| commit | author | age | ||
| b1c0bd | 1 | heat_template_version: 2018-03-02 |
| SB | 2 | |
| 3 | description: Top level HOT for creating new project, network resources, and instances. This template relies on ResourceGroups and a nested template that is called to provision instances, ports, & floating IPs. | |
| 4 | ||
| 5 | resources: | |
| 6 | ||
| 7 | {{ guid }}-infra_key: | |
| 8 | type: OS::Nova::KeyPair | |
| 9 | properties: | |
| 10 | name: {{ guid }}-infra_key | |
| 11 | save_private_key: true | |
| 12 | ||
| 13 | {{ guid }}-project_user: | |
| 14 | type: OS::Keystone::User | |
| 15 | properties: | |
| 16 | name: {{ guid }}-user | |
| 17 | password: {{ heat_user_password }} | |
| 18 | domain: Default | |
| 19 | ||
| 20 | {{ guid }}-project_role_user: | |
| 21 | type: OS::Keystone::UserRoleAssignment | |
| 22 | properties: | |
| 23 | user: { get_resource: {{ guid }}-project_user } | |
| 24 | roles: | |
| 25 | - {project: {{ osp_project_name }}, role: _member_ } | |
| 26 | depends_on: | |
| 27 | - {{ guid }}-project_user | |
| 28 | ||
| 29 | {% for network in networks %} | |
| 30 | {{ network['name'] }}-network: | |
| 31 | type: OS::Neutron::Net | |
| 32 | properties: | |
| 33 | name: "{{ guid }}-{{ network['name'] }}-network" | |
| 34 | shared: {{ network['shared'] }} | |
| 35 | ||
| 36 | {{ network['name'] }}-subnet: | |
| 37 | type: OS::Neutron::Subnet | |
| 38 | properties: | |
| 39 | name: "{{ guid }}-{{ network['name'] }}-subnet" | |
| 40 | network_id: { get_resource: {{ network['name'] }}-network } | |
| 41 | {% if network['dns_nameservers'] is defined %} | |
| 42 | dns_nameservers: {{ network['dns_nameservers'] }} | |
| 43 | {% endif %} | |
| 44 | cidr: {{ network['subnet_cidr'] }} | |
| 45 | gateway_ip: {{ network['gateway_ip'] }} | |
| 46 | allocation_pools: | |
| 47 | - start: {{ network['allocation_start'] }} | |
| 48 | end: {{ network['allocation_end'] }} | |
| 49 | ||
| 50 | {% if network['create_router'] %} | |
| 51 | {{ network['name'] }}-router: | |
| 52 | type: OS::Neutron::Router | |
| 53 | properties: | |
| 54 | name: "{{ guid }}-{{ network['name'] }}-router" | |
| 55 | external_gateway_info: | |
| 56 | network: "{{ provider_network }}" | |
| 57 | ||
| 58 | {{ network['name'] }}-router_private_interface: | |
| 59 | type: OS::Neutron::RouterInterface | |
| 60 | properties: | |
| 61 | router: { get_resource: {{ network['name'] }}-router } | |
| 62 | subnet: { get_resource: {{ network['name'] }}-subnet } | |
| 63 | {% endif %} | |
| 64 | {% endfor %} | |
| 65 | ||
| 66 | {% for security_group in security_groups %} | |
| 67 | {{ security_group['name'] }}: | |
| 68 | type: OS::Neutron::SecurityGroup | |
| 69 | properties: | |
| 70 | name: {{ guid }}-{{ security_group['name'] }} | |
| 71 | {% if security_group['description'] is defined %} | |
| 72 | description: "{{ security_group['description'] }}" | |
| 73 | {% endif %} | |
| 74 | ||
| 75 | {% for rule in security_group.rules %} | |
| 76 | {% if rule['name'] is defined %} | |
| 77 | {{ security_group['name'] }}-rule_{{ rule['name'] }}: | |
| 78 | {% else %} | |
| 79 | {{ security_group['name'] }}-rule_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}: | |
| 80 | {% endif %} | |
| 81 | type: OS::Neutron::SecurityGroupRule | |
| 82 | properties: | |
| 83 | security_group: { get_resource: {{ security_group['name'] }} } | |
| 84 | direction: {{ rule['direction'] }} | |
| 85 | protocol: {{ rule['protocol'] }} | |
| 86 | {% if rule['description'] is defined %} | |
