这个部分将描述如何在控制节点上安装及配置 Orchestration 服务,即heat。
在你安装和配置流程服务之前,你必须创建数据库,服务凭证和API端点。流程同时需要在认证服务中添加额外信息。
完成下面的步骤以创建数据库:
用数据库连接客户端以 root 用户连接到数据库服务器:
$ mysql -u root -p
创建 heat 数据库:
CREATE DATABASE heat;
对``heat``数据库授予恰当的权限:
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY 'HEAT_DBPASS';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY 'HEAT_DBPASS';
使用合适的密码替换``HEAT_DBPASS``。
退出数据库客户端。
获得 admin 凭证来获取只有管理员能执行命令的访问权限:
$ source admin-openrc.sh
要创建服务证书,完成这些步骤:
创建``heat`` 用户:
$ openstack user create --domain default --password-prompt heat
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | ca2e175b851943349be29a328cc5e360 |
| name | heat |
+-----------+----------------------------------+
添加 admin 角色到 heat 用户上。
$ openstack role add --project service --user heat admin
注解
这个命令执行后没有输出。
创建``heat`` 和 heat-cfn 服务实体:
$ openstack service create --name heat \
--description "Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 727841c6f5df4773baa4e8a5ae7d72eb |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
$ openstack service create --name heat-cfn \
--description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | c42cede91a4e47c3b10c8aedc8d890c6 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
创建 Orchestration 服务的 API 端点:
$ openstack endpoint create --region RegionOne \
orchestration public http://controller:8004/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | heat |
| service_type | orchestration |
| url | http://controller:8004/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
orchestration internal http://controller:8004/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 9489f78e958e45cc85570fec7e836d98 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | heat |
| service_type | orchestration |
| url | http://controller:8004/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
orchestration admin http://controller:8004/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 76091559514b40c6b7b38dde790efe99 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | heat |
| service_type | orchestration |
| url | http://controller:8004/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \
cloudformation public http://controller:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b3ea082e019c4024842bf0a80555052c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://controller:8000/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
cloudformation internal http://controller:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 169df4368cdc435b8b115a9cb084044e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://controller:8000/v1 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
cloudformation admin http://controller:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d3edcd61eb343c1bbd629aa041ff88b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://controller:8000/v1 |
+--------------+----------------------------------+
为了管理栈,在认证服务中Orchestration需要更多信息。为了添加这些信息,完成下面的步骤:
为栈创建 heat 包含项目和用户的域:
$ openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 0f4d1bd326f2454dacc72157ba328a47 |
| name | heat |
+-------------+----------------------------------+
在 heat 域中创建管理项目和用户的``heat_domain_admin``用户:
$ openstack user create --domain heat --password-prompt heat_domain_admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 0f4d1bd326f2454dacc72157ba328a47 |
| enabled | True |
| id | b7bd1abfbcf64478b47a0f13cd4d970a |
| name | heat_domain_admin |
+-----------+----------------------------------+
添加``admin``角色到 heat 域 中的``heat_domain_admin``用户,启用``heat_domain_admin``用户管理栈的管理权限:
$ openstack role add --domain heat --user heat_domain_admin admin
注解
这个命令执行后没有输出。
创建 heat_stack_owner 角色:
$ openstack role create heat_stack_owner
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | 15e34f0c4fed4e68b3246275883c8630 |
| name | heat_stack_owner |
+-------+----------------------------------+
添加``heat_stack_owner`` 角色到``demo`` 项目和用户,启用``demo`` 用户管理栈。
$ openstack role add --project demo --user demo heat_stack_owner
注解
这个命令执行后没有输出。
注解
你必须添加 heat_stack_owner 角色到每个管理栈的用户。
创建 heat_stack_user 角色:
$ openstack role create heat_stack_user
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | 88849d41a55d4d1d91e4f11bffd8fc5c |
| name | heat_stack_user |
+-------+----------------------------------+
注解
默认配置文件在各发行版本中可能不同。你可能需要添加这些部分和选项而不是修改已经存在的部分和选项。另外,在配置片段中的省略号(...)表示默认的配置选项你应该保留。
安装软件包:
# yum install openstack-heat-api openstack-heat-api-cfn \
openstack-heat-engine python-heatclient
编辑文件 /etc/heat/heat.conf 并完成如下动作:
在 [database] 部分,配置数据库访问:
[database]
...
connection = mysql://heat:HEAT_DBPASS@controller/heat
将 HEAT_DBPASS 替换为你为 Orchestration 数据库选择的密码。
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列访问:
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
用你在 “RabbitMQ” 中为 “openstack” 用户选择的密码替换 “RABBIT_PASS”。
在``[keystone_authtoken]``, [trustee],[clients_keystone]``和 ``[ec2authtoken] 部分,配置认证服务访问:
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = heat
password = HEAT_PASS
[trustee]
...
auth_plugin = password
auth_url = http://controller:35357
username = heat
password = HEAT_PASS
user_domain_id = default
[clients_keystone]
...
auth_uri = http://controller:5000
[ec2authtoken]
...
auth_uri = http://controller:5000/v3
将``HEAT_PASS`` 替换为你在认证服务中为 heat 用户选择的密码。
在``[DEFAULT]`` 部分,配置元数据和 等待条件URLs:
[DEFAULT]
...
heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
在 [DEFAULT] 部分,配置栈域与管理凭据:
[DEFAULT]
...
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = HEAT_DOMAIN_PASS
stack_user_domain_name = heat
将 HEAT_DOMAIN_PASS 替换为你在认证服务中为``heat_domain_admin`` 用户选择的密码。
(可选的)为帮助排错,在 “[DEFAULT]”部分启用详细日志。
[DEFAULT]
...
verbose = True
同步Orchestration数据库:
# su -s /bin/sh -c "heat-manage db_sync" heat
启动 Orchestration 服务并将其设置为随系统启动:
# systemctl enable openstack-heat-api.service \
openstack-heat-api-cfn.service openstack-heat-engine.service
# systemctl start openstack-heat-api.service \
openstack-heat-api-cfn.service openstack-heat-engine.service
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.