9.5. Deploy a Stack Using Orchestration Templates

⁠9.5. Deploy a Stack Using Orchestration Templates

The Orchestration engine uses templates (defined as .template files) to launch instances, IPs, volumes, or other types of stacks. The heat utility is a command-line interface that allows you to create, configure, and launch stacks.

Note

The openstack-heat-templates package provides sample templates that you can use to test core Orchestration features. It also contains template-related scripts and conversion tools. To install this package, run the following command as root:

# yum install -y openstack-heat-templates

Some Orchestration templates launch instances that require access to openstack-heat-api-cfn. Such instances will need to be able to communicate with the openstack-heat-api-cloudwatch and openstack-heat-api-cfn services. The IPs and ports used by these services are the values set in the /etc/heat/heat.conf as heat_metadata_server_url and heat_watch_server_url (refer to Section 9.3.4, “Configure Orchestration Service Authentication” for details).

To allow access to these services, you may need to configure your firewall accordingly. Specifically, you will need to open the ports used by the openstack-heat-api-cloudwatch (8003) and openstack-heat-api-cfn (8000). To do so, perform the following tasks as root:

⁠

Procedure 9.6. Configuring the firewall for Orchestration services traffic (for Red Hat Enterprise Linux 6-based systems)

Open the /etc/sysconfig/iptables file in a text editor.
Configure the firewall to allow TCP traffic on ports 8003 and 8000. To do so, add the following INPUT rules to /etc/sysconfig/iptables:
```
-A INPUT -i BR -p tcp --dport 8003 -j ACCEPT
```
```
-A INPUT -i BR -p tcp --dport 8000 -j ACCEPT
```
Replace BR with the interface of the bridge used by your instances (as in, the instances launched from Orchestration templates).
Note
Do not include the -i BR parameter in the INPUT rules if:
- you are not using nova-network, or
- the Orchestration service and nova-compute are not hosted on the same server.
Save the changes to the /etc/sysconfig/iptables file.
Restart the iptables service for the firewall changes to take effect.
```
# service iptables restart
```

⁠

Procedure 9.7. Configuring the firewall for Orchestration services traffic (for Red Hat Enterprise Linux 7-based systems)

Configure the firewall to allow TCP traffic on ports 8003 and 8000:
```
# firewall-cmd --permanent --add-port=8003/tcp
```
```
# firewall-cmd --permanent --add-port=8000/tcp
```
Note
Consider targeting the rule to the interface of the bridge used by your instances (as in, the instances launched from Orchestration templates). However, do not target the specific interface if:
- you are not using nova-network, or
- the Orchestration service and nova-compute are not hosted on the same server.
For the change to take immediate effect, add the rules to the runtime mode:
```
# firewall-cmd --add-port=8003/tcp
```
```
# firewall-cmd --add-port=8000/tcp
```

To use heat to launch an application:

# heat stack-create STACKNAME \
	--template-file=PATH_TEMPLATE \
	--parameters="PARAMETERS"

Where:

STACKNAME is the name you wish to assign to the stack. This name will appear when you run the heat stack-list command.
PATH_TEMPLATE is the path to your .template file.
PARAMETERS is a semicolon-delimeted list of stack creation parameters you wish to use. Supported parameters are defined in the template file itself.

For example, to launch a stack named myapplication using the template file /home/user/myapplication.template with specific database login parameters:

# heat stack-create myapplication \
	--template-file=/home/user/myapplication.template \
	--parameters="DBUsername=root;DBPassword=PASSWORD"