d492617103
Change-Id: I77c9ed37c53124a870bb289f00a184ae7d376cb5 Closes-bug: #1458440
362 lines
17 KiB
XML
362 lines
17 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="heat-install-controller-node">
|
|
<title>Install and configure Orchestration</title>
|
|
<para>This section describes how to install and configure the
|
|
Orchestration module, code-named heat, on the controller node.</para>
|
|
<procedure os="ubuntu;rhel;centos;fedora;sles;opensuse">
|
|
<title>To configure prerequisites</title>
|
|
<para>Before you install and configure Orchestration, you must create a
|
|
database, service credentials, and API endpoints.</para>
|
|
<step>
|
|
<para>To create the database, complete these steps:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>Use the database access client to connect to the database
|
|
server as the <literal>root</literal> user:</para>
|
|
<screen><prompt>$</prompt> <userinput>mysql -u root -p</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>heat</literal> database:</para>
|
|
<screen><userinput>CREATE DATABASE heat;</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Grant proper access to the <literal>heat</literal>
|
|
database:</para>
|
|
<screen><userinput>GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
|
|
IDENTIFIED BY '<replaceable>HEAT_DBPASS</replaceable>';</userinput>
|
|
<userinput>GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
|
|
IDENTIFIED BY '<replaceable>HEAT_DBPASS</replaceable>';</userinput></screen>
|
|
<para>Replace <replaceable>HEAT_DBPASS</replaceable> with a suitable
|
|
password.</para>
|
|
</step>
|
|
<step>
|
|
<para>Exit the database access client.</para>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step>
|
|
<para>Source the <literal>admin</literal> credentials to gain access to
|
|
admin-only CLI commands:</para>
|
|
<screen><prompt>$</prompt> <userinput>source admin-openrc.sh</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>To create the service credentials, complete these steps:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>Create the <literal>heat</literal> user:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack user create --password-prompt heat</userinput>
|
|
<computeroutput>User Password:
|
|
Repeat User Password:
|
|
+----------+----------------------------------+
|
|
| Field | Value |
|
|
+----------+----------------------------------+
|
|
| email | None |
|
|
| enabled | True |
|
|
| id | 7fd67878dcd04d0393469ef825a7e005 |
|
|
| name | heat |
|
|
| username | heat |
|
|
+----------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Add the <literal>admin</literal> role to the
|
|
<literal>heat</literal> user:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack role add --project service --user heat admin</userinput>
|
|
<computeroutput>+-------+----------------------------------+
|
|
| Field | Value |
|
|
+-------+----------------------------------+
|
|
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
|
|
| name | admin |
|
|
+-------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>heat_stack_owner</literal> role:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack role create heat_stack_owner</userinput>
|
|
<computeroutput>+-------+----------------------------------+
|
|
| Field | Value |
|
|
+-------+----------------------------------+
|
|
| id | c0a1cbee7261446abc873392f616de87 |
|
|
| name | heat_stack_owner |
|
|
+-------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Add the <literal>heat_stack_owner</literal> role to the
|
|
<literal>demo</literal> tenant and user:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack role add --project demo --user demo heat_stack_owner</userinput>
|
|
<computeroutput>+-------+----------------------------------+
|
|
| Field | Value |
|
|
+-------+----------------------------------+
|
|
| id | c0a1cbee7261446abc873392f616de87 |
|
|
| name | heat_stack_owner |
|
|
+-------+----------------------------------+</computeroutput></screen>
|
|
<note>
|
|
<para>You must add the <literal>heat_stack_owner</literal>
|
|
role to users that manage stacks.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>heat_stack_user</literal> role:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack role create heat_stack_user</userinput>
|
|
<computeroutput>+-------+----------------------------------+
|
|
| Field | Value |
|
|
+-------+----------------------------------+
|
|
| id | e01546b1a81c4e32a6d14a9259e60154 |
|
|
| name | heat_stack_user |
|
|
+-------+----------------------------------+</computeroutput></screen>
|
|
<note>
|
|
<para>The Orchestration service automatically assigns the
|
|
<literal>heat_stack_user</literal> role to users that it
|
|
creates during stack deployment. By default, this role
|
|
restricts <glossterm>API</glossterm> operations. To avoid
|
|
conflicts, do not add this role to users with the
|
|
<literal>heat_stack_owner</literal> role.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Create the <literal>heat</literal> and
