openstack/openstack-manuals
Code Issues Proposed changes
ae6ef70788
openstack-manuals/doc/install-guide/section_heat-install.xml
Jeff Shantz 5d3bcf4502 Run db_sync commands as the proper users 
keystone-manage db_sync creates a log file
/var/log/keystone/keystone.log (and other db_sync commands create similar
logs in their respective directories).  If run as root, the log file is
owned by root.  In some cases (keystone), this prevents services from
starting.  In other cases (e.g. glance-api), it prevents the service
from writing to its log file.  Thus, all db_sync commands were changed
to run them as the correct users for the services being configured.
Note: this does not appear to be a problem with Ubuntu, but I made the
change for all distros for consistency, since it will not harm anything
to run db_sync as the correct user on Ubuntu, even if it is not
necessary.  Feel free to -1 this if you think there should be an
OS-specific step instead.

Change-Id: Idd8ea62cf883edcc7b308d25292d8b18d2631330
Closes-Bug: #1308316
2014-04-16 03:34:44 -04:00

165 lines
9.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<section xml:id="heat-install" xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<title>Install the Orchestration service</title>
<procedure os="debian">
<step>
<para>Install the Orchestration module on the controller
node:</para>
<screen os="debian"><prompt>#</prompt> <userinput>apt-get install heat-api heat-api-cfn heat-engine</userinput></screen>
</step>
<step>
<para>Respond to prompts for <link
linkend="debconf-dbconfig-common">database
management</link>, <link linkend="debconf-keystone_authtoken"
><systemitem>[keystone_authtoken]</systemitem>
settings</link>, <link linkend="debconf-rabbitqm">RabbitMQ
credentials</link> and <link linkend="debconf-api-endpoints"
>API endpoint</link> registration.</para>
</step>
</procedure>
<procedure>
<step>
<para>Install the Orchestration module on the controller
node:</para>
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install heat-api heat-api-cfn heat-engine</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-heat-api openstack-heat-engine \
openstack-heat-api-cfn</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-heat-api openstack-heat-api-cfn \
openstack-heat-engine</userinput></screen>
</step>
<step>
<para>In the configuration file, specify the location of the
database where the Orchestration service stores data. These
examples use a MySQL database with a
<literal>heat</literal> user on the controller node. Replace
<replaceable>HEAT_DBPASS</replaceable> with the password for
the database user:</para>
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/heat/heat.conf \
database connection mysql://heat:<replaceable>HEAT_DBPASS</replaceable>@<replaceable>controller</replaceable>/heat</userinput></screen>
<para os="ubuntu;debian">Edit
<filename>/etc/heat/heat.conf</filename> and modify the
<literal>[database]</literal> section:</para>
<programlisting os="ubuntu;debian" language="ini">[database]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://heat:<replaceable>HEAT_DBPASS</replaceable>@<replaceable>controller</replaceable>/heat</programlisting>
</step>
<step os="ubuntu">
<para>By default, the Ubuntu packages create an SQLite database.
Delete the <filename>heat.sqlite</filename> file that was created in
the <filename>/var/lib/heat/</filename> directory so that it
does not get used by mistake:</para>
<screen><prompt>#</prompt> <userinput>rm /var/lib/heat/heat.sqlite</userinput></screen>
</step>
<step>
<para>Use the password that you set previously to log in as <literal>root</literal> and
create a <literal>heat</literal> database user:</para>
<screen><prompt>$</prompt> <userinput>mysql -u root -p</userinput>
<prompt>mysql></prompt> <userinput>CREATE DATABASE heat;</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY '<replaceable>HEAT_DBPASS</replaceable>';</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY '<replaceable>HEAT_DBPASS</replaceable>';</userinput></screen>
</step>
<step os="fedora;centos;rhel;ubuntu">
<para>Create the heat service tables:</para>
<screen><prompt>#</prompt> <userinput>su -s /bin/sh -c "heat-manage db_sync" heat</userinput></screen>
<note>
<para>Ignore <errortext>DeprecationWarning</errortext>
errors.</para>
</note>
</step>
<step os="ubuntu">
<para>The Ubuntu packages do not correctly set up logging. Edit
the <filename>/etc/heat/heat.conf</filename> file and change
the <literal>[DEFAULT]</literal> section:</para>
<programlisting os="ubuntu" language="ini">[DEFAULT]
...
