OpenStack: Implementing the Heat Orchestration Service
Jump to navigation
Jump to search
- Install:
[root@server2-a ~]# yum -y install openstack-heat-* python-heatclient openstack-utils python-openstackclient- Grab the MySQL root password:
[root@server2-a ~]# grep MYSQL_PW /root/answers.txt
CONFIG_MYSQL_PW=8c15a44079cd4189
[root@server2-a ~]# export MYSQL_PW=8c15a44079cd4189- Configure Heat database, start by logging in as the root user:
[root@server2-a ~]# mysql -u root -p$MYSQL_PW
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1699
Server version: 5.5.37-MariaDB-wsrep MariaDB Server, wsrep_25.10.r3980
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database heat;
Query OK, 1 row affected (0.00 sec)- Create heat user with a password or redhat:
MariaDB [(none)]> grant all privileges on heat.* to 'heat'@'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on heat.* to 'heat'@'%' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit;
Bye- Backup files that will be changed:
[root@server2-a ~]# cp /etc/heat/heat.conf /etc/heat/heat.conf.orig
[root@server2-a ~]# cp /etc/nova/nova.conf /etc/nova/nova.conf.orig- Generate an encryption key and update the Heat conf file:
[root@server2-a ~]# export ENCKEY=$(openssl rand -hex 16)
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT auth_encryption_key ${ENCKEY}
[root@server2-a ~]# crudini --set /etc/heat/heat.conf database connection mysql://heat:redhat@172.25.2.10/heat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT sql_connection mysql://heat:redhat@172.25.2.10/heat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT rpc_backend heat.openstack.common.rpc.impl_kombu- Update Heat conf file with Keystone information:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken admin_tenant_name services
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken admin_user heat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken admin_password redhat
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_port 35357
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_host 172.25.2.10
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_protocol http
[root@server2-a ~]# crudini --set /etc/heat/heat.conf keystone_authtoken auth_uri http://172.25.2.10:5000/v2.0
[root@server2-a ~]# crudini --set /etc/heat/heat.conf ec2authtoken auth_uri http://172.25.2.10:35357/v2.0- As the heat user, initialise the database:
[root@server2-a ~]# runuser -s /bin/sh heat -c "heat-manage db_sync"
No handlers could be found for logger "heat.common.config"
/usr/lib64/python2.7/site-packages/sqlalchemy/engine/default.py:324: Warning: Specified key was too long; max key length is 767 bytes
cursor.execute(statement, parameters)- Update Heat conf file with the RabbitMQ information:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT rabbit_host server2-a.example.com- Configure Heat services to bind on the Server2-a public IP:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf heat_api bind_host 172.25.2.10
[root@server2-a ~]# crudini --set /etc/heat/heat.conf heat_api_cfn bind_host 172.25.2.10
[root@server2-a ~]# crudini --set /etc/heat/heat.conf heat_api_cloudwatch bind_host 172.25.2.10- Configure the Heat services host names to which Heat instances should connect:
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url 172.25.2.10:8000
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url 172.25.2.10:8000/v1/waitcondition
[root@server2-a ~]# crudini --set /etc/heat/heat.conf DEFAULT heat_watch_server_url 172.25.2.10:8003- Source
/root/keystonere_adminfile:
[root@server2-a ~]# source /root/keystonerc_admin
[root@server2-a ~(keystone_admin)]#- Create the heat user in Keystone:
[root@server2-a ~(keystone_admin)]# keystone user-create --name heat --pass redhat
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 65600c99bd184b2fa740075972d7c758 |
| name | heat |
| username | heat |
+----------+----------------------------------+- Link the heat user and the admin role within the services tennant:
[root@server2-a ~(keystone_admin)]# keystone user-role-add --user heat --role admin --tenant services- Create the heat' service in Keystone:
[root@server2-a ~(keystone_admin)]# keystone service-create --name heat --type orchestration --description "Heat Orchestration Srvice"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Heat Orchestration Srvice |
