Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1048035

Summary:	database setup is not documented for Heat as are other services
Product:	Red Hat OpenStack	Reporter:	Steven Dake <sdake>
Component:	doc-Installation_and_Configuration_Guide	Assignee:	Don Domingo <ddomingo>
Status:	CLOSED CURRENTRELEASE	QA Contact:	ecs-bugs
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	4.0	CC:	fdinitto, jpeeler, sbaker, sclewis, sdake, shardy, yeylon
Target Milestone:	z2	Keywords:	Documentation, ZStream
Target Release:	4.0
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:	1046326	Environment:
Last Closed:	2014-03-04 00:04:45 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1046326, 1049118

Description Steven Dake 2014-01-03 00:26:24 UTC

+++ This bug was initially created as a clone of Bug #1046326 +++

I am not running or setting up heat on the same host as mysql and i don't want heat-db-setup to install a local copy of mysql again.

There are no visible options from command line to specify a remote mysql server.

This is a severe limitation that must be addressed ASAP as it's blocking HA refarch and related deployments.

Usage: heat-db-setup <rpm|deb> [options]
Options:
        select a distro type (rpm or debian)

        --help        | -h
                Print usage information.
        --password <pw> | -p <pw>
                Specify the password for the 'heat' MySQL user that  will
                use to connect to the 'heat' MySQL database.  By default,
                the password 'heat' will be used.
        --rootpw <pw> | -r <pw>
                Specify the root MySQL password.  If the script installs
                the MySQL server, it will set the root password to this value
                instead of prompting for a password.  If the MySQL server is
                already installed, this password will be used to connect to the
                database instead of having to prompt for it.
        --yes         | -y
                In cases where the script would normally ask for confirmation
                before doing something, such as installing mysql-server,
                just assume yes.  This is useful if you want to run the script
                non-interactively.

Also, this kind of tool is totally inconsistent with every single other tool in openstack to handle mysql connections.

--- Additional comment from Fabio Massimo Di Nitto on 2013-12-24 10:00:54 EST ---

Also, this is the first tool asking me for my mysqlroot password. All others tools are happy enough to have the admin create the basic db and grant user privileges.

--- Additional comment from Fabio Massimo Di Nitto on 2013-12-25 02:09:21 EST ---

Steve mentioned on IRC not to use this tool, but this is what we are advertising to customers:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/sect-Configuring_the_Orchestration_Service.html

as official tool to fill the db.

--- Additional comment from Steven Dake on 2013-12-25 10:19:16 EST ---

Fabio,

When I reviewed the docs, I really just didn't think about openstack-utils in the context of installation.  It was clearly an oversight.  I believe the right answer is a zstream of the documentation modified to work with openstack-utils.  If there are gaps in openstack-utils for heat functionality, we should fill those first ;-)

--- Additional comment from Steven Dake on 2013-12-25 10:22:03 EST ---

Jeff,

Can you see if openstack-utils can be used for the documented operations in the comment #2 link.  If so, please advise what the invocations are.

Note the priority is urgent (the bug has been triaged), so please have a look when you return from Christmas shutdown at your earliest convenience.

Thanks
-steve

--- Additional comment from Fabio Massimo Di Nitto on 2013-12-25 10:45:28 EST ---

(In reply to Steven Dake from comment #3)
> Fabio,
> 
> When I reviewed the docs, I really just didn't think about openstack-utils
> in the context of installation.  It was clearly an oversight.  I believe the
> right answer is a zstream of the documentation modified to work with
> openstack-utils.  If there are gaps in openstack-utils for heat
> functionality, we should fill those first ;-)

I am of course all up for fixing docs, but I also need ASAP the correct process to fill the DB for heat as this is a blocker for different reasons.

As you mentioned on IRC, if this tool is only for developers, then please don't ship it. It's just broken and has no reasons to exists :)

--- Additional comment from Jeff Peeler on 2014-01-02 13:29:26 EST ---

I have confirmed that openstack-db is a suitable replacement for heat-db-setup. I took an existing RHOS installation, dropped the heat db, and then ran:

openstack-db --service heat --init --password <user pw> --rootpw <root pw>

Stack creation and listing was successful.

Examining both scripts seem to have the same functionality, except heat-db-setup logs slightly differently as indicated here: https://bugs.launchpad.net/heat/+bug/1191925.
As noted in the bug though, this would only be a problem with log_dir defined, which in the package it isn't.


Note the following text from the openstack-db tool:

Set up a local database (MySQL) for use with openstack-<service>.
This script will create a '<service>' database that is accessible
only on localhost by user '<service>' with password '<service>'.
The setup of a database with a multi-server OpenStack installation
is outside of the scope of this simple helper script.

As far as I can tell using a remote database is not going to be achievable/supported when installing OpenStack manually.

--- Additional comment from Fabio Massimo Di Nitto on 2014-01-02 13:35:58 EST ---

(In reply to Jeff Peeler from comment #6)
> I have confirmed that openstack-db is a suitable replacement for
> heat-db-setup. I took an existing RHOS installation, dropped the heat db,
> and then ran:
> 
> openstack-db --service heat --init --password <user pw> --rootpw <root pw>
> 
> Stack creation and listing was successful.
> 
> Examining both scripts seem to have the same functionality, except
> heat-db-setup logs slightly differently as indicated here:
> https://bugs.launchpad.net/heat/+bug/1191925.
> As noted in the bug though, this would only be a problem with log_dir
> defined, which in the package it isn't.
> 
> 
> Note the following text from the openstack-db tool:
> 
> Set up a local database (MySQL) for use with openstack-<service>.
> This script will create a '<service>' database that is accessible
> only on localhost by user '<service>' with password '<service>'.
> The setup of a database with a multi-server OpenStack installation
> is outside of the scope of this simple helper script.
> 
> As far as I can tell using a remote database is not going to be
> achievable/supported when installing OpenStack manually.


Then I need a way to setup the heat db in a consistent way as other openstack services. Please take a look at how keystone or nova or glance db installation is documented and performed.

I can surely start from this few instructions and work around the limitations to move forward, but it is a terrible user experience to have to figure out how sql works internally to do scalable installations.

--- Additional comment from Steven Hardy on 2014-01-02 14:10:27 EST ---

@Fabio Massimo Di Nitto 

How are you initializing the DB for other OpenStack services?

Have you tried using "heat-manage db_sync", which is the supported way to create the DB schema, using the mysql connection details from /etc/heat/heat.conf?

AFAIK heat-manage db_sync is consistent with how all other openstack services work, but if it doesn't meet your requirements, please provide details explaining your use-case, and how it's achieved with other OpenStack services.

--- Additional comment from Fabio Massimo Di Nitto on 2014-01-02 19:19:39 EST ---

(In reply to Steven Hardy from comment #8)
> @Fabio Massimo Di Nitto 
> 
> How are you initializing the DB for other OpenStack services?

Using the official docs from docs.redhat.com:


https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/index.html
> 
> Have you tried using "heat-manage db_sync", which is the supported way to
> create the DB schema, using the mysql connection details from
> /etc/heat/heat.conf?

No because it's not officially documented. This is not a test-and-try setup/exercise I am going through. This is a "take openstack and build it on top of High Availability/Load Balancer solution to implement into foreman/packstack" work.

> 
> AFAIK heat-manage db_sync is consistent with how all other openstack
> services work, but if it doesn't meet your requirements, please provide
> details explaining your use-case, and how it's achieved with other OpenStack
> services.

But it is not documented.. hence it's a moot point because who follows manual install will not find it :)

Comment 1 Steven Dake 2014-01-03 00:31:58 UTC

Several OpenStack services are documented on how to configure MySQL for use with the OpenStack Services.

