Install the Orchestration service

Install the Orchestration module on the controller node:
```
# apt-get install heat-api heat-api-cfn heat-engine
```
In the configuration file, specify the location of the database where the Orchestration service stores data. These examples use a MySQL database with a heat user on the controller node. Replace HEAT_DBPASS with the password for the database user:
Edit /etc/heat/heat.conf and modify the [database] section:
```
[database]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://heat:HEAT_DBPASS@controller/heat
```
By default, the Ubuntu packages create an SQLite database. Delete the heat.sqlite file that was created in the /var/lib/heat/ directory so that it does not get used by mistake:
```
# rm /var/lib/heat/heat.sqlite
```

Use the password that you set previously to log in as root and create a heat database user:

$ mysql -u root -p
mysql> CREATE DATABASE heat;
mysql> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY 'HEAT_DBPASS';
mysql> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY 'HEAT_DBPASS';

Create the heat service tables:
```
# su -s /bin/sh -c "heat-manage db_sync" heat
```
Note
Ignore DeprecationWarning errors.

	Note
Ignore DeprecationWarning errors.

The Ubuntu packages do not correctly set up logging. Edit the /etc/heat/heat.conf file and change the [DEFAULT] section:

[DEFAULT]
...
# Print more verbose output (set logging level to INFO instead
# of default WARNING level). (boolean value)
verbose = True
...
# (Optional) The base directory used for relative --log-file
# paths (string value)
log_dir=/var/log/heat

Configure the Orchestration Service to use the RabbitMQ message broker.
Edit /etc/heat/heat.conf and modify the [DEFAULT] section:
```
rabbit_host = controller
rabbit_password = RABBIT_PASS
```
Create a heat user that the Orchestration service can use to authenticate with the Identity Service. Use the service tenant and give the user the admin role:
```
$ keystone user-create --name=heat --pass=HEAT_PASS \
  --email=[email protected]
$ keystone user-role-add --user=heat --tenant=service --role=admin
```

Edit the /etc/heat/heat.conf file to change the [keystone_authtoken] and [ec2authtoken] sections to add credentials to the Orchestration Service:

[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = heat
admin_password = HEAT_PASS

[ec2authtoken]
auth_uri = http://controller:5000/v2.0

Register the Heat and CloudFormation APIs with the Identity Service so that other OpenStack services can locate these APIs. Register the services and specify the endpoints:

$ keystone service-create --name=heat --type=orchestration \
  --description="Orchestration"
$ keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ orchestration / {print $2}') \
  --publicurl=http://controller:8004/v1/%\(tenant_id\)s \
  --internalurl=http://controller:8004/v1/%\(tenant_id\)s \
  --adminurl=http://controller:8004/v1/%\(tenant_id\)s
$ keystone service-create --name=heat-cfn --type=cloudformation \
  --description="Orchestration CloudFormation"
$ keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ cloudformation / {print $2}') \
  --publicurl=http://controller:8000/v1 \
  --internalurl=http://controller:8000/v1 \
  --adminurl=http://controller:8000/v1

Restart the service with its new settings:

# service heat-api restart
# service heat-api-cfn restart
# service heat-engine restart

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

Legal notices