CentOS 7
Sponsored Link

OpenStack Juno : Heat 設定#12015/01/27

 
OpenStack Orchestration Service(Heat)をインストールします。
ここでは以下のような構築済みの環境に Heat を追加インストールして設定します。
例として、Network Node に Orchestration サービス一式をインストールして設定します。
                                |
+------------------+            |            +------------------------+
| [ Control Node ] |            |            |    [ Network Node ]    |
|     Keystone     |10.0.0.30   |   10.0.0.50|    DHCP,L3,L2 Agent    |
|      Glance      |------------+------------|     Metadata Agent     |
|     Nova API     |eth0        |        eth0|    Heat API,API-CFN    |
|  Neutron Server  |            |            |       Heat Engine      |
+------------------+            |            +------------------------+
                            eth0|10.0.0.51
                      +--------------------+
                      |  [ Compute Node ]  |
                      |    Nova Compute    |
                      |      L2 Agent      |
                      +--------------------+

 
Heat の設定前に必要なユーザーやデータベースを Control Node に登録しておきます。
[1] 必要なものをインストールしておきます。
# RDO, EPEL からインストール

[root@dlp ~(keystone)]#
yum --enablerepo=openstack-juno,epel -y install python-openstackclient
[2] Control ノードの Keystone に Heat 用のユーザー等々を登録しておきます。
# Heat ユーザー作成 (service テナント所属)

[root@dlp ~(keystone)]#
keystone user-create --tenant service --name heat --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | bd8a752a43b640f4a1aef2fc7c793bca |
|   name   |               heat               |
| tenantId | 9e657ab1d2344de5aa9d86006732c7f0 |
| username |               heat               |
+----------+----------------------------------+

[root@dlp ~(keystone)]#
keystone user-create --tenant service --name heat-cfn --pass servicepassword --enabled true

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | f0d097806f3f4551902e9837ad6ba19a |
|   name   |             heat-cfn             |
| tenantId | 9e657ab1d2344de5aa9d86006732c7f0 |
| username |             heat-cfn             |
+----------+----------------------------------+

# Heat ユーザーを adminロール に加える

[root@dlp ~(keystone)]#
keystone user-role-add --user heat --tenant service --role admin

[root@dlp ~(keystone)]#
keystone user-role-add --user heat-cfn --tenant service --role admin
# Heat用ロール作成

[root@dlp ~(keystone)]#
keystone role-create --name heat_stack_owner

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 864d549696d8483ba5abb4d39502c6e1 |
|   name   |         heat_stack_owner         |
+----------+----------------------------------+

[root@dlp ~(keystone)]#
keystone role-create --name heat_stack_user

+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 1e1a4d5629bf44ef92da25e2d2dd1fef |
|   name   |         heat_stack_user          |
+----------+----------------------------------+

# admin ユーザーを heat_stack_owner ロール に加える

[root@dlp ~(keystone)]#
keystone user-role-add --user admin --tenant admin --role heat_stack_owner
# Heat 用サービスエントリ作成

[root@dlp ~(keystone)]#
keystone service-create --name=heat --type=orchestration --description="Orchestration Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |      Orchestration Service       |
|   enabled   |               True               |
|      id     | 4ce6b6d9352848328b90ca678ce9a95f |
|     name    |               heat               |
|     type    |          orchestration           |
+-------------+----------------------------------+

[root@dlp ~(keystone)]#
keystone service-create --name=heat-cfn --type=cloudformation --description="Cloudformation Service"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |      Cloudformation Service      |
|   enabled   |               True               |
|      id     | e5c757c5bf5f43129cc2c451f93af5d9 |
|     name    |             heat-cfn             |
|     type    |          cloudformation          |
+-------------+----------------------------------+

# Heat API サーバーの IPアドレスを定義

[root@dlp ~(keystone)]#
HEAT_API=10.0.0.50
# Heat 用エンドポイント作成

[root@dlp ~(keystone)]#
keystone endpoint-create --region RegionOne \
--service heat \
--publicurl "http://$HEAT_API:8004/v1/\$(tenant_id)s" \
--internalurl "http://$HEAT_API:8004/v1/\$(tenant_id)s" \
--adminurl "http://$HEAT_API:8004/v1/\$(tenant_id)s"

