Merge " New heat templates for Openshift-Origin deployment using scalability functionality"
This commit is contained in:
commit
1c22cc9f21
|
@ -3,11 +3,13 @@ OpenShift Origin Templates
|
|||
==========================
|
||||
|
||||
This directory contains files for deploying OpenShift Origin to an OpenStack environment via Heat.
|
||||
The template has been tested with the OpenStack Icehouse-2 release.
|
||||
|
||||
It includes the following files:
|
||||
The templates has been tested with the OpenStack Icehouse 2014.1 release.
|
||||
|
||||
* `OpenShift.template` - heat template for launching OpenShift Origin with a single broker instance and a single node instance
|
||||
It includes the following folders:
|
||||
|
||||
* `hot-template` - heat templates in HOT format for launching OpenShift Origin
|
||||
* `aws-template` - heat templates in AWS format for launching OpenShift Origin
|
||||
* `elements` - diskimage-builder elements to build images
|
||||
|
||||
To build with diskimage-builder, do the following in the parent directory of heat-templates::
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
=============================
|
||||
OpenShift Origin AWS Template
|
||||
=============================
|
||||
|
||||
This directory contains template for deploying OpenShift Origin to an OpenStack environment via Heat.
|
||||
|
||||
It includes the following file:
|
||||
|
||||
* `openshift.template` - heat templates in AWS format for launching OpenShift Origin with a single broker instance and a single node instance
|
||||
|
|
@ -7,9 +7,7 @@
|
|||
"KeyName": {
|
||||
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
|
||||
"Type": "String",
|
||||
"MinLength": "1",
|
||||
"MaxLength": "64",
|
||||
"AllowedPattern": "[-_ a-zA-Z0-9]*"
|
||||
"Default": "SSHKey"
|
||||
},
|
||||
"Prefix": {
|
||||
"Description": "Your DNS Prefix",
|
||||
|
@ -41,13 +39,13 @@
|
|||
"BrokerHostname": {
|
||||
"Description": "Hostname of Broker instance",
|
||||
"Type": "String",
|
||||
"Default": "openshift.brokerinstance.novalocal",
|
||||
"Default": "brokerinstance",
|
||||
"MinLength": "1"
|
||||
},
|
||||
"NodeHostname": {
|
||||
"Description": "Hostname of Node instance",
|
||||
"Type": "String",
|
||||
"Default": "openshift.nodeinstance.novalocal",
|
||||
"Default": "nodeinstance",
|
||||
"MinLength": "1"
|
||||
},
|
||||
"Username": {
|
||||
|
@ -60,13 +58,39 @@
|
|||
"Type": "String",
|
||||
"Default": "password"
|
||||
},
|
||||
"NetID": {
|
||||
"Description": "ID of Neutron network into which servers get deployed",
|
||||
"PublicNetID": {
|
||||
"Description": "External network ID",
|
||||
"Type": "String"
|
||||
},
|
||||
"SubnetID": {
|
||||
"Description": "ID of Neutron subnet into which servers get deployed",
|
||||
"Type": "String"
|
||||
"PrivateNetworkName": {
|
||||
"Description": "Name of the private network wich will be created",
|
||||
"Type": "String",
|
||||
"Default": "OpenShift-Network"
|
||||
},
|
||||
"PrivateNetworkCidr": {
|
||||
"Description": "Private network address (CIDR format)",
|
||||
"Type": "String",
|
||||
"Default": "10.0.0.0/8"
|
||||
},
|
||||
"PrivateNetworkGateway": {
|
||||
"Description": "Private network gateway",
|
||||
"Type": "String",
|
||||
"Default": "10.0.0.1"
|
||||
},
|
||||
"PrivateNetworkDNS": {
|
||||
"Description": "Private network DNS",
|
||||
"Type": "String",
|
||||
"Default": "8.8.8.8"
|
||||
},
|
||||
"PrivateNetworkPoolStart": {
|
||||
"Description": "Private network pool start",
|
||||
"Type": "String",
|
||||
"Default": "10.0.0.2"
|
||||
},
|
||||
"PrivateNetworkPoolEnd": {
|
||||
"Description": "Private network pool end",
|
||||
"Type": "String",
|
||||
"Default": "10.255.255.254"
|
||||
},
|
||||
"DevMode": {
|
||||
"Description": "Sets development mode and extra logging.",
|
||||
|
@ -148,17 +172,66 @@
|
|||
}
|
||||
},
|
||||
|
||||
"PrivateNetwork":{
|
||||
"Type": "OS::Neutron::Net",
|
||||
"Properties": {
|
||||
"name": { "Ref": "PrivateNetworkName" }
|
||||
}
|
||||
},
|
||||
|
||||
"PrivateSubNetwork":{
|
||||
"Type": "OS::Neutron::Subnet",
|
||||
"Properties": {
|
||||
"network_id": { "Ref": "PrivateNetwork" },
|
||||
"cidr": { "Ref": "PrivateNetworkCidr" },
|
||||
"gateway_ip": { "Ref": "PrivateNetworkGateway" },
|
||||
"dns_nameservers": [{ "Ref": "PrivateNetworkDNS" }],
|
||||
"allocation_pools": [{
|
||||
"start": {"Ref": "PrivateNetworkPoolStart"},
|
||||
"end": {"Ref": "PrivateNetworkPoolEnd"}
|
||||
}]
|
||||
}
|
||||
},
|
||||
|
||||
"Router":{
|
||||
"Type": "OS::Neutron::Router"
|
||||
},
|
||||
|
||||
"RouterGateway":{
|
||||
"Type": "OS::Neutron::RouterGateway",
|
||||
"Properties": {
|
||||
"router_id": { "Ref": "Router" },
|
||||
"network_id": { "Ref": "PublicNetID" }
|
||||
}
|
||||
},
|
||||
|
||||
"RouterInterface":{
|
||||
"Type": "OS::Neutron::RouterInterface",
|
||||
"Properties": {
|
||||
"router_id": { "Ref": "Router" },
|
||||
"subnet_id": { "Ref": "PrivateSubNetwork" }
|
||||
}
|
||||
},
|
||||
|
||||
"BrokerPort": {
|
||||
"Type": "OS::Neutron::Port",
|
||||
"Properties": {
|
||||
"network_id": { "Ref": "NetID" },
|
||||
"network_id": { "Ref": "PrivateNetwork" },
|
||||
"fixed_ips": [{
|
||||
"subnet_id": { "Ref": "SubnetID" }
|
||||
"subnet_id": { "Ref": "PrivateSubNetwork" }
|
||||
}],
|
||||
"security_groups": [{ "Ref": "OpenShiftOriginSecurityGroup" }]
|
||||
}
|
||||
},
|
||||
|
||||
"BrokerFloatingIP": {
|
||||
"Type": "OS::Neutron::FloatingIP",
|
||||
"Properties": {
|
||||
"floating_network_id": { "Ref": "PublicNetID" },
|
||||
"port_id": { "Ref": "BrokerPort" }
|
||||
}
|
||||
},
|
||||
|
||||
"BrokerWaitHandle": {
|
||||
"Type": "AWS::CloudFormation::WaitConditionHandle"
|
||||
},
|
||||
|
@ -205,31 +278,37 @@
|
|||
" command => \"/bin/hostname \\${my_hostname} ; echo \\${my_hostname} > /etc/hostname\"\n",
|
||||
"}\n",
|
||||
"class { 'openshift_origin' :\n",
|
||||
" roles => ['broker','nameserver','msgserver','datastore'],\n",
|
||||
" bind_key => '${DNS_SEC_KEY}',\n",
|
||||
" domain => '${PREFIX}',\n",
|
||||
" roles => ['broker','nameserver','msgserver','datastore'],\n",
|
||||
" bind_key => '${DNS_SEC_KEY}',\n",
|
||||
" domain => '${PREFIX}',\n",
|
||||
" register_host_with_nameserver => true,\n",
|
||||
" conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],\n",
|
||||
" ntp_servers => ['${UPSTREAM_NTP}'],\n",
|
||||
" broker_hostname => \\$my_hostname,\n",
|
||||
" nameserver_hostname => \\$my_hostname,\n",
|
||||
" datastore_hostname => \\$my_hostname,\n",
|
||||
" msgserver_hostname => \\$my_hostname,\n",
|
||||
" broker_auth_plugin => 'htpasswd',\n",
|
||||
" openshift_user1 => '${USERNAME}',\n",
|
||||
" openshift_password1 => '${PASSWORD}',\n",
|
||||
" development_mode => ${DEV_MODE},\n",
|
||||
" ntp_servers => ['${UPSTREAM_NTP}'],\n",
|
||||
" broker_hostname => \\$my_hostname,\n",
|
||||
" nameserver_hostname => \\$my_hostname,\n",
|
||||
" datastore_hostname => \\$my_hostname,\n",
|
||||
" msgserver_hostname => \\$my_hostname,\n",
|
||||
" broker_auth_plugin => 'htpasswd',\n",
|
||||
" openshift_user1 => '${USERNAME}',\n",
|
||||
" openshift_password1 => '${PASSWORD}',\n",
|
||||
" development_mode => ${DEV_MODE},\n",
|
||||
"}\n",
|
||||
"EOF\n",
|
||||
"mkdir -p /etc/puppet/modules\n",
|
||||
"git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin", "\n",
|
||||
"puppet module install rharrison/lokkit", "\n",
|
||||
"puppet module install puppetlabs/ntp", "\n",
|
||||
"puppet module install puppetlabs/stdlib", "\n",
|
||||
"puppet module install blentz/selinux_types", "\n",
|
||||
"puppet module install duritong/sysctl", "\n",
|
||||
"puppet apply -v -d /root/configure.pp | tee /var/log/configure_openshift.log", "\n",
|
||||
"/opt/aws/bin/cfn-signal -e 0 --data \"${DNS_SEC_KEY}\" -r \"Broker setup complete\" \"${BROKER_WAIT_HANDLE}\"\n"
|
||||
"puppet module install puppetlabs/ntp", "\n",
|
||||
"puppet module install puppetlabs-concat", "\n",
|
||||
"puppet module install rharrison-lokkit", "\n",
|
||||
"puppet module install blentz-selinux_types", "\n",
|
||||
"puppet module install puppetlabs/haproxy", "\n",
|
||||
"puppet module install arioch/keepalived", "\n",
|
||||
"puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log", "\n",
|
||||
"setenforce 0", "\n",
|
||||
"/opt/aws/bin/cfn-signal -e 0 --data \"${DNS_SEC_KEY}\" -r \"Broker setup complete\" \"${BROKER_WAIT_HANDLE}\"\n",
|
||||
"chkconfig activemq on", "\n",
|
||||
"service activemq start", "\n",
|
||||
"setenforce 1", "\n"
|
||||
]
|
||||
]
|
||||
}
|
||||
|
@ -240,14 +319,22 @@
|
|||
"NodePort": {
|
||||
"Type": "OS::Neutron::Port",
|
||||
"Properties": {
|
||||
"network_id": { "Ref": "NetID" },
|
||||
"network_id": { "Ref": "PrivateNetwork" },
|
||||
"fixed_ips": [{
|
||||
"subnet_id": { "Ref": "SubnetID" }
|
||||
"subnet_id": { "Ref": "PrivateSubNetwork" }
|
||||
}],
|
||||
"security_groups": [{ "Ref": "OpenShiftOriginSecurityGroup" }]
|
||||
