|
@@ -0,0 +1,888 @@
|
|
|
+heat_template_version: 2016-10-14
|
|
|
+
|
|
|
+description: OpenShift cluster
|
|
|
+
|
|
|
+parameters:
|
|
|
+
|
|
|
+outputs:
|
|
|
+
|
|
|
+ etcd_names:
|
|
|
+ description: Name of the etcds
|
|
|
+ value: { get_attr: [ etcd, name ] }
|
|
|
+
|
|
|
+ etcd_ips:
|
|
|
+ description: IPs of the etcds
|
|
|
+ value: { get_attr: [ etcd, private_ip ] }
|
|
|
+
|
|
|
+ etcd_floating_ips:
|
|
|
+ description: Floating IPs of the etcds
|
|
|
+ value: { get_attr: [ etcd, floating_ip ] }
|
|
|
+
|
|
|
+ master_names:
|
|
|
+ description: Name of the masters
|
|
|
+ value: { get_attr: [ masters, name ] }
|
|
|
+
|
|
|
+ master_ips:
|
|
|
+ description: IPs of the masters
|
|
|
+ value: { get_attr: [ masters, private_ip ] }
|
|
|
+
|
|
|
+ master_floating_ips:
|
|
|
+ description: Floating IPs of the masters
|
|
|
+ value: { get_attr: [ masters, floating_ip ] }
|
|
|
+
|
|
|
+ node_names:
|
|
|
+ description: Name of the nodes
|
|
|
+ value: { get_attr: [ compute_nodes, name ] }
|
|
|
+
|
|
|
+ node_ips:
|
|
|
+ description: IPs of the nodes
|
|
|
+ value: { get_attr: [ compute_nodes, private_ip ] }
|
|
|
+
|
|
|
+ node_floating_ips:
|
|
|
+ description: Floating IPs of the nodes
|
|
|
+ value: { get_attr: [ compute_nodes, floating_ip ] }
|
|
|
+
|
|
|
+ infra_names:
|
|
|
+ description: Name of the nodes
|
|
|
+ value: { get_attr: [ infra_nodes, name ] }
|
|
|
+
|
|
|
+ infra_ips:
|
|
|
+ description: IPs of the nodes
|
|
|
+ value: { get_attr: [ infra_nodes, private_ip ] }
|
|
|
+
|
|
|
+ infra_floating_ips:
|
|
|
+ description: Floating IPs of the nodes
|
|
|
+ value: { get_attr: [ infra_nodes, floating_ip ] }
|
|
|
+
|
|
|
+{% if num_dns|int > 0 %}
|
|
|
+ dns_name:
|
|
|
+ description: Name of the DNS
|
|
|
+ value:
|
|
|
+ get_attr:
|
|
|
+ - dns
|
|
|
+ - name
|
|
|
+
|
|
|
+ dns_floating_ips:
|
|
|
+ description: Floating IPs of the DNS
|
|
|
+ value: { get_attr: [ dns, floating_ip ] }
|
|
|
+
|
|
|
+ dns_private_ips:
|
|
|
+ description: Private IPs of the DNS
|
|
|
+ value: { get_attr: [ dns, private_ip ] }
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+conditions:
|
|
|
+ no_floating: {% if provider_network or use_bastion|bool %}true{% else %}false{% endif %}
|
|
|
+
|
|
|
+resources:
|
|
|
+
|
|
|
+{% if not provider_network %}
|
|
|
+ net:
|
|
|
+ type: OS::Neutron::Net
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-net
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+
|
|
|
+ subnet:
|
|
|
+ type: OS::Neutron::Subnet
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-subnet
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ network: { get_resource: net }
|
|
|
+ cidr:
|
|
|
+ str_replace:
|
|
|
+ template: subnet_24_prefix.0/24
|
|
|
+ params:
|
|
|
+ subnet_24_prefix: {{ subnet_prefix }}
|
|
|
+ allocation_pools:
|
|
|
+ - start:
|
|
|
+ str_replace:
|
|
|
+ template: subnet_24_prefix.3
|
|
|
+ params:
|
|
|
+ subnet_24_prefix: {{ subnet_prefix }}
|
|
|
+ end:
|
|
|
+ str_replace:
|
|
|
+ template: subnet_24_prefix.254
|
|
|
+ params:
|
|
|
+ subnet_24_prefix: {{ subnet_prefix }}
|
|
|
+ dns_nameservers:
|
|
|
+{% for nameserver in dns_nameservers %}
|
|
|
+ - {{ nameserver }}
|
|
|
+{% endfor %}
|
|
|
+
|
|
|
+{% if openshift_use_flannel|default(False)|bool %}
|
|
|
+ data_net:
|
|
|
+ type: OS::Neutron::Net
|
|
|
+ properties:
|
|
|
+ name: openshift-ansible-{{ stack_name }}-data-net
|
|
|
+ port_security_enabled: false
|
|
|
+
|
|
|
+ data_subnet:
|
|
|
+ type: OS::Neutron::Subnet
|
|
|
+ properties:
|
|
|
+ name: openshift-ansible-{{ stack_name }}-data-subnet
|
|
|
+ network: { get_resource: data_net }
|
|
|
+ cidr: {{ osm_cluster_network_cidr|default('10.128.0.0/14') }}
|
|
|
+ gateway_ip: null
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+ router:
|
|
|
+ type: OS::Neutron::Router
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-router
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ external_gateway_info:
|
|
|
+ network: {{ external_network }}
|
|
|
+
|
|
|
+ interface:
|
|
|
+ type: OS::Neutron::RouterInterface
|
|
|
+ properties:
