Installing, Configuring, and Verifying Heat
The Heat orchestration service uses the OpenStack-native Rest API and CloudFormation-compatible Query API to install the Heat orchestration template (HOT) or CloudFormation templates to orchestrate service components.
Install, configure, and verify Heat on controller nodes.
Creating the Heat Database
- Use a database access client to connect to the database server as user root.
1mysql -u root -p
- Create a database for Heat.
1CREATE DATABASE heat;
- Grant proper access to the Heat database.
1 2 3 4
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ IDENTIFIED BY '<PASSWORD>'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ IDENTIFIED BY '<PASSWORD>';
- Exit the database.
Configuring Environment
- Source the admin credentials to gain access to admin-only CLI commands.
1source /etc/keystone/admin-openrc
- Create the service credentials.
- Create a heat user.
1openstack user create --domain default --password-prompt heat
- Add the admin role to the heat user.
1openstack role add --project service --user heat admin
- Create heat and heat-cfn service entities.
1 2
openstack service create --name heat --description "Orchestration" orchestration openstack service create --name heat-cfn --description "Orchestration" cloudformation
- Create API endpoints of the Orchestration service.
1 2 3 4 5 6 7 8 9 10 11 12
openstack endpoint create --region RegionOne \ orchestration public http://controller:8004/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne \ orchestration internal http://controller:8004/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne \ orchestration admin http://controller:8004/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne \ cloudformation public http://controller:8000/v1 openstack endpoint create --region RegionOne \ cloudformation internal http://controller:8000/v1 openstack endpoint create --region RegionOne \ cloudformation admin http://controller:8000/v1
- Create a heat user.
- The Orchestration service needs other information in the Identity service to manage stacks. Perform the following steps to add this information:
- Create a domain and name it heat, which contains stack projects and users.
1openstack domain create --description "Stack projects and users" heat
- Create a user and name it heat_domain_admin. Assign it to the heat domain to manage projects and users in the heat domain and set the user password.
1openstack user create --domain heat --password-prompt heat_domain_admin
- Add the heat_domain_admin user to the heat domain, grant the admin role to the user, and grant the heat_domain_admin user the permission to manage the heat domain.
1openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
- In the heat domain, create a common project demo and the demo user.
1 2
openstack project create --domain heat --description "Demo Project" demo openstack user create --domain heat --password-prompt demo
- Create a heat_stack_owner role.
1openstack role create heat_stack_owner
- Add the heat_stack_owner role to the demo project and user to enable the stack management rights for the demo user.
1openstack role add --project demo --user demo heat_stack_owner
- Create a heat_stack_user role.
1openstack role create heat_stack_user
- Create a domain and name it heat, which contains stack projects and users.
Installing and Configuring Heat
- Install the software packages.
1yum -y install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine
- Modify the /etc/rabbitmq/rabbitmq.config file.
1{delegate_count, 96}
- Edit the /etc/heat/heat.conf file and make the following changes:
- In the [DEFAULT] section, configure the message queue access port and basic stack management authentication.
1 2 3 4 5 6 7 8
[DEFAULT] transport_url = rabbit://openstack:<RABBIT_PASSWORD>@controller heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition stack_domain_admin = heat_domain_admin stack_domain_admin_password = <HEAT_DOMAIN_PASSWORD> stack_user_domain_name = heat num_engine_workers = 4
RABBIT_PASSWORD is the password set for the openstack user in the RabbitMQ service, and HEAT_DOMAIN_PASSWORD is the password of the heat domain.
- In the [heat_api] section, set the number of Heat APIs that can be called.
1 2
[heat_api] workers = 4
- Configure the database access address.
1 2
[database] connection = mysql+pymysql://heat:<PASSWORD>@controller/heat
- Configure Keystone authentication information.
1 2 3 4 5 6 7 8 9 10
[keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = heat password = <PASSWORD>
- In the [trustee] section, configure Identity service access.
1 2 3 4 5 6
[trustee] auth_type = password auth_url = http://controller:5000 username = heat password = <PASSWORD> user_domain_name = default
- In the [clients_keystone] section, configure Identity service access.
1 2
[clients_keystone] auth_uri = http://controller:5000
- In the [DEFAULT] section, configure the message queue access port and basic stack management authentication.
- Populate the Orchestration databases.
1su -s /bin/sh -c "heat-manage db_sync" heat
Completing the Installation
- Enable the Orchestration service and configure it to start as the system boots.
1 2 3 4
systemctl enable openstack-heat-api.service \ openstack-heat-api-cfn.service openstack-heat-engine.service systemctl start openstack-heat-api.service \ openstack-heat-api-cfn.service openstack-heat-engine.service
Verifying Heat
- Log in to the OpenStack CLI as the admin user.
1source /etc/keystone/admin-openrc
- List service components to verify that each process is successfully started and registered.
1openstack orchestration service list
Parent topic: Installation and Verification