Heat高可用部署
1 简介
The Orchestration service provides a template-based orchestration for describing a cloud application by running OpenStack API calls to generate running cloud applications. The software integrates other core components of OpenStack into a one-file template system. The templates allow you to create most OpenStack resource types, such as instances, floating IPs, volumes, security groups and users. It also provides advanced functionality, such as instance high availability, instance auto-scaling, and nested stacks. This enables OpenStack core projects to receive a larger user base.
The service enables deployers to integrate with the Orchestration service directly or through custom plug-ins.
The Orchestration service consists of the following components:
heat command-line client
A CLI that communicates with the heat-api to run AWS CloudFormation APIs. End developers can directly use the Orchestration REST API.
heat-api component
An OpenStack-native REST API that processes API requests by sending them to the heat-engine over Remote Procedure Call (RPC).
heat-api-cfn component
An AWS Query API that is compatible with AWS CloudFormation. It processes API requests by sending them to the heat-engine over RPC.
heat-engine
Orchestrates the launching of templates and provides events back to the API consumer.
2 安装和配置
启用OpenStack 库¶
# apt-get install software-properties-common
# add-apt-repository cloud-archive:liberty
1. 在主机上升级包:
# apt-get update && apt-get dist-upgrade
注解
如果更新了一个新内核,重启主机来使用新内核。
2. 安装 OpenStack 客户端:
# apt-get install python-openstackclient
以下部分将描述如何在控制节点上安装及配置 Orchestration 服务,即heat。
前提条件¶
在你安装和配置流程服务之前,你必须创建数据库,服务凭证和API端点。流程同时需要在认证服务中添加额外信息。
1. 完成下面的步骤以创建数据库:
o 用数据库连接客户端以 root 用户连接到数据库服务器:
o $ mysql -u root -p
o 创建 heat 数据库:
o CREATE DATABASE heat;
o 对``heat``数据库授予恰当的权限:
o GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
o IDENTIFIED BY 'HEAT_DBPASS';
o GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
o IDENTIFIED BY 'HEAT_DBPASS';
使用合适的密码替换``HEAT_DBPASS``。
o 退出数据库客户端。
2. 获得 admin 凭证来获取只有管理员能执行命令的访问权限:
3. $ source admin-openrc.sh
4. 要创建服务证书,完成这些步骤:
o 创建``heat`` 用户:
o $ openstack user create --domain default --password-prompt heat
o User Password:
o Repeat User Password:
o +-----------+----------------------------------+
o | Field | Value |
o +-----------+----------------------------------+
o | domain_id | default |
o | enabled | True |
o | id | ca2e175b851943349be29a328cc5e360 |
o | name | heat |
o +-----------+----------------------------------+
o 添加 admin 角色到 heat 用户上。
o $ openstack role add --project service --user heat admin
注解
这个命令执行后没有输出。
o 创建``heat`` 和 heat-cfn 服务实体:
o $ openstack service create --name heat \
o --description "Orchestration" orchestration
o +-------------+----------------------------------+
o | Field | Value |
o +-------------+----------------------------------+
o | description | Orchestration |
o | enabled | True |
o | id | 727841c6f5df4773baa4e8a5ae7d72eb |
o | name | heat |
o | type | orchestration |
o +-------------+----------------------------------+
o
o $ openstack service create --name heat-cfn \
o --description "Orchestration" cloudformation
o +-------------+----------------------------------+
o | Field | Value |
o +-------------+----------------------------------+
o | description | Orchestration |
o | enabled | True |
o | id | c42cede91a4e47c3b10c8aedc8d890c6 |
o | name | heat-cfn |
o | type | cloudformation |
o +-------------+----------------------------------+
5. 创建 Orchestration 服务的 API 端点:
6. $ openstack endpoint create --region RegionOne \
7. orchestration public http://controller:8004/v1/%\(tenant_id\)s
8. +--------------+-----------------------------------------+
9. | Field | Value |
10. +--------------+-----------------------------------------+
11. | enabled | True |
12. | id | 3f4dab34624e4be7b000265f25049609 |
13. | interface | public |
14. | region | RegionOne |
15. | region_id | RegionOne |
16. | service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
17. | service_name | heat |
18. | service_type | orchestration |
19. | url | http://controller:8004/v1/%(tenant_id)s |
20. +--------------+-----------------------------------------+
21.
22. $ openstack endpoint create --region RegionOne \
23. orchestration internal http://controller:8004/v1/%\(tenant_id\)s
24. +--------------+-----------------------------------------+
25. | Field | Value |
26. +--------------+-----------------------------------------+
27. | enabled | True |
28. | id | 9489f78e958e45cc85570fec7e836d98 |
29. | interface | internal |
30. | region | RegionOne |
31. | region_id | RegionOne |
32. | service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
33. | service_name | heat |
34. | service_type | orchestration |
35. | url | http://controller:8004/v1/%(tenant_id)s |
36. +--------------+-----------------------------------------+
37.
38. $ openstack endpoint create --region RegionOne \
39. orchestration admin http://controller:8004/v1/%\(tenant_id\)s
40. +--------------+-----------------------------------------+
41. | Field | Value |
42. +--------------+-----------------------------------------+
43. | enabled | True |
44. | id | 76091559514b40c6b7b38dde790efe99 |
45. | interface | admin |
46. | region | RegionOne |
47. | region_id | RegionOne |
48. | service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
49. | service_name | heat |
50. | service_type | orchestration |
51. | url | http://controller:8004/v1/%(tenant_id)s |
52. +--------------+-----------------------------------------+
53. $ openstack endpoint create --region RegionOne \
54. cloudformation public http://controller:8000/v1
55. +--------------+----------------------------------+
56. | Field | Value |
57. +--------------+----------------------------------+
58. | enabled | True |
59. | id | b3ea082e019c4024842bf0a80555052c |
60. | interface | public |
61. | region | RegionOne |
62. | region_id | RegionOne |
63. | service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
64. | service_name | heat-cfn |
65. | service_type | cloudformation |
66. | url | http://controller:8000/v1 |
67. +--------------+----------------------------------+
68.
69. $ openstack endpoint create --region RegionOne \
70. cloudformation internal http://controller:8000/v1
71. +--------------+----------------------------------+
72. | Field | Value |
73. +--------------+----------------------------------+
74. | enabled | True |
75. | id | 169df4368cdc435b8b115a9cb084044e |
76. | interface | internal |
77. | region | RegionOne |
78. | region_id | RegionOne |
79. | service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
80. | service_name | heat-cfn |
81. | service_type | cloudformation |
82. | url | http://controller:8000/v1 |
83. +--------------+----------------------------------+
84.
85. $ openstack endpoint create --region RegionOne \
86. cloudformation admin http://controller:8000/v1
87. +--------------+----------------------------------+
88. | Field | Value |
89. +--------------+----------------------------------+
90. | enabled | True |
91. | id | 3d3edcd61eb343c1bbd629aa041ff88b |
92. | interface | internal |
93. | region | RegionOne |
94. | region_id | RegionOne |
95. | service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
96. | service_name | heat-cfn |
97. | service_type | cloudformation |
98. | url | http://controller:8000/v1 |
99. +--------------+----------------------------------+
100. 为了管理栈,在认证服务中Orchestration需要更多信息。为了添加这些信息,完成下面的步骤:
o 为栈创建 heat 包含项目和用户的域:
o $ openstack domain create --description "Stack projects and users" heat
o +-------------+----------------------------------+
o | Field | Value |
o +-------------+----------------------------------+
o | description | Stack projects and users |
o | enabled | True |
o | id | 0f4d1bd326f2454dacc72157ba328a47 |
o | name | heat |
o +-------------+----------------------------------+
o 在 heat 域中创建管理项目和用户的``heat_domain_admin``用户:
o $ openstack user create --domain heat --password-prompt heat_domain_admin
o User Password:
o Repeat User Password:
o +-----------+----------------------------------+
o | Field | Value |
o +-----------+----------------------------------+
o | domain_id | 0f4d1bd326f2454dacc72157ba328a47 |
o | enabled | True |
o | id | b7bd1abfbcf64478b47a0f13cd4d970a |
o | name | heat_domain_admin |
o +-----------+----------------------------------+
o 添加``admin``角色到 heat 域 中的``heat_domain_admin``用户,启用``heat_domain_admin``用户管理栈的管理权限:
o $ openstack role add --domain heat --user heat_domain_admin admin
注解
这个命令执行后没有输出。
o 创建 heat_stack_owner 角色:
o $ openstack role create heat_stack_owner
o +-------+----------------------------------+
o | Field | Value |
o +-------+----------------------------------+
o | id | 15e34f0c4fed4e68b3246275883c8630 |
o | name | heat_stack_owner |
o +-------+----------------------------------+
o 添加``heat_stack_owner`` 角色到``demo`` 项目和用户,启用``demo`` 用户管理栈。
o $ openstack role add --project demo --user demo heat_stack_owner
注解
这个命令执行后没有输出。
注解
你必须添加 heat_stack_owner 角色到每个管理栈的用户。
o 创建 heat_stack_user 角色:
o $ openstack role create heat_stack_user
o +-------+----------------------------------+
o | Field | Value |
o +-------+----------------------------------+
o | id | 88849d41a55d4d1d91e4f11bffd8fc5c |
o | name | heat_stack_user |
o +-------+----------------------------------+
注解
Orchestration 自动地分配 ``heat_stack_user``角色给在 stack 部署过程中创建的用户。默认情况下,这个角色会限制 API 的操作。为了避免冲突,请不要为用户添加 ``heat_stack_owner``角色。
安全并配置组件¶
注解
默认配置文件在各发行版本中可能不同。你可能需要添加这些部分和选项而不是修改已经存在的部分和选项。另外,在配置片段中的省略号(...)表示默认的配置选项你应该保留。
1. 安装软件包:
2. # apt-get install heat-api heat-api-cfn heat-engine \
3. python-heatclient
2. 编辑文件 /etc/heat/heat.conf 并完成如下动作:
o 在 [database] 部分,配置数据库访问:
o [database]
o ...
o connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat
将 HEAT_DBPASS 替换为你为 Orchestration 数据库选择的密码。
o 在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列访问:
o [DEFAULT]
o ...
o rpc_backend = rabbit
o
o [oslo_messaging_rabbit]
o ...
o rabbit_host = controller
o rabbit_userid = openstack
o rabbit_password = RABBIT_PASS
用你在 “RabbitMQ” 中为 “openstack” 用户选择的密码替换 “RABBIT_PASS”。
o 在``[keystone_authtoken]``, [trustee],[clients_keystone]``和 ``[ec2authtoken] 部分,配置认证服务访问:
o [keystone_authtoken]
o ...
o auth_uri = http://controller:5000
o auth_url = http://controller:35357
o auth_plugin = password
o project_domain_id = default
o user_domain_id = default
o project_name = service
o username = heat
o password = HEAT_PASS
o
o [trustee]
o ...
o auth_plugin = password
o auth_url = http://controller:35357
o username = heat
o password = HEAT_PASS
o user_domain_id = default
o
o [clients_keystone]
o ...
o auth_uri = http://controller:5000
o
o [ec2authtoken]
o ...
o auth_uri = http://controller:5000/v3
将``HEAT_PASS`` 替换为你在认证服务中为 heat 用户选择的密码。
o 在``[DEFAULT]`` 部分,配置元数据和 等待条件URLs:
o [DEFAULT]
o ...
o heat_metadata_server_url = http://controller:8000
o heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
o 在 [DEFAULT] 部分,配置栈域与管理凭据:
o [DEFAULT]
o ...
o stack_domain_admin = heat_domain_admin
o stack_domain_admin_password = HEAT_DOMAIN_PASS
o stack_user_domain_name = heat
将 HEAT_DOMAIN_PASS 替换为你在认证服务中为``heat_domain_admin`` 用户选择的密码。
o (可选的)为帮助排错,在 “[DEFAULT]”部分启用详细日志。
o [DEFAULT]
o ...
o verbose = True
3. 同步Orchestration数据库:
4. # su -s /bin/sh -c "heat-manage db_sync" heat
完成安装¶
1. 重启Orchestration服务:
2. # service heat-api restart
3. # service heat-api-cfn restart
4. # service heat-engine restart
2. 默认情况下,Ubuntu 上的安装包会自动创建一个 SQLite 数据库。
因为这里配置使用SQL 数据库服务器,所以你可以SQLite 服务库文件:
# rm -f /var/lib/heat/heat.sqlite
验证操作
验证Orchestration服务的相关操作。
注解
在控制节点上执行这些命令。
1. 执行租户凭证``admin`脚本:
2. $ source admin-openrc.sh
3. 列出服务组件,以验证是否成功启动并注册了每个进程:
4. $ heat service-list
5. +------------+-------------+--------------------------------------+------------+--------+----------------------------+--------+
6. | hostname | binary | engine_id | host | topic | updated_at | status |
7. +------------+-------------+--------------------------------------+------------+--------+----------------------------+--------+
8. | controller | heat-engine | 3e85d1ab-a543-41aa-aa97-378c381fb958 | controller | engine | 2015-10-13T14:16:06.000000 | up |
9. | controller | heat-engine | 45dbdcf6-5660-4d5f-973a-c4fc819da678 | controller | engine | 2015-10-13T14:16:06.000000 | up |
10. | controller | heat-engine | 51162b63-ecb8-4c6c-98c6-993af899c4f7 | controller | engine | 2015-10-13T14:16:06.000000 | up |
11. | controller | heat-engine | 8d7edc6d-77a6-460d-bd2a-984d76954646 | controller | engine | 2015-10-13T14:16:06.000000 | up |
12. +------------+-------------+--------------------------------------+------------+--------+----------------------------+--------+
注解
该输出显示表明在控制节点上有应该四个``heat-engine``组件。
3 创建一个启动实例的栈
创建一个模板¶
Orchestration服务使用模版来描述栈。想要学习模版语言,参考`Heat developer documentation <http://docs.openstack.org/developer/heat/index.html>`__中的`the Template Guide <http://docs.openstack.org/developer/heat/template_guide/index.html>`__ 。`
• 使用下面的内容创建``demo-template.yml``文件:
• heat_template_version: 2015-10-15
• description: Launch a basic instance using the ``m1.tiny`` flavor and one network.
