Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / heat / b24076f1f8adad66fd3d921e465001106a5486c2 / . / README.rst
blob: cfe91825239d39e015a2bb1a985d5aa141bf13da [file] [log] [blame]
=====
Usage
=====
Heat is the main project in the OpenStack Orchestration program. It implements
an orchestration engine to launch multiple composite cloud applications based
on templates in the form of text files that can be treated like code. A native
Heat template format is evolving, but Heat also endeavours to provide
compatibility with the AWS CloudFormation template format, so that many
existing CloudFormation templates can be launched on OpenStack. Heat provides
both an OpenStack-native ReST API and a CloudFormation-compatible Query API.
Sample Pillars
==============
Single Heat services on the controller node:
.. code-block:: yaml
heat:
server:
enabled: true
version: icehouse
region: RegionOne
bind:
metadata:
address: 10.0.106.10
port: 8000
protocol: http
waitcondition:
address: 10.0.106.10
port: 8000
protocol: http
watch:
address: 10.0.106.10
port: 8003
protocol: http
cloudwatch:
host: 10.0.106.20
api:
host: 10.0.106.20
api_cfn:
host: 10.0.106.20
database:
engine: mysql
host: 10.0.106.20
port: 3306
name: heat
user: heat
password: password
identity:
engine: keystone
host: 10.0.106.20
port: 35357
tenant: service
user: heat
password: password
endpoint_type_default: internalURL
endpoint_type_heat: publicURL
message_queue:
engine: rabbitmq
host: 10.0.106.20
port: 5672
user: openstack
password: password
virtual_host: '/openstack'
ha_queues: True
max_stacks_per_tenant: 150
max_nested_stack_depth: 10
Define server clients Keystone parameter:
.. code-block:: yaml
heat:
server:
clients:
keystone:
protocol: https
host: 10.0.106.10
port: 5000
insecure: false
Server with auth_encryption_key defined:
.. code-block:: yaml
heat:
server:
....
server.auth_encryption_key: "KeyToEncrypt-hasToBeExact32Chars"
....
Enable CORS parameters:
.. code-block:: yaml
heat:
server:
cors:
allowed_origin: https:localhost.local,http:localhost.local
expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
allow_methods: GET,PUT,POST,DELETE,PATCH
allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
allow_credentials: True
max_age: 86400
Heat client with specified git templates:
.. code-block:: yaml
heat:
client:
enabled: true
template:
admin:
domain: default
source:
engine: git
address: git@repo.domain.com/admin-templates.git
revision: master
default:
domain: default
source:
engine: git
address: git@repo.domain.com/default-templates.git
revision: master
Ceilometer notification:
.. code-block:: yaml
heat:
server:
enabled: true
version: icehouse
notification: true
Configuration of ``policy.json`` file:
.. code-block:: yaml
heat:
server:
....
policy:
deny_stack_user: 'not role:heat_stack_user'
'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
# Add key without value to remove line from policy.json
'cloudformation:DescribeStackResource':
Client-side RabbitMQ HA setup:
.. code-block:: yaml
heat:
server:
....
message_queue:
engine: rabbitmq
members:
- host: 10.0.16.1
- host: 10.0.16.2
- host: 10.0.16.3
user: openstack
password: pwd
virtual_host: '/openstack'
....
Configuring TLS communications
-------------------------------
.. note:: By default, system-wide installed CA certs are used, so the
``cacert_file`` param is optional, as well as ``cacert``.
- **RabbitMQ TLS**
.. code-block:: yaml
heat:
server:
message_queue:
port: 5671
ssl:
enabled: True
(optional) cacert: cert body if the cacert_file does not exists
(optional) cacert_file: /etc/openstack/rabbitmq-ca.pem
(optional) version: TLSv1_2
- **MySQL TLS**
.. code-block:: yaml
heat:
server:
database:
ssl:
enabled: True
(optional) cacert: cert body if the cacert_file does not exists
(optional) cacert_file: /etc/openstack/mysql-ca.pem
- **Openstack HTTPS API**
.. code-block:: yaml
heat:
server:
identity:
protocol: https
(optional) cacert_file: /etc/openstack/proxy.pem
clients:
keystone:
protocol: https
(optional) cacert_file: /etc/openstack/proxy.pem
Enhanced logging with logging.conf
----------------------------------
By default logging.conf is disabled.
That is possible to enable per-binary logging.conf with new variables:
* ``openstack_log_appender``
Set to true to enable ``log_config_append`` for all OpenStack services
* ``openstack_fluentd_handler_enabled``
Set to true to enable ``FluentHandler`` for all Openstack services
* ``openstack_ossyslog_handler_enabled``
Set to true to enable ``OSSysLogHandler`` for all Openstack services
Only `WatchedFileHandler``, ``OSSysLogHandler``, and ``FluentHandler`` are
available.
Also, it is possible to configure this with pillar:
.. code-block:: yaml
heat:
server:
logging:
log_appender: true
log_handlers:
watchedfile:
enabled: true
fluentd:
enabled: true
ossyslog:
enabled: true
Documentation and Bugs
======================
* http://salt-formulas.readthedocs.io/
Learn how to install and update salt-formulas
* https://github.com/salt-formulas/salt-formula-heat/issues
In the unfortunate event that bugs are discovered, report the issue to the
appropriate issue tracker. Use the Github issue tracker for a specific salt
formula
* https://launchpad.net/salt-formulas
For feature requests, bug reports, or blueprints affecting the entire
ecosystem, use the Launchpad salt-formulas project
* https://launchpad.net/~salt-formulas-users
Join the salt-formulas-users team and subscribe to mailing list if required
* https://github.com/salt-formulas/salt-formula-heat
Develop the salt-formulas projects in the master branch and then submit pull
requests against a specific formula
* #salt-formulas @ irc.freenode.net
Use this IRC channel in case of any questions or feedback which is always
welcome