPASS';
|
|
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' \
|
|
IDENTIFIED BY 'MAGNUM_DBPASS';
|
|
|
|
Replace ``MAGNUM_DBPASS`` with a suitable password.
|
|
|
|
* Exit the database access client.
|
|
|
|
#. Source the ``admin`` credentials to gain access to
|
|
admin-only CLI commands:
|
|
|
|
.. code-block:: console
|
|
|
|
$ . admin-openrc
|
|
|
|
#. To create the service credentials, complete these steps:
|
|
|
|
* Create the ``magnum`` user:
|
|
|
|
.. code-block:: console
|
|
|
|
|
|
$ openstack user create --domain default \
|
|
--password-prompt magnum
|
|
User Password:
|
|
Repeat User Password:
|
|
+-----------+----------------------------------+
|
|
| Field | Value |
|
|
+-----------+----------------------------------+
|
|
| domain_id | default |
|
|
| enabled | True |
|
|
| id | a8ebafc275c54d389dfc1bff8b4fe286 |
|
|
| name | magnum |
|
|
+-----------+----------------------------------+
|
|
|
|
* Add the ``admin`` role to the ``magnum`` user:
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack role add --project service --user magnum admin
|
|
|
|
.. note::
|
|
|
|
This command provides no output.
|
|
|
|
* Create the ``magnum`` service entity:
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack service create --name magnum \
|
|
--description "OpenStack Container Infrastructure Management Service" \
|
|
container-infra
|
|
+-------------+-------------------------------------------------------+
|
|
| Field | Value |
|
|
+-------------+-------------------------------------------------------+
|
|
| description | OpenStack Container Infrastructure Management Service |
|
|
| enabled | True |
|
|
| id | 194faf83e8fd4e028e5ff75d3d8d0df2 |
|
|
| name | magnum |
|
|
| type | container-infra |
|
|
+-------------+-------------------------------------------------------+
|
|
|
|
#. Create the Container Infrastructure Management service API endpoints:
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack endpoint create --region RegionOne \
|
|
container-infra public http://CONTROLLER_IP:9511/v1
|
|
+--------------+----------------------------------+
|
|
| Field | Value |
|
|
+--------------+----------------------------------+
|
|
| enabled | True |
|
|
| id | cb137e6366ad495bb521cfe92d8b8858 |
|
|
| interface | public |
|
|
| region | RegionOne |
|
|
| region_id | RegionOne |
|
|
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
|
|
| service_name | magnum |
|
|
| service_type | container-infra |
|
|
| url | http://CONTROLLER_IP:9511/v1 |
|
|
+--------------+----------------------------------+
|
|
|
|
$ openstack endpoint create --region RegionOne \
|
|
container-infra internal http://CONTROLLER_IP:9511/v1
|
|
+--------------+----------------------------------+
|
|
| Field | Value |
|
|
+--------------+----------------------------------+
|
|
| enabled | True |
|
|
| id | 17cbc3b6f51449a0a818118d6d62868d |
|
|
| interface | internal |
|
|
| region | RegionOne |
|
|
| region_id | RegionOne |
|
|
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
|
|
| service_name | magnum |
|
|
| service_type | container-infra |
|
|
| url | http://CONTROLLER_IP:9511/v1 |
|
|
+--------------+----------------------------------+
|
|
|
|
$ openstack endpoint create --region RegionOne \
|
|
container-infra admin http://CONTROLLER_IP:9511/v1
|
|
+--------------+----------------------------------+
|
|
| Field | Value |
|
|
+--------------+----------------------------------+
|
|
| enabled | True |
|
|
| id | 30f8888e6b6646d7b5cd14354c95a684 |
|
|
| interface | admin |
|
|
| region | RegionOne |
|
|
| region_id | RegionOne |
|
|
| service_id | 0f7f62a1f1a247d2a4cb237642814d0e |
|
|
| service_name | magnum |
|
|
| service_type | container-infra |
|
|
| url | http://CONTROLLER_IP:9511/v1 |
|
|
+--------------+----------------------------------+
|
|
|
|
Replace ``CONTROLLER_IP`` with the IP magnum listens to. Alternatively,
|
|
you can use a hostname which is reachable by the Compute instances.
|
|
|
|
#. Magnum requires additional information in the Identity service to
|
|
manage COE clusters. To add this information, complete these steps:
|
|
|
|
* Create the ``magnum`` domain that contains projects and users:
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack domain create --description "Owns users and projects \
|
|
created by magnum" magnum
|
|
+-------------+-------------------------------------------+
|
|
| Field | Value |
|
|
+-------------+-------------------------------------------+
|
|
| description | Owns users and projects created by magnum |
|
|
| enabled | True |
|
|
| id | 66e0469de9c04eda9bc368e001676d20 |
|
|
| name | magnum |
|
|
+-------------+-------------------------------------------+
|
|
|
|
* Create the ``magnum_domain_admin`` user to manage projects and users
|
|
in the ``magnum`` domain:
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack user create --domain magnum --password-prompt \
|
|
magnum_domain_admin
|
|
User Password:
|
|
Repeat User Password:
|
|
+-----------+----------------------------------+
|
|
| Field | Value |
|
|
+-----------+----------------------------------+
|
|
| domain_id | 66e0469de9c04eda9bc368e001676d20 |
|
|
| enabled | True |
|
|
| id | 529b81cf35094beb9784c6d06c090c2b |
|
|
| name | magnum_domain_admin |
|
|
+-----------+----------------------------------+
|
|
|
|
* Add the ``admin`` role to the ``magnum_domain_admin`` user in the
|
|
``magnum`` domain to enable administrative management privileges
|
|
by the ``magnum_domain_admin`` user:
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack role add --domain magnum --user-domain magnum --user \
|
|
magnum_domain_admin admin
|
|
|
|
.. note::
|
|
|
|
This command provides no output.
|