CentOS 6
Sponsored Link

OpenStack Icehouse : Heat 設定#1
2015/02/02
 
OpenStack Orchestration Service(Heat)をインストールします。
ここでは以下のような構築済みの環境に Heat を追加インストールして設定します。
例として、Network Node に Orchestration サービス一式をインストールして設定します。
                                |
+------------------+            |            +------------------------+
| [ Control Node ] |            |            |    [ Network Node ]    |
|     Keystone     |10.0.0.30   |   10.0.0.50|    DHCP,L3,L2 Agent    |
|      Glance      |------------+------------|     Metadata Agent     |
|     Nova API     |eth0        |        eth0|    Heat API,API-CFN    |
|  Neutron Server  |            |            |       Heat Engine      |
+------------------+            |            +------------------------+
                            eth0|10.0.0.51
                      +--------------------+
                      |  [ Compute Node ]  |
                      |    Nova Compute    |
                      |      L2 Agent      |
                      +--------------------+

 
Heat の設定前に必要なユーザーやデータベースを Control Node に登録しておきます。
[1] 必要なものをインストールしておきます。
# RDO, EPEL からインストール

[root@dlp ~(keystone)]#
yum --enablerepo=openstack-icehouse,epel -y install python-openstackclient
[2] Control ノードの Keystone に Heat 用のユーザー等々を登録しておきます。
# Heat ユーザー作成 (service テナント所属)

[root@dlp ~(keystone)]#
keystone user-create --tenant service --name heat --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 49f9950ba1eb4216ace07589cc28eb71 |
|   name   |               heat               |
| tenantId | c578c978ddd24786a52c6b4ea97aa241 |
| username |               heat               |
+----------+----------------------------------+

[root@dlp ~(keystone)]#
keystone user-create --tenant service --name heat-cfn --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | 9f4892bd81ec446ca574608dccac4b8b |
|   name   |             heat-cfn             |
| tenantId | c578c978ddd24786a52c6b4ea97aa241 |
| username |             heat-cfn             |
+----------+----------------------------------+

# Heat ユーザーを adminロール に加える

[root@dlp ~(keystone)]#
keystone user-role-add --user heat --tenant service --role admin

[root@dlp ~(keystone)]#
keystone user-role-add --user heat-cfn --tenant service --role admin
# Heat用ロール作成

[root@dlp ~(keystone)]#
keystone role-create --name heat_stack_owner

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 098eb8d48cbd43d488b20aeffd6ea5b0 |
|   name   |         heat_stack_owner         |
+----------+----------------------------------+

[root@dlp ~(keystone)]#
keystone role-create --name heat_stack_user

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 5b596df87cac4ea296573fdfbe10b363 |
|   name   |         heat_stack_user          |
+----------+----------------------------------+

# admin ユーザーを heat_stack_owner ロール に加える

[root@dlp ~(keystone)]#
keystone user-role-add --user admin --tenant admin --role heat_stack_owner
# Heat 用サービスエントリ作成

[root@dlp ~(keystone)]#
keystone service-create --name=heat --type=orchestration --description="Orchestration Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |      Orchestration Service       |
|   enabled   |               True               |
|      id     | c8b0e632ded54a438c519b83eae0d59e |
|     name    |               heat               |
|     type    |          orchestration           |
+-------------+----------------------------------+

[root@dlp ~(keystone)]#
keystone service-create --name=heat-cfn --type=cloudformation --description="Cloudformation Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |      Cloudformation Service      |
|   enabled   |               True               |
|      id     | 9d99e9bfe9084028863bf619bdadfa16 |
|     name    |             heat-cfn             |
|     type    |          cloudformation          |
+-------------+----------------------------------+

# Heat API サーバーの IPアドレスを定義

[root@dlp ~(keystone)]#
HEAT_API=10.0.0.50
# Heat 用エンドポイント作成

[root@dlp ~(keystone)]#
keystone endpoint-create --region RegionOne \
--service heat \
--publicurl "http://$HEAT_API:8004/v1/\$(tenant_id)s" \
--internalurl "http://$HEAT_API:8004/v1/\$(tenant_id)s" \
--adminurl "http://$HEAT_API:8004/v1/\$(tenant_id)s"

