Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
288 lines (254 sloc) 7.05 KB
heat_template_version: 2015-04-30
parameters:
flavor:
type: string
description: Flavor for the server to be created
default: t1.small
constraints:
- custom_constraint: nova.flavor
image:
type: string
description: Image ID or image name to use for the server
default: "CentOS 7"
constraints:
- custom_constraint: glance.image
resources:
dmz_net:
type: OS::Neutron::Net
properties:
admin_state_up: true
name: dmz_net
dmz_subnet:
type: OS::Neutron::Subnet
properties:
network: { get_resource: dmz_net }
allocation_pools: [{"start": "192.168.200.20", "end": "192.168.200.200"}]
cidr: "192.168.200.0/24"
dns_nameservers: ["8.8.8.8"]
gateway_ip: "192.168.200.1"
ip_version: 4
InternetGW:
type: OS::Neutron::Router
properties:
external_gateway_info: { network: Internet }
name: InternetGW
dmz_gw:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: InternetGW }
subnet: { get_resource: dmz_subnet }
example_key:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: example_key
ssh_ext_secgroup:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
port_range_min: 22
port_range_max: 22
ssh_int_secgroup:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: tcp
remote_ip_prefix: 192.168.200.0/24
port_range_min: 22
port_range_max: 22
http_ext_secgroup:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
port_range_min: 80
port_range_max: 80
- protocol: tcp
remote_ip_prefix: 0.0.0.0/0
port_range_min: 443
port_range_max: 443
http_int_secgroup:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: tcp
remote_ip_prefix: 192.168.200.0/24
port_range_min: 80
port_range_max: 80
- protocol: tcp
remote_ip_prefix: 192.168.200.0/24
port_range_min: 443
port_range_max: 443
mysql_int_secgroup:
type: OS::Neutron::SecurityGroup
properties:
rules:
- protocol: tcp
remote_ip_prefix: 192.168.200.0/24
port_range_min: 3306
port_range_max: 3306
jumpbox_port:
type: OS::Neutron::Port
properties:
network: { get_resource: dmz_net }
fixed_ips:
- subnet_id: { get_resource: dmz_subnet }
security_groups:
- { get_resource: ssh_ext_secgroup }
jumpbox_server:
type: OS::Nova::Server
properties:
name: jump01
flavor: { get_param: flavor }
image: { get_param: image }
key_name: { get_resource: example_key }
networks:
- port: { get_resource: jumpbox_port }
jumpbox_ip:
type: OS::Neutron::FloatingIP
properties:
floating_network: "Internet"
jumpbox_ip_assoc:
type: OS::Neutron::FloatingIPAssociation
properties:
floatingip_id: { get_resource: jumpbox_ip }
port_id: { get_resource: jumpbox_port }
install_haproxy:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: |
#!/bin/sh
sudo yum install -y haproxy
configure_haproxy:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: |
#!/bin/sh
sudo sed -i s/:5000/:80/g /etc/haproxy/haproxy.cfg
sudo service haproxy restart
sudo chkconfig haproxy on
haproxy_server_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: install_haproxy}
- config: {get_resource: configure_haproxy}
haproxy_port:
type: OS::Neutron::Port
properties:
network: { get_resource: dmz_net }
fixed_ips:
- subnet_id: { get_resource: dmz_subnet }
security_groups:
- { get_resource: http_ext_secgroup }
- { get_resource: ssh_int_secgroup }
haproxy_server:
type: OS::Nova::Server
properties:
name: haproxy01
flavor: { get_param: flavor }
image: { get_param: image }
key_name: { get_resource: example_key }
networks:
- port: { get_resource: haproxy_port }
user_data:
get_resource: haproxy_server_init
haproxy_ip:
type: OS::Neutron::FloatingIP
properties:
floating_network: "Internet"
haproxy_ip_assoc:
type: OS::Neutron::FloatingIPAssociation
properties:
floatingip_id: { get_resource: haproxy_ip }
port_id: { get_resource: haproxy_port }
install_apache:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: |
#!/bin/sh
sudo yum install -y httpd
sudo service httpd restart
sudo chkconfig httpd on
configure_test_page:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: |
#!/bin/sh
sudo sed -i s/123/456/g /usr/share/httpd/noindex/index.html
web_server_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: install_apache}
web_server2_init:
type: OS::Heat::MultipartMime
properties:
parts:
- config: {get_resource: install_apache}
- config: {get_resource: configure_test_page}
web_server_1:
type: OS::Nova::Server
properties:
name: web01
flavor: { get_param: flavor }
image: { get_param: image }
key_name: { get_resource: example_key }
networks:
- network: { get_resource: dmz_net }
security_groups:
- { get_resource: ssh_int_secgroup }
- { get_resource: http_int_secgroup }
user_data:
get_resource: web_server_init
web_server_2:
type: OS::Nova::Server
properties:
name: web02
flavor: { get_param: flavor }
image: { get_param: image }
key_name: { get_resource: example_key }
networks:
- network: { get_resource: dmz_net }
security_groups:
- { get_resource: ssh_int_secgroup }
- { get_resource: http_int_secgroup }
user_data:
get_resource: web_server2_init
db_sys_volume:
type: OS::Cinder::Volume
properties:
size: 30
image: { get_param: image }
db_data_volume:
type: OS::Cinder::Volume
properties:
size: 50
database_server:
type: OS::Nova::Server
properties:
name: db01
flavor: { get_param: flavor }
networks:
- network: { get_resource: dmz_net }
security_groups:
- { get_resource: ssh_int_secgroup }
- { get_resource: mysql_int_secgroup }
block_device_mapping:
- device_name: vda
volume_id: { get_resource: db_sys_volume }
delete_on_termination: true
- device_name: vdb
volume_id: { get_resource: db_data_volume }
delete_on_termination: true
outputs:
private_key:
description: Private Key
value: { get_attr: [ example_key, private_key ]}