|
|
|
+ router_id: { get_resource: router }
|
|
|
+ subnet_id: { get_resource: subnet }
|
|
|
+
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+# keypair:
|
|
|
+# type: OS::Nova::KeyPair
|
|
|
+# properties:
|
|
|
+# name:
|
|
|
+# str_replace:
|
|
|
+# template: openshift-ansible-cluster_id-keypair
|
|
|
+# params:
|
|
|
+# cluster_id: {{ stack_name }}
|
|
|
+# public_key: {{ ssh_public_key }}
|
|
|
+
|
|
|
+ common-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-common-secgrp
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ description:
|
|
|
+ str_replace:
|
|
|
+ template: Basic ssh/icmp security group for cluster_id OpenShift cluster
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 22
|
|
|
+ port_range_max: 22
|
|
|
+ remote_ip_prefix: {{ ssh_ingress_cidr }}
|
|
|
+{% if use_bastion|bool %}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 22
|
|
|
+ port_range_max: 22
|
|
|
+ remote_ip_prefix: {{ bastion_ingress_cidr }}
|
|
|
+{% endif %}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: icmp
|
|
|
+ remote_ip_prefix: {{ ssh_ingress_cidr }}
|
|
|
+
|
|
|
+{% if openstack_flat_secgrp|default(False)|bool %}
|
|
|
+ flat-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-flat-secgrp
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ description:
|
|
|
+ str_replace:
|
|
|
+ template: Security group for cluster_id OpenShift cluster
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 4001
|
|
|
+ port_range_max: 4001
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: {{ openshift_master_api_port|default(8443) }}
|
|
|
+ port_range_max: {{ openshift_master_api_port|default(8443) }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: {{ openshift_master_console_port|default(8443) }}
|
|
|
+ port_range_max: {{ openshift_master_console_port|default(8443) }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 8053
|
|
|
+ port_range_max: 8053
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 8053
|
|
|
+ port_range_max: 8053
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 24224
|
|
|
+ port_range_max: 24224
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 24224
|
|
|
+ port_range_max: 24224
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 2224
|
|
|
+ port_range_max: 2224
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 5404
|
|
|
+ port_range_max: 5405
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 9090
|
|
|
+ port_range_max: 9090
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 2379
|
|
|
+ port_range_max: 2380
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 10250
|
|
|
+ port_range_max: 10250
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 10250
|
|
|
+ port_range_max: 10250
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 10255
|
|
|
+ port_range_max: 10255
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 10255
|
|
|
+ port_range_max: 10255
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 4789
|
|
|
+ port_range_max: 4789
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 30000
|
|
|
+ port_range_max: 32767
|
|
|
+ remote_ip_prefix: {{ node_ingress_cidr }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 30000
|
|
|
+ port_range_max: 32767
|
|
|
+ remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
|
|
|
+{% else %}
|
|
|
+ master-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-master-secgrp
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ description:
|
|
|
+ str_replace:
|
|
|
+ template: Security group for cluster_id OpenShift cluster master
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 4001
|
|
|
+ port_range_max: 4001
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: {{ openshift_master_api_port|default(8443) }}
|
|
|
+ port_range_max: {{ openshift_master_api_port|default(8443) }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: {{ openshift_master_console_port|default(8443) }}
|
|
|
+ port_range_max: {{ openshift_master_console_port|default(8443) }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 8053
|
|
|
+ port_range_max: 8053
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 8053
