Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / heat / 27d20ca5e7c615d0925a76749e6cee62e34eeb05 / . / README.rst
blob: a2f4dbe5fcf56b7b25da5764fa5126ce94dccb0c [file] [log] [blame]
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]1
Aleš Komárekd13365c2017-04-11 13:13:37 +0200[diff] [blame]2============
3Heat Formula
4============
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]5
Jakub Pavlik3bed97a2016-05-20 11:16:08 +0200[diff] [blame]6Heat is the main project in the OpenStack Orchestration program. It implements
7an orchestration engine to launch multiple composite cloud applications based
8on templates in the form of text files that can be treated like code. A native
9Heat template format is evolving, but Heat also endeavours to provide
10compatibility with the AWS CloudFormation template format, so that many
11existing CloudFormation templates can be launched on OpenStack. Heat provides
12both an OpenStack-native ReST API and a CloudFormation-compatible Query API.
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]13
Aleš Komárekd13365c2017-04-11 13:13:37 +0200[diff] [blame]14Sample Pillars
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]15==============
16
17Single Heat services on the controller node
18
19.. code-block:: yaml
20
21 heat:
22 server:
23 enabled: true
24 version: icehouse
Jakub Pavlik51e15e02016-03-12 13:32:26 +0100[diff] [blame]25 region: RegionOne
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 metadata:
28 address: 10.0.106.10
29 port: 8000
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +0300[diff] [blame]30 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]31 waitcondition:
32 address: 10.0.106.10
33 port: 8000
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +0300[diff] [blame]34 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]35 watch:
36 address: 10.0.106.10
37 port: 8003
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +0300[diff] [blame]38 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]39 cloudwatch:
40 host: 10.0.106.20
41 api:
42 host: 10.0.106.20
43 api_cfn:
44 host: 10.0.106.20
45 database:
46 engine: mysql
47 host: 10.0.106.20
48 port: 3306
49 name: heat
50 user: heat
51 password: password
52 identity:
53 engine: keystone
54 host: 10.0.106.20
55 port: 35357
56 tenant: service
57 user: heat
58 password: password
Dennis Dmitriev09650272017-03-09 17:51:00 +0200[diff] [blame]59 endpoint_type_default: internalURL
60 endpoint_type_heat: publicURL
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]61 message_queue:
62 engine: rabbitmq
63 host: 10.0.106.20
64 port: 5672
65 user: openstack
66 password: password
67 virtual_host: '/openstack'
68 ha_queues: True
69
Ondrej Smola24ae6a82017-07-18 10:53:14 +0200[diff] [blame]70Define server clients keystone parameter
71
72.. code-block:: yaml
73
74 heat:
75 server:
76 clients:
77 keystone:
78 protocol: https
79 host: 10.0.106.10
80 port: 5000
81 insecure: false
82
Ondrej Smola70f29342017-04-28 12:58:06 +0200[diff] [blame]83Enable CORS parameters
84
85.. code-block:: yaml
86
87 heat:
88 server:
89 cors:
90 allowed_origin: https:localhost.local,http:localhost.local
91 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
92 allow_methods: GET,PUT,POST,DELETE,PATCH
93 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
94 allow_credentials: True
95 max_age: 86400
96
97
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]98Heat client with specified git templates
99
100.. code-block:: yaml
101
102 heat:
103 client:
104 enabled: true
Jiri Broulikb2ef3282017-02-07 22:33:30 +0100[diff] [blame]105 template:
106 admin:
107 domain: default
108 source:
109 engine: git
110 address: git@repo.domain.com/admin-templates.git
111 revision: master
112 default:
113 domain: default
114 source:
115 engine: git
116 address: git@repo.domain.com/default-templates.git
117 revision: master
118
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]119
Kirill Bespalov27d20ca2017-08-06 15:43:28 +0300[diff] [blame^]120Heat system definition of several stacks/systems
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]121
122.. code-block:: yaml
123
124 heat:
125 control:
126 enabled: true
127 system:
128 web_production:
129 format: hot
130 template_file: /srv/heat/template/web_cluster.hot
131 environment: /srv/heat/env/web_cluster/prd.env
132 web_staging:
133 format: hot
134 template_file: /srv/heat/template/web_cluster.hot
135 environment: /srv/heat/env/web_cluster/stg.env
136
137Ceilometer notification
138
139.. code-block:: yaml
140
141 heat:
142 server:
143 enabled: true
144 version: icehouse
145 notification: true
146
Dmitry Ukovf3f33a82017-05-05 11:56:46 +0400[diff] [blame]147Configuration of policy.json file
148
149.. code-block:: yaml
150
151 heat:
152 server:
153 ....
154 policy:
155 deny_stack_user: 'not role:heat_stack_user'
156 'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
157 # Add key without value to remove line from policy.json
158 'cloudformation:DescribeStackResource':
159
Jiri Konecnyf94dd922016-04-20 12:09:22 +0200[diff] [blame]160
161Client-side RabbitMQ HA setup
162
163.. code-block:: yaml
164
165 heat:
166 server:
167 ....
168 message_queue:
169 engine: rabbitmq
170 members:
171 - host: 10.0.16.1
172 - host: 10.0.16.2
173 - host: 10.0.16.3
174 user: openstack
175 password: pwd
176 virtual_host: '/openstack'
177 ....
178
Kirill Bespalov27d20ca2017-08-06 15:43:28 +0300[diff] [blame^]179Client-side RabbitMQ TLS configuration:
180
181|
182
183To enable TLS for oslo.messaging you need to provide the CA certificate.
184
185By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
186
187.. code-block:: yaml
188
189 ....
190 message_queue:
191 ssl:
192 enabled: True
193
194Use `cacert_file` param to specify the CA-cert file location explicitly:
195
196.. code-block:: yaml
197
198 ....
199 message_queue:
200 ssl:
201 enabled: True
202 cacert_file: /etc/ssl/rabbitmq-ca.pem
203
204To manage content of the `cacert_file` use the `cacert` param:
205
206.. code-block:: yaml
207
208 ....
209 message_queue:
210 ssl:
211 enabled: True
212 cacert: { file content here }
213 cacert_file: /etc/openstack/rabbitmq-ca.pem
214
215Notice:
216 * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
217 * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
218
Jiri Konecnyf94dd922016-04-20 12:09:22 +0200[diff] [blame]219
Filip Pytloundc94d872017-02-02 13:02:03 +0100[diff] [blame]220Documentation and Bugs
221======================
222
223To learn how to install and update salt-formulas, consult the documentation
224available online at:
225
226 http://salt-formulas.readthedocs.io/
227
228In the unfortunate event that bugs are discovered, they should be reported to
229the appropriate issue tracker. Use Github issue tracker for specific salt
230formula:
231
232 https://github.com/salt-formulas/salt-formula-heat/issues
233
234For feature requests, bug reports or blueprints affecting entire ecosystem,
235use Launchpad salt-formulas project:
236
237 https://launchpad.net/salt-formulas
238
239You can also join salt-formulas-users team and subscribe to mailing list:
240
241 https://launchpad.net/~salt-formulas-users
242
243Developers wishing to work on the salt-formulas projects should always base
244their work on master branch and submit pull request against specific formula.
245
246 https://github.com/salt-formulas/salt-formula-heat
247
248Any questions or feedback is always welcome so feel free to join our IRC
249channel:
250
251 #salt-formulas @ irc.freenode.net