| enabled | True |
| id | 23108969e77f4abc90598e51e7a168aa |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+- Use the heat service ID to create the heat and points in Keystone:
[root@server2-a ~(keystone_admin)]# keystone endpoint-create --region RegionOne --service-id 23108969e77f4abc90598e51e7a168aa --publicurl "http://172.25.2.10:8004/v1/%(tenant_id)s" --adminurl "http://172.25.2.10:8004/v1/%(tenant_id)s" --internalurl "http://172.25.2.10:8004/v1/%(tenant_id)s"
+-------------+------------------------------------------+
| Property | Value |
+-------------+------------------------------------------+
| adminurl | http://172.25.2.10:8004/v1/%(tenant_id)s |
| id | 408818da1f2e4bb1b17ac414547430ee |
| internalurl | http://172.25.2.10:8004/v1/%(tenant_id)s |
| publicurl | http://172.25.2.10:8004/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | 23108969e77f4abc90598e51e7a168aa |
+-------------+------------------------------------------+- Create the heat-cfn service and the adequate endpoint in Keystone:
[root@server2-a ~(keystone_admin)]# keystone service-create --name heat-cfn --type cloudformation --description "Heat Cloudformation Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Heat Cloudformation Service |
| enabled | True |
| id | 3701ee5cf80141008157ca500ce90ce6 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
[root@server2-a ~(keystone_admin)]# keystone endpoint-create --region RegionOne --service-id 3701ee5cf80141008157ca500ce90ce6 --publicurl hrrp://172.25.2.10:8000/v1 --adminurl http://172.25.2.10:8000/v1 --internalurl http://172.25.2.10:8000/v1
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://172.25.2.10:8000/v1 |
| id | 71625c1eaef947cab574f30434da9db4 |
| internalurl | http://172.25.2.10:8000/v1 |
| publicurl | hrrp://172.25.2.10:8000/v1 |
| region | RegionOne |
| service_id | 3701ee5cf80141008157ca500ce90ce6 |
+-------------+----------------------------------+- Heat requires special users to receive the progress data; these users are, by default, given the role of heat_stack_user. Declare this role in Keystone:
[root@server2-a ~(keystone_admin)]# keystone role-create --name heat_stack_user
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 31cdca83adff485ba6b3b68158eda62a |
| name | heat_stack_user |
+----------+----------------------------------+- Create and identity domain. This requires version 3 of the Keystone API
- Find the admin_token in use by Keystone:
[root@server2-a ~(keystone_admin)]# grep admin_token /etc/keystone/keystone.conf
#admin_token=ADMIN
admin_token=4c5ccfe13c474d92a5fe5d64a4168b50- Create Heat domain using the credentials listed previously:
[root@server2-a ~(keystone_admin)]# openstack --os-token=4c5ccfe13c474d92a5fe5d64a4168b50 --os-url=http://172.25.2.10:5000/v3 --os-identity-api-version=3 domain create heat --description "Owns users and tenants created by Heat"
WARNING: keystoneclient.utils create takes at most 1 positional argument (3 given)
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
+-------------+-----------------------------------------------------------------------------------+
| Field | Value |
+-------------+-----------------------------------------------------------------------------------+
| description | Owns users and tenants created by Heat |
| enabled | True |
| id | e5d822f19aeb4580b2ebafddf368226b |
| links | {u'self': u'http://172.25.2.10:5000/v3/domains/e5d822f19aeb4580b2ebafddf368226b'} |
| name | heat |
+-------------+-----------------------------------------------------------------------------------+- Use the domain ID from the previous output to create a new user for this domain:
[root@server2-a ~(keystone_admin)]# openstack --os-token=4c5ccfe13c474d92a5fe5d64a4168b50 --os-url=http://172.25.2.10:5000/v3 --os-identity-api-version=3 user create --password redhat --domain e5d822f19aeb4580b2ebafddf368226b --description "Manages users and projects created by Heat" heatmanager
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
WARNING: keystoneclient.utils create takes at most 1 positional argument (2 given)
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
+-------------+---------------------------------------------------------------------------------+