}
|
||||
},
|
||||
|
||||
"NodeFloatingIP": {
|
||||
"Type": "OS::Neutron::FloatingIP",
|
||||
"Properties": {
|
||||
"floating_network_id": { "Ref": "PublicNetID" },
|
||||
"port_id": { "Ref": "NodePort" }
|
||||
}
|
||||
},
|
||||
|
||||
"NodeWaitHandle": {
|
||||
"Type": "AWS::CloudFormation::WaitConditionHandle"
|
||||
},
|
||||
|
@ -279,6 +366,7 @@
|
|||
"#!/bin/bash -x\n",
|
||||
"export DNS_SEC_KEY=\"`python -c 'print ",{ "Fn::GetAtt": [ "BrokerWaitCondition", "Data" ] },"[\"00000\"]'`\"\n",
|
||||
"export BROKER_IP=", { "Fn::GetAtt": [ "BrokerInstance", "first_address" ] }, "\n",
|
||||
"export NODE_FLOATING_IP=", { "Fn::GetAtt": [ "NodeFloatingIP", "floating_ip_address" ] }, "\n",
|
||||
"export PREFIX=", { "Ref": "Prefix" }, "\n",
|
||||
"export UPSTREAM_DNS=", { "Ref": "UpstreamDNS" }, "\n",
|
||||
"export UPSTREAM_NTP=", { "Ref": "UpstreamNTP" }, "\n",
|
||||
|
@ -293,30 +381,33 @@
|
|||
" command => \"/bin/hostname \\${my_hostname} ; echo \\${my_hostname} > /etc/hostname\"\n",
|
||||
"}\n",
|
||||
"class { 'openshift_origin' :\n",
|
||||
" roles => ['node'],\n",
|
||||
" bind_key => '${DNS_SEC_KEY}',\n",
|
||||
" nameserver_ip_addr => '${BROKER_IP}',\n",
|
||||
" domain => '${PREFIX}',\n",
|
||||
" roles => ['node'],\n",
|
||||
" bind_key => '${DNS_SEC_KEY}',\n",
|
||||
" nameserver_ip_addr => '${BROKER_IP}',\n",
|
||||
" domain => '${PREFIX}',\n",
|
||||
" register_host_with_nameserver => true,\n",
|
||||
" broker_hostname => '${BROKER_IP}',\n",
|
||||
" msgserver_hostname => '${BROKER_IP}',\n",
|
||||
" ntp_servers => ['${UPSTREAM_NTP}'],\n",
|
||||
" node_hostname => \\$my_hostname,\n",
|
||||
" install_method => 'yum',\n",
|
||||
" jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',\n",
|
||||
" install_cartridges => ['php', 'mysql'],\n",
|
||||
" development_mode => ${DEV_MODE},\n",
|
||||
" broker_hostname => '${BROKER_IP}',\n",
|
||||
" msgserver_hostname => '${BROKER_IP}',\n",
|
||||
" ntp_servers => ['${UPSTREAM_NTP}'],\n",
|
||||
" node_hostname => \\$my_hostname,\n",
|
||||
" install_method => 'yum',\n",
|
||||
" jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',\n",
|
||||
" development_mode => ${DEV_MODE},\n",
|
||||
" node_ip_addr => '${NODE_FLOATING_IP}',\n",
|
||||
"}\n",
|
||||
"EOF\n",
|
||||
"mkdir -p /etc/puppet/modules\n",
|
||||
"git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin", "\n",
|
||||
"puppet module install rharrison/lokkit", "\n",
|
||||
"puppet module install puppetlabs/ntp", "\n",
|
||||
"puppet module install puppetlabs/stdlib", "\n",
|
||||
"puppet module install blentz/selinux_types", "\n",
|
||||
"puppet module install duritong/sysctl", "\n",
|
||||
"puppet apply -v -d /root/configure.pp | tee /var/log/configure_openshift.log", "\n",
|
||||
"/opt/aws/bin/cfn-signal -e 0 -r \"Node setup complete\" \"${NODE_WAIT_HANDLE}\"\n"
|
||||
"puppet module install puppetlabs/ntp", "\n",
|
||||
"puppet module install duritong-sysctl", "\n",
|
||||
"puppet module install rharrison-lokkit", "\n",
|
||||
"puppet module install puppetlabs/haproxy", "\n",
|
||||
"puppet module install arioch/keepalived", "\n",
|
||||
"puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log", "\n",
|
||||
"setenforce 0", "\n",
|
||||
"/opt/aws/bin/cfn-signal -e 0 -r \"Node setup complete\" \"${NODE_WAIT_HANDLE}\"\n",
|
||||
"setenforce 1", "\n"
|
||||
]
|
||||
]
|
||||
}
|
||||
|
@ -327,12 +418,9 @@
|
|||
|
||||
"Outputs" : {
|
||||
"OpenShiftConsole" : {
|
||||
"Value" : { "Fn::Join" : ["", ["https://", { "Fn::GetAtt" : [ "BrokerInstance", "first_address" ]}, "/console"]] },
|
||||
"Description" : "URL for OpenShift Origin cConsole"
|
||||
},
|
||||
"NameServerEntry" : {
|
||||
"Value" : { "Fn::Join" : ["", ["nameserver ", { "Fn::GetAtt" : [ "BrokerInstance", "first_address" ]}]] },
|
||||
"Description" : "Entry to insert into /etc/resolv.conf for application host names to resolve"
|
||||
"Value" : { "Fn::Join" : ["", ["https://", { "Fn::GetAtt" : [ "BrokerFloatingIP", "floating_ip_address" ]}, "/console"]] },
|
||||
"Description" : "URL for OpenShift Origin Console"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
==============================
|
||||
OpenShift Origin HOT Templates
|
||||
==============================
|
||||
|
||||
This directory contains templates for deploying OpenShift Origin to an OpenStack environment via Heat.
|
||||
|
||||
To install OpenShift Origin, this Puppet module is used : https://github.com/openshift/puppet-openshift_origin.
|
||||
|
||||
To avoid compatibility issues due to changes in this project or in Puppet modules it depends, versions parameters are provided.
|
||||
So, if you leave the default _version parameters, the commands executed on the instances install a specific version of puppet modules needed. The version installed is a production version which as been verified as working.
|
||||
If you want to use the latest versions, you have to select the other value. The commands executed on the instances don't install a specific version of puppet modules needed. So the lastest version will be installed.
|
||||
|
||||
It includes the following folders:
|
||||
|
||||
* `openshift` - heat templates in HOT format for launching OpenShift Origin with a single broker instance and a single node instance
|
||||
* `openshift-scalable-cpu` - heat templates in HOT format for launching OpenShift Origin with implementation of scalability based on cpu_util Ceilometer metric
|
||||
* `openshift-scalable-nbgears` - heat templates in HOT format for launching OpenShift Origin with implementation of scalability based on number of deployed gears on OpenShift node instances (using a custom metric based on bash script that send the data periodically to the Ceilometer API using cron)
|
||||
* `openshift-scalable-cpu-nbgears` - heat templates in HOT format for launching OpenShift Origin with implementation of scalability based on cpu_util Ceilometer metric and on number of deploy gears on OpenShift node instances (using a custom metric based on bash script that send the data periodically to the Ceilometer API using cron)
|
|
@ -0,0 +1,295 @@
|
|||
heat_template_version: 2013-05-23
|
||||
|
||||
description: Template for setting up an OpenShift Origin environment
|
||||
|
||||
parameters:
|
||||
prefix:
|
||||
description: Your DNS Prefix
|
||||
type: string
|
||||
default: example.com
|
||||
upstream_dns:
|
||||
description: Upstream DNS server
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
upstream_ntp:
|
||||
description: Upstream NTP server
|
||||
type: string
|
||||
default: clock.redhat.com
|
||||
broker_flavor:
|
||||
description: Flavor of Broker instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
node_flavor:
|
||||
description: Flavor of Node instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
broker_hostname:
|
||||
description: Hostname of Broker instance
|
||||
type: string
|
||||
default: brokerinstance
|
||||
node_hostname:
|
||||
description: Hostname of Node instance
|
||||
type: string
|
||||
default: nodeinstance
|
||||
username:
|
||||
description: Username for accessing OpenShift Origin
|
||||
type: string
|
||||
default: openshift
|
||||
password:
|
||||
description: Password for accessing OpenShift Origin
|
||||
type: string
|
||||
default: password
|
||||
public_net_id:
|
||||
description: External network ID
|
||||
type: string
|
||||
private_network_name:
|
||||
description: Name of the private network wich will be created
|
||||
type: string
|
||||
default: OpenShift-Network
|
||||
private_network_cidr:
|
||||
description: Private network address (CIDR format)
|
||||
type: string
|
||||
default: 10.0.0.0/8
|
||||
private_network_gateway:
|
||||
description: Private network gateway
|
||||
type: string
|
||||
default: 10.0.0.1
|
||||
private_network_dns:
|
||||
description: Private network DNS
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
private_network_pool_start:
|
||||
description: Private network pool start
|
||||
type: string
|
||||
default: 10.0.0.2
|
||||
private_network_pool_end:
|
||||
description: Private network pool end
|
||||
type: string
|
||||
default: 10.255.255.254
|
||||
dev_mode:
|
||||
description: Sets development mode and extra logging.
|
||||
type: string
|
||||
default: false
|
||||
puppet_module_url:
|
||||
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: https://github.com/openshift/puppet-openshift_origin.git
|
||||
puppet_module_branch:
|
||||
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: master
|
||||
private_network:
|
||||
description: private network.
|
||||
type: string
|
||||
private_sub_network:
|
||||
description: private sub network.
|
||||
type: string
|
||||
security_group:
|
||||
description: security group.
|
||||
type: string
|
||||
broker_ip:
|
||||
description: broker ip.
|
||||
type: string
|
||||
broker_wait_condition_data:
|
||||
description: broker wait condition data.
