commit | author | age
|
8d2e2d
|
1 |
#jinja2: lstrip_blocks: "True" |
ME |
2 |
--- |
|
3 |
heat_template_version: 2018-03-02 |
|
4 |
|
|
5 |
description: >- |
|
6 |
Top level HOT for creating new project, network resources and instances. |
|
7 |
This template relies on ResourceGroups and a nested template that is |
|
8 |
called to provision instances, ports, & floating IPs. |
|
9 |
|
|
10 |
resources: |
|
11 |
|
|
12 |
{{ guid }}-infra_key: |
|
13 |
type: OS::Nova::KeyPair |
|
14 |
properties: |
|
15 |
name: {{ guid }}-infra_key |
|
16 |
save_private_key: true |
|
17 |
|
|
18 |
{% if osp_project_create | bool %} |
|
19 |
{{ guid }}-project_user: |
|
20 |
type: OS::Keystone::User |
|
21 |
properties: |
|
22 |
name: {{ guid }}-user |
|
23 |
password: {{ heat_user_password }} |
|
24 |
domain: Default |
|
25 |
|
|
26 |
{{ guid }}-project_role_user: |
|
27 |
type: OS::Keystone::UserRoleAssignment |
|
28 |
properties: |
|
29 |
user: {get_resource: {{ guid }}-project_user} |
|
30 |
roles: |
|
31 |
- {project: {{ osp_project_name }}, role: _member_} |
|
32 |
- {project: {{ osp_project_name }}, role: swiftoperator} |
|
33 |
depends_on: |
|
34 |
- {{ guid }}-project_user |
|
35 |
{% endif %} |
|
36 |
|
|
37 |
{% for network in networks %} |
|
38 |
{{ network['name'] }}-network: |
|
39 |
type: OS::Neutron::Net |
|
40 |
properties: |
|
41 |
name: "{{ guid }}-{{ network['name'] }}-network" |
|
42 |
shared: {{ network['shared'] }} |
|
43 |
|
|
44 |
{{ network['name'] }}-subnet: |
|
45 |
type: OS::Neutron::Subnet |
|
46 |
properties: |
|
47 |
name: "{{ guid }}-{{ network['name'] }}-subnet" |
|
48 |
network_id: {get_resource: {{ network['name'] }}-network} |
|
49 |
{% if network['dns_nameservers'] is defined %} |
|
50 |
dns_nameservers: [{{ network['dns_nameservers'] | list | join(",") }}] |
|
51 |
{% endif %} |
|
52 |
cidr: {{ network['subnet_cidr'] }} |
|
53 |
gateway_ip: {{ network['gateway_ip'] }} |
|
54 |
allocation_pools: |
|
55 |
- start: {{ network['allocation_start'] }} |
|
56 |
end: {{ network['allocation_end'] }} |
|
57 |
|
|
58 |
{% if network['create_router'] %} |
|
59 |
{{ network['name'] }}-router: |
|
60 |
type: OS::Neutron::Router |
|
61 |
properties: |
|
62 |
name: "{{ guid }}-{{ network['name'] }}-router" |
|
63 |
external_gateway_info: |
|
64 |
network: "{{ provider_network }}" |
|
65 |
|
|
66 |
{{ network['name'] }}-router_private_interface: |
|
67 |
type: OS::Neutron::RouterInterface |
|
68 |
properties: |
|
69 |
router: {get_resource: {{ network['name'] }}-router} |
|
70 |
subnet: {get_resource: {{ network['name'] }}-subnet} |
|
71 |
{% endif %} |
|
72 |
{% endfor %} |
|
73 |
|
|
74 |
################### |
|
75 |
# Security groups # |
|
76 |
################### |
|
77 |
{% for security_group in security_groups | list + default_security_groups | list %} |
|
78 |
{{ security_group['name'] }}: |
|
79 |
type: OS::Neutron::SecurityGroup |
|
80 |
properties: |
|
81 |
name: {{ guid }}-{{ security_group['name'] }} |
|
82 |
{% if security_group['description'] is defined %} |
