This post accompanies my article on the Docker plugin for Heat.

In order for WaitCondition resources to operate correctly in Heat, you will need to make sure that that you have:

  • Created the necessary Heat domain and administrative user in Keystone,
  • Configured appropriate values in heat.conf for stack_user_domain, stack_domain_admin, and stack_domain_admin_password.
  • Configured an appropriate value in heat.conf for heat_waitcondition_server_url. On a single-system install this will often be pointed by default at, which, hopefully for obvious reasons, won’t be of any use to your Nova servers.
  • Enabled the heat-api-cfn service,
  • Configured your firewall to permit access to the CFN service (which runs on port 8000).

Steve Hardy has a blog post on stack domain users that goes into detail on configuring authentication for Heat and Keystone.