메뉴 닫기

openstack에 CoreOS 서버 생성하여 docker 컨테이너 설치

CoreOS는 주로 docker를 사용하기 위한 경량화된 리눅스 OS 이며 사용하는 메모리 자체가 적습니다..

일반적인 레드헷 계열, 데비안 계열의 OS는 운영할려면 적어도 512M의 메모리가 필요하나 CoreOS는 114M의 메모리만 사용한다고 알려져 있습니다.

 

docker 만을 위한 운영이라면 CoreOS에 운영하는게 리소스를 적게 사용하여 효율적인 서버 운영이 될수 있습니다.

 

하단에 오픈 스택 기반에 CoreOS 인스턴스에 docker 컨테이너 설치하겠습니다.

 

테스트 환경

오픈스택 버전 : mitaka
오픈 스택 서버 : Ubuntu 16.04 LTS

 

CoreOS 오픈스택 이미지 다운로드


root@controller:~# wget https://stable.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2
--2017-04-19 14:31:36--  https://stable.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2
Resolving stable.release.core-os.net (stable.release.core-os.net)... 104.16.20.26, 104.16.21.26, 2400:cb00:2048:1::6810:141a, ...
접속 stable.release.core-os.net (stable.release.core-os.net)|104.16.20.26|:443... 접속됨.
HTTP request sent, awaiting response... 200 OK
Length: 274670553 (262M) [application/octet-stream]
Saving to: ‘coreos_production_openstack_image.img.bz2’

coreos_production_openstack_image.img.bz2           
 100%[===================================================================================================================>] 261.95M  42.3MB/s    in 6.6s    

2017-04-19 14:31:43 (40.0 MB/s) - ‘coreos_production_openstack_image.img.bz2’ saved [274670553/274670553]

root@controller:~# bunzip2 coreos_production_openstack_image.img.bz2 

root@controller:~# ls -alh coreos_production_openstack_image.img 
-rw-r--r-- 1 root root 736M  4월  1 10:16 coreos_production_openstack_image.img

오픈 스택 운영에 맞게 이미지 가공


root@controller:~# apt install libguestfs-tools
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다       
상태 정보를 읽는 중입니다... 완료
다음 패키지가 자동으로 설치되었지만 더 이상 필요하지 않습니다:
  linux-headers-4.4.0-31 linux-headers-4.4.0-31-generic linux-image-4.4.0-31-generic linux-image-extra-4.4.0-31-generic
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  attr augeas-lenses cpu-checker extlinux fontconfig fontconfig-config fonts-dejavu-core gdisk genisoimage hfsplus hicolor-icon-theme ipxe-qemu libasound2 libasound2-data libasyncns0 libatk1.0-0
  libatk1.0-data libaugeas0 libauthen-sasl-perl libavahi-client3 libavahi-common-data libavahi-common3 libbluetooth3 libboost-iostreams1.58.0 libboost-random1.58.0 libbrlapi0.6 libcaca0 libcacard0 libcairo2
  libconfig9 libcups2 libdatrie1 libfdt1 libfile-listing-perl libflac8 libfont-afm-perl libfontconfig1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgraphite2-3 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common
  libguestfs-hfsplus libguestfs-perl libguestfs-reiserfs libguestfs-xfs libguestfs0 libharfbuzz0b libhfsp0 libhivex0 libhtml-form-perl libhtml-format-perl libhtml-tree-perl libhttp-cookies-perl
  libhttp-daemon-perl libhttp-negotiate-perl libintl-perl libio-socket-ssl-perl libiscsi2 liblwp-protocol-https-perl libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl libogg0
  libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpixman-1-0 libpulse0 librados2 librbd1 libsdl1.2debian libsndfile1 libspice-server1 libstring-shellquote-perl libsys-virt-perl libthai-data
  libthai0 libusbredirparser1 libvirt0 libvorbis0a libvorbisenc2 libwin-hivex-perl libwww-perl libwww-robotrules-perl libxcb-render0 libxcb-shm0 libxcomposite1 libxcursor1 libxdamage1 libxen-4.6
  libxenstore3.0 libxfixes3 libxi6 libxinerama1 libxml-parser-perl libxml-xpath-perl libxrandr2 libxrender1 libyajl2 lsscsi lzop msr-tools mtools qemu-block-extra qemu-system-common qemu-system-x86
  qemu-utils reiserfsprogs scrub seabios sharutils supermin syslinux syslinux-common
제안하는 패키지:
  augeas-doc wodim cdrkit-doc libasound2-plugins alsa-utils augeas-tools libdigest-hmac-perl libgssapi-perl cups-common librsvg2-common gvfs libguestfs-gfs2 libguestfs-jfs libguestfs-nilfs libguestfs-rescue
  libguestfs-rsync libguestfs-zfs libintl-xs-perl libcrypt-ssleay-perl opus-tools pulseaudio libauthen-ntlm-perl floppyd samba vde2 sgabios ovmf debootstrap
다음 새 패키지를 설치할 것입니다:
  attr augeas-lenses cpu-checker extlinux fontconfig fontconfig-config fonts-dejavu-core gdisk genisoimage hfsplus hicolor-icon-theme ipxe-qemu libasound2 libasound2-data libasyncns0 libatk1.0-0
  libatk1.0-data libaugeas0 libauthen-sasl-perl libavahi-client3 libavahi-common-data libavahi-common3 libbluetooth3 libboost-iostreams1.58.0 libboost-random1.58.0 libbrlapi0.6 libcaca0 libcacard0 libcairo2
  libconfig9 libcups2 libdatrie1 libfdt1 libfile-listing-perl libflac8 libfont-afm-perl libfontconfig1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libgraphite2-3 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common
  libguestfs-hfsplus libguestfs-perl libguestfs-reiserfs libguestfs-tools libguestfs-xfs libguestfs0 libharfbuzz0b libhfsp0 libhivex0 libhtml-form-perl libhtml-format-perl libhtml-tree-perl
  libhttp-cookies-perl libhttp-daemon-perl libhttp-negotiate-perl libintl-perl libio-socket-ssl-perl libiscsi2 liblwp-protocol-https-perl libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl
  libnet-ssleay-perl libogg0 libopus0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpixman-1-0 libpulse0 librados2 librbd1 libsdl1.2debian libsndfile1 libspice-server1 libstring-shellquote-perl
  libsys-virt-perl libthai-data libthai0 libusbredirparser1 libvirt0 libvorbis0a libvorbisenc2 libwin-hivex-perl libwww-perl libwww-robotrules-perl libxcb-render0 libxcb-shm0 libxcomposite1 libxcursor1
  libxdamage1 libxen-4.6 libxenstore3.0 libxfixes3 libxi6 libxinerama1 libxml-parser-perl libxml-xpath-perl libxrandr2 libxrender1 libyajl2 lsscsi lzop msr-tools mtools qemu-block-extra qemu-system-common
  qemu-system-x86 qemu-utils reiserfsprogs scrub seabios sharutils supermin syslinux syslinux-common
0개 업그레이드, 119개 새로 설치, 0개 제거 및 3개 업그레이드 안 함.
28.9 M바이트 아카이브를 받아야 합니다.
이 작업 후 122 M바이트의 디스크 공간을 더 사용하게 됩니다.
계속 하시겠습니까? [Y/n] y

