Openstsack配置手册-Heat配置

snow chuai汇总、整理、撰写---2020/2/7

1. 拓扑

     ------------+---------------------------+---------------------------+------------
                 |                           |                           |
             eth0|192.168.10.11          eth0|192.168.10.12          eth0|192.168.10.13
     +-----------+-----------+   +-----------+-----------+   +-----------+-----------+
     |    [ Control Node ]   |   |    [ Compute Node ]   |   |   [ Network Node ]    |
     |   [node1.1000cc.net]  |   |   [node2.1000cc.net]  |   |  [node3.1000cc.net]   |
     |  MariaDB    RabbitMQ  |   |         ibvirt        |   |      Open vSwitch     |
     |  Memcached  httpd     |   |       Nova Compute    |   |        L2 Agent       |
     |  Keystone   Glance    |   |       Open vSwitch    |   |        L3 Agent       |
     |  Nova API             |   |        L2 Agent       |   |  Heat API   API-CFN   |
     |  Neutron Server       |   |                       |   |      Heat Engine      |
     |  Metadata Agent       |   |                       |   |                       |
     |  Manila API           |   |                       |   |                       |
     +-----------------------+   +-----------------------+   +-----------------------+

2. 在控制节点配置Heat

1) 安装Heat组件
[root@node1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-heat-common -y

2) 于Keystone注册Heat信息
[root@node1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword heat
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 1be75e85ec9445ab9ff7dd7ec2f02b71 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | c0e9be04495c432d9c04e3cd8a6f1d95 |
| name                | heat                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

[root@node1 ~(keystone)]# openstack role add --project service --user heat admin

[root@node1 ~(keystone)]# openstack role create heat_stack_owner
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | d2cdf8bc523d4781bd3d16b43a9bac2a |
| name      | heat_stack_owner                 |
+-----------+----------------------------------+

[root@node1 ~(keystone)]# openstack role create heat_stack_user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 8cd5c1306a614449a7abc9bb8ed93645 |
| name      | heat_stack_user                  |
+-----------+----------------------------------+

[root@node1 ~(keystone)]# openstack role add --project admin --user admin heat_stack_owner

[root@node1 ~(keystone)]# openstack service create --name heat --description "Openstack Orchestration" orchestration
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Openstack Orchestration          |
| enabled     | True                             |
| id          | 48dbba6b4014450c9d5bce1dcc4efe66 |
| name        | heat                             |
| type        | orchestration                    |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack service create --name heat-cfn --description "Openstack Orchestration" cloudformation
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Openstack Orchestration          |
| enabled     | True                             |
| id          | 18067ee1b4834499830494dac5fd56f9 |
| name        | heat-cfn                         |
| type        | cloudformation                   |
+-------------+----------------------------------+

3) 创建Endpoint信息
[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne orchestration public http://192.168.10.13:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field        | Value                                      |
+--------------+--------------------------------------------+
| enabled      | True                                       |
| id           | 84ecf63489cc42698cde26ecc4e1dd16           |
| interface    | public                                     |
| region       | RegionOne                                  |
| region_id    | RegionOne                                  |
| service_id   | 48dbba6b4014450c9d5bce1dcc4efe66           |
| service_name | heat                                       |
| service_type | orchestration                              |
| url          | http://192.168.10.13:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne orchestration internal http://192.168.10.13:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field        | Value                                      |
+--------------+--------------------------------------------+
| enabled      | True                                       |
| id           | a7c030667a924af988944f3df0a8b9a6           |
| interface    | internal                                   |
| region       | RegionOne                                  |
| region_id    | RegionOne                                  |
| service_id   | 48dbba6b4014450c9d5bce1dcc4efe66           |
| service_name | heat                                       |
| service_type | orchestration                              |
| url          | http://192.168.10.13:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne orchestration admin http://192.168.10.13:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field        | Value                                      |
+--------------+--------------------------------------------+
| enabled      | True                                       |
| id           | e599e14e6b4549c3aa898ad1d990021b           |
| interface    | admin                                      |
| region       | RegionOne                                  |
| region_id    | RegionOne                                  |
| service_id   | 48dbba6b4014450c9d5bce1dcc4efe66           |
| service_name | heat                                       |
| service_type | orchestration                              |
| url          | http://192.168.10.13:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne cloudformation public http://192.168.10.13:8000/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 35af2a3e1d5a4b7da5abca4d10b592a9 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 18067ee1b4834499830494dac5fd56f9 |
| service_name | heat-cfn                         |
| service_type | cloudformation                   |
| url          | http://192.168.10.13:8000/v1     |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne cloudformation internal http://192.168.10.13:8000/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 98b1c147d0ca4c40b25a0e4d3aceb158 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 18067ee1b4834499830494dac5fd56f9 |
| service_name | heat-cfn                         |
| service_type | cloudformation                   |
| url          | http://192.168.10.13:8000/v1     |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne cloudformation admin http://192.168.10.13:8000/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | abba54b8fff14aafb3e296b458fdb019 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 18067ee1b4834499830494dac5fd56f9 |
| service_name | heat-cfn                         |
| service_type | cloudformation                   |
| url          | http://192.168.10.13:8000/v1     |
+--------------+----------------------------------+