|
||||
type: string
|
||||
metadata:
|
||||
type: json
|
||||
ssh_key:
|
||||
description: SSHKey created in principal template file
|
||||
type: string
|
||||
image_broker_name:
|
||||
description: Name of the image you have created for the broker with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-broker
|
||||
image_node_name:
|
||||
description: Name of the image you have created for the node with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-node
|
||||
openshift_version:
|
||||
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- git checkout 722687c
|
||||
- git checkout master
|
||||
default: git checkout 722687c
|
||||
stdlib_version:
|
||||
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/stdlib --version 4.3.2
|
||||
- puppetlabs/stdlib
|
||||
default: puppetlabs/stdlib --version 4.3.2
|
||||
ntp_version:
|
||||
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/ntp --version 3.1.2
|
||||
- puppetlabs/ntp
|
||||
default: puppetlabs/ntp --version 3.1.2
|
||||
concat_version:
|
||||
description: Version of concat puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs-concat --version 1.0.4
|
||||
- puppetlabs-concat
|
||||
default: puppetlabs-concat --version 1.0.4
|
||||
lokkit_version:
|
||||
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- rharrison-lokkit --version 0.5.0
|
||||
- rharrison-lokkit
|
||||
default: rharrison-lokkit --version 0.5.0
|
||||
selinux_types_version:
|
||||
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- blentz-selinux_types --version 0.1.0
|
||||
- blentz-selinux_types
|
||||
default: blentz-selinux_types --version 0.1.0
|
||||
haproxy_version:
|
||||
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/haproxy --version 1.0.0
|
||||
- puppetlabs/haproxy
|
||||
default: puppetlabs/haproxy --version 1.0.0
|
||||
keepalived_version:
|
||||
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- arioch/keepalived --version 0.1.0
|
||||
- arioch/keepalived
|
||||
default: arioch/keepalived --version 0.1.0
|
||||
sysctl_version:
|
||||
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- duritong-sysctl --version 0.0.4
|
||||
- duritong-sysctl
|
||||
default: duritong-sysctl --version 0.0.4
|
||||
|
||||
resources:
|
||||
|
||||
node_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
node_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: node_instance
|
||||
properties:
|
||||
Handle: {get_resource: node_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
node_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_param: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_param: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_param: security_group}]
|
||||
|
||||
node_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: node_port}
|
||||
|
||||
node_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'`
|
||||
export BROKER_IP=$BrokerIP
|
||||
export NODE_FLOATING_IP=$NodeFloatingIP
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export NODE_WAIT_HANDLE="$NodeWaitHandle"
|
||||
export HOSTNAME=$NodeHostname
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['node'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
nameserver_ip_addr => '${BROKER_IP}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
broker_hostname => '${BROKER_IP}',
|
||||
msgserver_hostname => '${BROKER_IP}',
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
node_hostname => \$my_hostname,
|
||||
install_method => 'yum',
|
||||
jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',
|
||||
development_mode => ${DEV_MODE},
|
||||
node_ip_addr => '${NODE_FLOATING_IP}',
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $SysctlVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE}
|
||||
setenforce 1
|
||||
params:
|
||||
$BrokerWaitConditionData: {get_param: broker_wait_condition_data}
|
||||
$BrokerIP: {get_param: broker_ip}
|
||||
$NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]}
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$NodeWaitHandle: {get_resource: node_wait_handle}
|
||||
$NodeHostname: {get_param: node_hostname}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$SysctlVersion: {get_param: sysctl_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
|
||||
node_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_node_name}
|
||||
flavor: {get_param: node_flavor}
|
||||
key_name: {get_param: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: node_port}
|
||||
]
|
||||
user_data: {get_resource: node_user_data}
|
||||
user_data_format: RAW
|
||||
metadata: {get_param: metadata}
|
|
@ -0,0 +1,513 @@
|
|||
heat_template_version: 2013-05-23
|
||||
|
||||
description: Template for setting up an OpenShift Origin environment
|
||||
|
||||
parameters:
|
||||
prefix:
|
||||
description: Your DNS Prefix
|
||||
type: string
|
||||
default: example.com
|
||||
upstream_dns:
|
||||
description: Upstream DNS server
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
upstream_ntp:
|
||||
description: Upstream NTP server
|
||||
type: string
|
||||
default: clock.redhat.com
|
||||
broker_flavor:
|
||||
description: Flavor of Broker instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
node_flavor:
|
||||
description: Flavor of Node instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
broker_hostname:
|
||||
description: Hostname of Broker instance
|
||||
type: string
|
||||
default: brokerinstance
|
||||
node_hostname:
|
||||
description: Hostname of Node instance
|
||||
type: string
|
||||
default: nodeinstance
|
||||
username:
|
||||
description: Username for accessing OpenShift Origin
|
||||
type: string
|
||||
default: openshift
|
||||
password:
|
||||
description: Password for accessing OpenShift Origin
|
||||
type: string
|
||||
default: password
|
||||
public_net_id:
|
||||
description: External network ID
|
||||
type: string
|
||||
private_network_name:
|
||||
description: Name of the private network wich will be created
|
||||
type: string
|
||||
default: OpenShift-Network
|
||||
private_network_cidr:
|
||||
description: Private network address (CIDR format)
|
||||
type: string
|
||||
default: 10.0.0.0/8
|
||||
private_network_gateway:
|
||||
description: Private network gateway
|
||||
type: string
|
||||
default: 10.0.0.1
|
||||
private_network_dns:
|
||||
description: Private network DNS
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
private_network_pool_start:
|
||||
description: Private network pool start
|
||||
type: string
|
||||
default: 10.0.0.2
|
||||
private_network_pool_end:
|
||||
description: Private network pool end
|
||||
type: string
|
||||
default: 10.255.255.254
|
||||
dev_mode:
|
||||
description: Sets development mode and extra logging.
|
||||
type: string
|
||||
default: false
|
||||
puppet_module_url:
|
||||
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: https://github.com/openshift/puppet-openshift_origin.git
|
||||
puppet_module_branch:
|
||||
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: master
|
||||
controller_ip:
|
||||
description: The IP address of the OpenStack Controller
|
||||
type: string
|
||||
default: 192.168.202.101
|
||||
tenant_name:
|
||||
description: The tenant name
|
||||
type: string
|
||||
default: admin
|
||||
openstack_username:
|
||||
description: Username of your Openstack account
|
||||
type: string
|
||||
default: admin
|
||||
openstack_password:
|
||||
description: Password of your Openstack account
|
||||
type: string
|
||||
default: network
|
||||
node_instance_group_template_repo_address:
|
||||
description: Repository address of the NodeInstanceGroup Template
|
||||
type: string
|
||||
public_ssh_key:
|
||||
description: Public key that will be used for SSH connection to instances
|
||||
type: string
|
||||
ssh_key_name:
|
||||
description: SSHKey name
|
||||
type: string
|
||||
default: OpenshiftSSHKey
|
||||
image_broker_name:
|
||||
description: Name of the image you have created for the broker with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-broker
|
||||
image_node_name:
|
||||
description: Name of the image you have created for the node with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-node
|
||||
openshift_version:
|
||||
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- git checkout 722687c
|
||||
- git checkout master
|
||||
default: git checkout 722687c
|
||||
stdlib_version:
|
||||
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/stdlib --version 4.3.2
|
||||
- puppetlabs/stdlib
|
||||
default: puppetlabs/stdlib --version 4.3.2
|
||||
ntp_version:
|
||||
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/ntp --version 3.1.2
|
||||
- puppetlabs/ntp
|
||||
default: puppetlabs/ntp --version 3.1.2
|
||||
concat_version:
|
||||
description: Version of concat puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs-concat --version 1.0.4
|
||||
- puppetlabs-concat
|
||||
default: puppetlabs-concat --version 1.0.4
|
||||
lokkit_version:
|
||||
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- rharrison-lokkit --version 0.5.0
|
||||
- rharrison-lokkit
|
||||
default: rharrison-lokkit --version 0.5.0
|
||||
selinux_types_version:
|
||||
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- blentz-selinux_types --version 0.1.0
|
||||
- blentz-selinux_types
|
||||
default: blentz-selinux_types --version 0.1.0
|
||||
haproxy_version:
|
||||
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/haproxy --version 1.0.0
|
||||
- puppetlabs/haproxy
|
||||
default: puppetlabs/haproxy --version 1.0.0
|
||||
keepalived_version:
|
||||
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- arioch/keepalived --version 0.1.0
|
||||
- arioch/keepalived
|
||||
default: arioch/keepalived --version 0.1.0
|
||||
sysctl_version:
|
||||
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- duritong-sysctl --version 0.0.4
|
||||
- duritong-sysctl
|
||||
default: duritong-sysctl --version 0.0.4
|
||||
|
||||
resources:
|
||||
openshift_origin_security_group:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
description: OpenShift Origin Firewall Rules
|
||||
rules: [
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": icmp
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 22,
|
||||
"port_range_max": 22
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": udp,
|
||||
"port_range_min": 53,
|
||||
"port_range_max": 53
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 80,
|
||||
"port_range_max": 80
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 443,
|
||||
"port_range_max": 443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8443,
|
||||
"port_range_max": 8443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8000,
|
||||
"port_range_max": 8000
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8080,
|
||||
"port_range_max": 8080
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 61613,
|
||||
"port_range_max": 61613
|
||||
}
|
||||
]
|
||||
|
||||
ssh_key:
|
||||
type: OS::Nova::KeyPair
|
||||
properties:
|
||||
name: {get_param: ssh_key_name}
|
||||
public_key: {get_param: public_ssh_key}
|
||||
|
||||
private_network:
|
||||
type: OS::Neutron::Net
|
||||
properties:
|
||||
name: {get_param: private_network_name}
|
||||
|
||||
private_sub_network:
|
||||
type: OS::Neutron::Subnet
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
cidr: {get_param: private_network_cidr}
|
||||
gateway_ip: {get_param: private_network_gateway}
|
||||
dns_nameservers: [ {get_param: private_network_dns} ]
|
||||
allocation_pools: [{
|
||||
"start": {get_param: private_network_pool_start},
|
||||
"end": {get_param: private_network_pool_end}
|
||||
}]
|
||||
|
||||
router:
|
||||
type: OS::Neutron::Router
|
||||
|
||||
router_gateway:
|
||||
type: OS::Neutron::RouterGateway
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
network_id: {get_param: public_net_id}
|
||||
|
||||
router_interface:
|
||||
type: OS::Neutron::RouterInterface
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
|
||||
broker_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_resource: openshift_origin_security_group}]
|
||||
|
||||
broker_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: broker_port}
|
||||
|
||||
broker_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
broker_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: broker_instance
|
||||
properties:
|
||||
Handle: {get_resource: broker_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
broker_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
|
||||
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
|
||||
export HOSTNAME=$BrokerHostname
|
||||
export USERNAME=$Username
|
||||
export PASSWORD=$Password
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['broker','nameserver','msgserver','datastore'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
broker_hostname => \$my_hostname,
|
||||
nameserver_hostname => \$my_hostname,
|
||||
datastore_hostname => \$my_hostname,
|
||||
msgserver_hostname => \$my_hostname,
|
||||
broker_auth_plugin => 'htpasswd',
|
||||
openshift_user1 => '${USERNAME}',
|
||||
openshift_password1 => '${PASSWORD}',
|
||||
development_mode => ${DEV_MODE},
|
||||
}
|
||||
EOF
|
||||
cat << EOF > ~/nbGears.sh
|
||||
#!/bin/bash -x
|
||||
MEMORY=\$(cat /proc/meminfo | grep "MemTotal:" | cut -d : -f 2 | tr -d ' ' | tr -d 'kB')
|
||||
GEARS=\$(/usr/sbin/oo-stats | grep "Gears active count" | cut -d : -f 2 | cut -d " " -f 2)
|
||||
NODES=\$(/usr/sbin/oo-stats | grep "Nodes count" | cut -d : -f 2 | cut -d " " -f 2)
|
||||
let "GEARSPERNODE=\$MEMORY/512000"
|
||||
let "RESULT=\$GEARS*100/\$NODES/\$GEARSPERNODE"
|
||||
curl http://$ControllerIP:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -d '{"auth": {"tenantName": "$TenantName", "passwordCredentials": {"username": "$UserName", "password": "$OpenStackPassword"}}}' > auth_token.dat
|
||||
TOKEN=\$(awk -F"[,:]" '{for(i=1;i<=NF;i++)
|
||||
{if(\$i~/id\042/)
|
||||
{print \$(i+1)}
|
||||
}
|
||||
}' auth_token.dat | awk -F'"' '{print \$2; exit}')
