How to install OpenStack Magnum container service on CentOS / Ubuntu

Magnum is an OpenStack API service designed to help OpenStack users manage container orchestration engines such as Kubernetes, Docker Swarm and Apache Mesos. Magnum uses Heat to orchestrate an OS image containing Docker and Kubernetes and run the image on a bare metal in a virtual machine or cluster configuration.

In this guide, we will introduce the steps required to set up Magnum Container Orchestration Service in OpenStack. Before following this guide, you should have a working OpenStack cloud environment. For the development environment, we have a guide, you can refer to:

OpenStack deployment on Ubuntu 18.04 with DevStack

OpenStack deployment on CentOS 7 with Packstack

Before you start

You need to visit:

  • Database server being used by OpenStack services
  • Root access to change the Magnum profile in the controller
  • Access administrative credentials file-.keystonerc or .admin-openrc

Once you have confirmed access to the above, you can start setting up the Magnum container service on OpenStack.

Step 1: Create a Magnum database user

Create a magnum database and grant appropriate access to the magnum database:

$ mysql -u root -p
CREATE DATABASE magnum;
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'localhost' IDENTIFIED BY 'MagnumDBPassword';
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%' IDENTIFIED BY 'MagnumDBPassword';
FLUSH PRIVILEGES;
q

Replace MagnumDBPassword with a password suitable for the magnum database user.

Step 2: Create a magnum service user

Obtain administrator credentials to access administrator-only CLI commands:

$ source ~/.keystonerc

Then create a large user service user account.

$ openstack user create --domain default --project service --password MagnumPass magnum
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 0766331616c7429a9b459d0d642cc4db |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 60e671d56e4148bca1d5be2e2a1197c4 |
| name                | magnum                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

Add the admin role to the magnum user:

$ openstack role add --project service --user magnum admin

Create a Magnum Service Entity:

$ openstack service create --name magnum --description "OpenStack Container Infrastructure Management Service" container-infra
+-------------+-------------------------------------------------------+
| Field       | Value                                                 |
+-------------+-------------------------------------------------------+
| description | OpenStack Container Infrastructure Management Service |
| enabled     | True                                                  |
| id          | c4f62b6df2694b489d8cdf8caf4f00e1                      |
| name        | magnum                                                |
| type        | container-infra                                       |
+-------------+-------------------------------------------------------+

Step 3: Establish the service API endpoint

Create a container infrastructure management service API endpoint.

Replace controller The value of the IP address that the magnum is listening on. This can also be a hostname accessible by the Compute instance.

$ export controller=192.168.1.10
$ openstack endpoint create --region RegionOne container-infra public http://$controller:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 49fa8d06927747fca27e33e4bbb71180 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c4f62b6df2694b489d8cdf8caf4f00e1 |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://192.168.1.10:9511/v1      |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne container-infra internal http://$controller:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1eeba15e78fd4d71b4319ac3479d4078 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c4f62b6df2694b489d8cdf8caf4f00e1 |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://192.168.1.10:9511/v1      |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne container-infra admin http://$controller:9511/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 12719874757b4c6e9483c0f62a9154d5 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c4f62b6df2694b489d8cdf8caf4f00e1 |
| service_name | magnum                           |
| service_type | container-infra                  |
| url          | http://192.168.1.10:9511/v1      |
+--------------+----------------------------------+

Step 4: Create a Magnum Domain

Create a magnum domain containing projects and users for the container service.

$ openstack domain create --description "Owns users and projects created by magnum" magnum
+-------------+-------------------------------------------+
| Field       | Value                                     |
+-------------+-------------------------------------------+
| description | Owns users and projects created by magnum |
| enabled     | True                                      |
| id          | 602fe4ebda15445d87f42237a7af9240          |
| name        | magnum                                    |
| tags        | []                                        |
+-------------+-------------------------------------------+

Create magnum_domain_admin user to manage projects and users in magnum domain

$ openstack user create --domain magnum --password aShuumoNg8ieche magnum_domain_admin
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | 602fe4ebda15445d87f42237a7af9240 |
| enabled             | True                             |
| id                  | 7339631f125a40d5b77b0f959990203e |
| name                | magnum_domain_admin              |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

Add the admin role to the magnum_domain_admin user in the magnum domain to enable administrative permissions:

$ openstack role add --domain magnum --user-domain magnum --user magnum_domain_admin admin

Step 5: Install and configure Magnum components

Now we can install the packages required by Magnum.

