TOSCA/cloudify-environment-setup/openstack.yaml

   1 # ============LICENSE_START==========================================
   2 # ===================================================================
   3 # Copyright (c) 2018 AT&T
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 #         http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16 #============LICENSE_END============================================
  17
  18 tosca_definitions_version: cloudify_dsl_1_3
  19
  20 imports:
  21   - http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml
  22   - http://www.getcloudify.org/spec/openstack-plugin/2.7.4/plugin.yaml
  23   - http://www.getcloudify.org/spec/utilities-plugin/1.5.2/plugin.yaml
  24   - http://www.getcloudify.org/spec/fabric-plugin/1.5.1/plugin.yaml
  25   - imports/manager-configuration.yaml
  26
  27 inputs:
  28
  29   helm_version:
  30     default: v2.9.1
  31
  32   username:
  33     description: OS_USERNAME as specified in Openstack RC file.
  34
  35   keystone_password:
  36     description: Openstack user password.
  37
  38   tenant_name:
  39     description: OS_TENANT_NAME as specified in Openstack RC file.
  40
  41   auth_url:
  42     description: OS_AUTH_URL as specified in Openstack RC file.
  43
  44   region:
  45     description: OS_REGION_NAME as specified in Openstack RC file.
  46
  47   external_network_name:
  48     description: Openstack tenant external network name.
  49
  50   local_ssh_directory:
  51     default: '~/.ssh/'
  52
  53   manager_key_name:
  54     default: cfy-manager-key-os
  55
  56   agent_key_name:
  57     default: cfy-agent-key-os
  58
  59   cloudify_key_file:
  60     default: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
  61
  62   nameservers:
  63     default: [8.8.4.4, 8.8.8.8]
  64
  65   public_network_subnet_cidr:
  66     default: 192.168.120.0/24
  67
  68   public_network_subnet_allocation_pools:
  69     default:
  70     - start: 192.168.120.2
  71       end: 192.168.120.254
  72
  73   private_network_subnet_cidr:
  74     default: 192.168.121.0/24
  75
  76   private_network_subnet_allocation_pools:
  77     default:
  78     - start: 192.168.121.2
  79       end: 192.168.121.254
  80
  81   large_image_flavor:
  82     type: string
  83
  84   small_image_flavor:
  85     type: string
  86
  87   cloudify_image_username:
  88     default: centos
  89
  90   centos_core_image:
  91     type: string
  92
  93   ubuntu_trusty_image:
  94     type: string
  95
  96   private_ip:
  97     description: >
  98       Resolving the IP for manager setup.
  99     default: { get_attribute: [ cloudify_host, ip ] }
 100
 101   public_ip:
 102     description: >
 103       Resolving the IP for manager setup.
 104     default: { get_attribute: [ public_network_subnet_port_fip, floating_ip_address ] }
 105
 106   secrets:
 107     description: >
 108       key, value pairs of secrets used in AWS blueprint examples.
 109     default:
 110     - key: keystone_username
 111       value: { get_input: username }
 112     - key: keystone_password
 113       value: { get_input: keystone_password }
 114     - key: keystone_tenant_name
 115       value: { get_input: tenant_name }
 116     - key: keystone_url
 117       value: { get_input: auth_url }
 118     - key: region
 119       value: { get_input: region }
 120     - key: keystone_region
 121       value: { get_input: region }
 122     - key: external_network_name
 123       value: { get_property: [ external_network, resource_id ] }
 124     - key: router_name
 125       value: { get_attribute: [ public_network_router, external_name ] }
 126     - key: public_network_name
 127       value: { get_attribute: [ public_network, external_name ] }
 128     - key: private_network_name
 129       value: { get_attribute: [ private_network, external_name ] }
 130     - key: public_subnet_name
 131       value: { get_attribute: [ public_network_subnet, external_name ] }
 132     - key: private_subnet_name
 133       value: { get_attribute: [ private_network_subnet, external_name ] }
 134     - key: ubuntu_trusty_image
 135       value: { get_input: ubuntu_trusty_image }
 136     - key: centos_core_image
 137       value: { get_input: centos_core_image }
 138     - key: small_image_flavor
 139       value: { get_input: small_image_flavor }
 140     - key: large_image_flavor
 141       value: { get_input: large_image_flavor }
 142     - key: agent_key_public
 143       value: { get_attribute: [ agent_key, public_key_export ] }
 144     - key: agent_key_private
 145       value: { get_attribute: [ agent_key, private_key_export ] }
 146
 147 dsl_definitions:
 148
 149   client_config: &client_config
 150     username: { get_input: username }