|
||||
curl -X POST -H "X-Auth-Token: \$TOKEN" -H 'Content-Type: application/json' -d '[{"counter_name": "gear", "user_id": "1", "resource_id": "1","counter_unit": "%", "counter_volume":'"\$RESULT"', "project_id": "1", "counter_type": "gauge"}]' http://$ControllerIP:8777/v2/meters/gear
|
||||
EOF
|
||||
chmod 744 ~/nbGears.sh
|
||||
cat << EOF > /etc/cron.d/cronNbGears
|
||||
* * * * * root ~/nbGears.sh
|
||||
EOF
|
||||
/sbin/service crond restart
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $ConcatVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $SelinuxVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
|
||||
chkconfig activemq on
|
||||
service activemq start
|
||||
setenforce 1
|
||||
params:
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$BrokerWaitHandle: {get_resource: broker_wait_handle}
|
||||
$BrokerHostname: {get_param: broker_hostname}
|
||||
$Username: {get_param: username}
|
||||
$Password: {get_param: password}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$ConcatVersion: {get_param: concat_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
$ControllerIP: {get_param: controller_ip}
|
||||
$TenantName: {get_param: tenant_name}
|
||||
$UserName: {get_param: openstack_username}
|
||||
$OpenStackPassword: {get_param: openstack_password}
|
||||
|
||||
broker_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_broker_name}
|
||||
flavor: {get_param: broker_flavor}
|
||||
key_name: {get_resource: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: broker_port}
|
||||
]
|
||||
user_data: {get_resource: broker_user_data}
|
||||
user_data_format: RAW
|
||||
|
||||
node_instance_group:
|
||||
type: OS::Heat::AutoScalingGroup
|
||||
depends_on:
|
||||
- router_gateway
|
||||
- broker_wait_condition
|
||||
properties:
|
||||
min_size: 1
|
||||
max_size: 4
|
||||
resource:
|
||||
type: {get_param: node_instance_group_template_repo_address}
|
||||
properties:
|
||||
metadata: {"metering.group": "node_instance_group"}
|
||||
private_network: {get_resource: private_network}
|
||||
private_sub_network: {get_resource: private_sub_network}
|
||||
ssh_key: {get_resource: ssh_key}
|
||||
security_group: {get_resource: openshift_origin_security_group}
|
||||
broker_ip: {get_attr: [broker_instance, first_address]}
|
||||
broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]}
|
||||
|
||||
scale_up_policy:
|
||||
type: OS::Heat::ScalingPolicy
|
||||
properties:
|
||||
adjustment_type: change_in_capacity
|
||||
auto_scaling_group_id: {get_resource: node_instance_group}
|
||||
cooldown: 60
|
||||
scaling_adjustment: 1
|
||||
|
||||
scale_down_policy:
|
||||
type: OS::Heat::ScalingPolicy
|
||||
properties:
|
||||
adjustment_type: change_in_capacity
|
||||
auto_scaling_group_id: {get_resource: node_instance_group}
|
||||
cooldown: 60
|
||||
scaling_adjustment: -1
|
||||
|
||||
cpu_alarm_high:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-up if the average CPU > 80% for 1 minute
|
||||
meter_name: cpu_util
|
||||
statistic: avg
|
||||
period: 60
|
||||
evaluation_periods: 1
|
||||
threshold: 80
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_up_policy, alarm_url]}
|
||||
comparison_operator: gt
|
||||
matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'}
|
||||
|
||||
cpu_alarm_low:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-down if the average CPU < 20% for 10 minutes
|
||||
meter_name: cpu_util
|
||||
statistic: avg
|
||||
period: 600
|
||||
evaluation_periods: 1
|
||||
threshold: 20
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_down_policy, alarm_url]}
|
||||
comparison_operator: lt
|
||||
matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'}
|
||||
|
||||
gears_alarm_high:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-up if the average number of Gears is > 4 / node for 2 minutes
|
||||
meter_name: gear
|
||||
statistic: avg
|
||||
period: 120
|
||||
evaluation_periods: 1
|
||||
threshold: 80
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_up_policy, alarm_url]}
|
||||
comparison_operator: gt
|
||||
|
||||
gears_alarm_low:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-down if the average number of Gears is < 1 / node for 10 minutes
|
||||
meter_name: gear
|
||||
statistic: avg
|
||||
period: 600
|
||||
evaluation_periods: 1
|
||||
threshold: 20
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_down_policy, alarm_url]}
|
||||
comparison_operator: lt
|
|
@ -0,0 +1,295 @@
|
|||
heat_template_version: 2013-05-23
|
||||
|
||||
description: Template for setting up an OpenShift Origin environment
|
||||
|
||||
parameters:
|
||||
prefix:
|
||||
description: Your DNS Prefix
|
||||
type: string
|
||||
default: example.com
|
||||
upstream_dns:
|
||||
description: Upstream DNS server
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
upstream_ntp:
|
||||
description: Upstream NTP server
|
||||
type: string
|
||||
default: clock.redhat.com
|
||||
broker_flavor:
|
||||
description: Flavor of Broker instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
node_flavor:
|
||||
description: Flavor of Node instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
broker_hostname:
|
||||
description: Hostname of Broker instance
|
||||
type: string
|
||||
default: brokerinstance
|
||||
node_hostname:
|
||||
description: Hostname of Node instance
|
||||
type: string
|
||||
default: nodeinstance
|
||||
username:
|
||||
description: Username for accessing OpenShift Origin
|
||||
type: string
|
||||
default: openshift
|
||||
password:
|
||||
description: Password for accessing OpenShift Origin
|
||||
type: string
|
||||
default: password
|
||||
public_net_id:
|
||||
description: External network ID
|
||||
type: string
|
||||
private_network_name:
|
||||
description: Name of the private network wich will be created
|
||||
type: string
|
||||
default: OpenShift-Network
|
||||
private_network_cidr:
|
||||
description: Private network address (CIDR format)
|
||||
type: string
|
||||
default: 10.0.0.0/8
|
||||
private_network_gateway:
|
||||
description: Private network gateway
|
||||
type: string
|
||||
default: 10.0.0.1
|
||||
private_network_dns:
|
||||
description: Private network DNS
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
private_network_pool_start:
|
||||
description: Private network pool start
|
||||
type: string
|
||||
default: 10.0.0.2
|
||||
private_network_pool_end:
|
||||
description: Private network pool end
|
||||
type: string
|
||||
default: 10.255.255.254
|
||||
dev_mode:
|
||||
description: Sets development mode and extra logging.
|
||||
type: string
|
||||
default: false
|
||||
puppet_module_url:
|
||||
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: https://github.com/openshift/puppet-openshift_origin.git
|
||||
puppet_module_branch:
|
||||
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: master
|
||||
private_network:
|
||||
description: private network.
|
||||
type: string
|
||||
private_sub_network:
|
||||
description: private sub network.
|
||||
type: string
|
||||
security_group:
|
||||
description: security group.
|
||||
type: string
|
||||
broker_ip:
|
||||
description: broker ip.
|
||||
type: string
|
||||
broker_wait_condition_data:
|
||||
description: broker wait condition data.
|
||||
type: string
|
||||
metadata:
|
||||
type: json
|
||||
ssh_key:
|
||||
description: SSHKey created in principal template file
|
||||
type: string
|
||||
image_broker_name:
|
||||
description: Name of the image you have created for the broker with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-broker
|
||||
image_node_name:
|
||||
description: Name of the image you have created for the node with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-node
|
||||
openshift_version:
|
||||
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- git checkout 722687c
|
||||
- git checkout master
|
||||
default: git checkout 722687c
|
||||
stdlib_version:
|
||||
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/stdlib --version 4.3.2
|
||||
- puppetlabs/stdlib
|
||||
default: puppetlabs/stdlib --version 4.3.2
|
||||
ntp_version:
|
||||
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/ntp --version 3.1.2
|
||||
- puppetlabs/ntp
|
||||
default: puppetlabs/ntp --version 3.1.2
|
||||
concat_version:
|
||||
description: Version of concat puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs-concat --version 1.0.4
|
||||
- puppetlabs-concat
|
||||
default: puppetlabs-concat --version 1.0.4
|
||||
lokkit_version:
|
||||
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- rharrison-lokkit --version 0.5.0
|
||||
- rharrison-lokkit
|
||||
default: rharrison-lokkit --version 0.5.0
|
||||
selinux_types_version:
|
||||
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- blentz-selinux_types --version 0.1.0
|
||||
- blentz-selinux_types
|
||||
default: blentz-selinux_types --version 0.1.0
|
||||
haproxy_version:
|
||||
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/haproxy --version 1.0.0
|
||||
- puppetlabs/haproxy
|
||||
default: puppetlabs/haproxy --version 1.0.0
|
||||
keepalived_version:
|
||||
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- arioch/keepalived --version 0.1.0
|
||||
- arioch/keepalived
|
||||
default: arioch/keepalived --version 0.1.0
|
||||
sysctl_version:
|
||||
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- duritong-sysctl --version 0.0.4
|
||||
- duritong-sysctl
|
||||
default: duritong-sysctl --version 0.0.4
|
||||
|
||||
resources:
|
||||
|
||||
node_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
node_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: node_instance
|
||||
properties:
|
||||
Handle: {get_resource: node_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
node_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_param: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_param: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_param: security_group}]
|
||||
|
||||
node_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: node_port}
|
||||
|
||||
node_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'`
|
||||
export BROKER_IP=$BrokerIP
|
||||
export NODE_FLOATING_IP=$NodeFloatingIP
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export NODE_WAIT_HANDLE="$NodeWaitHandle"
|
||||
export HOSTNAME=$NodeHostname
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['node'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
nameserver_ip_addr => '${BROKER_IP}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
broker_hostname => '${BROKER_IP}',
|
||||
msgserver_hostname => '${BROKER_IP}',
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
node_hostname => \$my_hostname,
|
||||
install_method => 'yum',
|
||||
jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',
|
||||
development_mode => ${DEV_MODE},
|
||||
node_ip_addr => '${NODE_FLOATING_IP}',
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $SysctlVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE}
|
||||
setenforce 1
|
||||
params:
|
||||
$BrokerWaitConditionData: {get_param: broker_wait_condition_data}
|
||||
$BrokerIP: {get_param: broker_ip}
|
||||
$NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]}
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$NodeWaitHandle: {get_resource: node_wait_handle}
|
||||
$NodeHostname: {get_param: node_hostname}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$SysctlVersion: {get_param: sysctl_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
|
||||
node_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_node_name}
|
||||
flavor: {get_param: node_flavor}
|
||||
key_name: {get_param: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: node_port}
|
||||
]
|
||||
user_data: {get_resource: node_user_data}
|
||||
user_data_format: RAW
|
||||
metadata: {get_param: metadata}
|
|
@ -0,0 +1,467 @@
|
|||
heat_template_version: 2013-05-23
|
||||
|
||||
description: Template for setting up an OpenShift Origin environment
|
||||
|
||||
parameters:
|
||||
prefix:
|
||||
description: Your DNS Prefix
|
||||
type: string
|
||||
default: example.com
|
||||
upstream_dns:
|
||||
description: Upstream DNS server
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
upstream_ntp:
|
||||
description: Upstream NTP server
|
||||
type: string
|
||||
default: clock.redhat.com
|
||||
broker_flavor:
|
||||
description: Flavor of Broker instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
node_flavor:
|
||||
description: Flavor of Node instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
broker_hostname:
|
||||
description: Hostname of Broker instance
|
||||
type: string
|
||||
default: brokerinstance
|
||||
node_hostname:
|
||||
description: Hostname of Node instance
|
||||
type: string
|
||||
default: nodeinstance
|
||||
username:
|
||||
description: Username for accessing OpenShift Origin
|
||||
type: string
|
||||
default: openshift
|
||||
password:
|
||||
description: Password for accessing OpenShift Origin
|
||||
type: string
|
||||
default: password
|
||||
public_net_id:
|
||||
description: External network ID
|
||||
type: string
|
||||
private_network_name:
|
||||
description: Name of the private network wich will be created
|
||||
type: string
|
||||
default: OpenShift-Network
|
||||
private_network_cidr:
|
||||
description: Private network address (CIDR format)
|
||||
type: string
|
||||
default: 10.0.0.0/8
|
||||
private_network_gateway:
|
||||
description: Private network gateway
|
||||
type: string
|
||||
default: 10.0.0.1
|
||||
private_network_dns:
|
||||
description: Private network DNS
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
private_network_pool_start:
|
||||
description: Private network pool start
|
||||
type: string
|
||||
default: 10.0.0.2
|
||||
private_network_pool_end:
|
||||
description: Private network pool end
|
||||
type: string
|
||||
default: 10.255.255.254
|
||||
dev_mode:
|
||||
description: Sets development mode and extra logging.