4) 创建heat_domain并为其添加用户
[root@node1 ~(keystone)]# openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Stack projects and users         |
| enabled     | True                             |
| id          | e897d757336d4f02b394ba789a81e7f4 |
| name        | heat                             |
| tags        | []                               |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack user create --domain heat --password servicepassword heat_domain_admin
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | e897d757336d4f02b394ba789a81e7f4 |
| enabled             | True                             |
| id                  | dbe2d94d0b4a4a8b8b3426257562e5f2 |
| name                | heat_domain_admin                |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

[root@node1 ~(keystone)]# openstack role add --domain heat --user heat_domain_admin admin

5) 配置数据库
[root@node1 ~(keystone)]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 129
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database heat;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on heat.* to heat@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on heat.* to heat@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

3. 在Network节点配置Heat

1) 安装HeatEngine
[root@node3 ~]#  yum --enablerepo=centos-openstack-queens,epel install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine python-heatclient -y

2) 配置Heat并启动
[root@node3 ~]# mv /etc/heat/heat.conf /etc/heat/heat.conf.bak
[root@node3 ~]# vim /etc/heat/heat.conf
[DEFAULT]
deferred_auth_method = trusts
trusts_delegated_roles = heat_stack_owner
heat_metadata_server_url = http://192.168.10.13:8000
heat_waitcondition_server_url = http://192.168.10.13:8000/v1/waitcondition
heat_watch_server_url = http://192.168.10.13:8003
heat_stack_user_role = heat_stack_user
# 指定heat相关信息
stack_user_domain_name = heat
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = servicepassword

transport_url = rabbit://openstack:password@192.168.10.11

[database]
connection = mysql+pymysql://heat:password@192.168.10.11/heat

[clients_keystone]
auth_uri = http://192.168.10.11:5000

[ec2authtoken]
auth_uri = http://192.168.10.11:5000

[heat_api]
bind_host = 0.0.0.0
bind_port = 8004

[heat_api_cfn]
bind_host = 0.0.0.0
bind_port = 8000

[keystone_authtoken]
www_authenticate_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:5000
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = servicepassword

[trustee]
auth_plugin = password
auth_url = http://192.168.10.11:5000
username = heat
password = servicepassword
user_domain_name = default

[root@node3 ~]# chgrp heat /etc/heat/heat.conf
[root@node3 ~]# chmod 640 /etc/heat/heat.conf
[root@node3 ~]# su -s /bin/bash heat -c "heat-manage db_sync"
[root@node3 ~]# systemctl enable --now openstack-heat-api openstack-heat-api-cfn openstack-heat-engine

3) 防火墙设定
[root@node3 ~]# firewall-cmd --add-port={8000/tcp,8004/tcp} --permanent
success
[root@node3 ~]# firewall-cmd --reload
success

