Add heat-api-cfn

Add Heat-api-cfn for wait conditions

Magnum needs wait conditions in order to operate properly.  heat-api-cfn
is where wait conditions connect.

Change-Id: I56742dd96e4607dc0042d0cef4e18c922f9ed736
Implements: blueprint container-heat-api-cfn

compose/heat-api-cfn.yml

@@ -0,0 +1,7 @@
+heatapicfn:
+  image: kollaglue/centos-rdo-heat-api-cfn
+  name: heat-api-cfn
+  net: "host"
+  restart: always
+  env_file:
+   - openstack.env

docker/heat/heat-api-cfn/Dockerfile

@@ -0,0 +1,12 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%heat-base
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+RUN yum -y install \
+    openstack-heat-api-cfn \
+    python-openstackclient \
+    && yum clean all
+
+ADD ./start.sh /start.sh
+ADD ./check.sh /check.sh
+
+CMD ["/start.sh"]

docker/heat/heat-api-cfn/build

@@ -0,0 +1 @@
+../../../tools/build-docker-image

docker/heat/heat-api-cfn/check.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+RES=0
+
+. /openrc
+if ! keystone token-get > /dev/null; then
+    echo "ERROR: keystone token-get failed" >&2
+    RES=1
+else
+    if ! heat stack-list > /dev/null; then
+        echo "ERROR: heat stack-list failed" >&2
+        RES=1
+    fi
+fi
+
+exit $RES

docker/heat/heat-api-cfn/start.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -e
+
+. /opt/kolla/kolla-common.sh
+. /opt/kolla/config-heat.sh
+
+check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_ADMIN_SERVICE_HOST \
+                    HEAT_CFN_KEYSTONE_USER HEAT_CFN_KEYSTONE_PASSWORD \
+                    KEYSTONE_AUTH_PROTOCOL KEYSTONE_ADMIN_SERVICE_PORT \
+                    ADMIN_TENANT_NAME HEAT_API_CFN_SERVICE_HOST \
+                    HEAT_API_CFN_SERVICE_PORT
+
+fail_unless_os_service_running keystone
+
+export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
+export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
+
+crux user-create -n ${HEAT_CFN_KEYSTONE_USER} \
+    -p ${HEAT_CFN_KEYSTONE_PASSWORD} \
+    -t ${ADMIN_TENANT_NAME} \
+    -r admin
+
+crux endpoint-create --remove-all -n ${HEAT_CFN_KEYSTONE_USER} -t cloudformation \
+    -I "${KEYSTONE_AUTH_PROTOCOL}://${HEAT_API_CFN_SERVICE_HOST}:${HEAT_API_CFN_SERVICE_PORT}/v1" \
+    -P "${KEYSTONE_AUTH_PROTOCOL}://${HEAT_API_CFN_SERVICE_HOST}:${HEAT_API_CFN_SERVICE_PORT}/v1" \
+    -A "${KEYSTONE_AUTH_PROTOCOL}://${HEAT_API_CFN_SERVICE_HOST}:${HEAT_API_CFN_SERVICE_PORT}/v1"
+
+exec /usr/bin/heat-api-cfn

docker/heat/heat-api/start.sh

@@ -23,11 +23,6 @@ crux endpoint-create --remove-all -n ${HEAT_KEYSTONE_USER} -t orchestration \
     -P "${KEYSTONE_AUTH_PROTOCOL}://${PUBLIC_IP}:8004/v1/%(tenant_id)s" \
     -A "${KEYSTONE_AUTH_PROTOCOL}://${HEAT_API_SERVICE_HOST}:8004/v1/%(tenant_id)s"
 
-#crux endpoint-create --remove-all -n ${HEAT_KEYSTONE_USER} -t cloudformation \
-#    -I "http://${HEAT_CFN_API_SERVICE_HOST}:8000/v1" \
-#    -P "http://${PUBLIC_IP}:8000/v1" \
-#    -A "http://${HEAT_CFN_API_SERVICE_HOST}:8000/v1"
-
 # will use crux after https://github.com/larsks/crux/issues/1 is implemented
 openstack role list --os-token="${KEYSTONE_ADMIN_TOKEN}" --os-url $SERVICE_ENDPOINT -f csv | tail -n +2 | awk -F, '{print $2}' | grep heat_stack_user || keystone role-create --name heat_stack_user
 

docker/heat/heat-base/config-heat.sh

@@ -8,6 +8,7 @@ set -e
 : ${HEAT_DB_NAME:=heat}
 : ${HEAT_DB_USER:=heat}
 : ${HEAT_KEYSTONE_USER:=heat}
+: ${HEAT_CFN_KEYSTONE_USER:=heat_cfn}
 : ${KEYSTONE_AUTH_PROTOCOL:=http}
 : ${PUBLIC_IP:=$HEAT_API_PORT_8004_TCP_ADDR}
 : ${RABBIT_USER:=guest}
@@ -33,11 +34,11 @@ crudini --set /etc/heat/heat.conf DEFAULT use_stderr \
 crudini --set /etc/heat/heat.conf DEFAULT rpc_backend \
     heat.openstack.common.rpc.impl_kombu
 crudini --set /etc/heat/heat.conf DEFAULT rabbit_host \
-    ${RABBITMQ_SERVICE_HOST}
+    "${RABBITMQ_SERVICE_HOST}"
 crudini --set /etc/heat/heat.conf DEFAULT rabbit_userid \
-    ${RABBIT_USER}
+    "${RABBIT_USER}"
 crudini --set /etc/heat/heat.conf DEFAULT rabbit_password \
-    ${RABBIT_PASSWORD}
+    "${RABBIT_PASSWORD}"
 