|
|
<literal>heat-cfn</literal> service entities:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack service create --name heat \
|
|
--description "Orchestration" orchestration</userinput>
|
|
<computeroutput>+-------------+----------------------------------+
|
|
| Field | Value |
|
|
+-------------+----------------------------------+
|
|
| description | Orchestration |
|
|
| enabled | True |
|
|
| id | 031112165cad4c2bb23e84603957de29 |
|
|
| name | heat |
|
|
| type | orchestration |
|
|
+-------------+----------------------------------+</computeroutput>
|
|
<prompt>$</prompt> <userinput>openstack service create --name heat-cfn \
|
|
--description "Orchestration" cloudformation</userinput>
|
|
<computeroutput>+-------------+----------------------------------+
|
|
| Field | Value |
|
|
+-------------+----------------------------------+
|
|
| description | Orchestration |
|
|
| enabled | True |
|
|
| id | 297740d74c0a446bbff867acdccb33fa |
|
|
| name | heat-cfn |
|
|
| type | cloudformation |
|
|
+-------------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step>
|
|
<para>Create the Orchestration service API endpoints:</para>
|
|
<screen><prompt>$</prompt> <userinput>openstack endpoint create \
|
|
--publicurl http://<replaceable>controller</replaceable>:8004/v1/%\(tenant_id\)s \
|
|
--internalurl http://<replaceable>controller</replaceable>:8004/v1/%\(tenant_id\)s \
|
|
--adminurl http://<replaceable>controller</replaceable>:8004/v1/%\(tenant_id\)s \
|
|
--region RegionOne \
|
|
orchestration</userinput>
|
|
<computeroutput>+--------------+-----------------------------------------+
|
|
| Field | Value |
|
|
+--------------+-----------------------------------------+
|
|
| adminurl | http://controller:8004/v1/%(tenant_id)s |
|
|
| id | f41225f665694b95a46448e8676b0dc2 |
|
|
| internalurl | http://controller:8004/v1/%(tenant_id)s |
|
|
| publicurl | http://controller:8004/v1/%(tenant_id)s |
|
|
| region | RegionOne |
|
|
| service_id | 031112165cad4c2bb23e84603957de29 |
|
|
| service_name | heat |
|
|
| service_type | orchestration |
|
|
+--------------+-----------------------------------------+</computeroutput>
|
|
<prompt>$</prompt> <userinput>openstack endpoint create \
|
|
--publicurl http://<replaceable>controller</replaceable>:8000/v1 \
|
|
--internalurl http://<replaceable>controller</replaceable>:8000/v1 \
|
|
--adminurl http://<replaceable>controller</replaceable>:8000/v1 \
|
|
--region RegionOne \
|
|
cloudformation</userinput>
|
|
<computeroutput>+--------------+----------------------------------+
|
|
| Field | Value |
|
|
+--------------+----------------------------------+
|
|
| adminurl | http://controller:8000/v1 |
|
|
| id | f41225f665694b95a46448e8676b0dc2 |
|
|
| internalurl | http://controller:8000/v1 |
|
|
| publicurl | http://controller:8000/v1 |
|
|
| region | RegionOne |
|
|
| service_id | 297740d74c0a446bbff867acdccb33fa |
|
|
| service_name | heat-cfn |
|
|
| service_type | cloudformation |
|
|
+--------------+----------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
<procedure os="ubuntu;rhel;centos;fedora;sles;opensuse">
|
|
<title>To install and configure the Orchestration components</title>
|
|
<step>
|
|
<para>Run the following commands to install the packages:</para>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install heat-api heat-api-cfn heat-engine python-heatclient</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \
|
|
python-heatclient</userinput></screen>
|
|
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>zypper install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \
|
|
python-heatclient</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<!-- Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1213476. -->
|
|
<para os="rhel;centos;fedora">Copy the <filename>/usr/share/heat/heat-dist.conf</filename> file
|
|
to <filename>/etc/heat/heat.conf</filename>.</para>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>cp /usr/share/heat/heat-dist.conf /etc/heat/heat.conf</userinput>
|
|
<prompt>#</prompt> <userinput>chown -R heat:heat /etc/heat/heat.conf</userinput></screen>
|
|
<para>Edit the <filename>/etc/heat/heat.conf</filename> file and
|
|
complete the following actions:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>In the <literal>[database]</literal> section, configure
|
|
database access:</para>
|
|
<programlisting language="ini">[database]
|
|
...
|
|
connection = mysql://heat:<replaceable>HEAT_DBPASS</replaceable>@<replaceable>controller</replaceable>/heat</programlisting>
|
|
<para>Replace <replaceable>HEAT_DBPASS</replaceable> with the
|
|
password you chose for the Orchestration database.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[DEFAULT]</literal> and
|
|
<literal>[oslo_messaging_rabbit]</literal> sections, configure
|
|
<application>RabbitMQ</application> message queue access:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
rpc_backend = rabbit
|
|
|
|
[oslo_messaging_rabbit]
|
|
...
