OpenStack: Implementing the Heat Orchestration Service
Jump to navigation
Jump to search
- Install:
[root@server2-a ~]# yum -y install openstack-heat-* python-heatclient openstack-utils python-openstackclient- Grab the MySQL root password:
[root@server2-a ~]# grep MYSQL_PW /root/answers.txt
CONFIG_MYSQL_PW=8c15a44079cd4189
[root@server2-a ~]# export MYSQL_PW=8c15a44079cd4189- Configure Heat database, start by logging in as the root user:
[root@server2-a ~]# mysql -u root -p$MYSQL_PW
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1699
Server version: 5.5.37-MariaDB-wsrep MariaDB Server, wsrep_25.10.r3980
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database heat;
Query OK, 1 row affected (0.00 sec)- Create heat user with a password or redhat:
MariaDB [(none)]> grant all privileges on heat.* to 'heat'@'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on heat.* to 'heat'@'%' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit;
Bye- Backup files that will be changed:
[root@server2-a ~]# cp /etc/heat/heat.conf /etc/heat/heat.conf.orig
[root@server2-a ~]# cp /etc/nova/nova.conf /etc/nova/nova.conf.orig- Generate an encryption key and update the Heat conf file:
[root@server2-a ~]# export ENCKEY=$(openssl rand -hex 16)
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT auth_encryption_key ${ENCKEY}
[root@server2-a ~]# crudini --set /etc/heat/heat.conf database connection mysql://heat:redhat@172.25.2.10/heat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT sql_connection mysql://heat:redhat@172.25.2.10/heat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT rpc_backend heat.openstack.common.rpc.impl_kombu- Update Heat conf file with Keystone information:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken admin_tenant_name services
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken admin_user heat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken admin_password redhat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_port 35357
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_host 172.25.2.10
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_protocol http
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_uri http://172.25.2.10:5000/v2.0
[root@server2-a ~]# crudini --set /etc/heat/heat.conf ec2authtoken auth_uri http://172.25.2.10:35357/v2.0- As the heat user, initialise the database:
[root@server2-a ~]# runuser -s /bin/sh heat -c "heat-manage db_sync"
No handlers could be found for logger "heat.common.config"
/usr/lib64/python2.7/site-packages/sqlalchemy/engine/default.py:324: Warning: Specified key was too long; max key length is 767 bytes
cursor.execute(statement, parameters)- Update Heat conf file with the RabbitMQ information:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT rabbit_host server2-a.example.com- Configure Heat services to bind on the Server2-a public IP:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf heat_api bind_host 172.25.2.10
[root@server2-a ~]# crudini --set /etc/heat/heat.conf heat_api_cfn bind_host 172.25.2.10
[root@server2-a ~]# crudini --set /etc/heat/heat.conf heat_api_cloudwatch bind_host 172.25.2.10- Configure the Heat services host names to which Heat instances should connect:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url 172.25.2.10:8000
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url 172.25.2.10:8000/v1/waitcondition
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT heat_watch_server_url 172.25.2.10:8003- Source
/root/keystonere_adminfile:
[root@server2-a ~]# source /root/keystonerc_admin
[root@server2-a ~(keystone_admin)]#- Create the heat user in Keystone:
[root@server2-a ~(keystone_admin)]# keystone user-create --name heat --pass redhat
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 65600c99bd184b2fa740075972d7c758 |
| name | heat |
| username | heat |
+----------+----------------------------------+- Link the heat user and the admin role within the services tennant:
[root@server2-a ~(keystone_admin)]# keystone user-role-add --user heat --role admin --tenant services- Create the heat' service in Keystone:
[root@server2-a ~(keystone_admin)]# keystone service-create --name heat --type orchestration --description "Heat Orchestration Srvice"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Heat Orchestration Srvice |
| enabled | True |
| id | 23108969e77f4abc90598e51e7a168aa |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+- Use the heat service ID to create the heat and points in Keystone:
[root@server2-a ~(keystone_admin)]# keystone endpoint-create --region RegionOne --service-id 23108969e77f4abc90598e51e7a168aa --publicurl "http://172.25.2.10:8004/v1/%(tenant_id)s" --adminurl "http://172.25.2.10:8004/v1/%(tenant_id)s" --internalurl "http://172.25.2.10:8004/v1/%(tenant_id)s"
+-------------+------------------------------------------+
| Property | Value |
+-------------+------------------------------------------+
| adminurl | http://172.25.2.10:8004/v1/%(tenant_id)s |
| id | 408818da1f2e4bb1b17ac414547430ee |
| internalurl | http://172.25.2.10:8004/v1/%(tenant_id)s |
| publicurl | http://172.25.2.10:8004/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | 23108969e77f4abc90598e51e7a168aa |
+-------------+------------------------------------------+- Create the heat-cfn service and the adequate endpoint in Keystone:
[root@server2-a ~(keystone_admin)]# keystone service-create --name heat-cfn --type cloudformation --description "Heat Cloudformation Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Heat Cloudformation Service |
| enabled | True |
