e263c82e |
#!/bin/bash
# |
45ea0811 |
# lib/heat |
6d04fd7b |
# Install and start **Heat** service
|
bfdad75e |
# To enable, add the following to localrc |
6a5aa7c6 |
#
# ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng |
bfdad75e |
# Dependencies: |
249e36de |
# (none) |
bfdad75e |
# stack.sh
# --------- |
6a5aa7c6 |
# - install_heatclient
# - install_heat
# - configure_heatclient
# - configure_heat
# - init_heat
# - start_heat
# - stop_heat
# - cleanup_heat |
bfdad75e |
|
7903b795 |
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace |
bfdad75e |
# Defaults
# -------- |
cc6b4435 |
# set up default directories |
e08ab104 |
GITDIR["python-heatclient"]=$DEST/python-heatclient |
5cb19069 |
|
bfdad75e |
HEAT_DIR=$DEST/heat |
315971d9 |
HEAT_CFNTOOLS_DIR=$DEST/heat-cfntools
HEAT_TEMPLATES_REPO_DIR=$DEST/heat-templates |
249e36de |
OCC_DIR=$DEST/os-collect-config
ORC_DIR=$DEST/os-refresh-config
OAC_DIR=$DEST/os-apply-config
HEAT_PIP_REPO=$DATA_DIR/heat-pip-repo
HEAT_PIP_REPO_PORT=${HEAT_PIP_REPO_PORT:-8899}
|
c3249083 |
HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat} |
53753293 |
HEAT_STANDALONE=$(trueorfalse False HEAT_STANDALONE)
HEAT_ENABLE_ADOPT_ABANDON=$(trueorfalse False HEAT_ENABLE_ADOPT_ABANDON) |
f645a850 |
HEAT_CONF_DIR=/etc/heat |
a213e2c3 |
HEAT_CONF=$HEAT_CONF_DIR/heat.conf |
f645a850 |
HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d |
fb71a272 |
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates |
e389aed5 |
HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}
HEAT_API_PORT=${HEAT_API_PORT:-8004} |
3163c171 |
|
9e68af7d |
# Support entry points installation of console scripts
HEAT_BIN_DIR=$(get_python_exec_prefix) |
cc6b4435 |
|
f83cf936 |
# other default options |
744c2afd |
if [[ "$HEAT_STANDALONE" = "True" ]]; then
# for standalone, use defaults which require no service user
HEAT_STACK_DOMAIN=`trueorfalse False $HEAT_STACK_DOMAIN`
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-password}
else
HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
fi |
f83cf936 |
|
cc6b4435 |
# Functions
# --------- |
bfdad75e |
|
29870cce |
# Test if any Heat services are enabled
# is_heat_enabled
function is_heat_enabled {
[[ ,${ENABLED_SERVICES} =~ ,"h-" ]] && return 0
return 1
}
|
bfdad75e |
# cleanup_heat() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up |
aee18c74 |
function cleanup_heat { |
c3249083 |
sudo rm -rf $HEAT_AUTH_CACHE_DIR |
f645a850 |
sudo rm -rf $HEAT_ENV_DIR |
fb71a272 |
sudo rm -rf $HEAT_TEMPLATES_DIR |
744c2afd |
sudo rm -rf $HEAT_CONF_DIR |
bfdad75e |
}
# configure_heat() - Set config files, create data dirs, etc |
aee18c74 |
function configure_heat { |
bfdad75e |
|
8421c2b9 |
sudo install -d -o $STACK_USER $HEAT_CONF_DIR |
a213e2c3 |
# remove old config files
rm -f $HEAT_CONF_DIR/heat-*.conf |
bfdad75e |
|
e61bc61a |
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$HOST_IP} |
e2790210 |
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000} |
bfdad75e |
HEAT_ENGINE_HOST=${HEAT_ENGINE_HOST:-$SERVICE_HOST}
HEAT_ENGINE_PORT=${HEAT_ENGINE_PORT:-8001} |
e61bc61a |
HEAT_API_CW_HOST=${HEAT_API_CW_HOST:-$HOST_IP} |
e2790210 |
HEAT_API_CW_PORT=${HEAT_API_CW_PORT:-8003} |
d5cd79b1 |
HEAT_API_PASTE_FILE=$HEAT_CONF_DIR/api-paste.ini
HEAT_POLICY_FILE=$HEAT_CONF_DIR/policy.json
cp $HEAT_DIR/etc/heat/api-paste.ini $HEAT_API_PASTE_FILE
cp $HEAT_DIR/etc/heat/policy.json $HEAT_POLICY_FILE |
a213e2c3 |
# common options |
2dd110ce |
iniset_rpc_backend heat $HEAT_CONF |
a213e2c3 |
iniset $HEAT_CONF DEFAULT heat_metadata_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT
iniset $HEAT_CONF DEFAULT heat_waitcondition_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1/waitcondition
iniset $HEAT_CONF DEFAULT heat_watch_server_url http://$HEAT_API_CW_HOST:$HEAT_API_CW_PORT |
e231438b |
iniset $HEAT_CONF database connection `database_connection_url heat` |
f71b500b |
iniset $HEAT_CONF DEFAULT auth_encryption_key $(generate_hex_string 16) |
a213e2c3 |
|
0abde393 |
iniset $HEAT_CONF DEFAULT region_name_for_services "$REGION_NAME"
