| commit | author | age | ||
| 8d2e2d | 1 | #jinja2: lstrip_blocks: "True" |
| ME | 2 | --- |
| 3 | heat_template_version: 2018-03-02 | |
| 4 | ||
| 5 | description: >- | |
| 6 | Top level HOT for creating new project, network resources and instances. | |
| 7 | This template relies on ResourceGroups and a nested template that is | |
| 8 | called to provision instances, ports, & floating IPs. | |
| 9 | ||
| 10 | resources: | |
| 11 | ||
| 12 | {{ guid }}-infra_key: | |
| 13 | type: OS::Nova::KeyPair | |
| 14 | properties: | |
| 15 | name: {{ guid }}-infra_key | |
| 16 | save_private_key: true | |
| 17 | ||
| 18 | {% if osp_project_create | bool %} | |
| 19 | {{ guid }}-project_user: | |
| 20 | type: OS::Keystone::User | |
| 21 | properties: | |
| 22 | name: {{ guid }}-user | |
| 23 | password: {{ heat_user_password }} | |
| 24 | domain: Default | |
| 25 | ||
| 26 | {{ guid }}-project_role_user: | |
| 27 | type: OS::Keystone::UserRoleAssignment | |
| 28 | properties: | |
| 29 | user: {get_resource: {{ guid }}-project_user} | |
| 30 | roles: | |
| 31 | - {project: {{ osp_project_name }}, role: _member_} | |
| 32 | - {project: {{ osp_project_name }}, role: swiftoperator} | |
| 33 | depends_on: | |
| 34 | - {{ guid }}-project_user | |
| 35 | {% endif %} | |
| 36 | ||
| 37 | {% for network in networks %} | |
| 38 | {{ network['name'] }}-network: | |
| 39 | type: OS::Neutron::Net | |
| 40 | properties: | |
| 41 | name: "{{ guid }}-{{ network['name'] }}-network" | |
| 42 | shared: {{ network['shared'] }} | |
| 43 | ||
| 44 | {{ network['name'] }}-subnet: | |
| 45 | type: OS::Neutron::Subnet | |
| 46 | properties: | |
| 47 | name: "{{ guid }}-{{ network['name'] }}-subnet" | |
| 48 | network_id: {get_resource: {{ network['name'] }}-network} | |
| 49 | {% if network['dns_nameservers'] is defined %} | |
| 50 | dns_nameservers: [{{ network['dns_nameservers'] | list | join(",") }}] | |
| 51 | {% endif %} | |
| 52 | cidr: {{ network['subnet_cidr'] }} | |
| 53 | gateway_ip: {{ network['gateway_ip'] }} | |
| 54 | allocation_pools: | |
| 55 | - start: {{ network['allocation_start'] }} | |
| 56 | end: {{ network['allocation_end'] }} | |
| 57 | ||
| 58 | {% if network['create_router'] %} | |
| 59 | {{ network['name'] }}-router: | |
| 60 | type: OS::Neutron::Router | |
| 61 | properties: | |
| 62 | name: "{{ guid }}-{{ network['name'] }}-router" | |
| 63 | external_gateway_info: | |
| 64 | network: "{{ provider_network }}" | |
| 65 | ||
| 66 | {{ network['name'] }}-router_private_interface: | |
| 67 | type: OS::Neutron::RouterInterface | |
| 68 | properties: | |
| 69 | router: {get_resource: {{ network['name'] }}-router} | |
| 70 | subnet: {get_resource: {{ network['name'] }}-subnet} | |
| 71 | {% endif %} | |
| 72 | {% endfor %} | |
| 73 | ||
| 74 | ################### | |
| 75 | # Security groups # | |
| 76 | ################### | |
| 77 | {% for security_group in security_groups | list + default_security_groups | list %} | |
| 78 | {{ security_group['name'] }}: | |
| 79 | type: OS::Neutron::SecurityGroup | |
| 80 | properties: | |
| 81 | name: {{ guid }}-{{ security_group['name'] }} | |
| 82 | {% if security_group['description'] is defined %} | |
