1. Home
  2. OpenStack
  3. How can I install OpenStack Magnum from source on BCM 8.1?

How can I install OpenStack Magnum from source on BCM 8.1?

This article is being updated. Please be aware the content herein, not limited to version numbers and slight syntax changes, may not match the output from the most recent versions of Bright. This notation will be removed when the content has been updated.

This KB describes how to install and configure the Container Infrastructure Management service, code-named Magnum, on the OpenStack controller.

The procedures were tested on a BCM 8.1 cluster configured on CentOS 7.5, and running with Bright OpenStack’s cluster extension installed. The cluster has a single head node and a single OpenStack controller node.

NOTE: These are guidelines only. Magnum configuration does not fall under support cover. The scope of support cover is described at:



Magnum is an OpenStack project which offers container orchestration engines for deploying and managing containers as first class resources in OpenStack.


A cluster is the construct in which Magnum launches container orchestration engines. After a cluster has been created, a user can add containers to it. Containers can be added either directly, or, in the case of the Kubernetes container orchestration engine, within pods – a logical construct specific to that implementation. A cluster is created based on a ClusterTemplate.


A ClusterTemplate in Magnum is roughly equivalent to a flavor in Nova. A given template defines options such as the container orchestration engine, keypair, and image for use when Magnum is creating clusters.

Container Orchestration Engine (COE)

A container orchestration engine manages the lifecycle of one or more containers, logically represented in Magnum as a cluster. Magnum supports a number of container orchestration engines, each with their own pros and cons, including Docker Swarm, Kubernetes, and Mesos.

Magnum API service

This service accepts API requests from users. It authenticates, authorizes, and communicates with magnum-conductor.

Magnum conductor

This communicates with the COE (Container Orchestration Engine). It does the actual work of creating cluster templates, clusters, services, and containers.

Install and configure:

Note: Magnum creates clusters of compute instances on the Compute service (Nova). These instances must have basic Internet connectivity and must be able to reach Magnum’s API server. Make sure that the Compute and Network services are configured accordingly.


Before you install and configure the Container Infrastructure Management service, you must create a database, service credentials, and API endpoints.

To create the database, complete these steps:

Use the database access client to connect to the database server on the controller node as the root user:
[root@node006 ~]# mysql -u root -p

Create the magnum database:

Grant proper access to the magnum database:
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@master\
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'%'\
GRANT ALL PRIVILEGES ON magnum.* TO 'magnum'@'localhost'\

Replace MAGNUM_DBPASS with a suitable password.

Exit the database access client.

On the head node Source the admin password:
[root@maa-test4 ~]# . .openstackrc_password

To create the service credentials, complete these steps:

Create the magnum user:
# openstack user create --domain default \
 –password PASSWORD magnum

Add the admin role to the magnum user:
# openstack role add --project service --user magnum admin

Create the magnum service entity:
# openstack service create --name magnum \
--description "OpenStack Container Infrastructure Management Service" \

Create the Container Infrastructure Management service API endpoints:

[root@maa-test4 ~]# openstack endpoint create --region openstack container-infra admin \
[root@maa-test4 ~]# openstack endpoint create --region openstack container-infra internal \
[root@maa-test4 ~]# openstack endpoint create --region openstack container-infra public \

Magnum uses the AWS CloudFormation template format; so we will need to install Heat’s compatible CloudFormation API and configure it:

Install the packages in the software image:
# yum install openstack-heat-api-cfn.noarch

On the head node, create the service:
[root@maa-test4 ~]# openstack service create –name heat-cfn –description “Orchestration” \

On the head node, create the endpoints:

[root@maa-test4 ~]# openstack endpoint create --region openstack cloudformation admin \
[root@maa-test4 ~]# openstack endpoint create --region openstack cloudformation internal \
[root@maa-test4 ~]# openstack endpoint create --region openstack cloudformation public \

Replace the preceding IP address with the IP address of the head node that HAproxy listens on.

Add the following line in “/etc/heat/heat.conf”, under section “[heat_api_cfn]”:
    workers = 4

Append the below lines to “/etc/haproxy/haproxy.cfg” on the head node:
listen orchestrationAPI-heat-cfn
       server auto-node006:: check

Magnum requires additional information in the Identity service to manage clusters. To add this information, complete these steps:

  • Create the magnum domain that contains projects and users:
    # openstack domain create –description “Owns users and projects \
     created by magnum” magnum
  • Create the magnum_domain_admin user to manage projects and users in the magnum domain:
    # openstack user create –domain magnum –password PASSWORD \
  • Add the admin role to the magnum_domain_admin user in the magnum domain to enable administrative management privileges by the magnum_domain_admin user:
    # openstack role add –domain magnum –user-domain magnum \
       –user magnum_domain_admin admin

Install and configure components:

The following procedures will be done inside the software image used by OpenStack:

# chroot /cm/images/<image-name>

Install the OS-specific prerequisites:
# yum install python-devel openssl-devel mysql-devel \
  libxml2-devel libxslt-devel postgresql-devel git \
  libffi-devel gettext gcc

Create the magnum user and the necessary directories:

Create user with corresponding group:
# groupadd --system magnum
# useradd --home-dir "/var/lib/magnum"\
  --create-home \
  --system \
  --shell /bin/false \
  -g magnum \

Create these oher Magnum directories:
# mkdir -p /var/log/magnum
# mkdir -p /etc/magnum

Set the ownership of the  directories:
# chown magnum:magnum /var/log/magnum
# chown magnum:magnum /var/lib/magnum
# chown magnum:magnum /etc/magnum

Install virtualenv and python prerequisites:

Install virtualenv and create one for magnum’s installation:
# easy_install -U virtualenv
# su -s /bin/sh -c "virtualenv /var/lib/magnum/env" magnum

Install python prerequisites:
# su -s /bin/sh -c "/var/lib/magnum/env/bin/pip install tox pymysql \
 python-memcached" magnum

Clone the stable/Pike branch, and install magnum:
# cd /var/lib/magnum
# git clone --single-branch -b stable/pike https://git.openstack.org/openstack/magnum.git
# chown -R magnum:magnum magnum
# cd magnum
# su -s /bin/sh -c "/var/lib/magnum/env/bin/pip install -r requirements.txt" magnum
# su -s /bin/sh -c "/var/lib/magnum/env/bin/python setup.py install" magnum

Copy policy.json and api-paste.ini:
# su -s /bin/sh -c "cp etc/magnum/policy.json /etc/magnum" magnum
# su -s /bin/sh -c "cp etc/magnum/api-paste.ini /etc/magnum" magnum

Generate a sample configuration file:
# su -s /bin/sh -c "/var/lib/magnum/env/bin/tox -e genconfig" magnum
# su -s /bin/sh -c "cp etc/magnum/magnum.conf.sample \
 /etc/magnum/magnum.conf" magnum

Edit the “/etc/magnum/magnum.conf” file so that it looks like the following, while adjusting the appropriate values to match your own environment:

If you can’t remember the RabbitMQ password that you set for the openstack account, then you can grep for it in /etc/nova/nova.conf on the controller node. For example:
[root@node006 ~]# grep ^transport_url /etc/nova/nova.conf
transport_url = rabbit://openstack:8y4LCe4sBL1y2ipiGpbtRsjGgmeq7i@node006:5672/

The text RABBITMQPASSWORD in the following magnum.conf file is thus replaced by 8y4LCe4sBL1y2ipiGpbtRsjGgmeq7i:

host = node006
log_file = magnum.log
log_dir = /var/log/magnum
transport_url = rabbit://openstack:RABBITMQPASSWORD@node006:5672/
host =
cert_manager_type = local
storage_path = /var/lib/magnum/certificates/
region_name = openstack
connection = mysql+pymysql://magnum:PASSWORD@node006:3307/magnum
#disable certificate authority validation
verify_ca = false
memcached_servers = node006:11211
auth_version = v3
auth_uri = http://oshaproxy:5000/v3
project_domain_name = default
project_name = service
user_domain_name = default
password = PASSWORD
username = magnum
auth_url = http://oshaproxy:35357
#do not change auth_type = password
auth_type = password 
admin_user = magnum
admin_password = PASSWORD
admin_tenant_name = service
lock_path = /var/lib/magnum/tmp
driver = messaging
trustee_domain_name = magnum
trustee_domain_admin_name = magnum_domain_admin
trustee_domain_admin_password = PASSWORD

Populate the Magnum database:
# su -s /bin/sh -c "/var/lib/magnum/env/bin/magnum-db-manage upgrade" magnum

Set up Magnum  log rotation:
#cd /var/lib/magnum/magnum
# cp doc/examples/etc/logrotate.d/magnum.logrotate /etc/logrotate.d/magnum

Finalize installation

Create init scripts and services:

#cd /var/lib/magnum/magnum
# cp doc/examples/etc/systemd/system/magnum-api.service \
# cp doc/examples/etc/systemd/system/magnum-conductor.service \

Using  cmsh, 3 new services can be added to the controller node. The services are openstack-heat-api-cfn, magnum-api and magnum-conductor, and they can be set to autostart and to be monitored. For example, for the openstack-heat-api.cfn, and if the controller node is node006:

[root@maa-test4 ~]# cmsh
[maa-test4]% device use node006
[maa-test4->device[node006]]% services
[maa-test4->device[node006]->services]% add openstack-heat-api-cfn
[maa-test4->device[node006]->services]% set autostart yes
[maa-test4->device[node006]->services]% set monitored yes
[maa-test4->device[node006]->services]% commit

Repeat the same steps to add magnum-api and magnum-conductor.

