1 # ============LICENSE_START==========================================
2 # ===================================================================
3 # Copyright (c) 2018 AT&T
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 #============LICENSE_END============================================
18 tosca_definitions_version: cloudify_dsl_1_3
21 - http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml
22 - http://www.getcloudify.org/spec/openstack-plugin/2.7.4/plugin.yaml
23 - http://www.getcloudify.org/spec/utilities-plugin/1.5.2/plugin.yaml
24 - http://www.getcloudify.org/spec/fabric-plugin/1.5.1/plugin.yaml
25 - imports/manager-configuration.yaml
33 description: OS_USERNAME as specified in Openstack RC file.
36 description: Openstack user password.
39 description: OS_TENANT_NAME as specified in Openstack RC file.
42 description: OS_AUTH_URL as specified in Openstack RC file.
45 description: OS_REGION_NAME as specified in Openstack RC file.
47 external_network_name:
48 description: Openstack tenant external network name.
54 default: cfy-manager-key-os
57 default: cfy-agent-key-os
60 default: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
63 default: [8.8.4.4, 8.8.8.8]
65 public_network_subnet_cidr:
66 default: 192.168.120.0/24
68 public_network_subnet_allocation_pools:
70 - start: 192.168.120.2
73 private_network_subnet_cidr:
74 default: 192.168.121.0/24
76 private_network_subnet_allocation_pools:
78 - start: 192.168.121.2
87 cloudify_image_username:
98 Resolving the IP for manager setup.
99 default: { get_attribute: [ cloudify_host, ip ] }
103 Resolving the IP for manager setup.
104 default: { get_attribute: [ public_network_subnet_port_fip, floating_ip_address ] }
108 key, value pairs of secrets used in AWS blueprint examples.
110 - key: keystone_username
111 value: { get_input: username }
112 - key: keystone_password
113 value: { get_input: keystone_password }
114 - key: keystone_tenant_name
115 value: { get_input: tenant_name }
117 value: { get_input: auth_url }
119 value: { get_input: region }
120 - key: keystone_region
121 value: { get_input: region }
122 - key: external_network_name
123 value: { get_property: [ external_network, resource_id ] }
125 value: { get_attribute: [ public_network_router, external_name ] }
126 - key: public_network_name
127 value: { get_attribute: [ public_network, external_name ] }
128 - key: private_network_name
129 value: { get_attribute: [ private_network, external_name ] }
130 - key: public_subnet_name
131 value: { get_attribute: [ public_network_subnet, external_name ] }
132 - key: private_subnet_name
133 value: { get_attribute: [ private_network_subnet, external_name ] }
134 - key: ubuntu_trusty_image
135 value: { get_input: ubuntu_trusty_image }
136 - key: centos_core_image
137 value: { get_input: centos_core_image }
138 - key: small_image_flavor
139 value: { get_input: small_image_flavor }
140 - key: large_image_flavor
141 value: { get_input: large_image_flavor }
142 - key: agent_key_public
143 value: { get_attribute: [ agent_key, public_key_export ] }
144 - key: agent_key_private
145 value: { get_attribute: [ agent_key, private_key_export ] }
149 client_config: &client_config
150 username: { get_input: username }
151 password: { get_input: keystone_password }
152 tenant_name: { get_input: tenant_name }
153 auth_url: { get_input: auth_url }
154 region: { get_input: region }
159 type: cloudify.keys.nodes.RSAKey
162 public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name }, '.pub' ] }
163 private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
165 use_secret_store: false
166 key_name: { get_input: manager_key_name }
168 cloudify.interfaces.lifecycle:
170 implementation: keys.cloudify_ssh_key.operations.create
172 store_private_key_material: true
175 type: cloudify.keys.nodes.RSAKey
178 public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name }, '.pub' ] }
179 private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name } ] }
181 use_secret_store: false
182 key_name: { get_input: agent_key_name }
184 cloudify.interfaces.lifecycle:
186 implementation: keys.cloudify_ssh_key.operations.create
188 store_private_key_material: true
191 type: cloudify.openstack.nodes.Network
193 openstack_config: *client_config
194 use_external_resource: true
195 resource_id: { get_input: external_network_name }
197 public_network_subnet_port_fip:
198 type: cloudify.openstack.nodes.FloatingIP
200 openstack_config: *client_config
202 floating_network_name: { get_input: external_network_name }
205 type: cloudify.openstack.nodes.Network
207 openstack_config: *client_config
210 type: cloudify.openstack.nodes.Network
212 openstack_config: *client_config
214 public_network_router:
215 type: cloudify.openstack.nodes.Router
217 openstack_config: *client_config
219 - type: cloudify.relationships.connected_to
220 target: external_network
222 public_network_subnet:
223 type: cloudify.openstack.nodes.Subnet
225 openstack_config: *client_config
228 cidr: { get_input: public_network_subnet_cidr }
229 dns_nameservers: { get_input: nameservers }
230 allocation_pools: { get_input: public_network_subnet_allocation_pools }
232 - type: cloudify.relationships.contained_in
233 target: public_network
234 - type: cloudify.openstack.subnet_connected_to_router
235 target: public_network_router
237 private_network_subnet:
238 type: cloudify.openstack.nodes.Subnet
240 openstack_config: *client_config
243 cidr: { get_input: private_network_subnet_cidr }
244 dns_nameservers: { get_input: nameservers }
245 allocation_pools: { get_input: private_network_subnet_allocation_pools }
247 - type: cloudify.relationships.contained_in
248 target: private_network
249 - type: cloudify.openstack.subnet_connected_to_router
250 target: public_network_router
252 cloudify_security_group:
253 type: cloudify.openstack.nodes.SecurityGroup
255 openstack_config: *client_config
257 - remote_ip_prefix: 0.0.0.0/0
261 - remote_ip_prefix: 0.0.0.0/0
265 - remote_ip_prefix: 0.0.0.0/0
269 - remote_ip_prefix: 0.0.0.0/0
273 - remote_ip_prefix: 0.0.0.0/0
277 - remote_ip_prefix: 0.0.0.0/0
281 - remote_ip_prefix: 0.0.0.0/0
285 - remote_ip_prefix: 0.0.0.0/0
289 - remote_ip_prefix: 0.0.0.0/0
293 - remote_ip_prefix: 0.0.0.0/0
294 port_range_min: 15432
295 port_range_max: 15432
297 - remote_ip_prefix: 0.0.0.0/0
298 port_range_min: 22000
299 port_range_max: 22000
301 - remote_ip_prefix: 0.0.0.0/0
302 port_range_min: 53229
303 port_range_max: 53229
305 - remote_ip_prefix: 0.0.0.0/0
306 port_range_min: 53333
307 port_range_max: 53333
309 - remote_ip_prefix: 0.0.0.0/0
310 port_range_min: 30000
311 port_range_max: 40000
314 public_network_subnet_port:
315 type: cloudify.openstack.nodes.Port
317 openstack_config: *client_config
319 - type: cloudify.relationships.contained_in
320 target: public_network
321 - type: cloudify.relationships.depends_on
322 target: public_network_subnet
323 - type: cloudify.openstack.port_connected_to_security_group
324 target: cloudify_security_group
325 - type: cloudify.openstack.port_connected_to_floating_ip
326 target: public_network_subnet_port_fip
328 private_network_subnet_port:
329 type: cloudify.openstack.nodes.Port
331 openstack_config: *client_config
333 - type: cloudify.relationships.contained_in
334 target: private_network
335 - type: cloudify.relationships.depends_on
336 target: private_network_subnet
337 - type: cloudify.openstack.port_connected_to_security_group
338 target: cloudify_security_group
340 cloudify_host_cloud_config:
341 type: cloudify.nodes.CloudInit.CloudConfig
343 cloudify.interfaces.lifecycle:
348 - name: { get_input: cloudify_image_username }
351 sudo: ['ALL=(ALL) NOPASSWD:ALL']
353 - { get_attribute: [ manager_key, public_key_export ] }
357 - { concat: [ 'usermod -aG wheel ', { get_input: cloudify_image_username } ] }
358 - yum install -y python-backports-ssl_match_hostname python-setuptools python-backports
359 - { concat: [ 'wget http://storage.googleapis.com/kubernetes-helm/helm-', { get_input: helm_version }, -linux-amd64.tar.gz ] }
360 - { concat: [ 'tar -zxvf helm-', { get_input: helm_version }, '-linux-amd64.tar.gz' ] }
361 - mv linux-amd64/helm /usr/bin/helm
363 - type: cloudify.relationships.depends_on
365 - type: cloudify.relationships.depends_on
366 target: public_network_subnet_port
367 - type: cloudify.relationships.depends_on
368 target: private_network_subnet_port
371 type: cloudify.openstack.nodes.Server
373 openstack_config: *client_config
378 image: { get_input: centos_core_image }
379 flavor: { get_input: large_image_flavor }
381 cloudify.interfaces.lifecycle:
385 image: { get_input: centos_core_image }
386 flavor: { get_input: large_image_flavor }
387 userdata: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] }
389 - port-id: { get_attribute: [ public_network_subnet_port, external_id ] }
390 # - port-id: { get_attribute: [ private_network_subnet_port, external_id ] }
392 # Implicitly dependent on ports.
393 - type: cloudify.relationships.depends_on
394 target: cloudify_host_cloud_config
399 value: { get_input: public_ip }