1 heat_template_version: 2013-05-23
4 Based on the following reference for the HOT-DMZ-FW template:
5 Version 3.5 8-10-2015 (Authors: Art Mishurov,am254u & Johhny Chen, jc3066) - HOT-DMZ-FW template that creates two DMZ networks (direct and protected) with a scaled out firewall service between the two.
18 description: Name of HSL (Logging) network
21 description: HSL (Logging) network address (CIDR notation)
22 HSL_direct_net_gateway:
24 description: HSL (Logging) network gateway address
27 description: Name of OAM network
28 Cricket_OCS_direct_net_id:
30 description: Name of Cricket OCS network
31 Cricket_OCS_protected_net_id:
33 description: Name of Cricket OCS network
34 service_instance_name:
36 description: Service instance name
39 description: Policy Name
40 service_policy_direction:
42 description: Direction of Policy
45 description: Start of src port
48 description: End of src port
51 description: Start of dst port
54 description: End of dst port
57 description: Name of service template
60 description: service mode
63 description: service type
66 description: Name of the image
70 st_service_interface_type_list:
72 description: List of interface types
75 description: List of shared ip enabled-disabled
76 st_static_routes_list:
78 description: List of static routes enabled-disabled
81 description: Indicates whether service scaling is enabled
84 description: maximum number of firewall instances for scaling
87 description: availability zone
96 type: OS::Contrail::VirtualNetwork
98 name: { get_param: HSL_direct_net_id }
101 type: OS::Neutron::Subnet
103 network_id: { get_resource: hsl_direct_net }
104 cidr: { get_param: HSL_direct_net_cidr }
105 gateway_ip: { get_param: HSL_direct_net_gateway }
108 type: OS::Contrail::ServiceTemplate
110 name: { get_param: st_name }
111 service_mode: { get_param: st_mode }
112 service_type: { get_param: st_type }
113 image_name: { get_param: st_image_name }
114 flavor: { get_param: st_flavor }
115 service_interface_type_list: { "Fn::Split" : [ ",", Ref: st_service_interface_type_list ] }
116 shared_ip_list: { "Fn::Split" : [ ",", Ref: st_shared_ip_list ] }
117 static_routes_list: { "Fn::Split" : [ ",", Ref: st_static_routes_list ] }
118 service_scaling: { get_param: st_scaling }
121 type: OS::Contrail::ServiceInstance
122 depends_on: [ hsl_ip_subnet]
124 name: { get_param: service_instance_name }
125 availability_zone: { get_param: availability_zone_1 }
126 service_template: { get_resource: service_template }
128 max_instances: {get_param: max_num_fw_instances}
131 virtual_network: { get_param: network_param1 }
134 virtual_network: { get_param: network_param1 }
137 virtual_network: { get_param: network_param2 }
142 type: OS::Contrail::ServiceInstance
143 depends_on: [ hsl_ip_subnet]
145 name: { get_param: service_instance_name }
146 availability_zone: { get_param: availability_zone_1 }
147 service_template: { get_resource: service_template }
149 max_instances: {get_param: max_num_fw_instances}
152 virtual_network: { get_param: network_param2 }
155 virtual_network: { get_param: network_param1 }
158 virtual_network: { get_param: network_param2 }
163 type: OS::Contrail::NetworkPolicy
164 depends_on: [ service_instance3 ]
166 name: { get_param: service_policy_name }
170 "direction": { get_param: service_policy_direction },
172 "src_ports": [{"start_port": {get_param: start_src_ports}, "end_port": {get_param: end_src_ports}}],
173 "dst_ports": [{"start_port": {get_param: start_dst_ports}, "end_port": {get_param: end_dst_ports}}],
174 "dst_addresses": [{ "virtual_network": { get_param: Cricket_OCS_direct_net_id }}],
175 "action_list": { "apply_service": [{ get_resource: service_instance3 }]},
176 "src_addresses": [{ "virtual_network": { get_param: Cricket_OCS_protected_net_id }}],
180 service_policy_attach_direct_net:
181 type: OS::Contrail::AttachPolicy
182 depends_on: [ service_policy ]
184 network: { get_param: Cricket_OCS_direct_net_id }
185 policy: { get_attr: [service_policy, fq_name] }
187 service_policy_attach_protected_net:
188 type: OS::Contrail::AttachPolicy
189 depends_on: [ service_policy ]
191 network: { get_param: Cricket_OCS_protected_net_id }
192 policy: { get_attr: [service_policy, fq_name] }
197 network_param1: { get_param: network_param1}
198 network_param2: { get_param: network_param1}