root@controller:~# openssl passwd -1
Password: 
Verifying - Password: 
$1$u0Cg6rai$3VpeFxakwHQ9wZvPAQUgf/
# root, core 2개 계정이 있는데 root는 ssh 허용이 안되어 core 계정 패스워드 설정한다.

root@controller:~# guestfish --rw -a coreos_production_openstack_image.img 

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

><fs> run
><fs> list-filesystems 
/dev/sda1: vfat
/dev/sda2: unknown
/dev/sda3: ext4
/dev/sda4: unknown
/dev/sda6: ext4
/dev/sda7: unknown
/dev/sda9: ext4
><fs> mount /dev/sda6 /
><fs> ls /
cloud-config.yml
grub.cfg
lost+found
><fs> vi /grub.cfg 
><fs> cat /grub.cfg 
# CoreOS GRUB settings for EC2

set oem_id="openstack"
set linux_append="vga=792"
※ 기존 그래픽 사이즈가 작아 콘솔의 그래픽 사이즈 설정

><fs> cat /cloud-config.yml
#cloud-config
users:
- name: core
  passwd: $1$u0Cg6rai$3VpeFxakwHQ9wZvPAQUgf/

coreos:
  units:
    - name: etcd.service
      runtime: true
      drop-ins:
        - name: 10-oem.conf
          content: |
            [Service]
            Environment=ETCD_PEER_ELECTION_TIMEOUT=1200

    - name: etcd2.service
      runtime: true
      drop-ins:
        - name: 10-oem.conf
          content: |
            [Service]
            Environment=ETCD_ELECTION_TIMEOUT=1200

    - name: user-configdrive.service
      mask: yes

    - name: user-configvirtfs.service
      mask: yes

    - name: oem-cloudinit.service
      command: restart
      runtime: yes
      content: |
        [Unit]
        Description=Cloudinit from EC2-style metadata

        [Service]
        Type=oneshot
        ExecStart=/usr/bin/coreos-cloudinit --oem=ec2-compat

  oem:
    id: openstack
    name: Openstack
    version-id: 0.0.7
    home-url: https://www.openstack.org/
    bug-report-url: https://github.com/coreos/bugs/issues
# users 항목에 core 계정 패스워드 설정한다. 패스워드 값은 위의 내용을 참조 하자.

