Add Ansible support for Heat

This changes bootstrapping of the Heat container to bootstrap the Heat container with a heat domain user. This requires some work from bootstrap.yml to pass in several environment variables needed by the heat domain setup script. Co-Authored-By: Sam Yaple <sam@yaple.net> Change-Id: Iab05983754fa514835cb5ff54d775faa18773110 Partially-implements: blueprint ansible-heat
2015-08-02 12:26:30 -07:00 · 2015-08-02 12:26:30 -07:00 · 5e521f0550
commit 5e521f0550
parent 730276aaf9
26 changed files with 415 additions and 23 deletions
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -96,6 +96,10 @@ swift_object_server_port: "6000"
 swift_account_server_port: "6001"
 swift_container_server_port: "6002"

+heat_api_port: "8004"
+heat_api_cfn_port: "8000"
+
+
 ####################
 # Openstack options
 ####################
@ -133,9 +137,11 @@ enable_rabbitmq: "yes"

 # Additional optional OpenStack services are specified here
 enable_cinder: "no"
+enable_heat: "yes"
 enable_horizon: "yes"
 enable_swift: "no"

+
 ####################
 # RabbitMQ options
 ####################
--- a/ansible/inventory/all-in-one
+++ b/ansible/inventory/all-in-one
@ -48,6 +48,9 @@ control
 [swift:children]
 control

+[heat:children]
+control
+

 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
@ -111,3 +114,13 @@ storage

 [swift-object-server:children]
 storage
+
+# Heat
+[heat-api:children]
+heat
+
+[heat-api-cfn:children]
+heat
+
+[heat-engine:children]
+heat
--- a/ansible/inventory/multinode
+++ b/ansible/inventory/multinode
@ -9,6 +9,8 @@ control03       ansible_ssh_user=sam
 # The above can also be specified as follows:
 #control[01:03]     ansible_ssh_user=sam

+# The network nodes are where your l3-agent and loadbalancers will run
+# This can be the same as a a host in the control group
 [network]
 network01

@ -54,6 +56,9 @@ control
 [swift:children]
 control

+[heat:children]
+control
+

 # Additional control implemented here. These groups allow you to control which
 # services run on which hosts at a per-service level.
@ -117,3 +122,13 @@ storage