•
• parameters:
• ImageID:
• type: string
• description: Image to use for the instance.
• NetID:
• type: string
• description: Network ID to use for the instance.
•
• resources:
• server:
• type: OS::Nova::Server
• properties:
• image: { get_param: ImageID }
• flavor: m1.tiny
• networks:
• - network: { get_param: NetID }
•
• outputs:
• instance_name:
• description: Name of the instance.
• value: { get_attr: [ server, name ] }
• instance_ip:
• description: IP address of the instance.
• value: { get_attr: [ server, first_address ] }
创建一个栈¶
使用``demo-template.yml`` 模版创建一个栈。
1. 加载 ``demo``凭证,作为非管理员项目执行下面的步骤:
$ source demo-openrc.sh
2. 检测可用网络。
$ neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+-----------------------------------------------------+
| 9c13da20-4c4f-486f-a4e9-692e9ea397f1 | public | 85140549-1f54-4bc6-a2c5-f08428de3f7a 203.0.113.0/24 |
| 303a9aaf-40fd-4fc8-9213-39bff933467b | private | ddeba0b1-21eb-471a-8f31-10f0e290cc36 172.16.1.0/24 |
+--------------------------------------+---------+-----------------------------------------------------+
注解
这个输出可能跟你的环境有所不同。
3. 设置``NET_ID``环境变量表示网络ID。例如,使用``public`` 网络:
$ export NET_ID=$(neutron net-list | awk '/ public / { print $2 }')
4. 在公共网络上创建一个CirrOS实例的栈:
$ heat stack-create -f demo-template.yml -P "ImageID=cirros;NetID=$NET_ID" stack
+--------------------------------------+------------+--------------------+---------------------+--------------+
| id | stack_name | stack_status | creation_time | updated_time |
+--------------------------------------+------------+--------------------+---------------------+--------------+
| dbf46d1b-0b97-4d45-a0b3-9662a1eb6cf3 | stack | CREATE_IN_PROGRESS | 2015-10-13T15:27:20 | None |
+--------------------------------------+------------+--------------------+---------------------+--------------+
5. 等一段时间,验证栈的创建是否成功:
$ heat stack-list
+--------------------------------------+------------+-----------------+---------------------+--------------+
| id | stack_name | stack_status | creation_time | updated_time |
+--------------------------------------+------------+-----------------+---------------------+--------------+
| dbf46d1b-0b97-4d45-a0b3-9662a1eb6cf3 | stack | CREATE_COMPLETE | 2015-10-13T15:27:20 | None |
+--------------------------------------+------------+-----------------+---------------------+--------------+
6. 查看实例的名称和IB地址并和``nova`` 命令的输出比较:
$ heat output-show --all stack
[
{
"output_value": "stack-server-3nzfyfofu6d4",
"description": "Name of the instance.",
"output_key": "instance_name"
},
{
"output_value": "10.4.31.106",
"description": "IP address of the instance.",
"output_key": "instance_ip"
}
]
$ nova list
+--------------------------------------+---------------------------+--------+------------+-------------+---------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------------------+--------+------------+-------------+---------------------------------+
| 0fc2af0c-ae79-4d22-8f36-9e860c257da5 | stack-server-3nzfyfofu6d4 | ACTIVE | - | Running | public=10.4.31.106 |
+--------------------------------------+---------------------------+--------+------------+-------------+---------------------------------+
7. 删除栈。
$ heat stack-delete stack
http://blog.csdn.net/tantexian/article/details/44959977
1 简介
The Orchestration service provides a template-based orchestration for describing a cloud application by running OpenStack API calls to generate running cloud applications. The software integrates other core components of OpenStack into a one-file template system. The templates allow you to create most OpenStack resource types, such as instances, floating IPs, volumes, security groups and users. It also provides advanced functionality, such as instance high availability, instance auto-scaling, and nested stacks. This enables OpenStack core projects to receive a larger user base.