> umount /
> quit

glance 서비스에 이미지 업로드


root@controller:~# openstack image create "CoreOS" --file coreos_production_openstack_image.img --disk-format qcow2 --container-format bare   --public
+------------------+---------------------------------------------------------------------------------+
| Field            | Value                                                                           |
+------------------+---------------------------------------------------------------------------------+
| checksum         | a42cc43a6cd42abb25e0374d4c7c8ac8                                                |
| container_format | bare                                                                            |
| created_at       | 2017-04-19T06:29:14Z                                                            |
| disk_format      | qcow2                                                                           |
| file             | /v2/images/f19bf837-2e88-484f-9c7a-f7cdba124bf3/file                            |
| id               | f19bf837-2e88-484f-9c7a-f7cdba124bf3                                            |
| min_disk         | 0                                                                               |
| min_ram          | 0                                                                               |
| name             | CoreOS                                                                          |
| owner            | 8275c52148284b468a95963a6477d2ee                                                |
| properties       | direct_url='file:///var/lib/glance/images/f19bf837-2e88-484f-9c7a-f7cdba124bf3' |
| protected        | False                                                                           |
| schema           | /v2/schemas/image                                                               |
| size             | 908525568                                                                       |
| status           | active                                                                          |
| tags             |                                                                                 |
| updated_at       | 2017-04-19T06:29:19Z                                                            |
| virtual_size     | None                                                                            |
| visibility       | public                                                                          |
+------------------+---------------------------------------------------------------------------------+

서버 생성 및 확인


root@controller:~# nova boot --image CoreOS --flavor 5 --nic net-id=39ad4a94-4c1d-4d7f-a78f-bf0863086c8b jyh

root@controller:~# nova floating-ip-create provider
+--------------------------------------+----------------+-----------+----------+----------+
| Id                                   | IP             | Server Id | Fixed IP | Pool     |
+--------------------------------------+----------------+-----------+----------+----------+
| 2705be05-34b5-4427-854d-755b64415f94 | xxx.xxx.xxx.xxx | -         | -        | provider |
+--------------------------------------+----------------+-----------+----------+----------+

root@controller:~# nova floating-ip-associate jyh xxx.xxx.xxx.xxx

dicaniu@dicaniu-pc:~$ ssh -l core xxx.xxx.xxx.xxx
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
ECDSA key fingerprint is SHA256:j6vJ8piigFx7o6Ggg2HDA+XH7mFVjq1m2Js/Fg1JiPw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx.xxx.xxx.xxx' (ECDSA) to the list of known hosts.
Password: 
Last login: Wed Apr 19 07:07:03 UTC 2017 on tty1
Container Linux by CoreOS stable (1298.7.0)
core@jyh ~ $ sudo passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
core@jyh ~ $ su -
Password: 
jyh ~ # 
# 서버 core 계정 접속후 root 패스워드 변경한다.

docker 설정후 컨테이너 생성


jyh ~ # cp /lib/systemd/system/docker.service /etc/systemd/system/
jyh ~ # vi /etc/systemd/system/docker.service 
jyh ~ # cat /etc/systemd/system/docker.service 
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=containerd.service docker.socket network.target
Requires=containerd.service docker.socket

[Service]
Type=notify
EnvironmentFile=-/run/flannel/flannel_docker_opts.env

# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/lib/coreos/dockerd --host=fd:// --mtu=1450 --containerd=/var/run/docker/libcontainerd/docker-containerd.sock $DOCKER_OPTS $DOCKER_CGROUPS $DOCKER_OPT_BIP $DOCKER_OPT_MTU $DOCKER_OPT_IPMASQ
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

[Install]
WantedBy=multi-user.target
# 오픈 스택 환경에 맞게 mtu 값을 1450으로 설정한다.

jyh ~ # systemctl daemon-reload
jyh ~ # systemctl restart docker.service

jyh ~ # docker run -t -i ubuntu /bin/bash
Unable to find image 'ubuntu:latest' locally
latest: Pulling from library/ubuntu
c62795f78da9: Pull complete 
d4fceeeb758e: Pull complete 
5c9125a401ae: Pull complete 
0062f774e994: Pull complete 
6b33fd031fac: Pull complete 
Digest: sha256:c2bbf50d276508d73dd865cda7b4ee9b5243f2648647d21e3a471dd3cc4209a0
Status: Downloaded newer image for ubuntu:latest
root@20c96f172da7:/# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
Get:3 http://security.ubuntu.com/ubuntu xenial-security/universe Sources [30.0 kB]
..
..
# ubuntu 이미지로 정상적으로 실행 및 업데이트 진행된다.

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 항목은 *(으)로 표시합니다