 [swift-object-server:children]
 storage
+
+# Heat
+[heat-api:children]
+heat
+
+[heat-api-cfn:children]
+heat
+
+[heat-engine:children]
+heat
--- a/ansible/roles/haproxy/templates/haproxy.cfg.j2
+++ b/ansible/roles/haproxy/templates/haproxy.cfg.j2
@ -97,3 +97,15 @@ listen cinder_api
 {% for host in groups['cinder-api'] %}
  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ cinder_api_port }} check inter 2000 rise 2 fall 5
 {% endfor %}
+
+listen heat_api
+  bind {{ kolla_internal_address }}:{{ heat_api_port }}
+{% for host in groups['heat-api'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ heat_api_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
+
+listen heat_api_cfn
+  bind {{ kolla_internal_address }}:{{ heat_api_cfn_port }}
+{% for host in groups['heat-api-cfn'] %}
+  server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + api_interface]['ipv4']['address'] }}:{{ heat_api_cfn_port }} check inter 2000 rise 2 fall 5
+{% endfor %}
--- a/ansible/roles/heat/defaults/main.yml
+++ b/ansible/roles/heat/defaults/main.yml
@ -0,0 +1,43 @@
+---
+project_name: "heat"
+
+####################
+# Database
+####################
+heat_database_name: "heat"
+heat_database_user: "heat"
+heat_database_address: "{{ kolla_internal_address }}"
+
+
+####################
+# Docker
+####################
+heat_registry_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-registry"
+heat_registry_tag: "{{ openstack_release }}"
+heat_registry_image_full: "{{ heat_registry_image }}:{{ heat_registry_tag }}"
+
+heat_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-api"
+heat_api_tag: "{{ openstack_release }}"
+heat_api_image_full: "{{ heat_api_image }}:{{ heat_api_tag }}"
+
+heat_api_cfn_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-api-cfn"
+heat_api_cfn_tag: "{{ openstack_release }}"
+heat_api_cfn_image_full: "{{ heat_api_cfn_image }}:{{ heat_api_cfn_tag }}"
+
+heat_engine_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-heat-engine"
+heat_engine_tag: "{{ openstack_release }}"
+heat_engine_image_full: "{{ heat_engine_image }}:{{ heat_engine_tag }}"
+
+####################
+# Openstack
+####################
+heat_public_address: "{{ kolla_external_address }}"
+heat_admin_address: "{{ kolla_internal_address }}"
+heat_internal_address: "{{ kolla_internal_address }}"
+
+heat_logging_verbose: "{{ openstack_logging_verbose }}"
+heat_logging_debug: "{{ openstack_logging_debug }}"
+
+heat_keystone_user: "heat"
+
+openstack_heat_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
--- a/ansible/roles/heat/tasks/bootstrap.yml
+++ b/ansible/roles/heat/tasks/bootstrap.yml
@ -0,0 +1,68 @@
+---
+- name: Creating Heat database
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ heat_database_name }}'"
+  register: database
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+
+- name: Creating Heat database user and setting permissions
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ heat_database_name }}'
+        password='{{ heat_database_password }}'
+        host='%'
+        priv='{{ heat_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_user
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_user.stdout.split()[2] != 'SUCCESS'
+  run_once: True
+
+- name: Starting Heat bootstrap container
+  docker:
+    detach: False
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "no"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: bootstrap_heat
+    image: "{{ heat_api_image_full }}"
+    volumes: "{{ node_config_directory }}/heat-api/:/opt/kolla/heat-api/:ro"
+    env:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+      OS_AUTH_URL: "{{ openstack_auth.auth_url }}"
+      OS_IDENTITY_API_VERSION: "3"
+      OS_USERNAME: "{{ openstack_auth.username }}"
+      OS_PASSWORD: "{{ openstack_auth.password }}"
+      OS_PROJECT_NAME: "{{ openstack_auth.project_name }}"
+      HEAT_DOMAIN_ADMIN_PASSWORD: "{{ heat_domain_admin_password }}"
+  run_once: True
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
+
+# https://github.com/ansible/ansible-modules-core/pull/1031
+- name: Waiting for bootstrap container to exit
+  command: docker wait bootstrap_heat
+  run_once: True
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
+
+- name: Cleaning up Heat boostrap container
+  docker:
+    name: bootstrap_heat
+    image: "{{ heat_api_image_full }}"
+    state: absent
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
--- a/ansible/roles/heat/tasks/config.yml
+++ b/ansible/roles/heat/tasks/config.yml
@ -0,0 +1,55 @@
+---
+- include: ../../config.yml
+  vars:
+    service_name: "heat-engine"
+    config_source:
+      - "roles/heat/templates/heat.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/database.conf"
+      - "/etc/kolla/config/heat.conf"
+      - "/etc/kolla/config/heat/heat-engine.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/heat-engine/heat.conf_minimal"
+      - "{{ node_templates_directory }}/heat-engine/heat.conf_global"
+      - "{{ node_templates_directory }}/heat-engine/heat.conf_database"
+      - "{{ node_templates_directory }}/heat-engine/heat.conf_augment"
+      - "{{ node_templates_directory }}/heat-engine/heat-engine.conf_augment"
+    config_dest: "{{ node_config_directory }}/heat-engine/heat.conf"
+
+- include: ../../config.yml
+  vars:
+    service_name: "heat-api"
+    config_source:
+      - "roles/heat/templates/heat.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/database.conf"
+      - "/etc/kolla/config/messaging.conf"
+      - "/etc/kolla/config/heat.conf"
+      - "/etc/kolla/config/heat/heat-api.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/heat-api/heat.conf_minimal"
+      - "{{ node_templates_directory }}/heat-api/heat.conf_global"
+      - "{{ node_templates_directory }}/heat-api/heat.conf_database"
+      - "{{ node_templates_directory }}/heat-api/heat.conf_messaging"
+      - "{{ node_templates_directory }}/heat-api/heat.conf_augment"
+      - "{{ node_templates_directory }}/heat-api/heat-api.conf_augment"
+    config_dest: "{{ node_config_directory }}/heat-api/heat.conf"
+
+- include: ../../config.yml
+  vars:
+    service_name: "heat-api-cfn"
+    config_source:
+      - "roles/heat/templates/heat.conf.j2"
+      - "/etc/kolla/config/global.conf"
+      - "/etc/kolla/config/database.conf"
+      - "/etc/kolla/config/messaging.conf"
+      - "/etc/kolla/config/heat.conf"
+      - "/etc/kolla/config/heat/heat-api-cfn.conf"
+    config_template_dest:
+      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_minimal"
+      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_global"
+      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_database"
+      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_messaging"
+      - "{{ node_templates_directory }}/heat-api-cfn/heat.conf_augment"
+      - "{{ node_templates_directory }}/heat-api-cfn/heat-api-cfn.conf_augment"
+    config_dest: "{{ node_config_directory }}/heat-api-cfn/heat.conf"
--- a/ansible/roles/heat/tasks/main.yml
+++ b/ansible/roles/heat/tasks/main.yml
@ -0,0 +1,8 @@
+---
+- include: register.yml
+
+- include: config.yml
+
+- include: bootstrap.yml
+
+- include: start.yml
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@ -0,0 +1,57 @@
+---
+- name: Creating the Heat service and endpoint
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=heat
+        service_type=orchestration
+        description='Openstack Orchestration'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+        internal_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+        public_url='http://{{ kolla_external_address }}:{{ heat_api_port }}/v1/%(tenant_id)s'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_heat_auth }}' }}"
+    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
+  register: heat_endpoint
+  changed_when: "{{ heat_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (heat_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: heat_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the Heat-cfn service and endpoint
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=heat-cfn
+        service_type=orchestration
+        description='Openstack Orchestration'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ heat_api_port }}/v1'
+        internal_url='http://{{ kolla_internal_address }}:{{ heat_api_cfn_port }}/v1'
+        public_url='http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_heat_auth }}' }}"
+    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
+  register: heat_endpoint
+  changed_when: "{{ heat_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (heat_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: heat_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the Heat project, user, and role
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=heat
+        password={{ heat_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_heat_auth }}' }}"
+    -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}"
+  register: heat_user
+  changed_when: "{{ heat_user.stdout.find('localhost | SUCCESS => ') != -1 and (heat_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: heat_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
--- a/ansible/roles/heat/tasks/start.yml
+++ b/ansible/roles/heat/tasks/start.yml
@ -0,0 +1,57 @@
+---
+- name: Starting heat-api container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: heat_api
+    image: "{{ heat_api_image_full }}"
+    volumes: "{{ node_config_directory }}/heat-api/:/opt/kolla/heat-api/:ro"
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['heat-api']
+
+- name: Starting heat-api-cfn container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: heat_api_cfn
+    image: "{{ heat_api_cfn_image_full }}"
+    volumes: "{{ node_config_directory }}/heat-api-cfn/:/opt/kolla/heat-api-cfn/:ro"
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['heat-api-cfn']
+
+- name: Starting heat-engine container
+  docker:
+    docker_api_version: "{{ docker_api_version }}"
+    net: host
+    pull: "{{ docker_pull_policy }}"
+    restart_policy: "{{ docker_restart_policy }}"
+    restart_policy_retry: "{{ docker_restart_policy_retry }}"
+    state: reloaded
+    registry: "{{ docker_registry }}"
+    username: "{{ docker_registry_username }}"
+    password: "{{ docker_registry_password }}"
+    insecure_registry: "{{ docker_insecure_registry }}"
+    name: heat_engine
+    image: "{{ heat_engine_image_full }}"
+    volumes: "{{ node_config_directory }}/heat-engine/:/opt/kolla/heat-engine/:ro"
+    env:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+  when: inventory_hostname in groups['heat-engine']
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@ -0,0 +1,45 @@
+[DEFAULT]
+heat_watch_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
+heat_metadata_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}
+heat_waitcondition_server_url = http://{{ kolla_external_address }}:{{ heat_api_cfn_port }}/v1/waitcondition
+
+stack_domain_admin = heat_domain_admin
+stack_domain_admin_password = {{ heat_domain_admin_password }}
+stack_user_domain_name = heat_user_domain
+
+rpc_backend = rabbit
+notification_driver = noop
+
+[oslo_messaging_rabbit]
+rabbit_host = {{ kolla_internal_address }}
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_ha_queues = true
+
+{% if service_name == 'heat-api' %}
+[heat_api]
+bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind_port = {{ heat_api_port }}
+{% endif %}
+
+{% if service_name == 'heat-api-cfn' %}
+[heat_api_cfn]
+bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
+bind_port = {{ heat_api_cfn_port }}
+{% endif %}
+
+[database]
+connection = mysql://{{ heat_database_user }}:{{ heat_database_password }}@{{ heat_database_address }}/{{ heat_database_name }}
+
+[keystone_authtoken]
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = heat
+password = {{ heat_keystone_password }}
+
+[ec2authtoken]
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
--- a/ansible/site.yml
+++ b/ansible/site.yml
@ -35,6 +35,10 @@
  roles:
    - { role: cinder, tags: cinder, when: enable_cinder | bool }

