To use this role, define the following variables:
# password of the keystone service user for heat
heat_service_password: "secrete"
# password of the admin user for the keystone heat domain
heat_stack_domain_admin_password: "secrete"
# key used for encrypting credentials stored in the heat db
heat_auth_encryption_key: "32characterslongboguskeyvaluefoo"
# password for heat database
heat_container_mysql_password: "secrete"
# password for heat RabbitMQ vhost
heat_rabbitmq_password: "secrete"
# comma-separated list of RabbitMQ hosts
rabbitmq_servers: 10.100.100.101
# Keystone admin user for service, domain, project, role creation
keystone_admin_user_name: "admin"
# Keystone admin password for service, domain, project, role creation
keystone_auth_admin_password: "secrete"
To clone or view the source code for this repository, visit the role repository for os_heat.
# The variables file used by the playbooks in the Heat-api group.
# These don't have to be explicitly imported by vars_files: they are autopopulated.
# Enable/Disable Ceilometer
heat_ceilometer_enabled: False
## Verbosity Options
debug: False
# Set the package install state for distribution and pip packages
# Options are 'present' and 'latest'
heat_package_state: "latest"
heat_pip_package_state: "latest"
heat_git_repo: https://git.openstack.org/openstack/heat
heat_git_install_branch: master
heat_developer_mode: false
heat_developer_constraints:
- "git+{{ heat_git_repo }}@{{ heat_git_install_branch }}#egg=heat"
# Name of the virtual env to deploy into
heat_venv_tag: untagged
heat_bin: "/openstack/venvs/heat-{{ heat_venv_tag }}/bin"
# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
heat_venv_download: "{{ not heat_developer_mode | bool }}"
heat_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/heat.tgz
heat_fatal_deprecations: False
heat_clients_endpoint: internalURL
heat_clients_heat_endpoint: publicURL
## DB
heat_galera_user: heat
heat_galera_database: heat
## RabbitMQ info
## Configuration for RPC communications
heat_rabbitmq_userid: heat
heat_rabbitmq_vhost: /heat
heat_rabbitmq_servers: 127.0.0.1
heat_rabbitmq_use_ssl: False
heat_rabbitmq_port: 5672
## Configuration for notifications communication, i.e. [oslo_messaging_notifications]
heat_rabbitmq_telemetry_userid: "{{ heat_rabbitmq_userid }}"
heat_rabbitmq_telemetry_password: "{{ heat_rabbitmq_password }}"
heat_rabbitmq_telemetry_vhost: "{{ heat_rabbitmq_vhost }}"
heat_rabbitmq_telemetry_port: "{{ heat_rabbitmq_port }}"
heat_rabbitmq_telemetry_servers: "{{ heat_rabbitmq_servers }}"
heat_rabbitmq_telemetry_use_ssl: "{{ heat_rabbitmq_use_ssl }}"
## Heat User / Group
heat_system_user_name: heat
heat_system_group_name: heat
heat_system_shell: /bin/false
heat_system_comment: heat system user
heat_system_home_folder: "/var/lib/{{ heat_system_user_name }}"
## Default domain
heat_project_domain_name: Default
heat_project_name: admin
heat_user_domain_name: Default
## Stack
heat_stack_domain_admin: stack_domain_admin
heat_stack_owner_name: heat_stack_owner
heat_stack_domain_description: Owns users and projects created by heat
heat_stack_user_domain_name: heat
heat_max_nested_stack_depth: 5
heat_deferred_auth_method: trusts
heat_trusts_delegated_roles: []
## Cinder backups
heat_cinder_backups_enabled: false
# osprofiler
heat_profiler_enabled: false
heat_profiler_trace_sqlalchemy: false
## Auth
heat_service_region: RegionOne
heat_service_project_name: "service"
heat_service_user_name: "heat"
heat_service_role_name: admin
heat_service_project_domain_id: default
heat_service_user_domain_id: default
heat_keystone_auth_plugin: password
## Trustee Auth
heat_service_trustee_project_name: "service"
heat_service_trustee_user_name: "heat"
heat_service_trustee_password: "{{ heat_service_password }}"
heat_service_trustee_project_domain_id: "default"
heat_service_trustee_user_domain_id: "default"
heat_keystone_trustee_auth_plugin: "{{ heat_keystone_trustee_auth_type }}"
heat_keystone_trustee_auth_type: password
## Heat api service type and data
heat_service_name: heat
heat_service_description: "Heat Orchestration Service"
heat_service_port: 8004
heat_service_proto: http
heat_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(heat_service_proto) }}"
heat_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(heat_service_proto) }}"
heat_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(heat_service_proto) }}"
heat_service_type: orchestration
heat_service_publicuri: "{{ heat_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_service_port }}"
heat_service_publicurl: "{{ heat_service_publicuri }}/v1/%(tenant_id)s"
heat_service_adminuri: "{{ heat_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ heat_service_port }}"
heat_service_adminurl: "{{ heat_service_adminuri }}/v1/%(tenant_id)s"
