openstack

openstack - heat 설치 및 사용

sysman 2021. 2. 18. 17:00

 

 

heat 서비스 구성 요소

 

구성요소 설명
heat AWS Cloudformation api를 실행 하기 위해 heat-api 와 통신하는 클라이언트 명령 인터페이스
heat-api rpc를 통해 연결된 heat-engine에게 사용자의 HOT 템플릿에 대한 API 요청을 보내서 그 요청을 처리하도록 하는 오픈스택 REST API
heat-api-cfn AWS Cloudformation 과 호환되며 RPC를 통해 heat-engine에게 API요청을 보내 처리하도록 하는 AWS 질의 API
heat-api-cloudwatch Heat프로젝트에서 사용하는 Cloudwatch API 서비스로서 오케스트레이션 서비스에 대한 모니터링 기능을 제공
heat-engine 사용자가 요청한 템플릿(HOT)에 정의된대로 그 서비스를 nova, neutron과 같은 오픈스택 서비스를 통해 시작하고 그로 인해 발생하는 이벤트를 API요청자에게 제공하며 데이터베이스에도 그 정보를 저장

사용자는 Heat의 HOT를 Heat API에게 전달 -> API는 AMPQ를 통해 Heat Engine에게 전달 -> Heat Engine은 오픈스택 서비스에 전달 -> 전달받은 요청들을 각 오픈스택의 서비스에 수행

 

HOT 구조

 

구성요소 설명
Heat_template_version 현재 사용하는 HOT의 버전정보로 날짜 'neuton'과 같이 텍스트 사용가능
ex> stein, 2020-02-18 등 날짜나 릴리즈 이름을 선택해 그 템플릿 버전을 구별
description 옵션으로 사용하는 추가 설명
parameters 생성될 인스턴스에 이미지 ID나 네트워크 ID와 같이 입력 값으로 사용할 내용을 정의,
템플릿을 최적화하기 위해 사용
resources 생성될 인스턴스의 이름이나 이미지 이름처럼 가상머신에 사용될 자우너들과 그 설정을 정의
outputs 가상머신에 사용된 플로팅 또는 사설 IP 주소와 같이 사용자에게 보여줄 출력 내용을 정의

Heat 서비스 설정되어 있을때 Heat 서비스를 이용하기 위해 HOT 파일이 필요

Heat Orchestration Template로 Heat 서비스가 실행할 내용을 정의한 템플릿 파일

 

############# controller에서 설정 ##########################33

 

heat sql 생성

[root@controller ~]# mysql -u root -p

MariaDB [(none)]> create database heat;
Query OK, 1 row affected (0.03 sec)

 

heat password 생성 및 모든 권한 부여
MariaDB [(none)]> grant all privileges on heat.* to heat@'localhost' identified by 'heat';
Query OK, 0 rows affected (0.24 sec)
원격지 접근 권한 부여
MariaDB [(none)]> grant all privileges on heat.* to heat@'%' identified by 'heat';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> exit
Bye

 

heat 사용자 생성

[root@controller ~]# openstack user create --domain default --project service --password-prompt heat
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 6e8e6e73972a46ba85997044e572e4f5 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 4a43b4f9a84745b5b7523b7591b34a1e |
| name                | heat                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]#

 

heat 사용자 admin 권한 부여

[root@controller ~]# openstack role add --project service --user heat admin

 

두개의 role 생성

[root@controller ~]# openstack role create heat_stack_owner
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 9aacddbc41274989b09aee9efae5ec27 |
| name      | heat_stack_owner                 |
+-----------+----------------------------------+

 

[root@controller ~]# openstack role create heat_stack_user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 66beb38cc9e94d1186f65af941f733dd |
| name      | heat_stack_user                  |
+-----------+----------------------------------+

 

admin 사용자에게 heat stack owner 역할 부여

[root@controller ~]# openstack role add --project admin --user admin heat_stack_owner

openstack 사용해서 heat과 heat-cnf 두 서비스 생성

[root@controller ~]# openstack service create --name heat --description "Openstack Orchestration" orchestration
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Openstack Orchestration          |
| enabled     | True                             |
| id          | 458b4b6052844130a54d21fda5c6c777 |
| name        | heat                             |
| type        | orchestration                    |
+-------------+----------------------------------+

 

 

[root@controller ~]# openstack service create --name heat-cfn --description "Openstack Orchestration" cloudformation
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Openstack Orchestration          |
| enabled     | True                             |
| id          | b0a754981ef04c0dbad0c49e53b5f673 |
| name        | heat-cfn                         |
| type        | cloudformation                   |
+-------------+----------------------------------+