|
83 |
description: "{{ security_group['description'] }}" |
|
84 |
{% endif %} |
|
85 |
|
|
86 |
{% for rule in security_group.rules %} |
|
87 |
{% if rule['name'] is defined %} |
|
88 |
{{ guid }}-{{ security_group['name'] }}-rule_{{ rule['name'] }}: |
|
89 |
{% else %} |
|
90 |
{{ guid }}-{{ security_group['name'] }}-rule_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}: |
|
91 |
{% endif %} |
|
92 |
type: OS::Neutron::SecurityGroupRule |
|
93 |
properties: |
|
94 |
security_group: {get_resource: {{ security_group['name'] }}} |
|
95 |
direction: {{ rule['direction'] | default(rule.rule_type) | lower }} |
|
96 |
protocol: {{ rule['protocol'] | lower }} |
|
97 |
{% if rule['description'] is defined %} |
|
98 |
description: {{ rule['description'] }} |
|
99 |
{% endif %} |
|
100 |
{% if rule['port_range_min'] is defined or |
|
101 |
rule.from_port is defined %} |
|
102 |
port_range_min: {{ rule['port_range_min'] | default(rule.from_port) }} |
|
103 |
{% endif %} |
|
104 |
{% if rule['port_range_max'] is defined or |
|
105 |
rule.to_port is defined %} |
|
106 |
port_range_max: {{ rule['port_range_max'] | default(rule.to_port) }} |
|
107 |
{% endif %} |
|
108 |
{% if rule['remote_ip_prefix'] is defined or |
|
109 |
rule.cidr is defined %} |
|
110 |
remote_ip_prefix: {{ rule['remote_ip_prefix'] | default(rule.cidr) }} |
|
111 |
{% endif %} |
|
112 |
{% if rule['remote_group'] is defined or |
|
113 |
rule.from_group is defined %} |
|
114 |
remote_group: {get_resource: {{ rule['remote_group'] | default(rule.from_group) }}} |
|
115 |
{% endif %} |
|
116 |
depends_on: {{ security_group['name'] }} |
|
117 |
{% endfor %} |
|
118 |
{% endfor %} |
|
119 |
|
|
120 |
############# |
|
121 |
# Instances # |
|
122 |
############# |
|
123 |
{% for instance in instances %} |
|
124 |
{% for myinstanceindex in range(instance.count|int) %} |
|
125 |
{% set iname = instance.name if instance.count == 1 else [instance.name, loop.index0] | join() %} |
|
126 |
########### {{ iname }} ########### |
|
127 |
port_{{ iname }}: |
|
128 |
type: OS::Neutron::Port |
|
129 |
properties: |
|
130 |
network: { get_resource: {{ instance['network'] | default('default') }}-network } |
|
131 |
security_groups: |
|
132 |
{% if instance.security_groups is defined %} |
|
133 |
{% for security_group in instance.security_groups %} |
|
134 |
- {get_resource: {{ security_group }}} |
|
135 |
{% endfor %} |
|
136 |
{% endif %} |
|
137 |
depends_on: |
|
138 |
- {{ instance['network'] | default('default') }}-router_private_interface |
|
139 |
|
|
140 |
|
|
141 |
{% if instance.floating_ip | default(false) or instance.public_dns | default(false) %} |
|
142 |
fip_{{ iname }}: |
|
143 |
type: OS::Neutron::FloatingIP |
|
144 |
properties: |
|
145 |
floating_network: {{ provider_network }} |
|
146 |
depends_on: |
|
147 |
- {{ instance['network'] | default('default') }}-router_private_interface |
|
148 |
|
|
149 |
fip_association_{{ iname }}: |
|
150 |
type: OS::Neutron::FloatingIPAssociation |
|
151 |