heat_service_internaluri: "{{ heat_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ heat_service_port }}"
heat_service_internalurl: "{{ heat_service_internaluri }}/v1/%(tenant_id)s"
## Heat api cfn service type and data
heat_cfn_service_name: heat-cfn
heat_cfn_service_description: "Heat CloudFormation Service"
heat_cfn_service_port: 8000
heat_cfn_service_proto: http
heat_cfn_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(heat_cfn_service_proto) }}"
heat_cfn_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(heat_cfn_service_proto) }}"
heat_cfn_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(heat_cfn_service_proto) }}"
heat_cfn_service_type: cloudformation
heat_cfn_service_publicuri: "{{ heat_cfn_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_cfn_service_publicurl: "{{ heat_cfn_service_publicuri }}/v1"
heat_cfn_service_adminuri: "{{ heat_cfn_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_cfn_service_adminurl: "{{ heat_cfn_service_adminuri }}/v1"
heat_cfn_service_internaluri: "{{ heat_cfn_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_cfn_service_internalurl: "{{ heat_cfn_service_internaluri }}/v1"
## Heat wait and metadata server
heat_waitcondition_server_uri: "{{ heat_cfn_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}"
heat_waitcondition_server_url: "{{ heat_waitcondition_server_uri }}/v1/waitcondition"
heat_metadata_server_url: "{{ heat_cfn_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_cfn_service_port }}"
## Heat watch server
heat_watch_proto: http
heat_watch_port: 8003
heat_watch_publicuri_proto: "{{ openstack_service_publicuri_proto | default(heat_watch_proto) }}"
heat_watch_server_uri: "{{ heat_watch_publicuri_proto }}://{{ external_lb_vip_address }}:{{ heat_watch_port }}"
heat_watch_server_url: "{{ heat_watch_server_uri }}"
# If the following variables are unset in user_variables, the value set will be half the number of available VCPUs
# heat_engine_workers: 4
# heat_api_workers: 4
## Cap the maximum number of threads / workers when a user value is unspecified.
heat_api_threads_max: 16
heat_api_threads: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, heat_api_threads_max] | min }}"
heat_service_in_ldap: false
## Plugin dirs
heat_plugin_dirs:
- /usr/lib/heat
- /usr/local/lib/heat
## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g.
#heat_policy_overrides:
# "cloudformation:ListStacks": "rule:deny_stack_user"
# "cloudformation:CreateStack": "rule:deny_stack_user"
# Heat packages that must be installed before anything else
heat_requires_pip_packages:
- virtualenv
- virtualenv-tools
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
- httplib2
# Common pip packages
heat_pip_packages:
- cryptography
- heat
- keystonemiddleware
- PyMySQL
- python-ceilometerclient
- python-cinderclient
- python-glanceclient
- python-heatclient
- python-keystoneclient
- python-memcached
- python-neutronclient
- python-novaclient
- python-openstackclient
- python-swiftclient
- python-troveclient
heat_api_init_overrides: {}
heat_api_cfn_init_overrides: {}
heat_api_cloudwatch_init_overrides: {}
heat_engine_init_overrides: {}
## Service Name-Group Mapping
heat_services:
heat-api:
group: heat_api
service_name: heat-api
init_config_overrides: "{{ heat_api_init_overrides }}"
heat-api-cfn:
group: heat_api_cfn
service_name: heat-api-cfn
init_config_overrides: "{{ heat_api_cfn_init_overrides }}"
heat-api-cloudwatch:
group: heat_api_cloudwatch
service_name: heat-api-cloudwatch
init_config_overrides: "{{ heat_api_cloudwatch_init_overrides }}"
heat-engine:
group: heat_engine
service_name: heat-engine
init_config_overrides: "{{ heat_engine_init_overrides }}"
# Required secrets for the role
heat_required_secrets:
- keystone_auth_admin_password
- heat_stack_domain_admin_password
- heat_auth_encryption_key
- heat_container_mysql_password
- heat_rabbitmq_password
- heat_service_password
- memcached_encryption_key
# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
heat_role_project_group: heat_all
## Tunable overrides
heat_heat_conf_overrides: {}
heat_api_paste_ini_overrides: {}
heat_default_yaml_overrides: {}
heat_aws_cloudwatch_alarm_yaml_overrides: {}
heat_aws_rds_dbinstance_yaml_overrides: {}
heat_policy_overrides: {}
- name: Install heat server
hosts: heat_all
user: root
roles:
- { role: "os_heat", tags: [ "os-heat" ] }
vars:
external_lb_vip_address: 172.16.24.1
internal_lb_vip_address: 192.168.0.1
heat_galera_address: "{{ internal_lb_vip_address }}"
keystone_admin_user_name: admin
keystone_admin_tenant_name: admin
This role supports two tags: heat-install
and
heat-config
. The heat-install
tag can be used to install
and upgrade. The heat-config
tag can be used to maintain the
configuration of the service.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.