OpenStack Pike Volet 15
OpenStack Pike Volet 15
OpenStack Pike Volet 15
2017/09/03
Volet 15
2
[root@dlp ~(keystone)]#
yum --enablerepo=centos-openstack-pike,epel -y install openstack-heat-common
[2] Add users and so on for Heat services in Keystone on the Control Node.
# add Heat user
[root@dlp ~(keystone)]#
openstack user create --domain default --project service --password servicepassword heat
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | c9ab6e9feb4d444c8f637fcfe7a67305 |
2
3
| domain_id | default |
| enabled | True |
| id | 9ddb7ce4e5b643319e5482c40ddf12c5 |
| name | heat |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@dlp ~(keystone)]#
openstack role add --project service --user heat admin
# create a role for Heat
[root@dlp ~(keystone)]#
openstack role create heat_stack_owner
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 19a9693c2ed845ac81396fd2c142604f |
| name | heat_stack_owner |
+-----------+----------------------------------+
[root@dlp ~(keystone)]#
openstack role create heat_stack_user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | dea9ebaa41a245d0a5a6bcef0aaa1eac |
| name | heat_stack_user |
+-----------+----------------------------------+
[root@dlp ~(keystone)]#
openstack role add --project admin --user admin heat_stack_owner
# create service entry for Heat
[root@dlp ~(keystone)]#
openstack service create --name heat --description "Openstack Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Orchestration |
| enabled | True |
| id | 191e9222c5b94ddb90c887b3ea396a98 |
3
4
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
[root@dlp ~(keystone)]#
openstack service create --name heat-cfn --description "Openstack Orchestration"
cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Orchestration |
| enabled | True |
| id | 6bc2497d7020448aa07de924b5cb5273 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
[root@dlp ~(keystone)]#
heat_api=10.0.0.50
# create endpoint entry for orchestration (public)
[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne orchestration public
http://$heat_api:8004/v1/%\(tenant_id\)s
+--------------+----------------------------------------+
| Field | Value |
+--------------+----------------------------------------+
| enabled | True |
| id | 63f285d207a2470dab12899999f7f0b0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 191e9222c5b94ddb90c887b3ea396a98 |
| service_name | heat |
| service_type | orchestration |
| url | http://10.0.0.50:8004/v1/%(tenant_id)s |
+--------------+----------------------------------------+
[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne orchestration internal
http://$heat_api:8004/v1/%\(tenant_id\)s
+--------------+----------------------------------------+
| Field | Value |
+--------------+----------------------------------------+
4
5
| enabled | True |
| id | 5206ba971a4842ba971806b0058b1695 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 191e9222c5b94ddb90c887b3ea396a98 |
| service_name | heat |
| service_type | orchestration |
| url | http://10.0.0.50:8004/v1/%(tenant_id)s |
+--------------+----------------------------------------+
[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne orchestration admin
http://$heat_api:8004/v1/%\(tenant_id\)s
+--------------+----------------------------------------+
| Field | Value |
+--------------+----------------------------------------+
| enabled | True |
| id | 976c83d5d7f1494e84768ce124f170d6 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 191e9222c5b94ddb90c887b3ea396a98 |
| service_name | heat |
| service_type | orchestration |
| url | http://10.0.0.50:8004/v1/%(tenant_id)s |
+--------------+----------------------------------------+
[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne cloudformation public http://$heat_api:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 493c29d85bd84399b9baa627b08dcc2f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6bc2497d7020448aa07de924b5cb5273 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://10.0.0.50:8000/v1 |
+--------------+----------------------------------+
5
6
[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne cloudformation internal http://$heat_api:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d59331dcdfc54f53a278691ef126a012 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6bc2497d7020448aa07de924b5cb5273 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://10.0.0.50:8000/v1 |
+--------------+----------------------------------+
[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne cloudformation admin http://$heat_api:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5fce1311d5c54ff3aa5bdbd05900d28d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6bc2497d7020448aa07de924b5cb5273 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://10.0.0.50:8000/v1 |
+--------------+----------------------------------+
[root@dlp ~(keystone)]#
openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 99bf2f4e79bc42e08e0385681e158fd0 |
| name | heat |
+-------------+----------------------------------+
6
7
[root@dlp ~(keystone)]#
openstack user create --domain heat --password servicepassword heat_domain_admin
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 99bf2f4e79bc42e08e0385681e158fd0 |
| enabled | True |
| id | 426c5ff63bf344a6ac3cad83231c36d1 |
| name | heat_domain_admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@dlp ~(keystone)]#
openstack role add --domain heat --user heat_domain_admin admin
[3] Create a database for Heat to MariaDB.
[root@dlp ~(keystone)]#
mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 51
Server version: 10.1.20-MariaDB MariaDB Server
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
create database heat;
7
8
exit
Bye
8
9
[root@network ~]#
yum --enablerepo=centos-openstack-pike,epel -y install openstack-heat-api openstack-heat-api-
cfn openstack-heat-engine python-heatclient
[2] Configure Heat.
[root@network ~]#
mv /etc/heat/heat.conf /etc/heat/heat.conf.org
[root@network ~]#
vi /etc/heat/heat.conf
# create new
9
10
[DEFAULT]
deferred_auth_method = trusts
trusts_delegated_roles = heat_stack_owner
# Heat installed server
heat_metadata_server_url = http://10.0.0.50:8000
heat_waitcondition_server_url = http://10.0.0.50:8000/v1/waitcondition
heat_watch_server_url = http://10.0.0.50:8003
heat_stack_user_role = heat_stack_user
# Heat domain name
stack_user_domain_name = heat
# Heat domain admin name
stack_domain_admin = heat_domain_admin
# Heat domain admin's password
stack_domain_admin_password = servicepassword
# RabbitMQ connection info
transport_url = rabbit://openstack:[email protected]
[heat_api]
bind_host = 0.0.0.0
bind_port = 8004
[heat_api_cfn]
bind_host = 0.0.0.0
bind_port = 8000
[trustee]
auth_plugin = password
auth_url = http://10.0.0.30:35357
username = heat
password = servicepassword
user_domain_name = default
10
11
[root@network ~]#
chgrp heat /etc/heat/heat.conf
[root@network ~]#
chmod 640 /etc/heat/heat.conf
[root@network ~]#
su -s /bin/bash heat -c "heat-manage db_sync"
[root@network ~]#
systemctl start openstack-heat-api openstack-heat-api-cfn openstack-heat-engine
[root@network ~]#
systemctl enable openstack-heat-api openstack-heat-api-cfn openstack-heat-engine
success
[root@network ~]#
firewall-cmd --reload
success
11