|
a213e2c3 |
# logging
iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG
if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
# Add color to logging output |
4897ff55 |
setup_colorized_logging $HEAT_CONF DEFAULT tenant user |
a213e2c3 |
fi |
e2790210 |
|
93b906d5 |
iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH
|
78b7726d |
# NOTE(jamielennox): heat re-uses specific values from the
# keystone_authtoken middleware group and so currently fails when using the
# auth plugin setup. This should be fixed in heat. Heat is also the only
# service that requires the auth_uri to include a /v2.0. Remove this custom
# setup when bug #1300246 is resolved.
iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 |
e389aed5 |
if [[ "$HEAT_STANDALONE" = "True" ]]; then
iniset $HEAT_CONF paste_deploy flavor standalone
iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s" |
744c2afd |
else
iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI
iniset $HEAT_CONF keystone_authtoken admin_user heat
iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD
iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE
iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR |
e389aed5 |
fi |
bfdad75e |
|
744c2afd |
# ec2authtoken
iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0
|
6d04fd7b |
# OpenStack API |
a213e2c3 |
iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT |
905275ec |
iniset $HEAT_CONF heat_api workers "$API_WORKERS" |
bfdad75e |
|
a213e2c3 |
# Cloudformation API
iniset $HEAT_CONF heat_api_cfn bind_port $HEAT_API_CFN_PORT |
556ffe40 |
|
6d04fd7b |
# Cloudwatch API |
a213e2c3 |
iniset $HEAT_CONF heat_api_cloudwatch bind_port $HEAT_API_CW_PORT |
bfdad75e |
|
18d4778c |
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
iniset $HEAT_CONF clients_keystone ca_file $SSL_BUNDLE_FILE
fi
if is_ssl_enabled_service "nova" || is_service_enabled tls-proxy; then
iniset $HEAT_CONF clients_nova ca_file $SSL_BUNDLE_FILE
fi
if is_ssl_enabled_service "cinder" || is_service_enabled tls-proxy; then
iniset $HEAT_CONF clients_cinder ca_file $SSL_BUNDLE_FILE
fi
|
826e4509 |
if [[ "$HEAT_ENABLE_ADOPT_ABANDON" = "True" ]]; then
iniset $HEAT_CONF DEFAULT enable_stack_adopt true
iniset $HEAT_CONF DEFAULT enable_stack_abandon true
fi
|
8421c2b9 |
sudo install -d -o $STACK_USER $HEAT_ENV_DIR $HEAT_TEMPLATES_DIR
|
f645a850 |
# copy the default environment
cp $HEAT_DIR/etc/heat/environment.d/* $HEAT_ENV_DIR/
|
fb71a272 |
# copy the default templates
cp $HEAT_DIR/etc/heat/templates/* $HEAT_TEMPLATES_DIR/
|
bfdad75e |
}
# init_heat() - Initialize database |
aee18c74 |
function init_heat { |
bfdad75e |
# (re)create heat database |
157c84b8 |
recreate_database heat |
bfdad75e |
|
9e68af7d |
$HEAT_BIN_DIR/heat-manage db_sync |
c3249083 |
create_heat_cache_dir
}
# create_heat_cache_dir() - Part of the init_heat() process |
aee18c74 |
function create_heat_cache_dir { |
c3249083 |
# Create cache dirs |
8421c2b9 |
sudo install -d -o $STACK_USER $HEAT_AUTH_CACHE_DIR |
bfdad75e |
}
|
32761a49 |
# install_heatclient() - Collect source and prepare |
aee18c74 |
function install_heatclient { |
e08ab104 |
if use_library_from_git "python-heatclient"; then
git_clone_by_name "python-heatclient"
setup_dev_lib "python-heatclient"
sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-heatclient"]}/tools/,/etc/bash_completion.d/}heat.bash_completion |
5cb19069 |
fi |
32761a49 |
}
|
bfdad75e |
# install_heat() - Collect source and prepare |
aee18c74 |
function install_heat { |
bfdad75e |
git_clone $HEAT_REPO $HEAT_DIR $HEAT_BRANCH |
a38bc5b3 |
setup_develop $HEAT_DIR |
bfdad75e |
}
|
315971d9 |
# install_heat_other() - Collect source and prepare
function install_heat_other {
git_clone $HEAT_CFNTOOLS_REPO $HEAT_CFNTOOLS_DIR $HEAT_CFNTOOLS_BRANCH
git_clone $HEAT_TEMPLATES_REPO $HEAT_TEMPLATES_REPO_DIR $HEAT_TEMPLATES_BRANCH |
16819951 |
git_clone $OAC_REPO $OAC_DIR $OAC_BRANCH
git_clone $OCC_REPO $OCC_DIR $OCC_BRANCH
git_clone $ORC_REPO $ORC_DIR $ORC_BRANCH |
315971d9 |
}
|
bfdad75e |
# start_heat() - Start running processes, including screen |
aee18c74 |
function start_heat { |
9e68af7d |
