Ubuntu 安装与配置¶
本节描述了如何在 Ubuntu 14.04 (LTS) 上安装和配置编排服务。
先决条件¶
在安装和配置编排服务之前,您必须创建数据库、服务凭证和 API 端点。编排服务还需要在身份服务中进行其他信息配置。
要创建数据库,请完成以下步骤
使用数据库访问客户端以
root用户身份连接到数据库服务器$ mysql -u root -p
创建
heat数据库CREATE DATABASE heat;授予
heat数据库适当的访问权限GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \ IDENTIFIED BY 'HEAT_DBPASS'; GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \ IDENTIFIED BY 'HEAT_DBPASS';
将
HEAT_DBPASS替换为合适的密码。退出数据库访问客户端。
激活
admin凭证以访问仅管理员可用的 CLI 命令$ . admin-openrc
要创建服务凭证,请完成以下步骤
创建
heat用户$ openstack user create --domain default --password-prompt heat User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | e0353a670a9e496da891347c589539e9 | | enabled | True | | id | ca2e175b851943349be29a328cc5e360 | | name | heat | +-----------+----------------------------------+
将
admin角色添加到heat用户$ openstack role add --project service --user heat admin
注意
此命令不会产生任何输出。
创建
heat和heat-cfn服务实体$ openstack service create --name heat \ --description "Orchestration" orchestration +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | 727841c6f5df4773baa4e8a5ae7d72eb | | name | heat | | type | orchestration | +-------------+----------------------------------+ $ openstack service create --name heat-cfn \ --description "Orchestration" cloudformation +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Orchestration | | enabled | True | | id | c42cede91a4e47c3b10c8aedc8d890c6 | | name | heat-cfn | | type | cloudformation | +-------------+----------------------------------+
创建编排服务 API 端点
$ openstack endpoint create --region RegionOne \ orchestration public http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 3f4dab34624e4be7b000265f25049609 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ orchestration internal http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 9489f78e958e45cc85570fec7e836d98 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+ $ openstack endpoint create --region RegionOne \ orchestration admin http://controller:8004/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 76091559514b40c6b7b38dde790efe99 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 727841c6f5df4773baa4e8a5ae7d72eb | | service_name | heat | | service_type | orchestration | | url | http://controller:8004/v1/%(tenant_id)s | +--------------+-----------------------------------------+
$ openstack endpoint create --region RegionOne \ cloudformation public http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | b3ea082e019c4024842bf0a80555052c | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ cloudformation internal http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 169df4368cdc435b8b115a9cb084044e | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+ $ openstack endpoint create --region RegionOne \ cloudformation admin http://controller:8000/v1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 3d3edcd61eb343c1bbd629aa041ff88b | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c42cede91a4e47c3b10c8aedc8d890c6 | | service_name | heat-cfn | | service_type | cloudformation | | url | http://controller:8000/v1 | +--------------+----------------------------------+
编排服务需要在身份服务中进行其他信息配置才能管理堆栈。要添加此信息,请完成以下步骤
创建
heat域,该域包含用于堆栈的项目和用户$ openstack domain create --description "Stack projects and users" heat +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Stack projects and users | | enabled | True | | id | 0f4d1bd326f2454dacc72157ba328a47 | | name | heat | +-------------+----------------------------------+
创建
heat_domain_admin用户以管理heat域中的项目和用户$ openstack user create --domain heat --password-prompt heat_domain_admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 0f4d1bd326f2454dacc72157ba328a47 | | enabled | True | | id | b7bd1abfbcf64478b47a0f13cd4d970a | | name | heat_domain_admin | +-----------+----------------------------------+
将
admin角色添加到heat域中的heat_domain_admin用户,以启用heat_domain_admin用户进行管理堆栈的权限$ openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
注意
此命令不会产生任何输出。
创建
heat_stack_owner角色$ openstack role create heat_stack_owner +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 15e34f0c4fed4e68b3246275883c8630 | | name | heat_stack_owner | +-----------+----------------------------------+
将
heat_stack_owner角色添加到demo项目和用户,以启用demo用户进行堆栈管理$ openstack role add --project demo --user demo heat_stack_owner
注意
此命令不会产生任何输出。
注意
您必须将
heat_stack_owner角色添加到管理堆栈的每个用户。创建
heat_stack_user角色$ openstack role create heat_stack_user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 88849d41a55d4d1d91e4f11bffd8fc5c | | name | heat_stack_user | +-----------+----------------------------------+
注意
编排服务会自动将
heat_stack_user角色分配给在堆栈部署期间创建的用户。默认情况下,此角色会限制 API <应用程序编程接口 (API)> 操作。为了避免冲突,请勿将此角色添加到具有heat_stack_owner角色的用户。
安装和配置组件¶
注意
默认配置文件因发行版而异。您可能需要添加这些部分和选项,而不是修改现有的部分和选项。此外,配置片段中的省略号 (...) 表示您应该保留的潜在默认配置选项。
安装软件包
# apt-get install heat-api heat-api-cfn heat-engine
编辑
/etc/heat/heat.conf文件并完成以下操作在
[database]部分,配置数据库访问[database] ... connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat
将
HEAT_DBPASS替换为您为编排数据库选择的密码。在
[DEFAULT]部分中,配置RabbitMQ消息队列访问[DEFAULT] ... transport_url = rabbit://openstack:RABBIT_PASS@controller
将
RABBIT_PASS替换为您为RabbitMQ中的openstack帐户选择的密码。在
[keystone_authtoken]、[ec2authtoken]、[trustee]和[clients_keystone]部分中,配置身份服务访问。[keystone_authtoken] ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = heat password = HEAT_PASS [ec2authtoken] ... auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = heat password = HEAT_PASS [trustee] ... auth_type = password auth_url = http://controller:5000 username = heat password = HEAT_PASS user_domain_name = Default [clients_keystone] ... auth_uri = http://controller:5000
将
HEAT_PASS替换为您在身份服务中为heat用户选择的密码。在
[DEFAULT]部分中,配置元数据和等待条件 URL[DEFAULT] ... heat_metadata_server_url = http://controller:8000 heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
在
[DEFAULT]部分中,配置堆栈域和管理凭证[DEFAULT] ... stack_domain_admin = heat_domain_admin stack_domain_admin_password = HEAT_DOMAIN_PASS stack_user_domain_name = heat
将
HEAT_DOMAIN_PASS替换为您在身份服务中为heat_domain_admin用户选择的密码。
填充编排数据库
# su -s /bin/sh -c "heat-manage db_sync" heat
注意
忽略此输出中的任何弃用消息。
完成安装¶
重启编排服务
# service heat-api restart # service heat-api-cfn restart # service heat-engine restart
