Install and configure Orchestration

Install and configure Orchestration This section describes how to install and configure the Orchestration module, code-named heat, on the controller node. To configure prerequisites Before you install and configure Orchestration, you must create a database, service credentials, and API endpoints. To create the database, complete these steps: Use the database access client to connect to the database server as the root user: $ mysql -u root -p Create the heat database: CREATE DATABASE heat; Grant proper access to the heat database: GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ IDENTIFIED BY 'HEAT_DBPASS'; Replace HEAT_DBPASS with a suitable password. Exit the database access client. Source the admin credentials to gain access to admin-only CLI commands: $ source admin-openrc.sh To create the service credentials, complete these steps: Create the heat user: $ openstack user create --password-prompt heat User Password: Repeat User Password: +----------+----------------------------------+ | Field | Value | +----------+----------------------------------+ | email | None | | enabled | True | | id | 7fd67878dcd04d0393469ef825a7e005 | | name | heat | | username | heat | +----------+----------------------------------+ Add the admin role to the heat user: $ openstack role add --project service --user heat admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | cd2cb9a39e874ea69e5d4b896eb16128 | | name | admin | +-------+----------------------------------+ Create the heat_stack_owner role: $ openstack role create heat_stack_owner +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | c0a1cbee7261446abc873392f616de87 | | name | heat_stack_owner | +-------+----------------------------------+ Add the heat_stack_owner role to the demo tenant and user: $ openstack role add --project demo --user demo heat_stack_owner +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | c0a1cbee7261446abc873392f616de87 | | name | heat_stack_owner | +-------+----------------------------------+ You must add the heat_stack_owner role to users that manage stacks. Create the heat_stack_user role: $ openstack role create heat_stack_user +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | e01546b1a81c4e32a6d14a9259e60154 | | name | heat_stack_user | +-------+----------------------------------+ The Orchestration service automatically assigns the heat_stack_user role to users that it creates during stack deployment. By default, this role restricts API operations. To avoid conflicts, do not add this role to users with the heat_stack_owner role. Create the heat and heat-cfn service entities: $ openstack service create --name heat \ --description "Orchestration" orchestration +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | 031112165cad4c2bb23e84603957de29 | | name | heat | | type | orchestration | +-------------+----------------------------------+ $ openstack service create --name heat-cfn \ --description "Orchestration" cloudformation +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | 297740d74c0a446bbff867acdccb33fa | | name | heat-cfn | | type | cloudformation | +-------------+----------------------------------+ Create the Orchestration service API endpoints: $ openstack endpoint create \ --publicurl http://controller:8004/v1/%$tenant_id$s \ --internalurl http://controller:8004/v1/%$tenant_id$s \ --adminurl http://controller:8004/v1/%$tenant_id$s \ --region RegionOne \ orchestration +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | adminurl | http://controller:8004/v1/%(tenant_id)s | | id | f41225f665694b95a46448e8676b0dc2 | | internalurl | http://controller:8004/v1/%(tenant_id)s | | publicurl | http://controller:8004/v1/%(tenant_id)s | | region | RegionOne | | service_id | 031112165cad4c2bb23e84603957de29 | | service_name | heat | | service_type | orchestration | +--------------+-----------------------------------------+ $ openstack endpoint create \ --publicurl http://controller:8000/v1 \ --internalurl http://controller:8000/v1 \ --adminurl http://controller:8000/v1 \ --region RegionOne \ cloudformation +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | adminurl | http://controller:8000/v1 | | id | f41225f665694b95a46448e8676b0dc2 | | internalurl | http://controller:8000/v1 | | publicurl | http://controller:8000/v1 | | region | RegionOne | | service_id | 297740d74c0a446bbff867acdccb33fa | | service_name | heat-cfn | | service_type | cloudformation | +--------------+----------------------------------+ To install and configure the Orchestration components Run the following commands to install the packages: # apt-get install heat-api heat-api-cfn heat-engine python-heatclient # yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \ python-heatclient # zypper install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine \ python-heatclient Copy the /usr/share/heat/heat-dist.conf file to /etc/heat/heat.conf. # cp /usr/share/heat/heat-dist.conf /etc/heat/heat.conf # chown -R heat:heat /etc/heat/heat.conf Edit the /etc/heat/heat.conf file and complete the following actions: In the [database] section, configure database access: [database] ... connection = mysql://heat:HEAT_DBPASS@controller/heat Replace HEAT_DBPASS with the password you chose for the Orchestration database. In the [DEFAULT] section, configure RabbitMQ message broker access: [DEFAULT] ... rpc_backend = rabbit rabbit_host = controller rabbit_password = RABBIT_PASS Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. In the [keystone_authtoken] and [ec2authtoken] sections, configure Identity service access: [keystone_authtoken] ... auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = heat admin_password = HEAT_PASS [ec2authtoken] ... auth_uri = http://controller:5000/v2.0 Replace HEAT_PASS with the password you chose for the heat user in the Identity service. Comment out any auth_host, auth_port, and auth_protocol options because the identity_uri option replaces them. In the [DEFAULT] section, configure the metadata and wait condition URLs: [DEFAULT] ... heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition In the [DEFAULT] section, configure information about the heat Identity service domain: [DEFAULT] ... stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat_user_domain Replace HEAT_DOMAIN_PASS with the password you chose for the admin user of the heat user domain in the Identity service. (Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section: [DEFAULT] ... verbose = True Source the admin credentials to gain access to admin-only CLI commands: $ source admin-openrc.sh Create the heat domain in Identity service: $ heat-keystone-setup-domain \ --stack-user-domain-name heat_user_domain \ --stack-domain-admin heat_domain_admin \ --stack-domain-admin-password HEAT_DOMAIN_PASS Replace HEAT_DOMAIN_PASS with a suitable password. Populate the Orchestration database: # su -s /bin/sh -c "heat-manage db_sync" heat To install and configure the Orchestration components Run the following commands to install the packages: # apt-get install heat-api heat-api-cfn heat-engine python-heat-client Respond to prompts for database management, Identity service credentials, service endpoint registration, and message broker credentials. Edit the /etc/heat/heat.conf file and complete the following actions: In the [ec2authtoken] section, configure Identity service access: [ec2authtoken] ... auth_uri = http://controller:5000/v2.0 To finalize installation Restart the Orchestration services: # service heat-api restart # service heat-api-cfn restart # service heat-engine restart Start the Orchestration services and configure them to start when the system boots: # systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service \ openstack-heat-engine.service # systemctl start openstack-heat-api.service openstack-heat-api-cfn.service \ openstack-heat-engine.service By default, the Ubuntu packages create a SQLite database. Because this configuration uses a SQL database server, you can remove the SQLite database file: # rm -f /var/lib/heat/heat.sqlite