okd/playbooks/openstack/openshift-cluster/files/heat_stack.yaml

heat_template_version: 2014-10-16

description: OpenShift cluster

parameters:

  cluster_env:
    type: string
    label: Cluster environment
    description: Environment of the cluster

  cluster_id:
    type: string
    label: Cluster ID
    description: Identifier of the cluster

  cidr:
    type: string
    label: CIDR
    description: CIDR of the network of the cluster

  dns_nameservers:
    type: comma_delimited_list
    label: DNS nameservers list
    description: List of DNS nameservers

  external_net:
    type: string
    label: External network
    description: Name of the external network
    default: external

  floating_ip_pool:
    type: string
    label: Floating IP pool
    description: Floating IP pools
    default: external

  ssh_public_key:
    type: string
    label: SSH public key
    description: SSH public key
    hidden: true

  ssh_incoming:
    type: string
    label: Source of ssh connections
    description: Source of legitimate ssh connections
    default: 0.0.0.0/0

  num_etcd:
    type: number
    label: Number of etcd nodes
    description: Number of etcd nodes

  num_masters:
    type: number
    label: Number of masters
    description: Number of masters

  num_nodes:
    type: number
    label: Number of compute nodes
    description: Number of compute nodes

  num_infra:
    type: number
    label: Number of infrastructure nodes
    description: Number of infrastructure nodes

  etcd_image:
    type: string
    label: Etcd image
    description: Name of the image for the etcd servers

  master_image:
    type: string
    label: Master image
    description: Name of the image for the master servers

  node_image:
    type: string
    label: Node image
    description: Name of the image for the compute node servers

  infra_image:
    type: string
    label: Infra image
    description: Name of the image for the infra node servers

  etcd_flavor:
    type: string
    label: Etcd flavor
    description: Flavor of the etcd servers

  master_flavor:
    type: string
    label: Master flavor
    description: Flavor of the master servers

  node_flavor:
    type: string
    label: Node flavor
    description: Flavor of the compute node servers

  infra_flavor:
    type: string
    label: Infra flavor
    description: Flavor of the infra node servers

outputs:

  etcd_names:
    description: Name of the etcds
    value: { get_attr: [ etcd, name ] }

  etcd_ips:
    description: IPs of the etcds
    value: { get_attr: [ etcd, private_ip ] }

  etcd_floating_ips:
    description: Floating IPs of the etcds
    value: { get_attr: [ etcd, floating_ip ] }

  master_names:
    description: Name of the masters
    value: { get_attr: [ masters, name ] }

  master_ips:
    description: IPs of the masters
    value: { get_attr: [ masters, private_ip ] }

  master_floating_ips:
    description: Floating IPs of the masters
    value: { get_attr: [ masters, floating_ip ] }

  node_names:
    description: Name of the nodes
    value: { get_attr: [ compute_nodes, name ] }

  node_ips:
    description: IPs of the nodes
    value: { get_attr: [ compute_nodes, private_ip ] }

  node_floating_ips:
    description: Floating IPs of the nodes
    value: { get_attr: [ compute_nodes, floating_ip ] }

  infra_names:
    description: Name of the nodes
    value: { get_attr: [ infra_nodes, name ] }

  infra_ips:
    description: IPs of the nodes
    value: { get_attr: [ infra_nodes, private_ip ] }

  infra_floating_ips:
    description: Floating IPs of the nodes
    value: { get_attr: [ infra_nodes, floating_ip ] }

resources:

  net:
    type: OS::Neutron::Net
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-net
          params:
            cluster_id: { get_param: cluster_id }

  subnet:
    type: OS::Neutron::Subnet
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-subnet
          params:
            cluster_id: { get_param: cluster_id }
      network: { get_resource: net }
      cidr: { get_param: cidr }
      dns_nameservers: { get_param: dns_nameservers }

  router:
    type: OS::Neutron::Router
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-router
          params:
            cluster_id: { get_param: cluster_id }
      external_gateway_info:
        network: { get_param: external_net }

  interface:
    type: OS::Neutron::RouterInterface
    properties:
      router_id: { get_resource: router }
      subnet_id: { get_resource: subnet }