|
||||
type: string
|
||||
default: false
|
||||
puppet_module_url:
|
||||
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: https://github.com/openshift/puppet-openshift_origin.git
|
||||
puppet_module_branch:
|
||||
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: master
|
||||
controller_ip:
|
||||
description: The IP address of the OpenStack Controller
|
||||
type: string
|
||||
default: 192.168.202.101
|
||||
tenant_name:
|
||||
description: The tenant name
|
||||
type: string
|
||||
default: admin
|
||||
openstack_username:
|
||||
description: Username of your Openstack account
|
||||
type: string
|
||||
default: admin
|
||||
openstack_password:
|
||||
description: Password of your Openstack account
|
||||
type: string
|
||||
default: network
|
||||
node_instance_group_template_repo_address:
|
||||
description: Repository address of the NodeInstanceGroup Template
|
||||
type: string
|
||||
public_ssh_key:
|
||||
description: Public key that will be used for SSH connection to instances
|
||||
type: string
|
||||
ssh_key_name:
|
||||
description: SSHKey name
|
||||
type: string
|
||||
default: OpenshiftSSHKey
|
||||
image_broker_name:
|
||||
description: Name of the image you have created for the broker with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-broker
|
||||
image_node_name:
|
||||
description: Name of the image you have created for the node with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-node
|
||||
openshift_version:
|
||||
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- git checkout 722687c
|
||||
- git checkout master
|
||||
default: git checkout 722687c
|
||||
stdlib_version:
|
||||
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/stdlib --version 4.3.2
|
||||
- puppetlabs/stdlib
|
||||
default: puppetlabs/stdlib --version 4.3.2
|
||||
ntp_version:
|
||||
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/ntp --version 3.1.2
|
||||
- puppetlabs/ntp
|
||||
default: puppetlabs/ntp --version 3.1.2
|
||||
concat_version:
|
||||
description: Version of concat puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs-concat --version 1.0.4
|
||||
- puppetlabs-concat
|
||||
default: puppetlabs-concat --version 1.0.4
|
||||
lokkit_version:
|
||||
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- rharrison-lokkit --version 0.5.0
|
||||
- rharrison-lokkit
|
||||
default: rharrison-lokkit --version 0.5.0
|
||||
selinux_types_version:
|
||||
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- blentz-selinux_types --version 0.1.0
|
||||
- blentz-selinux_types
|
||||
default: blentz-selinux_types --version 0.1.0
|
||||
haproxy_version:
|
||||
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/haproxy --version 1.0.0
|
||||
- puppetlabs/haproxy
|
||||
default: puppetlabs/haproxy --version 1.0.0
|
||||
keepalived_version:
|
||||
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- arioch/keepalived --version 0.1.0
|
||||
- arioch/keepalived
|
||||
default: arioch/keepalived --version 0.1.0
|
||||
sysctl_version:
|
||||
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- duritong-sysctl --version 0.0.4
|
||||
- duritong-sysctl
|
||||
default: duritong-sysctl --version 0.0.4
|
||||
|
||||
resources:
|
||||
openshift_origin_security_group:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
description: OpenShift Origin Firewall Rules
|
||||
rules: [
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": icmp
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 22,
|
||||
"port_range_max": 22
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": udp,
|
||||
"port_range_min": 53,
|
||||
"port_range_max": 53
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 80,
|
||||
"port_range_max": 80
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 443,
|
||||
"port_range_max": 443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8443,
|
||||
"port_range_max": 8443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8000,
|
||||
"port_range_max": 8000
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8080,
|
||||
"port_range_max": 8080
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 61613,
|
||||
"port_range_max": 61613
|
||||
}
|
||||
]
|
||||
|
||||
ssh_key:
|
||||
type: OS::Nova::KeyPair
|
||||
properties:
|
||||
name: {get_param: ssh_key_name}
|
||||
public_key: {get_param: public_ssh_key}
|
||||
|
||||
private_network:
|
||||
type: OS::Neutron::Net
|
||||
properties:
|
||||
name: {get_param: private_network_name}
|
||||
|
||||
private_sub_network:
|
||||
type: OS::Neutron::Subnet
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
cidr: {get_param: private_network_cidr}
|
||||
gateway_ip: {get_param: private_network_gateway}
|
||||
dns_nameservers: [ {get_param: private_network_dns} ]
|
||||
allocation_pools: [{
|
||||
"start": {get_param: private_network_pool_start},
|
||||
"end": {get_param: private_network_pool_end}
|
||||
}]
|
||||
|
||||
router:
|
||||
type: OS::Neutron::Router
|
||||
|
||||
router_gateway:
|
||||
type: OS::Neutron::RouterGateway
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
network_id: {get_param: public_net_id}
|
||||
|
||||
router_interface:
|
||||
type: OS::Neutron::RouterInterface
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
|
||||
broker_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_resource: openshift_origin_security_group}]
|
||||
|
||||
broker_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: broker_port}
|
||||
|
||||
broker_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
broker_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: broker_instance
|
||||
properties:
|
||||
Handle: {get_resource: broker_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
broker_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
|
||||
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
|
||||
export HOSTNAME=$BrokerHostname
|
||||
export USERNAME=$Username
|
||||
export PASSWORD=$Password
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['broker','nameserver','msgserver','datastore'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
broker_hostname => \$my_hostname,
|
||||
nameserver_hostname => \$my_hostname,
|
||||
datastore_hostname => \$my_hostname,
|
||||
msgserver_hostname => \$my_hostname,
|
||||
broker_auth_plugin => 'htpasswd',
|
||||
openshift_user1 => '${USERNAME}',
|
||||
openshift_password1 => '${PASSWORD}',
|
||||
development_mode => ${DEV_MODE},
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $ConcatVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $SelinuxVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
|
||||
chkconfig activemq on
|
||||
service activemq start
|
||||
setenforce 1
|
||||
params:
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$BrokerWaitHandle: {get_resource: broker_wait_handle}
|
||||
$BrokerHostname: {get_param: broker_hostname}
|
||||
$Username: {get_param: username}
|
||||
$Password: {get_param: password}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$ConcatVersion: {get_param: concat_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
$ControllerIP: {get_param: controller_ip}
|
||||
$TenantName: {get_param: tenant_name}
|
||||
$UserName: {get_param: openstack_username}
|
||||
$OpenStackPassword: {get_param: openstack_password}
|
||||
|
||||
broker_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_broker_name}
|
||||
flavor: {get_param: broker_flavor}
|
||||
key_name: {get_resource: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: broker_port}
|
||||
]
|
||||
user_data: {get_resource: broker_user_data}
|
||||
user_data_format: RAW
|
||||
|
||||
node_instance_group:
|
||||
type: OS::Heat::AutoScalingGroup
|
||||
depends_on:
|
||||
- router_gateway
|
||||
- broker_wait_condition
|
||||
properties:
|
||||
min_size: 1
|
||||
max_size: 4
|
||||
resource:
|
||||
type: {get_param: node_instance_group_template_repo_address}
|
||||
properties:
|
||||
metadata: {"metering.group": "node_instance_group"}
|
||||
private_network: {get_resource: private_network}
|
||||
private_sub_network: {get_resource: private_sub_network}
|
||||
ssh_key: {get_resource: ssh_key}
|
||||
security_group: {get_resource: openshift_origin_security_group}
|
||||
broker_ip: {get_attr: [broker_instance, first_address]}
|
||||
broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]}
|
||||
|
||||
scale_up_policy:
|
||||
type: OS::Heat::ScalingPolicy
|
||||
properties:
|
||||
adjustment_type: change_in_capacity
|
||||
auto_scaling_group_id: {get_resource: node_instance_group}
|
||||
cooldown: 60
|
||||
scaling_adjustment: 1
|
||||
|
||||
scale_down_policy:
|
||||
type: OS::Heat::ScalingPolicy
|
||||
properties:
|
||||
adjustment_type: change_in_capacity
|
||||
auto_scaling_group_id: {get_resource: node_instance_group}
|
||||
cooldown: 60
|
||||
scaling_adjustment: -1
|
||||
|
||||
cpu_alarm_high:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-up if the average CPU > 80% for 1 minute
|
||||
meter_name: cpu_util
|
||||
statistic: avg
|
||||
period: 60
|
||||
evaluation_periods: 1
|
||||
threshold: 80
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_up_policy, alarm_url]}
|
||||
comparison_operator: gt
|
||||
matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'}
|
||||
|
||||
cpu_alarm_low:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-down if the average CPU < 20% for 10 minutes
|
||||
meter_name: cpu_util
|
||||
statistic: avg
|
||||
period: 600
|
||||
evaluation_periods: 1
|
||||
threshold: 20
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_down_policy, alarm_url]}
|
||||
comparison_operator: lt
|
||||
matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'}
|
|
@ -0,0 +1,292 @@
|
|||
heat_template_version: 2013-05-23
|
||||
|
||||
description: Template for setting up an OpenShift Origin environment
|
||||
|
||||
parameters:
|
||||
prefix:
|
||||
description: Your DNS Prefix
|
||||
type: string
|
||||
default: example.com
|
||||
upstream_dns:
|
||||
description: Upstream DNS server
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
upstream_ntp:
|
||||
description: Upstream NTP server
|
||||
type: string
|
||||
default: clock.redhat.com
|
||||
broker_flavor:
|
||||
description: Flavor of Broker instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
node_flavor:
|
||||
description: Flavor of Node instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
broker_hostname:
|
||||
description: Hostname of Broker instance
|
||||
type: string
|
||||
default: brokerinstance
|
||||
node_hostname:
|
||||
description: Hostname of Node instance
|
||||
type: string
|
||||
default: nodeinstance
|
||||
username:
|
||||
description: Username for accessing OpenShift Origin
|
||||
type: string
|
||||
default: openshift
|
||||
password:
|
||||
description: Password for accessing OpenShift Origin
|
||||
type: string
|
||||
default: password
|
||||
public_net_id:
|
||||
description: External network ID
|
||||
type: string
|
||||
private_network_name:
|
||||
description: Name of the private network wich will be created
|
||||
type: string
|
||||
default: OpenShift-Network
|
||||
private_network_cidr:
|
||||
description: Private network address (CIDR format)
|
||||
type: string
|
||||
default: 10.0.0.0/8
|
||||
private_network_gateway:
|
||||
description: Private network gateway
|
||||
type: string
|
||||
default: 10.0.0.1
|
||||
private_network_dns:
|
||||
description: Private network DNS
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
private_network_pool_start:
|
||||
description: Private network pool start
|
||||
type: string
|
||||
default: 10.0.0.2
|
||||
private_network_pool_end:
|
||||
description: Private network pool end
|
||||
type: string
|
||||
default: 10.255.255.254
|
||||
dev_mode:
|
||||
description: Sets development mode and extra logging.