 151     password: { get_input: keystone_password }
 152     tenant_name: { get_input: tenant_name }
 153     auth_url: { get_input: auth_url }
 154     region: { get_input: region }
 155
 156 node_templates:
 157
 158   manager_key:
 159     type: cloudify.keys.nodes.RSAKey
 160     properties:
 161       resource_config:
 162         public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name }, '.pub' ] }
 163         private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
 164         openssh_format: true
 165       use_secret_store: false
 166       key_name: { get_input: manager_key_name }
 167     interfaces:
 168       cloudify.interfaces.lifecycle:
 169         create:
 170           implementation: keys.cloudify_ssh_key.operations.create
 171           inputs:
 172             store_private_key_material: true
 173
 174   agent_key:
 175     type: cloudify.keys.nodes.RSAKey
 176     properties:
 177       resource_config:
 178         public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name }, '.pub' ] }
 179         private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name } ] }
 180         openssh_format: true
 181       use_secret_store: false
 182       key_name: { get_input: agent_key_name }
 183     interfaces:
 184       cloudify.interfaces.lifecycle:
 185         create:
 186           implementation: keys.cloudify_ssh_key.operations.create
 187           inputs:
 188             store_private_key_material: true
 189
 190   external_network:
 191     type: cloudify.openstack.nodes.Network
 192     properties:
 193       openstack_config: *client_config
 194       use_external_resource: true
 195       resource_id: { get_input: external_network_name }
 196
 197   public_network_subnet_port_fip:
 198     type: cloudify.openstack.nodes.FloatingIP
 199     properties:
 200       openstack_config: *client_config
 201       floatingip:
 202         floating_network_name: { get_input: external_network_name }
 203
 204   public_network:
 205     type: cloudify.openstack.nodes.Network
 206     properties:
 207       openstack_config: *client_config
 208
 209   private_network:
 210     type: cloudify.openstack.nodes.Network
 211     properties:
 212       openstack_config: *client_config
 213
 214   public_network_router:
 215     type: cloudify.openstack.nodes.Router
 216     properties:
 217       openstack_config: *client_config
 218     relationships:
 219     - type: cloudify.relationships.connected_to
 220       target: external_network
 221
 222   public_network_subnet:
 223     type: cloudify.openstack.nodes.Subnet
 224     properties:
 225       openstack_config: *client_config
 226       subnet:
 227         ip_version: 4
 228         cidr: { get_input: public_network_subnet_cidr }
 229         dns_nameservers: { get_input: nameservers }
 230         allocation_pools: { get_input: public_network_subnet_allocation_pools }
 231     relationships:
 232     - type: cloudify.relationships.contained_in
 233       target: public_network
 234     - type: cloudify.openstack.subnet_connected_to_router
 235       target: public_network_router
 236
 237   private_network_subnet:
 238     type: cloudify.openstack.nodes.Subnet
 239     properties:
 240       openstack_config: *client_config
 241       subnet:
 242         ip_version: 4
 243         cidr: { get_input: private_network_subnet_cidr }
 244         dns_nameservers: { get_input: nameservers }
 245         allocation_pools: { get_input: private_network_subnet_allocation_pools }
 246     relationships:
 247     - type: cloudify.relationships.contained_in
 248       target: private_network
 249     - type: cloudify.openstack.subnet_connected_to_router
 250       target: public_network_router
 251
 252   cloudify_security_group:
 253     type: cloudify.openstack.nodes.SecurityGroup
 254     properties:
 255       openstack_config: *client_config
 256       rules:
 257       - remote_ip_prefix: 0.0.0.0/0
 258         port_range_min: null
 259         port_range_max: null
 260         protocol: icmp
 261       - remote_ip_prefix: 0.0.0.0/0
 262         port_range_min: 22
 263         port_range_max: 22
 264         protocol: tcp
 265       - remote_ip_prefix: 0.0.0.0/0
 266         port_range_min: 80
 267         port_range_max: 80
 268         protocol: tcp
 269       - remote_ip_prefix: 0.0.0.0/0
 270         port_range_min: 443
 271         port_range_max: 443
 272         protocol: tcp
 273       - remote_ip_prefix: 0.0.0.0/0
 274         port_range_min: 5671
 275         port_range_max: 5671
 276         protocol: tcp
 277       - remote_ip_prefix: 0.0.0.0/0
 278         port_range_min: 8086
 279         port_range_max: 8086
 280         protocol: tcp