---- CentOS ----
$ sudo yum -y install openstack-magnum-api openstack-magnum-conductor python-magnumclient

---- Ubuntu ----
$ sudo apt -y install magnum-api magnum-conductor python-magnumclient

Edit /etc/magnum/magnum.conf file and [api] section:

[api]
...
host = CONTROLLER_IP

inside [certificates] Section, select barbican (or x509keypair if barbican is not installed):


[certificates]
...
cert_manager_type = x509keypair

inside [cinder_client] Section, configuration area name:

[cinder_client]
...
region_name = RegionOne

inside [database] Partially, configure database access:

[database]
...
connection = mysql+pymysql://magnum:[email protected]/magnum

Replace MAGNUM_DBPASS with the password you chose for the magnum database.

inside [keystone_authtoken] with [trust] Section, Configuring Identity Service Access:

[keystone_authtoken]
...
memcached_servers = controller:11211
auth_version = v3
www_authenticate_uri = http://controller:5000/v3
project_domain_id = default
project_name = service
user_domain_id = default
password = MAGNUM_PASS
username = magnum
auth_url = http://controller:5000
auth_type = password
admin_user = magnum
admin_password = MAGNUM_PASS
admin_tenant_name = service


[trust]
...
trustee_domain_name = magnum
trustee_domain_admin_name = magnum_domain_admin
trustee_domain_admin_password = DOMAIN_ADMIN_PASS
trustee_keystone_interface = KEYSTONE_INTERFACE
  • Replace MAGNUM_PASS Use the password you chose for your big users in the identity service
  • DOMAIN_ADMIN_PASS Use the password you chose for the magnum_domain_admin user.
  • KEYSTONE_INTERFACE With public or internal, depends on your network configuration.

inside [oslo_messaging_notifications] Partially, configure the driver:

[oslo_messaging_notifications]
...
driver = messaging

inside [DEFAULT] Partly, configure RabbitMQ message queue access:

[DEFAULT]
...
transport_url = rabbit://openstack:[email protected]
  • Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.

Edit /etc/magnum/magnum.conf file and set lock_path below [oslo_concurrency] section:

[oslo_concurrency]
...
lock_path = /var/lib/magnum/tmp

Populate the Magnum database:

