devstack/lib/heat

# lib/heat
# Install and start **Heat** service

# To enable, add the following to localrc
#
#   ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng

# Dependencies:
#
# - functions

# stack.sh
# ---------
# - install_heatclient
# - install_heat
# - configure_heatclient
# - configure_heat
# - init_heat
# - start_heat
# - stop_heat
# - cleanup_heat

# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace


# Defaults
# --------

# set up default directories
HEAT_DIR=$DEST/heat
HEATCLIENT_DIR=$DEST/python-heatclient
HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates
HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}
HEAT_STANDALONE=`trueorfalse False $HEAT_STANDALONE`
HEAT_CONF_DIR=/etc/heat
HEAT_CONF=$HEAT_CONF_DIR/heat.conf
HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`

# other default options
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}

# Tell Tempest this project is present
TEMPEST_SERVICES+=,heat


# Functions
# ---------

# Test if any Heat services are enabled
# is_heat_enabled
function is_heat_enabled {
    [[ ,${ENABLED_SERVICES} =~ ,"h-" ]] && return 0
    return 1
}

# cleanup_heat() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_heat {
    sudo rm -rf $HEAT_AUTH_CACHE_DIR
    sudo rm -rf $HEAT_ENV_DIR
    sudo rm -rf $HEAT_TEMPLATES_DIR
}

# configure_heat() - Set config files, create data dirs, etc
function configure_heat {
    setup_develop $HEAT_DIR

    if [[ ! -d $HEAT_CONF_DIR ]]; then
        sudo mkdir -p $HEAT_CONF_DIR
    fi
    sudo chown $STACK_USER $HEAT_CONF_DIR
    # remove old config files
    rm -f $HEAT_CONF_DIR/heat-*.conf

    HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$HOST_IP}
    HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
    HEAT_ENGINE_HOST=${HEAT_ENGINE_HOST:-$SERVICE_HOST}
    HEAT_ENGINE_PORT=${HEAT_ENGINE_PORT:-8001}
    HEAT_API_CW_HOST=${HEAT_API_CW_HOST:-$HOST_IP}
    HEAT_API_CW_PORT=${HEAT_API_CW_PORT:-8003}
    HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
    HEAT_API_PORT=${HEAT_API_PORT:-8004}
    HEAT_API_PASTE_FILE=$HEAT_CONF_DIR/api-paste.ini
    HEAT_POLICY_FILE=$HEAT_CONF_DIR/policy.json

    cp $HEAT_DIR/etc/heat/api-paste.ini $HEAT_API_PASTE_FILE
    cp $HEAT_DIR/etc/heat/policy.json $HEAT_POLICY_FILE
    cp $HEAT_DIR/etc/heat/heat.conf.sample $HEAT_CONF

    # common options
    iniset_rpc_backend heat $HEAT_CONF DEFAULT
    iniset $HEAT_CONF DEFAULT heat_metadata_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT
    iniset $HEAT_CONF DEFAULT heat_waitcondition_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1/waitcondition
    iniset $HEAT_CONF DEFAULT heat_watch_server_url http://$HEAT_API_CW_HOST:$HEAT_API_CW_PORT
    iniset $HEAT_CONF database connection `database_connection_url heat`
    iniset $HEAT_CONF DEFAULT auth_encryption_key $(generate_hex_string 16)

    iniset $HEAT_CONF DEFAULT region_name_for_services "$REGION_NAME"

    # logging
    iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
    iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
    if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
        # Add color to logging output
        setup_colorized_logging $HEAT_CONF DEFAULT tenant user
    fi

    # keystone authtoken
    iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
    configure_API_version $HEAT_CONF $IDENTITY_API_VERSION
    iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA
    iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
    iniset $HEAT_CONF keystone_authtoken admin_user heat
    iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
    iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR

    if is_ssl_enabled_service "key"; then
        iniset $HEAT_CONF clients_keystone ca_file $KEYSTONE_SSL_CA
    fi

    # ec2authtoken
    iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0

    # paste_deploy
    [[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone

    # OpenStack API
    iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT

    # Cloudformation API
    iniset $HEAT_CONF heat_api_cfn bind_port $HEAT_API_CFN_PORT

    # Cloudwatch API
    iniset $HEAT_CONF heat_api_cloudwatch bind_port $HEAT_API_CW_PORT

    # heat environment
    sudo mkdir -p $HEAT_ENV_DIR
    sudo chown $STACK_USER $HEAT_ENV_DIR
    # copy the default environment
    cp $HEAT_DIR/etc/heat/environment.d/* $HEAT_ENV_DIR/

    # heat template resources.
    sudo mkdir -p $HEAT_TEMPLATES_DIR
    sudo chown $STACK_USER $HEAT_TEMPLATES_DIR
    # copy the default templates
    cp $HEAT_DIR/etc/heat/templates/* $HEAT_TEMPLATES_DIR/