| Field | Value |
+-------------+---------------------------------------------------------------------------------+
| description | Manages users and projects created by Heat |
| domain_id | e5d822f19aeb4580b2ebafddf368226b |
| enabled | True |
| id | 5ee7355858fa4c33bfe0c43b8dfa2d66 |
| links | {u'self': u'http://172.25.2.10:5000/v3/users/5ee7355858fa4c33bfe0c43b8dfa2d66'} |
| name | heatmanager |
+-------------+---------------------------------------------------------------------------------+- Give heatuser admin rights within the heat domain. User the user ID and domain ID from the previous output:
[root@server2-a ~(keystone_admin)]# openstack --os-token=4c5ccfe13c474d92a5fe5d64a4168b50 --os-url=http://172.25.2.10:5000/v3 --os-identity-api-version=3 role add --user 5ee7355858fa4c33bfe0c43b8dfa2d66 --domain e5d822f19aeb4580b2ebafddf368226b admin
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10
INFO: urllib3.connectionpool Starting new HTTP connection (1): 172.25.2.10- Configure Heat with previous domain information:
[root@server2-a ~(keystone_admin)]# crudini --set /etc/heat/heat.conf DEFAULT stack_user_domain e5d822f19aeb4580b2ebafddf368226b
[root@server2-a ~(keystone_admin)]# crudini --set /etc/heat/heat.conf DEFAULT stack_domain_admin 5ee7355858fa4c33bfe0c43b8dfa2d66
[root@server2-a ~(keystone_admin)]# crudini --set /etc/heat/heat.conf DEFAULT stack_domain_admin_password redhat- Resync the database again:
[root@server2-a ~(keystone_admin)]# runuser -s /bin/sh -c "heat-manage db_sync"
No handlers could be found for logger "heat.common.config"- Start the various Heat services:
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-api
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-api-cfn
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-api-cloudwatch
[root@server2-a ~(keystone_admin)]# systemctl start openstack-heat-engine- Check from errors:
[root@server2-a ~(keystone_admin)]# grep ERROR /var/log/heat/*- Enable services at boot:
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-api
ln -s '/usr/lib/systemd/system/openstack-heat-api.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-api.service'
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-api-cfn
ln -s '/usr/lib/systemd/system/openstack-heat-api-cfn.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-api-cfn.service'
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-api-cloudwatch
ln -s '/usr/lib/systemd/system/openstack-heat-api-cloudwatch.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-api-cloudwatch.service'
[root@server2-a ~(keystone_admin)]# systemctl enable openstack-heat-engine
ln -s '/usr/lib/systemd/system/openstack-heat-engine.service' '/etc/systemd/system/multi-user.target.wants/openstack-heat-engine.service'- Add the default floating IP pool to the
/etc/nova/nova.conffile and restart the Nova services:
[root@server2-a ~(keystone_admin)]# crudini --set /etc/nova/nova.conf DEFAULT default_floating_pool net2
[root@server2-a ~(keystone_admin)]# openstack-service restart nova
[root@server2-a ~(keystone_admin)]# nova floating-ip-pool-list
+------+
| name |
+------+
| net2 |
+------+- Enable Neutron DNS forwarding to allow Heat to install packages on the instances:
[root@server2-a ~(keystone_admin)]# crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_dns_servers 172.25.254.254- Restart the DHCP agent:
[root@server2-a ~(keystone_admin)]# systemctl restart neutron-dhcp-agent- Configure a new flavour with the name m2.tiny:
[root@server2-a ~(keystone_admin)]# nova flavor-create m2.tiny auto 1024 20 1
+--------------------------------------+---------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+--------------------------------------+---------+-----------+------+-----------+------+-------+-------------+-----------+
| 09214c10-bb5d-4014-8e5d-7f9ca484a8e5 | m2.tiny | 1024 | 20 | 0 | | 1 | 1.0 | True |
+--------------------------------------+---------+-----------+------+-----------+------+-------+-------------+-----------+- Source user1:
[root@server2-a ~(keystone_admin)]# source /root/keystonerc_user1
[root@server2-a ~(keystone_user1)]#- Allowing incoming ICMP and TCP packets for SSH, HTTP, HTTPS onto the security group default:
