| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733 |
- heat_template_version: 2016-10-14
- description: OpenShift cluster
- parameters:
- outputs:
- etcd_names:
- description: Name of the etcds
- value: { get_attr: [ etcd, name ] }
- etcd_ips:
- description: IPs of the etcds
- value: { get_attr: [ etcd, private_ip ] }
- etcd_floating_ips:
- description: Floating IPs of the etcds
- value: { get_attr: [ etcd, floating_ip ] }
- master_names:
- description: Name of the masters
- value: { get_attr: [ masters, name ] }
- master_ips:
- description: IPs of the masters
- value: { get_attr: [ masters, private_ip ] }
- master_floating_ips:
- description: Floating IPs of the masters
- value: { get_attr: [ masters, floating_ip ] }
- node_names:
- description: Name of the nodes
- value: { get_attr: [ compute_nodes, name ] }
- node_ips:
- description: IPs of the nodes
- value: { get_attr: [ compute_nodes, private_ip ] }
- node_floating_ips:
- description: Floating IPs of the nodes
- value: { get_attr: [ compute_nodes, floating_ip ] }
- infra_names:
- description: Name of the nodes
- value: { get_attr: [ infra_nodes, name ] }
- infra_ips:
- description: IPs of the nodes
- value: { get_attr: [ infra_nodes, private_ip ] }
- infra_floating_ips:
- description: Floating IPs of the nodes
- value: { get_attr: [ infra_nodes, floating_ip ] }
- dns_name:
- description: Name of the DNS
- value:
- get_attr:
- - dns
- - name
- dns_floating_ip:
- description: Floating IP of the DNS
- value:
- get_attr:
- - dns
- - addresses
- - str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- - 1
- - addr
- resources:
- net:
- type: OS::Neutron::Net
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- subnet:
- type: OS::Neutron::Subnet
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-subnet
- params:
- cluster_id: {{ stack_name }}
- network: { get_resource: net }
- cidr:
- str_replace:
- template: subnet_24_prefix.0/24
- params:
- subnet_24_prefix: {{ subnet_prefix }}
- allocation_pools:
- - start:
- str_replace:
- template: subnet_24_prefix.3
- params:
- subnet_24_prefix: {{ subnet_prefix }}
- end:
- str_replace:
- template: subnet_24_prefix.254
- params:
- subnet_24_prefix: {{ subnet_prefix }}
- dns_nameservers:
- {% for nameserver in dns_nameservers %}
- - {{ nameserver }}
- {% endfor %}
- router:
- type: OS::Neutron::Router
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-router
- params:
- cluster_id: {{ stack_name }}
- external_gateway_info:
- network: {{ external_network }}
- interface:
- type: OS::Neutron::RouterInterface
- properties:
- router_id: { get_resource: router }
- subnet_id: { get_resource: subnet }
- # keypair:
- # type: OS::Nova::KeyPair
- # properties:
- # name:
- # str_replace:
- # template: openshift-ansible-cluster_id-keypair
- # params:
- # cluster_id: {{ stack_name }}
- # public_key: {{ ssh_public_key }}
- common-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-common-secgrp
- params:
- cluster_id: {{ stack_name }}
- description:
- str_replace:
- template: Basic ssh/dns security group for cluster_id OpenShift cluster
- params:
- cluster_id: {{ stack_name }}
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: {{ ssh_ingress_cidr }}
- - direction: ingress
- protocol: tcp
- port_range_min: 53
- port_range_max: 53
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
- {% if openstack_flat_secgrp|bool %}
- flat-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-flat-secgrp
- params:
- cluster_id: {{ stack_name }}
- description:
- str_replace:
- template: Security group for cluster_id OpenShift cluster
- params:
- cluster_id: {{ stack_name }}
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 4001
- port_range_max: 4001
- - direction: ingress
- protocol: tcp
- port_range_min: 8443
- port_range_max: 8444
- - direction: ingress
- protocol: tcp