|
||||
type: string
|
||||
default: false
|
||||
puppet_module_url:
|
||||
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: https://github.com/openshift/puppet-openshift_origin.git
|
||||
puppet_module_branch:
|
||||
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: master
|
||||
private_network:
|
||||
description: private network.
|
||||
type: string
|
||||
private_sub_network:
|
||||
description: private sub network.
|
||||
type: string
|
||||
security_group:
|
||||
description: security group.
|
||||
type: string
|
||||
broker_ip:
|
||||
description: broker ip.
|
||||
type: string
|
||||
broker_wait_condition_data:
|
||||
description: broker wait condition data.
|
||||
type: string
|
||||
ssh_key:
|
||||
description: SSHKey created in principal template file
|
||||
type: string
|
||||
image_broker_name:
|
||||
description: Name of the image you have created for the broker with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-broker
|
||||
image_node_name:
|
||||
description: Name of the image you have created for the node with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-node
|
||||
openshift_version:
|
||||
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- git checkout 722687c
|
||||
- git checkout master
|
||||
default: git checkout 722687c
|
||||
stdlib_version:
|
||||
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/stdlib --version 4.3.2
|
||||
- puppetlabs/stdlib
|
||||
default: puppetlabs/stdlib --version 4.3.2
|
||||
ntp_version:
|
||||
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/ntp --version 3.1.2
|
||||
- puppetlabs/ntp
|
||||
default: puppetlabs/ntp --version 3.1.2
|
||||
concat_version:
|
||||
description: Version of concat puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs-concat --version 1.0.4
|
||||
- puppetlabs-concat
|
||||
default: puppetlabs-concat --version 1.0.4
|
||||
lokkit_version:
|
||||
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- rharrison-lokkit --version 0.5.0
|
||||
- rharrison-lokkit
|
||||
default: rharrison-lokkit --version 0.5.0
|
||||
selinux_types_version:
|
||||
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- blentz-selinux_types --version 0.1.0
|
||||
- blentz-selinux_types
|
||||
default: blentz-selinux_types --version 0.1.0
|
||||
haproxy_version:
|
||||
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/haproxy --version 1.0.0
|
||||
- puppetlabs/haproxy
|
||||
default: puppetlabs/haproxy --version 1.0.0
|
||||
keepalived_version:
|
||||
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- arioch/keepalived --version 0.1.0
|
||||
- arioch/keepalived
|
||||
default: arioch/keepalived --version 0.1.0
|
||||
sysctl_version:
|
||||
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- duritong-sysctl --version 0.0.4
|
||||
- duritong-sysctl
|
||||
default: duritong-sysctl --version 0.0.4
|
||||
|
||||
resources:
|
||||
|
||||
node_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
node_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: node_instance
|
||||
properties:
|
||||
Handle: {get_resource: node_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
node_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_param: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_param: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_param: security_group}]
|
||||
|
||||
node_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: node_port}
|
||||
|
||||
node_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'`
|
||||
export BROKER_IP=$BrokerIP
|
||||
export NODE_FLOATING_IP=$NodeFloatingIP
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export NODE_WAIT_HANDLE="$NodeWaitHandle"
|
||||
export HOSTNAME=$NodeHostname
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['node'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
nameserver_ip_addr => '${BROKER_IP}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
broker_hostname => '${BROKER_IP}',
|
||||
msgserver_hostname => '${BROKER_IP}',
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
node_hostname => \$my_hostname,
|
||||
install_method => 'yum',
|
||||
jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',
|
||||
development_mode => ${DEV_MODE},
|
||||
node_ip_addr => '${NODE_FLOATING_IP}',
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $SysctlVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE}
|
||||
setenforce 1
|
||||
params:
|
||||
$BrokerWaitConditionData: {get_param: broker_wait_condition_data}
|
||||
$BrokerIP: {get_param: broker_ip}
|
||||
$NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]}
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$NodeWaitHandle: {get_resource: node_wait_handle}
|
||||
$NodeHostname: {get_param: node_hostname}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$SysctlVersion: {get_param: sysctl_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
|
||||
node_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_node_name}
|
||||
flavor: {get_param: node_flavor}
|
||||
key_name: {get_param: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: node_port}
|
||||
]
|
||||
user_data: {get_resource: node_user_data}
|
||||
user_data_format: RAW
|
|
@ -0,0 +1,484 @@
|
|||
heat_template_version: 2013-05-23
|
||||
|
||||
description: Template for setting up an OpenShift Origin environment
|
||||
|
||||
parameters:
|
||||
prefix:
|
||||
description: Your DNS Prefix
|
||||
type: string
|
||||
default: example.com
|
||||
upstream_dns:
|
||||
description: Upstream DNS server
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
upstream_ntp:
|
||||
description: Upstream NTP server
|
||||
type: string
|
||||
default: clock.redhat.com
|
||||
broker_flavor:
|
||||
description: Flavor of Broker instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
node_flavor:
|
||||
description: Flavor of Node instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
broker_hostname:
|
||||
description: Hostname of Broker instance
|
||||
type: string
|
||||
default: brokerinstance
|
||||
node_hostname:
|
||||
description: Hostname of Node instance
|
||||
type: string
|
||||
default: nodeinstance
|
||||
username:
|
||||
description: Username for accessing OpenShift Origin
|
||||
type: string
|
||||
default: openshift
|
||||
password:
|
||||
description: Password for accessing OpenShift Origin
|
||||
type: string
|
||||
default: password
|
||||
public_net_id:
|
||||
description: External network ID
|
||||
type: string
|
||||
private_network_name:
|
||||
description: Name of the private network wich will be created
|
||||
type: string
|
||||
default: OpenShift-Network
|
||||
private_network_cidr:
|
||||
description: Private network address (CIDR format)
|
||||
type: string
|
||||
default: 10.0.0.0/8
|
||||
private_network_gateway:
|
||||
description: Private network gateway
|
||||
type: string
|
||||
default: 10.0.0.1
|
||||
private_network_dns:
|
||||
description: Private network DNS
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
private_network_pool_start:
|
||||
description: Private network pool start
|
||||
type: string
|
||||
default: 10.0.0.2
|
||||
private_network_pool_end:
|
||||
description: Private network pool end
|
||||
type: string
|
||||
default: 10.255.255.254
|
||||
dev_mode:
|
||||
description: Sets development mode and extra logging.