| id | 3701ee5cf80141008157ca500ce90ce6 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
[root@server2-a ~(keystone_admin)]# keystone endpoint-create --region RegionOne --service-id 3701ee5cf80141008157ca500ce90ce6 --publicurl hrrp://172.25.2.10:8000/v1 --adminurl http://172.25.2.10:8000/v1 --internalurl http://172.25.2.10:8000/v1
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://172.25.2.10:8000/v1 |
| id | 71625c1eaef947cab574f30434da9db4 |
| internalurl | http://172.25.2.10:8000/v1 |
| publicurl | hrrp://172.25.2.10:8000/v1 |
| region | RegionOne |
| service_id | 3701ee5cf80141008157ca500ce90ce6 |
+-------------+----------------------------------+- Heat requires special users to receive the progress data; these users are, by default, given the role of heat_stack_user. Declare this role in Keystone:
[root@server2-a ~(keystone_admin)]# keystone role-create --name heat_stack_user
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 31cdca83adff485ba6b3b68158eda62a |
| name | heat_stack_user |
+----------+----------------------------------+- Create and identity domain. This requires version 3 of the Keystone API
- Find the admin_token in use by Keystone:
[root@server2-a ~(keystone_admin)]# grep admin_token /etc/keystone/keystone.conf
#admin_token=ADMIN
admin_token=4c5ccfe13c474d92a5fe5d64a4168b50- Create Heat domain using the credentials listed previously:
[root@server2-a ~(keystone_admin)]# openstack --os-token=4c5ccfe13c474d92a5fe5d64a4168b50 --os-url=http://172.25.2.10:5000/v3 --os-identity-api-version=3 domain create heat --description "Owns users and tenants created by Heat"
WARNING: keystoneclient.utils create takes at most 1 positional argument (3 given)
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
+-------------+-----------------------------------------------------------------------------------+
| Field | Value |
+-------------+-----------------------------------------------------------------------------------+
| description | Owns users and tenants created by Heat |
| enabled | True |
| id | e5d822f19aeb4580b2ebafddf368226b |
| links | {u'self': u'http://172.25.2.10:5000/v3/domains/e5d822f19aeb4580b2ebafddf368226b'} |
| name | heat |
+-------------+-----------------------------------------------------------------------------------+- Use the domain ID from the previous output to create a new user for this domain:
[root@server2-a ~(keystone_admin)]# openstack --os-token=4c5ccfe13c474d92a5fe5d64a4168b50 --os-url=http://172.25.2.10:5000/v3 --os-identity-api-version=3 user create --password redhat --domain e5d822f19aeb4580b2ebafddf368226b --description "Manages users and projects created by Heat" heatmanager
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
WARNING: keystoneclient.utils create takes at most 1 positional argument (2 given)
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
+-------------+---------------------------------------------------------------------------------+
| Field | Value |
+-------------+---------------------------------------------------------------------------------+
| description | Manages users and projects created by Heat |
| domain_id | e5d822f19aeb4580b2ebafddf368226b |
| enabled | True |
| id | 5ee7355858fa4c33bfe0c43b8dfa2d66 |
| links | {u'self': u'http://172.25.2.10:5000/v3/users/5ee7355858fa4c33bfe0c43b8dfa2d66'} |
| name | heatmanager |
+-------------+---------------------------------------------------------------------------------+- Give heatuser admin rights within the heat domain. User the user ID and domain ID from the previous output:
[root@server2-a ~(keystone_admin)]# openstack --os-token=4c5ccfe13c474d92a5fe5d64a4168b50 --os-url=http://172.25.2.10:5000/v3 --os-identity-api-version=3 role add --user 5ee7355858fa4c33bfe0c43b8dfa2d66 --domain e5d822f19aeb4580b2ebafddf368226b admin
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10- Configure Heat with previous domain information:
[root@server2-a ~(keystone_admin)]# crudini --set /etc/heat/heat.conf DEFAULT stack_user_domain e5d822f19aeb4580b2ebafddf368226b
[root@server2-a ~(keystone_admin)]# crudini --set /etc/heat/heat.conf DEFAULT stack_domain_admin 5ee7355858fa4c33bfe0c43b8dfa2d66
[root@server2-a ~(keystone_admin)]# crudini --set /etc/heat/heat.conf DEFAULT stack_domain_admin_password redhat- Resync the database again:
[root@server2-a ~(keystone_admin)]# runuser -s /bin/sh -c "heat-manage db_sync"
No handlers could be found for logger "heat.common.config"- Start the various Heat services:
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-api
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-api-cfn
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-api-cloudwatch
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-engine- Check from errors:
[root@server2-a ~(keystone_admin)]# grep ERROR /var/log/heat/*- Enable services at boot:
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-api
ln -s '/usr/lib/systemd/system/openstack-heat-api.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-api.service'
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-api-cfn
ln -s '/usr/lib/systemd/system/openstack-heat-api-cfn.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-api-cfn.service'
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-api-cloudwatch
ln -s '/usr/lib/systemd/system/openstack-heat-api-cloudwatch.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-api-cloudwatch.service'
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-engine
ln -s '/usr/lib/systemd/system/openstack-heat-engine.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-engine.service'