openstack/openstack-manuals
Code Issues Proposed changes

[install-guide] Debian RST migration for heat

Browse Source 
Just a conversion to RST format.

Change-Id: Ia6574400f2ec7d696cc337ed19b41155676ce49d
Implements: blueprint installguide-liberty-debian
This commit is contained in:
KATO Tomoyuki 2015-08-19 19:12:12 +09:00
parent 7801a13c96
commit 8f1fc148b4
1 changed files with 301 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

570
doc/install-guide/source/heat-install.rst
View File

@ -5,190 +5,192 @@ Install and configure Orchestration
This section describes how to install and configure the
Orchestration module, code-named heat, on the controller node.
To configure prerequisites
~~~~~~~~~~~~~~~~~~~~~~~~~~
.. only:: obs or rdo or ubuntu
Before you install and configure Orchestration, you must create a
database, service credentials, and API endpoints.
To configure prerequisites
~~~~~~~~~~~~~~~~~~~~~~~~~~
#. To create the database, complete these steps:
Before you install and configure Orchestration, you must create a
database, service credentials, and API endpoints.
* Use the database access client to connect to the database
server as the ``root`` user:
#. To create the database, complete these steps:
.. code-block:: console
* Use the database access client to connect to the database
server as the ``root`` user:
$ mysql -u root -p
.. code-block:: console
* Create the ``heat`` database::
$ mysql -u root -p
CREATE DATABASE heat;
* Create the ``heat`` database::
* Grant proper access to the ``heat`` database::
CREATE DATABASE heat;
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY 'HEAT_DBPASS';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY 'HEAT_DBPASS';
* Grant proper access to the ``heat`` database::
Replace ``HEAT_DBPASS`` with a suitable password.
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY 'HEAT_DBPASS';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY 'HEAT_DBPASS';
* Exit the database access client.
Replace ``HEAT_DBPASS`` with a suitable password.
#. Source the ``admin`` credentials to gain access to
admin-only CLI commands:
* Exit the database access client.
.. code-block:: console
#. Source the ``admin`` credentials to gain access to
admin-only CLI commands:
$ source admin-openrc.sh
.. code-block:: console
#. To create the service credentials, complete these steps:
$ source admin-openrc.sh
* Create the ``heat`` user:
#. To create the service credentials, complete these steps:
.. code-block:: console
* Create the ``heat`` user:
$ openstack user create --password-prompt heat
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | 7fd67878dcd04d0393469ef825a7e005 |
| name | heat |
| username | heat |
+----------+----------------------------------+
.. code-block:: console
* Add the ``admin`` role to the ``heat`` user:
$ openstack user create --password-prompt heat
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | 7fd67878dcd04d0393469ef825a7e005 |
| name | heat |
| username | heat |
+----------+----------------------------------+
.. code-block:: console
* Add the ``admin`` role to the ``heat`` user:
$ openstack role add --project service --user heat admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-------+----------------------------------+
.. code-block:: console
* Create the ``heat_stack_owner`` role:
$ openstack role add --project service --user heat admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-------+----------------------------------+
.. code-block:: console
* Create the ``heat_stack_owner`` role:
$ openstack role create heat_stack_owner
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c0a1cbee7261446abc873392f616de87 |
| name | heat_stack_owner |
+-------+----------------------------------+
.. code-block:: console
* Add the ``heat_stack_owner`` role to the ``demo`` tenant and user:
$ openstack role create heat_stack_owner
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c0a1cbee7261446abc873392f616de87 |
| name | heat_stack_owner |
+-------+----------------------------------+
.. code-block:: console
* Add the ``heat_stack_owner`` role to the ``demo`` tenant and user:
$ openstack role add --project demo --user demo heat_stack_owner
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c0a1cbee7261446abc873392f616de87 |
| name | heat_stack_owner |
+-------+----------------------------------+
.. code-block:: console
.. note::
$ openstack role add --project demo --user demo heat_stack_owner
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c0a1cbee7261446abc873392f616de87 |
| name | heat_stack_owner |
+-------+----------------------------------+
You must add the ``heat_stack_owner`` role to users
that manage stacks.
