安装和配置

安装和配置

这个部分将描述如何在控制节点上安装及配置 Orchestration 服务,即heat。

前提条件

在你安装和配置流程服务之前,你必须创建数据库,服务凭证和API端点。流程同时需要在认证服务中添加额外信息。

  1. 完成下面的步骤以创建数据库:

    • 用数据库连接客户端以 root 用户连接到数据库服务器:

      $ mysql -u root -p
      
    • 创建 heat 数据库:

      CREATE DATABASE heat;
      
    • 对``heat``数据库授予恰当的权限:

      GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
        IDENTIFIED BY 'HEAT_DBPASS';
      GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
        IDENTIFIED BY 'HEAT_DBPASS';
      

      使用合适的密码替换``HEAT_DBPASS``。

    • 退出数据库客户端。

  2. 获得 admin 凭证来获取只有管理员能执行命令的访问权限:

    $ source admin-openrc.sh
    
  3. 要创建服务证书,完成这些步骤:

    • 创建``heat`` 用户:

      $ openstack user create --domain default --password-prompt heat
      User Password:
      Repeat User Password:
      +-----------+----------------------------------+
      | Field     | Value                            |
      +-----------+----------------------------------+
      | domain_id | default                          |
      | enabled   | True                             |
      | id        | ca2e175b851943349be29a328cc5e360 |
      | name      | heat                             |
      +-----------+----------------------------------+
      
    • 添加 admin 角色到 heat 用户上。

      $ openstack role add --project service --user heat admin
      

      注解

      这个命令执行后没有输出。

    • 创建``heat`` 和 heat-cfn 服务实体:

      $ openstack service create --name heat \
        --description "Orchestration" orchestration
      +-------------+----------------------------------+
      | Field       | Value                            |
      +-------------+----------------------------------+
      | description | Orchestration                    |
      | enabled     | True                             |
      | id          | 727841c6f5df4773baa4e8a5ae7d72eb |
      | name        | heat                             |
      | type        | orchestration                    |
      +-------------+----------------------------------+
      
      $ openstack service create --name heat-cfn \
        --description "Orchestration"  cloudformation
      +-------------+----------------------------------+
      | Field       | Value                            |
      +-------------+----------------------------------+
      | description | Orchestration                    |
      | enabled     | True                             |
      | id          | c42cede91a4e47c3b10c8aedc8d890c6 |
      | name        | heat-cfn                         |
      | type        | cloudformation                   |
      +-------------+----------------------------------+
      
  4. 创建 Orchestration 服务的 API 端点:

    $ openstack endpoint create --region RegionOne \
      orchestration public http://controller:8004/v1/%\(tenant_id\)s
    +--------------+-----------------------------------------+
    | Field        | Value                                   |
    +--------------+-----------------------------------------+
    | enabled      | True                                    |
    | id           | 3f4dab34624e4be7b000265f25049609        |
    | interface    | public                                  |
    | region       | RegionOne                               |
    | region_id    | RegionOne                               |
    | service_id   | 727841c6f5df4773baa4e8a5ae7d72eb        |
    | service_name | heat                                    |
    | service_type | orchestration                           |
    | url          | http://controller:8004/v1/%(tenant_id)s |
    +--------------+-----------------------------------------+
    
    $ openstack endpoint create --region RegionOne \
      orchestration internal http://controller:8004/v1/%\(tenant_id\)s
    +--------------+-----------------------------------------+
    | Field        | Value                                   |
    +--------------+-----------------------------------------+
    | enabled      | True                                    |
    | id           | 9489f78e958e45cc85570fec7e836d98        |
    | interface    | internal                                |
    | region       | RegionOne                               |
    | region_id    | RegionOne                               |
    | service_id   | 727841c6f5df4773baa4e8a5ae7d72eb        |
    | service_name | heat                                    |
    | service_type | orchestration                           |
    | url          | http://controller:8004/v1/%(tenant_id)s |
    +--------------+-----------------------------------------+
    
    $ openstack endpoint create --region RegionOne \
      orchestration admin http://controller:8004/v1/%\(tenant_id\)s
    +--------------+-----------------------------------------+
    | Field        | Value                                   |
    +--------------+-----------------------------------------+
    | enabled      | True                                    |
    | id           | 76091559514b40c6b7b38dde790efe99        |
    | interface    | admin                                   |
    | region       | RegionOne                               |
    | region_id    | RegionOne                               |
    | service_id   | 727841c6f5df4773baa4e8a5ae7d72eb        |
    | service_name | heat                                    |
    | service_type | orchestration                           |
    | url          | http://controller:8004/v1/%(tenant_id)s |
    +--------------+-----------------------------------------+
    
    $ openstack endpoint create --region RegionOne \
      cloudformation public http://controller:8000/v1
    +--------------+----------------------------------+
    | Field        | Value                            |
    +--------------+----------------------------------+
    | enabled      | True                             |
    | id           | b3ea082e019c4024842bf0a80555052c |
    | interface    | public                           |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | c42cede91a4e47c3b10c8aedc8d890c6 |
    | service_name | heat-cfn                         |
    | service_type | cloudformation                   |
    | url          | http://controller:8000/v1        |
    +--------------+----------------------------------+
    
    $ openstack endpoint create --region RegionOne \
      cloudformation internal http://controller:8000/v1
    +--------------+----------------------------------+
    | Field        | Value                            |
    +--------------+----------------------------------+
    | enabled      | True                             |
    | id           | 169df4368cdc435b8b115a9cb084044e |
    | interface    | internal                         |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | c42cede91a4e47c3b10c8aedc8d890c6 |
    | service_name | heat-cfn                         |
    | service_type | cloudformation                   |
    | url          | http://controller:8000/v1        |
    +--------------+----------------------------------+
    
    $ openstack endpoint create --region RegionOne \
      cloudformation admin http://controller:8000/v1
    +--------------+----------------------------------+
    | Field        | Value                            |
    +--------------+----------------------------------+
    | enabled      | True                             |
    | id           | 3d3edcd61eb343c1bbd629aa041ff88b |
    | interface    | internal                         |
    | region       | RegionOne                        |
    | region_id    | RegionOne                        |
    | service_id   | c42cede91a4e47c3b10c8aedc8d890c6 |
    | service_name | heat-cfn                         |
    | service_type | cloudformation                   |
    | url          | http://controller:8000/v1        |
    +--------------+----------------------------------+
    
  5. 为了管理栈,在认证服务中Orchestration需要更多信息。为了添加这些信息,完成下面的步骤:

    • 为栈创建 heat 包含项目和用户的域:

      $ openstack domain create --description "Stack projects and users" heat
      +-------------+----------------------------------+
      | Field       | Value                            |
      +-------------+----------------------------------+
      | description | Stack projects and users         |
      | enabled     | True                             |
      | id          | 0f4d1bd326f2454dacc72157ba328a47 |
      | name        | heat                             |
      +-------------+----------------------------------+
      
    • heat 域中创建管理项目和用户的``heat_domain_admin``用户:

      $ openstack user create --domain heat --password-prompt heat_domain_admin
      User Password:
      Repeat User Password:
      +-----------+----------------------------------+
      | Field     | Value                            |
      +-----------+----------------------------------+
      | domain_id | 0f4d1bd326f2454dacc72157ba328a47 |
      | enabled   | True                             |
      | id        | b7bd1abfbcf64478b47a0f13cd4d970a |
      | name      | heat_domain_admin                |
      +-----------+----------------------------------+
      
    • 添加``admin``角色到 heat 域 中的``heat_domain_admin``用户,启用``heat_domain_admin``用户管理栈的管理权限:

      $ openstack role add --domain heat --user heat_domain_admin admin
      

      注解

      这个命令执行后没有输出。

    • 创建 heat_stack_owner 角色:

      $ openstack role create heat_stack_owner
      +-------+----------------------------------+
      | Field | Value                            |
      +-------+----------------------------------+
      | id    | 15e34f0c4fed4e68b3246275883c8630 |
      | name  | heat_stack_owner                 |
      +-------+----------------------------------+
      
