Openstsack Train配置手册-Heat配置

snow chuai汇总、整理、撰写---2020/3/4

1. 拓扑

     ------------+---------------------------+---------------------------+------------
                 |                           |                           |
             eth0|192.168.10.11          eth0|192.168.10.12          eth0|192.168.10.13
     +-----------+-----------+   +-----------+-----------+   +-----------+-----------+
     |    [ Control Node ]   |   |    [ Compute Node ]   |   |   [ Network Node ]    |
     |   [node1.1000cc.net]  |   |   [node2.1000cc.net]  |   |  [node3.1000cc.net]   |
     |  MariaDB    RabbitMQ  |   |         ibvirt        |   |      Open vSwitch     |
     |  Memcached  httpd     |   |       Nova Compute    |   |        L2 Agent       |
     |  Keystone   Glance    |   |       Open vSwitch    |   |        L3 Agent       |
     |  Nova API             |   |        L2 Agent       |   |  Heat API   API-CFN   |
     |  Neutron Server       |   |                       |   |      Heat Engine      |
     |  Metadata Agent       |   |                       |   |                       |
     |  Manila API           |   |                       |   |                       |
     +-----------------------+   +-----------------------+   +-----------------------+

2. 在控制节点配置Heat

1) 安装Heat组件
[root@node1 ~(keystone)]# yum --enablerepo=centos-openstack-train,epel install openstack-heat-common python-heatclient -y

2) 于Keystone注册Heat信息
[root@node1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword heat
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 7972f61f4a1c4f2592d2bb6dc7711e81 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 2fd508e31a5e4ac8b8193bba42173b50 |
| name                | heat                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

[root@node1 ~(keystone)]# openstack role add --project service --user heat admin

[root@node1 ~(keystone)]# openstack role create heat_stack_owner
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | a95752467a60474a80d20e8279fd12ed |
| name        | heat_stack_owner                 |
| options     | {}                               |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack role create heat_stack_user
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | a4f3c4378bd14e91b7952c0333657b24 |
| name        | heat_stack_user                  |
| options     | {}                               |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack role add --project admin --user admin heat_stack_owner

[root@node1 ~(keystone)]# openstack service create --name heat --description "Openstack Orchestration" orchestration
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Openstack Orchestration          |
| enabled     | True                             |
| id          | 8e4a3b97876c4b378f84fb469b505a6f |
| name        | heat                             |
| type        | orchestration                    |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack service create --name heat-cfn --description "Openstack Orchestration" cloudformation
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Openstack Orchestration          |
| enabled     | True                             |
| id          | 3cbd34ca6aa64df9b67a23dfdbaf0350 |
| name        | heat-cfn                         |
| type        | cloudformation                   |
+-------------+----------------------------------+

3) 创建Endpoint信息
[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne orchestration public http://192.168.10.13:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field        | Value                                      |
+--------------+--------------------------------------------+
| enabled      | True                                       |
| id           | e31cae320f12419297ae61f892fa32d3           |
| interface    | public                                     |
| region       | RegionOne                                  |
| region_id    | RegionOne                                  |
| service_id   | 8e4a3b97876c4b378f84fb469b505a6f           |
| service_name | heat                                       |
| service_type | orchestration                              |
| url          | http://192.168.10.13:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne orchestration internal http://192.168.10.13:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field        | Value                                      |
+--------------+--------------------------------------------+
| enabled      | True                                       |
| id           | db7c59bcbb624c729941f53cc3f84971           |
| interface    | internal                                   |
| region       | RegionOne                                  |
| region_id    | RegionOne                                  |
| service_id   | 8e4a3b97876c4b378f84fb469b505a6f           |
| service_name | heat                                       |
| service_type | orchestration                              |
| url          | http://192.168.10.13:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne orchestration admin http://192.168.10.13:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field        | Value                                      |
+--------------+--------------------------------------------+
| enabled      | True                                       |
| id           | 30e63aa434b34792a82058e5e52299b3           |
| interface    | admin                                      |
| region       | RegionOne                                  |
| region_id    | RegionOne                                  |
| service_id   | 8e4a3b97876c4b378f84fb469b505a6f           |
| service_name | heat                                       |
| service_type | orchestration                              |
| url          | http://192.168.10.13:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne cloudformation public http://192.168.10.13:8000/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1d5ac3d9bd2542518b850672345044e6 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3cbd34ca6aa64df9b67a23dfdbaf0350 |
| service_name | heat-cfn                         |
| service_type | cloudformation                   |
| url          | http://192.168.10.13:8000/v1     |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne cloudformation internal http://192.168.10.13:8000/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 821a8ab821334c9890348015db094949 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3cbd34ca6aa64df9b67a23dfdbaf0350 |
| service_name | heat-cfn                         |
| service_type | cloudformation                   |
| url          | http://192.168.10.13:8000/v1     |
+--------------+----------------------------------+