|
||||
type: string
|
||||
default: false
|
||||
puppet_module_url:
|
||||
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: https://github.com/openshift/puppet-openshift_origin.git
|
||||
puppet_module_branch:
|
||||
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: master
|
||||
controller_ip:
|
||||
description: The IP address of the OpenStack Controller
|
||||
type: string
|
||||
default: 192.168.202.101
|
||||
tenant_name:
|
||||
description: The tenant name
|
||||
type: string
|
||||
default: admin
|
||||
openstack_username:
|
||||
description: Username of your Openstack account
|
||||
type: string
|
||||
default: admin
|
||||
openstack_password:
|
||||
description: Password of your Openstack account
|
||||
type: string
|
||||
default: network
|
||||
node_instance_group_template_repo_address:
|
||||
description: Repository address of the NodeInstanceGroup Template
|
||||
type: string
|
||||
public_ssh_key:
|
||||
description: Public key that will be used for SSH connection to instances
|
||||
type: string
|
||||
ssh_key_name:
|
||||
description: SSHKey name
|
||||
type: string
|
||||
default: OpenshiftSSHKey
|
||||
image_broker_name:
|
||||
description: Name of the image you have created for the broker with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-broker
|
||||
image_node_name:
|
||||
description: Name of the image you have created for the node with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-node
|
||||
openshift_version:
|
||||
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- git checkout 722687c
|
||||
- git checkout master
|
||||
default: git checkout 722687c
|
||||
stdlib_version:
|
||||
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/stdlib --version 4.3.2
|
||||
- puppetlabs/stdlib
|
||||
default: puppetlabs/stdlib --version 4.3.2
|
||||
ntp_version:
|
||||
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/ntp --version 3.1.2
|
||||
- puppetlabs/ntp
|
||||
default: puppetlabs/ntp --version 3.1.2
|
||||
concat_version:
|
||||
description: Version of concat puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs-concat --version 1.0.4
|
||||
- puppetlabs-concat
|
||||
default: puppetlabs-concat --version 1.0.4
|
||||
lokkit_version:
|
||||
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- rharrison-lokkit --version 0.5.0
|
||||
- rharrison-lokkit
|
||||
default: rharrison-lokkit --version 0.5.0
|
||||
selinux_types_version:
|
||||
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- blentz-selinux_types --version 0.1.0
|
||||
- blentz-selinux_types
|
||||
default: blentz-selinux_types --version 0.1.0
|
||||
haproxy_version:
|
||||
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/haproxy --version 1.0.0
|
||||
- puppetlabs/haproxy
|
||||
default: puppetlabs/haproxy --version 1.0.0
|
||||
keepalived_version:
|
||||
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- arioch/keepalived --version 0.1.0
|
||||
- arioch/keepalived
|
||||
default: arioch/keepalived --version 0.1.0
|
||||
sysctl_version:
|
||||
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- duritong-sysctl --version 0.0.4
|
||||
- duritong-sysctl
|
||||
default: duritong-sysctl --version 0.0.4
|
||||
|
||||
resources:
|
||||
openshift_origin_security_group:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
description: OpenShift Origin Firewall Rules
|
||||
rules: [
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": icmp
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 22,
|
||||
"port_range_max": 22
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": udp,
|
||||
"port_range_min": 53,
|
||||
"port_range_max": 53
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 80,
|
||||
"port_range_max": 80
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 443,
|
||||
"port_range_max": 443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8443,
|
||||
"port_range_max": 8443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8000,
|
||||
"port_range_max": 8000
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8080,
|
||||
"port_range_max": 8080
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 61613,
|
||||
"port_range_max": 61613
|
||||
}
|
||||
]
|
||||
|
||||
ssh_key:
|
||||
type: OS::Nova::KeyPair
|
||||
properties:
|
||||
name: {get_param: ssh_key_name}
|
||||
public_key: {get_param: public_ssh_key}
|
||||
|
||||
private_network:
|
||||
type: OS::Neutron::Net
|
||||
properties:
|
||||
name: {get_param: private_network_name}
|
||||
|
||||
private_sub_network:
|
||||
type: OS::Neutron::Subnet
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
cidr: {get_param: private_network_cidr}
|
||||
gateway_ip: {get_param: private_network_gateway}
|
||||
dns_nameservers: [ {get_param: private_network_dns} ]
|
||||
allocation_pools: [{
|
||||
"start": {get_param: private_network_pool_start},
|
||||
"end": {get_param: private_network_pool_end}
|
||||
}]
|
||||
|
||||
router:
|
||||
type: OS::Neutron::Router
|
||||
|
||||
router_gateway:
|
||||
type: OS::Neutron::RouterGateway
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
network_id: {get_param: public_net_id}
|
||||
|
||||
router_interface:
|
||||
type: OS::Neutron::RouterInterface
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
|
||||
broker_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_resource: openshift_origin_security_group}]
|
||||
|
||||
broker_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: broker_port}
|
||||
|
||||
broker_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
broker_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: broker_instance
|
||||
properties:
|
||||
Handle: {get_resource: broker_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
broker_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
|
||||
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
|
||||
export HOSTNAME=$BrokerHostname
|
||||
export USERNAME=$Username
|
||||
export PASSWORD=$Password
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['broker','nameserver','msgserver','datastore'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
broker_hostname => \$my_hostname,
|
||||
nameserver_hostname => \$my_hostname,
|
||||
datastore_hostname => \$my_hostname,
|
||||
msgserver_hostname => \$my_hostname,
|
||||
broker_auth_plugin => 'htpasswd',
|
||||
openshift_user1 => '${USERNAME}',
|
||||
openshift_password1 => '${PASSWORD}',
|
||||
development_mode => ${DEV_MODE},
|
||||
}
|
||||
EOF
|
||||
cat << EOF > ~/nbGears.sh
|
||||
#!/bin/bash -x
|
||||
MEMORY=\$(cat /proc/meminfo | grep "MemTotal:" | cut -d : -f 2 | tr -d ' ' | tr -d 'kB')
|
||||
GEARS=\$(/usr/sbin/oo-stats | grep "Gears active count" | cut -d : -f 2 | cut -d " " -f 2)
|
||||
NODES=\$(/usr/sbin/oo-stats | grep "Nodes count" | cut -d : -f 2 | cut -d " " -f 2)
|
||||
let "GEARSPERNODE=\$MEMORY/512000"
|
||||
let "RESULT=\$GEARS*100/\$NODES/\$GEARSPERNODE"
|
||||
curl http://$ControllerIP:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -d '{"auth": {"tenantName": "$TenantName", "passwordCredentials": {"username": "$UserName", "password": "$OpenStackPassword"}}}' > auth_token.dat
|
||||
TOKEN=\$(awk -F"[,:]" '{for(i=1;i<=NF;i++)
|
||||
{if(\$i~/id\042/)
|
||||
{print \$(i+1)}
|
||||
}
|
||||
}' auth_token.dat | awk -F'"' '{print \$2; exit}')
|
||||
curl -X POST -H "X-Auth-Token: \$TOKEN" -H 'Content-Type: application/json' -d '[{"counter_name": "gear", "user_id": "1", "resource_id": "1","counter_unit": "%", "counter_volume":'"\$RESULT"', "project_id": "1", "counter_type": "gauge"}]' http://$ControllerIP:8777/v2/meters/gear
|
||||
EOF
|
||||
chmod 744 ~/nbGears.sh
|
||||
cat << EOF > /etc/cron.d/cronNbGears
|
||||
* * * * * root ~/nbGears.sh
|
||||
EOF
|
||||
/sbin/service crond restart
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $ConcatVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $SelinuxVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
|
||||
chkconfig activemq on
|
||||
service activemq start
|
||||
setenforce 1
|
||||
params:
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$BrokerWaitHandle: {get_resource: broker_wait_handle}
|
||||
$BrokerHostname: {get_param: broker_hostname}
|
||||
$Username: {get_param: username}
|
||||
$Password: {get_param: password}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$ConcatVersion: {get_param: concat_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
$ControllerIP: {get_param: controller_ip}
|
||||
$TenantName: {get_param: tenant_name}
|
||||
$UserName: {get_param: openstack_username}
|
||||
$OpenStackPassword: {get_param: openstack_password}
|
||||
|
||||
broker_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_broker_name}
|
||||
flavor: {get_param: broker_flavor}
|
||||
key_name: {get_resource: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: broker_port}
|
||||
]
|
||||
user_data: {get_resource: broker_user_data}
|
||||
user_data_format: RAW
|
||||
|
||||
node_instance_group:
|
||||
type: OS::Heat::AutoScalingGroup
|
||||
depends_on:
|
||||
- router_gateway
|
||||
- broker_wait_condition
|
||||
properties:
|
||||
min_size: 1
|
||||
max_size: 4
|
||||
resource:
|
||||
type: {get_param: node_instance_group_template_repo_address}
|
||||
properties:
|
||||
private_network: {get_resource: private_network}
|
||||
private_sub_network: {get_resource: private_sub_network}
|
||||
ssh_key: {get_resource: ssh_key}
|
||||
security_group: {get_resource: openshift_origin_security_group}
|
||||
broker_ip: {get_attr: [broker_instance, first_address]}
|
||||
broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]}
|
||||
|
||||
scale_up_policy:
|
||||
type: OS::Heat::ScalingPolicy
|
||||
properties:
|
||||
adjustment_type: change_in_capacity
|
||||
auto_scaling_group_id: {get_resource: node_instance_group}
|
||||
cooldown: 60
|
||||
scaling_adjustment: 1
|
||||
|
||||
scale_down_policy:
|
||||
type: OS::Heat::ScalingPolicy
|
||||
properties:
|
||||
adjustment_type: change_in_capacity
|
||||
auto_scaling_group_id: {get_resource: node_instance_group}
|
||||
cooldown: 60
|
||||
scaling_adjustment: -1
|
||||
|
||||
gears_alarm_high:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-up if the average number of Gears is > 4 / node for 2 minutes
|
||||
meter_name: gear
|
||||
statistic: avg
|
||||
period: 120
|
||||
evaluation_periods: 1
|
||||
threshold: 80
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_up_policy, alarm_url]}
|
||||
comparison_operator: gt
|
||||
|
||||
gears_alarm_low:
|
||||
type: OS::Ceilometer::Alarm
|
||||
properties:
|
||||
description: Scale-down if the average number of Gears is < 1 / node for 10 minutes
|
||||
meter_name: gear
|
||||
statistic: avg
|
||||
period: 600
|
||||
evaluation_periods: 1
|
||||
threshold: 20
|
||||
alarm_actions:
|
||||
- {get_attr: [scale_down_policy, alarm_url]}
|
||||
comparison_operator: lt
|
|
@ -0,0 +1,493 @@
|
|||
heat_template_version: 2013-05-23
|
||||
|
||||
description: Template for setting up an OpenShift Origin environment
|
||||
|
||||
parameters:
|
||||
prefix:
|
||||
description: Your DNS Prefix
|
||||
type: string
|
||||
default: example.com
|
||||
upstream_dns:
|
||||
description: Upstream DNS server
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
upstream_ntp:
|
||||
description: Upstream NTP server
|
||||
type: string
|
||||
default: clock.redhat.com
|
||||
broker_flavor:
|
||||
description: Flavor of Broker instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
node_flavor:
|
||||
description: Flavor of Node instance
|
||||
type: string
|
||||
default: m1.medium
|
||||
broker_hostname:
|
||||
description: Hostname of Broker instance
|
||||
type: string
|
||||
default: brokerinstance
|
||||
node_hostname:
|
||||
description: Hostname of Node instance
|
||||
type: string
|
||||
default: nodeinstance
|
||||
username:
|
||||
description: Username for accessing OpenShift Origin
|
||||
type: string
|
||||
default: openshift
|
||||
password:
|
||||
description: Password for accessing OpenShift Origin
|
||||
type: string
|
||||
default: password
|
||||
public_net_id:
|
||||
description: External network ID
|
||||
type: string
|
||||
private_network_name:
|
||||
description: Name of the private network wich will be created
|
||||
type: string
|
||||
default: OpenShift-Network
|
||||
private_network_cidr:
|
||||
description: Private network address (CIDR format)
|
||||
type: string
|
||||
default: 10.0.0.0/8
|
||||
private_network_gateway:
|
||||
description: Private network gateway
|
||||
type: string
|
||||
default: 10.0.0.1
|
||||
private_network_dns:
|
||||
description: Private network DNS
|
||||
type: string
|
||||
default: 8.8.8.8
|
||||
private_network_pool_start:
|
||||
description: Private network pool start
|
||||
type: string
|
||||
default: 10.0.0.2
|
||||
private_network_pool_end:
|
||||
description: Private network pool end
|
||||
type: string
|
||||
default: 10.255.255.254
|
||||
dev_mode:
|
||||
description: Sets development mode and extra logging.
