shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518
							heat_template_version: 2014-10-16

description: OpenShift cluster

parameters:

  cluster_env:
    type: string
    label: Cluster environment
    description: Environment of the cluster

  cluster_id:
    type: string
    label: Cluster ID
    description: Identifier of the cluster

  subnet_24_prefix:
    type: string
    label: subnet /24 prefix
    description: /24 subnet prefix of the network of the cluster (dot separated number triplet)

  dns_nameservers:
    type: comma_delimited_list
    label: DNS nameservers list
    description: List of DNS nameservers

  external_net:
    type: string
    label: External network
    description: Name of the external network
    default: external

  ssh_public_key:
    type: string
    label: SSH public key
    description: SSH public key
    hidden: true

  ssh_incoming:
    type: string
    label: Source of ssh connections
    description: Source of legitimate ssh connections
    default: 0.0.0.0/0

  node_port_incoming:
    type: string
    label: Source of node port connections
    description: Authorized sources targeting node ports
    default: 0.0.0.0/0

  num_etcd:
    type: number
    label: Number of etcd nodes
    description: Number of etcd nodes

  num_masters:
    type: number
    label: Number of masters
    description: Number of masters

  num_nodes:
    type: number
    label: Number of compute nodes
    description: Number of compute nodes

  num_infra:
    type: number
    label: Number of infrastructure nodes
    description: Number of infrastructure nodes

  etcd_image:
    type: string
    label: Etcd image
    description: Name of the image for the etcd servers

  master_image:
    type: string
    label: Master image
    description: Name of the image for the master servers

  node_image:
    type: string
    label: Node image
    description: Name of the image for the compute node servers

  infra_image:
    type: string
    label: Infra image
    description: Name of the image for the infra node servers

  etcd_flavor:
    type: string
    label: Etcd flavor
    description: Flavor of the etcd servers

  master_flavor:
    type: string
    label: Master flavor
    description: Flavor of the master servers

  node_flavor:
    type: string
    label: Node flavor
    description: Flavor of the compute node servers

  infra_flavor:
    type: string
    label: Infra flavor
    description: Flavor of the infra node servers

outputs:

  etcd_names:
    description: Name of the etcds
    value: { get_attr: [ etcd, name ] }

  etcd_ips:
    description: IPs of the etcds
    value: { get_attr: [ etcd, private_ip ] }

  etcd_floating_ips:
    description: Floating IPs of the etcds
    value: { get_attr: [ etcd, floating_ip ] }

  master_names:
    description: Name of the masters
    value: { get_attr: [ masters, name ] }

  master_ips:
    description: IPs of the masters
    value: { get_attr: [ masters, private_ip ] }

  master_floating_ips:
    description: Floating IPs of the masters
    value: { get_attr: [ masters, floating_ip ] }

  node_names:
    description: Name of the nodes
    value: { get_attr: [ compute_nodes, name ] }

  node_ips:
    description: IPs of the nodes
    value: { get_attr: [ compute_nodes, private_ip ] }

  node_floating_ips:
    description: Floating IPs of the nodes
    value: { get_attr: [ compute_nodes, floating_ip ] }

  infra_names:
    description: Name of the nodes
    value: { get_attr: [ infra_nodes, name ] }

  infra_ips:
    description: IPs of the nodes
    value: { get_attr: [ infra_nodes, private_ip ] }

  infra_floating_ips:
    description: Floating IPs of the nodes
    value: { get_attr: [ infra_nodes, floating_ip ] }

resources:

  net:
    type: OS::Neutron::Net
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-net
          params:
            cluster_id: { get_param: cluster_id }

  subnet:
    type: OS::Neutron::Subnet
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-subnet
          params:
            cluster_id: { get_param: cluster_id }
      network: { get_resource: net }
      cidr:
        str_replace:
          template: subnet_24_prefix.0/24
          params:
            subnet_24_prefix: { get_param: subnet_24_prefix }
      dns_nameservers: { get_param: dns_nameservers }

  router:
    type: OS::Neutron::Router
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-router
          params:
            cluster_id: { get_param: cluster_id }
      external_gateway_info:
        network: { get_param: external_net }

