1 heat_template_version: 2013-05-23
4 Version 2.0 10-14-2015 (Authors: Art Mishurov,am254u & Johhny Chen, jc3066) - HOT-OAM-FW-SI template that creates two OAM networks (direct and protected) with a scaled out firewall service between the two.
9 description: Policy Name
10 service_policy_direction:
12 description: Direction of Policy
15 description: Start of src port
18 description: End of src port
21 description: Start of dst port
24 description: End of dst port
27 description: Name of private network to be created
30 description: Name of private network to be created
33 description: Name of private network to be created
36 description: Name of private network to be created
39 description: service template name or ID
42 description: service type
45 description: Name of the image
49 st_service_interface_type_list:
51 description: List of interface types
54 description: List of shared ip enabled-disabled
55 st_static_routes_list:
57 description: List of static routes enabled-disabled
60 description: Indicates whether service scaling is enabled
63 description: service mode
64 st_availability_zone_enable_flag:
66 description: service template availablity_zone feature enable flag
69 description: maximum number of firewall instances for scaling
70 service_instance_name:
72 description: service instance name
75 description: availability zone in form of Zone:Host
78 description: prefix for static route
84 type: OS::Contrail::ServiceTemplate
86 name: { get_param: st_name }
87 service_mode: { get_param: st_mode }
88 service_type: { get_param: st_type }
89 image_name: { get_param: st_image }
90 flavor: { get_param: st_flavor }
91 service_interface_type_list: { "Fn::Split" : [ ",", Ref: st_service_interface_type_list ] }
92 shared_ip_list: [ true, on, no, 0 ]
93 static_routes_list: { "Fn::Split" : [ ";", "n;false;false;false" ] }
94 service_scaling: { get_param: st_scaling }
95 availability_zone_enable: { get_param: st_availability_zone_enable_flag }
96 ordered_interfaces: true
99 type: OS::Contrail::ServiceInstance
101 name: { get_param: service_instance_name }
102 service_template: { get_resource: service_template }
103 availability_zone: { get_param: availability_zone }
108 virtual_network: {get_param: oam_mgmt_net_id}
111 virtual_network: {get_param: oam_protected_net_id}
114 virtual_network: {get_param: oam_direct_net_id},
116 { "prefix": {get_param: static_prefix_3_1} },
120 virtual_network: {get_param: oam_hsl_net_id}
125 type: OS::Contrail::NetworkPolicy
126 depends_on: [ service_instance ]
128 name: { get_param: service_policy_name }
132 "direction": { get_param: service_policy_direction },
134 "src_ports": [{"start_port": {get_param: start_src_ports}, "end_port": {get_param: end_src_ports}}],
135 "dst_ports": [{"start_port": {get_param: start_dst_ports}, "end_port": {get_param: end_dst_ports}}],
136 "dst_addresses": [{ "virtual_network": {get_param: oam_direct_net_id}}],
137 "action_list": {"apply_service": [{get_resource: service_instance}]},
138 "src_addresses": [{ "virtual_network": {get_param: protected_net}}]
141 service_policy_attach_direct_net:
142 type: OS::Contrail::AttachPolicy
143 depends_on: [ service_policy ]
145 network: { get_param: oam_direct_net_id }
146 policy: { get_attr: [service_policy, fq_name] }
148 service_policy_attach_protected_net:
149 type: OS::Contrail::AttachPolicy
150 depends_on: [ service_policy ]
152 network: { get_param: oam_protected_net_id }
153 policy: { get_attr: [service_policy, fq_name] }