OpenStack Ussuri : Heat
OpenStack Ussuri : Heat
----------------------- ----------------------- -----------------------
| [ Controller Node ] | | [ Compute Node ] | | [ Network Node ] |
| | | Libvirt | | Open vSwitch |
| MariaDB RabbitMQ | | Nova compute | | L2 Agent |
| Memcached Keystone | | Open vSwitch | | L3 Agent |
| httpd Cinder API | | L2 Agent | | metadata agent |
| Nova-API Compute | | Cinder-LVM | | Swift-proxy |
| L2 agent L3 agent | | NFS | | Heat API |
| metadata agent | ----------------------- | API-CFN |
| Neutron Server | | Heat Engine |
----------------------- -----------------------
---------------------------------
| [ Storage Node 1, 2, 3 ] |
| |
| Swift-account-auditor |
| Swift-account-replicator |
| Swift-account |
| Swift-container-auditor |
| Swift-container-replicator |
| Swift-container-updater |
| Swift-container |
| Swift-object-auditor |
| Swift-object-replicator |
| Swift-object-updater |
| Swift-swift-object |
---------------------------------OpenStack Ussuri : Heat
- 클라우딩 컴퓨팅이 꽃인 Orchestaration 기능을 수행하는 Heat 서비스를 설치해보도록 하겠습니다.
- Heat 설치는 controller, network 노드 순으로 이루어집니다.
- 단 Heat는 controller에서는 API의 Endpoint만을 제공하며, 대부분의 설정은 network node에서 이루어집니다.
- Heat*에 대한 설명은 Heat을 참조해주세요.
Heat service 및 User 생성
$ controller ~(keystone)> openstack user create --domain default --project service --password qwer1234 heat
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | b470c69e28db47cdbfc81e06cc67f627 |
| domain_id | default |
| enabled | True |
| id | 148bafa480d84f87ba939968edb2585f |
| name | heat |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ controller ~(keystone)> openstack role add --project service --user heat admin
$ controller ~(keystone)> openstack role create heat_stack_owner
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | d46789e4326e4055aa8f6fead7c777bb |
| name | heat_stack_owner |
| options | {} |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack role create heat_stack_user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | ff45744ddbe247919034cea7c3f309e7 |
| name | heat_stack_user |
| options | {} |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack role add --project admin --user admin heat_stack_owner
$ controller ~(keystone)> openstack service create --name heat --description "Openstack Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Orchestration |
| enabled | True |
| id | 6cd5b7c7a3234b39998073587c2d9f9a |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack service create --name heat-cfn --description "Openstack Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Orchestration |
| enabled | True |
| id | 2fb2087bf8da472d8c51e9fee39c93ad |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne orchestration public http://network:8004/v1/AUTH_%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 50481bc9998b454a9f70682132ecb026 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6cd5b7c7a3234b39998073587c2d9f9a |
| service_name | heat |
| service_type | orchestration |
| url | http://network:8004/v1/AUTH_%(tenant_id)s |
+--------------+-------------------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne orchestration internal http://network:8004/v1/AUTH_%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 1015f4c570a747349109b76b7295876c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6cd5b7c7a3234b39998073587c2d9f9a |
| service_name | heat |
| service_type | orchestration |
| url | http://network:8004/v1/AUTH_%(tenant_id)s |
+--------------+-------------------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne orchestration admin http://network:8004/v1/AUTH_%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | ed21251a3f274ba6bb35061cef6cac1d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6cd5b7c7a3234b39998073587c2d9f9a |
| service_name | heat |
| service_type | orchestration |
| url | http://network:8004/v1/AUTH_%(tenant_id)s |
+--------------+-------------------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne cloudformation public http://network:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fb2b67b2a13d43e1a55f775857908a5f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2fb2087bf8da472d8c51e9fee39c93ad |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://network:8000/v1 |
+--------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne cloudformation internal http://network:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a8f4517ecf4d4370beecee9e17183c6b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2fb2087bf8da472d8c51e9fee39c93ad |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://network:8000/v1 |
+--------------+----------------------------------+
$ controller ~(keystone)> openstack endpoint create --region RegionOne cloudformation admin http://network:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 66db714e538545879b7121f7150e72fc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2fb2087bf8da472d8c51e9fee39c93ad |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://network:8000/v1 |
+--------------+----------------------------------+
$ controller ~(keystone)> openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 36fa9838b2fa43f6a6bbc95f0cdfd0a7 |
| name | heat |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
$ controller ~(keystone)> openstack user create --domain heat --password qwer1234 heat_domain_admin
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 36fa9838b2fa43f6a6bbc95f0cdfd0a7 |
| enabled | True |
| id | c77bd90604254f8097aed49ea17f6fb3 |
| name | heat_domain_admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ controller ~(keystone)> openstack role add --domain heat --user heat_domain_admin admin
Heat 유저의 DB를 생성합니다.