+-------------+----------------------------------------+
|   Property  |                 Value                  |
+-------------+----------------------------------------+
|   adminurl  | http://10.0.0.50:8004/v1/$(tenant_id)s |
|      id     |    d3963a9e81a04f0ea3b767cffbbd52b1    |
| internalurl | http://10.0.0.50:8004/v1/$(tenant_id)s |
|  publicurl  | http://10.0.0.50:8004/v1/$(tenant_id)s |
|    region   |               RegionOne                |
|  service_id |    9362f63bbd0e4bcfad1e54966673eb88    |
+-------------+----------------------------------------+

[root@dlp ~(keystone)]#
keystone endpoint-create --region RegionOne \
--service heat-cfn \
--publicurl "http://$HEAT_API:8000/v1" \
--internalurl "http://$HEAT_API:8000/v1" \
--adminurl "http://$HEAT_API:8000/v1"

+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |     http://10.0.0.50:8000/v1     |
|      id     | 9388e384f6454d43979c0be779293ca6 |
| internalurl |     http://10.0.0.50:8000/v1     |
|  publicurl  |     http://10.0.0.50:8000/v1     |
|    region   |            RegionOne             |
|  service_id | 213530d8591f491ea12055f4494bbd3e |
+-------------+----------------------------------+

# Heat ドメイン作成

[root@dlp ~(keystone)]#
KEYSTONE_IP=10.0.0.30

[root@dlp ~(keystone)]#
ADMIN_TOKEN=`grep '^admin_token' /etc/keystone/keystone.conf | cut -d'=' -f2`

[root@dlp ~(keystone)]#
openstack --os-token $ADMIN_TOKEN \
--os-url=http://$KEYSTONE_IP:5000/v3 \
--os-identity-api-version=3 \
domain create heat \
--description "Owns users and projects created by heat"

+-------------+-----------------------------------------+
| Field       | Value                                   |
+-------------+-----------------------------------------+
| description | Owns users and projects created by heat |
| enabled     | True                                    |
| id          | f1fd51925eed483a88bff3053d16b1b7        |
| name        | heat                                    |
+-------------+-----------------------------------------+

# Heat ドメイン管理ユーザー作成

[root@dlp ~(keystone)]#
HEAT_DOMAIN=`openstack --os-token $ADMIN_TOKEN --os-url=http://$KEYSTONE_IP:5000/v3 --os-identity-api-version=3 domain list | grep heat | awk '{print $2}'`

[root@dlp ~(keystone)]#
openstack --os-token $ADMIN_TOKEN \
--os-url=http://$KEYSTONE_IP:5000/v3 \
--os-identity-api-version=3 \
user create heat_domain_admin \
--password domainpassword \
--domain $HEAT_DOMAIN \
--description "Manages users and projects created by heat"

+-------------+--------------------------------------------+
| Field       | Value                                      |
+-------------+--------------------------------------------+
| description | Manages users and projects created by heat |
| domain_id   | f1fd51925eed483a88bff3053d16b1b7           |
| enabled     | True                                       |
| id          | 707fab244c154254853a7ecfe373a8f9           |
| name        | heat_domain_admin                          |
+-------------+--------------------------------------------+

# Heat ドメイン管理ユーザーを admin ロールに加える

[root@dlp ~(keystone)]#
HEAT_DOMAIN_ADMIN=`openstack --os-token $ADMIN_TOKEN --os-url=http://$KEYSTONE_IP:5000/v3 --os-identity-api-version=3 user list | grep heat_domain_admin | awk '{print $2}'`

[root@dlp ~(keystone)]#
openstack --os-token $ADMIN_TOKEN \
--os-url=http://$KEYSTONE_IP:5000/v3 \
--os-identity-api-version=3 \
role add --user $HEAT_DOMAIN_ADMIN \
--domain $HEAT_DOMAIN admin

[3] Heat 用のユーザーとデータベースを MariaDB に登録しておきます。
[root@dlp ~(keystone)]#
mysql -u root -p

Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 5.5.40-MariaDB-wsrep MariaDB Server, wsrep_25.11.r4026

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
create database heat;

Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]>
grant all privileges on heat.* to heat@'localhost' identified by 'password';

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
grant all privileges on heat.* to heat@'%' identified by 'password';

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
flush privileges;

Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
exit

Bye
関連コンテンツ