- port_range_min: 8053
- port_range_max: 8053
- - direction: ingress
- protocol: udp
- port_range_min: 8053
- port_range_max: 8053
- - direction: ingress
- protocol: tcp
- port_range_min: 24224
- port_range_max: 24224
- - direction: ingress
- protocol: udp
- port_range_min: 24224
- port_range_max: 24224
- - direction: ingress
- protocol: tcp
- port_range_min: 2224
- port_range_max: 2224
- - direction: ingress
- protocol: udp
- port_range_min: 5404
- port_range_max: 5405
- - direction: ingress
- protocol: tcp
- port_range_min: 9090
- port_range_max: 9090
- - direction: ingress
- protocol: tcp
- port_range_min: 2379
- port_range_max: 2380
- remote_mode: remote_group_id
- - direction: ingress
- protocol: tcp
- port_range_min: 10250
- port_range_max: 10250
- remote_mode: remote_group_id
- - direction: ingress
- protocol: udp
- port_range_min: 10250
- port_range_max: 10250
- remote_mode: remote_group_id
- - direction: ingress
- protocol: tcp
- port_range_min: 10255
- port_range_max: 10255
- remote_mode: remote_group_id
- - direction: ingress
- protocol: udp
- port_range_min: 10255
- port_range_max: 10255
- remote_mode: remote_group_id
- - direction: ingress
- protocol: udp
- port_range_min: 4789
- port_range_max: 4789
- remote_mode: remote_group_id
- - direction: ingress
- protocol: tcp
- port_range_min: 30000
- port_range_max: 32767
- remote_ip_prefix: {{ node_ingress_cidr }}
- - direction: ingress
- protocol: tcp
- port_range_min: 30000
- port_range_max: 32767
- remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
- {% else %}
- master-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-master-secgrp
- params:
- cluster_id: {{ stack_name }}
- description:
- str_replace:
- template: Security group for cluster_id OpenShift cluster master
- params:
- cluster_id: {{ stack_name }}
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 4001
- port_range_max: 4001
- - direction: ingress
- protocol: tcp
- port_range_min: 8443
- port_range_max: 8444
- - direction: ingress
- protocol: tcp
- port_range_min: 8053
- port_range_max: 8053
- - direction: ingress
- protocol: udp
- port_range_min: 8053
- port_range_max: 8053
- - direction: ingress
- protocol: tcp
- port_range_min: 24224
- port_range_max: 24224
- - direction: ingress
- protocol: udp
- port_range_min: 24224
- port_range_max: 24224
- - direction: ingress
- protocol: tcp
- port_range_min: 2224
- port_range_max: 2224
- - direction: ingress
- protocol: udp
- port_range_min: 5404
- port_range_max: 5405
- - direction: ingress
- protocol: tcp
- port_range_min: 9090
- port_range_max: 9090
- etcd-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-etcd-secgrp
- params:
- cluster_id: {{ stack_name }}
- description:
- str_replace:
- template: Security group for cluster_id etcd cluster
- params:
- cluster_id: {{ stack_name }}
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 2379
- port_range_max: 2379
- remote_mode: remote_group_id
- remote_group_id: { get_resource: master-secgrp }
- - direction: ingress
- protocol: tcp
- port_range_min: 2380
- port_range_max: 2380
- remote_mode: remote_group_id
- node-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-node-secgrp
- params:
- cluster_id: {{ stack_name }}
- description:
- str_replace:
- template: Security group for cluster_id OpenShift cluster nodes
- params:
- cluster_id: {{ stack_name }}
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 10250
- port_range_max: 10250
- remote_mode: remote_group_id
- - direction: ingress
- protocol: tcp
- port_range_min: 10255
- port_range_max: 10255
- remote_mode: remote_group_id
- - direction: ingress
- protocol: udp
- port_range_min: 10255
- port_range_max: 10255
- remote_mode: remote_group_id
- - direction: ingress
- protocol: udp
- port_range_min: 4789
- port_range_max: 4789
- remote_mode: remote_group_id
- - direction: ingress
- protocol: tcp
- port_range_min: 30000
- port_range_max: 32767
- remote_ip_prefix: {{ node_ingress_cidr }}
- - direction: ingress
- protocol: tcp
- port_range_min: 30000
- port_range_max: 32767
- remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
- {% endif %}
- infra-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-infra-secgrp
- params:
- cluster_id: {{ stack_name }}
- description:
- str_replace:
- template: Security group for cluster_id OpenShift infrastructure cluster nodes
- params:
- cluster_id: {{ stack_name }}
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 80
- port_range_max: 80
- - direction: ingress
- protocol: tcp
- port_range_min: 443
- port_range_max: 443
- dns-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name:
- str_replace:
- template: openshift-ansible-cluster_id-dns-secgrp
- params:
- cluster_id: {{ stack_name }}
- description:
- str_replace:
- template: Security group for cluster_id cluster DNS
- params:
- cluster_id: {{ stack_name }}
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: 22
- port_range_max: 22
- remote_ip_prefix: {{ ssh_ingress_cidr }}
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
- remote_ip_prefix: {{ node_ingress_cidr }}
- - direction: ingress
- protocol: udp
- port_range_min: 53
- port_range_max: 53
- remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
- - direction: ingress
- protocol: tcp
- port_range_min: 53
- port_range_max: 53
- remote_ip_prefix: {{ node_ingress_cidr }}
- - direction: ingress
- protocol: tcp
- port_range_min: 53
- port_range_max: 53
- remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
- {% if num_masters is greaterthan 1 %}
- lb-secgrp:
- type: OS::Neutron::SecurityGroup
- properties:
- name: openshift-ansible-{{ stack_name }}-lb-secgrp
- description: Security group for {{ stack_name }} cluster Load Balancer
- rules:
- - direction: ingress
- protocol: tcp
- port_range_min: {{ openshift_master_api_port | default(8443) }}
- port_range_max: {{ openshift_master_api_port | default(8443) }}
- remote_ip_prefix: {{ lb_ingress_cidr }}
- {% if openshift_master_console_port is defined and openshift_master_console_port is not equalto openshift_master_api_port %}
- - direction: ingress
- protocol: tcp
- port_range_min: {{ openshift_master_console_port | default(8443) }}
- port_range_max: {{ openshift_master_console_port | default(8443) }}
- remote_ip_prefix: {{ lb_ingress_cidr }}
- {% endif %}
- {% endif %}
- etcd:
- type: OS::Heat::ResourceGroup
- properties:
- count: {{ num_etcd }}
- resource_def:
- type: server.yaml
- properties:
- name:
- str_replace:
- template: k8s_type-%index%.cluster_id
- params:
- cluster_id: {{ stack_name }}
- k8s_type: etcd
- cluster_env: {{ public_dns_domain }}
- cluster_id: {{ stack_name }}
- group:
- str_replace:
- template: k8s_type.cluster_id
- params:
- k8s_type: etcds
- cluster_id: {{ stack_name }}
- type: etcd
- image: {{ openstack_image }}
- flavor: {{ etcd_flavor }}
- key_name: {{ ssh_public_key }}
- net: { get_resource: net }
- subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: {% if openstack_flat_secgrp|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- volume_size: {{ etcd_volume_size }}
- depends_on:
- - interface
- {% if num_masters is greaterthan 1 %}
- loadbalancer:
- type: OS::Heat::ResourceGroup
- properties:
- count: 1
- resource_def:
- type: server.yaml
- properties:
- name:
- str_replace:
- template: k8s_type-%index%.cluster_id
- params:
- cluster_id: {{ stack_name }}
- k8s_type: lb
- cluster_env: {{ public_dns_domain }}
- cluster_id: {{ stack_name }}
- group:
- str_replace:
- template: k8s_type.cluster_id
- params:
- k8s_type: lb
- cluster_id: {{ stack_name }}
- type: lb
- image: {{ openstack_image }}
- flavor: {{ lb_flavor }}
- key_name: {{ ssh_public_key }}
- net: { get_resource: net }
- subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: lb-secgrp }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- volume_size: 5
- depends_on:
- - interface
- {% endif %}
- masters:
- type: OS::Heat::ResourceGroup
- properties:
- count: {{ num_masters }}
- resource_def:
- type: server.yaml
- properties:
- name:
- str_replace:
- template: k8s_type-%index%.cluster_id
- params:
- cluster_id: {{ stack_name }}
- k8s_type: master
- cluster_env: {{ public_dns_domain }}
- cluster_id: {{ stack_name }}
- group:
- str_replace:
- template: k8s_type.cluster_id
- params:
- k8s_type: masters
- cluster_id: {{ stack_name }}
- type: master
- image: {{ openstack_image }}
- flavor: {{ master_flavor }}
- key_name: {{ ssh_public_key }}
- net: { get_resource: net }
- subnet: { get_resource: subnet }
- secgrp:
- {% if openstack_flat_secgrp|bool %}
- - { get_resource: flat-secgrp }
- {% else %}
- - { get_resource: master-secgrp }
- - { get_resource: node-secgrp }
- {% if num_etcd is equalto 0 %}
- - { get_resource: etcd-secgrp }
- {% endif %}
- {% endif %}
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- volume_size: {{ master_volume_size }}
- depends_on:
- - interface
- compute_nodes:
- type: OS::Heat::ResourceGroup
- properties:
- count: {{ num_nodes }}
- resource_def:
- type: server.yaml
- properties:
- name:
- str_replace:
- template: subtype-k8s_type-%index%.cluster_id
- params:
- cluster_id: {{ stack_name }}
- k8s_type: node
- subtype: app
- cluster_env: {{ public_dns_domain }}
- cluster_id: {{ stack_name }}
- group:
- str_replace:
- template: k8s_type.cluster_id
- params:
- k8s_type: nodes
- cluster_id: {{ stack_name }}
- type: node
- subtype: app
- node_labels:
- region: primary
- image: {{ openstack_image }}
- flavor: {{ node_flavor }}
- key_name: {{ ssh_public_key }}
- net: { get_resource: net }
- subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: {% if openstack_flat_secgrp|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- volume_size: {{ app_volume_size }}
- depends_on:
- - interface
- infra_nodes:
- type: OS::Heat::ResourceGroup
- properties:
- count: {{ num_infra }}
- resource_def:
- type: server.yaml
- properties:
- name:
- str_replace:
- template: subtypek8s_type-%index%.cluster_id
- params:
- cluster_id: {{ stack_name }}
- k8s_type: node
- subtype: infra
- cluster_env: {{ public_dns_domain }}
- cluster_id: {{ stack_name }}
- group:
- str_replace:
- template: k8s_type.cluster_id
- params:
- k8s_type: infra
- cluster_id: {{ stack_name }}
- type: node
- subtype: infra
- node_labels:
- region: infra
- image: {{ openstack_image }}
- flavor: {{ infra_flavor }}
- key_name: {{ ssh_public_key }}
- net: { get_resource: net }
- subnet: { get_resource: subnet }
- secgrp:
- # TODO(bogdando) filter only required node rules into infra-secgrp
- {% if openstack_flat_secgrp|bool %}
- - { get_resource: flat-secgrp }
- {% else %}
- - { get_resource: node-secgrp }
- {% endif %}
- - { get_resource: infra-secgrp }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- volume_size: {{ infra_volume_size }}
- depends_on:
- - interface
- dns:
- type: OS::Heat::ResourceGroup
- properties:
- count: {{ num_dns }}
- resource_def:
- type: server.yaml
- properties:
- name:
- str_replace:
- template: k8s_type-%index%.cluster_id
- params:
- cluster_id: {{ stack_name }}
- k8s_type: dns
- cluster_env: {{ public_dns_domain }}
- cluster_id: {{ stack_name }}
- group:
- str_replace:
- template: k8s_type.cluster_id
- params:
- k8s_type: dns
- cluster_id: {{ stack_name }}
- type: dns
- image: {{ openstack_image }}
- flavor: {{ dns_flavor }}
- key_name: {{ ssh_public_key }}
- net: { get_resource: net }
- subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: dns-secgrp }
- floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
- volume_size: {{ dns_volume_size }}
- depends_on:
- - interface
|