+- hosts: [heat-api, heat-api-cfn, heat-engine]
+  roles:
+    - { role: heat, tags: heat, when: enable_heat | bool }
+
 - hosts: horizon
  roles:
    - { role: horizon, tags: horizon, when: enable_horizon | bool }
--- a/docker/base/Dockerfile.j2
+++ b/docker/base/Dockerfile.j2
@ -65,6 +65,7 @@ RUN yum install -y \
        git \
        iproute \
        mariadb-libs \
+        MySQL-python \
        openssl \
        openstack-utils \
        pyparsing \
@ -108,6 +109,7 @@ RUN yum install -y \
        python-netifaces \
        python-networkx \
        python-oauthlib \
+        python-openstackclient \
        python-oslo-config \
        python-oslo-messaging \
        python-oslo-rootwrap \
@ -173,7 +175,6 @@ RUN yum update -y \
        libxslt-devel \
        mariadb-devel \
        mysql-devel \
-        MySQL-python \
        openldap-devel \
        openssl \
        openssl-devel \
@ -210,7 +211,6 @@ RUN apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com 199369E5404BD
        build-essential \
        python-dev \
        libssl-dev \
-        python-mysqldb \
        libmariadbclient-dev \
        libxslt1-dev \
        libffi-dev \
@ -228,7 +228,11 @@ RUN apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com 199369E5404BD