The service enables deployers to integrate with the Orchestration service directly or through custom plug-ins.
The Orchestration service consists of the following components:
heat command-line client
A CLI that communicates with the heat-api to run AWS CloudFormation APIs. End developers can directly use the Orchestration REST API.
heat-api component
An OpenStack-native REST API that processes API requests by sending them to the heat-engine over Remote Procedure Call (RPC).
heat-api-cfn component
An AWS Query API that is compatible with AWS CloudFormation. It processes API requests by sending them to the heat-engine over RPC.
heat-engine
Orchestrates the launching of templates and provides events back to the API consumer.
2 安装和配置
启用OpenStack 库¶
# apt-get install software-properties-common
# add-apt-repository cloud-archive:liberty
1. 在主机上升级包:
# apt-get update && apt-get dist-upgrade
注解
如果更新了一个新内核,重启主机来使用新内核。
2. 安装 OpenStack 客户端:
# apt-get install python-openstackclient
以下部分将描述如何在控制节点上安装及配置 Orchestration 服务,即heat。
前提条件¶
在你安装和配置流程服务之前,你必须创建数据库,服务凭证和API端点。流程同时需要在认证服务中添加额外信息。
1. 完成下面的步骤以创建数据库:
o 用数据库连接客户端以 root 用户连接到数据库服务器:
o $ mysql -u root -p
o 创建 heat 数据库:
o CREATE DATABASE heat;
o 对``heat``数据库授予恰当的权限:
o GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
o IDENTIFIED BY 'HEAT_DBPASS';
o GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
o IDENTIFIED BY 'HEAT_DBPASS';
使用合适的密码替换``HEAT_DBPASS``。
o 退出数据库客户端。
2. 获得 admin 凭证来获取只有管理员能执行命令的访问权限:
3. $ source admin-openrc.sh
4. 要创建服务证书,完成这些步骤:
o 创建``heat`` 用户:
o $ openstack user create --domain default --password-prompt heat
o User Password:
o Repeat User Password:
o +-----------+----------------------------------+
o | Field | Value |
o +-----------+----------------------------------+
o | domain_id | default |
o | enabled | True |
o | id | ca2e175b851943349be29a328cc5e360 |
o | name | heat |
o +-----------+----------------------------------+
o 添加 admin 角色到 heat 用户上。
o $ openstack role add --project service --user heat admin
注解
这个命令执行后没有输出。
o 创建``heat`` 和 heat-cfn 服务实体:
o $ openstack service create --name heat \
o --description "Orchestration" orchestration
o +-------------+----------------------------------+
o | Field | Value |
o +-------------+----------------------------------+
o | description | Orchestration |
o | enabled | True |
o | id | 727841c6f5df4773baa4e8a5ae7d72eb |
o | name | heat |
o | type | orchestration |
o +-------------+----------------------------------+
o
o $ openstack service create --name heat-cfn \
o --description "Orchestration" cloudformation
o +-------------+----------------------------------+
o | Field | Value |
o +-------------+----------------------------------+
o | description | Orchestration |
o | enabled | True |
o | id | c42cede91a4e47c3b10c8aedc8d890c6 |
o | name | heat-cfn |
o | type | cloudformation |
o +-------------+----------------------------------+
5. 创建 Orchestration 服务的 API 端点:
6. $ openstack endpoint create --region RegionOne \
7. orchestration public http://controller:8004/v1/%\(tenant_id\)s
8. +--------------+-----------------------------------------+
9. | Field | Value |
10. +--------------+-----------------------------------------+
11. | enabled | True |
12. | id | 3f4dab34624e4be7b000265f25049609 |
13. | interface | public |
14. | region | RegionOne |
15. | region_id | RegionOne |
16. | service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
17. | service_name | heat |
18. | service_type | orchestration |
19. | url | http://controller:8004/v1/%(tenant_id)s |
20. +--------------+-----------------------------------------+
21.