|
|
|
+ port_range_max: 8053
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 24224
|
|
|
+ port_range_max: 24224
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 24224
|
|
|
+ port_range_max: 24224
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 2224
|
|
|
+ port_range_max: 2224
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 5404
|
|
|
+ port_range_max: 5405
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 9090
|
|
|
+ port_range_max: 9090
|
|
|
+{% if openshift_use_flannel|default(False)|bool %}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 2379
|
|
|
+ port_range_max: 2379
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+ etcd-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-etcd-secgrp
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ description:
|
|
|
+ str_replace:
|
|
|
+ template: Security group for cluster_id etcd cluster
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 2379
|
|
|
+ port_range_max: 2379
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ remote_group_id: { get_resource: master-secgrp }
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 2380
|
|
|
+ port_range_max: 2380
|
|
|
+ remote_mode: remote_group_id
|
|
|
+
|
|
|
+ node-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-node-secgrp
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ description:
|
|
|
+ str_replace:
|
|
|
+ template: Security group for cluster_id OpenShift cluster nodes
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 10250
|
|
|
+ port_range_max: 10250
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 10255
|
|
|
+ port_range_max: 10255
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 10255
|
|
|
+ port_range_max: 10255
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 4789
|
|
|
+ port_range_max: 4789
|
|
|
+ remote_mode: remote_group_id
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 30000
|
|
|
+ port_range_max: 32767
|
|
|
+ remote_ip_prefix: {{ node_ingress_cidr }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 30000
|
|
|
+ port_range_max: 32767
|
|
|
+ remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+ infra-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-infra-secgrp
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ description:
|
|
|
+ str_replace:
|
|
|
+ template: Security group for cluster_id OpenShift infrastructure cluster nodes
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 80
|
|
|
+ port_range_max: 80
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 443
|
|
|
+ port_range_max: 443
|
|
|
+
|
|
|
+{% if num_dns|int > 0 %}
|
|
|
+ dns-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-dns-secgrp
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ description:
|
|
|
+ str_replace:
|
|
|
+ template: Security group for cluster_id cluster DNS
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 53
|
|
|
+ port_range_max: 53
|
|
|
+ remote_ip_prefix: {{ node_ingress_cidr }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: udp
|
|
|
+ port_range_min: 53
|
|
|
+ port_range_max: 53
|
|
|
+ remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 53
|
|
|
+ port_range_max: 53
|
|
|
+ remote_ip_prefix: {{ node_ingress_cidr }}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: 53
|
|
|
+ port_range_max: 53
|
|
|
+ remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+{% if num_masters|int > 1 or ui_ssh_tunnel|bool %}
|
|
|
+ lb-secgrp:
|
|
|
+ type: OS::Neutron::SecurityGroup
|
|
|
+ properties:
|
|
|
+ name: openshift-ansible-{{ stack_name }}-lb-secgrp
|
|
|
+ description: Security group for {{ stack_name }} cluster Load Balancer
|
|
|
+ rules:
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: {{ openshift_master_api_port | default(8443) }}
|
|
|
+ port_range_max: {{ openshift_master_api_port | default(8443) }}
|
|
|
+ remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }}
|
|
|
+{% if ui_ssh_tunnel|bool %}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: {{ openshift_master_api_port | default(8443) }}
|
|
|
