上一篇:构建基于openEuler2209的OpenStack云平台(十)
11 安装和配置Heat服务(Orchestration service)
Heat服务(Orchestration service)通过运行OpenStack API调用以生成正在运行的云应用程序,为描述云应用程序提供基于模板的编排。该软件将OpenStack的其他核心组件集成到一个文件模板系统中。这些模板允许您创建大多数OpenStack资源类型,例如实例、浮动IP、卷、安全组和用户。它还提供高级功能,例如实例高可用性、实例自动缩放和嵌套堆栈。这使得OpenStack核心项目能够获得更大的用户群。
该服务允许部署人员直接或通过自定义插件与Orchestration服务集成。
11.1 先决条件
在安装和配置Orchestration之前,必须创建数据库、服务凭据和API端点。业务流程还需要标识服务中的其他信息。
11.1.1 创建数据库并授予权限
[root@xgk-ctl ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4255
Server version: 10.5.16-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE heat;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'HEAT_DBPASS';
Query OK, 0 rows affected (0.003 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'HEAT_DBPASS';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> exit;
Bye
11.1.2 获取管理员凭证
[root@xgk-ctl ~]# source /etc/keystone/admin-openrc 11.1.3 创建服务凭证
1、创建heat用户
[root@xgk-ctl ~]# openstack user create --domain default --password-prompt heat
User Password: #设置heat用户密码,比如HEAT_PASS
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | ff920010c3c14c209a75879109842e6f |
| name | heat |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
2、为heat用户添加管理员角色
[root@xgk-ctl ~]# openstack role add --project service --user heat admin3、创建heat服务实体
[root@xgk-ctl ~]# openstack service create --name heat --description "Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 6141e35de3d44c36aa836b0d09726d3b |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+4、创建heat cfn服务实体
[root@xgk-ctl ~]# openstack service create --name heat-cfn --description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | da03a20d628445c4bd95545ae3172ef7 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+11.1.4 创建Orchestration服务API端点
1、为heat服务实体创建public端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne orchestration public http://xgk-ctl:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | a3fe46934ff44a7c921eb938c80a2856 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6141e35de3d44c36aa836b0d09726d3b |
| service_name | heat |
| service_type | orchestration |
| url | http://xgk-ctl:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------+
2、为heat服务实体创建internal端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne orchestration internal http://xgk-ctl:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 3b02a4d91b7444a4bc3edd2985423923 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6141e35de3d44c36aa836b0d09726d3b |
| service_name | heat |
| service_type | orchestration |
| url | http://xgk-ctl:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------+
3、为heat服务实体创建admin端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne orchestration admin http://xgk-ctl:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | a990c9e0e1fd4b13acfedd6f1fbb7ff0 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6141e35de3d44c36aa836b0d09726d3b |
| service_name | heat |
| service_type | orchestration |
| url | http://xgk-ctl:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------+
4、为heat cnf服务实体创建public端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne cloudformation public http://xgk-ctl:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3405b2591eda459495f0e4a2d45d6e82 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | da03a20d628445c4bd95545ae3172ef7 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://xgk-ctl:8000/v1 |
+--------------+----------------------------------+
5、为heat cfn服务实体创建internal端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne cloudformation internal http://xgk-ctl:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ba7558ed18742bc8364c745b5b231a0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | da03a20d628445c4bd95545ae3172ef7 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://xgk-ctl:8000/v1 |
