红帽全球峰会1.17. 使用 Heat
使用 Heat 意味着应该禁用 Heat 的现有 OpenStackControlPlane CR 进行补丁,以使用源环境提供的配置参数启动该服务。
在采用过程完成后,用户可以预期他们有针对 Heat、HeatAPI、HeatEngine 和 HeatCFNAPI 的 CR。此外,用户应该在 Keystone 中创建端点,以便于上述服务。
本指南还假设:
-
TripleO环境(源云)在一个端运行; - OpenShift 环境在另一端运行。
1.17.1. 先决条件
复制链接链接已复制到粘贴板!
- 以前的 Adoption 步骤已完成。值得注意的是,应已经采用 MariaDB 和 Keystone。
- 此外,如果现有 Heat 堆栈包含来自 Neutron、Nova、Swift 等其他服务的资源。在尝试采用 Heat 之前,应首先采用这些服务。
1.17.2. 流程 - Heat 采用
复制链接链接已复制到粘贴板!
与 Keystone 所做的一样,Heat Adoption 遵循类似的模式。
修补 osp-secret 以更新 HeatAuthEncryptionKey 和 HeatPassword。这需要与您在现有 TripleO Heat 配置中配置的内容匹配。
您可以通过以下方式检索并验证现有的 auth_encryption_key 和服务 密码:
[stack@rhosp17 ~]$ grep -E 'HeatPassword|HeatAuth' ~/overcloud-deploy/overcloud/overcloud-passwords.yaml
HeatAuthEncryptionKey: Q60Hj8PqbrDNu2dDCbyIQE2dibpQUPg2
HeatPassword: dU2N0Vr2bdelYH7eQonAwPfI3并在其中一个控制器中验证是否确实是使用中的值:
[stack@rhosp17 ~]$ ansible -i overcloud-deploy/overcloud/config-download/overcloud/tripleo-ansible-inventory.yaml overcloud-controller-0 -m shell -a "grep auth_encryption_key /var/lib/config-data/puppet-generated/heat/etc/heat/heat.conf | grep -Ev '^#|^$'" -b
overcloud-controller-0 | CHANGED | rc=0 >>
auth_encryption_key=Q60Hj8PqbrDNu2dDCbyIQE2dibpQUPg2
此密码需要采用 base64 编码,并添加到 osp-secret中
❯ echo Q60Hj8PqbrDNu2dDCbyIQE2dibpQUPg2 | base64
UTYwSGo4UHFickROdTJkRENieUlRRTJkaWJwUVVQZzIK
❯ oc patch secret osp-secret --type='json' -p='[{"op" : "replace" ,"path" : "/data/HeatAuthEncryptionKey" ,"value" : "UTYwSGo4UHFickROdTJkRENieUlRRTJkaWJwUVVQZzIK"}]'
secret/osp-secret patched对 OpenStackControlPlane 进行补丁来部署 Heat:
oc patch openstackcontrolplane openstack --type=merge --patch '
spec:
heat:
enabled: true
apiOverride:
route: {}
template:
databaseInstance: openstack
secret: osp-secret
memcachedInstance: memcached
passwordSelectors:
authEncryptionKey: HeatAuthEncryptionKey
database: HeatDatabasePassword
service: HeatPassword
'1.17.3. post-checks
复制链接链接已复制到粘贴板!
确保所有 CR 都到达 "Setup Complete" 状态:
❯ oc get Heat,HeatAPI,HeatEngine,HeatCFNAPI
NAME STATUS MESSAGE
heat.heat.openstack.org/heat True Setup complete
NAME STATUS MESSAGE
heatapi.heat.openstack.org/heat-api True Setup complete
NAME STATUS MESSAGE
heatengine.heat.openstack.org/heat-engine True Setup complete
NAME STATUS MESSAGE
heatcfnapi.heat.openstack.org/heat-cfnapi True Setup complete1.17.3.1. 检查 Keystone 中是否已注册了 Heat 服务
复制链接链接已复制到粘贴板!
oc exec -it openstackclient -- openstack service list -c Name -c Type
+------------+----------------+
| Name | Type |
+------------+----------------+
| heat | orchestration |
| glance | image |
| heat-cfn | cloudformation |
| ceilometer | Ceilometer |
| keystone | identity |
| placement | placement |
| cinderv3 | volumev3 |
| nova | compute |
| neutron | network |
+------------+----------------+❯ oc exec -it openstackclient -- openstack endpoint list --service=heat -f yaml
- Enabled: true
ID: 1da7df5b25b94d1cae85e3ad736b25a5
Interface: public
Region: regionOne
Service Name: heat
Service Type: orchestration
URL: http://heat-api-public-openstack-operators.apps.okd.bne-shift.net/v1/%(tenant_id)s
- Enabled: true
ID: 414dd03d8e9d462988113ea0e3a330b0
Interface: internal
Region: regionOne
Service Name: heat
Service Type: orchestration
URL: http://heat-api-internal.openstack-operators.svc:8004/v1/%(tenant_id)s1.17.3.2. 检查 Heat 引擎服务是否已启动
复制链接链接已复制到粘贴板!
oc exec -it openstackclient -- openstack orchestration service list -f yaml
- Binary: heat-engine
Engine ID: b16ad899-815a-4b0c-9f2e-e6d9c74aa200
Host: heat-engine-6d47856868-p7pzz
Hostname: heat-engine-6d47856868-p7pzz
Status: up
Topic: engine
Updated At: '2023-10-11T21:48:01.000000'
- Binary: heat-engine
Engine ID: 887ed392-0799-4310-b95c-ac2d3e6f965f
Host: heat-engine-6d47856868-p7pzz
Hostname: heat-engine-6d47856868-p7pzz
Status: up
Topic: engine
Updated At: '2023-10-11T21:48:00.000000'
- Binary: heat-engine
Engine ID: 26ed9668-b3f2-48aa-92e8-2862252485ea
Host: heat-engine-6d47856868-p7pzz
Hostname: heat-engine-6d47856868-p7pzz
Status: up
Topic: engine
Updated At: '2023-10-11T21:48:00.000000'
- Binary: heat-engine
Engine ID: 1011943b-9fea-4f53-b543-d841297245fd
Host: heat-engine-6d47856868-p7pzz
Hostname: heat-engine-6d47856868-p7pzz
Status: up
Topic: engine
Updated At: '2023-10-11T21:48:01.000000'1.17.3.3. 验证您现在可以再次看到 Heat 堆栈
复制链接链接已复制到粘贴板!
测试您能否创建网络、子网、端口或路由器:
❯ openstack stack list -f yaml
- Creation Time: '2023-10-11T22:03:20Z'
ID: 20f95925-7443-49cb-9561-a1ab736749ba
Project: 4eacd0d1cab04427bc315805c28e66c9
Stack Name: test-networks
Stack Status: CREATE_COMPLETE
Updated Time: null
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}