 281       - remote_ip_prefix: 0.0.0.0/0
 282         port_range_min: 8101
 283         port_range_max: 8101
 284         protocol: tcp
 285       - remote_ip_prefix: 0.0.0.0/0
 286         port_range_min: 8300
 287         port_range_max: 8301
 288         protocol: tcp
 289       - remote_ip_prefix: 0.0.0.0/0
 290         port_range_min: 8500
 291         port_range_max: 8500
 292         protocol: tcp
 293       - remote_ip_prefix: 0.0.0.0/0
 294         port_range_min: 15432
 295         port_range_max: 15432
 296         protocol: tcp
 297       - remote_ip_prefix: 0.0.0.0/0
 298         port_range_min: 22000
 299         port_range_max: 22000
 300         protocol: tcp
 301       - remote_ip_prefix: 0.0.0.0/0
 302         port_range_min: 53229
 303         port_range_max: 53229
 304         protocol: tcp
 305       - remote_ip_prefix: 0.0.0.0/0
 306         port_range_min: 53333
 307         port_range_max: 53333
 308         protocol: tcp
 309       - remote_ip_prefix: 0.0.0.0/0
 310         port_range_min: 30000
 311         port_range_max: 40000
 312         protocol: tcp
 313
 314   public_network_subnet_port:
 315     type: cloudify.openstack.nodes.Port
 316     properties:
 317       openstack_config: *client_config
 318     relationships:
 319     - type: cloudify.relationships.contained_in
 320       target: public_network
 321     - type: cloudify.relationships.depends_on
 322       target: public_network_subnet
 323     - type: cloudify.openstack.port_connected_to_security_group
 324       target: cloudify_security_group
 325     - type: cloudify.openstack.port_connected_to_floating_ip
 326       target: public_network_subnet_port_fip
 327
 328   private_network_subnet_port:
 329     type: cloudify.openstack.nodes.Port
 330     properties:
 331       openstack_config: *client_config
 332     relationships:
 333     - type: cloudify.relationships.contained_in
 334       target: private_network
 335     - type: cloudify.relationships.depends_on
 336       target: private_network_subnet
 337     - type: cloudify.openstack.port_connected_to_security_group
 338       target: cloudify_security_group
 339
 340   cloudify_host_cloud_config:
 341     type: cloudify.nodes.CloudInit.CloudConfig
 342     interfaces:
 343       cloudify.interfaces.lifecycle:
 344         create:
 345           inputs:
 346             resource_config:
 347               users:
 348               - name: { get_input: cloudify_image_username }
 349                 primary-group: wheel
 350                 shell: /bin/bash
 351                 sudo: ['ALL=(ALL) NOPASSWD:ALL']
 352                 ssh-authorized-keys:
 353                 - { get_attribute: [ manager_key, public_key_export ] }
 354               packages:
 355                 - wget
 356               runcmd:
 357               - { concat: [ 'usermod -aG wheel ', { get_input: cloudify_image_username } ] }
 358               - yum install -y python-backports-ssl_match_hostname python-setuptools python-backports
 359               - { concat: [ 'wget http://storage.googleapis.com/kubernetes-helm/helm-', { get_input: helm_version }, -linux-amd64.tar.gz ] }
 360               - { concat: [ 'tar -zxvf helm-', { get_input: helm_version }, '-linux-amd64.tar.gz' ] }
 361               - mv linux-amd64/helm /usr/bin/helm
 362     relationships:
 363     - type: cloudify.relationships.depends_on
 364       target: manager_key
 365     - type: cloudify.relationships.depends_on
 366       target: public_network_subnet_port
 367     - type: cloudify.relationships.depends_on
 368       target: private_network_subnet_port
 369
 370   cloudify_host:
 371     type: cloudify.openstack.nodes.Server
 372     properties:
 373       openstack_config: *client_config
 374       agent_config:
 375         install_method: none
 376       server:
 377         key_name: ''
 378         image: { get_input: centos_core_image }
 379         flavor: { get_input: large_image_flavor }
 380     interfaces:
 381       cloudify.interfaces.lifecycle:
 382         create:
 383           inputs:
 384             args:
 385               image: { get_input: centos_core_image }
 386               flavor: { get_input: large_image_flavor }
 387               userdata: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] }
 388               nics:
 389               - port-id: { get_attribute: [ public_network_subnet_port, external_id ] }
 390               # - port-id: { get_attribute: [ private_network_subnet_port, external_id ] }
 391     relationships:
 392     # Implicitly dependent on ports.
 393     - type: cloudify.relationships.depends_on
 394       target: cloudify_host_cloud_config
 395
 396 outputs:
 397
 398   manager_ip:
 399     value: { get_input: public_ip }