6b11ba1de9
Update heat configuration for Liberty. Includes moving stack creation to the launch instance section. Also addresses some consistency issues, mostly from the RST conversion. Changes and testing specific to distribution packages primarily involve Ubuntu. Other distributions may require additional patches. Change-Id: Ib1ba4987eabe15a2100a58d1448507c203fc25f3 Implements: blueprint installguide-liberty
17 KiB
Install and configure
This section describes how to install and configure the Orchestration module, code-named heat, on the controller node.
obs or rdo or ubuntu
Prerequisites
Before you install and configure Orchestration, you must create a database, service credentials, and API endpoints.
To create the database, complete these steps:
Use the database access client to connect to the database server as the
rootuser:$ mysql -u root -pCreate the
heatdatabase:CREATE DATABASE heat;Grant proper access to the
heatdatabase:GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ IDENTIFIED BY 'HEAT_DBPASS';Replace
HEAT_DBPASSwith a suitable password.Exit the database access client.
Source the
admincredentials to gain access to admin-only CLI commands:$ source admin-openrc.shTo create the service credentials, complete these steps:
Create the
heatuser:$ openstack user create --domain default --password-prompt heat User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | ca2e175b851943349be29a328cc5e360 | | name | heat | +-----------+----------------------------------+Add the
adminrole to theheatuser:$ openstack role add --project service --user heat adminNote
This command provides no output.
Create the
heat_stack_ownerrole:$ openstack role create heat_stack_owner +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 15e34f0c4fed4e68b3246275883c8630 | | name | heat_stack_owner | +-------+----------------------------------+Add the
heat_stack_ownerrole to thedemoproject and user:$ openstack role add --project demo --user demo heat_stack_ownerNote
This command provides no output.
Note
You must add the
heat_stack_ownerrole to users that manage stacks.Create the
heat_stack_userrole:$ openstack role create heat_stack_user +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 88849d41a55d4d1d91e4f11bffd8fc5c | | name | heat_stack_user | +-------+----------------------------------+Note
The Orchestration service automatically assigns the
heat_stack_userrole to users that it creates during stack deployment. By default, this role restrictsAPIoperations. To avoid conflicts, do not add this role to users with theheat_stack_ownerrole.Create the
heatandheat-cfnservice entities:$ openstack service create --name heat \ --description "Orchestration" orchestration +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | 727841c6f5df4773baa4e8a5ae7d72eb | | name | heat | | type | orchestration | +-------------+----------------------------------+ $ openstack service create --name heat-cfn \ --description "Orchestration" cloudformation +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | c42cede91a4e47c3b10c8aedc8d890c6 | | name | heat-cfn | | type | cloudformation | +-------------+----------------------------------+
Create the Orchestration service API endpoints:
$ openstack endpoint create --region RegionOne \ orchestration public http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 3f4dab34624e4be7b000265f25049609 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ orchestration internal http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 9489f78e958e45cc85570fec7e836d98 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ orchestration admin http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 76091559514b40c6b7b38dde790efe99 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ cloudformation public http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | b3ea082e019c4024842bf0a80555052c | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ cloudformation internal http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 169df4368cdc435b8b115a9cb084044e | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ cloudformation admin http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 3d3edcd61eb343c1bbd629aa041ff88b | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+
Install and configure components
obs or rdo or ubuntu
obs
Install the packages:
# zypper install openstack-heat-api openstack-heat-api-cfn \ openstack-heat-engine python-heatclient
rdo
Install the packages:
# yum install openstack-heat-api openstack-heat-api-cfn \ openstack-heat-engine python-heatclient
ubuntu
Install the packages:
# apt-get install heat-api heat-api-cfn heat-engine \ python-heatclient
obs or rdo or ubuntu
Edit the
/etc/heat/heat.conffile and complete the following actions:In the
[database]section, configure database access:[database] ... connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heatReplace
HEAT_DBPASSwith the password you chose for the Orchestration database.In the
[DEFAULT]and[oslo_messaging_rabbit]sections, configureRabbitMQmessage queue access:[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASSReplace
RABBIT_PASSwith the password you chose for theopenstackaccount inRabbitMQ.In the
[keystone_authtoken]and[ec2authtoken]sections, configure Identity service access:[keystone_authtoken] ... auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = heat password = HEAT_PASS auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = heat admin_password = HEAT_PASS [ec2authtoken] ... auth_uri = http://controller:5000/v2.0Replace
HEAT_PASSwith the password you chose for theheatuser in the Identity service.Note
Comment out any
auth_host,auth_port, andauth_protocoloptions because theidentity_urioption replaces them.Note
The contents of the [keystone_authtoken] section vary slightly from other services.
In the
[DEFAULT]section, configure the metadata and wait condition URLs:[DEFAULT] ... heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitconditionIn the
[DEFAULT]section, configure information about the heat Identity service domain:[DEFAULT] ... stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat_user_domainReplace
HEAT_DOMAIN_PASSwith the password you chose for the admin user of theheatuser domain in the Identity service.(Optional) To assist with troubleshooting, enable verbose logging in the
[DEFAULT]section:[DEFAULT] ... verbose = True
Create a domain for users and projects managed by Orchestration stacks.
Source the
admincredentials to gain access to admin-only CLI commands:$ source admin-openrc.shCreate the heat domain in the Identity service:
$ heat-keystone-setup-domainNote
Do not add the output of this command to the
/etc/heat/heat.conffile because it already contains these configuration options.
Populate the Orchestration database:
# su -s /bin/sh -c "heat-manage db_sync" heat
debian
Run the following commands to install the packages:
# apt-get install heat-api heat-api-cfn heat-engine python-heat-clientRespond to prompts for
database management <debconf/debconf-dbconfig-common>,Identity service credentials <debconf/debconf-keystone-authtoken>,service endpoint registration <debconf/debconf-api-endpoints>, andmessage broker credentials <debconf/debconf-rabbitmq>.Edit the
/etc/heat/heat.conffile and complete the following actions:In the
[ec2authtoken]section, configure Identity service access:[ec2authtoken] ... auth_uri = http://controller:5000/v2.0
Finalize installation
obs or rdo
Start the Orchestration services and configure them to start when the system boots:
# systemctl enable openstack-heat-api.service \ openstack-heat-api-cfn.service openstack-heat-engine.service # systemctl start openstack-heat-api.service \ openstack-heat-api-cfn.service openstack-heat-engine.service
ubuntu or debian
Restart the Orchestration services:
# service heat-api restart # service heat-api-cfn restart # service heat-engine restart
ubuntu
By default, the Ubuntu packages create an SQLite database.
Because this configuration uses an SQL database server, you can remove the SQLite database file:
# rm -f /var/lib/heat/heat.sqlite