744c2afd6f
Heat can now run in standalone mode with the default v3 keystone backend. This change removes the installation of the v2 contrib backend. It also configures saner defaults when HEAT_STANDALONE is True. Using trusts and a stack-domain will never work in standalone mode since they both require a service user which doesn't exist in standalone mode. Finally, this change prevents heat.conf being populated with service user options not required by standalone mode. Configuring the v2 backend may be reintroduced later with a dedicated flag variable. Change-Id: I88403e359e5e59e776b25ba1b65fae6fa8a3548e
352 lines
12 KiB
Bash
352 lines
12 KiB
Bash
#!/bin/bash
|
|
#
|
|
# lib/heat
|
|
# Install and start **Heat** service
|
|
|
|
# To enable, add the following to localrc
|
|
#
|
|
# ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng
|
|
|
|
# Dependencies:
|
|
# (none)
|
|
|
|
# stack.sh
|
|
# ---------
|
|
# - install_heatclient
|
|
# - install_heat
|
|
# - configure_heatclient
|
|
# - configure_heat
|
|
# - init_heat
|
|
# - start_heat
|
|
# - stop_heat
|
|
# - cleanup_heat
|
|
|
|
# Save trace setting
|
|
XTRACE=$(set +o | grep xtrace)
|
|
set +o xtrace
|
|
|
|
|
|
# Defaults
|
|
# --------
|
|
|
|
# set up default directories
|
|
GITDIR["python-heatclient"]=$DEST/python-heatclient
|
|
|
|
HEAT_DIR=$DEST/heat
|
|
HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
|
|
HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
|
|
OCC_DIR=$DEST/os-collect-config
|
|
ORC_DIR=$DEST/os-refresh-config
|
|
OAC_DIR=$DEST/os-apply-config
|
|
|
|
HEAT_PIP_REPO=$DATA_DIR/heat-pip-repo
|
|
HEAT_PIP_REPO_PORT=${HEAT_PIP_REPO_PORT:-8899}
|
|
|
|
HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
|
|
HEAT_STANDALONE=$(trueorfalse False HEAT_STANDALONE)
|
|
HEAT_ENABLE_ADOPT_ABANDON=$(trueorfalse False HEAT_ENABLE_ADOPT_ABANDON)
|
|
HEAT_CONF_DIR=/etc/heat
|
|
HEAT_CONF=$HEAT_CONF_DIR/heat.conf
|
|
HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
|
|
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
|
|
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
|
|
HEAT_API_PORT=${HEAT_API_PORT:-8004}
|
|
|
|
|
|
# other default options
|
|
if [[ "$HEAT_STANDALONE" = "True" ]]; then
|
|
# for standalone, use defaults which require no service user
|
|
HEAT_STACK_DOMAIN=`trueorfalse False $HEAT_STACK_DOMAIN`
|
|
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-password}
|
|
else
|
|
HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
|
|
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
|
|
fi
|
|
|
|
# Tell Tempest this project is present
|
|
TEMPEST_SERVICES+=,heat
|
|
|
|
|
|
# Functions
|
|
# ---------
|
|
|
|
# Test if any Heat services are enabled
|
|
# is_heat_enabled
|
|
function is_heat_enabled {
|
|
[[ ,${ENABLED_SERVICES} =~ ,"h-" ]] && return 0
|
|
return 1
|
|
}
|
|
|
|
# cleanup_heat() - Remove residual data files, anything left over from previous
|
|
# runs that a clean run would need to clean up
|
|
function cleanup_heat {
|
|
sudo rm -rf $HEAT_AUTH_CACHE_DIR
|
|
sudo rm -rf $HEAT_ENV_DIR
|
|
sudo rm -rf $HEAT_TEMPLATES_DIR
|
|
sudo rm -rf $HEAT_CONF_DIR
|
|
}
|
|
|
|
# configure_heat() - Set config files, create data dirs, etc
|
|
function configure_heat {
|
|
|
|
if [[ ! -d $HEAT_CONF_DIR ]]; then
|
|
sudo mkdir -p $HEAT_CONF_DIR
|
|
fi
|
|
sudo chown $STACK_USER $HEAT_CONF_DIR
|
|
# remove old config files
|
|
rm -f $HEAT_CONF_DIR/heat-*.conf
|
|
|
|
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$HOST_IP}
|
|
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
|
|
HEAT_ENGINE_HOST=${HEAT_ENGINE_HOST:-$SERVICE_HOST}
|
|
HEAT_ENGINE_PORT=${HEAT_ENGINE_PORT:-8001}
|
|
HEAT_API_CW_HOST=${HEAT_API_CW_HOST:-$HOST_IP}
|
|
HEAT_API_CW_PORT=${HEAT_API_CW_PORT:-8003}
|
|
HEAT_API_PASTE_FILE=$HEAT_CONF_DIR/api-paste.ini
|
|
HEAT_POLICY_FILE=$HEAT_CONF_DIR/policy.json
|
|
|
|
cp $HEAT_DIR/etc/heat/api-paste.ini $HEAT_API_PASTE_FILE
|
|
cp $HEAT_DIR/etc/heat/policy.json $HEAT_POLICY_FILE
|
|
|
|
# common options
|
|
iniset_rpc_backend heat $HEAT_CONF DEFAULT
|
|
iniset $HEAT_CONF DEFAULT heat_metadata_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT
|
|
iniset $HEAT_CONF DEFAULT heat_waitcondition_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1/waitcondition
|
|
iniset $HEAT_CONF DEFAULT heat_watch_server_url http://$HEAT_API_CW_HOST:$HEAT_API_CW_PORT
|
|
iniset $HEAT_CONF database connection `database_connection_url heat`
|
|
iniset $HEAT_CONF DEFAULT auth_encryption_key $(generate_hex_string 16)
|
|
|
|
iniset $HEAT_CONF DEFAULT region_name_for_services "$REGION_NAME"