 RUN curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py \
    && python get-pip.py \
-    && rm get-pip.py
+    && rm get-pip.py \
+    && pip --no-cache-dir install \
+        python-openstackclient \
+        MySQL-python \
+        numpy

 # Endif for install_type source
 {% endif %}
--- a/docker/designate/designate-base/Dockerfile.j2
+++ b/docker/designate/designate-base/Dockerfile.j2
@ -9,7 +9,6 @@ MAINTAINER Kolla Project (https://launchpad.net.kolla)
 # need the complete policy file because of some of the containers'
 # requiring it. Remove the package when the file is moved though.
 RUN yum install -y \
-    MySQL-python \
        openstack-designate-api \
        openstack-designate-common \
        python-tooz \
--- a/docker/heat/heat-api-cfn/Dockerfile.j2
+++ b/docker/heat/heat-api-cfn/Dockerfile.j2
@ -4,9 +4,7 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 {% if install_type == 'binary' %}
    {% if base_distro in ['fedora', 'centos', 'oraclelinux'] %}

-RUN yum -y install \
-    openstack-heat-api-cfn \
-    python-openstackclient \
+RUN yum -y install openstack-heat-api-cfn \
    && yum clean all

    {% elif base_distro in ['ubuntu', 'debian'] %}
--- a/docker/heat/heat-api/Dockerfile.j2
+++ b/docker/heat/heat-api/Dockerfile.j2
@ -4,9 +4,7 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)
 {% if install_type == 'binary' %}
    {% if base_distro in ['fedora', 'centos', 'oraclelinux'] %}

-RUN yum -y install \
-    openstack-heat-api \
-    python-openstackclient \
+RUN yum -y install openstack-heat-api \
    && yum clean all