|
|
rabbit_host = <replaceable>controller</replaceable>
|
|
rabbit_userid = openstack
|
|
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
|
<para>Replace <replaceable>RABBIT_PASS</replaceable> with the
|
|
password you chose for the <literal>openstack</literal> account in
|
|
<application>RabbitMQ</application>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[keystone_authtoken]</literal> and
|
|
<literal>[ec2authtoken]</literal> sections, configure Identity
|
|
service access:</para>
|
|
<programlisting language="ini">[keystone_authtoken]
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
|
admin_tenant_name = service
|
|
admin_user = heat
|
|
admin_password = <replaceable>HEAT_PASS</replaceable>
|
|
|
|
[ec2authtoken]
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlisting>
|
|
<para>Replace <replaceable>HEAT_PASS</replaceable> with the
|
|
password you chose for the <literal>heat</literal> user
|
|
in the Identity service.</para>
|
|
<note>
|
|
<para>Comment out any <literal>auth_host</literal>,
|
|
<literal>auth_port</literal>, and
|
|
<literal>auth_protocol</literal> options because the
|
|
<literal>identity_uri</literal> option replaces them.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[DEFAULT]</literal> section, configure
|
|
the metadata and wait condition URLs:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
heat_metadata_server_url = http://<replaceable>controller</replaceable>:8000
|
|
heat_waitcondition_server_url = http://<replaceable>controller</replaceable>:8000/v1/waitcondition</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[DEFAULT]</literal> section, configure
|
|
information about the heat Identity service domain:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
stack_domain_admin = heat_domain_admin
|
|
stack_domain_admin_password = <replaceable>HEAT_DOMAIN_PASS</replaceable>
|
|
stack_user_domain_name = heat_user_domain</programlisting>
|
|
<para>Replace <replaceable>HEAT_DOMAIN_PASS</replaceable> with the
|
|
password you chose for the admin user of the
|
|
<literal>heat</literal> user domain in the Identity service.</para>
|
|
</step>
|
|
<step>
|
|
<para>(Optional) To assist with troubleshooting, enable verbose
|
|
logging in the <literal>[DEFAULT]</literal> section:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
verbose = True</programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step>
|
|
<substeps>
|
|
<step>
|
|
<para>Source the <literal>admin</literal> credentials to gain access to
|
|
admin-only CLI commands:</para>
|
|
<screen><prompt>$</prompt> <userinput>source admin-openrc.sh</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the heat domain in Identity service:</para>
|
|
<screen><prompt>$</prompt> <userinput>heat-keystone-setup-domain \
|
|
--stack-user-domain-name heat_user_domain \
|
|
--stack-domain-admin heat_domain_admin \
|
|
--stack-domain-admin-password <replaceable>HEAT_DOMAIN_PASS</replaceable></userinput></screen>
|
|
<para>Replace <replaceable>HEAT_DOMAIN_PASS</replaceable> with a suitable
|
|
password.</para>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step>
|
|
<para>Populate the Orchestration database:</para>
|
|
<screen><prompt>#</prompt> <userinput>su -s /bin/sh -c "heat-manage db_sync" heat</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
<procedure os="debian">
|
|
<title>To install and configure the Orchestration components</title>
|
|
<step>
|
|
<para>Run the following commands to install the packages:</para>
|
|
<screen><prompt>#</prompt> <userinput>apt-get install heat-api heat-api-cfn heat-engine python-heat-client</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Respond to prompts for
|
|
<link linkend="debconf-dbconfig-common">database management</link>,
|
|
<link linkend="debconf-keystone_authtoken">Identity service
|
|
credentials</link>,
|
|
<link linkend="debconf-api-endpoints">service endpoint
|
|
registration</link>, and
|
|
<link linkend="debconf-rabbitmq">message broker
|
|
credentials</link>.</para>
|
|
</step>
|
|
<step>
|
|
<para>Edit the <filename>/etc/heat/heat.conf</filename> file and
|
|
complete the following actions:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>In the <literal>[ec2authtoken]</literal> section, configure
|
|
Identity service access:</para>
|
|
<programlisting language="ini">[ec2authtoken]
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To finalize installation</title>
|
|
<step os="ubuntu;debian">
|
|
<para>Restart the Orchestration services:</para>
|
|
<screen><prompt>#</prompt> <userinput>service heat-api restart</userinput>
|
|
<prompt>#</prompt> <userinput>service heat-api-cfn restart</userinput>
|
|
<prompt>#</prompt> <userinput>service heat-engine restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;fedora;centos;sles;opensuse">
|
|
<para>Start the Orchestration services and configure them to start when
|
|
the system boots:</para>
|
|
<screen><prompt>#</prompt> <userinput>systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service \
|
|
openstack-heat-engine.service</userinput>
|
|
<prompt>#</prompt> <userinput>systemctl start openstack-heat-api.service openstack-heat-api-cfn.service \
|
|
openstack-heat-engine.service</userinput></screen>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>By default, the Ubuntu packages create a SQLite database.</para>
|
|
<para>Because this configuration uses a SQL database server, you
|
|
can remove the SQLite database file:</para>
|
|
<screen><prompt>#</prompt> <userinput>rm -f /var/lib/heat/heat.sqlite</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|