Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / heat / b3d83a9a09c88f5d0b4c696a70d6c8826d8a2d66 / . / README.rst
blob: fc9691a15cfb921c25301e00c5bd2d8cc98f0b0a [file] [log] [blame]
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]1
Aleš Komárekd13365c2017-04-11 13:13:37 +0200[diff] [blame]2============
3Heat Formula
4============
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]5
Jakub Pavlik3bed97a2016-05-20 11:16:08 +0200[diff] [blame]6Heat is the main project in the OpenStack Orchestration program. It implements
7an orchestration engine to launch multiple composite cloud applications based
8on templates in the form of text files that can be treated like code. A native
9Heat template format is evolving, but Heat also endeavours to provide
10compatibility with the AWS CloudFormation template format, so that many
11existing CloudFormation templates can be launched on OpenStack. Heat provides
12both an OpenStack-native ReST API and a CloudFormation-compatible Query API.
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]13
Aleš Komárekd13365c2017-04-11 13:13:37 +0200[diff] [blame]14Sample Pillars
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]15==============
16
17Single Heat services on the controller node
18
19.. code-block:: yaml
20
21 heat:
22 server:
23 enabled: true
24 version: icehouse
Jakub Pavlik51e15e02016-03-12 13:32:26 +0100[diff] [blame]25 region: RegionOne
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]26 bind:
27 metadata:
28 address: 10.0.106.10
29 port: 8000
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +0300[diff] [blame]30 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]31 waitcondition:
32 address: 10.0.106.10
33 port: 8000
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +0300[diff] [blame]34 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]35 watch:
36 address: 10.0.106.10
37 port: 8003
Oleksii Chupryncd1be6f2017-04-07 09:30:26 +0300[diff] [blame]38 protocol: http
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]39 cloudwatch:
40 host: 10.0.106.20
41 api:
42 host: 10.0.106.20
43 api_cfn:
44 host: 10.0.106.20
45 database:
46 engine: mysql
47 host: 10.0.106.20
48 port: 3306
49 name: heat
50 user: heat
51 password: password
52 identity:
53 engine: keystone
54 host: 10.0.106.20
55 port: 35357
56 tenant: service
57 user: heat
58 password: password
Dennis Dmitriev09650272017-03-09 17:51:00 +0200[diff] [blame]59 endpoint_type_default: internalURL
60 endpoint_type_heat: publicURL
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]61 message_queue:
62 engine: rabbitmq
63 host: 10.0.106.20
64 port: 5672
65 user: openstack
66 password: password
67 virtual_host: '/openstack'
68 ha_queues: True
Dmitry Stremkouskib3d83a92017-11-08 16:01:18 +0300[diff] [blame^]69 max_stacks_per_tenant: 150
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]70
Ondrej Smola24ae6a82017-07-18 10:53:14 +0200[diff] [blame]71Define server clients keystone parameter
72
73.. code-block:: yaml
74
75 heat:
76 server:
77 clients:
78 keystone:
79 protocol: https
80 host: 10.0.106.10
81 port: 5000
82 insecure: false
83
Ondrej Smola70f29342017-04-28 12:58:06 +0200[diff] [blame]84Enable CORS parameters
85
86.. code-block:: yaml
87
88 heat:
89 server:
90 cors:
91 allowed_origin: https:localhost.local,http:localhost.local
92 expose_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
93 allow_methods: GET,PUT,POST,DELETE,PATCH
94 allow_headers: X-Auth-Token,X-Openstack-Request-Id,X-Subject-Token
95 allow_credentials: True
96 max_age: 86400
97
98
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]99Heat client with specified git templates
100
101.. code-block:: yaml
102
103 heat:
104 client:
105 enabled: true
Jiri Broulikb2ef3282017-02-07 22:33:30 +0100[diff] [blame]106 template:
107 admin:
108 domain: default
109 source:
110 engine: git
111 address: git@repo.domain.com/admin-templates.git
112 revision: master
113 default:
114 domain: default
115 source:
116 engine: git
117 address: git@repo.domain.com/default-templates.git
118 revision: master
119
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]120
Kirill Bespalov27d20ca2017-08-06 15:43:28 +0300[diff] [blame]121Heat system definition of several stacks/systems
Filip Pytloun923d8692015-10-06 16:28:32 +0200[diff] [blame]122
123.. code-block:: yaml
124
125 heat:
126 control:
127 enabled: true
128 system:
129 web_production:
130 format: hot
131 template_file: /srv/heat/template/web_cluster.hot
132 environment: /srv/heat/env/web_cluster/prd.env
133 web_staging:
134 format: hot
135 template_file: /srv/heat/template/web_cluster.hot
136 environment: /srv/heat/env/web_cluster/stg.env
137
138Ceilometer notification
139
140.. code-block:: yaml
141
142 heat:
143 server:
144 enabled: true
145 version: icehouse
146 notification: true
147
Dmitry Ukovf3f33a82017-05-05 11:56:46 +0400[diff] [blame]148Configuration of policy.json file
149
150.. code-block:: yaml
151
152 heat:
153 server:
154 ....
