Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / 867602f80edce6d9cc47bb26f78a3a2787d8322f / . / TOSCA / cloudify-environment-setup / openstack.yaml
blob: d794a9e9a1ac836ab64bdee06fd1eae6a7e7c879 [file] [log] [blame]
jh245g0191c4f2018-08-27 10:01:58 -0400[diff] [blame]1# ============LICENSE_START==========================================
2# ===================================================================
3# Copyright (c) 2018 AT&T
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#============LICENSE_END============================================
17
18tosca_definitions_version: cloudify_dsl_1_3
19
20imports:
21 - http://www.getcloudify.org/spec/cloudify/4.3.1/types.yaml
22 - http://www.getcloudify.org/spec/openstack-plugin/2.7.4/plugin.yaml
23 - http://www.getcloudify.org/spec/utilities-plugin/1.5.2/plugin.yaml
24 - http://www.getcloudify.org/spec/fabric-plugin/1.5.1/plugin.yaml
25 - imports/manager-configuration.yaml
26
27inputs:
28
29 helm_version:
30 default: v2.9.1
31
32 username:
33 description: OS_USERNAME as specified in Openstack RC file.
34
35 keystone_password:
36 description: Openstack user password.
37
38 tenant_name:
39 description: OS_TENANT_NAME as specified in Openstack RC file.
40
41 auth_url:
42 description: OS_AUTH_URL as specified in Openstack RC file.
43
44 region:
45 description: OS_REGION_NAME as specified in Openstack RC file.
46
47 external_network_name:
48 description: Openstack tenant external network name.
49
50 local_ssh_directory:
51 default: '~/.ssh/'
52
53 manager_key_name:
54 default: cfy-manager-key-os
55
56 agent_key_name:
57 default: cfy-agent-key-os
58
59 cloudify_key_file:
60 default: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
61
62 nameservers:
63 default: [8.8.4.4, 8.8.8.8]
64
65 public_network_subnet_cidr:
66 default: 192.168.120.0/24
67
68 public_network_subnet_allocation_pools:
69 default:
70 - start: 192.168.120.2
71 end: 192.168.120.254
72
73 private_network_subnet_cidr:
74 default: 192.168.121.0/24
75
76 private_network_subnet_allocation_pools:
77 default:
78 - start: 192.168.121.2
79 end: 192.168.121.254
80
81 large_image_flavor:
82 type: string
83
84 small_image_flavor:
85 type: string
86
87 cloudify_image_username:
88 default: centos
89
90 centos_core_image:
91 type: string
92
93 ubuntu_trusty_image:
94 type: string
95
96 private_ip:
97 description: >
98 Resolving the IP for manager setup.
99 default: { get_attribute: [ cloudify_host, ip ] }
100
101 public_ip:
102 description: >
103 Resolving the IP for manager setup.
104 default: { get_attribute: [ public_network_subnet_port_fip, floating_ip_address ] }
105
106 secrets:
107 description: >
108 key, value pairs of secrets used in AWS blueprint examples.
109 default:
110 - key: keystone_username
111 value: { get_input: username }
112 - key: keystone_password
113 value: { get_input: keystone_password }
114 - key: keystone_tenant_name
115 value: { get_input: tenant_name }
116 - key: keystone_url
117 value: { get_input: auth_url }
118 - key: region
119 value: { get_input: region }
120 - key: keystone_region
121 value: { get_input: region }
122 - key: external_network_name
123 value: { get_property: [ external_network, resource_id ] }
124 - key: router_name
125 value: { get_attribute: [ public_network_router, external_name ] }
126 - key: public_network_name
127 value: { get_attribute: [ public_network, external_name ] }
128 - key: private_network_name
129 value: { get_attribute: [ private_network, external_name ] }
130 - key: public_subnet_name
131 value: { get_attribute: [ public_network_subnet, external_name ] }
132 - key: private_subnet_name
133 value: { get_attribute: [ private_network_subnet, external_name ] }
134 - key: ubuntu_trusty_image
135 value: { get_input: ubuntu_trusty_image }
136 - key: centos_core_image
137 value: { get_input: centos_core_image }
138 - key: small_image_flavor
139 value: { get_input: small_image_flavor }
140 - key: large_image_flavor
141 value: { get_input: large_image_flavor }
