X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=TOSCA%2Fcloudify-environment-setup%2Fopenstack.yaml;fp=TOSCA%2Fcloudify-environment-setup%2Fopenstack.yaml;h=d794a9e9a1ac836ab64bdee06fd1eae6a7e7c879;hb=0191c4fcaed1586770653ce21e9c6d658e8159da;hp=0000000000000000000000000000000000000000;hpb=0745a76632ea73d6660d5e470d7782b62860b477;p=oom.git diff --git a/TOSCA/cloudify-environment-setup/openstack.yaml b/TOSCA/cloudify-environment-setup/openstack.yaml new file mode 100644 index 0000000000..d794a9e9a1 --- /dev/null +++ b/TOSCA/cloudify-environment-setup/openstack.yaml @@ -0,0 +1,399 @@ +# ============LICENSE_START========================================== +# =================================================================== +# Copyright (c) 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#============LICENSE_END============================================ + +tosca_definitions_version: cloudify_dsl_1_3 + +imports: + - http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml + - http://www.getcloudify.org/spec/openstack-plugin/2.7.4/plugin.yaml + - http://www.getcloudify.org/spec/utilities-plugin/1.5.2/plugin.yaml + - http://www.getcloudify.org/spec/fabric-plugin/1.5.1/plugin.yaml + - imports/manager-configuration.yaml + +inputs: + + helm_version: + default: v2.9.1 + + username: + description: OS_USERNAME as specified in Openstack RC file. + + keystone_password: + description: Openstack user password. + + tenant_name: + description: OS_TENANT_NAME as specified in Openstack RC file. + + auth_url: + description: OS_AUTH_URL as specified in Openstack RC file. + + region: + description: OS_REGION_NAME as specified in Openstack RC file. + + external_network_name: + description: Openstack tenant external network name. + + local_ssh_directory: + default: '~/.ssh/' + + manager_key_name: + default: cfy-manager-key-os + + agent_key_name: + default: cfy-agent-key-os + + cloudify_key_file: + default: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] } + + nameservers: + default: [8.8.4.4, 8.8.8.8] + + public_network_subnet_cidr: + default: 192.168.120.0/24 + + public_network_subnet_allocation_pools: + default: + - start: 192.168.120.2 + end: 192.168.120.254 + + private_network_subnet_cidr: + default: 192.168.121.0/24 + + private_network_subnet_allocation_pools: + default: + - start: 192.168.121.2 + end: 192.168.121.254 + + large_image_flavor: + type: string + + small_image_flavor: + type: string + + cloudify_image_username: + default: centos + + centos_core_image: + type: string + + ubuntu_trusty_image: + type: string + + private_ip: + description: > + Resolving the IP for manager setup. + default: { get_attribute: [ cloudify_host, ip ] } + + public_ip: + description: > + Resolving the IP for manager setup. + default: { get_attribute: [ public_network_subnet_port_fip, floating_ip_address ] } + + secrets: + description: > + key, value pairs of secrets used in AWS blueprint examples. + default: + - key: keystone_username + value: { get_input: username } + - key: keystone_password + value: { get_input: keystone_password } + - key: keystone_tenant_name + value: { get_input: tenant_name } + - key: keystone_url + value: { get_input: auth_url } + - key: region + value: { get_input: region } + - key: keystone_region + value: { get_input: region } + - key: external_network_name + value: { get_property: [ external_network, resource_id ] } + - key: router_name + value: { get_attribute: [ public_network_router, external_name ] } + - key: public_network_name + value: { get_attribute: [ public_network, external_name ] } + - key: private_network_name + value: { get_attribute: [ private_network, external_name ] } + - key: public_subnet_name + value: { get_attribute: [ public_network_subnet, external_name ] } + - key: private_subnet_name + value: { get_attribute: [ private_network_subnet, external_name ] } + - key: ubuntu_trusty_image + value: { get_input: ubuntu_trusty_image } + - key: centos_core_image + value: { get_input: centos_core_image } + - key: small_image_flavor + value: { get_input: small_image_flavor } + - key: large_image_flavor + value: { get_input: large_image_flavor } + - key: agent_key_public + value: { get_attribute: [ agent_key, public_key_export ] } + - key: agent_key_private + value: { get_attribute: [ agent_key, private_key_export ] } + +dsl_definitions: + + client_config: &client_config + username: { get_input: username } + password: { get_input: keystone_password } + tenant_name: { get_input: tenant_name } + auth_url: { get_input: auth_url } + region: { get_input: region } + +node_templates: + + manager_key: + type: cloudify.keys.nodes.RSAKey + properties: + resource_config: + public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name }, '.pub' ] } + private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] } + openssh_format: true + use_secret_store: false + key_name: { get_input: manager_key_name } + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: keys.cloudify_ssh_key.operations.create + inputs: + store_private_key_material: true + + agent_key: + type: cloudify.keys.nodes.RSAKey + properties: + resource_config: + public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name }, '.pub' ] } + private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name } ] } + openssh_format: true + use_secret_store: false + key_name: { get_input: agent_key_name } + interfaces: + cloudify.interfaces.lifecycle: + create: + implementation: keys.cloudify_ssh_key.operations.create + inputs: + store_private_key_material: true + + external_network: + type: cloudify.openstack.nodes.Network + properties: + openstack_config: *client_config + use_external_resource: true + resource_id: { get_input: external_network_name } + + public_network_subnet_port_fip: + type: cloudify.openstack.nodes.FloatingIP + properties: + openstack_config: *client_config + floatingip: + floating_network_name: { get_input: external_network_name } + + public_network: + type: cloudify.openstack.nodes.Network + properties: + openstack_config: *client_config + + private_network: + type: cloudify.openstack.nodes.Network + properties: + openstack_config: *client_config + + public_network_router: + type: cloudify.openstack.nodes.Router + properties: + openstack_config: *client_config + relationships: + - type: cloudify.relationships.connected_to + target: external_network + + public_network_subnet: + type: cloudify.openstack.nodes.Subnet + properties: + openstack_config: *client_config + subnet: + ip_version: 4 + cidr: { get_input: public_network_subnet_cidr } + dns_nameservers: { get_input: nameservers } + allocation_pools: { get_input: public_network_subnet_allocation_pools } + relationships: + - type: cloudify.relationships.contained_in + target: public_network + - type: cloudify.openstack.subnet_connected_to_router + target: public_network_router + + private_network_subnet: + type: cloudify.openstack.nodes.Subnet + properties: + openstack_config: *client_config + subnet: + ip_version: 4 + cidr: { get_input: private_network_subnet_cidr } + dns_nameservers: { get_input: nameservers } + allocation_pools: { get_input: private_network_subnet_allocation_pools } + relationships: + - type: cloudify.relationships.contained_in + target: private_network + - type: cloudify.openstack.subnet_connected_to_router + target: public_network_router + + cloudify_security_group: + type: cloudify.openstack.nodes.SecurityGroup + properties: + openstack_config: *client_config + rules: + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: null + port_range_max: null + protocol: icmp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 22 + port_range_max: 22 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 80 + port_range_max: 80 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 443 + port_range_max: 443 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 5671 + port_range_max: 5671 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 8086 + port_range_max: 8086 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 8101 + port_range_max: 8101 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 8300 + port_range_max: 8301 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 8500 + port_range_max: 8500 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 15432 + port_range_max: 15432 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 22000 + port_range_max: 22000 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 53229 + port_range_max: 53229 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 53333 + port_range_max: 53333 + protocol: tcp + - remote_ip_prefix: 0.0.0.0/0 + port_range_min: 30000 + port_range_max: 40000 + protocol: tcp + + public_network_subnet_port: + type: cloudify.openstack.nodes.Port + properties: + openstack_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: public_network + - type: cloudify.relationships.depends_on + target: public_network_subnet + - type: cloudify.openstack.port_connected_to_security_group + target: cloudify_security_group + - type: cloudify.openstack.port_connected_to_floating_ip + target: public_network_subnet_port_fip + + private_network_subnet_port: + type: cloudify.openstack.nodes.Port + properties: + openstack_config: *client_config + relationships: + - type: cloudify.relationships.contained_in + target: private_network + - type: cloudify.relationships.depends_on + target: private_network_subnet + - type: cloudify.openstack.port_connected_to_security_group + target: cloudify_security_group + + cloudify_host_cloud_config: + type: cloudify.nodes.CloudInit.CloudConfig + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + resource_config: + users: + - name: { get_input: cloudify_image_username } + primary-group: wheel + shell: /bin/bash + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + ssh-authorized-keys: + - { get_attribute: [ manager_key, public_key_export ] } + packages: + - wget + runcmd: + - { concat: [ 'usermod -aG wheel ', { get_input: cloudify_image_username } ] } + - yum install -y python-backports-ssl_match_hostname python-setuptools python-backports + - { concat: [ 'wget http://storage.googleapis.com/kubernetes-helm/helm-', { get_input: helm_version }, -linux-amd64.tar.gz ] } + - { concat: [ 'tar -zxvf helm-', { get_input: helm_version }, '-linux-amd64.tar.gz' ] } + - mv linux-amd64/helm /usr/bin/helm + relationships: + - type: cloudify.relationships.depends_on + target: manager_key + - type: cloudify.relationships.depends_on + target: public_network_subnet_port + - type: cloudify.relationships.depends_on + target: private_network_subnet_port + + cloudify_host: + type: cloudify.openstack.nodes.Server + properties: + openstack_config: *client_config + agent_config: + install_method: none + server: + key_name: '' + image: { get_input: centos_core_image } + flavor: { get_input: large_image_flavor } + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + image: { get_input: centos_core_image } + flavor: { get_input: large_image_flavor } + userdata: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] } + nics: + - port-id: { get_attribute: [ public_network_subnet_port, external_id ] } + # - port-id: { get_attribute: [ private_network_subnet_port, external_id ] } + relationships: + # Implicitly dependent on ports. + - type: cloudify.relationships.depends_on + target: cloudify_host_cloud_config + +outputs: + + manager_ip: + value: { get_input: public_ip }