$ controller> mysql -u root -p
$ MariaDB> create database heat;
$ MariaDB> grant all privileges on heat.* to heat@'localhost' identified by 'qwer1234';
$ MariaDB> grant all privileges on heat.* to heat@'%' identified by 'qwer1234';
$ MariaDB> flush privileges;
$ MariaDB> exit;
Network Node Heat 설치
$ Network> dnf --enablerepo=centos-openstack-ussuri,powertools,epel -y install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine python3-heatclient
# Heat 및 관련 모듈을 설치합니다.
$ Network> vi /etc/heat/heat.conf
[DEFAULT]
deferred_auth_method = trusts
trusts_delegated_roles = heat_stack_owner
heat_metadata_server_url = http://network:8000
heat_waitcondition_server_url = http://network:8000/v1/waitcondition
heat_watch_server_url = http://network:8003
heat_stack_user_role = heat_stack_user
stack_user_domain_name = heat
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = qwer1234
transport_url = rabbit://openstack:qwer1234@controller
[database]
connection = mysql+pymysql://heat:qwer1234@controller/heat
[clients_keystone]
auth_uri = http://controller:5000
[ec2authtoken]
auth_uri = http://controller:5000
[heat_api]
bind_host = 0.0.0.0
bind_port = 8004
[heat_api_cfn]
bind_host = 0.0.0.0
bind_port = 8000
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = qwer1234
[trustee]
auth_plugin = password
auth_url = http://controller:5000
username = heat
password = qwer1234
user_domain_name = default
$ network> chgrp heat /etc/heat/heat.conf
$ network> chmod 640 /etc/heat/heat.conf
$ network> su -s /bin/bash heat -c "heat-manage db_sync"
$ network> systemctl enable --now openstack-heat-api openstack-heat-api-cfn openstack-heat-engine
# DB를 import 시키고, haet 서비스를 등록 및 시작합니다.
$ network> firewall-cmd --add-port={8000/tcp,8004/tcp} --permanent
$ network> firewall-cmd --reload
# 방화벽을 설정합니다.
확인
$ controller ~(keystone)> vi sample-stack.yml
heat_template_version: 2018-08-31
description: Heat Sample Template
parameters:
ImageID:
type: string
description: Image used to boot a server
NetID:
type: string
description: Network ID for the server
resources:
server1:
type: OS::Nova::Server
properties:
name: "Heat_Deployed_Server"
image: { get_param: ImageID }
flavor: "m1.tiny"
networks:
- network: { get_param: NetID }
outputs:
server1_private_ip:
description: IP address of the server in the private network
value: { get_attr: [ server1, first_address ] }
$ controller ~(keystone)> openstack stack create -t sample-stack.yml --parameter "ImageID=cirros;NetID=Int_net" Sample-Stack
# controller ~(keystone)> openstack stack list
+--------------------------------------+--------------+----------------------------------+-----------------+----------------------+--------------+
| ID | Stack Name | Project | Stack Status | Creation Time | Updated Time |
+--------------------------------------+--------------+----------------------------------+-----------------+----------------------+--------------+
| 4cb88c32-24f9-41cf-a44d-e18593c5eb2f | Sample-Stack | edd7025c02574d3aa2d3ab6e56208320 | CREATE_COMPLETE | 2020-08-13T09:39:16Z | None |
+--------------------------------------+----
# controller ~(keystone)> openstack server list
+--------------------------------------+----------------------+--------+-----------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+----------------------+--------+-----------------------+--------+---------+
| ab20d06c-955a-404b-9525-11e3e4b09484 | Heat_Deployed_Server | ACTIVE | int_net=192.168.100.6 | cirros | m1.tiny |
+--------------------------------------+----------------------+--------+-----------------------+--------+---------+
마지막 수정일자