[root@server2-a ~(keystone_user1)]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@server2-a ~(keystone_user1)]# nova secgroup-add-rule default tcp 80 80 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@server2-a ~(keystone_user1)]# nova secgroup-add-rule default tcp 443 443 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 443 | 443 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@server2-a ~(keystone_user1)]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+- Use the template file web.template. This spawns two instances. Retrieve the subnet ID for the private network (net1) and the network ID for the public network (net2). These IDs will be passed as arguments to the Heat stack:
[root@server2-a ~(keystone_user1)]# neutron net-list
+--------------------------------------+------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+------------------------------------------------------+
| 1b6304d1-0e8b-4838-9157-8f54f5c53452 | net1 | 37484f49-d8a9-4128-9016-d24ce934fcc9 172.25.102.0/24 |
| aa9e1e23-221c-46dc-8cbb-de4a8b564ff1 | net2 | 3f38824b-1bd4-4d9c-89cb-66a5376f9832 |
+--------------------------------------+------+------------------------------------------------------+- Retrieve the template and pass the network info as keys:
[root@server2-a ~(keystone_user1)]# heat stack-create multi --template-url http://classroom.example.com/pub/materials/web.template --parameters="SubnetId=37484f49-d8a9-4128-9016-d24ce934fcc9;PubNetId=aa9e1e23-221c-46dc-8cbb-de4a8b564ff1"
+--------------------------------------+------------+--------------------+----------------------+
| id | stack_name | stack_status | creation_time |
+--------------------------------------+------------+--------------------+----------------------+
| 1780ee8c-4a7e-439b-901a-733ce59d78cc | multi | CREATE_IN_PROGRESS | 2015-04-30T09:23:35Z |
+--------------------------------------+------------+--------------------+----------------------+- Follow the progress by running
heat stack-list:
[root@server2-a ~(keystone_user1)]# heat stack-list
+--------------------------------------+------------+-----------------+----------------------+
| id | stack_name | stack_status | creation_time |
+--------------------------------------+------------+-----------------+----------------------+
| 9f21e191-9edf-482c-854d-6a8e0342a23e | multi | CREATE_COMPLETE | 2015-04-30T09:27:07Z |
+--------------------------------------+------------+-----------------+----------------------+- On server2-b, install the packages needed for displaying the instance terminals remotely:
[kiosk@foundation2 Desktop]$ ssh server2-b -l root
[root@server2-b ~]# yum -y install xorg-x11-xauth virt-viewer virt-manager- SSH into server2-b with X forwarding:
[kiosk@foundation2 Desktop]$ ssh server2-b -l root -X- On server2-b use
virshto view the VMs:
[root@server2-b ~]# virsh list --all
Id Name State
----------------------------------------------------
4 instance-00000004 running
5 instance-00000005 running- Query the status of the instances with
virt-viewer:
[root@server2-b ~]# virt-viewer instance-00000004 &
[root@server2-b ~]# virt-viewer instance-00000005 &- View the stack resource details and the orchestration events:
[root@server2-a ~(keystone_user1)]# heat stack-show multi | less
[root@server2-a ~(keystone_user1)]# heat event-list multi | less- If all is well, a webserver and an SQL server will be running:
[root@server2-a ~(keystone_user1)]# nova list
+--------------------------------------+-------------------------------------------------------+--------+------------+-------------+---------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------------------------------------------------------+--------+------------+-------------+---------------------------------+
| 17ccc1ad-e556-47e1-85c5-d825921f20e2 | mu-late-xdi3cncd6ecr-MySqlDatabaseServer-k4ldndomogwd | ACTIVE | - | Running | net1=172.25.102.31, 172.25.2.32 |
| 1db6889a-5ecf-41b2-9077-7628725bed24 | multi-WebServer-t3rrph2bqgmv | ACTIVE | - | Running | net1=172.25.102.30, 172.25.2.31 |
+--------------------------------------+-------------------------------------------------------+--------+------------+-------------+---------------------------------+- Cleanup
[root@server2-a ~(keystone_user1)]# heat stack-delete multi