$ sudo su -s /bin/sh -c "magnum-db-manage upgrade" magnum
su -s /bin/sh -c "magnum-db-manage upgrade" magnum
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> 2581ebaf0cb2, initial migration
INFO  [alembic.runtime.migration] Running upgrade 2581ebaf0cb2 -> 3bea56f25597, Multi Tenant Support
INFO  [alembic.runtime.migration] Running upgrade 3bea56f25597 -> 5793cd26898d, Add bay status
INFO  [alembic.runtime.migration] Running upgrade 5793cd26898d -> 3a938526b35d, Add docker volume size column
INFO  [alembic.runtime.migration] Running upgrade 3a938526b35d -> 35cff7c86221, add private network to baymodel
INFO  [alembic.runtime.migration] Running upgrade 35cff7c86221 -> 1afee1db6cd0, Add master flavor
INFO  [alembic.runtime.migration] Running upgrade 1afee1db6cd0 -> 2d1354bbf76e, ssh authorized key
INFO  [alembic.runtime.migration] Running upgrade 2d1354bbf76e -> 29affeaa2bc2, rename-bay-master-address
INFO  [alembic.runtime.migration] Running upgrade 29affeaa2bc2 -> 2ace4006498, rename-bay-minions-address
INFO  [alembic.runtime.migration] Running upgrade 2ace4006498 -> 456126c6c9e9, create baylock table
INFO  [alembic.runtime.migration] Running upgrade 456126c6c9e9 -> 4ea34a59a64c, add-discovery-url-to-bay
INFO  [alembic.runtime.migration] Running upgrade 4ea34a59a64c -> e772b2598d9, add-container-command
INFO  [alembic.runtime.migration] Running upgrade e772b2598d9 -> 2d8657c0cdc, add bay uuid
INFO  [alembic.runtime.migration] Running upgrade 2d8657c0cdc -> 4956f03cabad, add cluster distro
INFO  [alembic.runtime.migration] Running upgrade 4956f03cabad -> 592131657ca1, Add coe column to BayModel
INFO  [alembic.runtime.migration] Running upgrade 592131657ca1 -> 3b6c4c42adb4, Add unique constraints
INFO  [alembic.runtime.migration] Running upgrade 3b6c4c42adb4 -> 2b5f24dd95de, rename service port
INFO  [alembic.runtime.migration] Running upgrade 2b5f24dd95de -> 59e7664a8ba1, add_container_status
INFO  [alembic.runtime.migration] Running upgrade 59e7664a8ba1 -> 156ceb17fb0a, add_bay_status_reason
INFO  [alembic.runtime.migration] Running upgrade 156ceb17fb0a -> 1c1ff5e56048, rename_container_image_id
INFO  [alembic.runtime.migration] Running upgrade 1c1ff5e56048 -> 53882537ac57, add host column to pod
INFO  [alembic.runtime.migration] Running upgrade 53882537ac57 -> 14328d6a57e3, add master count to bay
INFO  [alembic.runtime.migration] Running upgrade 14328d6a57e3 -> 421102d1f2d2, create x509keypair table
INFO  [alembic.runtime.migration] Running upgrade 421102d1f2d2 -> 6f21dc998bb, Add master_addresses to bay
INFO  [alembic.runtime.migration] Running upgrade 6f21dc998bb -> 966a99e70ff, add-proxy
INFO  [alembic.runtime.migration] Running upgrade 966a99e70ff -> 6f21dc920bb, Add cert_uuuid to bay
INFO  [alembic.runtime.migration] Running upgrade 6f21dc920bb -> 5518af8dbc21, Rename cert_uuid
INFO  [alembic.runtime.migration] Running upgrade 5518af8dbc21 -> 4e263f236334, Add registry_enabled
INFO  [alembic.runtime.migration] Running upgrade 4e263f236334 -> 3be65537a94a, add_network_driver_baymodel_column
INFO  [alembic.runtime.migration] Running upgrade 3be65537a94a -> 1481f5b560dd, add labels column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade 1481f5b560dd -> 1d045384b966, add-insecure-baymodel-attr
INFO  [alembic.runtime.migration] Running upgrade 1d045384b966 -> 27ad304554e2, adding magnum_service functionality
INFO  [alembic.runtime.migration] Running upgrade 27ad304554e2 -> 5ad410481b88, rename-insecure
INFO  [alembic.runtime.migration] Running upgrade 5ad410481b88 -> 2ae93c9c6191, add public column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade 2ae93c9c6191 -> 33ef79969018, Add memory to container
INFO  [alembic.runtime.migration] Running upgrade 33ef79969018 -> 417917e778f5, Add server_type column to baymodel
INFO  [alembic.runtime.migration] Running upgrade 417917e778f5 -> 5977879072a7, add-env-to-container
INFO  [alembic.runtime.migration] Running upgrade 5977879072a7 -> 40f325033343, add bay_create_timeout to bay
INFO  [alembic.runtime.migration] Running upgrade 40f325033343 -> adc3b7679ae, add registry_trust_id to bay
INFO  [alembic.runtime.migration] Running upgrade adc3b7679ae -> 57fbdf2327a2, remove baylock
INFO  [alembic.runtime.migration] Running upgrade 57fbdf2327a2 -> 05d3e97de9ee, add volume driver
INFO  [alembic.runtime.migration] Running upgrade 05d3e97de9ee -> bb42b7cad130, remove node object
INFO  [alembic.runtime.migration] Running upgrade bb42b7cad130 -> 5d4caa6e0a42, create trustee for each bay
INFO  [alembic.runtime.migration] Running upgrade 5d4caa6e0a42 -> ee92b41b8809, Introduce Quotas
INFO  [alembic.runtime.migration] Running upgrade ee92b41b8809 -> 049f81f6f584, remove_ssh_authorized_key_from_baymodel
INFO  [alembic.runtime.migration] Running upgrade 049f81f6f584 -> e647f5931da8, add insecure_registry to baymodel
INFO  [alembic.runtime.migration] Running upgrade e647f5931da8 -> ef08a5e057bd, remove pod object
INFO  [alembic.runtime.migration] Running upgrade ef08a5e057bd -> d072f58ab240, modify x509keypair table
INFO  [alembic.runtime.migration] Running upgrade d072f58ab240 -> a1136d335540, Add docker storage driver column
INFO  [alembic.runtime.migration] Running upgrade a1136d335540 -> 085e601a39f6, remove service object
INFO  [alembic.runtime.migration] Running upgrade 085e601a39f6 -> 68ce16dfd341, add master_lb_enabled column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade 68ce16dfd341 -> e0653b2d5271, Add fixed_subnet column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade e0653b2d5271 -> 1f196a3dabae, remove container object
INFO  [alembic.runtime.migration] Running upgrade 1f196a3dabae -> 859fb45df249, remove replication controller
INFO  [alembic.runtime.migration] Running upgrade 859fb45df249 -> b1f612248cab, Add floating_ip_enabled column to baymodel table
INFO  [alembic.runtime.migration] Running upgrade b1f612248cab -> fcb4efee8f8b, add version info to bay
INFO  [alembic.runtime.migration] Running upgrade fcb4efee8f8b -> fb03fdef8919, rename_baymodel_to_clustertemplate
INFO  [alembic.runtime.migration] Running upgrade fb03fdef8919 -> 720f640f43d1, rename bay table to cluster
INFO  [alembic.runtime.migration] Running upgrade 720f640f43d1 -> bc46ba6cf949, add keypair to cluster
INFO  [alembic.runtime.migration] Running upgrade bc46ba6cf949 -> aa0cc27839af, add docker_volume_size to cluster
INFO  [alembic.runtime.migration] Running upgrade aa0cc27839af -> a0e7c8450ab1, add labels to cluster
INFO  [alembic.runtime.migration] Running upgrade a0e7c8450ab1 -> 52bcaf58fecb, add master_flavor_id to cluster
INFO  [alembic.runtime.migration] Running upgrade 52bcaf58fecb -> 04c625aa95ba, change storage driver to string
INFO  [alembic.runtime.migration] Running upgrade 04c625aa95ba -> 041d9a0f1159, add flavor_id to cluster
INFO  [alembic.runtime.migration] Running upgrade 041d9a0f1159 -> 9a1539f1cd2c, "add federation table
INFO  [alembic.runtime.migration] Running upgrade 9a1539f1cd2c -> cbbc65a86986, Add health_status and health_status_reason to cluster
INFO  [alembic.runtime.migration] Running upgrade cbbc65a86986 -> 87e62e3c7abc, add hidden to cluster template