+ port_range_max: {{ openshift_master_api_port | default(8443) }}
|
|
|
+ remote_ip_prefix: {{ ssh_ingress_cidr }}
|
|
|
+{% endif %}
|
|
|
+{% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %}
|
|
|
+ - direction: ingress
|
|
|
+ protocol: tcp
|
|
|
+ port_range_min: {{ openshift_master_console_port | default(8443) }}
|
|
|
+ port_range_max: {{ openshift_master_console_port | default(8443) }}
|
|
|
+ remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }}
|
|
|
+{% endif %}
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+ etcd:
|
|
|
+ type: OS::Heat::ResourceGroup
|
|
|
+ properties:
|
|
|
+ count: {{ num_etcd }}
|
|
|
+ resource_def:
|
|
|
+ type: server.yaml
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type-%index%.cluster_id
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ k8s_type: {{ etcd_hostname | default('etcd') }}
|
|
|
+ cluster_env: {{ public_dns_domain }}
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ group:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type.cluster_id
|
|
|
+ params:
|
|
|
+ k8s_type: etcds
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ type: etcd
|
|
|
+ image: {{ openstack_etcd_image | default(openstack_image) }}
|
|
|
+ flavor: {{ etcd_flavor }}
|
|
|
+ key_name: {{ ssh_public_key }}
|
|
|
+{% if provider_network %}
|
|
|
+ net: {{ provider_network }}
|
|
|
+ net_name: {{ provider_network }}
|
|
|
+{% else %}
|
|
|
+ net: { get_resource: net }
|
|
|
+ subnet: { get_resource: subnet }
|
|
|
+ net_name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-net
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+{% endif %}
|
|
|
+ secgrp:
|
|
|
+ - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
|
|
|
+ - { get_resource: common-secgrp }
|
|
|
+ floating_network:
|
|
|
+ if:
|
|
|
+ - no_floating
|
|
|
+ - null
|
|
|
+ - {{ external_network }}
|
|
|
+{% if use_bastion|bool or provider_network %}
|
|
|
+ attach_float_net: false
|
|
|
+{% endif %}
|
|
|
+ volume_size: {{ etcd_volume_size }}
|
|
|
+{% if not provider_network %}
|
|
|
+ depends_on:
|
|
|
+ - interface
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+{% if master_server_group_policies|length > 0 %}
|
|
|
+ master_server_group:
|
|
|
+ type: OS::Nova::ServerGroup
|
|
|
+ properties:
|
|
|
+ name: master_server_group
|
|
|
+ policies: {{ master_server_group_policies }}
|
|
|
+{% endif %}
|
|
|
+{% if infra_server_group_policies|length > 0 %}
|
|
|
+ infra_server_group:
|
|
|
+ type: OS::Nova::ServerGroup
|
|
|
+ properties:
|
|
|
+ name: infra_server_group
|
|
|
+ policies: {{ infra_server_group_policies }}
|
|
|
+{% endif %}
|
|
|
+{% if num_masters|int > 1 %}
|
|
|
+ loadbalancer:
|
|
|
+ type: OS::Heat::ResourceGroup
|
|
|
+ properties:
|
|
|
+ count: 1
|
|
|
+ resource_def:
|
|
|
+ type: server.yaml
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type-%index%.cluster_id
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ k8s_type: {{ lb_hostname | default('lb') }}
|
|
|
+ cluster_env: {{ public_dns_domain }}
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ group:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type.cluster_id
|
|
|
+ params:
|
|
|
+ k8s_type: lb
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ type: lb
|
|
|
+ image: {{ openstack_lb_image | default(openstack_image) }}
|
|
|
+ flavor: {{ lb_flavor }}
|
|
|
+ key_name: {{ ssh_public_key }}
|
|
|
+{% if provider_network %}
|
|
|
+ net: {{ provider_network }}
|
|
|
+ net_name: {{ provider_network }}
|
|
|
+{% else %}
|
|
|
+ net: { get_resource: net }
|
|
|
+ subnet: { get_resource: subnet }
|
|
|
+ net_name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-net
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+{% endif %}
|
|
|
+ secgrp:
|
|
|
+ - { get_resource: lb-secgrp }
|
|
|
+ - { get_resource: common-secgrp }
|
|
|
+{% if not provider_network %}
|
|
|
+ floating_network: {{ external_network }}
|
|
|
+{% endif %}
|
|
|
+ volume_size: {{ lb_volume_size }}
|
|
|
+{% if not provider_network %}
|
|
|
+ depends_on:
|
|
|
+ - interface
|
|
|
+{% endif %}
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+ masters:
