Install the Orchestration service

Install the Orchestration module on the controller node:
```
# apt-get install heat-api heat-api-cfn heat-engine
```
In the configuration file, specify the location of the database where the Orchestration service stores data. These examples use a MySQL database with a heat user on the controller node. Replace HEAT_DBPASS with the password for the database user:
Edit /etc/heat/heat.conf and change the [DEFAULT] section.
```
[DEFAULT]
# The SQLAlchemy connection string used to connect to the database
sql_connection = mysql://heat:HEAT_DBPASS@controller/heat
...
```
By default, the Ubuntu packages create an SQLite database. Delete the heat.sqlite file that was created in the /var/lib/heat/ directory so that it does not get used by mistake.

Use the password that you set previously to log in as root and create a heat database user:

# mysql -u root -p
mysql> CREATE DATABASE heat;
mysql> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY 'HEAT_DBPASS';
mysql> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY 'HEAT_DBPASS';

Create the heat service tables:
```
# heat-manage db_sync
```
Note
Ignore DeprecationWarning errors.

	Note
Ignore DeprecationWarning errors.

The Ubuntu packages do not correctly set up logging. Edit the /etc/heat/heat.conf file and change the [DEFAULT] section:

[DEFAULT]
...
# Print more verbose output (set logging level to INFO instead
# of default WARNING level). (boolean value)
verbose = True
...
# (Optional) The base directory used for relative --log-file
# paths (string value)
log_dir=/var/log/heat

Configure the Orchestration Service to use the RabbitMQ message broker.
Edit /etc/heat/heat.conf and modify the [DEFAULT] section:
```
rabbit_host = controller
rabbit_password = RABBIT_PASS
```
Create a heat user that the Orchestration service can use to authenticate with the Identity Service. Use the service tenant and give the user the admin role:
```
# keystone user-create --name=heat --pass=HEAT_PASS --email=[email protected]
# keystone user-role-add --user=heat --tenant=service --role=admin
```

Edit the /etc/heat/heat.conf file to change the [keystone_authtoken] and [ec2_authtoken] sections to add credentials to the Orchestration Service:

[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = heat
admin_password = HEAT_PASS
[ec2_authtoken]
auth_uri = http://controller:5000/v2.0
keystone_ec2_uri = http://controller:5000/v2.0/ec2tokens

Register the Heat and CloudFormation APIs with the Identity Service so that other OpenStack services can locate these APIs. Register the service and specify the endpoint:
```
# keystone service-create --name=heat --type=orchestration \
  --description="Heat Orchestration API"
```

Use the id property that is returned for the service to create the endpoint:

# keystone endpoint-create \
  --service-id=the_service_id_above \
  --publicurl=http://controller:8004/v1/%\(tenant_id\)s \
  --internalurl=http://controller:8004/v1/%\(tenant_id\)s \
  --adminurl=http://controller:8004/v1/%\(tenant_id\)s

# keystone service-create --name=heat-cfn --type=cloudformation \
  --description="Heat CloudFormation API"

Use the id property that is returned for the service to create the endpoint:

# keystone endpoint-create \
  --service-id=the_service_id_above \
  --publicurl=http://controller:8000/v1 \
  --internalurl=http://controller:8000/v1 \
  --adminurl=http://controller:8000/v1

Restart the service with its new settings:

# service heat-api restart
# service heat-api-cfn restart
# service heat-engine restart

Log a bug against this page

Legal notices