# lib/heat

# Install and start **Heat** service

# To enable, add the following to localrc

#

# ENABLED_SERVICES+=,heat,h-api,h-api-cfn,h-api-cw,h-eng

# Dependencies:

#

# - functions

# stack.sh

# ---------

# - install_heatclient

# - install_heat

# - configure_heatclient

# - configure_heat

# - init_heat

# - start_heat

# - stop_heat

# - cleanup_heat

# Save trace setting

XTRACE=$(set +o | grep xtrace)

set +o xtrace

# Defaults

# --------

# set up default directories

HEAT_DIR=$DEST/heat

HEATCLIENT_DIR=$DEST/python-heatclient

HEAT_AUTH_CACHE_DIR=${HEAT_AUTH_CACHE_DIR:-/var/cache/heat}

HEAT_STANDALONE=`trueorfalse False $HEAT_STANDALONE`

HEAT_CONF_DIR=/etc/heat

HEAT_CONF=$HEAT_CONF_DIR/heat.conf

HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d

HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates

HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`

# other default options

HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}

# Tell Tempest this project is present

TEMPEST_SERVICES+=,heat

# Functions

# ---------

# Test if any Heat services are enabled

# is_heat_enabled

function is_heat_enabled {

[[ ,${ENABLED_SERVICES} =~ ,"h-" ]] && return 0

return 1

}

# cleanup_heat() - Remove residual data files, anything left over from previous

# runs that a clean run would need to clean up

function cleanup_heat {

sudo rm -rf $HEAT_AUTH_CACHE_DIR

sudo rm -rf $HEAT_ENV_DIR

sudo rm -rf $HEAT_TEMPLATES_DIR

}

# configure_heat() - Set config files, create data dirs, etc

function configure_heat {

setup_develop $HEAT_DIR

if [[ ! -d $HEAT_CONF_DIR ]]; then

sudo mkdir -p $HEAT_CONF_DIR

fi

sudo chown $STACK_USER $HEAT_CONF_DIR

# remove old config files

rm -f $HEAT_CONF_DIR/heat-*.conf

HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$HOST_IP}

HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}

HEAT_ENGINE_HOST=${HEAT_ENGINE_HOST:-$SERVICE_HOST}

HEAT_ENGINE_PORT=${HEAT_ENGINE_PORT:-8001}

HEAT_API_CW_HOST=${HEAT_API_CW_HOST:-$HOST_IP}

HEAT_API_CW_PORT=${HEAT_API_CW_PORT:-8003}

HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP}

HEAT_API_PORT=${HEAT_API_PORT:-8004}

HEAT_API_PASTE_FILE=$HEAT_CONF_DIR/api-paste.ini

HEAT_POLICY_FILE=$HEAT_CONF_DIR/policy.json

cp $HEAT_DIR/etc/heat/api-paste.ini $HEAT_API_PASTE_FILE

cp $HEAT_DIR/etc/heat/policy.json $HEAT_POLICY_FILE

cp $HEAT_DIR/etc/heat/heat.conf.sample $HEAT_CONF

# common options

iniset_rpc_backend heat $HEAT_CONF DEFAULT

iniset $HEAT_CONF DEFAULT heat_metadata_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT

iniset $HEAT_CONF DEFAULT heat_waitcondition_server_url http://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1/waitcondition

iniset $HEAT_CONF DEFAULT heat_watch_server_url http://$HEAT_API_CW_HOST:$HEAT_API_CW_PORT

iniset $HEAT_CONF database connection `database_connection_url heat`

iniset $HEAT_CONF DEFAULT auth_encryption_key `hexdump -n 16 -v -e '/1 "%02x"' /dev/urandom`

