Update heat configuration for Mitaka. 1) Remove explicit installation of some packages due to dependency fixes. 2) Remove explicit configuration of verbosity. 3) Use to the OpenStack client if possible. Change-Id: I680c54849056a2763e397e55da343d234a32d567
18 KiB
Install and configure
This section describes how to install and configure the Orchestration service, code-named heat, on the controller node.
obs or rdo or ubuntu
Prerequisites
Before you install and configure Orchestration, you must create a database, service credentials, and API endpoints. Orchestration also requires additional information in the Identity service.
To create the database, complete these steps:
Use the database access client to connect to the database server as the
root
user:$ mysql -u root -p
Create the
heat
database:CREATE DATABASE heat;
Grant proper access to the
heat
database:GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ IDENTIFIED BY 'HEAT_DBPASS';
Replace
HEAT_DBPASS
with a suitable password.Exit the database access client.
Source the
admin
credentials to gain access to admin-only CLI commands:$ source admin-openrc.sh
To create the service credentials, complete these steps:
Create the
heat
user:$ openstack user create --domain default --password-prompt heat User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | ca2e175b851943349be29a328cc5e360 | | name | heat | +-----------+----------------------------------+
Add the
admin
role to theheat
user:$ openstack role add --project service --user heat admin
Note
This command provides no output.
Create the
heat
andheat-cfn
service entities:$ openstack service create --name heat \ --description "Orchestration" orchestration +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | 727841c6f5df4773baa4e8a5ae7d72eb | | name | heat | | type | orchestration | +-------------+----------------------------------+ $ openstack service create --name heat-cfn \ --description "Orchestration" cloudformation +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | c42cede91a4e47c3b10c8aedc8d890c6 | | name | heat-cfn | | type | cloudformation | +-------------+----------------------------------+
Create the Orchestration service API endpoints:
$ openstack endpoint create --region RegionOne \ orchestration public http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 3f4dab34624e4be7b000265f25049609 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ orchestration internal http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 9489f78e958e45cc85570fec7e836d98 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ orchestration admin http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 76091559514b40c6b7b38dde790efe99 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \ cloudformation public http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | b3ea082e019c4024842bf0a80555052c | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ cloudformation internal http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 169df4368cdc435b8b115a9cb084044e | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ cloudformation admin http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 3d3edcd61eb343c1bbd629aa041ff88b | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+
Orchestration requires additional information in the Identity service to manage stacks. To add this information, complete these steps:
Create the
heat
domain that contains projects and users for stacks:$ openstack domain create --description "Stack projects and users" heat +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Stack projects and users | | enabled | True | | id | 0f4d1bd326f2454dacc72157ba328a47 | | name | heat | +-------------+----------------------------------+
Create the
heat_domain_admin
user to manage projects and users in theheat
domain:$ openstack user create --domain heat --password-prompt heat_domain_admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 0f4d1bd326f2454dacc72157ba328a47 | | enabled | True | | id | b7bd1abfbcf64478b47a0f13cd4d970a | | name | heat_domain_admin | +-----------+----------------------------------+
Add the
admin
role to theheat_domain_admin
user in theheat
domain to enable administrative stack management privileges by theheat_domain_admin
user:$ openstack role add --domain heat --user heat_domain_admin admin
Note
This command provides no output.
Create the
heat_stack_owner
role:$ openstack role create heat_stack_owner +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 15e34f0c4fed4e68b3246275883c8630 | | name | heat_stack_owner | +-------+----------------------------------+
Add the
heat_stack_owner
role to thedemo
project and user to enable stack management by thedemo
user:$ openstack role add --project demo --user demo heat_stack_owner
Note
This command provides no output.
Note
You must add the
heat_stack_owner
role to each user that manages stacks.Create the
heat_stack_user
role:$ openstack role create heat_stack_user +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 88849d41a55d4d1d91e4f11bffd8fc5c | | name | heat_stack_user | +-------+----------------------------------+
Note
The Orchestration service automatically assigns the
heat_stack_user
role to users that it creates during stack deployment. By default, this role restrictsAPI <Application Programming Interface (API)>
operations. To avoid conflicts, do not add this role to users with theheat_stack_owner
role.
Install and configure components
obs or rdo or ubuntu
obs
Install the packages:
# zypper install openstack-heat-api openstack-heat-api-cfn \ openstack-heat-engine
rdo
Install the packages:
# yum install openstack-heat-api openstack-heat-api-cfn \ openstack-heat-engine
ubuntu
Install the packages:
# apt-get install heat-api heat-api-cfn heat-engine
obs or rdo or ubuntu
Edit the
/etc/heat/heat.conf
file and complete the following actions:In the
[database]
section, configure database access:[database] ... connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat
Replace
HEAT_DBPASS
with the password you chose for the Orchestration database.In the
[DEFAULT]
and[oslo_messaging_rabbit]
sections, configureRabbitMQ
message queue access:[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
Replace
RABBIT_PASS
with the password you chose for theopenstack
account inRabbitMQ
.In the
[keystone_authtoken]
,[trustee]
,[clients_keystone]
, and[ec2authtoken]
sections, configure Identity service access:[keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = heat password = HEAT_PASS [trustee] ... auth_plugin = password auth_url = http://controller:35357 username = heat password = HEAT_PASS user_domain_id = default [clients_keystone] ... auth_uri = http://controller:35357 [ec2authtoken] ... auth_uri = http://controller:5000
Replace
HEAT_PASS
with the password you chose for theheat
user in the Identity service.In the
[DEFAULT]
section, configure the metadata and wait condition URLs:[DEFAULT] ... heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
In the
[DEFAULT]
section, configure the stack domain and administrative credentials:[DEFAULT] ... stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat
Replace
HEAT_DOMAIN_PASS
with the password you chose for theheat_domain_admin
user in the Identity service.
Populate the Orchestration database:
# su -s /bin/sh -c "heat-manage db_sync" heat
debian
Run the following commands to install the packages:
# apt-get install heat-api heat-api-cfn heat-engine python-heat-client
Respond to prompts for
database management <debconf/debconf-dbconfig-common>
,Identity service credentials <debconf/debconf-keystone-authtoken>
,service endpoint registration <debconf/debconf-api-endpoints>
, andmessage broker credentials <debconf/debconf-rabbitmq>
.Edit the
/etc/heat/heat.conf
file and complete the following actions:In the
[ec2authtoken]
section, configure Identity service access:[ec2authtoken] ... auth_uri = http://controller:5000/v2.0
Finalize installation
obs or rdo
Start the Orchestration services and configure them to start when the system boots:
# systemctl enable openstack-heat-api.service \ openstack-heat-api-cfn.service openstack-heat-engine.service # systemctl start openstack-heat-api.service \ openstack-heat-api-cfn.service openstack-heat-engine.service
ubuntu or debian
Restart the Orchestration services:
# service heat-api restart # service heat-api-cfn restart # service heat-engine restart
ubuntu
By default, the Ubuntu packages create an SQLite database.
Because this configuration uses an SQL database server, you can remove the SQLite database file:
# rm -f /var/lib/heat/heat.sqlite