clearlinux/clear-linux-documentation
2
0
Fork 0
mirror of https://github.com/clearlinux/clear-linux-documentation.git synced 2026-05-14 02:43:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
61baab70169672bb50b2eb12eb54ec44765ce9fa
clear-linux-documentation/source/openstack_orchestration.rst

290 lines
10 KiB
ReStructuredText
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
.. _openstack_orchestration:
Orchestration
############################################################
The Orchestration module provides template-based OpenStack* API calls
on a cloud application. It integrates core components of OpenStack into
a one-file template system that allows you to create most OpenStack
resource types, including: instances, floating IPs, volumes, security
groups, and users. The module also provides advanced functionality:
instance high availability, instance auto-scaling, and nested stacks,
all of which allow OpenStack core projects to accommodate a larger user
base.  
The service enables deployers to integrate with the Orchestration module
directly, or through custom plugins.
Installing and configuring controller node
-----------------------------------------------
This section describes how to install and configure the Orchestration
module, codenamed heat, on the controller node.
Configuring prerequisites
~~~~~~~~~~~~~~~~~~~~~~~~~~
Before you install and configure Orchestration, you must create a
database, service credentials, and API endpoints.
#. To create the database, complete these steps:
* Use the database access client to connect to the database server
as the ``root`` user::
$ mysql -u root -p
* Create the ``heat`` database::
CREATE DATABASE heat;
* Grant proper access to the ``heat`` database.
Replace *HEAT_DBPASS*  with a suitable password::
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY 'HEAT_DBPASS';
GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY 'HEAT_DBPASS';
* Exit the database access client.
#. Source the ``admin`` credentials to gain access to admin-only CLI
commands::
$ source admin-openrc.sh
#. To create the service credentials, complete these steps:
* Create the ``heat`` user::
$ openstack user create --password-prompt heat
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | 7fd67878dcd04d0393469ef825a7e005 |
| name | heat |
| username | heat |
+----------+----------------------------------+
* Add the ``admin`` role to the ``heat`` user::
$ openstack role add --project service --user heat admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-------+----------------------------------+
* Create the ``heat_stack_owner`` role::
$ openstack role create heat_stack_owner
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c0a1cbee7261446abc873392f616de87 |
| name | heat_stack_owner |
+-------+----------------------------------+
* Add the ``heat_stack_owner`` role to the ``demo`` tenant and
user.
Note: You must add the ``heat_stack_owner`` role to users that
manage stacks::
$ openstack role add --project demo --user demo heat_stack_owner
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | c0a1cbee7261446abc873392f616de87 |
| name | heat_stack_owner |
+-------+----------------------------------+
* Create the ``heat_stack_user`` role.
Note: The Orchestration service automatically assigns the ``heat_stack_user`` role
to users that it creates during stack deployment. By default, this role restricts 
API operations. To avoid conflicts, do not add this role to users with the 
heat_stack_owner role::
$ openstack role create heat_stack_user
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | e01546b1a81c4e32a6d14a9259e60154 |
| name | heat_stack_user |
+-------+----------------------------------+
* Create the ``heat`` and ``heat-cfn`` service entities::
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 031112165cad4c2bb23e84603957de29 |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
$ openstack service create --name heat-cfn \
--description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 297740d74c0a446bbff867acdccb33fa |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
#. Create the Orchestration service API endpoints::
$ openstack endpoint create \
--publicurl http://controller:8004/v1/%\(tenant_id\)s \
--internalurl http://controller:8004/v1/%\(tenant_id\)s \
--adminurl http://controller:8004/v1/%\(tenant_id\)s \
--region RegionOne \
orchestration
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| adminurl | http://controller:8004/v1/%(tenant_id)s |
| id | f41225f665694b95a46448e8676b0dc2 |
| internalurl | http://controller:8004/v1/%(tenant_id)s |
| publicurl | http://controller:8004/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | 031112165cad4c2bb23e84603957de29 |
| service_name | heat |
| service_type | orchestration |
+--------------+-----------------------------------------+
$ openstack endpoint create \
--publicurl http://controller:8000/v1 \
--internalurl http://controller:8000/v1 \
--adminurl http://controller:8000/v1 \
--region RegionOne \
cloudformation
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://controller:8000/v1 |
| id | f41225f665694b95a46448e8676b0dc2 |
| internalurl | http://controller:8000/v1 |
| publicurl | http://controller:8000/v1 |
| region | RegionOne |
| service_id | 297740d74c0a446bbff867acdccb33fa |
| service_name | heat-cfn |
| service_type | cloudformation |
+--------------+----------------------------------+
Installing and configuring the Orchestration components
----------------------------------------------------------
To install and configure the Orchestration components:
#. Install OpenStack Orchestration bundle::
# clr_bundle_add openstack-orchestration
#. Create the ``/etc/heat/heat.conf file``::
# mkdir /etc/heat # touch /etc/heat/heat.conf
#. Edit the ``/etc/heat/heat.conf`` file and complete the following
actions:
* In the ``[database]`` section, configure database access.
Replace *HEAT_DBPASS*  with the password you chose for the
Orchestration database::
[database]
...
connection = mysql://heat:HEAT_DBPASS@controller/heat
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure RabbitMQ message queue access.
Replace *``RABBIT_PASS``*  with the password you chose for
the ``openstack`` account in RabbitMQ::
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
* In the ``[keystone_authtoken]`` and ``[ec2authtoken]`` sections,
configure Identity service access. Replace *HEAT_PASS*  with
the password you chose for the ``heat`` user in the Identity
service::
[keystone_authtoken]
...
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = heat
admin_password = HEAT_PASS
[ec2authtoken]
...
auth_uri = http://controller:5000/v2.0
* In the ``[DEFAULT]`` section, configure the metadata and wait
condition URLs::
[DEFAULT]
...
heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
* In the ``[DEFAULT]`` section, configure information about the
heat Identity service domain. Replace  *``HEAT_DOMAIN_PASS``*
 with the password you chose for the admin user of
the ``heat`` user domain in the Identity service::
[DEFAULT]
...
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = HEAT_DOMAIN_PASS
stack_user_domain_name = heat_user_domain
#. Source the ``admin`` credentials to gain access to admin-only CLI
commands::
$ source admin-openrc.sh
#. Create the heat domain in Identity service.
Replace *``HEAT_DOMAIN_PASS``*  with a suitable
password::
$ heat-keystone-setup-domain \
--stack-user-domain-name heat_user_domain \
--stack-domain-admin heat_domain_admin \
--stack-domain-admin-password HEAT_DOMAIN_PASS
#. Let systemd set the correct permissions for files in ``/etc/heat``::
# systemctl restart update-triggers.target
#. Populate the Orchestration database::
# su -s /bin/sh -c "heat-manage db_sync" heat``
Finalizing installation
~~~~~~~~~~~~~~~~~~~~~~~~
Complete this step to finalize the installation:
* Start the Orchestration services and configure them to start when the
system boots::
# systemctl enable heat-api.service heat-api-cfn.service heat-engine.service
# systemctl start heat-api.service heat-api-cfn.service heat-engine.service``
Next topic: :ref:`openstack_telemetry`.
Reference in New Issue View Git Blame Copy Permalink