  interface:
    type: OS::Neutron::RouterInterface
    properties:
      router_id: { get_resource: router }
      subnet_id: { get_resource: subnet }

  keypair:
    type: OS::Nova::KeyPair
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-keypair
          params:
            cluster_id: { get_param: cluster_id }
      public_key: { get_param: ssh_public_key }

  master-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-master-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id OpenShift cluster master
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: { get_param: ssh_incoming }
        - direction: ingress
          protocol: tcp
          port_range_min: 4001
          port_range_max: 4001
        - direction: ingress
          protocol: tcp
          port_range_min: 8443
          port_range_max: 8443
        - direction: ingress
          protocol: tcp
          port_range_min: 8444
          port_range_max: 8444
        - direction: ingress
          protocol: tcp
          port_range_min: 53
          port_range_max: 53
        - direction: ingress
          protocol: udp
          port_range_min: 53
          port_range_max: 53
        - direction: ingress
          protocol: tcp
          port_range_min: 8053
          port_range_max: 8053
        - direction: ingress
          protocol: udp
          port_range_min: 8053
          port_range_max: 8053
        - direction: ingress
          protocol: tcp
          port_range_min: 24224
          port_range_max: 24224
        - direction: ingress
          protocol: udp
          port_range_min: 24224
          port_range_max: 24224
        - direction: ingress
          protocol: tcp
          port_range_min: 2224
          port_range_max: 2224
        - direction: ingress
          protocol: udp
          port_range_min: 5404
          port_range_max: 5404
        - direction: ingress
          protocol: udp
          port_range_min: 5405
          port_range_max: 5405
        - direction: ingress
          protocol: tcp
          port_range_min: 9090
          port_range_max: 9090

  etcd-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-etcd-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id etcd cluster
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: { get_param: ssh_incoming }
        - direction: ingress
          protocol: tcp
          port_range_min: 2379
          port_range_max: 2379
          remote_mode: remote_group_id
          remote_group_id: { get_resource: master-secgrp }
        - direction: ingress
          protocol: tcp
          port_range_min: 2380
          port_range_max: 2380
          remote_mode: remote_group_id

  node-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-node-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id OpenShift cluster nodes
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: { get_param: ssh_incoming }
        - direction: ingress
          protocol: tcp
          port_range_min: 10250
          port_range_max: 10250
          remote_mode: remote_group_id
        - direction: ingress
          protocol: tcp
          port_range_min: 10255
          port_range_max: 10255
          remote_mode: remote_group_id
        - direction: ingress
          protocol: udp
          port_range_min: 10255
          port_range_max: 10255
          remote_mode: remote_group_id
        - direction: ingress
          protocol: udp
          port_range_min: 4789
          port_range_max: 4789
          remote_mode: remote_group_id
        - direction: ingress
          protocol: tcp
          port_range_min: 30000
          port_range_max: 32767
          remote_ip_prefix: { get_param: node_port_incoming }

  infra-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-infra-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id OpenShift infrastructure cluster nodes
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 80
          port_range_max: 80
        - direction: ingress
          protocol: tcp
          port_range_min: 443
          port_range_max: 443

  etcd:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_etcd }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: etcd
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        etcd
          image:       { get_param: etcd_image }
          flavor:      { get_param: etcd_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: etcd-secgrp }
          floating_network: { get_param: external_net }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on:
      - interface

  masters:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_masters }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: master
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        master
          image:       { get_param: master_image }
          flavor:      { get_param: master_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: master-secgrp }
            - { get_resource: node-secgrp }
          floating_network: { get_param: external_net }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on:
      - interface

  compute_nodes:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_nodes }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-sub_host_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: node
                sub_host_type: compute
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        node
          subtype:     compute
          image:       { get_param: node_image }
          flavor:      { get_param: node_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: node-secgrp }
          floating_network: { get_param: external_net }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on:
      - interface

  infra_nodes:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_infra }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-sub_host_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: node
                sub_host_type: infra
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        node
          subtype:     infra
          image:       { get_param: infra_image }
          flavor:      { get_param: infra_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: node-secgrp }
            - { get_resource: infra-secgrp }
          floating_network: { get_param: external_net }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on:
      - interface