blob: d794a9e9a1ac836ab64bdee06fd1eae6a7e7c879 [file] [log] [blame]
# ============LICENSE_START==========================================
# ===================================================================
# Copyright (c) 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#============LICENSE_END============================================
tosca_definitions_version: cloudify_dsl_1_3
imports:
- http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml
- http://www.getcloudify.org/spec/openstack-plugin/2.7.4/plugin.yaml
- http://www.getcloudify.org/spec/utilities-plugin/1.5.2/plugin.yaml
- http://www.getcloudify.org/spec/fabric-plugin/1.5.1/plugin.yaml
- imports/manager-configuration.yaml
inputs:
helm_version:
default: v2.9.1
username:
description: OS_USERNAME as specified in Openstack RC file.
keystone_password:
description: Openstack user password.
tenant_name:
description: OS_TENANT_NAME as specified in Openstack RC file.
auth_url:
description: OS_AUTH_URL as specified in Openstack RC file.
region:
description: OS_REGION_NAME as specified in Openstack RC file.
external_network_name:
description: Openstack tenant external network name.
local_ssh_directory:
default: '~/.ssh/'
manager_key_name:
default: cfy-manager-key-os
agent_key_name:
default: cfy-agent-key-os
cloudify_key_file:
default: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
nameservers:
default: [8.8.4.4, 8.8.8.8]
public_network_subnet_cidr:
default: 192.168.120.0/24
public_network_subnet_allocation_pools:
default:
- start: 192.168.120.2
end: 192.168.120.254
private_network_subnet_cidr:
default: 192.168.121.0/24
private_network_subnet_allocation_pools:
default:
- start: 192.168.121.2
end: 192.168.121.254
large_image_flavor:
type: string
small_image_flavor:
type: string
cloudify_image_username:
default: centos
centos_core_image:
type: string
ubuntu_trusty_image:
type: string
private_ip:
description: >
Resolving the IP for manager setup.
default: { get_attribute: [ cloudify_host, ip ] }
public_ip:
description: >
Resolving the IP for manager setup.
default: { get_attribute: [ public_network_subnet_port_fip, floating_ip_address ] }
secrets:
description: >
key, value pairs of secrets used in AWS blueprint examples.
default:
- key: keystone_username
value: { get_input: username }
- key: keystone_password
value: { get_input: keystone_password }
- key: keystone_tenant_name
value: { get_input: tenant_name }
- key: keystone_url
value: { get_input: auth_url }
- key: region
value: { get_input: region }
- key: keystone_region
value: { get_input: region }
- key: external_network_name
value: { get_property: [ external_network, resource_id ] }
- key: router_name
value: { get_attribute: [ public_network_router, external_name ] }
- key: public_network_name
value: { get_attribute: [ public_network, external_name ] }
- key: private_network_name
value: { get_attribute: [ private_network, external_name ] }
- key: public_subnet_name
value: { get_attribute: [ public_network_subnet, external_name ] }
- key: private_subnet_name
value: { get_attribute: [ private_network_subnet, external_name ] }
- key: ubuntu_trusty_image
value: { get_input: ubuntu_trusty_image }
- key: centos_core_image
value: { get_input: centos_core_image }
- key: small_image_flavor
value: { get_input: small_image_flavor }
- key: large_image_flavor
value: { get_input: large_image_flavor }
- key: agent_key_public
value: { get_attribute: [ agent_key, public_key_export ] }
- key: agent_key_private
value: { get_attribute: [ agent_key, private_key_export ] }
dsl_definitions:
client_config: &client_config
username: { get_input: username }
password: { get_input: keystone_password }
tenant_name: { get_input: tenant_name }
auth_url: { get_input: auth_url }
region: { get_input: region }
node_templates:
manager_key:
type: cloudify.keys.nodes.RSAKey
properties:
resource_config:
public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name }, '.pub' ] }
private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
openssh_format: true
use_secret_store: false
key_name: { get_input: manager_key_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
implementation: keys.cloudify_ssh_key.operations.create
inputs:
store_private_key_material: true
agent_key:
type: cloudify.keys.nodes.RSAKey
properties:
resource_config:
public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name }, '.pub' ] }
private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name } ] }
openssh_format: true
use_secret_store: false
key_name: { get_input: agent_key_name }
interfaces:
cloudify.interfaces.lifecycle:
create:
implementation: keys.cloudify_ssh_key.operations.create
inputs:
store_private_key_material: true
external_network:
type: cloudify.openstack.nodes.Network
properties:
openstack_config: *client_config
use_external_resource: true
resource_id: { get_input: external_network_name }
public_network_subnet_port_fip:
type: cloudify.openstack.nodes.FloatingIP
properties:
openstack_config: *client_config
floatingip:
floating_network_name: { get_input: external_network_name }
public_network:
type: cloudify.openstack.nodes.Network
properties:
openstack_config: *client_config
private_network:
type: cloudify.openstack.nodes.Network
properties:
openstack_config: *client_config
public_network_router:
type: cloudify.openstack.nodes.Router
properties:
openstack_config: *client_config
relationships:
- type: cloudify.relationships.connected_to
target: external_network
public_network_subnet:
type: cloudify.openstack.nodes.Subnet
properties:
openstack_config: *client_config
subnet:
ip_version: 4
cidr: { get_input: public_network_subnet_cidr }
dns_nameservers: { get_input: nameservers }
allocation_pools: { get_input: public_network_subnet_allocation_pools }
relationships:
- type: cloudify.relationships.contained_in
target: public_network
- type: cloudify.openstack.subnet_connected_to_router
target: public_network_router
private_network_subnet:
type: cloudify.openstack.nodes.Subnet
properties:
openstack_config: *client_config
subnet:
ip_version: 4
cidr: { get_input: private_network_subnet_cidr }
dns_nameservers: { get_input: nameservers }
allocation_pools: { get_input: private_network_subnet_allocation_pools }
relationships:
- type: cloudify.relationships.contained_in
target: private_network
- type: cloudify.openstack.subnet_connected_to_router
target: public_network_router
cloudify_security_group:
type: cloudify.openstack.nodes.SecurityGroup
properties:
openstack_config: *client_config
rules:
- remote_ip_prefix: 0.0.0.0/0
port_range_min: null
port_range_max: null
protocol: icmp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 22
port_range_max: 22
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 80
port_range_max: 80
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 443
port_range_max: 443
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 5671
port_range_max: 5671
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 8086
port_range_max: 8086
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 8101
port_range_max: 8101
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 8300
port_range_max: 8301
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 8500
port_range_max: 8500
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 15432
port_range_max: 15432
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 22000
port_range_max: 22000
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 53229
port_range_max: 53229
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 53333
port_range_max: 53333
protocol: tcp
- remote_ip_prefix: 0.0.0.0/0
port_range_min: 30000
port_range_max: 40000
protocol: tcp
public_network_subnet_port:
type: cloudify.openstack.nodes.Port
properties:
openstack_config: *client_config
relationships:
- type: cloudify.relationships.contained_in
target: public_network
- type: cloudify.relationships.depends_on
target: public_network_subnet
- type: cloudify.openstack.port_connected_to_security_group
target: cloudify_security_group
- type: cloudify.openstack.port_connected_to_floating_ip
target: public_network_subnet_port_fip
private_network_subnet_port:
type: cloudify.openstack.nodes.Port
properties:
openstack_config: *client_config
relationships:
- type: cloudify.relationships.contained_in
target: private_network
- type: cloudify.relationships.depends_on
target: private_network_subnet
- type: cloudify.openstack.port_connected_to_security_group
target: cloudify_security_group
cloudify_host_cloud_config:
type: cloudify.nodes.CloudInit.CloudConfig
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
resource_config:
users:
- name: { get_input: cloudify_image_username }
primary-group: wheel
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
ssh-authorized-keys:
- { get_attribute: [ manager_key, public_key_export ] }
packages:
- wget
runcmd:
- { concat: [ 'usermod -aG wheel ', { get_input: cloudify_image_username } ] }
- yum install -y python-backports-ssl_match_hostname python-setuptools python-backports
- { concat: [ 'wget http://storage.googleapis.com/kubernetes-helm/helm-', { get_input: helm_version }, -linux-amd64.tar.gz ] }
- { concat: [ 'tar -zxvf helm-', { get_input: helm_version }, '-linux-amd64.tar.gz' ] }
- mv linux-amd64/helm /usr/bin/helm
relationships:
- type: cloudify.relationships.depends_on
target: manager_key
- type: cloudify.relationships.depends_on
target: public_network_subnet_port
- type: cloudify.relationships.depends_on
target: private_network_subnet_port
cloudify_host:
type: cloudify.openstack.nodes.Server
properties:
openstack_config: *client_config
agent_config:
install_method: none
server:
key_name: ''
image: { get_input: centos_core_image }
flavor: { get_input: large_image_flavor }
interfaces:
cloudify.interfaces.lifecycle:
create:
inputs:
args:
image: { get_input: centos_core_image }
flavor: { get_input: large_image_flavor }
userdata: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] }
nics:
- port-id: { get_attribute: [ public_network_subnet_port, external_id ] }
# - port-id: { get_attribute: [ private_network_subnet_port, external_id ] }
relationships:
# Implicitly dependent on ports.
- type: cloudify.relationships.depends_on
target: cloudify_host_cloud_config
outputs:
manager_ip:
value: { get_input: public_ip }