1 heat_template_version: 2015-04-30
4 HOT template to create the vIPR-ATM firwall service template and instance.
5 This template creates the following
6 - Two service virtual networks for each side (left and right) of the vIPR-ATM firewalls
7 - Two virtual networks for high availability between the vIPR-ATM firewalls
8 - A Contrail Service Template for the vIPR-ATM service
9 - A Contrail Service Instance for the vIPR-ATM service
11 The firewall virtual machines connected to these created networks and managed by the
12 vIPR-ATM service instance will be created by the vIPR-ATM-Instance.yaml HOT template.
14 Network Policy that includes the vIPR-ATM service instance will be created by client
15 specific HOT templates or Contrail APIs.
18 vipr_atm_service_left_ip_prefix:
21 - allowed_pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
22 description: A valid IPv4 dot quad IP address.
23 description: Left vIPR-ATM service network IP address prefix
24 vipr_atm_service_left_ip_prefix_len:
27 - range: { min: 0, max: 32 }
28 description: a valid IPv4 prefix value from 0 to 32.
29 description: Left vIPR-ATM service network IP address prefix length
31 vipr_atm_service_right_ip_prefix:
34 - allowed_pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
35 description: A valid IPv4 dot quad IP address.
36 description: Right vIPR-ATM service network IP address prefix
37 vipr_atm_service_right_ip_prefix_len:
40 - range: { min: 0, max: 32 }
41 description: a valid IPv4 prefix value from 0 to 32.
42 description: Right vIPR-ATM service network IP address prefix length
47 - allowed_pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(?:3[0-2]|[12]?[0-9])$
48 description: A valid IPv4 CIDR (dot quad IP address / previx value 0 to 32).
49 description: vIPR-ATM private High Availability Network One IP address CIDR
54 - allowed_pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(?:3[0-2]|[12]?[0-9])$
55 description: A valid IPv4 CIDR (dot quad IP address / previx value 0 to 32).
56 description: vIPR-ATM private High Availability Network Two IP address CIDR
60 description: Unique ID for this VNF instance
63 description: Unique name for this VNF instance
66 description: Unique ID for the VF Module instance
69 vIPR_ATM_Service_Left:
70 type: OS::ContrailV2::VirtualNetwork
74 template: VNF_NAME_VIPR_ATM_SERVICE_LEFT_NETWORK
76 VNF_NAME: { get_param: vnf_name }
77 network_ipam_refs: ["default-domain:default-project:default-network-ipam"]
78 network_ipam_refs_data:
80 network_ipam_refs_data_ipam_subnets:
82 network_ipam_refs_data_ipam_subnets_subnet:
84 network_ipam_refs_data_ipam_subnets_subnet_ip_prefix:
86 get_param: vipr_atm_service_left_ip_prefix
88 network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len:
90 get_param: vipr_atm_service_left_ip_prefix_len
96 vIPR_ATM_Service_Right:
97 type: OS::ContrailV2::VirtualNetwork
101 template: VNF_NAME_VIPR_ATM_SERVICE_RIGHT_NETWORK
103 VNF_NAME: { get_param: vnf_name }
104 network_ipam_refs: ["default-domain:default-project:default-network-ipam"]
105 network_ipam_refs_data:
107 network_ipam_refs_data_ipam_subnets:
109 network_ipam_refs_data_ipam_subnets_subnet:
111 network_ipam_refs_data_ipam_subnets_subnet_ip_prefix:
113 get_param: vipr_atm_service_right_ip_prefix
115 network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len:
117 get_param: vipr_atm_service_right_ip_prefix_len
124 type: OS::Neutron::Net
128 template: VNF_NAME_VIPR_ATM_HA_ONE_NETWORK
130 VNF_NAME: { get_param: vnf_name }
132 vIPR_ATM_Ha_One_Subnet:
133 type: OS::Neutron::Subnet
139 template: NET_NAME_SUBNET
141 NET_NAME: { get_attr: [ vIPR_ATM_Ha_One, name ] }
142 network: { get_resource: vIPR_ATM_Ha_One }
143 cidr: { get_param: vipr_atm_ha_one_cidr }
148 type: OS::Neutron::Net
152 template: VNF_NAME_VIPR_ATM_HA_TWO_NETWORK
154 VNF_NAME: { get_param: vnf_name }
156 vIPR_ATM_Ha_Two_Subnet:
157 type: OS::Neutron::Subnet
163 template: NET_NAME_SUBNET
165 NET_NAME: { get_attr: [ vIPR_ATM_Ha_Two, name ] }