155 policy:
156 deny_stack_user: 'not role:heat_stack_user'
157 'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
158 # Add key without value to remove line from policy.json
159 'cloudformation:DescribeStackResource':
160
Jiri Konecnyf94dd922016-04-20 12:09:22 +0200[diff] [blame]161
162Client-side RabbitMQ HA setup
163
164.. code-block:: yaml
165
166 heat:
167 server:
168 ....
169 message_queue:
170 engine: rabbitmq
171 members:
172 - host: 10.0.16.1
173 - host: 10.0.16.2
174 - host: 10.0.16.3
175 user: openstack
176 password: pwd
177 virtual_host: '/openstack'
178 ....
179
Kirill Bespalov27d20ca2017-08-06 15:43:28 +0300[diff] [blame]180Client-side RabbitMQ TLS configuration:
181
182|
183
184To enable TLS for oslo.messaging you need to provide the CA certificate.
185
186By default system-wide CA certs are used. Nothing should be specified except `ssl.enabled`.
187
188.. code-block:: yaml
189
190 ....
191 message_queue:
192 ssl:
193 enabled: True
194
195Use `cacert_file` param to specify the CA-cert file location explicitly:
196
197.. code-block:: yaml
198
199 ....
200 message_queue:
201 ssl:
202 enabled: True
203 cacert_file: /etc/ssl/rabbitmq-ca.pem
204
205To manage content of the `cacert_file` use the `cacert` param:
206
207.. code-block:: yaml
208
209 ....
210 message_queue:
211 ssl:
212 enabled: True
213 cacert: { file content here }
214 cacert_file: /etc/openstack/rabbitmq-ca.pem
215
216Notice:
217 * The `message_queue.port` is set to **5671** (AMQPS) by default if `ssl.enabled=True`.
218 * Use `message_queue.ssl.version` if you need to specify protocol version. By default is TLSv1 for python < 2.7.9 and TLSv1_2 for version above.
219
Jiri Konecnyf94dd922016-04-20 12:09:22 +0200[diff] [blame]220
Filip Pytloundc94d872017-02-02 13:02:03 +0100[diff] [blame]221Documentation and Bugs
222======================
223
224To learn how to install and update salt-formulas, consult the documentation
225available online at:
226
227 http://salt-formulas.readthedocs.io/
228
229In the unfortunate event that bugs are discovered, they should be reported to
230the appropriate issue tracker. Use Github issue tracker for specific salt
231formula:
232
233 https://github.com/salt-formulas/salt-formula-heat/issues
234
235For feature requests, bug reports or blueprints affecting entire ecosystem,
236use Launchpad salt-formulas project:
237
238 https://launchpad.net/salt-formulas
239
240You can also join salt-formulas-users team and subscribe to mailing list:
241
242 https://launchpad.net/~salt-formulas-users
243
244Developers wishing to work on the salt-formulas projects should always base
245their work on master branch and submit pull request against specific formula.
246
247 https://github.com/salt-formulas/salt-formula-heat
248
249Any questions or feedback is always welcome so feel free to join our IRC
250channel:
251
252 #salt-formulas @ irc.freenode.net