+--------------+----------------------------------+
6、为heat cfn服务实体创建admin端点
[root@xgk-ctl ~]# openstack endpoint create --region RegionOne cloudformation admin http://xgk-ctl:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2fdf8f07902443049c778fd8ed052d33 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | da03a20d628445c4bd95545ae3172ef7 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://xgk-ctl:8000/v1 |
+--------------+----------------------------------+
11.1.5 添加Orchestration管理栈的认证信息
1、创建包含栈项目和用户的heat域
[root@xgk-ctl ~]# openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 4de56a891e9b4321a3f4cc64fad4425d |
| name | heat |
| options | {} |
| tags | [] |
+-------------+----------------------------------+2、创建heat_domain_admin用户以管理heat域中的项目和用户
[root@xgk-ctl ~]# openstack user create --domain heat --password-prompt heat_domain_admin
User Password: #设置heat_domain_admin用户的密码,比如HEAT_DOMAIN_ADMIN_PASS
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 4de56a891e9b4321a3f4cc64fad4425d |
| enabled | True |
| id | f26db66f89bd47f59505656466c77f83 |
| name | heat_domain_admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
3、为heat_domain_admin用户添加管理员角色
[root@xgk-ctl ~]# openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
4、创建heat_stack_owner角色
[root@xgk-ctl ~]# openstack role create heat_stack_owner
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | e617519a4dab4e77898260a25a5a3d84 |
| name | heat_stack_owner |
| options | {} |
+-------------+----------------------------------+
5、将heat_stack_owner角色添加到演示项目和用户,以启用演示用户的栈管理
[root@xgk-ctl ~]# openstack role add --project myproject --user myuser heat_stack_owner注:必须向管理栈的每个用户添加heat_stack_owner角色。
6、创建heat_stack_user角色
[root@xgk-ctl ~]# openstack role create heat_stack_user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | c9cee4daa13a4ece9b32a8174314dd91 |
| name | heat_stack_user |
| options | {} |
+-------------+----------------------------------+注:Orchestration服务自动将heat_stack_user角色分配给它在堆栈部署期间创建的用户。默认情况下,此角色限制API操作。为避免冲突,请勿将此角色添加到具有heat_stack_owner角色的用户。
11.2 安装和配置组件
11.2.1 安装软件包
[root@xgk-ctl ~]# dnf -y install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine11.2.2 编辑/etc/heat/heat.conf配置文件
[root@xgk-ctl ~]# cp -a /etc/heat/heat.conf{,.bak}
[root@xgk-ctl ~]# grep -Ev '^$|#' /etc/heat/heat.conf.bak > /etc/heat/heat.conf
[root@xgk-ctl ~]# vim /etc/heat/heat.conf
……此处省略文件中无需修改的内容……
[DEFAULT]
配置RabbitMQ消息队列访问
transport_url = rabbit://openstack:RABBIT_PASS@xgk-ctl
#配置元数据和等待条件URL
heat_metadata_server_url = http://xgk-ctl:8000
heat_waitcondition_server_url = http://xgk-ctl:8000/v1/waitcondition
#配置栈域和管理凭证
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = HEAT_DOMAIN_ADMIN_PASS
stack_user_domain_name = heat
#配置Identity服务访问
[clients_keystone]
auth_uri = http://xgk-ctl:5000
#配置数据库访问
[database]
connection = mysql+pymysql://heat:HEAT_DBPASS@xgk-ctl/heat
#配置Identity服务访问
[keystone_authtoken]
www_authenticate_uri = http://xgk-ctl:5000
auth_url = http://xgk-ctl:5000
memcached_servers = xgk-ctl:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = HEAT_PASS
#配置Identity服务访问
[trustee]
auth_type = password
auth_url = http://xgk-ctl:5000
username = heat
password = HEAT_PASS
user_domain_name = default注意:其中的密码部分要用自己设置的密码替换。
11.2.3 同步Orchestration数据库
[root@xgk-ctl ~]# su -s /bin/sh -c "heat-manage db_sync" heat
2023-02-15 21:03:10.933 224904 INFO migrate.versioning.api [-] 72 -> 73...
2023-02-15 21:03:11.205 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.205 224904 INFO migrate.versioning.api [-] 73 -> 74...
2023-02-15 21:03:11.209 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.209 224904 INFO migrate.versioning.api [-] 74 -> 75...