|
|
|
+ type: OS::Heat::ResourceGroup
|
|
|
+ properties:
|
|
|
+ count: {{ num_masters }}
|
|
|
+ resource_def:
|
|
|
+ type: server.yaml
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type-%index%.cluster_id
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ k8s_type: {{ master_hostname | default('master')}}
|
|
|
+ cluster_env: {{ public_dns_domain }}
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ group:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type.cluster_id
|
|
|
+ params:
|
|
|
+ k8s_type: masters
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ type: master
|
|
|
+ image: {{ openstack_master_image | default(openstack_image) }}
|
|
|
+ flavor: {{ master_flavor }}
|
|
|
+ key_name: {{ ssh_public_key }}
|
|
|
+{% if provider_network %}
|
|
|
+ net: {{ provider_network }}
|
|
|
+ net_name: {{ provider_network }}
|
|
|
+{% else %}
|
|
|
+ net: { get_resource: net }
|
|
|
+ subnet: { get_resource: subnet }
|
|
|
+ net_name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-net
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+{% if openshift_use_flannel|default(False)|bool %}
|
|
|
+ attach_data_net: true
|
|
|
+ data_net: { get_resource: data_net }
|
|
|
+ data_subnet: { get_resource: data_subnet }
|
|
|
+{% endif %}
|
|
|
+{% endif %}
|
|
|
+ secgrp:
|
|
|
+{% if openstack_flat_secgrp|default(False)|bool %}
|
|
|
+ - { get_resource: flat-secgrp }
|
|
|
+{% else %}
|
|
|
+ - { get_resource: master-secgrp }
|
|
|
+ - { get_resource: node-secgrp }
|
|
|
+{% if num_etcd|int == 0 %}
|
|
|
+ - { get_resource: etcd-secgrp }
|
|
|
+{% endif %}
|
|
|
+{% endif %}
|
|
|
+ - { get_resource: common-secgrp }
|
|
|
+ floating_network:
|
|
|
+ if:
|
|
|
+ - no_floating
|
|
|
+ - null
|
|
|
+ - {{ external_network }}
|
|
|
+{% if use_bastion|bool or provider_network %}
|
|
|
+ attach_float_net: false
|
|
|
+{% endif %}
|
|
|
+ volume_size: {{ master_volume_size }}
|
|
|
+{% if master_server_group_policies|length > 0 %}
|
|
|
+ scheduler_hints:
|
|
|
+ group: { get_resource: master_server_group }
|
|
|
+{% endif %}
|
|
|
+{% if not provider_network %}
|
|
|
+ depends_on:
|
|
|
+ - interface
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+ compute_nodes:
|
|
|
+ type: OS::Heat::ResourceGroup
|
|
|
+ properties:
|
|
|
+ count: {{ num_nodes }}
|
|
|
+ removal_policies:
|
|
|
+ - resource_list: {{ nodes_to_remove }}
|
|
|
+ resource_def:
|
|
|
+ type: server.yaml
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: sub_type_k8s_type-%index%.cluster_id
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ sub_type_k8s_type: {{ node_hostname | default('app-node') }}
|
|
|
+ cluster_env: {{ public_dns_domain }}
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ group:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type.cluster_id
|
|
|
+ params:
|
|
|
+ k8s_type: nodes
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ type: node
|
|
|
+ subtype: app
|
|
|
+ node_labels:
|
|
|
+{% for k, v in openshift_cluster_node_labels.app.iteritems() %}
|
|
|
+ {{ k|e }}: {{ v|e }}
|
|
|
+{% endfor %}
|
|
|
+ image: {{ openstack_node_image | default(openstack_image) }}
|
|
|
+ flavor: {{ node_flavor }}
|
|
|
+ key_name: {{ ssh_public_key }}
|
|
|
+{% if provider_network %}
|
|
|
+ net: {{ provider_network }}
|
|
|
+ net_name: {{ provider_network }}
|
|
|
+{% else %}
|
|
|
+ net: { get_resource: net }
|
|
|
+ subnet: { get_resource: subnet }
|
|
|
+ net_name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-net
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+{% if openshift_use_flannel|default(False)|bool %}
|
|
|
+ attach_data_net: true
|
|
|
+ data_net: { get_resource: data_net }
|
|
|
+ data_subnet: { get_resource: data_subnet }
|
|
|
+{% endif %}
|
|
|
+{% endif %}
|
|
|
+ secgrp:
|
|
|
+ - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
|
|
|
+ - { get_resource: common-secgrp }
|
|
|
+ floating_network:
|
|
|
+ if:
|
|
|
+ - no_floating
|
|
|
+ - null
|
|
|
+ - {{ external_network }}
|
|
|
+{% if use_bastion|bool or provider_network %}
|
|
|
+ attach_float_net: false