|
||||
type: string
|
||||
default: false
|
||||
puppet_module_url:
|
||||
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: https://github.com/openshift/puppet-openshift_origin.git
|
||||
puppet_module_branch:
|
||||
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
||||
type: string
|
||||
default: master
|
||||
public_ssh_key:
|
||||
description: Public key that will be used for SSH connection to instances
|
||||
type: string
|
||||
ssh_key_name:
|
||||
description: SSHKey name
|
||||
type: string
|
||||
default: OpenshiftSSHKey
|
||||
image_broker_name:
|
||||
description: Name of the image you have created for the broker with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-broker
|
||||
image_node_name:
|
||||
description: Name of the image you have created for the node with diskimage-builder
|
||||
type: string
|
||||
default: F19-x86_64-openshift-origin-node
|
||||
openshift_version:
|
||||
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- git checkout 722687c
|
||||
- git checkout master
|
||||
default: git checkout 722687c
|
||||
stdlib_version:
|
||||
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/stdlib --version 4.3.2
|
||||
- puppetlabs/stdlib
|
||||
default: puppetlabs/stdlib --version 4.3.2
|
||||
ntp_version:
|
||||
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/ntp --version 3.1.2
|
||||
- puppetlabs/ntp
|
||||
default: puppetlabs/ntp --version 3.1.2
|
||||
concat_version:
|
||||
description: Version of concat puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs-concat --version 1.0.4
|
||||
- puppetlabs-concat
|
||||
default: puppetlabs-concat --version 1.0.4
|
||||
lokkit_version:
|
||||
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- rharrison-lokkit --version 0.5.0
|
||||
- rharrison-lokkit
|
||||
default: rharrison-lokkit --version 0.5.0
|
||||
selinux_types_version:
|
||||
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- blentz-selinux_types --version 0.1.0
|
||||
- blentz-selinux_types
|
||||
default: blentz-selinux_types --version 0.1.0
|
||||
haproxy_version:
|
||||
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- puppetlabs/haproxy --version 1.0.0
|
||||
- puppetlabs/haproxy
|
||||
default: puppetlabs/haproxy --version 1.0.0
|
||||
keepalived_version:
|
||||
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- arioch/keepalived --version 0.1.0
|
||||
- arioch/keepalived
|
||||
default: arioch/keepalived --version 0.1.0
|
||||
sysctl_version:
|
||||
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
||||
type: string
|
||||
constraints:
|
||||
- allowed_values:
|
||||
- duritong-sysctl --version 0.0.4
|
||||
- duritong-sysctl
|
||||
default: duritong-sysctl --version 0.0.4
|
||||
|
||||
resources:
|
||||
openshift_origin_security_group:
|
||||
type: OS::Neutron::SecurityGroup
|
||||
properties:
|
||||
description: OpenShift Origin Firewall Rules
|
||||
rules: [
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": icmp
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 22,
|
||||
"port_range_max": 22
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": udp,
|
||||
"port_range_min": 53,
|
||||
"port_range_max": 53
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 80,
|
||||
"port_range_max": 80
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 443,
|
||||
"port_range_max": 443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8443,
|
||||
"port_range_max": 8443
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8000,
|
||||
"port_range_max": 8000
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 8080,
|
||||
"port_range_max": 8080
|
||||
},
|
||||
{
|
||||
"remote_ip_prefix": 0.0.0.0/0,
|
||||
"protocol": tcp,
|
||||
"port_range_min": 61613,
|
||||
"port_range_max": 61613
|
||||
}
|
||||
]
|
||||
|
||||
ssh_key:
|
||||
type: OS::Nova::KeyPair
|
||||
properties:
|
||||
name: {get_param: ssh_key_name}
|
||||
public_key: {get_param: public_ssh_key}
|
||||
|
||||
private_network:
|
||||
type: OS::Neutron::Net
|
||||
properties:
|
||||
name: {get_param: private_network_name}
|
||||
|
||||
private_sub_network:
|
||||
type: OS::Neutron::Subnet
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
cidr: {get_param: private_network_cidr}
|
||||
gateway_ip: {get_param: private_network_gateway}
|
||||
dns_nameservers: [ {get_param: private_network_dns} ]
|
||||
allocation_pools: [{
|
||||
"start": {get_param: private_network_pool_start},
|
||||
"end": {get_param: private_network_pool_end}
|
||||
}]
|
||||
|
||||
router:
|
||||
type: OS::Neutron::Router
|
||||
|
||||
router_gateway:
|
||||
type: OS::Neutron::RouterGateway
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
network_id: {get_param: public_net_id}
|
||||
|
||||
router_interface:
|
||||
type: OS::Neutron::RouterInterface
|
||||
properties:
|
||||
router_id: {get_resource: router}
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
|
||||
broker_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_resource: openshift_origin_security_group}]
|
||||
|
||||
broker_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: broker_port}
|
||||
|
||||
broker_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
broker_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: broker_instance
|
||||
properties:
|
||||
Handle: {get_resource: broker_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
broker_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
|
||||
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
|
||||
export HOSTNAME=$BrokerHostname
|
||||
export USERNAME=$Username
|
||||
export PASSWORD=$Password
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['broker','nameserver','msgserver','datastore'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
broker_hostname => \$my_hostname,
|
||||
nameserver_hostname => \$my_hostname,
|
||||
datastore_hostname => \$my_hostname,
|
||||
msgserver_hostname => \$my_hostname,
|
||||
broker_auth_plugin => 'htpasswd',
|
||||
openshift_user1 => '${USERNAME}',
|
||||
openshift_password1 => '${PASSWORD}',
|
||||
development_mode => ${DEV_MODE},
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $ConcatVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $SelinuxVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
|
||||
chkconfig activemq on
|
||||
service activemq start
|
||||
setenforce 1
|
||||
params:
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$BrokerWaitHandle: {get_resource: broker_wait_handle}
|
||||
$BrokerHostname: {get_param: broker_hostname}
|
||||
$Username: {get_param: username}
|
||||
$Password: {get_param: password}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$ConcatVersion: {get_param: concat_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
|
||||
broker_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_broker_name}
|
||||
flavor: {get_param: broker_flavor}
|
||||
key_name: {get_resource: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: broker_port}
|
||||
]
|
||||
user_data: {get_resource: broker_user_data}
|
||||
user_data_format: RAW
|
||||
|
||||
node_port:
|
||||
type: OS::Neutron::Port
|
||||
properties:
|
||||
network_id: {get_resource: private_network}
|
||||
fixed_ips: [
|
||||
subnet_id: {get_resource: private_sub_network}
|
||||
]
|
||||
security_groups: [{get_resource: openshift_origin_security_group}]
|
||||
|
||||
node_floating_ip:
|
||||
type: OS::Neutron::FloatingIP
|
||||
properties:
|
||||
floating_network_id: {get_param: public_net_id}
|
||||
port_id: {get_resource: node_port}
|
||||
|
||||
node_wait_handle:
|
||||
type: AWS::CloudFormation::WaitConditionHandle
|
||||
|
||||
node_wait_condition:
|
||||
type: AWS::CloudFormation::WaitCondition
|
||||
depends_on: node_instance
|
||||
properties:
|
||||
Handle: {get_resource: node_wait_handle}
|
||||
Timeout: 1800
|
||||
|
||||
node_user_data:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config:
|
||||
str_replace:
|
||||
template: |
|
||||
#!/bin/bash -x
|
||||
export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'`
|
||||
export BROKER_IP=$BrokerIP
|
||||
export NODE_FLOATING_IP=$NodeFloatingIP
|
||||
export PREFIX=$Prefix
|
||||
export UPSTREAM_DNS=$UpstreamDNS
|
||||
export UPSTREAM_NTP=$UpstreamNTP
|
||||
export NODE_WAIT_HANDLE="$NodeWaitHandle"
|
||||
export HOSTNAME=$NodeHostname
|
||||
export DEV_MODE=$DevMode
|
||||
export PUPPET_MODULE_URL=$PuppetURL
|
||||
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
||||
cat << EOF > /root/configure.pp
|
||||
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
||||
exec { "set hostname":
|
||||
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
||||
}
|
||||
class { 'openshift_origin' :
|
||||
roles => ['node'],
|
||||
bind_key => '${DNS_SEC_KEY}',
|
||||
nameserver_ip_addr => '${BROKER_IP}',
|
||||
domain => '${PREFIX}',
|
||||
register_host_with_nameserver => true,
|
||||
broker_hostname => '${BROKER_IP}',
|
||||
msgserver_hostname => '${BROKER_IP}',
|
||||
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
||||
node_hostname => \$my_hostname,
|
||||
install_method => 'yum',
|
||||
jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',
|
||||
development_mode => ${DEV_MODE},
|
||||
node_ip_addr => '${NODE_FLOATING_IP}',
|
||||
}
|
||||
EOF
|
||||
mkdir -p /etc/puppet/modules
|
||||
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
||||
cd /etc/puppet/modules/openshift_origin
|
||||
$OpenShiftVersion
|
||||
puppet module install $StdlibVersion
|
||||
puppet module install $NtpVersion
|
||||
puppet module install $SysctlVersion
|
||||
puppet module install $LokkitVersion
|
||||
puppet module install $HaproxyVersion
|
||||
puppet module install $KeepalivedVersion
|
||||
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
||||
setenforce 0
|
||||
/opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE}
|
||||
setenforce 1
|
||||
params:
|
||||
$BrokerWaitConditionData: {get_attr: [broker_wait_condition, Data]}
|
||||
$BrokerIP: {get_attr: [broker_instance, first_address]}
|
||||
$NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]}
|
||||
$Prefix: {get_param: prefix}
|
||||
$UpstreamDNS: {get_param: upstream_dns}
|
||||
$UpstreamNTP: {get_param: upstream_ntp}
|
||||
$NodeWaitHandle: {get_resource: node_wait_handle}
|
||||
$NodeHostname: {get_param: node_hostname}
|
||||
$DevMode: {get_param: dev_mode}
|
||||
$PuppetURL: {get_param: puppet_module_url}
|
||||
$PuppetBranch: {get_param: puppet_module_branch}
|
||||
$OpenShiftVersion: {get_param: openshift_version}
|
||||
$StdlibVersion: {get_param: stdlib_version}
|
||||
$NtpVersion: {get_param: ntp_version}
|
||||
$SysctlVersion: {get_param: sysctl_version}
|
||||
$LokkitVersion: {get_param: lokkit_version}
|
||||
$SelinuxVersion: {get_param: selinux_types_version}
|
||||
$HaproxyVersion: {get_param: haproxy_version}
|
||||
$KeepalivedVersion: {get_param: keepalived_version}
|
||||
|
||||
node_instance:
|
||||
type: OS::Nova::Server
|
||||
properties:
|
||||
image: {get_param: image_node_name}
|
||||
flavor: {get_param: node_flavor}
|
||||
key_name: {get_resource: ssh_key}
|
||||
networks: [
|
||||
port: {get_resource: node_port}
|
||||
]
|
||||
user_data: {get_resource: node_user_data}
|
||||
user_data_format: RAW
|
Loading…
Reference in New Issue