22. $ openstack endpoint create --region RegionOne \
23. orchestration internal http://controller:8004/v1/%\(tenant_id\)s
24. +--------------+-----------------------------------------+
25. | Field | Value |
26. +--------------+-----------------------------------------+
27. | enabled | True |
28. | id | 9489f78e958e45cc85570fec7e836d98 |
29. | interface | internal |
30. | region | RegionOne |
31. | region_id | RegionOne |
32. | service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
33. | service_name | heat |
34. | service_type | orchestration |
35. | url | http://controller:8004/v1/%(tenant_id)s |
36. +--------------+-----------------------------------------+
37.
38. $ openstack endpoint create --region RegionOne \
39. orchestration admin http://controller:8004/v1/%\(tenant_id\)s
40. +--------------+-----------------------------------------+
41. | Field | Value |
42. +--------------+-----------------------------------------+
43. | enabled | True |
44. | id | 76091559514b40c6b7b38dde790efe99 |
45. | interface | admin |
46. | region | RegionOne |
47. | region_id | RegionOne |
48. | service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
49. | service_name | heat |
50. | service_type | orchestration |
51. | url | http://controller:8004/v1/%(tenant_id)s |
52. +--------------+-----------------------------------------+
53. $ openstack endpoint create --region RegionOne \
54. cloudformation public http://controller:8000/v1
55. +--------------+----------------------------------+
56. | Field | Value |
57. +--------------+----------------------------------+
58. | enabled | True |
59. | id | b3ea082e019c4024842bf0a80555052c |
60. | interface | public |
61. | region | RegionOne |
62. | region_id | RegionOne |
63. | service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
64. | service_name | heat-cfn |
65. | service_type | cloudformation |
66. | url | http://controller:8000/v1 |
67. +--------------+----------------------------------+
68.
69. $ openstack endpoint create --region RegionOne \
70. cloudformation internal http://controller:8000/v1
71. +--------------+----------------------------------+
72. | Field | Value |
73. +--------------+----------------------------------+
74. | enabled | True |
75. | id | 169df4368cdc435b8b115a9cb084044e |
76. | interface | internal |
77. | region | RegionOne |
78. | region_id | RegionOne |
79. | service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
80. | service_name | heat-cfn |
81. | service_type | cloudformation |
82. | url | http://controller:8000/v1 |
83. +--------------+----------------------------------+
84.
85. $ openstack endpoint create --region RegionOne \
86. cloudformation admin http://controller:8000/v1
87. +--------------+----------------------------------+
88. | Field | Value |
89. +--------------+----------------------------------+
90. | enabled | True |
91. | id | 3d3edcd61eb343c1bbd629aa041ff88b |
92. | interface | internal |
93. | region | RegionOne |
94. | region_id | RegionOne |
95. | service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
96. | service_name | heat-cfn |
97. | service_type | cloudformation |
98. | url | http://controller:8000/v1 |
99. +--------------+----------------------------------+
100. 为了管理栈,在认证服务中Orchestration需要更多信息。为了添加这些信息,完成下面的步骤:
o 为栈创建 heat 包含项目和用户的域:
o $ openstack domain create --description "Stack projects and users" heat
o +-------------+----------------------------------+
o | Field | Value |
o +-------------+----------------------------------+
o | description | Stack projects and users |
o | enabled | True |
o | id | 0f4d1bd326f2454dacc72157ba328a47 |
o | name | heat |
o +-------------+----------------------------------+
o 在 heat 域中创建管理项目和用户的``heat_domain_admin``用户:
o $ openstack user create --domain heat --password-prompt heat_domain_admin
o User Password:
o Repeat User Password:
o +-----------+----------------------------------+
o | Field | Value |
o +-----------+----------------------------------+
o | domain_id | 0f4d1bd326f2454dacc72157ba328a47 |
o | enabled | True |
o | id | b7bd1abfbcf64478b47a0f13cd4d970a |
o | name | heat_domain_admin |
o +-----------+----------------------------------+
o 添加``admin``角色到 heat 域 中的``heat_domain_admin``用户,启用``heat_domain_admin``用户管理栈的管理权限:
o $ openstack role add --domain heat --user heat_domain_admin admin
注解
这个命令执行后没有输出。
o 创建 heat_stack_owner 角色:
o $ openstack role create heat_stack_owner
o +-------+----------------------------------+
o | Field | Value |
o +-------+----------------------------------+
o | id | 15e34f0c4fed4e68b3246275883c8630 |
o | name | heat_stack_owner |
o +-------+----------------------------------+
o 添加``heat_stack_owner`` 角色到``demo`` 项目和用户,启用``demo`` 用户管理栈。
o $ openstack role add --project demo --user demo heat_stack_owner
注解
这个命令执行后没有输出。
注解
你必须添加 heat_stack_owner 角色到每个管理栈的用户。
o 创建 heat_stack_user 角色:
o $ openstack role create heat_stack_user
o +-------+----------------------------------+
o | Field | Value |
o +-------+----------------------------------+
o | id | 88849d41a55d4d1d91e4f11bffd8fc5c |
o | name | heat_stack_user |
o +-------+----------------------------------+
注解
Orchestration 自动地分配 ``heat_stack_user``角色给在 stack 部署过程中创建的用户。默认情况下,这个角色会限制 API 的操作。为了避免冲突,请不要为用户添加 ``heat_stack_owner``角色。
安全并配置组件¶
注解
默认配置文件在各发行版本中可能不同。你可能需要添加这些部分和选项而不是修改已经存在的部分和选项。另外,在配置片段中的省略号(...)表示默认的配置选项你应该保留。
1. 安装软件包:
2. # apt-get install heat-api heat-api-cfn heat-engine \
3. python-heatclient
2. 编辑文件 /etc/heat/heat.conf 并完成如下动作:
o 在 [database] 部分,配置数据库访问:
o [database]
o ...
o connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat
将 HEAT_DBPASS 替换为你为 Orchestration 数据库选择的密码。
o 在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列访问:
o [DEFAULT]
o ...
o rpc_backend = rabbit
o
o [oslo_messaging_rabbit]
o ...
o rabbit_host = controller
o rabbit_userid = openstack
o rabbit_password = RABBIT_PASS
用你在 “RabbitMQ” 中为 “openstack” 用户选择的密码替换 “RABBIT_PASS”。
o 在``[keystone_authtoken]``, [trustee],[clients_keystone]``和 ``[ec2authtoken] 部分,配置认证服务访问:
o [keystone_authtoken]
o ...
o auth_uri = http://controller:5000
o auth_url = http://controller:35357
o auth_plugin = password
o project_domain_id = default
o user_domain_id = default
o project_name = service
o username = heat
o password = HEAT_PASS
o
o [trustee]
o ...
o auth_plugin = password
o auth_url = http://controller:35357
o username = heat
o password = HEAT_PASS
o user_domain_id = default
o
o [clients_keystone]
o ...
o auth_uri = http://controller:5000
o
o [ec2authtoken]
o ...
o auth_uri = http://controller:5000/v3
将``HEAT_PASS`` 替换为你在认证服务中为 heat 用户选择的密码。
o 在``[DEFAULT]`` 部分,配置元数据和 等待条件URLs:
o [DEFAULT]
o ...
o heat_metadata_server_url = http://controller:8000
o heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
o 在 [DEFAULT] 部分,配置栈域与管理凭据:
o [DEFAULT]
o ...
o stack_domain_admin = heat_domain_admin
o stack_domain_admin_password = HEAT_DOMAIN_PASS
o stack_user_domain_name = heat
将 HEAT_DOMAIN_PASS 替换为你在认证服务中为``heat_domain_admin`` 用户选择的密码。
o (可选的)为帮助排错,在 “[DEFAULT]”部分启用详细日志。
o [DEFAULT]
o ...
o verbose = True
3. 同步Orchestration数据库:
4. # su -s /bin/sh -c "heat-manage db_sync" heat
完成安装¶
1. 重启Orchestration服务:
2. # service heat-api restart
3. # service heat-api-cfn restart
4. # service heat-engine restart
2. 默认情况下,Ubuntu 上的安装包会自动创建一个 SQLite 数据库。
因为这里配置使用SQL 数据库服务器,所以你可以SQLite 服务库文件:
# rm -f /var/lib/heat/heat.sqlite
验证操作
验证Orchestration服务的相关操作。
注解
在控制节点上执行这些命令。
1. 执行租户凭证``admin`脚本:
2. $ source admin-openrc.sh
3. 列出服务组件,以验证是否成功启动并注册了每个进程:
4. $ heat service-list
5. +------------+-------------+--------------------------------------+------------+--------+----------------------------+--------+
6. | hostname | binary | engine_id | host | topic | updated_at | status |
7. +------------+-------------+--------------------------------------+------------+--------+----------------------------+--------+
8. | controller | heat-engine | 3e85d1ab-a543-41aa-aa97-378c381fb958 | controller | engine | 2015-10-13T14:16:06.000000 | up |
9. | controller | heat-engine | 45dbdcf6-5660-4d5f-973a-c4fc819da678 | controller | engine | 2015-10-13T14:16:06.000000 | up |
10. | controller | heat-engine | 51162b63-ecb8-4c6c-98c6-993af899c4f7 | controller | engine | 2015-10-13T14:16:06.000000 | up |
11. | controller | heat-engine | 8d7edc6d-77a6-460d-bd2a-984d76954646 | controller | engine | 2015-10-13T14:16:06.000000 | up |
12. +------------+-------------+--------------------------------------+------------+--------+----------------------------+--------+
注解
该输出显示表明在控制节点上有应该四个``heat-engine``组件。
3 创建一个启动实例的栈
创建一个模板¶
Orchestration服务使用模版来描述栈。想要学习模版语言,参考`Heat developer documentation <http://docs.openstack.org/developer/heat/index.html>`__中的`the Template Guide <http://docs.openstack.org/developer/heat/template_guide/index.html>`__ 。`
• 使用下面的内容创建``demo-template.yml``文件:
• heat_template_version: 2015-10-15
• description: Launch a basic instance using the ``m1.tiny`` flavor and one network.