properties: |
|
152 |
floatingip_id: {get_resource: fip_{{ iname }}} |
|
153 |
port_id: {get_resource: port_{{ iname }}} |
|
154 |
{% endif %} |
|
155 |
|
|
156 |
server_{{ iname }}: |
|
157 |
type: OS::Nova::Server |
|
158 |
properties: |
|
159 |
name: {{ iname }} |
|
160 |
flavor: {{ instance.flavor.osp }} |
|
161 |
key_name: {get_resource: {{ guid }}-infra_key} |
|
162 |
|
|
163 |
block_device_mapping_v2: |
|
164 |
- image: {{ instance.image_id | default(instance.image) }} |
|
165 |
delete_on_termination: true |
|
166 |
volume_size: {{ instance['rootfs_size'] | default(osp_default_rootfs_size) }} |
|
167 |
boot_index: 0 |
|
168 |
{% if iname == "bastion" %} |
3ec148
|
169 |
- image: {{ instance.sofware_image_id | default("software-sap") }} |
8d2e2d
|
170 |
delete_on_termination: true |
ME |
171 |
volume_size: {{ instance['softwarefs_size'] }} |
|
172 |
boot_index: -1 |
|
173 |
{% endif %} |
|
174 |
|
|
175 |
user_data: | |
|
176 |
#cloud-config |
|
177 |
ssh_authorized_keys: {{ all_ssh_authorized_keys | to_json }} |
|
178 |
user_data_format: RAW |
|
179 |
networks: |
|
180 |
- port: {get_resource: port_{{ iname }}} |
|
181 |
{% if instance['metadata'] is defined %} |
|
182 |
metadata: {{ instance.metadata | combine(default_metadata) | to_json }} |
|
183 |
{% endif %} |
|
184 |
|
|
185 |
{% if instance.tags is defined %} |
|
186 |
# Convert EC2 tags |
|
187 |
metadata: |
|
188 |
{% for key, value in default_metadata.items() %} |
|
189 |
'{{ key }}': {{ value | to_json }} |
|
190 |
{% endfor %} |
|
191 |
{% for tag in instance.tags %} |
|
192 |
'{{ tag.key }}': {{ tag.value | to_json }} |
|
193 |
{% endfor %} |
|
194 |
{% endif %} |
|
195 |
|
|
196 |
depends_on: |
|
197 |
- {{ instance['network'] | default('default') }}-router_private_interface |
|
198 |
{% if 'security_groups' in instance %} |
|
199 |
{% for security_group in instance.security_groups %} |
|
200 |
- {{ security_group }} |
|
201 |
{% endfor %} |
|
202 |
{% endif %} |
|
203 |
|
|
204 |
{% if instance.volumes is defined %} |
|
205 |
#### Volumes for {{ iname }} #### |
|
206 |
{% for volume in instance.volumes %} |
|
207 |
{% set loopvolume = loop %} |
|
208 |
{% set vname = ["volume", iname, loopvolume.index] | join('_') %} |
|
209 |
{{ vname }}: |
|
210 |
type: OS::Cinder::Volume |
|
211 |
properties: |
|
212 |
size: {{ volume.volume_size | default(volume.size) }} |
|
213 |
{% if volume.volume_name is defined %} |
|
214 |
name: {{ volume.volume_name | default(volume.name) }} |
|
215 |
{% endif %} |
|
216 |
|
|
217 |
volume_attachment_{{ vname }}: |
|
218 |
type: OS::Cinder::VolumeAttachment |
|
219 |
properties: |
|
220 |
volume_id: {get_resource: {{ vname }}} |
|
221 |
instance_uuid: {get_resource: server_{{ iname }}} |
|
222 |
{% endfor %} |
|
223 |
{% endif %} |
|
224 |
{% endfor %} |
|
225 |
{% endfor %} |
|
226 |
|
|
227 |
|
|
228 |
outputs: |
|
229 |
|
|
230 |
{{ guid }}-infra_key: |
|
231 |
description: The SSH infra key |
|
232 |
value: {get_attr: [{{ guid }}-infra_key, private_key]} |