 crudini --set /etc/heat/heat.conf database connection \
     mysql://${HEAT_DB_USER}:${HEAT_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${HEAT_DB_NAME}
@@ -47,9 +48,9 @@ crudini --set /etc/heat/heat.conf keystone_authtoken auth_protocol \
 crudini --set /etc/heat/heat.conf keystone_authtoken auth_host \
     "${KEYSTONE_PUBLIC_SERVICE_HOST}"
 crudini --set /etc/heat/heat.conf keystone_authtoken auth_port \
-    5000
+    "${KEYSTONE_PUBLIC_SERVICE_PORT}"
 crudini --set /etc/heat/heat.conf keystone_authtoken auth_uri \
-    "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0"
+    "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v2.0"
 crudini --set /etc/heat/heat.conf  keystone_authtoken admin_tenant_name \
     "${ADMIN_TENANT_NAME}"
 crudini --set /etc/heat/heat.conf keystone_authtoken admin_user \
@@ -58,11 +59,9 @@ crudini --set /etc/heat/heat.conf keystone_authtoken admin_password \
     "${HEAT_KEYSTONE_PASSWORD}"
 
 crudini --set /etc/heat/heat.conf ec2authtoken auth_uri \
-    "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0"
+    "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v2.0"
 
-# cfn
 crudini --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url \
-    http://${HEAT_CFN_API_SERVICE_HOST}:8000
+    http://${HEAT_API_CFN_URL_HOST}:${HEAT_API_CFN_SERVICE_PORT}
 crudini --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url \
-    http://${HEAT_CFN_API_SERVICE_HOST}:8000/v1/waitcondition
+    http://${HEAT_API_CFN_URL_HOST}:${HEAT_API_CFN_SERVICE_PORT}/v1/waitcondition
-

docs/integration-guide.md

@@ -101,7 +101,8 @@ all containers.  This allows a simple method of ensuring every type of node
     HEAT_DB_PASSWORD=<kolla> - The heat db password
     HEAT_KEYSTONE_PASSWORD=<heat> - The keystone password for the heat user
     HEAT_API_SERVICE_HOST=<IP> - The IP Address where the Heat API service is hosted
-    HEAT_API_CFN_SERVICE_HOST=<IP> - The IP Address where Heat will contact the heat-engine in search for meta data
+    HEAT_API_CFN_SERVICE_HOST=<IP> - The IP Address where Heat users will contact the heat-engine in search for meta data
+    HEAT_API_CFN_URL_HOST=<IP> - The IP Address where Heat virtual machines will contact the heat-engine to signal wait conditions
     PUBLIC_INTERFACE=<eth1> - The nova public interface
     PUBLIC_IP=<Host IP Address> - The IP Address of this host
     RABBITMQ_PASS=<rabbit> - The rabbitmq password used to join AMQP

tools/genenv

@@ -108,7 +108,8 @@ HEAT_DB_NAME=heat
 HEAT_DB_PASSWORD=kolla
 HEAT_KEYSTONE_PASSWORD=heat
 HEAT_API_SERVICE_HOST=$HOST_IP
-HEAT_CFN_API_SERVICE_HOST=$HOST_IP
+HEAT_API_CFN_SERVICE_HOST=$HOST_IP
+HEAT_API_CFN_URL_HOST=$HOST_IP
 
 cat > ./openrc <<EOF
 export OS_AUTH_URL="http://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0"
@@ -187,7 +188,7 @@ RABBITMQ_SERVICE_HOST=$RABBITMQ_SERVICE_HOST
 RABBITMQ_USER=$RABBIT_USER
 RABBIT_PASSWORD=$RABBIT_PASSWORD
 RABBIT_USERID=$RABBIT_USER
-HEAT_CFN_API_SERVICE_HOST=$HEAT_CFN_API_SERVICE_HOST
+HEAT_API_CFN_SERVICE_HOST=$HEAT_API_CFN_SERVICE_HOST
 EOF
 echo Please customize your FLAT_INTERFACE to a different network then your
 echo main network. The FLAT_INTERFACE is used for inter-VM communication.

tools/init-runonce

@@ -54,6 +54,8 @@ else
     # Sec Group Config
     neutron security-group-rule-create default --direction ingress --ethertype IPv4 --protocol icmp --remote-ip-prefix 0.0.0.0/0
     neutron security-group-rule-create default --direction ingress --ethertype IPv4 --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix 0.0.0.0/0
+    # Open heat-cfn so it can run on a different host
+    neutron security-group-rule-create default --direction ingress --ethertype IPv4 --protocol tcp --port-range-min 8000 --port-range-max 8000 --remote-ip-prefix 0.0.0.0/0
 fi
 
 if [ -r ~/.ssh/id_rsa.pub ]; then