run_process h-eng "$HEAT_BIN_DIR/heat-engine --config-file=$HEAT_CONF"
run_process h-api "$HEAT_BIN_DIR/heat-api --config-file=$HEAT_CONF"
run_process h-api-cfn "$HEAT_BIN_DIR/heat-api-cfn --config-file=$HEAT_CONF"
run_process h-api-cw "$HEAT_BIN_DIR/heat-api-cloudwatch --config-file=$HEAT_CONF" |
bfdad75e |
}
|
699a29f7 |
# stop_heat() - Stop running processes |
aee18c74 |
function stop_heat { |
7033829d |
# Kill the screen windows |
7d31bdcf |
local serv |
7033829d |
for serv in h-eng h-api h-api-cfn h-api-cw; do |
2f27a0ed |
stop_process $serv |
699a29f7 |
done |
bfdad75e |
} |
7903b795 |
|
33d1f86a |
# create_heat_accounts() - Set up common required heat accounts |
aee18c74 |
function create_heat_accounts { |
744c2afd |
if [[ "$HEAT_STANDALONE" != "True" ]]; then
create_service_user "heat" "admin"
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
b17ad756 |
get_or_create_service "heat" "orchestration" "Heat Orchestration Service"
get_or_create_endpoint "orchestration" \ |
744c2afd |
"$REGION_NAME" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
"$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
|
b17ad756 |
get_or_create_service "heat-cfn" "cloudformation" "Heat CloudFormation Service"
get_or_create_endpoint "cloudformation" \ |
744c2afd |
"$REGION_NAME" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \
"$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"
fi
# heat_stack_user role is for users created by Heat
get_or_create_role "heat_stack_user" |
57d478d8 |
fi
|
16aca8a3 |
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
# Note we have to pass token/endpoint here because the current endpoint and
# version negotiation in OSC means just --os-identity-api-version=3 won't work |
b74e01c3 |
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
0abde393 |
--os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
if [[ -z "$D_ID" ]]; then |
b74e01c3 |
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
0abde393 |
--os-identity-api-version=3 domain create heat \
--description "Owns users and projects created by heat" \
| grep ' id ' | get_field 2) |
2f92c8d7 |
iniset $HEAT_CONF DEFAULT stack_user_domain_id ${D_ID} |
0abde393 |
|
b74e01c3 |
openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
0abde393 |
--os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
--domain $D_ID heat_domain_admin \
--description "Manages users and projects created by heat" |
b74e01c3 |
openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
0abde393 |
--os-identity-api-version=3 role add \
--user heat_domain_admin --domain ${D_ID} admin
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
fi |
16aca8a3 |
fi |
33d1f86a |
}
|
249e36de |
# build_heat_pip_mirror() - Build a pip mirror containing heat agent projects
function build_heat_pip_mirror { |
71afb567 |
local project_dirs="$OCC_DIR $OAC_DIR $ORC_DIR $HEAT_CFNTOOLS_DIR" |
249e36de |
local projpath proj package
rm -rf $HEAT_PIP_REPO
mkdir -p $HEAT_PIP_REPO
echo "<html><body>" > $HEAT_PIP_REPO/index.html
for projpath in $project_dirs; do
proj=$(basename $projpath)
mkdir -p $HEAT_PIP_REPO/$proj
pushd $projpath
rm -rf dist
python setup.py sdist
pushd dist
package=$(ls *)
mv $package $HEAT_PIP_REPO/$proj/$package
popd
echo "<html><body><a href=\"$package\">$package</a></body></html>" > $HEAT_PIP_REPO/$proj/index.html
echo "<a href=\"$proj\">$proj</a><br/>" >> $HEAT_PIP_REPO/index.html
popd
done
echo "</body></html>" >> $HEAT_PIP_REPO/index.html
local heat_pip_repo_apache_conf=$(apache_site_config_for heat_pip_repo)
sudo cp $FILES/apache-heat-pip-repo.template $heat_pip_repo_apache_conf
sudo sed -e "
s|%HEAT_PIP_REPO%|$HEAT_PIP_REPO|g;
s|%HEAT_PIP_REPO_PORT%|$HEAT_PIP_REPO_PORT|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
" -i $heat_pip_repo_apache_conf
enable_apache_site heat_pip_repo
restart_apache_server |
11cf7b64 |
sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $HEAT_PIP_REPO_PORT -j ACCEPT || true |
2a6009cd |
}
|
7903b795 |
# Restore xtrace
$XTRACE |
584d90ec |
|
6a5aa7c6 |
# Tell emacs to use shell-script-mode
## Local variables:
## mode: shell-script
## End: |