|
|
|
|
# logging
|
|
iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
|
|
iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
|
|
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
|
|
# Add color to logging output
|
|
setup_colorized_logging $HEAT_CONF DEFAULT tenant user
|
|
fi
|
|
|
|
# NOTE(jamielennox): heat re-uses specific values from the
|
|
# keystone_authtoken middleware group and so currently fails when using the
|
|
# auth plugin setup. This should be fixed in heat. Heat is also the only
|
|
# service that requires the auth_uri to include a /v2.0. Remove this custom
|
|
# setup when bug #1300246 is resolved.
|
|
iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
|
if [[ "$HEAT_STANDALONE" = "True" ]]; then
|
|
iniset $HEAT_CONF paste_deploy flavor standalone
|
|
iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s"
|
|
else
|
|
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
|
|
iniset $HEAT_CONF keystone_authtoken admin_user heat
|
|
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
|
|
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
|
|
iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
|
|
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR
|
|
fi
|
|
|
|
# ec2authtoken
|
|
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
|
|
|
# OpenStack API
|
|
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT
|
|
iniset $HEAT_CONF heat_api workers "$API_WORKERS"
|
|
|
|
# Cloudformation API
|
|
iniset $HEAT_CONF heat_api_cfn bind_port $HEAT_API_CFN_PORT
|
|
|
|
# Cloudwatch API
|
|
iniset $HEAT_CONF heat_api_cloudwatch bind_port $HEAT_API_CW_PORT
|
|
|
|
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
|
|
iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE
|
|
fi
|
|
|
|
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
|
|
iniset $HEAT_CONF clients_nova ca_file $SSL_BUNDLE_FILE
|
|
fi
|
|
|
|
if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
|
|
iniset $HEAT_CONF clients_cinder ca_file $SSL_BUNDLE_FILE
|
|
fi
|
|
|
|
if [[ "$HEAT_ENABLE_ADOPT_ABANDON" = "True" ]]; then
|
|
iniset $HEAT_CONF DEFAULT enable_stack_adopt true
|
|
iniset $HEAT_CONF DEFAULT enable_stack_abandon true
|
|
fi
|
|
|
|
# heat environment
|
|
sudo mkdir -p $HEAT_ENV_DIR
|
|
sudo chown $STACK_USER $HEAT_ENV_DIR
|
|
# copy the default environment
|
|
cp $HEAT_DIR/etc/heat/environment.d/* $HEAT_ENV_DIR/
|
|
|
|
# heat template resources.
|
|
sudo mkdir -p $HEAT_TEMPLATES_DIR
|
|
sudo chown $STACK_USER $HEAT_TEMPLATES_DIR
|
|
# copy the default templates
|
|
cp $HEAT_DIR/etc/heat/templates/* $HEAT_TEMPLATES_DIR/
|
|
|
|
}
|
|
|
|
# init_heat() - Initialize database
|
|
function init_heat {
|
|
|
|
# (re)create heat database
|
|
recreate_database heat
|
|
|
|
$HEAT_DIR/bin/heat-manage db_sync
|
|
create_heat_cache_dir
|
|
}
|
|
|
|
# create_heat_cache_dir() - Part of the init_heat() process
|
|
function create_heat_cache_dir {
|
|
# Create cache dirs
|
|
sudo mkdir -p $HEAT_AUTH_CACHE_DIR
|
|
sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR
|
|
}
|
|
|
|
# install_heatclient() - Collect source and prepare
|
|
function install_heatclient {
|
|
if use_library_from_git "python-heatclient"; then
|
|
git_clone_by_name "python-heatclient"
|
|
setup_dev_lib "python-heatclient"
|
|
sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-heatclient"]}/tools/,/etc/bash_completion.d/}heat.bash_completion
|
|
fi
|
|
}
|
|
|
|
# install_heat() - Collect source and prepare
|
|
function install_heat {
|
|
git_clone $HEAT_REPO $HEAT_DIR $HEAT_BRANCH
|
|
setup_develop $HEAT_DIR
|
|
}
|
|
|
|
# install_heat_other() - Collect source and prepare
|
|
function install_heat_other {
|
|
git_clone $HEAT_CFNTOOLS_REPO $HEAT_CFNTOOLS_DIR $HEAT_CFNTOOLS_BRANCH
|
|
git_clone $HEAT_TEMPLATES_REPO $HEAT_TEMPLATES_REPO_DIR $HEAT_TEMPLATES_BRANCH
|
|
}
|
|
|
|
# start_heat() - Start running processes, including screen
|
|
function start_heat {
|
|
run_process h-eng "$HEAT_DIR/bin/heat-engine --config-file=$HEAT_CONF"
|
|
run_process h-api "$HEAT_DIR/bin/heat-api --config-file=$HEAT_CONF"
|
|
run_process h-api-cfn "$HEAT_DIR/bin/heat-api-cfn --config-file=$HEAT_CONF"
|
|
run_process h-api-cw "$HEAT_DIR/bin/heat-api-cloudwatch --config-file=$HEAT_CONF"
|
|
}
|
|
|
|
# stop_heat() - Stop running processes
|
|
function stop_heat {
|
|
# Kill the screen windows
|
|
local serv
|
|
for serv in h-eng h-api h-api-cfn h-api-cw; do
|
|
stop_process $serv
|
|
done
|
|
}
|
|
|
|
# create_heat_accounts() - Set up common required heat accounts
|
|
function create_heat_accounts {
|
|
if [[ "$HEAT_STANDALONE" != "True" ]]; then
|
|
|
|
create_service_user "heat" "admin"
|
|
|
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
|
|
|
local heat_service=$(get_or_create_service "heat" \
|
|
"orchestration" "Heat Orchestration Service")
|
|
get_or_create_endpoint $heat_service \
|
|
"$REGION_NAME" \
|
|
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
|
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
|
|
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
|
|
|
local heat_cfn_service=$(get_or_create_service "heat-cfn" \
|
|
"cloudformation" "Heat CloudFormation Service")
|
|
get_or_create_endpoint $heat_cfn_service \
|
|
"$REGION_NAME" \
|
|
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
|
|
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
|
|
fi
|
|
|
|
# heat_stack_user role is for users created by Heat
|
|
get_or_create_role "heat_stack_user"
|
|
fi
|
|
|
|
if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
|
|
iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
|
|
fi
|
|
|
|
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
|
|
# Note we have to pass token/endpoint here because the current endpoint and
|
|
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
|
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
--os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
|
|
|
|
if [[ -z "$D_ID" ]]; then
|
|
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
--os-identity-api-version=3 domain create heat \
|
|
--description "Owns users and projects created by heat" \
|
|
| grep ' id ' | get_field 2)
|
|
iniset $HEAT_CONF DEFAULT stack_user_domain_id ${D_ID}
|
|
|
|
openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
--os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
|
|
--domain $D_ID heat_domain_admin \
|
|
--description "Manages users and projects created by heat"
|
|
openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
--os-identity-api-version=3 role add \
|
|
--user heat_domain_admin --domain ${D_ID} admin
|
|
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
|
|
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# build_heat_pip_mirror() - Build a pip mirror containing heat agent projects
|
|
function build_heat_pip_mirror {
|
|
local project_dirs="$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
|
|
local projpath proj package
|
|
|
|
rm -rf $HEAT_PIP_REPO
|
|
mkdir -p $HEAT_PIP_REPO
|
|
|
|
echo "<html><body>" > $HEAT_PIP_REPO/index.html
|
|
for projpath in $project_dirs; do
|
|
proj=$(basename $projpath)
|
|
mkdir -p $HEAT_PIP_REPO/$proj
|
|
pushd $projpath
|
|
rm -rf dist
|
|
python setup.py sdist
|
|
pushd dist
|
|
package=$(ls *)
|
|
mv $package $HEAT_PIP_REPO/$proj/$package
|
|
popd
|
|
|
|
echo "<html><body><a href=\"$package\">$package</a></body></html>" > $HEAT_PIP_REPO/$proj/index.html
|
|
echo "<a href=\"$proj\">$proj</a><br/>" >> $HEAT_PIP_REPO/index.html
|
|
|
|
popd
|
|
done
|
|
|
|
echo "</body></html>" >> $HEAT_PIP_REPO/index.html
|
|
|
|
local heat_pip_repo_apache_conf=$(apache_site_config_for heat_pip_repo)
|
|
|
|
sudo cp $FILES/apache-heat-pip-repo.template $heat_pip_repo_apache_conf
|
|
sudo sed -e "
|
|
s|%HEAT_PIP_REPO%|$HEAT_PIP_REPO|g;
|
|
s|%HEAT_PIP_REPO_PORT%|$HEAT_PIP_REPO_PORT|g;
|
|
s|%APACHE_NAME%|$APACHE_NAME|g;
|
|
" -i $heat_pip_repo_apache_conf
|
|
enable_apache_site heat_pip_repo
|
|
restart_apache_server
|
|
}
|
|
|
|
# Restore xtrace
|
|
$XTRACE
|
|
|
|
# Tell emacs to use shell-script-mode
|
|
## Local variables:
|
|
## mode: shell-script
|
|
## End:
|