2023-02-15 21:03:11.213 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.213 224904 INFO migrate.versioning.api [-] 75 -> 76...
2023-02-15 21:03:11.216 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.216 224904 INFO migrate.versioning.api [-] 76 -> 77...
2023-02-15 21:03:11.220 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.220 224904 INFO migrate.versioning.api [-] 77 -> 78...
2023-02-15 21:03:11.223 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.223 224904 INFO migrate.versioning.api [-] 78 -> 79...
2023-02-15 21:03:11.321 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.322 224904 INFO migrate.versioning.api [-] 79 -> 80...
2023-02-15 21:03:11.375 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.375 224904 INFO migrate.versioning.api [-] 80 -> 81...
2023-02-15 21:03:11.379 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.379 224904 INFO migrate.versioning.api [-] 81 -> 82...
2023-02-15 21:03:11.382 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.382 224904 INFO migrate.versioning.api [-] 82 -> 83...
2023-02-15 21:03:11.386 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.386 224904 INFO migrate.versioning.api [-] 83 -> 84...
2023-02-15 21:03:11.389 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.389 224904 INFO migrate.versioning.api [-] 84 -> 85...
2023-02-15 21:03:11.392 224904 INFO migrate.versioning.api [-] done
2023-02-15 21:03:11.393 224904 INFO migrate.versioning.api [-] 85 -> 86...
2023-02-15 21:03:11.442 224904 INFO migrate.versioning.api [-] done
11.2.4 完成安装
[root@xgk-ctl ~]# systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
[root@xgk-ctl ~]# systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service11.3 验证操作
11.3.1 获取管理员租户凭证
[root@xgk-ctl ~]# source /etc/keystone/admin-openrc11.3.2 列出服务组件,验证每个流程是否成功启动和注册
[root@xgk-ctl ~]# openstack orchestration service list
+----------+-------------+--------------------------------------+---------+--------+----------------------------+--------+
| Hostname | Binary | Engine ID | Host | Topic | Updated At | Status |
+----------+-------------+--------------------------------------+---------+--------+----------------------------+--------+
| xgk-ctl | heat-engine | d7d9d83f-048a-4497-a63d-a0a627ad9cde | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | 378701eb-26b9-45bc-8b8a-e85b2442cd2f | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | 0252fea0-35a4-4778-b14a-0cbc912024e8 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | f15c5e63-a3db-439d-8085-8efc6a58d1c6 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | 13fb32cd-7e5b-40a6-aa88-76e70096c4db | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | d78d3a43-524f-4ae6-be21-58cb8390ca03 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | 920173ed-3c3b-46b3-a59e-8eea4e01a7f4 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | e1e57b86-cc71-46f3-87a1-f8b839ab44ca | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | c613da4b-7086-4504-824d-10513a4d2fe9 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | fca9a9e9-9677-476a-9367-0364f0290f66 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | c8196644-c941-433a-99d0-e33d03d6c164 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | 1bdc8add-0ca9-4abc-a6a0-3b1055f08e57 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | b07beeed-9675-4308-a1a0-4feea84ae342 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | f7868e21-a844-43aa-8e84-130694e93e1a | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | c2ced220-ba89-485d-a580-6c58ca2523f1 | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
| xgk-ctl | heat-engine | bd976f67-3ae1-4da0-8555-f9873b47363b | xgk-ctl | engine | 2023-02-15T13:03:51.000000 | up |
+----------+-------------+--------------------------------------+---------+--------+----------------------------+--------+注:该输出应指示控制节点上的四个heat-engine(默认为4个或主机上的CPU数量,以较大者为准)。
11.4 启动实例
11.4.1 创建模板
用以下内容创建一个名为demo-template.yml的模板文件
[root@xgk-ctl ~]# vim demo-template.yml
heat_template_version: 2015-10-15
description: Launch a basic instance with CirrOS image using the
``m1.nano`` flavor, ``mykey`` key, and one network.