# Print more verbose output (set logging level to INFO instead
# of default WARNING level). (boolean value)
verbose = True
...
# (Optional) The base directory used for relative --log-file
# paths (string value)
log_dir=/var/log/heat</programlisting>
</step>
<step os="opensuse;sles;ubuntu">
<para>Configure the Orchestration Service to use the RabbitMQ
message broker.</para>
<para os="ubuntu">Edit <filename>/etc/heat/heat.conf</filename>
and modify the <literal>[DEFAULT]</literal> section:</para>
<programlisting os="ubuntu" language="ini">rabbit_host = <replaceable>controller</replaceable>
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<para os="opensuse;sles">Run the following commands:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/heat/heat.conf DEFAULT rabbit_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/heat/heat.conf DEFAULT rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
</step>
<step>
<para>Create a <literal>heat</literal> user that the
Orchestration service can use to authenticate with the
Identity Service. Use the <literal>service</literal> tenant
and give the user the <literal>admin</literal> role:</para>
<screen><prompt>$</prompt> <userinput>keystone user-create --name=heat --pass=<replaceable>HEAT_PASS</replaceable> \
--email=<replaceable>heat@example.com</replaceable></userinput>
<prompt>$</prompt> <userinput>keystone user-role-add --user=heat --tenant=service --role=admin</userinput></screen>
</step>
<step>
<para>Edit the <filename>/etc/heat/heat.conf</filename> file to
change the <literal>[keystone_authtoken]</literal> and
<literal>[ec2authtoken]</literal> sections to add
credentials to the Orchestration Service:</para>
<programlisting language="ini">[keystone_authtoken]
auth_host = <replaceable>controller</replaceable>
auth_port = 35357
auth_protocol = http
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
admin_tenant_name = service
admin_user = heat
admin_password = <replaceable>HEAT_PASS</replaceable>
[ec2authtoken]
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlisting>
</step>
<step>
<para>Register the Heat and CloudFormation APIs with the
Identity Service so that other OpenStack services can locate
these APIs. Register the services and specify the
endpoints:</para>
<screen><prompt>$</prompt> <userinput>keystone service-create --name=heat --type=orchestration \
--description="Orchestration"</userinput>
<prompt>$</prompt> <userinput>keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ orchestration / {print $2}') \
--publicurl=http://<replaceable>controller</replaceable>:8004/v1/%\(tenant_id\)s \
--internalurl=http://<replaceable>controller</replaceable>:8004/v1/%\(tenant_id\)s \
--adminurl=http://<replaceable>controller</replaceable>:8004/v1/%\(tenant_id\)s</userinput>
<prompt>$</prompt> <userinput>keystone service-create --name=heat-cfn --type=cloudformation \
--description="Orchestration CloudFormation"</userinput>
<prompt>$</prompt> <userinput>keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ cloudformation / {print $2}') \
--publicurl=http://<replaceable>controller</replaceable>:8000/v1 \
--internalurl=http://<replaceable>controller</replaceable>:8000/v1 \
--adminurl=http://<replaceable>controller</replaceable>:8000/v1</userinput></screen>
</step>
<step os="ubuntu">
<para>Restart the service with its new settings:</para>
<screen><prompt>#</prompt> <userinput>service heat-api restart</userinput>
<prompt>#</prompt> <userinput>service heat-api-cfn restart</userinput>
<prompt>#</prompt> <userinput>service heat-engine restart</userinput></screen>
</step>
<step os="rhel;fedora;centos;opensuse;sles">
<para>Start the <systemitem class="service"
>heat-api</systemitem>, <systemitem class="service"
>heat-api-cfn</systemitem> and <systemitem class="service"
>heat-engine</systemitem> services and configure them to
start when the system boots:</para>
<screen os="rhel;fedora;centos;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-heat-api start</userinput>
<prompt>#</prompt> <userinput>service openstack-heat-api-cfn start</userinput>
<prompt>#</prompt> <userinput>service openstack-heat-engine start</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-heat-api on</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-heat-api-cfn on</userinput>
<prompt>#</prompt> <userinput>chkconfig openstack-heat-engine on</userinput></screen>
</step>
</procedure>
</section>
View Git Blame Copy Permalink