Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying OpenStack Orchestration
  • Table Of Contents Toc
  • Feedback & Rating feedback
OpenStack Orchestration

OpenStack Orchestration

By : Ahmed Siddiqui
3 (3)
Buy this Book
close
close
OpenStack Orchestration

OpenStack Orchestration

3 (3)
By: Ahmed Siddiqui
Buy this Book

Overview of this book

This book is focused on setting up and using one of the most important services in OpenStack orchestration, Heat. First, the book introduces you to the orchestration service for OpenStack to help you understand the uses of the templating mechanism, complex control groups of cloud resources, and huge-potential and multiple-use cases. We then move on to the topology and orchestration specification for cloud applications and standards, before introducing the most popular IaaS cloud framework, Heat. You will get to grips with the standards used in Heat, overview and roadmap, architecture and CLI, heat API, heat engine, CloudWatch API, scaling principles, JeOS and installation and configuration of Heat. We wrap up by giving you some insights into troubleshooting for OpenStack. With easy-to-follow, step-by-step instructions and supporting images, you will be able to manage OpenStack operations by implementing the orchestration services of Heat.
Table of Contents (9 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Getting Started with the Orchestration Service for OpenStack
chevron up
Icon
1. Getting Started with the Orchestration Service for OpenStack
Icon
Introduction to the OpenStack architecture
Icon
The Orchestration service for OpenStack
Icon
The Heat workflow
Icon
The Orchestration authorization model
Icon
The authorization model configuration
Icon
Stack domain users
Icon
Summary
2
2. The OpenStack Architecture
Icon
2. The OpenStack Architecture
Icon
Components of OpenStack
Icon
OpenStack node types
Icon
The OpenStack logical architecture
Icon
TOSCA – Heat ideas and standards
Icon
Heat components
Icon
The example architecture 1 (based on the Nova network)
Icon
The example architecture 2 (based on Neutron)
Icon
Network layout for OpenStack networking
Icon
Summary
3
3. Stack Group of Connected Cloud Resources
Icon
3. Stack Group of Connected Cloud Resources
Icon
Heat basics
Icon
Autoscaling
Icon
Summary
4
4. Installation and Configuration of the Orchestration Service
Icon
4. Installation and Configuration of the Orchestration Service
Icon
Orchestration module concepts
Icon
OpenStack Heat installation
Icon
Creating a stack with Heat
Icon
Summary
5
5. Working with Heat
Icon
5. Working with Heat
Icon
Standards used in Heat
Icon
Heat overview and roadmap
Icon
The Heat architecture and CLI
Icon
The Heat basic workflow
Icon
JeOS
Icon
Summary
6
6. Managing Heat
Icon
6. Managing Heat
Icon
Heat and DevStack
Icon
The event stack list
Icon
Get the stack list
Icon
Create a stack
Icon
Show stack details
Icon
Show resource details
Icon
Update a stack
Icon
Delete a stack
Icon
The template structure
Icon
The CloudFormation template
Icon
Summary
7
7. Troubleshooting Heat
Icon
7. Troubleshooting Heat
Icon
VM instances cannot connect to the external network or the Internet
Icon
Error received during installation – Unable to write random state
Icon
Timeout error received while running jeos_create during customization
Icon
A template running with incorrect parameters cannot be deleted
Icon
Error – internal error process exited while connecting to monitor
Icon
It takes too long to create a JeOS
Icon
Error – Quota exceeded: code=InstanceLimitExceeded (HTTP 413)
Icon
Error – Response from Keystone does not contain a Heat endpoint
Icon
Error – Internal Server Error
Icon
Error – Provided KeyName is not registered with Nova
Icon
A template is not working after editing
Icon
Instances shutdown immediately after creation
Icon
Yum update fails with dependency problems related to the oz package
Icon
Failed to start qpidd
Icon
OpenStack daemons can't connect to qpidd
Icon
Ubuntu VMs cannot receive DHCP assignments from hosts running CentOS/Fedora
Icon
Debugging OpenStack Heat
Icon
Heat list returns 503 error
Icon
Heat list hangs up
Icon
Troubleshooting common OpenStack errors
Icon
Summary
8
Index
Icon
Index

Stack domain users

The Heat stack domain user is used to authorize a user to carry out certain operations inside a virtual machine.

Agents running inside virtual machine instances are provided with metadata. These agents repot and share the performance statistics of the VM on which they are running.

They use this metadata to apply any changes or some sort of configuration expressed in the metadata.

A signal is passed to the Heat engine when an event is completed successfully or with the failed status. A typical example can be to generate an alert when the installation of an application is completed on a specific virtual machine after its first reboot.

Heat provides features for encapsulating all the stack-defined users into a separate domain. This domain is usually created to store the information related to the Heat service. A domain admin is created, which is used by Heat for the management of the stack-domain users.

Configuring stack domain users

The following procedure is used to configure stack domain users:

  1. A new domain is created using keystone (OpenStack Identity service). Usually, the domain name is set to Heat. This ID is configured in the heat.conf file against the parameter stack_user_domain.
  2. A new user is created using keystone with permissions to create and delete projects and users. This newly defined user must belong to the domain created in step 1.
  3. The user created in step 2 (along with the password) is configured in heat.conf against the parameters: stack_domain_admin and stack_domain_admin_password.

This user is used to maintain the stack domain users on behalf of stack owners. As the heat_domain_admin user is only allowed access to the Heat domain, the risk of unwanted access to other domains is limited.

The following are the commands and the steps necessary to set up domain users:

  1. A domain is created using the following command:
    $ openstack --os-identity-api-version=3  --os-auth-url  http://192.168.5.38:35357/v3\
--os-username admin --os-password ADMIN --os-project-name admin domain create heat \
--description "Domain For HEAT Projects and Users"

    Here $OS_TOKEN refers to a token that must be a valid token.

    This will return a domain ID that will be referred to as $HEAT_DOMAIN_ID in the next step.

    Configuring stack domain users
  2. Next, a user will be created within the domain created in step 1:
    $ openstack  user create heat_domain_admin \
--os-identity-api-version=3  \
--os-auth-url  http://192.168.5.38:35357/v3 \
--os-username=admin --os-password=ADMIN \
--os-project-name=admin \
--domain heat \
--description "Admin for HEAT domain"\

    This will return a domain admin ID, which will be used in the next step.

    Configuring stack domain users
  3. Next, the newly created user in step 2 is assigned the role of domain admin:
    $ openstack role add admin \
--user heat_domain_admin \
--os-identity-api-version=3  \
--os-auth-url  http://192.168.5.38:35357/v3 \
--os-username=admin \
--os-password=ADMIN \
--os-project-name=admin \
--domain heat

    We'll get the output shown in the following screenshot for this command:

    Configuring stack domain users

The information such as domain ID, username, and password is needed to be configured against the relevant parameters in heat.conf.

Creating a stack

The following are the steps needed to create a sample stack:

  1. If the stack contains any resources that require creation of a "stack domain user", then a new "stack domain project" in the "Heat" domain is created.
  2. A new user is created under "stack domain project" by Heat if it is required. From an authentication perspective, this user is completely separate and also unrelated to the "stack owner's project."

While processing API requests, an internal lookup is made by Heat Orchestration to grant the required privileges to the user for both the stack owner's project as well as the stack domain project. These privileges are controlled by the policy.json file.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
OpenStack Orchestration
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon