From dd8cb1c9ad228bcca42908ac5a14bde785e82e17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Ab=C3=A9lard?= Date: Mon, 4 Aug 2014 11:24:48 +0200 Subject: [PATCH] New heat templates for Openshift-Origin deployment using scalability functionality New heat templates for Openshift-Origin deployment using scalability functionality. Templates are based on the Openshift-Origin template (https://github.com/openstack/heat-templates/tree/master/openshift-origin/F19). The aim is to add scalability functionality to this template. Metric use for the scalability are cpu_util and nbgears. This second metric is a custom metric implemented by a bash script calling by cron to get from the broker node the number of gears used and the number of node connected, to determine when a new node is needed. The data is send to the Ceilometer V2 API and used in the heat template. To avoid compatibility issues due to changes in this project or in Puppet modules it depends, versions parameters are provided in hot templates. I implemented 5 templates : aws format : - openshift (1 node and 1 broker) hot format : - openshift (1 node and 1 broker) - openshift-scalable-cpu (scalable openshift environment using cpu_util metric) - openshift-scalable-nbgears (scalable openshift environment using nbgears custom metric) - openshift-scalable-cpu-nbgears (scalable openshift environment using cpu_util metric and nbgears custom metric) Change-Id: Idfdf158ff6176c5ef6902e27a6e764e23171cf4c Implements: blueprint heat-openshift-templates --- openshift-origin/F19/README.rst | 8 +- openshift-origin/F19/aws-template/README.rst | 10 + .../openshift.template} | 200 +++++-- openshift-origin/F19/hot-template/README.rst | 18 + .../nodeinstance.yaml | 295 ++++++++++ .../openshift.yaml | 513 ++++++++++++++++++ .../openshift-scalable-cpu/nodeinstance.yaml | 295 ++++++++++ .../openshift-scalable-cpu/openshift.yaml | 467 ++++++++++++++++ .../nodeinstance.yaml | 292 ++++++++++ .../openshift-scalable-nbgears/openshift.yaml | 484 +++++++++++++++++ .../F19/hot-template/openshift/openshift.yaml | 493 +++++++++++++++++ 11 files changed, 3016 insertions(+), 59 deletions(-) create mode 100644 openshift-origin/F19/aws-template/README.rst rename openshift-origin/F19/{OpenShift.template => aws-template/openshift.template} (63%) create mode 100644 openshift-origin/F19/hot-template/README.rst create mode 100644 openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/nodeinstance.yaml create mode 100644 openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/openshift.yaml create mode 100644 openshift-origin/F19/hot-template/openshift-scalable-cpu/nodeinstance.yaml create mode 100644 openshift-origin/F19/hot-template/openshift-scalable-cpu/openshift.yaml create mode 100644 openshift-origin/F19/hot-template/openshift-scalable-nbgears/nodeinstance.yaml create mode 100644 openshift-origin/F19/hot-template/openshift-scalable-nbgears/openshift.yaml create mode 100644 openshift-origin/F19/hot-template/openshift/openshift.yaml diff --git a/openshift-origin/F19/README.rst b/openshift-origin/F19/README.rst index 29c8ab41..03d736c9 100644 --- a/openshift-origin/F19/README.rst +++ b/openshift-origin/F19/README.rst @@ -3,11 +3,13 @@ OpenShift Origin Templates ========================== This directory contains files for deploying OpenShift Origin to an OpenStack environment via Heat. -The template has been tested with the OpenStack Icehouse-2 release. -It includes the following files: +The templates has been tested with the OpenStack Icehouse 2014.1 release. -* `OpenShift.template` - heat template for launching OpenShift Origin with a single broker instance and a single node instance +It includes the following folders: + +* `hot-template` - heat templates in HOT format for launching OpenShift Origin +* `aws-template` - heat templates in AWS format for launching OpenShift Origin * `elements` - diskimage-builder elements to build images To build with diskimage-builder, do the following in the parent directory of heat-templates:: diff --git a/openshift-origin/F19/aws-template/README.rst b/openshift-origin/F19/aws-template/README.rst new file mode 100644 index 00000000..bd20429b --- /dev/null +++ b/openshift-origin/F19/aws-template/README.rst @@ -0,0 +1,10 @@ +============================= +OpenShift Origin AWS Template +============================= + +This directory contains template for deploying OpenShift Origin to an OpenStack environment via Heat. + +It includes the following file: + +* `openshift.template` - heat templates in AWS format for launching OpenShift Origin with a single broker instance and a single node instance + diff --git a/openshift-origin/F19/OpenShift.template b/openshift-origin/F19/aws-template/openshift.template similarity index 63% rename from openshift-origin/F19/OpenShift.template rename to openshift-origin/F19/aws-template/openshift.template index a0c9964b..b253e831 100644 --- a/openshift-origin/F19/OpenShift.template +++ b/openshift-origin/F19/aws-template/openshift.template @@ -7,9 +7,7 @@ "KeyName": { "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances", "Type": "String", - "MinLength": "1", - "MaxLength": "64", - "AllowedPattern": "[-_ a-zA-Z0-9]*" + "Default": "SSHKey" }, "Prefix": { "Description": "Your DNS Prefix", @@ -41,13 +39,13 @@ "BrokerHostname": { "Description": "Hostname of Broker instance", "Type": "String", - "Default": "openshift.brokerinstance.novalocal", + "Default": "brokerinstance", "MinLength": "1" }, "NodeHostname": { "Description": "Hostname of Node instance", "Type": "String", - "Default": "openshift.nodeinstance.novalocal", + "Default": "nodeinstance", "MinLength": "1" }, "Username": { @@ -60,13 +58,39 @@ "Type": "String", "Default": "password" }, - "NetID": { - "Description": "ID of Neutron network into which servers get deployed", + "PublicNetID": { + "Description": "External network ID", "Type": "String" }, - "SubnetID": { - "Description": "ID of Neutron subnet into which servers get deployed", - "Type": "String" + "PrivateNetworkName": { + "Description": "Name of the private network wich will be created", + "Type": "String", + "Default": "OpenShift-Network" + }, + "PrivateNetworkCidr": { + "Description": "Private network address (CIDR format)", + "Type": "String", + "Default": "10.0.0.0/8" + }, + "PrivateNetworkGateway": { + "Description": "Private network gateway", + "Type": "String", + "Default": "10.0.0.1" + }, + "PrivateNetworkDNS": { + "Description": "Private network DNS", + "Type": "String", + "Default": "8.8.8.8" + }, + "PrivateNetworkPoolStart": { + "Description": "Private network pool start", + "Type": "String", + "Default": "10.0.0.2" + }, + "PrivateNetworkPoolEnd": { + "Description": "Private network pool end", + "Type": "String", + "Default": "10.255.255.254" }, "DevMode": { "Description": "Sets development mode and extra logging.", @@ -148,17 +172,66 @@ } }, + "PrivateNetwork":{ + "Type": "OS::Neutron::Net", + "Properties": { + "name": { "Ref": "PrivateNetworkName" } + } + }, + + "PrivateSubNetwork":{ + "Type": "OS::Neutron::Subnet", + "Properties": { + "network_id": { "Ref": "PrivateNetwork" }, + "cidr": { "Ref": "PrivateNetworkCidr" }, + "gateway_ip": { "Ref": "PrivateNetworkGateway" }, + "dns_nameservers": [{ "Ref": "PrivateNetworkDNS" }], + "allocation_pools": [{ + "start": {"Ref": "PrivateNetworkPoolStart"}, + "end": {"Ref": "PrivateNetworkPoolEnd"} + }] + } + }, + + "Router":{ + "Type": "OS::Neutron::Router" + }, + + "RouterGateway":{ + "Type": "OS::Neutron::RouterGateway", + "Properties": { + "router_id": { "Ref": "Router" }, + "network_id": { "Ref": "PublicNetID" } + } + }, + + "RouterInterface":{ + "Type": "OS::Neutron::RouterInterface", + "Properties": { + "router_id": { "Ref": "Router" }, + "subnet_id": { "Ref": "PrivateSubNetwork" } + } + }, + "BrokerPort": { "Type": "OS::Neutron::Port", "Properties": { - "network_id": { "Ref": "NetID" }, + "network_id": { "Ref": "PrivateNetwork" }, "fixed_ips": [{ - "subnet_id": { "Ref": "SubnetID" } + "subnet_id": { "Ref": "PrivateSubNetwork" } }], "security_groups": [{ "Ref": "OpenShiftOriginSecurityGroup" }] } }, + "BrokerFloatingIP": { + "Type": "OS::Neutron::FloatingIP", + "Properties": { + "floating_network_id": { "Ref": "PublicNetID" }, + "port_id": { "Ref": "BrokerPort" } + } + }, + "BrokerWaitHandle": { "Type": "AWS::CloudFormation::WaitConditionHandle" }, @@ -205,31 +278,37 @@ " command => \"/bin/hostname \\${my_hostname} ; echo \\${my_hostname} > /etc/hostname\"\n", "}\n", "class { 'openshift_origin' :\n", - " roles => ['broker','nameserver','msgserver','datastore'],\n", - " bind_key => '${DNS_SEC_KEY}',\n", - " domain => '${PREFIX}',\n", + " roles => ['broker','nameserver','msgserver','datastore'],\n", + " bind_key => '${DNS_SEC_KEY}',\n", + " domain => '${PREFIX}',\n", " register_host_with_nameserver => true,\n", " conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],\n", - " ntp_servers => ['${UPSTREAM_NTP}'],\n", - " broker_hostname => \\$my_hostname,\n", - " nameserver_hostname => \\$my_hostname,\n", - " datastore_hostname => \\$my_hostname,\n", - " msgserver_hostname => \\$my_hostname,\n", - " broker_auth_plugin => 'htpasswd',\n", - " openshift_user1 => '${USERNAME}',\n", - " openshift_password1 => '${PASSWORD}',\n", - " development_mode => ${DEV_MODE},\n", + " ntp_servers => ['${UPSTREAM_NTP}'],\n", + " broker_hostname => \\$my_hostname,\n", + " nameserver_hostname => \\$my_hostname,\n", + " datastore_hostname => \\$my_hostname,\n", + " msgserver_hostname => \\$my_hostname,\n", + " broker_auth_plugin => 'htpasswd',\n", + " openshift_user1 => '${USERNAME}',\n", + " openshift_password1 => '${PASSWORD}',\n", + " development_mode => ${DEV_MODE},\n", "}\n", "EOF\n", "mkdir -p /etc/puppet/modules\n", "git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin", "\n", - "puppet