142 - key: agent_key_public
143 value: { get_attribute: [ agent_key, public_key_export ] }
144 - key: agent_key_private
145 value: { get_attribute: [ agent_key, private_key_export ] }
146
147dsl_definitions:
148
149 client_config: &client_config
150 username: { get_input: username }
151 password: { get_input: keystone_password }
152 tenant_name: { get_input: tenant_name }
153 auth_url: { get_input: auth_url }
154 region: { get_input: region }
155
156node_templates:
157
158 manager_key:
159 type: cloudify.keys.nodes.RSAKey
160 properties:
161 resource_config:
162 public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name }, '.pub' ] }
163 private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: manager_key_name } ] }
164 openssh_format: true
165 use_secret_store: false
166 key_name: { get_input: manager_key_name }
167 interfaces:
168 cloudify.interfaces.lifecycle:
169 create:
170 implementation: keys.cloudify_ssh_key.operations.create
171 inputs:
172 store_private_key_material: true
173
174 agent_key:
175 type: cloudify.keys.nodes.RSAKey
176 properties:
177 resource_config:
178 public_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name }, '.pub' ] }
179 private_key_path: { concat: [ { get_input: local_ssh_directory }, { get_input: agent_key_name } ] }
180 openssh_format: true
181 use_secret_store: false
182 key_name: { get_input: agent_key_name }
183 interfaces:
184 cloudify.interfaces.lifecycle:
185 create:
186 implementation: keys.cloudify_ssh_key.operations.create
187 inputs:
188 store_private_key_material: true
189
190 external_network:
191 type: cloudify.openstack.nodes.Network
192 properties:
193 openstack_config: *client_config
194 use_external_resource: true
195 resource_id: { get_input: external_network_name }
196
197 public_network_subnet_port_fip:
198 type: cloudify.openstack.nodes.FloatingIP
199 properties:
200 openstack_config: *client_config
201 floatingip:
202 floating_network_name: { get_input: external_network_name }
203
204 public_network:
205 type: cloudify.openstack.nodes.Network
206 properties:
207 openstack_config: *client_config
208
209 private_network:
210 type: cloudify.openstack.nodes.Network
211 properties:
212 openstack_config: *client_config
213
214 public_network_router:
215 type: cloudify.openstack.nodes.Router
216 properties:
217 openstack_config: *client_config
218 relationships:
219 - type: cloudify.relationships.connected_to
220 target: external_network
221
222 public_network_subnet:
223 type: cloudify.openstack.nodes.Subnet
224 properties:
225 openstack_config: *client_config
226 subnet:
227 ip_version: 4
228 cidr: { get_input: public_network_subnet_cidr }
229 dns_nameservers: { get_input: nameservers }
230 allocation_pools: { get_input: public_network_subnet_allocation_pools }
231 relationships:
232 - type: cloudify.relationships.contained_in
233 target: public_network
234 - type: cloudify.openstack.subnet_connected_to_router
235 target: public_network_router
236
237 private_network_subnet:
238 type: cloudify.openstack.nodes.Subnet
239 properties:
240 openstack_config: *client_config
241 subnet:
242 ip_version: 4
243 cidr: { get_input: private_network_subnet_cidr }
244 dns_nameservers: { get_input: nameservers }
245 allocation_pools: { get_input: private_network_subnet_allocation_pools }
246 relationships:
247 - type: cloudify.relationships.contained_in
248 target: private_network
249 - type: cloudify.openstack.subnet_connected_to_router
250 target: public_network_router
251
252 cloudify_security_group:
253 type: cloudify.openstack.nodes.SecurityGroup
254 properties:
255 openstack_config: *client_config
256 rules:
257 - remote_ip_prefix: 0.0.0.0/0
258 port_range_min: null
259 port_range_max: null
260 protocol: icmp
261 - remote_ip_prefix: 0.0.0.0/0
262 port_range_min: 22
263 port_range_max: 22
264 protocol: tcp
265 - remote_ip_prefix: 0.0.0.0/0
266 port_range_min: 80
267 port_range_max: 80
268 protocol: tcp
269 - remote_ip_prefix: 0.0.0.0/0
270 port_range_min: 443
271 port_range_max: 443
272 protocol: tcp