Some examples for Keystone are:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/Creating_the_Identity_Database.html

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Installation_and_Configuration_Guide/Setting_the_Database_Connection_String.html

Heat is missing such documentation.

Comment 4 Jeff Peeler 2014-01-03 22:04:27 UTC

Similar to the documentation cited in comment #1, the following commands will setup the database for Heat:

On database server:

Connect to the database service using the mysql command.
# mysql -u root -p

Create the heat database.
mysql> CREATE DATABASE heat;

Create a heat database user and grant it access to the heat database.
mysql> GRANT ALL ON heat.* TO 'heat'@'%' IDENTIFIED BY 'PASSWORD';
mysql> GRANT ALL ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'PASSWORD';

Replace PASSWORD with a secure password that will be used to authenticate with the database server as this user.

Flush the database privileges to ensure that they take effect immediately.
mysql> FLUSH PRIVILEGES;

Exit the mysql client command.
mysql> quit

---

On orchestration server:

openstack-config --set /etc/heat/heat.conf DEFAULT sql_connection mysql://heat:PASS@IP/heat

runuser -s /bin/sh heat -c "heat-manage db_sync"

Comment 5 Fabio Massimo Di Nitto 2014-01-06 10:28:07 UTC

Jeff: thanks, this appears to be working fine.

As extra note, the yum invocation on section 16.1 must be updated as well packaging dependencies.

# yum install openstack-heat-* python-heatclient -y

will results in:

[root@fab3 ~]# openstack-config --set /etc/heat/heat.conf DEFAULT sql_connection mysql://heat:heattest.139.56/heat
-bash: openstack-config: command not found

so either one of the heat packages should Requires: openstack-config or the doc needs fixing.

then:

[root@fab3 ~]# runuser -s /bin/sh heat -c "heat-manage db_sync"
ERROR: No module named MySQLdb

yum install MySQL-python

fixes it. This should be addressed only in the package providing heat-manage. heat-manage requires mysql-python and that dependency should be expressed properly.

Comment 6 Fabio Massimo Di Nitto 2014-01-06 11:14:48 UTC

Some more notes on configuring heat from the docs.

Docs are missing a section on how to setup qpid bits in heat.conf. All other services (for example glance) have a section (pretty much copy/paste around) on how to point a config to a certain qpidd instance.

Example:

openstack-config --set /etc/heat/heat.conf DEFAULT qpid_hostname IPADDR_OF_QPID_INSTANCE

--

Section 16.3 points to an incorrect init script:

16.3. Launching the Orchestration Service

...

 openstack-heat-api-engine 

the init script is:

[root@fab3 ~]# /etc/init.d/openstack-heat-engine 

so -api- needs to be dropped for that service.

Comment 7 Fabio Massimo Di Nitto 2014-01-06 13:47:17 UTC

Section 16.2.3 has wrong commands for creating endpoints.

All url should be prefixed with http://

Example:

[root@fab4 ~(keystone_admin)]# keystone endpoint-create --service_id c7b72143a1414af3938753b3686f8d7e --publicurl "http://10.16.139.66:8000/v1" --adminurl "http://10.16.139.66:8000/v1" --internalurl "http://10.16.139.66:8000/v1"

Comment 10 Steven Dake 2014-01-06 19:07:53 UTC

Don,

Our shipped documentation references an unsupported developer tool (heat-db-setup) and doesn't match the other components relating to database setup.  Could you take the contents of Comment #4 and integrate it into the documentation?

Comment 11 Steven Dake 2014-01-06 19:13:15 UTC

Don,

Correction to Comment #10.  The following issues were found in the documentation:

https://bugzilla.redhat.com/show_bug.cgi?id=1048035#c5
https://bugzilla.redhat.com/show_bug.cgi?id=1048035#c6
https://bugzilla.redhat.com/show_bug.cgi?id=1048035#c7