| 83 | description: "{{ security_group['description'] }}" | |
| 84 | {% endif %} | |
| 85 | ||
| 86 | {% for rule in security_group.rules %} | |
| 87 | {% if rule['name'] is defined %} | |
| 88 | {{ guid }}-{{ security_group['name'] }}-rule_{{ rule['name'] }}: | |
| 89 | {% else %} | |
| 90 | {{ guid }}-{{ security_group['name'] }}-rule_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}: | |
| 91 | {% endif %} | |
| 92 | type: OS::Neutron::SecurityGroupRule | |
| 93 | properties: | |
| 94 | security_group: {get_resource: {{ security_group['name'] }}} | |
| 95 | direction: {{ rule['direction'] | default(rule.rule_type) | lower }} | |
| 96 | protocol: {{ rule['protocol'] | lower }} | |
| 97 | {% if rule['description'] is defined %} | |
| 98 | description: {{ rule['description'] }} | |
| 99 | {% endif %} | |
| 100 | {% if rule['port_range_min'] is defined or | |
| 101 | rule.from_port is defined %} | |
| 102 | port_range_min: {{ rule['port_range_min'] | default(rule.from_port) }} | |
| 103 | {% endif %} | |
| 104 | {% if rule['port_range_max'] is defined or | |
| 105 | rule.to_port is defined %} | |
| 106 | port_range_max: {{ rule['port_range_max'] | default(rule.to_port) }} | |
| 107 | {% endif %} | |
| 108 | {% if rule['remote_ip_prefix'] is defined or | |
| 109 | rule.cidr is defined %} | |
| 110 | remote_ip_prefix: {{ rule['remote_ip_prefix'] | default(rule.cidr) }} | |
| 111 | {% endif %} | |
| 112 | {% if rule['remote_group'] is defined or | |
| 113 | rule.from_group is defined %} | |
| 114 | remote_group: {get_resource: {{ rule['remote_group'] | default(rule.from_group) }}} | |
| 115 | {% endif %} | |
| 116 | depends_on: {{ security_group['name'] }} | |
| 117 | {% endfor %} | |
| 118 | {% endfor %} | |
| 119 | ||
| 120 | ############# | |
| 121 | # Instances # | |
| 122 | ############# | |
| 123 | {% for instance in instances %} | |
| 124 | {% for myinstanceindex in range(instance.count|int) %} | |
| 125 | {% set iname = instance.name if instance.count == 1 else [instance.name, loop.index0] | join() %} | |
| 126 | ########### {{ iname }} ########### | |
| 127 | port_{{ iname }}: | |
| 128 | type: OS::Neutron::Port | |
| 129 | properties: | |
| 130 | network: { get_resource: {{ instance['network'] | default('default') }}-network } | |
| 131 | security_groups: | |
| 132 | {% if instance.security_groups is defined %} | |
| 133 | {% for security_group in instance.security_groups %} | |
| 134 | - {get_resource: {{ security_group }}} | |
| 135 | {% endfor %} | |
| 136 | {% endif %} | |
| 137 | depends_on: | |
| 138 | - {{ instance['network'] | default('default') }}-router_private_interface | |
| 139 | ||
| 140 | ||
| 141 | {% if instance.floating_ip | default(false) or instance.public_dns | default(false) %} | |
| 142 | fip_{{ iname }}: | |
| 143 | type: OS::Neutron::FloatingIP | |
| 144 | properties: | |
| 145 | floating_network: {{ provider_network }} | |
| 146 | depends_on: | |
| 147 | - {{ instance['network'] | default('default') }}-router_private_interface | |
| 148 | ||
| 149 | fip_association_{{ iname }}: | |
| 150 | type: OS::Neutron::FloatingIPAssociation | |
| 151 | properties: | |