Start the container infrastructure management service and configure it to start at system startup:

--- Ubuntu ---
sudo systemctl restart magnum-api
sudo systemctl restart magnum-conductor

--- CentOS ---
sudo systemctl enable --now openstack-magnum-api.service openstack-magnum-conductor.service

Check service status

$ systemctl status openstack-magnum-api.service openstack-magnum-conductor.service
● openstack-magnum-api.service - OpenStack Magnum API Service
   Loaded: loaded (/usr/lib/systemd/system/openstack-magnum-api.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-01-12 10:06:18 EAT; 13s ago
 Main PID: 21961 (magnum-api)
   CGroup: /system.slice/openstack-magnum-api.service
           └─21961 /usr/bin/python2 /usr/bin/magnum-api

Jan 12 10:06:18 dserver.computingforgeeks.com systemd[1]: Started OpenStack Magnum API Service.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: Using RPC transport for notifications. Please use get_notification_transport t...tance.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:18.964 21961 INFO magnum.api.app [-] Full WSGI config used: /...te.ini
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: /usr/lib/python2.7/site-packages/paste/deploy/loadwsgi.py:22: PkgResourcesDepr...ately.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-api[21961]: return pkg_resources.EntryPoint.parse("x=" + s).load(False)
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:19.107 21961 WARNING keystonemiddleware.auth_token [-] AuthTo... True.
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:19.118 21961 INFO magnum.cmd.api [-] Starting server in PID 21961
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-api[21961]: 2020-01-12 10:06:19.127 21961 INFO magnum.cmd.api [-] Server will handle each ...cesses

● openstack-magnum-conductor.service - Openstack Magnum Conductor Service
   Loaded: loaded (/usr/lib/systemd/system/openstack-magnum-conductor.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2020-01-12 10:06:18 EAT; 13s ago
 Main PID: 21962 (magnum-conducto)
   CGroup: /system.slice/openstack-magnum-conductor.service
           ├─21962 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22001 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22002 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22003 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22004 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22005 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22006 /usr/bin/python2 /usr/bin/magnum-conductor
           ├─22007 /usr/bin/python2 /usr/bin/magnum-conductor
           └─22008 /usr/bin/python2 /usr/bin/magnum-conductor

Jan 12 10:06:18 dserver.computingforgeeks.com systemd[1]: Started Openstack Magnum Conductor Service.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-conductor[21962]: Using RPC transport for notifications. Please use get_notification_trans...tance.
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-conductor[21962]: 2020-01-12 10:06:18.947 21962 INFO magnum.cmd.conductor [-] Starting ser... 21962
Jan 12 10:06:18 dserver.computingforgeeks.com magnum-conductor[21962]: 2020-01-12 10:06:18.989 21962 INFO oslo_service.service [-] Starting 8 workers
Jan 12 10:06:19 dserver.computingforgeeks.com magnum-conductor[21962]: 2020-01-12 10:06:19.027 21962 WARNING oslo_log.versionutils [req-b8390f4...seded.
Hint: Some lines were ellipsized, use -l to show in full.

To list the health of internal services (that is, commanders), use:

$ openstack coe service list
+----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+
| id | host | binary           | state | disabled | disabled_reason | created_at                | updated_at                |
+----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+
|  1 | None | magnum-conductor | up    | False    | None            | 2020-01-12T07:06:19+00:00 | 2020-01-12T07:37:58+00:00 |
+----+------+------------------+-------+----------+-----------------+---------------------------+---------------------------+

Our next guide will show how to create Docker and Kubernetes clusters in OpenStack Magnum.

Sidebar