 

도메인 엔드포인트 생성

heat 서비스 사용할 도메인 과 api 엔드포인트 생성

heat-api 엔드포인트

[root@controller ~]# openstack endpoint create --region RegionOne orchestration public http://192.168.100.110:8004/v1/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne orchestration internal http://192.168.100.110:8004/v1/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne orchestration admin http://192.168.100.110:8004/v1/%\(tenant_id\)s 

heat-api-cfn 엔드포인트 생성

[root@controller ~]# openstack endpoint create --region RegionOne cloudformation public http://192.168.100.110:8000/v1

[root@controller ~]# openstack endpoint create --region RegionOne cloudformation internal http://192.168.100.110:8000/v1

[root@controller ~]# openstack endpoint create --region RegionOne cloudformation admin http://192.168.100.110:8000/v1

 

openstack 사용해서 스택에 대한  사용자와 프로젝트를 포함하는 heat 이라는 새로운 도메인 생성 

[root@controller ~]# openstack domain create --description "Stack projects and users" heat

openstack 사용해서 heat 도메인에서 사용자와 프로젝트를 관리할 heat_domain_admin 사용자 생성

[root@controller ~]# openstack user create --domain heat --password heat heat_domain_admin

openstack 사용해서 heat_domain_admin 사용자에게 스택 관리 역할을 가능하도록 admin 역할 부여

[root@controller ~]# openstack role add --domain heat --user heat_domain_admin admin

 

 

확인하기

[root@controller ~]# openstack user list
+----------------------------------+-------------------+
| ID                               | Name              |
+----------------------------------+-------------------+
| 149c8cfaaf2b4735b04a736e469e9a62 | demo              |
| 1aa34b90bf6a463fb31be804fbd774fd | nova              |
| 22663814cd4c433ebf1008e78b8ef3f3 | neutron           |
| 4a43b4f9a84745b5b7523b7591b34a1e | heat              |
| 856e40dbc5c54f3ba3fda22647bc534d | swift             |
| 8dd85eed70cb45a89c5863ab6213b3fd | heat_domain_admin |
| a883b52024484c30bf09d560aca028d2 | admin             |
| b48cab4df39e45f8b008cc7d78f4060b | placement         |
| dd6bc63cb89a406a883fa43c743a7fd8 | glance            |
| e0fbb5e5a09c4cf1ae1d515d4fe9a3bb | cinder            |
+----------------------------------+-------------------+

 

[root@controller ~]# openstack service list
+----------------------------------+-----------+----------------+
| ID                               | Name      | Type           |
+----------------------------------+-----------+----------------+
| 184e2b8251214c14be6d72e6cea4ec3d | placement | placement      |
| 1b8c0fbd535a4b268873b0e5f07127cc | neutron   | network        |
| 39088afd47cd40a8ba6356c487406021 | cinderv2  | volumev2       |
| 458b4b6052844130a54d21fda5c6c777 | heat      | orchestration  |
| 588bdd7b20ea422c8bd047b4dbbf4494 | nova      | compute        |
| 99746e1d00b84b92a0a58954d02c7fdb | cinderv3  | volumev3       |
| a040c88045a74106a0ceb01f8bb71ff0 | keystone  | identity       |
| b0a754981ef04c0dbad0c49e53b5f673 | heat-cfn  | cloudformation |
| e9519afcd54e4e2cad500a051df90ffe | cinder    | volume         |
| f0ab9e635da74b13a3abd3d472aace31 | glance    | image          |
| f37590be973147419039cf923ef84869 | swift     | object-store   |
+----------------------------------+-----------+----------------+

 

[root@controller ~]# openstack domain list
+----------------------------------+---------+---------+--------------------------+
| ID                               | Name    | Enabled | Description              |
+----------------------------------+---------+---------+--------------------------+
| default                          | Default | True    | The default domain       |
| f521d84713694782b19bcfd774895e89 | heat    | True    | Stack projects and users |
+----------------------------------+---------+---------+--------------------------+

 

[root@controller ~]# openstack endpoint list | grep heat

 

패키지 설치

[root@controller ~]# yum install openstack-heat-api openstack-heat-api-cfn

패키지 확인

[root@controller ~]# rpm -qa | grep heat

python2-heatclient-1.16.3-1.el7.noarch

openstack-heat-common-11.0.3-1.el7.noarch

openstack-heat-api-11.0.3-1.el7.noarch

openstack-heat-api-cfn-11.0.3-1.el7.noarch

openstack-heat-engine-11.0.3-1.el7.noarch

 

heat conf 수정

[root@controller ~]# cp /etc/heat/heat.conf /etc/heat/heat.conf.bak

[root@controller ~]# vi /etc/heat/heat.conf

 