| 87 | description: {{ rule['description'] }} | |
| 88 | {% endif %} | |
| 89 | {% if rule['port_range_min'] is defined %} | |
| 90 | port_range_min: {{ rule['port_range_min'] }} | |
| 91 | {% endif %} | |
| 92 | {% if rule['port_range_max'] is defined %} | |
| 93 | port_range_max: {{ rule['port_range_max'] }} | |
| 94 | {% endif %} | |
| 95 | {% if rule['remote_ip_prefix'] is defined %} | |
| 96 | remote_ip_prefix: {{ rule['remote_ip_prefix'] }} | |
| 97 | {% endif %} | |
| 98 | {% if rule['remote_group'] is defined %} | |
| 99 | remote_group: { get_resource: {{ rule['remote_group'] }} } | |
| 100 | {% endif %} | |
| 101 | depends_on: {{ security_group['name'] }} | |
| 102 | {% endfor %} | |
| 103 | {% endfor %} | |
| 104 | ||
| 105 | {% for instance in instances %} | |
| 106 | {{instance['name']}}: | |
| 107 | type: OS::Heat::ResourceGroup | |
| 108 | properties: | |
| 109 | count: {{ instance['count'] }} | |
| 110 | resource_def: | |
| 111 | type: {{ heat_nested_template }} | |
| 112 | properties: | |
| 113 | network_private: { get_resource: {{ instance['network'] }}-network } | |
| 114 | volume_size: {{ instance['rootfs_size'] | default(osp_default_rootfs_size) }} | |
| 115 | key_name: { get_resource: {{ guid }}-infra_key } | |
| 116 | security_groups: | |
| 117 | {% for security_group in instance.security_groups %} | |
| 118 | - {{ guid }}-{{ security_group }} | |
| 119 | {% endfor %} | |
| 120 | provider_network: {{ provider_network}} | |
| 121 | {% if instance['count'] > 1 %} | |
| 122 | instance_name: {{ instance['name'] }}_%index% | |
| 123 | {% else %} | |
| 124 | instance_name: {{ instance['name'] }} | |
| 125 | {% endif %} | |
| 126 | instance_flavor: {{ instance['flavor'].osp }} | |
| 127 | instance_image: {{ instance['image_id'] }} | |
| 128 | {% if instance.floating_ip %} | |
| 129 | instance_fip: true | |
| 130 | {% else %} | |
| 131 | instance_fip: false | |
| 132 | {% endif %} | |
| 133 | instance_metadata: | |
| 134 | guid: "{{ guid }}" | |
| 135 | env_type: "{{ env_type }}" | |
| 136 | {% if instance['metadata'] %} | |
| 137 | {% for data in instance['metadata'] %} | |
| 138 | {% for key, value in data.items() %} | |
| 139 | {{ key }}: {{ value }} | |
| 140 | {% endfor %} | |
| 141 | {% endfor %} | |
| 142 | {% endif %} | |
| 143 | depends_on: | |
| 144 | - {{ instance['network'] }}-router_private_interface | |
| 145 | {% for security_group in instance.security_groups %} | |
| 146 | - {{ security_group }} | |
| 147 | {% endfor %} | |
| 148 | {% endfor %} | |
| 149 | ||
| 150 | {% if openshift_fip_provision %} | |
| 151 | ocp_api_fip: | |
| 152 | type: OS::Neutron::FloatingIP | |
| 153 | properties: | |
| 154 | floating_network: "{{ provider_network }}" | |
| 155 | ||
| 156 | ocp_ingress_fip: | |
| 157 | type: OS::Neutron::FloatingIP | |
| 158 | properties: | |
| 159 | floating_network: "{{ provider_network }}" | |
| 160 | {% endif %} | |
| 161 | ||
| 162 | outputs: | |
| 163 | ||
| 164 | {{ guid }}-infra_key: | |
| 165 | description: The SSH infra key | |
| 166 | value: { get_attr: [ {{ guid }}-infra_key, private_key ] } | |
| 167 | ||
| 168 | {% if openshift_fip_provision %} | |
| 169 | ocp_api_fip: | |
| 170 | description: The floating IP of the OpenShift API | |
| 171 | value: { get_attr: [ ocp_api_fip, floating_ip_address ] } | |
| 172 | ||
| 173 | ocp_ingress_fip: | |
| 174 | description: The floating IP of the OpenShift ingress | |
| 175 | value: { get_attr: [ ocp_ingress_fip, floating_ip_address ] } | |
| 176 | {% endif %} | |