|
|
|
+{% endif %}
|
|
|
+ volume_size: {{ node_volume_size }}
|
|
|
+{% if not provider_network %}
|
|
|
+ depends_on:
|
|
|
+ - interface
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+ infra_nodes:
|
|
|
+ type: OS::Heat::ResourceGroup
|
|
|
+ properties:
|
|
|
+ count: {{ num_infra }}
|
|
|
+ resource_def:
|
|
|
+ type: server.yaml
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: sub_type_k8s_type-%index%.cluster_id
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ sub_type_k8s_type: {{ infra_hostname | default('infranode') }}
|
|
|
+ cluster_env: {{ public_dns_domain }}
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ group:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type.cluster_id
|
|
|
+ params:
|
|
|
+ k8s_type: infra
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ type: node
|
|
|
+ subtype: infra
|
|
|
+ node_labels:
|
|
|
+{% for k, v in openshift_cluster_node_labels.infra.iteritems() %}
|
|
|
+ {{ k|e }}: {{ v|e }}
|
|
|
+{% endfor %}
|
|
|
+ image: {{ openstack_infra_image | default(openstack_image) }}
|
|
|
+ flavor: {{ infra_flavor }}
|
|
|
+ key_name: {{ ssh_public_key }}
|
|
|
+{% if provider_network %}
|
|
|
+ net: {{ provider_network }}
|
|
|
+ net_name: {{ provider_network }}
|
|
|
+{% else %}
|
|
|
+ net: { get_resource: net }
|
|
|
+ subnet: { get_resource: subnet }
|
|
|
+ net_name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-net
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+{% if openshift_use_flannel|default(False)|bool %}
|
|
|
+ attach_data_net: true
|
|
|
+ data_net: { get_resource: data_net }
|
|
|
+ data_subnet: { get_resource: data_subnet }
|
|
|
+{% endif %}
|
|
|
+{% endif %}
|
|
|
+ secgrp:
|
|
|
+# TODO(bogdando) filter only required node rules into infra-secgrp
|
|
|
+{% if openstack_flat_secgrp|default(False)|bool %}
|
|
|
+ - { get_resource: flat-secgrp }
|
|
|
+{% else %}
|
|
|
+ - { get_resource: node-secgrp }
|
|
|
+{% endif %}
|
|
|
+{% if ui_ssh_tunnel|bool and num_masters|int < 2 %}
|
|
|
+ - { get_resource: lb-secgrp }
|
|
|
+{% endif %}
|
|
|
+ - { get_resource: infra-secgrp }
|
|
|
+ - { get_resource: common-secgrp }
|
|
|
+{% if not provider_network %}
|
|
|
+ floating_network: {{ external_network }}
|
|
|
+{% endif %}
|
|
|
+ volume_size: {{ infra_volume_size }}
|
|
|
+{% if infra_server_group_policies|length > 0 %}
|
|
|
+ scheduler_hints:
|
|
|
+ group: { get_resource: infra_server_group }
|
|
|
+{% endif %}
|
|
|
+{% if not provider_network %}
|
|
|
+ depends_on:
|
|
|
+ - interface
|
|
|
+{% endif %}
|
|
|
+
|
|
|
+{% if num_dns|int > 0 %}
|
|
|
+ dns:
|
|
|
+ type: OS::Heat::ResourceGroup
|
|
|
+ properties:
|
|
|
+ count: {{ num_dns }}
|
|
|
+ resource_def:
|
|
|
+ type: server.yaml
|
|
|
+ properties:
|
|
|
+ name:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type-%index%.cluster_id
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ k8s_type: {{ dns_hostname | default('dns') }}
|
|
|
+ cluster_env: {{ public_dns_domain }}
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ group:
|
|
|
+ str_replace:
|
|
|
+ template: k8s_type.cluster_id
|
|
|
+ params:
|
|
|
+ k8s_type: dns
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+ type: dns
|
|
|
+ image: {{ openstack_dns_image | default(openstack_image) }}
|
|
|
+ flavor: {{ dns_flavor }}
|
|
|
+ key_name: {{ ssh_public_key }}
|
|
|
+{% if provider_network %}
|
|
|
+ net: {{ provider_network }}
|
|
|
+ net_name: {{ provider_network }}
|
|
|
+{% else %}
|
|
|
+ net: { get_resource: net }
|
|
|
+ subnet: { get_resource: subnet }
|
|
|
+ net_name:
|
|
|
+ str_replace:
|
|
|
+ template: openshift-ansible-cluster_id-net
|
|
|
+ params:
|
|
|
+ cluster_id: {{ stack_name }}
|
|
|
+{% endif %}
|
|
|
+ secgrp:
|
|
|
+ - { get_resource: dns-secgrp }
|
|
|
+ - { get_resource: common-secgrp }
|
|
|
+{% if not provider_network %}
|
|
|
+ floating_network: {{ external_network }}
|
|
|
+{% endif %}
|
|
|
+ volume_size: {{ dns_volume_size }}
|
|
|
+{% if not provider_network %}
|
|
|
+ depends_on:
|
|
|
+ - interface
|
|
|
+{% endif %}
|
|
|
+{% endif %}
|