  keypair:
    type: OS::Nova::KeyPair
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-keypair
          params:
            cluster_id: { get_param: cluster_id }
      public_key: { get_param: ssh_public_key }

  master-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-master-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id OpenShift cluster master
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: { get_param: ssh_incoming }
        - direction: ingress
          protocol: tcp
          port_range_min: 4001
          port_range_max: 4001
        - direction: ingress
          protocol: tcp
          port_range_min: 8443
          port_range_max: 8443
        - direction: ingress
          protocol: tcp
          port_range_min: 53
          port_range_max: 53
        - direction: ingress
          protocol: udp
          port_range_min: 53
          port_range_max: 53
        - direction: ingress
          protocol: tcp
          port_range_min: 24224
          port_range_max: 24224
        - direction: ingress
          protocol: udp
          port_range_min: 24224
          port_range_max: 24224

  etcd-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-etcd-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id etcd cluster
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: { get_param: ssh_incoming }
        - direction: ingress
          protocol: tcp
          port_range_min: 2379
          port_range_max: 2379
          remote_mode: remote_group_id
          remote_group_id: { get_resource: master-secgrp }
        - direction: ingress
          protocol: tcp
          port_range_min: 2380
          port_range_max: 2380
          remote_mode: remote_group_id

  node-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-node-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id OpenShift cluster nodes
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: { get_param: ssh_incoming }
        - direction: ingress
          protocol: udp
          port_range_min: 4789
          port_range_max: 4789
          remote_mode: remote_group_id
        - direction: ingress
          protocol: tcp
          port_range_min: 10250
          port_range_max: 10250
          remote_mode: remote_group_id
          remote_group_id: { get_resource: master-secgrp }

  infra-secgrp:
    type: OS::Neutron::SecurityGroup
    properties:
      name:
        str_replace:
          template: openshift-ansible-cluster_id-infra-secgrp
          params:
            cluster_id: { get_param: cluster_id }
      description:
        str_replace:
          template: Security group for cluster_id OpenShift infrastructure cluster nodes
          params:
            cluster_id: { get_param: cluster_id }
      rules:
        - direction: ingress
          protocol: tcp
          port_range_min: 80
          port_range_max: 80
        - direction: ingress
          protocol: tcp
          port_range_min: 443
          port_range_max: 443

  etcd:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_etcd }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: etcd
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        etcd
          image:       { get_param: etcd_image }
          flavor:      { get_param: etcd_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: etcd-secgrp }
          floating_network: { get_param: floating_ip_pool }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on: interface

  masters:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_masters }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: master
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        master
          image:       { get_param: master_image }
          flavor:      { get_param: master_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: master-secgrp }
          floating_network: { get_param: floating_ip_pool }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on: interface

  compute_nodes:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_nodes }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-sub_host_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: node
                sub_host_type: compute
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        node
          subtype:     compute
          image:       { get_param: node_image }
          flavor:      { get_param: node_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: node-secgrp }
          floating_network: { get_param: floating_ip_pool }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on: interface

  infra_nodes:
    type: OS::Heat::ResourceGroup
    properties:
      count: { get_param: num_infra }
      resource_def:
        type: heat_stack_server.yaml
        properties:
          name:
            str_replace:
              template: cluster_id-k8s_type-sub_host_type-%index%
              params:
                cluster_id: { get_param: cluster_id }
                k8s_type: node
                sub_host_type: infra
          cluster_env: { get_param: cluster_env }
          cluster_id:  { get_param: cluster_id }
          type:        node
          subtype:     infra
          image:       { get_param: infra_image }
          flavor:      { get_param: infra_flavor }
          key_name:    { get_resource: keypair }
          net:         { get_resource: net }
          subnet:      { get_resource: subnet }
          secgrp:
            - { get_resource: node-secgrp }
            - { get_resource: infra-secgrp }
          floating_network: { get_param: floating_ip_pool }
          net_name:
            str_replace:
              template: openshift-ansible-cluster_id-net
              params:
                cluster_id: { get_param: cluster_id }
    depends_on: interface