}

# init_heat() - Initialize database
function init_heat {

    # (re)create heat database
    recreate_database heat utf8

    $HEAT_DIR/bin/heat-manage db_sync
    create_heat_cache_dir
}

# create_heat_cache_dir() - Part of the init_heat() process
function create_heat_cache_dir {
    # Create cache dirs
    sudo mkdir -p $HEAT_AUTH_CACHE_DIR
    sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR
}

# install_heatclient() - Collect source and prepare
function install_heatclient {
    git_clone $HEATCLIENT_REPO $HEATCLIENT_DIR $HEATCLIENT_BRANCH
    setup_develop $HEATCLIENT_DIR
    sudo install -D -m 0644 -o $STACK_USER {$HEATCLIENT_DIR/tools/,/etc/bash_completion.d/}heat.bash_completion
}

# install_heat() - Collect source and prepare
function install_heat {
    git_clone $HEAT_REPO $HEAT_DIR $HEAT_BRANCH
}

# install_heat_other() - Collect source and prepare
function install_heat_other {
    git_clone $HEAT_CFNTOOLS_REPO $HEAT_CFNTOOLS_DIR $HEAT_CFNTOOLS_BRANCH
    git_clone $HEAT_TEMPLATES_REPO $HEAT_TEMPLATES_REPO_DIR $HEAT_TEMPLATES_BRANCH
}

# start_heat() - Start running processes, including screen
function start_heat {
    screen_it h-eng "cd $HEAT_DIR; bin/heat-engine --config-file=$HEAT_CONF"
    screen_it h-api "cd $HEAT_DIR; bin/heat-api --config-file=$HEAT_CONF"
    screen_it h-api-cfn "cd $HEAT_DIR; bin/heat-api-cfn --config-file=$HEAT_CONF"
    screen_it h-api-cw "cd $HEAT_DIR; bin/heat-api-cloudwatch --config-file=$HEAT_CONF"
}

# stop_heat() - Stop running processes
function stop_heat {
    # Kill the screen windows
    local serv
    for serv in h-eng h-api h-api-cfn h-api-cw; do
        screen_stop $serv
    done
}

# create_heat_accounts() - Set up common required heat accounts
function create_heat_accounts {
    # migrated from files/keystone_data.sh
    local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")

    local heat_user=$(get_or_create_user "heat" \
        "$SERVICE_PASSWORD" $service_tenant)
    get_or_add_user_role $admin_role $heat_user $service_tenant

    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then

        local heat_service=$(get_or_create_service "heat" \
                "orchestration" "Heat Orchestration Service")
        get_or_create_endpoint $heat_service \
            "$REGION_NAME" \
            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
            "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"

        local heat_cfn_service=$(get_or_create_service "heat-cfn" \
                "cloudformation" "Heat CloudFormation Service")
        get_or_create_endpoint $heat_cfn_service \
            "$REGION_NAME" \
            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
            "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
    fi

    # heat_stack_user role is for users created by Heat
    get_or_create_role "heat_stack_user"

    if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then

        # heat_stack_owner role is given to users who create Heat stacks,
        # it's the default role used by heat to delegate to the heat service
        # user (for performing deferred operations via trusts), see heat.conf
        local heat_owner_role=$(get_or_create_role "heat_stack_owner")

        # Give the role to the demo and admin users so they can create stacks
        # in either of the projects created by devstack
        get_or_add_user_role $heat_owner_role demo demo
        get_or_add_user_role $heat_owner_role admin demo
        get_or_add_user_role $heat_owner_role admin admin
        iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
    fi

    if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
        # Note we have to pass token/endpoint here because the current endpoint and
        # version negotiation in OSC means just --os-identity-api-version=3 won't work
        local ks_endpoint_v3="$KEYSTONE_SERVICE_URI/v3"

        D_ID=$(openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
            --os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)

        if [[ -z "$D_ID" ]]; then
            D_ID=$(openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
                --os-identity-api-version=3 domain create heat \
                --description "Owns users and projects created by heat" \
                | grep ' id ' | get_field 2)
            iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}

            openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
                --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
                --domain $D_ID heat_domain_admin \
                --description "Manages users and projects created by heat"
            openstack --os-token $OS_TOKEN --os-url=$ks_endpoint_v3 \
                --os-identity-api-version=3 role add \
                --user heat_domain_admin --domain ${D_ID} admin
            iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
            iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
        fi
    fi
}

# build_heat_functional_test_image() - Build and upload functional test image
function build_heat_functional_test_image {
    build_dib_pip_repo "$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR"
    local image_name=heat-functional-tests-image

    # The elements to invoke disk-image-create with
    local image_elements="vm fedora selinux-permissive pypi \
        os-collect-config os-refresh-config os-apply-config heat-cfntools \
        heat-config heat-config-cfn-init heat-config-puppet heat-config-script"

    # Elements path for tripleo-image-elements and heat-templates software-config
    local elements_path=$TIE_DIR/elements:$HEAT_TEMPLATES_REPO_DIR/hot/software-config/elements

    disk_image_create_upload "$image_name" "$image_elements" "$elements_path"
    iniset $TEMPEST_CONFIG orchestration image_ref $image_name
}

# Restore xtrace
$XTRACE

# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End: