OpenStack Pike

2017/09/03

Travaux de synthèse : Taylor VOLI

Volet 15
 2

OpenStack Pike : Configure Heat#1 (Control Node)

2017/09/07

Install OpenStack Orchestration Service (Heat).

This example is based on the emvironment like follows.
------------+---------------------------+--------------------------
-+------------
| |
|
eth0|10.0.0.30 eth0|10.0.0.50
eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +----------
-+-----------+
| [ Control Node ] | | [ Network Node ] | | [
Compute Node ] |
| | | | |
|
| MariaDB RabbitMQ | | Open vSwitch | |
Libvirt |
| Memcached httpd | | L2 Agent | | Nova
Compute |
| Keystone Glance | | L3 Agent | | Open
vSwitch |
| Nova API | | Metadata Agent | | L2
Agent |
| Neutron Server | | Cinder-Volume | |
|
| Metadata Agent | | Heat API API-CFN | |
|
| Cinder API | | Heat Engine | |
|
+-----------------------+ +-----------------------+ +----------
-------------+

[1] Install packages on Control Node.

# install from Pike, EPEL

[root@dlp ~(keystone)]#
yum --enablerepo=centos-openstack-pike,epel -y install openstack-heat-common
[2] Add users and so on for Heat services in Keystone on the Control Node.
# add Heat user

[root@dlp ~(keystone)]#
openstack user create --domain default --project service --password servicepassword heat

+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | c9ab6e9feb4d444c8f637fcfe7a67305 |

2
 3

| domain_id | default |
| enabled | True |
| id | 9ddb7ce4e5b643319e5482c40ddf12c5 |
| name | heat |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+

# add Heat user to admin role

[root@dlp ~(keystone)]#
openstack role add --project service --user heat admin
# create a role for Heat

[root@dlp ~(keystone)]#
openstack role create heat_stack_owner

+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 19a9693c2ed845ac81396fd2c142604f |
| name | heat_stack_owner |
+-----------+----------------------------------+

[root@dlp ~(keystone)]#
openstack role create heat_stack_user

+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | dea9ebaa41a245d0a5a6bcef0aaa1eac |
| name | heat_stack_user |
+-----------+----------------------------------+

# add admin user to heat_stack_owner role

[root@dlp ~(keystone)]#
openstack role add --project admin --user admin heat_stack_owner
# create service entry for Heat

[root@dlp ~(keystone)]#
openstack service create --name heat --description "Openstack Orchestration" orchestration

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Orchestration |
| enabled | True |
| id | 191e9222c5b94ddb90c887b3ea396a98 |

3
 4

| name | heat |
| type | orchestration |
+-------------+----------------------------------+

[root@dlp ~(keystone)]#
openstack service create --name heat-cfn --description "Openstack Orchestration"
cloudformation

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Orchestration |
| enabled | True |
| id | 6bc2497d7020448aa07de924b5cb5273 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+

# define Heat API server's IP address

[root@dlp ~(keystone)]#
heat_api=10.0.0.50
# create endpoint entry for orchestration (public)

[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne orchestration public
http://$heat_api:8004/v1/%\(tenant_id\)s

+--------------+----------------------------------------+
| Field | Value |
+--------------+----------------------------------------+
| enabled | True |
| id | 63f285d207a2470dab12899999f7f0b0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 191e9222c5b94ddb90c887b3ea396a98 |
| service_name | heat |
| service_type | orchestration |
| url | http://10.0.0.50:8004/v1/%(tenant_id)s |
+--------------+----------------------------------------+

# create endpoint entry for orchestration (internal)

[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne orchestration internal
http://$heat_api:8004/v1/%\(tenant_id\)s

+--------------+----------------------------------------+
| Field | Value |
+--------------+----------------------------------------+

4
 5

| enabled | True |
| id | 5206ba971a4842ba971806b0058b1695 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 191e9222c5b94ddb90c887b3ea396a98 |
| service_name | heat |
| service_type | orchestration |
| url | http://10.0.0.50:8004/v1/%(tenant_id)s |
+--------------+----------------------------------------+

# create endpoint entry for orchestration (admin)

[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne orchestration admin
http://$heat_api:8004/v1/%\(tenant_id\)s

+--------------+----------------------------------------+
| Field | Value |
+--------------+----------------------------------------+
| enabled | True |
| id | 976c83d5d7f1494e84768ce124f170d6 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 191e9222c5b94ddb90c887b3ea396a98 |
| service_name | heat |
| service_type | orchestration |
| url | http://10.0.0.50:8004/v1/%(tenant_id)s |
+--------------+----------------------------------------+

# create endpoint entry for cloudformation (public)

[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne cloudformation public http://$heat_api:8000/v1

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 493c29d85bd84399b9baa627b08dcc2f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6bc2497d7020448aa07de924b5cb5273 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://10.0.0.50:8000/v1 |
+--------------+----------------------------------+

# create endpoint entry for cloudformation (internal)

5
 6

[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne cloudformation internal http://$heat_api:8000/v1

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d59331dcdfc54f53a278691ef126a012 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6bc2497d7020448aa07de924b5cb5273 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://10.0.0.50:8000/v1 |
+--------------+----------------------------------+

# create endpoint entry for cloudformation (admin)

[root@dlp ~(keystone)]#
openstack endpoint create --region RegionOne cloudformation admin http://$heat_api:8000/v1

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5fce1311d5c54ff3aa5bdbd05900d28d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6bc2497d7020448aa07de924b5cb5273 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://10.0.0.50:8000/v1 |
+--------------+----------------------------------+

# create Heat domain

[root@dlp ~(keystone)]#
openstack domain create --description "Stack projects and users" heat

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 99bf2f4e79bc42e08e0385681e158fd0 |
| name | heat |
+-------------+----------------------------------+

# create [heat_domain_admin] user

6
 7

[root@dlp ~(keystone)]#
openstack user create --domain heat --password servicepassword heat_domain_admin

+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 99bf2f4e79bc42e08e0385681e158fd0 |
| enabled | True |
| id | 426c5ff63bf344a6ac3cad83231c36d1 |
| name | heat_domain_admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+

# add [heat_domain_admin] user to admin role

[root@dlp ~(keystone)]#
openstack role add --domain heat --user heat_domain_admin admin
[3] Create a database for Heat to MariaDB.
[root@dlp ~(keystone)]#
mysql -u root -p

Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 51
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
create database heat;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]>
grant all privileges on heat.* to heat@'localhost' identified by 'password';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>
grant all privileges on heat.* to heat@'%' identified by 'password';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>
flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>

7
 8

exit

Bye

8
 9

OpenStack Pike : Configure Heat#2 (Network Node)

2017/09/07

Install OpenStack Orchestration Service (Heat).

This example is based on the emvironment like follows.
------------+---------------------------+--------------------------
-+------------
| |
|
eth0|10.0.0.30 eth0|10.0.0.50
eth0|10.0.0.51
+-----------+-----------+ +-----------+-----------+ +----------
-+-----------+
| [ Control Node ] | | [ Network Node ] | | [
Compute Node ] |
| | | | |
|
| MariaDB RabbitMQ | | Open vSwitch | |
Libvirt |
| Memcached httpd | | L2 Agent | | Nova
Compute |
| Keystone Glance | | L3 Agent | | Open
vSwitch |
| Nova API | | Metadata Agent | | L2
Agent |
| Neutron Server | | Cinder-Volume | |
|
| Metadata Agent | | Heat API API-CFN | |
|
| Cinder API | | Heat Engine | |
|
+-----------------------+ +-----------------------+ +----------
-------------+

[1] Install Heat services on Network Node.

# install from Pike, EPEL

[root@network ~]#
yum --enablerepo=centos-openstack-pike,epel -y install openstack-heat-api openstack-heat-api-
cfn openstack-heat-engine python-heatclient
[2] Configure Heat.
[root@network ~]#
mv /etc/heat/heat.conf /etc/heat/heat.conf.org

[root@network ~]#
vi /etc/heat/heat.conf
# create new

9
 10

[DEFAULT]
deferred_auth_method = trusts
trusts_delegated_roles = heat_stack_owner
# Heat installed server
heat_metadata_server_url = http://10.0.0.50:8000
heat_waitcondition_server_url = http://10.0.0.50:8000/v1/waitcondition
heat_watch_server_url = http://10.0.0.50:8003
heat_stack_user_role = heat_stack_user
# Heat domain name
stack_user_domain_name = heat
# Heat domain admin name
stack_domain_admin = heat_domain_admin
# Heat domain admin's password
stack_domain_admin_password = servicepassword
# RabbitMQ connection info
transport_url = rabbit://openstack:password@10.0.0.30

# MariaDB connection info

[database]
connection = mysql+pymysql://heat:password@10.0.0.30/heat

# Keystone auth info

[clients_keystone]
auth_uri = http://10.0.0.30:35357

# Keystone auth info

[ec2authtoken]
auth_uri = http://10.0.0.30:5000

[heat_api]
bind_host = 0.0.0.0
bind_port = 8004

[heat_api_cfn]
bind_host = 0.0.0.0
bind_port = 8000

# Keystone auth info

[keystone_authtoken]
auth_uri = http://10.0.0.30:5000
auth_url = http://10.0.0.30:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = servicepassword

[trustee]
auth_plugin = password
auth_url = http://10.0.0.30:35357
username = heat
password = servicepassword
user_domain_name = default

10
 11

[root@network ~]#
chgrp heat /etc/heat/heat.conf

[root@network ~]#
chmod 640 /etc/heat/heat.conf

[root@network ~]#
su -s /bin/bash heat -c "heat-manage db_sync"

[root@network ~]#
systemctl start openstack-heat-api openstack-heat-api-cfn openstack-heat-engine

[root@network ~]#
systemctl enable openstack-heat-api openstack-heat-api-cfn openstack-heat-engine

[3] If Firewalld is running, allow service ports.

[root@network ~]#
firewall-cmd --add-port={8000/tcp,8004/tcp} --permanent

success
[root@network ~]#
firewall-cmd --reload

success

11