[DEFAULT]
deferred_auth_method = trusts   //키스톤을 통해 권한을 위임하겠다는 의미
trusts_delegated_roles = heat_stack_owner
heat_metadata_server_url = http://192.168.100.110:8000
heat_waitcondition_server_url = http://192.168.100.110:8000/v1/waitcondition
heat_watch_server_url = http://192.168.100.110:8003
heat_stack_user_role = heat_stack_user
stack_user_domain_name = heat
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = heat
transport_url = rabbit://openstack:password@192.168.100.110

 

[database]
connection = mysql+pymysql://heat:heat@192.168.100.110/heat

 

[clients_keystone]
auth_uri = http://192.168.100.110:5000

 

[ec2authtoken]
auth_uri = http://192.168.100.110:5000

 

호스트ip와 포트 지정

[heat_api]
bind_host = 0.0.0.0
bind_port = 8004

 

[heat_api_cfn]
bind_host = 0.0.0.0
bind_port = 8000

 

//키스톤 인증

[keystone_authtoken]
www_authenticate_uri = http://192.168.100.110:5000
auth_url = http://192.168.100.110:5000
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = heat
memcached_servers = 192.168.100.110:11211

 

//heat 서비스 권한 위임받은 사용자로 키스톤서비스에 미리 등록

[trustee]  
auth_type = password
auth_url = http://192.168.100.110:5000
username = heat
password = heat
user_domain_name = default

 

 

heat 권한 소유권 변경 및 DB 싱크 하기

[root@controller ~]# chown heat.heat /etc/heat/heat.conf

[root@controller ~]# chmod 644 /etc/heat/heat.conf

[root@controller ~]# su -s /bin/sh -c "heat-manage db_sync" heat

 

확인하기

[root@controller ~]# mysql -u root -p heat

MariaDB [heat]> show tables;
+--------------------------+
| Tables_in_heat           |
+--------------------------+
| event                    |
| migrate_version          |
| raw_template             |
| raw_template_files       |
| resource                 |
| resource_data            |
| resource_properties_data |
| service                  |
| snapshot                 |
| software_config          |
| software_deployment      |
| stack                    |
| stack_lock               |
| stack_tag                |
| sync_point               |
| user_creds               |
+--------------------------+
16 rows in set (0.00 sec)

MariaDB [heat]> exit

 

데몬 실행

[root@controller ~]# systemctl enable openstack-heat-api openstack-heat-api-cfn openstack-heat-engine

[root@controller ~]# systemctl start openstack-heat-api openstack-heat-api-cfn openstack-heat-engine

[root@controller ~]# openstack orchestration service list

+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+

| Hostname            | Binary      | Engine ID                            | Host                | Topic  | Updated At                 | Status |

+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+

| controller.park.com | heat-engine | 28dee607-a3eb-4b9e-99ba-72b65759de05 | controller.park.com | engine | 2021-02-18T09:32:33.000000 | up     |

| controller.park.com | heat-engine | bd653866-f7db-4118-8162-7e30ea7e7775 | controller.park.com | engine | 2021-02-18T09:32:33.000000 | up     |

| controller.park.com | heat-engine | acc842bf-9324-44c6-ab7a-c10f0d8294e7 | controller.park.com | engine | 2021-02-18T09:32:33.000000 | up     |

| controller.park.com | heat-engine | 4b3f0eba-cd9d-4817-9ccb-6aaf67182618 | controller.park.com | engine | 2021-02-18T09:32:33.000000 | up     |

+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+

 

확인

[root@controller ~]# lsof -i tcp:8000

[root@controller ~]# lsof -i tcp:8004

[root@controller ~]# ls -l /var/log/heat/

 

[root@controller ~]# vi heat-stack.yml

heat_template_version: rocky

 

description: First heat Template

 

parameters:

 NetID:

  type: string

  description: Network ID for the Server

 

resources:

 server:

  type: OS::Nova::Server

  properties:

   name: "Heat_Cirros"

   image: "cirros4"

   flavor: "m1.tiny"

   networks:

    - network: { get_param: NetID }

 

 

outputs:

  server_ip:

    description: The IP address of the deployed instance

    value: { get_attr: [server, first_address] }

 

network id 값 NET_ID 변수에 저장

[root@controller ~]# export NET_ID=$(openstack network list | awk '/ int_net / {print $2 }')

[root@controller ~]# echo $NET_ID
bf4dcb31-f3dc-4b7f-ada9-1dd91ac22f22

 

에러는 키인증을 안받아서 나는 error

[root@controller ~]# openstack stack create -t heat-stack.yml --parameter "NetID=$NET_ID" stack1

ERROR: Missing required credential: roles ['heat_stack_owner']

 

[root@controller ~]# source ~/keystonerc

[root@controller ~]# openstack stack create -t heat-stack.yml --parameter "NetID=$NET_ID" stack1

+---------------------+--------------------------------------+

| Field               | Value                                |

+---------------------+--------------------------------------+

| id                  | 52cc252a-e12c-4936-8c3a-728674c59b32 |

| stack_name          | stack1                               |

| description         | First heat Template                  |

| creation_time       | 2021-02-18T10:16:11Z                 |

| updated_time        | None                                 |

| stack_status        | CREATE_IN_PROGRESS                   |

| stack_status_reason | Stack CREATE started                 |

+---------------------+--------------------------------------+

[root@controller ~]#

 

스택 생성확인

[root@controller ~]# openstack stack list

+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+

| ID                                   | Stack Name | Project                          | Stack Status       | Creation Time        | Updated Time |

+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+

| 52cc252a-e12c-4936-8c3a-728674c59b32 | stack1     | afe0d5f4a89041f599ec12e5a1685019 | CREATE_IN_PROGRESS | 2021-02-18T10:16:11Z | None         |

+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+

 

인스턴스 생성확인

[root@controller ~]# openstack server list

+--------------------------------------+--------------+---------+------------------------------------+-----------------+---------+

| ID                                   | Name         | Status  | Networks                           | Image           | Flavor  |

+--------------------------------------+--------------+---------+------------------------------------+-----------------+---------+

| b06c25ae-925f-4d44-9c03-237858de0284 | Heat_Cirros  | BUILD   |                                    | cirros4         | m1.tiny |

| 7143eff4-c641-4a6b-9b81-0e9569e4b554 | cirros4-snap | ACTIVE  | int_net=10.1.1.5                   | ciroos4Snapshot | m1.tiny |

| f4ef944f-aa3d-4665-a50f-e65a16676bd1 | cirros2      | ACTIVE  | int_net=10.1.1.10, 192.168.200.204 | cirros1         | m1.tiny |

| b4db5a9b-fc50-46eb-b7e2-b1d6a3fc541b | cirros4      | SHUTOFF | int_net=10.1.1.3, 192.168.200.220  | cirros4         | m1.tiny |

| 9071c032-1d68-4c45-a1e6-1ef7c80dbbf2 | ciross       | ACTIVE  | int_net=10.1.1.24                  | cirros          | m1.tiny |

+--------------------------------------+--------------+---------+------------------------------------+-----------------+---------+

 

 

[root@controller ~]# openstack server list

+--------------------------------------+--------------+---------+------------------------------------+-----------------+---------+

| ID                                   | Name         | Status  | Networks                           | Image           | Flavor  |

+--------------------------------------+--------------+---------+------------------------------------+-----------------+---------+

| b06c25ae-925f-4d44-9c03-237858de0284 | Heat_Cirros  | ACTIVE  | int_net=10.1.1.12                  | cirros4         | m1.tiny |

| 7143eff4-c641-4a6b-9b81-0e9569e4b554 | cirros4-snap | ACTIVE  | int_net=10.1.1.5                   | ciroos4Snapshot | m1.tiny |

| f4ef944f-aa3d-4665-a50f-e65a16676bd1 | cirros2      | ACTIVE  | int_net=10.1.1.10, 192.168.200.204 | cirros1         | m1.tiny |

| b4db5a9b-fc50-46eb-b7e2-b1d6a3fc541b | cirros4      | SHUTOFF | int_net=10.1.1.3, 192.168.200.220  | cirros4         | m1.tiny |

| 9071c032-1d68-4c45-a1e6-1ef7c80dbbf2 | ciross       | ACTIVE  | int_net=10.1.1.24                  | cirros          | m1.tiny |

+--------------------------------------+--------------+---------+------------------------------------+-----------------+---------+

 

스택 삭제

[root@controller ~]# openstack stack delete --yes stack1

스택 리스트 확인

[root@controller ~]# openstack stack list

 

[root@controller ~]# openstack stack output show --all stack1

Stack not found: stack1