166 network: { get_resource: vIPR_ATM_Ha_Two }
167 cidr: { get_param: vipr_atm_ha_two_cidr }
171 vIPR_ATM_Service_Template:
172 type: OS::ContrailV2::ServiceTemplate
176 template: VNF_NAME_VIPR_ATM_SERVICE_TEMPLATE
178 VNF_NAME: { get_param: vnf_name }
179 service_template_properties:
181 service_template_properties_version: 2,
182 service_template_properties_service_mode: transparent,
183 service_template_properties_service_type: firewall,
184 service_template_properties_service_virtualization_type: virtual-machine,
185 service_template_properties_interface_type:
188 service_template_properties_interface_type_service_interface_type: Left,
189 service_template_properties_interface_type_shared_ip: True,
192 service_template_properties_interface_type_service_interface_type: Right,
193 service_template_properties_interface_type_shared_ip: True,
197 domain: default-domain
199 vIPR_ATM_Service_Instance:
200 type: OS::ContrailV2::ServiceInstance
202 - vIPR_ATM_Service_Left
203 - vIPR_ATM_Service_Right
204 - vIPR_ATM_Service_Template
208 template: VNF_NAME_VIPR_ATM_SERVICE_INSTANCE
210 VNF_NAME: { get_param: vnf_name }
211 service_template_refs: [{ get_resource: vIPR_ATM_Service_Template }]
212 service_instance_properties:
214 service_instance_properties_ha_mode: active-active,
215 service_instance_properties_left_virtual_network:
217 list_join: [':', { get_attr: [ vIPR_ATM_Service_Left, fq_name ] } ]
219 service_instance_properties_right_virtual_network:
221 list_join: [':', { get_attr: [ vIPR_ATM_Service_Right, fq_name ] } ]
225 # Management (OAM) Port Security Group to allow ingress SSH
227 type: OS::Neutron::SecurityGroup
231 template: VNF_NAME_VIPR_ATM_OAM_SG
233 VNF_NAME: { get_param: vnf_name }
235 - remote_ip_prefix: 0.0.0.0/0
239 - remote_ip_prefix: 0.0.0.0/0
243 - remote_ip_prefix: 0.0.0.0/0
247 - remote_ip_prefix: 0.0.0.0/0
251 type: OS::Neutron::SecurityGroup
255 template: VNF_NAME_VIPR_ATM_HA_ONE_SG
257 VNF_NAME: { get_param: vnf_name }
259 - remote_mode: remote_group_id
262 type: OS::Neutron::SecurityGroup
266 template: VNF_NAME_VIPR_ATM_HA_TWO_SG
268 VNF_NAME: { get_param: vnf_name }
270 - remote_mode: remote_group_id
272 vIPR_ATM_Server_Group:
273 type: OS::Nova::ServerGroup
277 template: VNF_NAME_VIPR_ATM_SERVER_GROUP
279 VNF_NAME: { get_param: vnf_name }
284 vipr_atm_contrail_service_instance_fqdn:
285 description: The FQDN for the Contrail Service Instance that is needed to create tenant OAM network policy to service change through the vIPR-ATM firewall.
286 value: { list_join: [':', { get_attr: [ vIPR_ATM_Service_Instance, fq_name ] } ] }
288 vipr_atm_service_left_fqdn:
289 description: The FQDN for the vIPR-ATM Service Left network.
290 value: { list_join: [':', { get_attr: [ vIPR_ATM_Service_Left, fq_name ] } ] }
292 vipr_atm_service_right_fqdn:
293 description: The FQDN for the vIPR-ATM Service Right network.
294 value: { list_join: [':', { get_attr: [ vIPR_ATM_Service_Right, fq_name ] } ] }
297 description: The UUID for the vIPR-ATM HA One network.
298 value: { get_resource: vIPR_ATM_Ha_One }
301 description: The UUID for the vIPR-ATM HA Two network.
302 value: { get_resource: vIPR_ATM_Ha_Two }
304 vipr_atm_oam_net_security_groups:
305 description: The list of OpenStack Security Groups to appliy to the vIPR-ATM-Instance\'s OAM network.
306 value: [ { get_resource: vIPR_ATM_OAM_SG } ]
308 vipr_atm_ha_one_security_groups:
309 description: The list of OpenStack Security Groups to appliy to the vIPR-ATM-Instance\'s HA One network.
310 value: [ { get_resource: vIPR_ATM_HA_ONE_SG } ]
312 vipr_atm_ha_two_security_groups:
313 description: The list of OpenStack Security Groups to appliy to the vIPR-ATM-Instance\'s HA Two network.
314 value: [ { get_resource: vIPR_ATM_HA_TWO_SG } ]
316 vipr_atm_server_group:
317 description: The UUID for the vIPR-ATM OpenStack Server Group
318 value: { get_resource: vIPR_ATM_Server_Group }
Code Review / sdc.git / blob