1 heat_template_version: 2013-05-23
4 Based on the following reference for the HOT-DMZ-FW template:
5 Version 3.5 8-10-2015 (Authors: Art Mishurov,am254u & Johhny Chen, jc3066) - HOT-DMZ-FW template that creates two DMZ networks (direct and protected) with a scaled out firewall service between the two.
18 description: Name of HSL (Logging) network
21 description: HSL (Logging) network address (CIDR notation)
22 HSL_direct_net_gateway:
24 description: HSL (Logging) network gateway address
27 description: Name of OAM network
28 Cricket_OCS_direct_net_id:
30 description: Name of Cricket OCS network
31 Cricket_OCS_protected_net_id:
33 description: Name of Cricket OCS network
34 service_instance_name:
36 description: Service instance name
39 description: Policy Name
40 service_policy_direction:
42 description: Direction of Policy
45 description: Start of src port
48 description: End of src port
51 description: Start of dst port
54 description: End of dst port
57 description: Name of service template
60 description: service mode
63 description: service type
66 description: Name of the image
70 st_service_interface_type_list:
72 description: List of interface types
75 description: List of shared ip enabled-disabled
76 st_static_routes_list:
78 description: List of static routes enabled-disabled
81 description: Indicates whether service scaling is enabled
84 description: maximum number of firewall instances for scaling
87 description: availability zone
92 type: OS::Contrail::VirtualNetwork
94 name: { get_param: HSL_direct_net_id }
97 type: OS::Neutron::Subnet
99 network_id: { get_resource: hsl_direct_net }
100 cidr: { get_param: HSL_direct_net_cidr }
101 gateway_ip: { get_param: HSL_direct_net_gateway }
104 type: OS::Contrail::ServiceTemplate
106 name: { get_param: st_name }
107 service_mode: { get_param: st_mode }
108 service_type: { get_param: st_type }
109 image_name: { get_param: st_image }
110 flavor: { get_param: st_flavor }
111 service_interface_type_list: { "Fn::Split" : [ ",", Ref: st_service_interface_type_list ] }
112 shared_ip_list: { "Fn::Split" : [ ",", Ref: st_shared_ip_list ] }
113 static_routes_list: { "Fn::Split" : [ ",", Ref: st_static_routes_list ] }
114 service_scaling: { get_param: st_scaling }
117 type: OS::Contrail::ServiceInstance
118 depends_on: [ hsl_ip_subnet]
120 name: { get_param: service_instance_name }
121 availability_zone: { get_param: availability_zone_1 }
122 service_template: { get_resource: service_template }
124 max_instances: {get_param: max_num_fw_instances}
127 virtual_network: { get_param: hsl_direct_net1 }
130 virtual_network: { get_param: hsl_direct_net2 }
133 virtual_network: { get_param: hsl_direct_net3 }
136 virtual_network: { get_param: hsl_direct_net4 }
139 virtual_network: { get_resource: hsl_direct_net }
144 type: OS::Contrail::NetworkPolicy
145 depends_on: [ service_instance ]
147 name: { get_param: service_policy_name }
151 "direction": { get_param: service_policy_direction },
153 "src_ports": [{"start_port": {get_param: start_src_ports}, "end_port": {get_param: end_src_ports}}],
154 "dst_ports": [{"start_port": {get_param: start_dst_ports}, "end_port": {get_param: end_dst_ports}}],
155 "dst_addresses": [{ "virtual_network": { get_param: Cricket_OCS_direct_net_id }}],
156 "action_list": { "apply_service": [{ get_resource: service_instance }]},
157 "src_addresses": [{ "virtual_network": { get_param: Cricket_OCS_protected_net_id }}],
161 service_policy_attach_direct_net:
162 type: OS::Contrail::AttachPolicy
163 depends_on: [ service_policy ]
165 network: { get_param: Cricket_OCS_direct_net_id }
166 policy: { get_attr: [service_policy, fq_name] }
168 service_policy_attach_protected_net:
169 type: OS::Contrail::AttachPolicy
170 depends_on: [ service_policy ]
172 network: { get_param: Cricket_OCS_protected_net_id }
173 policy: { get_attr: [service_policy, fq_name] }
Code Review / sdc.git / blob