Exit the Chrooted environment and reboot your OpenStack environment/nodes

Append  the following to /etc/haproxy/haproxy.cfg on the head node:

listen magnum
       server auto-node006:: check

Restart HAproxy on the head node:

# systemctl restart haproxy.service

If you will be using named on the head node for recursive queries from the clusters that  you will be building via Magnum; then you can tell named to accept recursive queries from any source IP:

Modify “/cm/local/apps/cmd/etc/cmd.conf

Set PublicDNS from false to true
PublicDNS = true

Restart cmd on the head node
[root@maa-test4 ~]# systemctl restart cmd

Verify that openstack-heat-api-cfn, magnum-api and magnum-conductor services are running on the controller node:

# systemctl status magnum-api
# systemctl status magnum-conductor
# systemctl status openstack-heat-api-cfn

Install the command-line client

The package “python2-magnumclient.noarch” provides the magnum command-line client that can be used to interact with magnum. It is installed on the head node and on the OpenStack software image as part of Bright’s OpenStack deployment. If for some reason the package is not available then you can install it on the head node and in the OS software image, for example as follows:

[root@maa-test4 ~]# yum install python2-magnumclient.noarch
[root@maa-test4 ~]# yum install python2-magnumclient.noarch --installroot=/cm/images/<SOFTWARE_IMAGE>

Verify operation

Perform these operations on the head node to verify that magnum-conductor is up:

[root@maa-test4 ~]# . .openstackrc_password
[root@maa-test4 ~]# magnum service-list
| id | host | binary           | state | created_at                | updated_at 
| 1  |node006| magnum-conductor| up    | 2018-09-28T10:19:00+00:00 | 2018-09-28T15:55:46+00:00 |

Launch a test cluster

We will create a test Docker Swarm cluster using a Fedora Atomic image.

[root@maa-test4 ~]# wget https://fedorapeople.org/groups/magnum/fedora-atomic-ocata.qcow2

[root@maa-test4 ~]# openstack image create --disk-format=qcow2 --container-format=bare  --file=fedora-atomic-ocata.qcow2 --property os_distro='fedora-atomic' fedora-atomic-ocata

Before creating the cluster, a template must created and the cluster will be based on this template.

[root@maa-test4 ~]# openstack coe cluster template create --name dockertemp2  --image 604f9bfc-2cd7-4895-9617-a68d98bfa77c --docker-volume-size 5 --external-network  c541029e-eb65-4771-a747-a76088162cec --dns-nameserver --master-flavor 9fcdfc68-9a85-4b90-bab7-3fdf285c1d19 --flavor 9fcdfc68-9a85-4b90-bab7-3fdf285c1d19  --coe swarm --tls-disabled

Note: we are using IDs instead of component names above, as there is an issue with Magnum resolving the names to IDs while building the cluster

You should replace the above IDs with the ones corresponding to your environment

Create the cluster:

[root@maa-test4 ~]# openstack coe cluster create --name dockercluster --cluster-template dockertemp2 --node-count 1 --keypair keypair
[root@maa-test4 ~]# openstack coe cluster show dockercluster
| Field               | Value                                                      |+---------------------+------------------------------------------------------------+
| status              | CREATE_COMPLETE                                            |
| cluster_template_id | b143ea59-bee9-4701-b9f1-95a986e0e7af                       |
| node_addresses      | [u'']                                         |
| uuid                | 9440f792-8894-4749-a176-eba10203aea8                       |
| stack_id            | 0e93f875-a0cd-4b61-9a06-dd9024a35e80                       |
| status_reason       | Stack CREATE completed successfully                        |
| created_at          | 2018-10-02T13:29:16+00:00                                  |
| updated_at          | 2018-10-02T13:36:28+00:00                                  |
| coe_version         | 1.2.5                                                      |
| faults              |                                                            |
| keypair             | keypair                                                    |
| api_address         | tcp://                                    |
| master_addresses    | [u'']                                          |
| create_timeout      | 60                                                         |
| node_count          | 1                                                          |
| discovery_url       | https://discovery.etcd.io/638e7384c59885070a35675fcdba6cc3 |
| master_count        | 1                                                          |
| container_version   | 1.12.6                                                     |
| name                | dockercluster                                              |

Create a container in the swarm cluster. This container will ping the address four times:

[root@dockercluster-ravfonb644f7-master-0 ~]# docker run --rm -it cirros:latest ping -c 4

Unable to find image 'cirros:latest' locally
Trying to pull repository docker.io/library/cirros ...

sha256:38e8f9e7bc8a340c54a5139823dc726d67dd7408ed7db9e3be41cb1517847f56: Pulling from docker.io/library/cirros

3d6427f49fe3: Pull complete

7f41e3d981b9: Pull complete

56f8ef4ed3d7: Pull complete

Digest: sha256:38e8f9e7bc8a340c54a5139823dc726d67dd7408ed7db9e3be41cb1517847f56

Status: Downloaded newer image for docker.io/cirros:latest

PING ( 56 data bytes

64 bytes from seq=0 ttl=116 time=10.667 ms

64 bytes from seq=1 ttl=116 time=10.805 ms

64 bytes from seq=2 ttl=116 time=9.778 ms

64 bytes from seq=3 ttl=116 time=11.061 ms

--- ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss

round-trip min/avg/max = 9.778/10.577/11.061 ms


Refer to the upstream troubleshooting guide:


Updated on October 23, 2020

Related Articles

Leave a Comment