+-------------+----------------------------------------+
|   Property  |                 Value                  |
+-------------+----------------------------------------+
|   adminurl  | http://10.0.0.50:8004/v1/$(tenant_id)s |
|      id     |    aae8dacdc469445fbf8362627767aa79    |
| internalurl | http://10.0.0.50:8004/v1/$(tenant_id)s |
|  publicurl  | http://10.0.0.50:8004/v1/$(tenant_id)s |
|    region   |               RegionOne                |
|  service_id |    c8b0e632ded54a438c519b83eae0d59e    |
+-------------+----------------------------------------+

[root@dlp ~(keystone)]#
keystone endpoint-create --region RegionOne \
--service heat-cfn \
--publicurl "http://$HEAT_API:8000/v1" \
--internalurl "http://$HEAT_API:8000/v1" \
--adminurl "http://$HEAT_API:8000/v1"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |     http://10.0.0.50:8000/v1     |
|      id     | 0f4db2129e064028b99f751819ed6f43 |
| internalurl |     http://10.0.0.50:8000/v1     |
|  publicurl  |     http://10.0.0.50:8000/v1     |
|    region   |            RegionOne             |
|  service_id | 9d99e9bfe9084028863bf619bdadfa16 |
+-------------+----------------------------------+

# Heat ドメイン作成

[root@dlp ~(keystone)]#
KEYSTONE_IP=10.0.0.30

[root@dlp ~(keystone)]#
ADMIN_TOKEN=`grep '^admin_token' /etc/keystone/keystone.conf | cut -d'=' -f2`

[root@dlp ~(keystone)]#
openstack --os-token $ADMIN_TOKEN \
--os-url=http://$KEYSTONE_IP:5000/v3 \
--os-identity-api-version=3 \
domain create heat \
--description "Owns users and projects created by heat"

+-------------+---------------------------------------------------------------------------------+
| Field       | Value                                                                           |
+-------------+---------------------------------------------------------------------------------+
| description | Owns users and projects created by heat                                         |
| enabled     | True                                                                            |
| id          | 691c160cf5304d029828417832ffe91e                                                |
| links       | {u'self': u'http://10.0.0.30:5000/v3/domains/691c160cf5304d029828417832ffe91e'} |
| name        | heat                                                                            |
+-------------+---------------------------------------------------------------------------------+

# Heat ドメイン管理ユーザー作成

[root@dlp ~(keystone)]#
HEAT_DOMAIN=`openstack --os-token $ADMIN_TOKEN --os-url=http://$KEYSTONE_IP:5000/v3 --os-identity-api-version=3 domain list | grep heat | awk '{print $2}'`

[root@dlp ~(keystone)]#
openstack --os-token $ADMIN_TOKEN \
--os-url=http://$KEYSTONE_IP:5000/v3 \
--os-identity-api-version=3 \
user create heat_domain_admin \
--password domainpassword \
--domain $HEAT_DOMAIN \
--description "Manages users and projects created by heat"

+-------------+-------------------------------------------------------------------------------+
| Field       | Value                                                                         |
+-------------+-------------------------------------------------------------------------------+
| description | Manages users and projects created by heat                                    |
| domain_id   | 691c160cf5304d029828417832ffe91e                                              |
| enabled     | True                                                                          |
| id          | ae407b30f4984bb7a64884002f6539a1                                              |
| links       | {u'self': u'http://10.0.0.30:5000/v3/users/ae407b30f4984bb7a64884002f6539a1'} |
| name        | heat_domain_admin                                                             |
+-------------+-------------------------------------------------------------------------------+

# Heat ドメイン管理ユーザーを admin ロールに加える

[root@dlp ~(keystone)]#
HEAT_DOMAIN_ADMIN=`openstack --os-token $ADMIN_TOKEN --os-url=http://$KEYSTONE_IP:5000/v3 --os-identity-api-version=3 user list | grep heat_domain_admin | awk '{print $2}'`

[root@dlp ~(keystone)]#
openstack --os-token $ADMIN_TOKEN \
--os-url=http://$KEYSTONE_IP:5000/v3 \
--os-identity-api-version=3 \
role add --user $HEAT_DOMAIN_ADMIN \
--domain $HEAT_DOMAIN admin

[3] Heat 用のユーザーとデータベースを MariaDB に登録しておきます。
[root@dlp ~(keystone)]#
mysql -u root -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 46
Server version: 5.5.40-MariaDB-wsrep MariaDB Server, wsrep_25.11.r4026

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
create database heat;

Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]>
grant all privileges on heat.* to heat@'localhost' identified by 'password';

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
grant all privileges on heat.* to heat@'%' identified by 'password';

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
flush privileges;

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
exit

Bye
 
Tweet