Installing, Configuring, and Verifying Heat

The Heat orchestration service uses the OpenStack-native Rest API and CloudFormation-compatible Query API to install the Heat orchestration template (HOT) or CloudFormation templates to orchestrate service components.

Install, configure, and verify Heat on controller nodes.

Creating the Heat Database

Use a database access client to connect to the database server as user root.
1

mysql -u root -p
Create a database for Heat.
1

CREATE DATABASE heat;

Grant proper access to the Heat database.

        
             GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY '<PASSWORD>';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY '<PASSWORD>';

Exit the database.

Configuring Environment

Source the admin credentials to gain access to admin-only CLI commands.
1

source /etc/keystone/admin-openrc

Create the service credentials.

Create the heat user.

          
               openstack user create --domain default --password-prompt heat

Add the admin role to the heat user.

          
               openstack role add --project service --user heat admin

Create the heat and heat-cfn service entities.

          
               openstack service create --name heat --description "Orchestration" orchestration
openstack service create --name heat-cfn --description "Orchestration" cloudformation

Create API endpoints of the Orchestration service.

          
               openstack endpoint create --region RegionOne \
orchestration public http://controller:8004/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
orchestration internal http://controller:8004/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
orchestration admin http://controller:8004/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
cloudformation public http://controller:8000/v1
openstack endpoint create --region RegionOne \
cloudformation internal http://controller:8000/v1
openstack endpoint create --region RegionOne \
cloudformation admin http://controller:8000/v1

The Orchestration service needs other information in the Identity service to manage stacks. Perform the following steps to add this information:

Create a heat domain that contains stack projects and users.

          
               openstack domain create --description "Stack projects and users" heat

Create the heat_domain_admin user to manage projects and users in the heat domain and set the password.

          
               openstack user create --domain heat --password-prompt heat_domain_admin

Add the admin role to the heat_domain_admin user in the heat domain to enable stack management rights for the heat_domain_admin user.

          
               openstack role add --domain heat --user-domain heat --user heat_domain_admin admin

In the heat domain, create a common project demo and the demo user.

          
               openstack project create --domain heat --description "Demo Project" demo
openstack user create --domain heat --password-prompt demo

Create the heat_stack_owner role.

          
               openstack role create heat_stack_owner

Add the heat_stack_owner role to the demo project and user to enable the stack management rights for the demo user.

          
               openstack role add --project demo --user demo heat_stack_owner

Create the heat_stack_user role.

          
               openstack role create heat_stack_user

Installing and Configuring Heat

Install the software packages.

        
             yum -y install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine

Modify the /etc/rabbitmq/rabbitmq.config file.
1

{delegate_count, 96}

Edit the /etc/heat/heat.conf file and make the following changes:

In the [DEFAULT] section, configure the message queue access port and basic stack management authentication.

          
               [DEFAULT]
transport_url = rabbit://openstack:<RABBIT_PASSWORD>@controller
heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = <HEAT_DOMAIN_PASSWORD>
stack_user_domain_name = heat
num_engine_workers = 4

RABBIT_PASSWORD is the password set for the openstack user in the RabbitMQ service, and HEAT_DOMAIN_PASSWORD is the password of the heat domain.

In the [heat_api] section, set the number of Heat APIs that can be called.

          
               [heat_api]
workers = 4

Configure the database access address.

          
               [database]
connection = mysql+pymysql://heat:<PASSWORD>@controller/heat

Configure Keystone authentication information.

          
               [keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = <PASSWORD>

In the [trustee] section, configure Identity service access.

          
               [trustee]
auth_type = password
auth_url = http://controller:5000
username = heat
password = <PASSWORD>
user_domain_name = default

In the [clients_keystone] section, configure Identity service access.

          
               [clients_keystone]
auth_uri = http://controller:5000

Populate the Orchestration databases.

        
             su -s /bin/sh -c "heat-manage db_sync" heat

Completing the Installation

Enable the Orchestration service and configure it to start as the system boots.

        
             systemctl enable openstack-heat-api.service \
openstack-heat-api-cfn.service openstack-heat-engine.service
systemctl start openstack-heat-api.service \
openstack-heat-api-cfn.service openstack-heat-engine.service

Verifying Heat

Log in to the OpenStack CLI as the admin user.
1

source /etc/keystone/admin-openrc
List service components to verify that each process is successfully started and registered.
1

openstack orchestration service list

Parent topic: Installation and Verification