parameters:
NetID:
type: string
description: Network ID to use for the instance.
resources:
server:
type: OS::Nova::Server
properties:
image: cirros
flavor: m1.nano
key_name: mykey
networks:
- network: { get_param: NetID }
outputs:
instance_name:
description: Name of the instance.
value: { get_attr: [ server, name ] }
instance_ip:
description: IP address of the instance.
value: { get_attr: [ server, first_address ] }11.4.2 创建栈
使用demo-template.yml模板创建栈
1、获取管理员租户凭证
[root@xgk-ctl ~]# source /etc/keystone/admin-openrc2 、确定可用网络
[root@xgk-ctl ~]# openstack network list
+--------------------------------------+-----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-----------+--------------------------------------+
| b3466904-386b-4741-8cab-724713bab263 | provider | 25e1f3c1-340a-420c-8cea-030229bbc2f5 |
+--------------------------------------+-----------+--------------------------------------+
3、设置NET_ID环境变量以反映网络的ID。例如,使用提供商网络
[root@xgk-ctl ~]# export NET_ID=$(openstack network list | awk '/ provider / { print $2 }')
[root@xgk-ctl ~]# echo $NET_ID
b3466904-386b-4741-8cab-724713bab263
4、在提供商网络上创建一个CirOS实例的栈
[root@xgk-ctl ~]# openstack stack create -t demo-template.yml --parameter "NetID=$NET_ID" stack
+---------------------+----------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------+----------------------------------------------------------------------------------------------------------+
| id | b7d8e940-4874-4a69-b3b3-aff8dbc7b4ae |
| stack_name | stack |
| description | Launch a basic instance with CirrOS image using the ``m1.nano`` flavor, ``mykey`` key, and one network. |
| creation_time | 2023-02-15T13:25:06Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+----------------------------------------------------------------------------------------------------------+
5、稍等片刻后,验证是否成功创建栈
[root@xgk-ctl ~]# openstack stack list
+--------------------------------------+------------+----------------------------------+-----------------+----------------------+--------------+
| ID | Stack Name | Project | Stack Status | Creation Time | Updated Time |
+--------------------------------------+------------+----------------------------------+-----------------+----------------------+--------------+
| b7d8e940-4874-4a69-b3b3-aff8dbc7b4ae | stack | 34da8f5ef8cd42cdb521ee6ebc4003c4 | CREATE_COMPLETE | 2023-02-15T13:25:06Z | None |
+--------------------------------------+------------+----------------------------------+-----------------+----------------------+--------------+
6、显示实例的名称和IP地址
[root@xgk-ctl ~]# openstack stack output show --all stack
+---------------+--------------------------------------------------+
| Field | Value |
+---------------+--------------------------------------------------+
| instance_ip | { |
| | "output_key": "instance_ip", |
| | "description": "IP address of the instance.", |
| | "output_value": "192.168.218.64" |
| | } |
| instance_name | { |
| | "output_key": "instance_name", |
| | "description": "Name of the instance.", |
| | "output_value": "stack-server-heq4ngu7r4s7" |
| | } |
+---------------+--------------------------------------------------+7、与OpenStack客户端的输出进行比较
[root@xgk-ctl ~]# openstack server list
+--------------------------------------+---------------------------+--------+--------------------------+--------------------------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+---------------------------+--------+--------------------------+--------------------------+---------+
| cff38d1a-358b-4852-b14b-5d3425e4c6bc | stack-server-heq4ngu7r4s7 | ACTIVE | provider=192.168.218.64 | cirros | m1.nano |
| f482988e-665e-4374-90a7-e8416a835604 | provider-instance | ACTIVE | provider=192.168.218.24 | cirros | m1.nano |
+--------------------------------------+---------------------------+--------+--------------------------+--------------------------+---------+8、删除栈
创建的栈不再需要时,可以将其删除。
[root@xgk-ctl ~]# openstack stack delete --yes stack
1141
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