.. note::
* Create the ``heat_stack_user`` role:
You must add the ``heat_stack_owner`` role to users
that manage stacks.
.. code-block:: console
* Create the ``heat_stack_user`` role:
$ openstack role create heat_stack_user
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | e01546b1a81c4e32a6d14a9259e60154 |
| name | heat_stack_user |
+-------+----------------------------------+
.. code-block:: console
.. note::
$ openstack role create heat_stack_user
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | e01546b1a81c4e32a6d14a9259e60154 |
| name | heat_stack_user |
+-------+----------------------------------+
The Orchestration service automatically assigns the
``heat_stack_user`` role to users that it creates
during stack deployment. By default, this role restricts
:term:`API` operations. To avoid conflicts, do not add
this role to users with the ``heat_stack_owner`` role.
.. note::
* Create the ``heat`` and ``heat-cfn`` service entities:
The Orchestration service automatically assigns the
``heat_stack_user`` role to users that it creates
during stack deployment. By default, this role restricts
:term:`API` operations. To avoid conflicts, do not add
this role to users with the ``heat_stack_owner`` role.
.. code-block:: console
* Create the ``heat`` and ``heat-cfn`` service entities:
$ openstack service create --name heat \
--description "Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 031112165cad4c2bb23e84603957de29 |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
$ openstack service create --name heat-cfn \
--description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 297740d74c0a446bbff867acdccb33fa |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
.. code-block:: console
#. Create the Orchestration service API endpoints:
$ openstack service create --name heat \
--description "Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 031112165cad4c2bb23e84603957de29 |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
$ openstack service create --name heat-cfn \
--description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 297740d74c0a446bbff867acdccb33fa |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
.. code-block:: console
#. Create the Orchestration service API endpoints:
$ openstack endpoint create \
--publicurl http://controller:8004/v1/%\(tenant_id\)s \
--internalurl http://controller:8004/v1/%\(tenant_id\)s \
--adminurl http://controller:8004/v1/%\(tenant_id\)s \
--region RegionOne \
orchestration
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| adminurl | http://controller:8004/v1/%(tenant_id)s |
| id | f41225f665694b95a46448e8676b0dc2 |
| internalurl | http://controller:8004/v1/%(tenant_id)s |
| publicurl | http://controller:8004/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | 031112165cad4c2bb23e84603957de29 |
| service_name | heat |
| service_type | orchestration |
+--------------+-----------------------------------------+
$ openstack endpoint create \
--publicurl http://controller:8000/v1 \
--internalurl http://controller:8000/v1 \
--adminurl http://controller:8000/v1 \
--region RegionOne \
cloudformation
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://controller:8000/v1 |
| id | f41225f665694b95a46448e8676b0dc2 |
| internalurl | http://controller:8000/v1 |
| publicurl | http://controller:8000/v1 |
| region | RegionOne |
| service_id | 297740d74c0a446bbff867acdccb33fa |
| service_name | heat-cfn |
| service_type | cloudformation |
+--------------+----------------------------------+
.. code-block:: console
$ openstack endpoint create \
--publicurl http://controller:8004/v1/%\(tenant_id\)s \
--internalurl http://controller:8004/v1/%\(tenant_id\)s \
--adminurl http://controller:8004/v1/%\(tenant_id\)s \
--region RegionOne \
orchestration
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| adminurl | http://controller:8004/v1/%(tenant_id)s |
| id | f41225f665694b95a46448e8676b0dc2 |
| internalurl | http://controller:8004/v1/%(tenant_id)s |
| publicurl | http://controller:8004/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | 031112165cad4c2bb23e84603957de29 |
| service_name | heat |
| service_type | orchestration |
+--------------+-----------------------------------------+
$ openstack endpoint create \
--publicurl http://controller:8000/v1 \
--internalurl http://controller:8000/v1 \
--adminurl http://controller:8000/v1 \
--region RegionOne \
cloudformation
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://controller:8000/v1 |
| id | f41225f665694b95a46448e8676b0dc2 |
| internalurl | http://controller:8000/v1 |
| publicurl | http://controller:8000/v1 |
| region | RegionOne |
| service_id | 297740d74c0a446bbff867acdccb33fa |
| service_name | heat-cfn |
| service_type | cloudformation |
+--------------+----------------------------------+
To install and configure the Orchestration components
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -220,149 +222,177 @@ To install and configure the Orchestration components
# apt-get install heat-api heat-api-cfn heat-enginea \
python-heatclient
2.
.. only:: obs or rdo or ubuntu
.. only:: rdo
2.
.. Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1213476.
.. only:: rdo
Copy the :file:`/usr/share/heat/heat-dist.conf` file
to :file:`/etc/heat/heat.conf`.
.. Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1213476.
Copy the :file:`/usr/share/heat/heat-dist.conf` file
to :file:`/etc/heat/heat.conf`.
.. code-block:: console
# cp /usr/share/heat/heat-dist.conf /etc/heat/heat.conf
# chown -R heat:heat /etc/heat/heat.conf
Edit the :file:`/etc/heat/heat.conf` file and complete the following
actions:
* In the ``[database]`` section, configure database access:
.. code-block:: ini
:linenos:
[database]
...
connection = mysql://heat:HEAT_DBPASS@controller/heat
Replace ``HEAT_DBPASS`` with the password you chose for the
Orchestration database.
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure ``RabbitMQ`` message queue access:
.. code-block:: ini
:linenos:
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in ``RabbitMQ``.
* In the ``[keystone_authtoken]`` and ``[ec2authtoken]`` sections,
configure Identity service access:
.. code-block:: ini
:linenos:
[keystone_authtoken]
...
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = heat
admin_password = HEAT_PASS
[ec2authtoken]
...
auth_uri = http://controller:5000/v2.0
Replace ``HEAT_PASS`` with the password you chose for the
``heat`` user in the Identity service.
.. note::
Comment out any ``auth_host``, ``auth_port``, and
``auth_protocol`` options because the
``identity_uri`` option replaces them.
* In the ``[DEFAULT]`` section, configure the metadata and
wait condition URLs:
.. code-block:: ini
:linenos:
[DEFAULT]
...
heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
* In the ``[DEFAULT]`` section, configure information about the heat
Identity service domain:
.. code-block:: ini
:linenos:
[DEFAULT]
...
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = HEAT_DOMAIN_PASS
stack_user_domain_name = heat_user_domain
Replace ``HEAT_DOMAIN_PASS`` with the password you chose for the admin
user of the ``heat`` user domain in the Identity service.
* (Optional) To assist with troubleshooting, enable verbose
logging in the ``[DEFAULT]`` section:
.. code-block:: ini
:linenos:
[DEFAULT]
...
verbose = True</programlisting>
3.
* Source the ``admin`` credentials to gain access to
admin-only CLI commands:
.. code-block:: console
$ source admin-openrc.sh
* Create the heat domain in Identity service:
.. code-block:: console
$ heat-keystone-setup-domain \
--stack-user-domain-name heat_user_domain \
--stack-domain-admin heat_domain_admin \
--stack-domain-admin-password HEAT_DOMAIN_PASS
Replace ``HEAT_DOMAIN_PASS`` with a suitable password.
4. Populate the Orchestration database:
.. code-block:: console
# cp /usr/share/heat/heat-dist.conf /etc/heat/heat.conf
# chown -R heat:heat /etc/heat/heat.conf
# su -s /bin/sh -c "heat-manage db_sync" heat
Edit the :file:`/etc/heat/heat.conf` file and complete the following
actions:
.. only:: debian
* In the ``[database]`` section, configure database access:
1. Run the following commands to install the packages:
.. code-block:: ini
:linenos:
.. code-block:: console
[database]
...
connection = mysql://heat:HEAT_DBPASS@controller/heat
# apt-get install heat-api heat-api-cfn heat-engine python-heat-client
Replace ``HEAT_DBPASS`` with the password you chose for the
Orchestration database.