•
• parameters:
• ImageID:
• type: string
• description: Image to use for the instance.
• NetID:
• type: string
• description: Network ID to use for the instance.
•
• resources:
• server:
• type: OS::Nova::Server
• properties:
• image: { get_param: ImageID }
• flavor: m1.tiny
• networks:
• - network: { get_param: NetID }
•
• outputs:
• instance_name:
• description: Name of the instance.
• value: { get_attr: [ server, name ] }
• instance_ip:
• description: IP address of the instance.
• value: { get_attr: [ server, first_address ] }
创建一个栈¶
使用``demo-template.yml`` 模版创建一个栈。
1. 加载 ``demo``凭证,作为非管理员项目执行下面的步骤:
$ source demo-openrc.sh
2. 检测可用网络。
$ neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+-----------------------------------------------------+
| 9c13da20-4c4f-486f-a4e9-692e9ea397f1 | public | 85140549-1f54-4bc6-a2c5-f08428de3f7a 203.0.113.0/24 |
| 303a9aaf-40fd-4fc8-9213-39bff933467b | private | ddeba0b1-21eb-471a-8f31-10f0e290cc36 172.16.1.0/24 |
+--------------------------------------+---------+-----------------------------------------------------+
注解
这个输出可能跟你的环境有所不同。
3. 设置``NET_ID``环境变量表示网络ID。例如,使用``public`` 网络:
$ export NET_ID=$(neutron net-list | awk '/ public / { print $2 }')
4. 在公共网络上创建一个CirrOS实例的栈:
$ heat stack-create -f demo-template.yml -P "ImageID=cirros;NetID=$NET_ID" stack
+--------------------------------------+------------+--------------------+---------------------+--------------+
| id | stack_name | stack_status | creation_time | updated_time |
+--------------------------------------+------------+--------------------+---------------------+--------------+
| dbf46d1b-0b97-4d45-a0b3-9662a1eb6cf3 | stack | CREATE_IN_PROGRESS | 2015-10-13T15:27:20 | None |
+--------------------------------------+------------+--------------------+---------------------+--------------+
5. 等一段时间,验证栈的创建是否成功:
$ heat stack-list
+--------------------------------------+------------+-----------------+---------------------+--------------+
| id | stack_name | stack_status | creation_time | updated_time |
+--------------------------------------+------------+-----------------+---------------------+--------------+
| dbf46d1b-0b97-4d45-a0b3-9662a1eb6cf3 | stack | CREATE_COMPLETE | 2015-10-13T15:27:20 | None |
+--------------------------------------+------------+-----------------+---------------------+--------------+
6. 查看实例的名称和IB地址并和``nova`` 命令的输出比较:
$ heat output-show --all stack
[
{
"output_value": "stack-server-3nzfyfofu6d4",
"description": "Name of the instance.",
"output_key": "instance_name"
},
{
"output_value": "10.4.31.106",
"description": "IP address of the instance.",
"output_key": "instance_ip"
}
]
$ nova list
+--------------------------------------+---------------------------+--------+------------+-------------+---------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------------------+--------+------------+-------------+---------------------------------+
| 0fc2af0c-ae79-4d22-8f36-9e860c257da5 | stack-server-3nzfyfofu6d4 | ACTIVE | - | Running | public=10.4.31.106 |
+--------------------------------------+---------------------------+--------+------------+-------------+---------------------------------+
7. 删除栈。
$ heat stack-delete stack
http://blog.csdn.net/tantexian/article/details/44959977
2371
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