[root@node1 ~(keystone)]# openstack endpoint create --region RegionOne cloudformation admin http://192.168.10.13:8000/v1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 117ce7a0fec5411ba428c7c147fd5b5a |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3cbd34ca6aa64df9b67a23dfdbaf0350 |
| service_name | heat-cfn                         |
| service_type | cloudformation                   |
| url          | http://192.168.10.13:8000/v1     |
+--------------+----------------------------------+

4) 创建heat_domain并为其添加用户
[root@node1 ~(keystone)]# openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Stack projects and users         |
| enabled     | True                             |
| id          | 901593b258194f3194c7a876cc6e2a06 |
| name        | heat                             |
| options     | {}                               |
| tags        | []                               |
+-------------+----------------------------------+

[root@node1 ~(keystone)]# openstack user create --domain heat --password servicepassword heat_domain_admin
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | 901593b258194f3194c7a876cc6e2a06 |
| enabled             | True                             |
| id                  | fc3d2a42e5b444a6b605edd9216dde65 |
| name                | heat_domain_admin                |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

[root@node1 ~(keystone)]# openstack role add --domain heat --user heat_domain_admin admin

5) 配置数据库
[root@node1 ~(keystone)]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 129
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database heat;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on heat.* to heat@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on heat.* to heat@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

3. 在Network节点配置Heat

1) 安装HeatEngine
[root@node3 ~]# yum --enablerepo=centos-openstack-train,epel install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine python-heatclient -y

2) 配置Heat并启动
[root@node3 ~]# mv /etc/heat/heat.conf /etc/heat/heat.conf.bak
[root@node3 ~]# vim /etc/heat/heat.conf
[DEFAULT]
deferred_auth_method = trusts
trusts_delegated_roles = heat_stack_owner
heat_metadata_server_url = http://192.168.10.13:8000
heat_waitcondition_server_url = http://192.168.10.13:8000/v1/waitcondition
heat_watch_server_url = http://192.168.10.13:8003
heat_stack_user_role = heat_stack_user
# 指定heat相关信息
stack_user_domain_name = heat
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = servicepassword

transport_url = rabbit://openstack:password@192.168.10.11

[database]
connection = mysql+pymysql://heat:password@192.168.10.11/heat

[clients_keystone]
auth_uri = http://192.168.10.11:5000

[ec2authtoken]
auth_uri = http://192.168.10.11:5000

[heat_api]
bind_host = 0.0.0.0
bind_port = 8004

[heat_api_cfn]
bind_host = 0.0.0.0
bind_port = 8000

[keystone_authtoken]
www_authenticate_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:5000
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = servicepassword

[trustee]
auth_plugin = password
auth_url = http://192.168.10.11:5000
username = heat
password = servicepassword
user_domain_name = default

[root@node3 ~]# chgrp heat /etc/heat/heat.conf
[root@node3 ~]# chmod 640 /etc/heat/heat.conf
[root@node3 ~]# su -s /bin/bash heat -c "heat-manage db_sync"
[root@node3 ~]# systemctl enable --now openstack-heat-api openstack-heat-api-cfn openstack-heat-engine

3) 防火墙设定
[root@node3 ~]# firewall-cmd --add-port={8000/tcp,8004/tcp} --permanent
success
[root@node3 ~]# firewall-cmd --reload
success