    • 添加``heat_stack_owner`` 角色到``demo`` 项目和用户,启用``demo`` 用户管理栈。

      $ openstack role add --project demo --user demo heat_stack_owner
      

      注解

      这个命令执行后没有输出。

      注解

      你必须添加 heat_stack_owner 角色到每个管理栈的用户。

    • 创建 heat_stack_user 角色:

      $ openstack role create heat_stack_user
      +-------+----------------------------------+
      | Field | Value                            |
      +-------+----------------------------------+
      | id    | 88849d41a55d4d1d91e4f11bffd8fc5c |
      | name  | heat_stack_user                  |
      +-------+----------------------------------+
      

      注解

      Orchestration 自动地分配 ``heat_stack_user``角色给在 stack 部署过程中创建的用户。默认情况下,这个角色会限制 API 的操作。为了避免冲突,请不要为用户添加 ``heat_stack_owner``角色。

安全并配置组件

注解

默认配置文件在各发行版本中可能不同。你可能需要添加这些部分和选项而不是修改已经存在的部分和选项。另外,在配置片段中的省略号(...)表示默认的配置选项你应该保留。

  1. 安装软件包:

    # yum install openstack-heat-api openstack-heat-api-cfn \
      openstack-heat-engine python-heatclient
    
  1. 编辑文件 /etc/heat/heat.conf 并完成如下动作:

    • [database] 部分,配置数据库访问:

      [database]
      ...
      connection = mysql://heat:HEAT_DBPASS@controller/heat
      

      HEAT_DBPASS 替换为你为 Orchestration 数据库选择的密码。

    • 在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列访问:

      [DEFAULT]
      ...
      rpc_backend = rabbit
      
      [oslo_messaging_rabbit]
      ...
      rabbit_host = controller
      rabbit_userid = openstack
      rabbit_password = RABBIT_PASS
      

      用你在 “RabbitMQ” 中为 “openstack” 用户选择的密码替换 “RABBIT_PASS”。

    • 在``[keystone_authtoken]``, [trustee][clients_keystone]``和 ``[ec2authtoken] 部分,配置认证服务访问:

      [keystone_authtoken]
      ...
      auth_uri = http://controller:5000
      auth_url = http://controller:35357
      auth_plugin = password
      project_domain_id = default
      user_domain_id = default
      project_name = service
      username = heat
      password = HEAT_PASS
      
      [trustee]
      ...
      auth_plugin = password
      auth_url = http://controller:35357
      username = heat
      password = HEAT_PASS
      user_domain_id = default
      
      [clients_keystone]
      ...
      auth_uri = http://controller:5000
      
      [ec2authtoken]
      ...
      auth_uri = http://controller:5000/v3
      

      将``HEAT_PASS`` 替换为你在认证服务中为 heat 用户选择的密码。

    • 在``[DEFAULT]`` 部分,配置元数据和 等待条件URLs:

      [DEFAULT]
      ...
      heat_metadata_server_url = http://controller:8000
      heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
      
    • [DEFAULT] 部分,配置栈域与管理凭据:

      [DEFAULT]
      ...
      stack_domain_admin = heat_domain_admin
      stack_domain_admin_password = HEAT_DOMAIN_PASS
      stack_user_domain_name = heat
      

      HEAT_DOMAIN_PASS 替换为你在认证服务中为``heat_domain_admin`` 用户选择的密码。

    • (可选的)为帮助排错,在 “[DEFAULT]”部分启用详细日志。

      [DEFAULT]
      ...
      verbose = True
      
  2. 同步Orchestration数据库:

    # su -s /bin/sh -c "heat-manage db_sync" heat
    

完成安装

  • 启动 Orchestration 服务并将其设置为随系统启动:

    # systemctl enable openstack-heat-api.service \
      openstack-heat-api-cfn.service openstack-heat-engine.service
    # systemctl start openstack-heat-api.service \
      openstack-heat-api-cfn.service openstack-heat-engine.service
    
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.