| 152 | floatingip_id: {get_resource: fip_{{ iname }}} | |
| 153 | port_id: {get_resource: port_{{ iname }}} | |
| 154 | {% endif %} | |
| 155 | ||
| 156 | server_{{ iname }}: | |
| 157 | type: OS::Nova::Server | |
| 158 | properties: | |
| 159 | name: {{ iname }} | |
| 160 | flavor: {{ instance.flavor.osp }} | |
| 161 | key_name: {get_resource: {{ guid }}-infra_key} | |
| 162 | ||
| 163 | block_device_mapping_v2: | |
| 164 | - image: {{ instance.image_id | default(instance.image) }} | |
| 165 | delete_on_termination: true | |
| 166 | volume_size: {{ instance['rootfs_size'] | default(osp_default_rootfs_size) }} | |
| 167 | boot_index: 0 | |
| 168 | {% if iname == "bastion" %} | |
| 3ec148 | 169 | - image: {{ instance.sofware_image_id | default("software-sap") }} |
| 8d2e2d | 170 | delete_on_termination: true |
| ME | 171 | volume_size: {{ instance['softwarefs_size'] }} |
| 172 | boot_index: -1 | |
| 173 | {% endif %} | |
| 174 | ||
| 175 | user_data: | | |
| 176 | #cloud-config | |
| 177 | ssh_authorized_keys: {{ all_ssh_authorized_keys | to_json }} | |
| 178 | user_data_format: RAW | |
| 179 | networks: | |
| 180 | - port: {get_resource: port_{{ iname }}} | |
| 181 | {% if instance['metadata'] is defined %} | |
| 182 | metadata: {{ instance.metadata | combine(default_metadata) | to_json }} | |
| 183 | {% endif %} | |
| 184 | ||
| 185 | {% if instance.tags is defined %} | |
| 186 | # Convert EC2 tags | |
| 187 | metadata: | |
| 188 | {% for key, value in default_metadata.items() %} | |
| 189 | '{{ key }}': {{ value | to_json }} | |
| 190 | {% endfor %} | |
| 191 | {% for tag in instance.tags %} | |
| 192 | '{{ tag.key }}': {{ tag.value | to_json }} | |
| 193 | {% endfor %} | |
| 194 | {% endif %} | |
| 195 | ||
| 196 | depends_on: | |
| 197 | - {{ instance['network'] | default('default') }}-router_private_interface | |
| 198 | {% if 'security_groups' in instance %} | |
| 199 | {% for security_group in instance.security_groups %} | |
| 200 | - {{ security_group }} | |
| 201 | {% endfor %} | |
| 202 | {% endif %} | |
| 203 | ||
| 204 | {% if instance.volumes is defined %} | |
| 205 | #### Volumes for {{ iname }} #### | |
| 206 | {% for volume in instance.volumes %} | |
| 207 | {% set loopvolume = loop %} | |
| 208 | {% set vname = ["volume", iname, loopvolume.index] | join('_') %} | |
| 209 | {{ vname }}: | |
| 210 | type: OS::Cinder::Volume | |
| 211 | properties: | |
| 212 | size: {{ volume.volume_size | default(volume.size) }} | |
| 213 | {% if volume.volume_name is defined %} | |
| 214 | name: {{ volume.volume_name | default(volume.name) }} | |
| 215 | {% endif %} | |
| 216 | ||
| 217 | volume_attachment_{{ vname }}: | |
| 218 | type: OS::Cinder::VolumeAttachment | |
| 219 | properties: | |
| 220 | volume_id: {get_resource: {{ vname }}} | |
| 221 | instance_uuid: {get_resource: server_{{ iname }}} | |
| 222 | {% endfor %} | |
| 223 | {% endif %} | |
| 224 | {% endfor %} | |
| 225 | {% endfor %} | |
| 226 | ||
| 227 | ||
| 228 | outputs: | |
| 229 | ||
| 230 | {{ guid }}-infra_key: | |
| 231 | description: The SSH infra key | |
| 232 | value: {get_attr: [{{ guid }}-infra_key, private_key]} | |