4. 使用Heat

1) 创建yml文件
[root@node1 ~(keystone)]# vim heat-test.yml
heat_template_version: 2018-08-31

description: Heat Sample Template

parameters:
  ImageID:
    type: string
    description: Image used to boot a server
  NetID:
    type: string
    description: Network ID for the server

resources:
  server1:
    type: OS::Nova::Server
    properties:
      name: "Heat_Deployed_Server"
      image: { get_param: ImageID }
      flavor: "m1.small"
      networks:
      - network: { get_param: NetID }

outputs:
  server1_private_ip:
    description: IP address of the server in the private network
    value: { get_attr: [ server1, first_address ] }

2) 使用heat编排创建实例
[root@node1 ~(keystone)]# openstack image list
+--------------------------------------+----------------------+--------+
| ID                                   | Name                 | Status |
+--------------------------------------+----------------------+--------+
| d848c42d-801b-437b-a8ab-4b86a67eb584 | c77                  | active |
| 8de72d61-2910-4f6f-b191-b33c44d116e5 | manila-service-image | active |
+--------------------------------------+----------------------+--------+

[root@node1 ~(keystone)]# openstack network list
+--------------------------------------+------------------------+------------------------+
| ID                                   | Name                   | Subnets                |
+--------------------------------------+------------------------+------------------------+
| def89ce3-f965-4f26-a179-eb731878b79a | ext_net                | d5092c09-259e-.......  |
| eeb1d5f7-f715-486d-8ab0-d07b314afbff | manila_service_network | 6f1c7a3f-e92f-.......  |
| fab0c6a1-5aea-470c-a39b-55dd9c34da19 | int_net                | a93b513a-da35-.......  |
+--------------------------------------+------------------------+------------------------+

[root@node1 ~(keystone)]# Int_Net_ID=$(openstack network list | grep int_net | awk '{ print $2 }')
[root@node1 ~(keystone)]# echo $Int_Net_ID
fab0c6a1-5aea-470c-a39b-55dd9c34da19

[root@node1 ~(keystone)]# openstack stack create -t heat-test.yml --parameter "ImageID=c77;NetID=$Int_Net_ID" Sample-Stack
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | 1123a493-ca0d-4665-9376-e2f1cea6a890 |
| stack_name          | Sample-Stack                         |
| description         | Heat Sample Template                 |
| creation_time       | 2020-03-03T19:28:09Z                 |
| updated_time        | None                                 |
| stack_status        | CREATE_IN_PROGRESS                   |
| stack_status_reason | Stack CREATE started                 |
+---------------------+--------------------------------------+

# 查看创建状态
[root@node1 ~(keystone)]# openstack stack list
+----------+--------------+------------+--------------------+----------------------+--------------+
| ID       | Stack Name   | Project    | Stack Status       | Creation Time        | Updated Time |
+----------+--------------+------------+--------------------+----------------------+--------------+
| 1123.... | Sample-Stack | 558e...... | CREATE_IN_PROGRESS | 2020-03-03T19:28:09Z | None         |
+----------+--------------+------------+--------------------+----------------------+--------------+

[root@node1 ~(keystone)]# openstack stack list
+----------+--------------+------------+--------------------+----------------------+--------------+
| ID       | Stack Name   | Project    | Stack Status       | Creation Time        | Updated Time |
+----------+--------------+------------+--------------------+----------------------+--------------+
| 1123.... | Sample-Stack | 558e...... |  CREATE_COMPLETE   | 2020-03-03T19:28:09Z | None         |
+----------+--------------+------------+--------------------+----------------------+--------------+

[root@node1 ~(keystone)]# openstack server list
+--------------+----------------------+--------+-------------------------+-------+----------+
| ID           | Name                 | Status | Networks                | Image | Flavor   |
+--------------+----------------------+--------+-------------------------+-------+----------+
| b9ca3462-... | Heat_Deployed_Server | ACTIVE | int_net=192.168.188.220 | c77   | m1.small |
+--------------+----------------------+--------+-------------------------+-------+----------+

[root@node1 ~(keystone)]# openstack stack delete --yes Sample-Stack
[root@node1 ~(keystone)]# openstack stack list

[root@node1 ~(keystone)]# openstack server list

如对您有帮助，请随缘打个赏。^-^

gold