Skip to main content

Overview

The Orchestration service is configured through XDeploy global variables and service-specific configuration files. Key configuration areas include the stack domain (used for trust delegation), engine worker settings, quota defaults, and integration with the CloudWatch-compatible alarm endpoint.
Administrator Access Required — This operation requires the admin role. Contact your Xloud administrator if you do not have sufficient permissions.

Key Configuration Options

The following settings control core Orchestration service behavior. All settings are managed through XDeploy.
SettingDefaultDescription
enable_heat"no"Enable the Orchestration service
heat_engine_workers4Number of engine worker processes per controller node
heat_api_workers4Number of API worker processes per controller node
heat_max_stacks_per_tenant100Maximum stacks per project
heat_max_resources_per_stack1000Maximum resources in a single stack
heat_max_nested_stack_depth5Maximum depth for nested stack hierarchies
heat_convergence_enginetrueEnable convergence mode for parallel resource provisioning
heat_default_deployment_signal_transportCFN_SIGNALDefault signal transport for WaitCondition resources
Enable the Orchestration service by setting enable_heat: "yes" in /etc/xavs/globals.d/_50_orchestration.yml and running xavs-ansible deploy -t heat.

Enable the Service

Navigate to Configuration

In XDeploy, navigate to Configuration → Services → Orchestration.

Enable the service

Set Enable Orchestration to Yes and configure the engine worker count appropriate for your controller node capacity (typically 2–4 workers per CPU core).

Apply configuration

Click Save and then Deploy → Orchestration to apply the configuration.
The Orchestration API is accessible at http://<controller-ip>:8004/v1.

Stack Domain Setup

The stack domain is a dedicated Xloud Identity domain used for trust delegation. When a template creates resources that require credentials (e.g., WaitCondition signals, auto-scaling webhooks), the engine uses a stack domain user — scoped to the stack’s project — rather than the submitting user’s credentials.
The stack domain must be configured before deploying stacks that use WaitCondition or scaling policy resources. Stacks using only basic compute and network resources do not require the stack domain.
Stack domain configuration is handled automatically by XDeploy during the Orchestration deployment. The following variables control the domain:
SettingDescription
heat_domain_nameName of the stack domain in Xloud Identity (default: heat)
heat_domain_adminAdmin user for the stack domain
heat_domain_admin_passwordPassword for the stack domain admin (stored in passwords.yml)

Default Quotas

Orchestration quotas limit per-project resource consumption. Defaults are set cluster-wide; you can override them per-project.
QuotaDefaultDescription
stacks100Maximum stacks per project
resources1000Maximum resources across all stacks per project
Navigate to Admin → System → Defaults → Update Defaults to adjust global quota defaults. For per-project overrides, navigate to Admin → Identity → Projects, select a project, and click Modify Quotas.

Next Steps

Scaling the Service

Configure multiple engine workers for high-throughput deployments

Security

Stack domain trust, policy configuration, and template injection prevention

Architecture

Understand service components and request processing flow

Admin Troubleshooting

Diagnose configuration errors and engine startup failures