    {% elif base_distro in ['ubuntu', 'debian'] %}
--- a/docker/heat/heat-api/config-external.sh
+++ b/docker/heat/heat-api/config-external.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-SOURCE="/opt/kolla/heat-api/heat-api.conf"
-TARGET="/etc/heat/heat-api.conf"
+SOURCE="/opt/kolla/heat-api/heat.conf"
+TARGET="/etc/heat/heat.conf"
 OWNER="heat"

 if [[ -f "$SOURCE" ]]; then
--- a/docker/heat/heat-api/start.sh
+++ b/docker/heat/heat-api/start.sh
@ -10,4 +10,14 @@ source /opt/kolla/kolla-common.sh
 # Execute config strategy
 set_configs

+# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
+# of the KOLLA_BOOTSTRAP variable being set, including empty.
+if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
+    su -s /bin/sh -c "heat-manage db_sync" heat
+    openstack domain create heat_user_domain
+    openstack user create --domain heat_user_domain heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD}
+    openstack role add --domain heat_user_domain --user heat_domain_admin admin
+    exit 0
+fi
+
 exec $CMD $ARGS
--- a/docker/ironic/ironic-base/Dockerfile.j2
+++ b/docker/ironic/ironic-base/Dockerfile.j2
@ -6,12 +6,10 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)

 # until packaging is fixed, all of this is required
 # api: policy
-# conductor:MySQL-python
 RUN yum -y install \
        python-oslo-log \
        python-oslo-concurrency \
        python-oslo-policy \
-        MySQL-python \
    && yum clean all

    {% elif base_distro in ['ubuntu', 'debian'] %}
--- a/docker/keystone/Dockerfile.j2
+++ b/docker/keystone/Dockerfile.j2
@ -6,7 +6,6 @@ MAINTAINER Kolla Project (https://launchpad.net/kolla)

 RUN yum -y install openstack-keystone \
        python-keystoneclient \
-        python-openstackclient \
        httpd \
        mod_wsgi \
    && yum clean all
--- a/docker/kolla-ansible/Dockerfile.j2
+++ b/docker/kolla-ansible/Dockerfile.j2
@ -9,7 +9,6 @@ RUN yum -y install \
        libffi-devel \
        libxml2-devel \
        libxslt-devel \
-        MySQL-python \
        openssl-devel \
        python-devel \
        openssh-clients \
@ -19,16 +18,17 @@ RUN pip install -U pip wheel

 {% elif base_distro in ['ubuntu', 'debian'] %}

-RUN apt-get install -y --no-install-recommends git
+RUN apt-get install -y --no-install-recommends git \
+    && apt-get clean

 {% endif %}

-RUN pip install shade
+RUN pip --no-cache-dir install shade

 RUN git clone --depth 1 https://github.com/ansible/ansible.git \
    && cd ansible \
    && git submodule update --init --recursive \
-    && pip install --install-option="--install-scripts=/usr/bin" .
+    && pip --no-cache-dir install .

 RUN mkdir -p /etc/ansible /usr/share/ansible \
    && echo 'localhost ansible_connection=local' > /etc/ansible/hosts
--- a/etc/kolla/config/heat.conf
+++ b/etc/kolla/config/heat.conf
--- a/etc/kolla/config/heat/heat-api-cfn.conf
+++ b/etc/kolla/config/heat/heat-api-cfn.conf
--- a/etc/kolla/config/heat/heat-api.conf
+++ b/etc/kolla/config/heat/heat-api.conf
--- a/etc/kolla/config/heat/heat-engine.conf
+++ b/etc/kolla/config/heat/heat-engine.conf
--- a/etc/kolla/passwords.yml
+++ b/etc/kolla/passwords.yml
@ -30,7 +30,6 @@ nova_keystone_password: "password"

 neutron_database_password: "password"
 neutron_keystone_password: "password"
-
 metadata_secret: "password"

 cinder_database_password: "password"
@ -40,6 +39,10 @@ swift_keystone_password: "password"
 swift_hash_path_suffix: "kolla"
 swift_hash_path_prefix: "kolla"

+heat_database_password: "password"
+heat_keystone_password: "password"
+heat_domain_admin_password: "password"
+
 ####################
 # RabbitMQ options
 ####################