2. Respond to prompts for
:doc:`database management <debconf/debconf-dbconfig-common>`,
:doc:`Identity service credentials <debconf/debconf-keystone-authtoken>`,
:doc:`service endpoint registration <debconf/debconf-api-endpoints>`,
and :doc:`message broker credentials <debconf/debconf-rabbitmq>`.
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure ``RabbitMQ`` message queue access:
3. Edit the :file:`/etc/heat/heat.conf` file and complete the following
actions:
.. code-block:: ini
:linenos:
* In the ``[ec2authtoken]`` section, configure Identity service access:
[DEFAULT]
...
rpc_backend = rabbit
.. code-block:: ini
:linenos:
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in ``RabbitMQ``.
* In the ``[keystone_authtoken]`` and ``[ec2authtoken]`` sections,
configure Identity service access:
.. code-block:: ini
:linenos:
[keystone_authtoken]
...
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = heat
admin_password = HEAT_PASS
[ec2authtoken]
...
auth_uri = http://controller:5000/v2.0
Replace ``HEAT_PASS`` with the password you chose for the
``heat`` user in the Identity service.
.. note::
Comment out any ``auth_host``, ``auth_port``, and
``auth_protocol`` options because the
``identity_uri`` option replaces them.
* In the ``[DEFAULT]`` section, configure the metadata and
wait condition URLs:
.. code-block:: ini
:linenos:
[DEFAULT]
...
heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
* In the ``[DEFAULT]`` section, configure information about the heat
Identity service domain:
.. code-block:: ini
:linenos:
[DEFAULT]
...
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = HEAT_DOMAIN_PASS
stack_user_domain_name = heat_user_domain
Replace ``HEAT_DOMAIN_PASS`` with the password you chose for the admin
user of the ``heat`` user domain in the Identity service.
* (Optional) To assist with troubleshooting, enable verbose
logging in the ``[DEFAULT]`` section:
.. code-block:: ini
:linenos:
[DEFAULT]
...
verbose = True</programlisting>
3.
* Source the ``admin`` credentials to gain access to
admin-only CLI commands:
.. code-block:: console
$ source admin-openrc.sh
* Create the heat domain in Identity service:
.. code-block:: console
$ heat-keystone-setup-domain \
--stack-user-domain-name heat_user_domain \
--stack-domain-admin heat_domain_admin \
--stack-domain-admin-password HEAT_DOMAIN_PASS
Replace ``HEAT_DOMAIN_PASS`` with a suitable password.
4. Populate the Orchestration database:
.. code-block:: console
# su -s /bin/sh -c "heat-manage db_sync" heat
[ec2authtoken]
...
auth_uri = http://controller:5000/v2.0
To finalize installation
~~~~~~~~~~~~~~~~~~~~~~~~
.. only:: obs or rdo
#. Start the Orchestration services and configure them to start
1. Start the Orchestration services and configure them to start
when the system boots:
.. code-block:: console
@ -372,9 +402,9 @@ To finalize installation
# systemctl start openstack-heat-api.service \
openstack-heat-api-cfn.service openstack-heat-engine.service
.. only:: ubuntu
.. only:: ubuntu or debian
#. Restart the Orchestration services:
1. Restart the Orchestration services:
.. code-block:: console
@ -382,7 +412,9 @@ To finalize installation
# service heat-api-cfn restart
# service heat-engine restart
#. By default, the Ubuntu packages create an SQLite database.
.. only:: ubuntu
2. By default, the Ubuntu packages create an SQLite database.
Because this configuration uses an SQL database server, you
can remove the SQLite database file: