blob: 24582ca789768bfdd46f4ef542129e98a1b97378 [file] [log] [blame]
Filip Pytloun923d8692015-10-06 16:28:32 +02001
Aleš Komárekd13365c2017-04-11 13:13:37 +02002============
3Heat Formula
4============
Filip Pytloun923d8692015-10-06 16:28:32 +02005
Jakub Pavlik3bed97a2016-05-20 11:16:08 +02006Heat is the main project in the OpenStack Orchestration program. It implements
7an orchestration engine to launch multiple composite cloud applications based
8on templates in the form of text files that can be treated like code. A native
9Heat template format is evolving, but Heat also endeavours to provide
10compatibility with the AWS CloudFormation template format, so that many
11existing CloudFormation templates can be launched on OpenStack. Heat provides
12both an OpenStack-native ReST API and a CloudFormation-compatible Query API.
Filip Pytloun923d8692015-10-06 16:28:32 +020013
Aleš Komárekd13365c2017-04-11 13:13:37 +020014Sample Pillars
Filip Pytloun923d8692015-10-06 16:28:32 +020015==============
16
17Single Heat services on the controller node
18
19.. code-block:: yaml
20
21 heat:
22 server:
23 enabled: true
24 version: icehouse
Jakub Pavlik51e15e02016-03-12 13:32:26 +010025 region: RegionOne
Filip Pytloun923d8692015-10-06 16:28:32 +020026 bind:
27 metadata:
28 address: 10.0.106.10
29 port: 8000
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +030030 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +020031 waitcondition:
32 address: 10.0.106.10
33 port: 8000
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +030034 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +020035 watch:
36 address: 10.0.106.10
37 port: 8003
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +030038 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +020039 cloudwatch:
40 host: 10.0.106.20
41 api:
42 host: 10.0.106.20
43 api_cfn:
44 host: 10.0.106.20
45 database:
46 engine: mysql
47 host: 10.0.106.20
48 port: 3306
49 name: heat
50 user: heat
51 password: password
52 identity:
53 engine: keystone
54 host: 10.0.106.20
55 port: 35357
56 tenant: service
57 user: heat
58 password: password
Dennis Dmitriev09650272017-03-09 17:51:00 +020059 endpoint_type_default: internalURL
60 endpoint_type_heat: publicURL
Filip Pytloun923d8692015-10-06 16:28:32 +020061 message_queue:
62 engine: rabbitmq
63 host: 10.0.106.20
64 port: 5672
65 user: openstack
66 password: password
67 virtual_host: '/openstack'
68 ha_queues: True
Dmitry Stremkouskib3d83a92017-11-08 16:01:18 +030069 max_stacks_per_tenant: 150
Dmitry Stremkouski9cacd162017-11-08 16:39:38 +030070 max_nested_stack_depth: 10
Filip Pytloun923d8692015-10-06 16:28:32 +020071
Ondrej Smola24ae6a82017-07-18 10:53:14 +020072Define server clients keystone parameter
73
74.. code-block:: yaml
75
76 heat:
77 server:
78 clients:
79 keystone:
80 protocol: https
81 host: 10.0.106.10
82 port: 5000
83 insecure: false
84
Ondrej Smola70f29342017-04-28 12:58:06 +020085Enable CORS parameters
86
87.. code-block:: yaml
88
89 heat:
90 server:
91 cors:
92 allowed_origin: https:localhost.local,http:localhost.local
93 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
94 allow_methods: GET,PUT,POST,DELETE,PATCH
95 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
96 allow_credentials: True
97 max_age: 86400
98
99
Filip Pytloun923d8692015-10-06 16:28:32 +0200100Heat client with specified git templates
101
102.. code-block:: yaml
103
104 heat:
105 client:
106 enabled: true
Jiri Broulikb2ef3282017-02-07 22:33:30 +0100107 template:
108 admin:
109 domain: default
110 source:
111 engine: git
112 address: git@repo.domain.com/admin-templates.git
113 revision: master
114 default:
115 domain: default
116 source:
117 engine: git
118 address: git@repo.domain.com/default-templates.git
119 revision: master
120
Filip Pytloun923d8692015-10-06 16:28:32 +0200121
Kirill Bespalov27d20ca2017-08-06 15:43:28 +0300122Heat system definition of several stacks/systems
Filip Pytloun923d8692015-10-06 16:28:32 +0200123
124.. code-block:: yaml
125
126 heat:
127 control:
128 enabled: true
129 system:
130 web_production:
131 format: hot
132 template_file: /srv/heat/template/web_cluster.hot
133 environment: /srv/heat/env/web_cluster/prd.env
134 web_staging:
135 format: hot
136 template_file: /srv/heat/template/web_cluster.hot
137 environment: /srv/heat/env/web_cluster/stg.env
138
139Ceilometer notification
140
141.. code-block:: yaml
142
143 heat:
144 server:
145 enabled: true
146 version: icehouse
147 notification: true
148
Dmitry Ukovf3f33a82017-05-05 11:56:46 +0400149Configuration of policy.json file
150
151.. code-block:: yaml
152
153 heat:
154 server:
155 ....
156 policy:
157 deny_stack_user: 'not role:heat_stack_user'
158 'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
159 # Add key without value to remove line from policy.json
160 'cloudformation:DescribeStackResource':
161
Jiri Konecnyf94dd922016-04-20 12:09:22 +0200162
163Client-side RabbitMQ HA setup
164
165.. code-block:: yaml
166
167 heat:
168 server:
169 ....
170 message_queue:
171 engine: rabbitmq
172 members:
173 - host: 10.0.16.1
174 - host: 10.0.16.2
175 - host: 10.0.16.3
176 user: openstack
177 password: pwd
178 virtual_host: '/openstack'
179 ....
180
Kirill Bespalov27d20ca2017-08-06 15:43:28 +0300181Client-side RabbitMQ TLS configuration:
182
183|
184
185To enable TLS for oslo.messaging you need to provide the CA certificate.
186
187By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
188
189.. code-block:: yaml
190
191 ....
192 message_queue:
193 ssl:
194 enabled: True
195
196Use `cacert_file` param to specify the CA-cert file location explicitly:
197
198.. code-block:: yaml
199
200 ....
201 message_queue:
202 ssl:
203 enabled: True
204 cacert_file: /etc/ssl/rabbitmq-ca.pem
205
206To manage content of the `cacert_file` use the `cacert` param:
207
208.. code-block:: yaml
209
210 ....
211 message_queue:
212 ssl:
213 enabled: True
214 cacert: { file content here }
215 cacert_file: /etc/openstack/rabbitmq-ca.pem
216
217Notice:
218 * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
219 * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
220
Dmitry Kalashnik1c26ac02017-12-06 13:37:19 +0400221Enhanced logging with logging.conf
222----------------------------------
223
224By default logging.conf is disabled.
225
226That is possible to enable per-binary logging.conf with new variables:
227 * openstack_log_appender - set it to true to enable log_config_append for all OpenStack services;
228 * openstack_fluentd_handler_enabled - set to true to enable FluentHandler for all Openstack services.
229
230Only WatchedFileHandler and FluentHandler are available.
231
232Also it is possible to configure this with pillar:
233
234.. code-block:: yaml
235
236 heat:
237 server:
238 logging:
239 log_appender: true
240 log_handlers:
241 watchedfile:
242 enabled: true
243 fluentd:
244 enabled: true
245
Jiri Konecnyf94dd922016-04-20 12:09:22 +0200246
Filip Pytloundc94d872017-02-02 13:02:03 +0100247Documentation and Bugs
248======================
249
250To learn how to install and update salt-formulas, consult the documentation
251available online at:
252
253 http://salt-formulas.readthedocs.io/
254
255In the unfortunate event that bugs are discovered, they should be reported to
256the appropriate issue tracker. Use Github issue tracker for specific salt
257formula:
258
259 https://github.com/salt-formulas/salt-formula-heat/issues
260
261For feature requests, bug reports or blueprints affecting entire ecosystem,
262use Launchpad salt-formulas project:
263
264 https://launchpad.net/salt-formulas
265
266You can also join salt-formulas-users team and subscribe to mailing list:
267
268 https://launchpad.net/~salt-formulas-users
269
270Developers wishing to work on the salt-formulas projects should always base
271their work on master branch and submit pull request against specific formula.
272
273 https://github.com/salt-formulas/salt-formula-heat
274
275Any questions or feedback is always welcome so feel free to join our IRC
276channel:
277
278 #salt-formulas @ irc.freenode.net