273 - remote_ip_prefix: 0.0.0.0/0
274 port_range_min: 5671
275 port_range_max: 5671
276 protocol: tcp
277 - remote_ip_prefix: 0.0.0.0/0
278 port_range_min: 8086
279 port_range_max: 8086
280 protocol: tcp
281 - remote_ip_prefix: 0.0.0.0/0
282 port_range_min: 8101
283 port_range_max: 8101
284 protocol: tcp
285 - remote_ip_prefix: 0.0.0.0/0
286 port_range_min: 8300
287 port_range_max: 8301
288 protocol: tcp
289 - remote_ip_prefix: 0.0.0.0/0
290 port_range_min: 8500
291 port_range_max: 8500
292 protocol: tcp
293 - remote_ip_prefix: 0.0.0.0/0
294 port_range_min: 15432
295 port_range_max: 15432
296 protocol: tcp
297 - remote_ip_prefix: 0.0.0.0/0
298 port_range_min: 22000
299 port_range_max: 22000
300 protocol: tcp
301 - remote_ip_prefix: 0.0.0.0/0
302 port_range_min: 53229
303 port_range_max: 53229
304 protocol: tcp
305 - remote_ip_prefix: 0.0.0.0/0
306 port_range_min: 53333
307 port_range_max: 53333
308 protocol: tcp
309 - remote_ip_prefix: 0.0.0.0/0
310 port_range_min: 30000
311 port_range_max: 40000
312 protocol: tcp
313
314 public_network_subnet_port:
315 type: cloudify.openstack.nodes.Port
316 properties:
317 openstack_config: *client_config
318 relationships:
319 - type: cloudify.relationships.contained_in
320 target: public_network
321 - type: cloudify.relationships.depends_on
322 target: public_network_subnet
323 - type: cloudify.openstack.port_connected_to_security_group
324 target: cloudify_security_group
325 - type: cloudify.openstack.port_connected_to_floating_ip
326 target: public_network_subnet_port_fip
327
328 private_network_subnet_port:
329 type: cloudify.openstack.nodes.Port
330 properties:
331 openstack_config: *client_config
332 relationships:
333 - type: cloudify.relationships.contained_in
334 target: private_network
335 - type: cloudify.relationships.depends_on
336 target: private_network_subnet
337 - type: cloudify.openstack.port_connected_to_security_group
338 target: cloudify_security_group
339
340 cloudify_host_cloud_config:
341 type: cloudify.nodes.CloudInit.CloudConfig
342 interfaces:
343 cloudify.interfaces.lifecycle:
344 create:
345 inputs:
346 resource_config:
347 users:
348 - name: { get_input: cloudify_image_username }
349 primary-group: wheel
350 shell: /bin/bash
351 sudo: ['ALL=(ALL) NOPASSWD:ALL']
352 ssh-authorized-keys:
353 - { get_attribute: [ manager_key, public_key_export ] }
354 packages:
355 - wget
356 runcmd:
357 - { concat: [ 'usermod -aG wheel ', { get_input: cloudify_image_username } ] }
358 - yum install -y python-backports-ssl_match_hostname python-setuptools python-backports
359 - { concat: [ 'wget http://storage.googleapis.com/kubernetes-helm/helm-', { get_input: helm_version }, -linux-amd64.tar.gz ] }
360 - { concat: [ 'tar -zxvf helm-', { get_input: helm_version }, '-linux-amd64.tar.gz' ] }
361 - mv linux-amd64/helm /usr/bin/helm
362 relationships:
363 - type: cloudify.relationships.depends_on
364 target: manager_key
365 - type: cloudify.relationships.depends_on
366 target: public_network_subnet_port
367 - type: cloudify.relationships.depends_on
368 target: private_network_subnet_port
369
370 cloudify_host:
371 type: cloudify.openstack.nodes.Server
372 properties:
373 openstack_config: *client_config
374 agent_config:
375 install_method: none
376 server:
377 key_name: ''
378 image: { get_input: centos_core_image }
379 flavor: { get_input: large_image_flavor }
380 interfaces:
381 cloudify.interfaces.lifecycle:
382 create:
383 inputs:
384 args:
385 image: { get_input: centos_core_image }
386 flavor: { get_input: large_image_flavor }
387 userdata: { get_attribute: [ cloudify_host_cloud_config, cloud_config ] }
388 nics:
389 - port-id: { get_attribute: [ public_network_subnet_port, external_id ] }
390 # - port-id: { get_attribute: [ private_network_subnet_port, external_id ] }
391 relationships:
392 # Implicitly dependent on ports.
393 - type: cloudify.relationships.depends_on
394 target: cloudify_host_cloud_config
395
396outputs:
397
398 manager_ip:
399 value: { get_input: public_ip }