Install the Orchestration Service on the controller node: # apt-get install heat-api heat-api-cfn heat-engine Answer to the debconf prompts about the database, the RabbitMQ and the keystone_authtoken configuration, and the API endpoint registration. Install the Orchestration Service on the controller node: # apt-get install heat-api heat-api-cfn heat-engine # yum install openstack-heat-api openstack-heat-engine FIXME # zypper install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine In the configuration file, specify the location of the database where the Orchestration Service stores data. The examples in this guide use a MySQL database on the controller node with the heat user name. Replace HEAT_DBPASS with the password for the database user: # openstack-config --set /etc/heat/heat.conf \ database connection mysql://heat:HEAT_DBPASS@controller/heat Edit /etc/heat/heat.conf and change the [DEFAULT] section. [database] # The SQLAlchemy connection string used to connect to the database connection = mysql://heat:HEAT_DBPASS@controller/heat ... Create a heat database user by logging in as root using the password you set previously: # mysql -u root -p mysql> CREATE DATABASE heat; mysql> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ IDENTIFIED BY 'HEAT_DBPASS'; mysql> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ IDENTIFIED BY 'HEAT_DBPASS'; Create the heat service tables: # heat-manage db_sync You can ignore any DeprecationWarning errors. The Ubuntu packages do not correctly set up logging. Edit the /etc/heat/heat.conf file and change the [DEFAULT] section: [DEFAULT] ... # Print more verbose output (set logging level to INFO instead # of default WARNING level). (boolean value) verbose = True ... # (Optional) The base directory used for relative --log-file # paths (string value) log_dir=/var/log/heat Create a heat user that the Orchestration Service can use to authenticate with the Identity Service. Use the service tenant and give the user the admin role. # keystone user-create --name=heat --pass=HEAT_PASS --email=heat@example.com # keystone user-role-add --user=heat --tenant=service --role=admin Add the credentials to the configuration files for the Orchestration Service. Edit /etc/heat/api-paste.ini and change the [filter:authtoken] section. ... [filter:authtoken] paste.filter_factory = heat.common.auth_token:filter_factory auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = heat admin_password = HEAT_PASS ... Register the Orchestration Service (both Heat and CloudFormation APIs) with the Identity Service so that other OpenStack services can locate it. Use the keystone command to register the service and specify the endpoint: # keystone service-create --name=heat --type=orchestration \ --description="Heat Orchestration API" Note the id property for the service that was returned in the previous step. Use it to create the endpoint. # keystone endpoint-create \ --service-id=the_service_id_above \ --publicurl=http://controller:8004/v1/\$(tenant_id)s \ --internalurl=http://controller:8004/v1/\$(tenant_id)s \ --adminurl=http://controller:8004/v1/\$(tenant_id)s # keystone service-create --name=heat-cfn --type=cloudformation \ --description="Heat CloudFormation API" Note the id property for the service that was returned in the previous step. Use it to create the endpoint. # keystone endpoint-create \ --service-id=the_service_id_above \ --publicurl=http://controller:8000/v1 \ --internalurl=http://controller:8000/v1 \ --adminurl=http://controller:8000/v1 Restart the service with its new settings: # service heat-api restart # service heat-api-cfn restart # service heat-engine restart Start the heat-api, heat-api-cfn and heat-engine services. Also, configure them to start when the system boots. # service openstack-heat-api start # service openstack-heat-api-cfn start # service openstack-heat-engine start # chkconfig openstack-heat-api on # chkconfig openstack-heat-api-cfn on # chkconfig openstack-heat-engine on