# logging

iniset $HEAT_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL

iniset $HEAT_CONF DEFAULT use_syslog $SYSLOG

if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then

# Add color to logging output

setup_colorized_logging $HEAT_CONF DEFAULT tenant user

fi

# keystone authtoken

iniset $HEAT_CONF keystone_authtoken auth_host $KEYSTONE_AUTH_HOST

iniset $HEAT_CONF keystone_authtoken auth_port $KEYSTONE_AUTH_PORT

iniset $HEAT_CONF keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL

configure_API_version $HEAT_CONF $IDENTITY_API_VERSION

iniset $HEAT_CONF keystone_authtoken cafile $KEYSTONE_SSL_CA

iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME

iniset $HEAT_CONF keystone_authtoken admin_user heat

iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD

iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR

# ec2authtoken

iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0

# paste_deploy

[[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone

# OpenStack API

iniset $HEAT_CONF heat_api bind_port $HEAT_API_PORT

# Cloudformation API

iniset $HEAT_CONF heat_api_cfn bind_port $HEAT_API_CFN_PORT

# Cloudwatch API

iniset $HEAT_CONF heat_api_cloudwatch bind_port $HEAT_API_CW_PORT

# heat environment

sudo mkdir -p $HEAT_ENV_DIR

sudo chown $STACK_USER $HEAT_ENV_DIR

# copy the default environment

cp $HEAT_DIR/etc/heat/environment.d/* $HEAT_ENV_DIR/

# heat template resources.

sudo mkdir -p $HEAT_TEMPLATES_DIR

sudo chown $STACK_USER $HEAT_TEMPLATES_DIR

# copy the default templates

cp $HEAT_DIR/etc/heat/templates/* $HEAT_TEMPLATES_DIR/

}

# init_heat() - Initialize database

function init_heat {

# (re)create heat database

recreate_database heat utf8

$HEAT_DIR/bin/heat-manage db_sync

create_heat_cache_dir

}

# create_heat_cache_dir() - Part of the init_heat() process

function create_heat_cache_dir {

# Create cache dirs

sudo mkdir -p $HEAT_AUTH_CACHE_DIR

sudo chown $STACK_USER $HEAT_AUTH_CACHE_DIR

}

# install_heatclient() - Collect source and prepare

function install_heatclient {

git_clone $HEATCLIENT_REPO $HEATCLIENT_DIR $HEATCLIENT_BRANCH

setup_develop $HEATCLIENT_DIR

sudo install -D -m 0644 -o $STACK_USER {$HEATCLIENT_DIR/tools/,/etc/bash_completion.d/}heat.bash_completion

}

# install_heat() - Collect source and prepare

function install_heat {

git_clone $HEAT_REPO $HEAT_DIR $HEAT_BRANCH

}

# start_heat() - Start running processes, including screen

function start_heat {

screen_it h-eng "cd $HEAT_DIR; bin/heat-engine --config-file=$HEAT_CONF"

screen_it h-api "cd $HEAT_DIR; bin/heat-api --config-file=$HEAT_CONF"

screen_it h-api-cfn "cd $HEAT_DIR; bin/heat-api-cfn --config-file=$HEAT_CONF"

screen_it h-api-cw "cd $HEAT_DIR; bin/heat-api-cloudwatch --config-file=$HEAT_CONF"

}

# stop_heat() - Stop running processes

function stop_heat {

# Kill the screen windows

for serv in h-eng h-api h-api-cfn h-api-cw; do

screen_stop $serv

done

}

function disk_image_create {

local elements_path=$1

local elements=$2

local arch=$3

local output=$TOP_DIR/files/$4

if [[ -f "$output.qcow2" ]]; then

echo "Image file already exists: $output_file"

else

ELEMENTS_PATH=$elements_path disk-image-create \

$elements -a $arch -o $output

fi

# upload with fake URL so that image in $TOP_DIR/files is used

upload_image "http://localhost/$output.qcow2" $TOKEN

}

# create_heat_accounts() - Set up common required heat accounts

function create_heat_accounts {

# migrated from files/keystone_data.sh

SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")

ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")

HEAT_USER=$(openstack user create \

heat \

--password "$SERVICE_PASSWORD" \

--project $SERVICE_TENANT \

--email heat@example.com \

| grep " id " | get_field 2)

openstack role add \

$ADMIN_ROLE \

--project $SERVICE_TENANT \

--user $HEAT_USER

if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then

HEAT_SERVICE=$(openstack service create \

heat \

--type=orchestration \

--description="Heat Orchestration Service" \

| grep " id " | get_field 2)

openstack endpoint create \

$HEAT_SERVICE \

--region RegionOne \

--publicurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \

--adminurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \

--internalurl "$SERVICE_PROTOCOL://$HEAT_API_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"

HEAT_CFN_SERVICE=$(openstack service create \

heat \

--type=cloudformation \

--description="Heat CloudFormation Service" \

| grep " id " | get_field 2)

openstack endpoint create \

$HEAT_CFN_SERVICE \

--region RegionOne \

--publicurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \

--adminurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1" \

--internalurl "$SERVICE_PROTOCOL://$HEAT_API_CFN_HOST:$HEAT_API_CFN_PORT/v1"

fi

# heat_stack_user role is for users created by Heat

openstack role create heat_stack_user

if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then

# heat_stack_owner role is given to users who create Heat stacks,

# it's the default role used by heat to delegate to the heat service

# user (for performing deferred operations via trusts), see heat.conf

HEAT_OWNER_ROLE=$(openstack role create \

heat_stack_owner \

| grep " id " | get_field 2)

# Give the role to the demo and admin users so they can create stacks

# in either of the projects created by devstack

openstack role add $HEAT_OWNER_ROLE --project demo --user demo

openstack role add $HEAT_OWNER_ROLE --project demo --user admin

openstack role add $HEAT_OWNER_ROLE --project admin --user admin

iniset $HEAT_CONF DEFAULT deferred_auth_method trusts

fi

if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then

# Note we have to pass token/endpoint here because the current endpoint and

# version negotiation in OSC means just --os-identity-api-version=3 won't work

KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"

D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \

--os-identity-api-version=3 domain create heat \

--description "Owns users and projects created by heat" \

| grep ' id ' | get_field 2)

iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}

openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \

--os-identity-api-version=3 user create --password $SERVICE_PASSWORD \

--domain $D_ID heat_domain_admin \

--description "Manages users and projects created by heat"

openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \

--os-identity-api-version=3 role add \

--user heat_domain_admin --domain ${D_ID} admin

iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin

iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD

fi

}

# Restore xtrace

$XTRACE

# Tell emacs to use shell-script-mode

## Local variables:

## mode: shell-script

## End: