commit | author | age
|
b1c0bd
|
1 |
heat_template_version: 2018-03-02 |
SB |
2 |
|
|
3 |
description: Top level HOT for creating new project, network resources, and instances. This template relies on ResourceGroups and a nested template that is called to provision instances, ports, & floating IPs. |
|
4 |
|
|
5 |
resources: |
|
6 |
|
|
7 |
{{ guid }}-infra_key: |
|
8 |
type: OS::Nova::KeyPair |
|
9 |
properties: |
|
10 |
name: {{ guid }}-infra_key |
|
11 |
save_private_key: true |
|
12 |
|
|
13 |
{{ guid }}-project_user: |
|
14 |
type: OS::Keystone::User |
|
15 |
properties: |
|
16 |
name: {{ guid }}-user |
|
17 |
password: {{ heat_user_password }} |
|
18 |
domain: Default |
|
19 |
|
|
20 |
{{ guid }}-project_role_user: |
|
21 |
type: OS::Keystone::UserRoleAssignment |
|
22 |
properties: |
|
23 |
user: { get_resource: {{ guid }}-project_user } |
|
24 |
roles: |
|
25 |
- {project: {{ osp_project_name }}, role: _member_ } |
|
26 |
depends_on: |
|
27 |
- {{ guid }}-project_user |
|
28 |
|
|
29 |
{% for network in networks %} |
|
30 |
{{ network['name'] }}-network: |
|
31 |
type: OS::Neutron::Net |
|
32 |
properties: |
|
33 |
name: "{{ guid }}-{{ network['name'] }}-network" |
|
34 |
shared: {{ network['shared'] }} |
|
35 |
|
|
36 |
{{ network['name'] }}-subnet: |
|
37 |
type: OS::Neutron::Subnet |
|
38 |
properties: |
|
39 |
name: "{{ guid }}-{{ network['name'] }}-subnet" |
|
40 |
network_id: { get_resource: {{ network['name'] }}-network } |
|
41 |
{% if network['dns_nameservers'] is defined %} |
|
42 |
dns_nameservers: {{ network['dns_nameservers'] }} |
|
43 |
{% endif %} |
|
44 |
cidr: {{ network['subnet_cidr'] }} |
|
45 |
gateway_ip: {{ network['gateway_ip'] }} |
|
46 |
allocation_pools: |
|
47 |
- start: {{ network['allocation_start'] }} |
|
48 |
end: {{ network['allocation_end'] }} |
|
49 |
|
|
50 |
{% if network['create_router'] %} |
|
51 |
{{ network['name'] }}-router: |
|
52 |
type: OS::Neutron::Router |
|
53 |
properties: |
|
54 |
name: "{{ guid }}-{{ network['name'] }}-router" |
|
55 |
external_gateway_info: |
|
56 |
network: "{{ provider_network }}" |
|
57 |
|
|
58 |
{{ network['name'] }}-router_private_interface: |
|
59 |
type: OS::Neutron::RouterInterface |
|
60 |
properties: |
|
61 |
router: { get_resource: {{ network['name'] }}-router } |
|
62 |
subnet: { get_resource: {{ network['name'] }}-subnet } |
|
63 |
{% endif %} |
|
64 |
{% endfor %} |
|
65 |
|
|
66 |
{% for security_group in security_groups %} |
|
67 |
{{ security_group['name'] }}: |
|
68 |
type: OS::Neutron::SecurityGroup |
|
69 |
properties: |
|
70 |
name: {{ guid }}-{{ security_group['name'] }} |
|
71 |
{% if security_group['description'] is defined %} |
|
72 |
description: "{{ security_group['description'] }}" |
|
73 |
{% endif %} |
|
74 |
|
|
75 |
{% for rule in security_group.rules %} |
|
76 |
{% if rule['name'] is defined %} |
|
77 |
{{ security_group['name'] }}-rule_{{ rule['name'] }}: |
|
78 |
{% else %} |
|
79 |
{{ security_group['name'] }}-rule_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}: |
|
80 |
{% endif %} |
|
81 |
type: OS::Neutron::SecurityGroupRule |
|
82 |
properties: |
|
83 |
security_group: { get_resource: {{ security_group['name'] }} } |
|
84 |
direction: {{ rule['direction'] }} |
|
85 |
protocol: {{ rule['protocol'] }} |
|
86 |
{% if rule['description'] is defined %} |
|
87 |
description: {{ rule['description'] }} |
|
88 |
{% endif %} |
|
89 |
{% if rule['port_range_min'] is defined %} |
|
90 |
port_range_min: {{ rule['port_range_min'] }} |
|
91 |
{% endif %} |
|
92 |
{% if rule['port_range_max'] is defined %} |
|
93 |
port_range_max: {{ rule['port_range_max'] }} |
|
94 |
{% endif %} |
|
95 |
{% if rule['remote_ip_prefix'] is defined %} |
|
96 |
remote_ip_prefix: {{ rule['remote_ip_prefix'] }} |
|
97 |
{% endif %} |
|
98 |
{% if rule['remote_group'] is defined %} |
|
99 |
remote_group: { get_resource: {{ rule['remote_group'] }} } |
|
100 |
{% endif %} |
|
101 |
depends_on: {{ security_group['name'] }} |
|
102 |
{% endfor %} |
|
103 |
{% endfor %} |
|
104 |
|
|
105 |
{% for instance in instances %} |
|
106 |
{{instance['name']}}: |
|
107 |
type: OS::Heat::ResourceGroup |
|
108 |
properties: |
|
109 |
count: {{ instance['count'] }} |
|
110 |
resource_def: |
|
111 |
type: {{ heat_nested_template }} |
|
112 |
properties: |
|
113 |
network_private: { get_resource: {{ instance['network'] }}-network } |
|
114 |
volume_size: {{ instance['rootfs_size'] | default(osp_default_rootfs_size) }} |
|
115 |
key_name: { get_resource: {{ guid }}-infra_key } |
|
116 |
security_groups: |
|
117 |
{% for security_group in instance.security_groups %} |
|
118 |
- {{ guid }}-{{ security_group }} |
|
119 |
{% endfor %} |
|
120 |
provider_network: {{ provider_network}} |
|
121 |
{% if instance['count'] > 1 %} |
|
122 |
instance_name: {{ instance['name'] }}_%index% |
|
123 |
{% else %} |
|
124 |
instance_name: {{ instance['name'] }} |
|
125 |
{% endif %} |
|
126 |
instance_flavor: {{ instance['flavor'].osp }} |
|
127 |
instance_image: {{ instance['image_id'] }} |
|
128 |
{% if instance.floating_ip %} |
|
129 |
instance_fip: true |
|
130 |
{% else %} |
|
131 |
instance_fip: false |
|
132 |
{% endif %} |
|
133 |
instance_metadata: |
|
134 |
guid: "{{ guid }}" |
|
135 |
env_type: "{{ env_type }}" |
|
136 |
{% if instance['metadata'] %} |
|
137 |
{% for data in instance['metadata'] %} |
|
138 |
{% for key, value in data.items() %} |
|
139 |
{{ key }}: {{ value }} |
|
140 |
{% endfor %} |
|
141 |
{% endfor %} |
|
142 |
{% endif %} |
|
143 |
depends_on: |
|
144 |
- {{ instance['network'] }}-router_private_interface |
|
145 |
{% for security_group in instance.security_groups %} |
|
146 |
- {{ security_group }} |
|
147 |
{% endfor %} |
|
148 |
{% endfor %} |
|
149 |
|
|
150 |
{% if openshift_fip_provision %} |
|
151 |
ocp_api_fip: |
|
152 |
type: OS::Neutron::FloatingIP |
|
153 |
properties: |
|
154 |
floating_network: "{{ provider_network }}" |
|
155 |
|
|
156 |
ocp_ingress_fip: |
|
157 |
type: OS::Neutron::FloatingIP |
|
158 |
properties: |
|
159 |
floating_network: "{{ provider_network }}" |
|
160 |
{% endif %} |
|
161 |
|
|
162 |
outputs: |
|
163 |
|
|
164 |
{{ guid }}-infra_key: |
|
165 |
description: The SSH infra key |
|
166 |
value: { get_attr: [ {{ guid }}-infra_key, private_key ] } |
|
167 |
|
|
168 |
{% if openshift_fip_provision %} |
|
169 |
ocp_api_fip: |
|
170 |
description: The floating IP of the OpenShift API |
|
171 |
value: { get_attr: [ ocp_api_fip, floating_ip_address ] } |
|
172 |
|
|
173 |
ocp_ingress_fip: |
|
174 |
description: The floating IP of the OpenShift ingress |
|
175 |
value: { get_attr: [ ocp_ingress_fip, floating_ip_address ] } |
|
176 |
{% endif %} |