4. 使用Heat

1) 创建yml文件
[root@node1 ~(keystone)]# vim heat-test.yml
heat_template_version: 2018-03-02

description: Heat Sample Template

parameters:
  ImageID:
    type: string
    description: Image used to boot a server
  NetID:
    type: string
    description: Network ID for the server

resources:
  server1:
    type: OS::Nova::Server
    properties:
      name: "Heat_Deployed_Server"
      image: { get_param: ImageID }
      flavor: "m1.small"
      networks:
      - network: { get_param: NetID }

outputs:
  server1_private_ip:
    description: IP address of the server in the private network
    value: { get_attr: [ server1, first_address ] }

2) 使用heat编排创建实例
[root@node1 ~(keystone)]# openstack image list
+--------------------------------------+----------------------+--------+
| ID                                   | Name                 | Status |
+--------------------------------------+----------------------+--------+
| d2cf4454-09a0-43fa-83b4-aaa9df0f5919 | c77                  | active |
| 1b53b630-2428-43f4-8d9b-081fbe5b2add | manila-service-image | active |
+--------------------------------------+----------------------+--------+

[root@node1 ~(keystone)]# openstack network list
+--------------------------------------+------------------------+-----------------+
| ID                                   | Name                   | Subnets         |
+--------------------------------------+------------------------+-----------------+
| 55b854bb-49b5-4f82-8ec6-2c9dcc8f8b3b | manila_service_network | cc8ce0da-...... |
| 939def15-81bb-4ad1-babc-f95bbd93d306 | ext_net                | 1fe4b0c8-...... |
| cb730b51-1289-40af-bb6d-dfb86fa91e63 | int_net                | 6bc229eb-...... |
+--------------------------------------+------------------------+-----------------+

[root@node1 ~(keystone)]# Int_Net_ID=$(openstack network list | grep int_net | awk '{ print $2 }')
[root@node1 ~(keystone)]# echo $Int_Net_ID
cb730b51-1289-40af-bb6d-dfb86fa91e63

[root@node1 ~(keystone)]# openstack stack create -t heat-test.yml --parameter "ImageID=c77;NetID=$Int_Net_ID" Sample-Stack
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | cf1a8b94-09c5-43b5-a1a2-812bc87bf6aa |
| stack_name          | Sample-Stack                         |
| description         | Heat Sample Template                 |
| creation_time       | 2020-02-07T06:01:56Z                 |
| updated_time        | None                                 |
| stack_status        | CREATE_IN_PROGRESS                   |
| stack_status_reason | Stack CREATE started                 |
+---------------------+--------------------------------------+

# 查看创建状态
[root@node1 ~(keystone)]# openstack stack list
+----------+--------------+------------+--------------------+----------------------+--------------+
| ID       | Stack Name   | Project    | Stack Status       | Creation Time        | Updated Time |
+----------+--------------+------------+--------------------+----------------------+--------------+
| cf1a.... | Sample-Stack | 6f83...... | CREATE_IN_PROGRESS | 2020-02-07T06:01:56Z | None         |
+----------+--------------+------------+--------------------+----------------------+--------------+

[root@node1 ~(keystone)]# openstack stack list
+----------+--------------+------------+--------------------+----------------------+--------------+
| ID       | Stack Name   | Project    | Stack Status       | Creation Time        | Updated Time |
+----------+--------------+------------+--------------------+----------------------+--------------+
| cf1a.... | Sample-Stack | 6f83...... |  CREATE_COMPLETE | 2020-02-07T06:01:56Z   | None         |
+----------+--------------+------------+--------------------+----------------------+--------------+

[root@node1 ~(keystone)]# openstack server list
+-----------+----------------------+--------+-----------------------+---------+----------+
| ID        | Name                 | Status | Networks              | Image   | Flavor   |
+-----------+----------------------+--------+-----------------------+---------+----------+
| b1c4....  | Heat_Deployed_Server |ACTIVE  | int_net=192.168.188.7 |  c77    | m1.small |
+-----------+----------------------+--------+-----------------------+---------+----------+

[root@node1 ~(keystone)]# openstack stack delete --yes Sample-Stack
[root@node1 ~(keystone)]# openstack stack list

[root@node1 ~(keystone)]# openstack server list

如对您有帮助，请随缘打个赏。^-^

gold