| # ============LICENSE_START========================================== |
| # =================================================================== |
| # Copyright (c) 2018 AT&T |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| #============LICENSE_END============================================ |
| |
| tosca_definitions_version: cloudify_dsl_1_3 |
| |
| imports: |
| - http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml |
| - http://www.getcloudify.org/spec/openstack-plugin/2.7.4/plugin.yaml |
| - http://www.getcloudify.org/spec/utilities-plugin/1.5.2/plugin.yaml |
| - http://www.getcloudify.org/spec/fabric-plugin/1.5.1/plugin.yaml |
| - imports/manager-configuration.yaml |
| |
| inputs: |
| |
| helm_version: |
| default: v2.9.1 |
| |
| username: |
| description: OS_USERNAME as specified in Openstack RC file. |
| |
| keystone_password: |
| description: Openstack user password. |
| |
| tenant_name: |
| description: OS_TENANT_NAME as specified in Openstack RC file. |
| |
| auth_url: |
| description: OS_AUTH_URL as specified in Openstack RC file. |
| |
| region: |
| description: OS_REGION_NAME as specified in Openstack RC file. |
| |
| external_network_name: |
| description: Openstack tenant external network name. |
| |
| local_ssh_directory: |
| default: '~/.ssh/' |
| |
| manager_key_name: |
| default: cfy-manager-key-os |
| |
| agent_key_name: |
| default: cfy-agent-key-os |
| |
| cloudify_key_file: |
| default: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] } |
| |
| nameservers: |
| default: [8.8.4.4, 8.8.8.8] |
| |
| public_network_subnet_cidr: |
| default: 192.168.120.0/24 |
| |
| public_network_subnet_allocation_pools: |
| default: |
| - start: 192.168.120.2 |
| end: 192.168.120.254 |
| |
| private_network_subnet_cidr: |
| default: 192.168.121.0/24 |
| |
| private_network_subnet_allocation_pools: |
| default: |
| - start: 192.168.121.2 |
| end: 192.168.121.254 |
| |
| large_image_flavor: |
| type: string |
| |
| small_image_flavor: |
| type: string |
| |
| cloudify_image_username: |
| default: centos |
| |
| centos_core_image: |
| type: string |
| |
| ubuntu_trusty_image: |
| type: string |
| |
| private_ip: |
| description: > |
| Resolving the IP for manager setup. |
| default: { get_attribute: [ cloudify_host, ip ] } |
| |
| public_ip: |
| description: > |
| Resolving the IP for manager setup. |
| default: { get_attribute: [ public_network_subnet_port_fip, floating_ip_address ] } |
| |
| secrets: |
| description: > |
| key, value pairs of secrets used in AWS blueprint examples. |
| default: |
| - key: keystone_username |
| value: { get_input: username } |
| - key: keystone_password |
| value: { get_input: keystone_password } |
| - key: keystone_tenant_name |
| value: { get_input: tenant_name } |
| - key: keystone_url |
| value: { get_input: auth_url } |
| - key: region |
| value: { get_input: region } |
| - key: keystone_region |
| value: { get_input: region } |
| - key: external_network_name |
| value: { get_property: [ external_network, resource_id ] } |
| - key: router_name |
| value: { get_attribute: [ public_network_router, external_name ] } |
| - key: public_network_name |
| value: { get_attribute: [ public_network, external_name ] } |
| - key: private_network_name |
| value: { get_attribute: [ private_network, external_name ] } |
| - key: public_subnet_name |
| value: { get_attribute: [ public_network_subnet, external_name ] } |
| - key: private_subnet_name |
| value: { get_attribute: [ private_network_subnet, external_name ] } |
| - key: ubuntu_trusty_image |
| value: { get_input: ubuntu_trusty_image } |
| - key: centos_core_image |
| value: { get_input: centos_core_image } |
| - key: small_image_flavor |
| value: { get_input: small_image_flavor } |
| - key: large_image_flavor |
| value: { get_input: large_image_flavor } |
| - key: agent_key_public |
| value: { get_attribute: [ agent_key, public_key_export ] } |
| - key: agent_key_private |
| value: { get_attribute: [ agent_key, private_key_export ] } |
| |
| dsl_definitions: |
| |
| client_config: &client_config |
| username: { get_input: username } |
| password: { get_input: keystone_password } |
| tenant_name: { get_input: tenant_name } |
| auth_url: { get_input: auth_url } |
| region: { get_input: region } |
| |
| node_templates: |
| |
| manager_key: |
| type: cloudify.keys.nodes.RSAKey |
| properties: |
| resource_config: |
| public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name }, '.pub' ] } |
| private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] } |
| openssh_format: true |
| use_secret_store: false |
| key_name: { get_input: manager_key_name } |
| interfaces: |
| cloudify.interfaces.lifecycle: |
| create: |
| implementation: keys.cloudify_ssh_key.operations.create |
| inputs: |
| store_private_key_material: true |
| |
| agent_key: |
| type: cloudify.keys.nodes.RSAKey |
| properties: |
| resource_config: |
| public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name }, '.pub' ] } |
| private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name } ] } |
| openssh_format: true |
| use_secret_store: false |
| key_name: { get_input: agent_key_name } |
| interfaces: |
| cloudify.interfaces.lifecycle: |
| create: |
| implementation: keys.cloudify_ssh_key.operations.create |
| inputs: |
| store_private_key_material: true |
| |
| external_network: |
| type: cloudify.openstack.nodes.Network |
| properties: |
| openstack_config: *client_config |
| use_external_resource: true |
| resource_id: { get_input: external_network_name } |
| |
| public_network_subnet_port_fip: |
| type: cloudify.openstack.nodes.FloatingIP |
| properties: |
| openstack_config: *client_config |
| floatingip: |
| floating_network_name: { get_input: external_network_name } |
| |
| public_network: |
| type: cloudify.openstack.nodes.Network |
| properties: |
| openstack_config: *client_config |
| |
| private_network: |
| type: cloudify.openstack.nodes.Network |
| properties: |
| openstack_config: *client_config |
| |
| public_network_router: |
| type: cloudify.openstack.nodes.Router |
| properties: |
| openstack_config: *client_config |
| relationships: |
| - type: cloudify.relationships.connected_to |
| target: external_network |
| |
| public_network_subnet: |
| type: cloudify.openstack.nodes.Subnet |
| properties: |
| openstack_config: *client_config |
| subnet: |
| ip_version: 4 |
| cidr: { get_input: public_network_subnet_cidr } |
| dns_nameservers: { get_input: nameservers } |
| allocation_pools: { get_input: public_network_subnet_allocation_pools } |
| relationships: |
| - type: cloudify.relationships.contained_in |
| target: public_network |
| - type: cloudify.openstack.subnet_connected_to_router |
| target: public_network_router |
| |
| private_network_subnet: |
| type: cloudify.openstack.nodes.Subnet |
| properties: |
| openstack_config: *client_config |
| subnet: |
| ip_version: 4 |
| cidr: { get_input: private_network_subnet_cidr } |
| dns_nameservers: { get_input: nameservers } |
| allocation_pools: { get_input: private_network_subnet_allocation_pools } |
| relationships: |
| - type: cloudify.relationships.contained_in |
| target: private_network |
| - type: cloudify.openstack.subnet_connected_to_router |
| target: public_network_router |
| |
| cloudify_security_group: |
| type: cloudify.openstack.nodes.SecurityGroup |
| properties: |
| openstack_config: *client_config |
| rules: |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: null |
| port_range_max: null |
| protocol: icmp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 22 |
| port_range_max: 22 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 80 |
| port_range_max: 80 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 443 |
| port_range_max: 443 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 5671 |
| port_range_max: 5671 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 8086 |
| port_range_max: 8086 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 8101 |
| port_range_max: 8101 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 8300 |
| port_range_max: 8301 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 8500 |
| port_range_max: 8500 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 15432 |
| port_range_max: 15432 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 22000 |
| port_range_max: 22000 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 53229 |
| port_range_max: 53229 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 53333 |
| port_range_max: 53333 |
| protocol: tcp |
| - remote_ip_prefix: 0.0.0.0/0 |
| port_range_min: 30000 |
| port_range_max: 40000 |
| protocol: tcp |
| |
| public_network_subnet_port: |
| type: cloudify.openstack.nodes.Port |
| properties: |
| openstack_config: *client_config |
| relationships: |
| - type: cloudify.relationships.contained_in |
| target: public_network |
| - type: cloudify.relationships.depends_on |
| target: public_network_subnet |
| - type: cloudify.openstack.port_connected_to_security_group |
| target: cloudify_security_group |
| - type: cloudify.openstack.port_connected_to_floating_ip |
| target: public_network_subnet_port_fip |
| |
| private_network_subnet_port: |
| type: cloudify.openstack.nodes.Port |
| properties: |
| openstack_config: *client_config |
| relationships: |
| - type: cloudify.relationships.contained_in |
| target: private_network |
| - type: cloudify.relationships.depends_on |
| target: private_network_subnet |
| - type: cloudify.openstack.port_connected_to_security_group |
| target: cloudify_security_group |
| |
| cloudify_host_cloud_config: |
| type: cloudify.nodes.CloudInit.CloudConfig |
| interfaces: |
| cloudify.interfaces.lifecycle: |
| create: |
| inputs: |
| resource_config: |
| users: |
| - name: { get_input: cloudify_image_username } |
| primary-group: wheel |
| shell: /bin/bash |
| sudo: ['ALL=(ALL) NOPASSWD:ALL'] |
| ssh-authorized-keys: |
| - { get_attribute: [ manager_key, public_key_export ] } |
| packages: |
| - wget |
| runcmd: |
| - { concat: [ 'usermod -aG wheel ', { get_input: cloudify_image_username } ] } |
| - yum install -y python-backports-ssl_match_hostname python-setuptools python-backports |
| - { concat: [ 'wget http://storage.googleapis.com/kubernetes-helm/helm-', { get_input: helm_version }, -linux-amd64.tar.gz ] } |
| - { concat: [ 'tar -zxvf helm-', { get_input: helm_version }, '-linux-amd64.tar.gz' ] } |
| - mv linux-amd64/helm /usr/bin/helm |
| relationships: |
| - type: cloudify.relationships.depends_on |
| target: manager_key |
| - type: cloudify.relationships.depends_on |
| target: public_network_subnet_port |
| - type: cloudify.relationships.depends_on |
| target: private_network_subnet_port |
| |
| cloudify_host: |
| type: cloudify.openstack.nodes.Server |
| properties: |
| openstack_config: *client_config |
| agent_config: |
| install_method: none |
| server: |
| key_name: '' |
| image: { get_input: centos_core_image } |
| flavor: { get_input: large_image_flavor } |
| interfaces: |
| cloudify.interfaces.lifecycle: |
| create: |
| inputs: |
| args: |
| image: { get_input: centos_core_image } |
| flavor: { get_input: large_image_flavor } |
| userdata: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] } |
| nics: |
| - port-id: { get_attribute: [ public_network_subnet_port, external_id ] } |
| # - port-id: { get_attribute: [ private_network_subnet_port, external_id ] } |
| relationships: |
| # Implicitly dependent on ports. |
| - type: cloudify.relationships.depends_on |
| target: cloudify_host_cloud_config |
| |
| outputs: |
| |
| manager_ip: |
| value: { get_input: public_ip } |