module install rharrison/lokkit", "\n", - "puppet module install puppetlabs/ntp", "\n", "puppet module install puppetlabs/stdlib", "\n", - "puppet module install blentz/selinux_types", "\n", - "puppet module install duritong/sysctl", "\n", - "puppet apply -v -d /root/configure.pp | tee /var/log/configure_openshift.log", "\n", - "/opt/aws/bin/cfn-signal -e 0 --data \"${DNS_SEC_KEY}\" -r \"Broker setup complete\" \"${BROKER_WAIT_HANDLE}\"\n" + "puppet module install puppetlabs/ntp", "\n", + "puppet module install puppetlabs-concat", "\n", + "puppet module install rharrison-lokkit", "\n", + "puppet module install blentz-selinux_types", "\n", + "puppet module install puppetlabs/haproxy", "\n", + "puppet module install arioch/keepalived", "\n", + "puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log", "\n", + "setenforce 0", "\n", + "/opt/aws/bin/cfn-signal -e 0 --data \"${DNS_SEC_KEY}\" -r \"Broker setup complete\" \"${BROKER_WAIT_HANDLE}\"\n", + "chkconfig activemq on", "\n", + "service activemq start", "\n", + "setenforce 1", "\n" ] ] } @@ -240,14 +319,22 @@ "NodePort": { "Type": "OS::Neutron::Port", "Properties": { - "network_id": { "Ref": "NetID" }, + "network_id": { "Ref": "PrivateNetwork" }, "fixed_ips": [{ - "subnet_id": { "Ref": "SubnetID" } + "subnet_id": { "Ref": "PrivateSubNetwork" } }], "security_groups": [{ "Ref": "OpenShiftOriginSecurityGroup" }] } }, + "NodeFloatingIP": { + "Type": "OS::Neutron::FloatingIP", + "Properties": { + "floating_network_id": { "Ref": "PublicNetID" }, + "port_id": { "Ref": "NodePort" } + } + }, + "NodeWaitHandle": { "Type": "AWS::CloudFormation::WaitConditionHandle" }, @@ -279,6 +366,7 @@ "#!/bin/bash -x\n", "export DNS_SEC_KEY=\"`python -c 'print ",{ "Fn::GetAtt": [ "BrokerWaitCondition", "Data" ] },"[\"00000\"]'`\"\n", "export BROKER_IP=", { "Fn::GetAtt": [ "BrokerInstance", "first_address" ] }, "\n", + "export NODE_FLOATING_IP=", { "Fn::GetAtt": [ "NodeFloatingIP", "floating_ip_address" ] }, "\n", "export PREFIX=", { "Ref": "Prefix" }, "\n", "export UPSTREAM_DNS=", { "Ref": "UpstreamDNS" }, "\n", "export UPSTREAM_NTP=", { "Ref": "UpstreamNTP" }, "\n", @@ -293,30 +381,33 @@ " command => \"/bin/hostname \\${my_hostname} ; echo \\${my_hostname} > /etc/hostname\"\n", "}\n", "class { 'openshift_origin' :\n", - " roles => ['node'],\n", - " bind_key => '${DNS_SEC_KEY}',\n", - " nameserver_ip_addr => '${BROKER_IP}',\n", - " domain => '${PREFIX}',\n", + " roles => ['node'],\n", + " bind_key => '${DNS_SEC_KEY}',\n", + " nameserver_ip_addr => '${BROKER_IP}',\n", + " domain => '${PREFIX}',\n", " register_host_with_nameserver => true,\n", - " broker_hostname => '${BROKER_IP}',\n", - " msgserver_hostname => '${BROKER_IP}',\n", - " ntp_servers => ['${UPSTREAM_NTP}'],\n", - " node_hostname => \\$my_hostname,\n", - " install_method => 'yum',\n", - " jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',\n", - " install_cartridges => ['php', 'mysql'],\n", - " development_mode => ${DEV_MODE},\n", + " broker_hostname => '${BROKER_IP}',\n", + " msgserver_hostname => '${BROKER_IP}',\n", + " ntp_servers => ['${UPSTREAM_NTP}'],\n", + " node_hostname => \\$my_hostname,\n", + " install_method => 'yum',\n", + " jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',\n", + " development_mode => ${DEV_MODE},\n", + " node_ip_addr => '${NODE_FLOATING_IP}',\n", "}\n", "EOF\n", "mkdir -p /etc/puppet/modules\n", "git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin", "\n", - "puppet module install rharrison/lokkit", "\n", - "puppet module install puppetlabs/ntp", "\n", "puppet module install puppetlabs/stdlib", "\n", - "puppet module install blentz/selinux_types", "\n", - "puppet module install duritong/sysctl", "\n", - "puppet apply -v -d /root/configure.pp | tee /var/log/configure_openshift.log", "\n", - "/opt/aws/bin/cfn-signal -e 0 -r \"Node setup complete\" \"${NODE_WAIT_HANDLE}\"\n" + "puppet module install puppetlabs/ntp", "\n", + "puppet module install duritong-sysctl", "\n", + "puppet module install rharrison-lokkit", "\n", + "puppet module install puppetlabs/haproxy", "\n", + "puppet module install arioch/keepalived", "\n", + "puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log", "\n", + "setenforce 0", "\n", + "/opt/aws/bin/cfn-signal -e 0 -r \"Node setup complete\" \"${NODE_WAIT_HANDLE}\"\n", + "setenforce 1", "\n" ] ] } @@ -327,12 +418,9 @@ "Outputs" : { "OpenShiftConsole" : { - "Value" : { "Fn::Join" : ["", ["https://", { "Fn::GetAtt" : [ "BrokerInstance", "first_address" ]}, "/console"]] }, - "Description" : "URL for OpenShift Origin cConsole" - }, - "NameServerEntry" : { - "Value" : { "Fn::Join" : ["", ["nameserver ", { "Fn::GetAtt" : [ "BrokerInstance", "first_address" ]}]] }, - "Description" : "Entry to insert into /etc/resolv.conf for application host names to resolve" + "Value" : { "Fn::Join" : ["", ["https://", { "Fn::GetAtt" : [ "BrokerFloatingIP", "floating_ip_address" ]}, "/console"]] }, + "Description" : "URL for OpenShift Origin Console" } } } + diff --git a/openshift-origin/F19/hot-template/README.rst b/openshift-origin/F19/hot-template/README.rst new file mode 100644 index 00000000..8b89b1d8 --- /dev/null +++ b/openshift-origin/F19/hot-template/README.rst @@ -0,0 +1,18 @@ +============================== +OpenShift Origin HOT Templates +============================== + +This directory contains templates for deploying OpenShift Origin to an OpenStack environment via Heat. + +To install OpenShift Origin, this Puppet module is used : https://github.com/openshift/puppet-openshift_origin. + +To avoid compatibility issues due to changes in this project or in Puppet modules it depends, versions parameters are provided. +So, if you leave the default _version parameters, the commands executed on the instances install a specific version of puppet modules needed. The version installed is a production version which as been verified as working. +If you want to use the latest versions, you have to select the other value. The commands executed on the instances don't install a specific version of puppet modules needed. So the lastest version will be installed. + +It includes the following folders: + +* `openshift` - heat templates in HOT format for launching OpenShift Origin with a single broker instance and a single node instance +* `openshift-scalable-cpu` - heat templates in HOT format for launching OpenShift Origin with implementation of scalability based on cpu_util Ceilometer metric +* `openshift-scalable-nbgears` - heat templates in HOT format for launching OpenShift Origin with implementation of scalability based on number of deployed gears on OpenShift node instances (using a custom metric based on bash script that send the data periodically to the Ceilometer API using cron) +* `openshift-scalable-cpu-nbgears` - heat templates in HOT format for launching OpenShift Origin with implementation of scalability based on cpu_util Ceilometer metric and on number of deploy gears on OpenShift node instances (using a custom metric based on bash script that send the data periodically to the Ceilometer API using cron) diff --git a/openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/nodeinstance.yaml b/openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/nodeinstance.yaml new file mode 100644 index 00000000..b885292c --- /dev/null +++ b/openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/nodeinstance.yaml @@ -0,0 +1,295 @@ +heat_template_version: 2013-05-23 + +description: Template for setting up an OpenShift Origin environment + +parameters: + prefix: + description: Your DNS Prefix + type: string + default: example.com + upstream_dns: + description: Upstream DNS server + type: string + default: 8.8.8.8 + upstream_ntp: + description: Upstream NTP server + type: string + default: clock.redhat.com + broker_flavor: + description: Flavor of Broker instance + type: string + default: m1.medium + node_flavor: + description: Flavor of Node instance + type: string + default: m1.medium + broker_hostname: + description: Hostname of Broker instance + type: string + default: brokerinstance + node_hostname: + description: Hostname of Node instance + type: string + default: nodeinstance + username: + description: Username for accessing OpenShift Origin + type: string + default: openshift + password: + description: Password for accessing OpenShift Origin + type: string + default: password + public_net_id: + description: External network ID + type: string + private_network_name: + description: Name of the private network wich will be created + type: string + default: OpenShift-Network + private_network_cidr: + description: Private network address (CIDR format) + type: string + default: 10.0.0.0/8 + private_network_gateway: + description: Private network gateway + type: string + default: 10.0.0.1 + private_network_dns: + description: Private network DNS + type: string + default: 8.8.8.8 + private_network_pool_start: + description: Private network pool start + type: string + default: 10.0.0.2 + private_network_pool_end: + description: Private network pool end + type: string + default: 10.255.255.254 + dev_mode: + description: Sets development mode and extra logging. + type: string + default: false + puppet_module_url: + description: Sets the URL to pull the OpenShift Origin Puppet module from. + type: string + default: https://github.com/openshift/puppet-openshift_origin.git + puppet_module_branch: + description: Sets the repo branch to pull the OpenShift Origin Puppet module from. + type: string + default: master + private_network: + description: private network. + type: string + private_sub_network: + description: private sub network. + type: string + security_group: + description: security group. + type: string + broker_ip: + description: broker ip. + type: string + broker_wait_condition_data: + description: broker wait condition data. + type: string + metadata: + type: json + ssh_key: + description: SSHKey created in principal template file + type: string + image_broker_name: + description: Name of the image you have created for the broker with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-broker + image_node_name: + description: Name of the image you have created for the node with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-node + openshift_version: + description: Version of openshift puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - git checkout 722687c + - git checkout master + default: git checkout 722687c + stdlib_version: + description: Version of stdlib puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/stdlib --version 4.3.2 + - puppetlabs/stdlib + default: puppetlabs/stdlib --version 4.3.2 + ntp_version: + description: Version of ntp puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/ntp --version 3.1.2 + - puppetlabs/ntp + default: puppetlabs/ntp --version 3.1.2 + concat_version: + description: Version of concat puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs-concat --version 1.0.4 + - puppetlabs-concat + default: puppetlabs-concat --version 1.0.4 + lokkit_version: + description: Version of lokkit puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - rharrison-lokkit --version 0.5.0 + - rharrison-lokkit + default: rharrison-lokkit --version 0.5.0 + selinux_types_version: + description: Version of selinux_types puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - blentz-selinux_types --version 0.1.0 + - blentz-selinux_types + default: blentz-selinux_types --version 0.1.0 + haproxy_version: + description: Version of haproxy puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/haproxy --version 1.0.0 + - puppetlabs/haproxy + default: puppetlabs/haproxy --version 1.0.0 + keepalived_version: + description: Version of keepalived puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - arioch/keepalived --version 0.1.0 + - arioch/keepalived + default: arioch/keepalived --version 0.1.0 + sysctl_version: + description: Version of sysctl puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - duritong-sysctl --version 0.0.4 + - duritong-sysctl + default: duritong-sysctl --version 0.0.4 + +resources: + + node_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + node_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: node_instance + properties: + Handle: {get_resource: node_wait_handle} + Timeout: 1800 + + node_port: + type: OS::Neutron::Port + properties: + network_id: {get_param: private_network} + fixed_ips: [ + subnet_id: {get_param: private_sub_network} + ] + security_groups: [{get_param: security_group}] + + node_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: node_port} + + node_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'` + export BROKER_IP=$BrokerIP + export NODE_FLOATING_IP=$NodeFloatingIP + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export NODE_WAIT_HANDLE="$NodeWaitHandle" + export HOSTNAME=$NodeHostname + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['node'], + bind_key => '${DNS_SEC_KEY}', + nameserver_ip_addr => '${BROKER_IP}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + broker_hostname => '${BROKER_IP}', + msgserver_hostname => '${BROKER_IP}', + ntp_servers => ['${UPSTREAM_NTP} iburst'], + node_hostname => \$my_hostname, + install_method => 'yum', + jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat', + development_mode => ${DEV_MODE}, + node_ip_addr => '${NODE_FLOATING_IP}', + } + EOF + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $SysctlVersion + puppet module install $LokkitVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE} + setenforce 1 + params: + $BrokerWaitConditionData: {get_param: broker_wait_condition_data} + $BrokerIP: {get_param: broker_ip} + $NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]} + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $NodeWaitHandle: {get_resource: node_wait_handle} + $NodeHostname: {get_param: node_hostname} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $SysctlVersion: {get_param: sysctl_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + + node_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_node_name} + flavor: {get_param: node_flavor} + key_name: {get_param: ssh_key} + networks: [ + port: {get_resource: node_port} + ] + user_data: {get_resource: node_user_data} + user_data_format: RAW + metadata: {get_param: metadata} diff --git a/openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/openshift.yaml b/openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/openshift.yaml new file mode 100644 index 00000000..05394d0e --- /dev/null +++ b/openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/openshift.yaml @@ -0,0 +1,513 @@ +heat_template_version: 2013-05-23 + +description: Template for setting up an OpenShift Origin environment + +parameters: + prefix: + description: Your DNS Prefix + type: string + default: example.com + upstream_dns: + description: Upstream DNS server + type: string + default: 8.8.8.8 + upstream_ntp: + description: Upstream NTP server + type: string + default: clock.redhat.com + broker_flavor: + description: Flavor of Broker instance + type: string + default: m1.medium + node_flavor: + description: Flavor of Node instance + type: string + default: m1.medium + broker_hostname: + description: Hostname of Broker instance + type: string + default: brokerinstance + node_hostname: + description: Hostname of Node instance + type: string + default: nodeinstance + username: + description: Username for accessing OpenShift Origin + type: string + default: openshift + password: + description: Password for accessing OpenShift Origin + type: string + default: password + public_net_id: + description: External network ID + type: string + private_network_name: + description: Name of the private network wich will be created + type: string + default: OpenShift-Network + private_network_cidr: + description: Private network address (CIDR format) + type: string + default: 10.0.0.0/8 + private_network_gateway: + description: Private network gateway + type: string + default: 10.0.0.1 + private_network_dns: + description: Private network DNS + type: string + default: 8.8.8.8 + private_network_pool_start: + description: Private network pool start + type: string + default: 10.0.0.2 + private_network_pool_end: + description: Private network pool end + type: string + default: 10.255.255.254 + dev_mode: + description: Sets development mode and extra logging. + type: string + default: false + puppet_module_url: + description: Sets the URL to pull the OpenShift Origin Puppet module from. + type: string + default: https://github.com/openshift/puppet-openshift_origin.git + puppet_module_branch: + description: Sets the repo branch to pull the OpenShift Origin Puppet module from. + type: string + default: master + controller_ip: + description: The IP address of the OpenStack Controller + type: string + default: 192.168.202.101 + tenant_name: + description: The tenant name + type: string + default: admin + openstack_username: + description: Username of your Openstack account + type: string + default: admin + openstack_password: + description: Password of your Openstack account + type: string + default: network + node_instance_group_template_repo_address: + description: Repository address of the NodeInstanceGroup Template + type: string + public_ssh_key: + description: Public key that will be used for SSH connection to instances + type: string + ssh_key_name: + description: SSHKey name + type: string + default: OpenshiftSSHKey + image_broker_name: + description: Name of the image you have created for the broker with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-broker + image_node_name: + description: Name of the image you have created for the node with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-node + openshift_version: + description: Version of openshift puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - git checkout 722687c + - git checkout master + default: git checkout 722687c + stdlib_version: + description: Version of stdlib puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/stdlib --version 4.3.2 + - puppetlabs/stdlib + default: puppetlabs/stdlib --version 4.3.2 + ntp_version: + description: Version of ntp puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/ntp --version 3.1.2 + - puppetlabs/ntp + default: puppetlabs/ntp --version 3.1.2 + concat_version: + description: Version of concat puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs-concat --version 1.0.4 + - puppetlabs-concat + default: puppetlabs-concat --version 1.0.4 + lokkit_version: + description: Version of lokkit puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - rharrison-lokkit --version 0.5.0 + - rharrison-lokkit + default: rharrison-lokkit --version 0.5.0 + selinux_types_version: + description: Version of selinux_types puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - blentz-selinux_types --version 0.1.0 + - blentz-selinux_types + default: blentz-selinux_types --version 0.1.0 + haproxy_version: + description: Version of haproxy puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/haproxy --version 1.0.0 + - puppetlabs/haproxy + default: puppetlabs/haproxy --version 1.0.0 + keepalived_version: + description: Version of keepalived puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - arioch/keepalived --version 0.1.0 + - arioch/keepalived + default: arioch/keepalived --version 0.1.0 + sysctl_version: + description: Version of sysctl puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - duritong-sysctl --version 0.0.4 + - duritong-sysctl + default: duritong-sysctl --version 0.0.4 + +resources: + openshift_origin_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: OpenShift Origin Firewall Rules + rules: [ + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": icmp + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 22, + "port_range_max": 22 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": udp, + "port_range_min": 53, + "port_range_max": 53 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 80, + "port_range_max": 80 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 443, + "port_range_max": 443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8443, + "port_range_max": 8443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8000, + "port_range_max": 8000 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8080, + "port_range_max": 8080 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 61613, + "port_range_max": 61613 + } + ] + + ssh_key: + type: OS::Nova::KeyPair + properties: + name: {get_param: ssh_key_name} + public_key: {get_param: public_ssh_key} + + private_network: + type: OS::Neutron::Net + properties: + name: {get_param: private_network_name} + + private_sub_network: + type: OS::Neutron::Subnet + properties: + network_id: {get_resource: private_network} + cidr: {get_param: private_network_cidr} + gateway_ip: {get_param: private_network_gateway} + dns_nameservers: [ {get_param: private_network_dns} ] + allocation_pools: [{ + "start": {get_param: private_network_pool_start}, + "end": {get_param: private_network_pool_end} + }] + + router: + type: OS::Neutron::Router + + router_gateway: + type: OS::Neutron::RouterGateway + properties: + router_id: {get_resource: router} + network_id: {get_param: public_net_id} + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: {get_resource: router} + subnet_id: {get_resource: private_sub_network} + + broker_port: + type: OS::Neutron::Port + properties: + network_id: {get_resource: private_network} + fixed_ips: [ + subnet_id: {get_resource: private_sub_network} + ] + security_groups: [{get_resource: openshift_origin_security_group}] + + broker_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: broker_port} + + broker_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + broker_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: broker_instance + properties: + Handle: {get_resource: broker_wait_handle} + Timeout: 1800 + + broker_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + /usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix + export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'` + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export BROKER_WAIT_HANDLE="$BrokerWaitHandle" + export HOSTNAME=$BrokerHostname + export USERNAME=$Username + export PASSWORD=$Password + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['broker','nameserver','msgserver','datastore'], + bind_key => '${DNS_SEC_KEY}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'], + ntp_servers => ['${UPSTREAM_NTP} iburst'], + broker_hostname => \$my_hostname, + nameserver_hostname => \$my_hostname, + datastore_hostname => \$my_hostname, + msgserver_hostname => \$my_hostname, + broker_auth_plugin => 'htpasswd', + openshift_user1 => '${USERNAME}', + openshift_password1 => '${PASSWORD}', + development_mode => ${DEV_MODE}, + } + EOF + cat << EOF > ~/nbGears.sh + #!/bin/bash -x + MEMORY=\$(cat /proc/meminfo | grep "MemTotal:" | cut -d : -f 2 | tr -d ' ' | tr -d 'kB') + GEARS=\$(/usr/sbin/oo-stats | grep "Gears active count" | cut -d : -f 2 | cut -d " " -f 2) + NODES=\$(/usr/sbin/oo-stats | grep "Nodes count" | cut -d : -f 2 | cut -d " " -f 2) + let "GEARSPERNODE=\$MEMORY/512000" + let "RESULT=\$GEARS*100/\$NODES/\$GEARSPERNODE" + curl http://$ControllerIP:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -d '{"auth": {"tenantName": "$TenantName", "passwordCredentials": {"username": "$UserName", "password": "$OpenStackPassword"}}}' > auth_token.dat + TOKEN=\$(awk -F"[,:]" '{for(i=1;i<=NF;i++) + {if(\$i~/id\042/) + {print \$(i+1)} + } + }' auth_token.dat | awk -F'"' '{print \$2; exit}') + curl -X POST -H "X-Auth-Token: \$TOKEN" -H 'Content-Type: application/json' -d '[{"counter_name": "gear", "user_id": "1", "resource_id": "1","counter_unit": "%", "counter_volume":'"\$RESULT"', "project_id": "1", "counter_type": "gauge"}]' http://$ControllerIP:8777/v2/meters/gear + EOF + chmod 744 ~/nbGears.sh + cat << EOF > /etc/cron.d/cronNbGears + * * * * * root ~/nbGears.sh + EOF + /sbin/service crond restart + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $ConcatVersion + puppet module install $LokkitVersion + puppet module install $SelinuxVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE} + chkconfig activemq on + service activemq start + setenforce 1 + params: + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $BrokerWaitHandle: {get_resource: broker_wait_handle} + $BrokerHostname: {get_param: broker_hostname} + $Username: {get_param: username} + $Password: {get_param: password} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $ConcatVersion: {get_param: concat_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + $ControllerIP: {get_param: controller_ip} + $TenantName: {get_param: tenant_name} + $UserName: {get_param: openstack_username} + $OpenStackPassword: {get_param: openstack_password} + + broker_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_broker_name} + flavor: {get_param: broker_flavor} + key_name: {get_resource: ssh_key} + networks: [ + port: {get_resource: broker_port} + ] + user_data: {get_resource: broker_user_data} + user_data_format: RAW + + node_instance_group: + type: OS::Heat::AutoScalingGroup + depends_on: + - router_gateway + - broker_wait_condition + properties: + min_size: 1 + max_size: 4 + resource: + type: {get_param: node_instance_group_template_repo_address} + properties: + metadata: {"metering.group": "node_instance_group"} + private_network: {get_resource: private_network} + private_sub_network: {get_resource: private_sub_network} + ssh_key: {get_resource: ssh_key} + security_group: {get_resource: openshift_origin_security_group} + broker_ip: {get_attr: [broker_instance, first_address]} + broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]} + + scale_up_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: node_instance_group} + cooldown: 60 + scaling_adjustment: 1 + + scale_down_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: node_instance_group} + cooldown: 60 + scaling_adjustment: -1 + + cpu_alarm_high: + type: OS::Ceilometer::Alarm + properties: + description: Scale-up if the average CPU > 80% for 1 minute + meter_name: cpu_util + statistic: avg + period: 60 + evaluation_periods: 1 + threshold: 80 + alarm_actions: + - {get_attr: [scale_up_policy, alarm_url]} + comparison_operator: gt + matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'} + + cpu_alarm_low: + type: OS::Ceilometer::Alarm + properties: + description: Scale-down if the average CPU < 20% for 10 minutes + meter_name: cpu_util + statistic: avg + period: 600 + evaluation_periods: 1 + threshold: 20 + alarm_actions: + - {get_attr: [scale_down_policy, alarm_url]} + comparison_operator: lt + matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'} + + gears_alarm_high: + type: OS::Ceilometer::Alarm + properties: + description: Scale-up if the average number of Gears is > 4 / node for 2 minutes + meter_name: gear + statistic: avg + period: 120 + evaluation_periods: 1 + threshold: 80 + alarm_actions: + - {get_attr: [scale_up_policy, alarm_url]} + comparison_operator: gt + + gears_alarm_low: + type: OS::Ceilometer::Alarm + properties: + description: Scale-down if the average number of Gears is < 1 / node for 10 minutes + meter_name: gear + statistic: avg + period: 600 + evaluation_periods: 1 + threshold: 20 + alarm_actions: + - {get_attr: [scale_down_policy, alarm_url]} + comparison_operator: lt diff --git a/openshift-origin/F19/hot-template/openshift-scalable-cpu/nodeinstance.yaml b/openshift-origin/F19/hot-template/openshift-scalable-cpu/nodeinstance.yaml new file mode 100644 index 00000000..b885292c --- /dev/null +++ b/openshift-origin/F19/hot-template/openshift-scalable-cpu/nodeinstance.yaml @@ -0,0 +1,295 @@ +heat_template_version: 2013-05-23 + +description: Template for setting up an OpenShift Origin environment + +parameters: + prefix: + description: Your DNS Prefix + type: string + default: example.com + upstream_dns: + description: Upstream DNS server + type: string + default: 8.8.8.8 + upstream_ntp: + description: Upstream NTP server + type: string + default: clock.redhat.com + broker_flavor: + description: Flavor of Broker instance + type: string + default: m1.medium + node_flavor: + description: Flavor of Node instance + type: string + default: m1.medium + broker_hostname: + description: Hostname of Broker instance + type: string + default: brokerinstance + node_hostname: + description: Hostname of Node instance + type: string + default: nodeinstance + username: + description: Username for accessing OpenShift Origin + type: string + default: openshift + password: + description: Password for accessing OpenShift Origin + type: string + default: password + public_net_id: + description: External network ID + type: string + private_network_name: + description: Name of the private network wich will be created + type: string + default: OpenShift-Network + private_network_cidr: + description: Private network address (CIDR format) + type: string + default: 10.0.0.0/8 + private_network_gateway: + description: Private network gateway + type: string + default: 10.0.0.1 + private_network_dns: + description: Private network DNS + type: string + default: 8.8.8.8 + private_network_pool_start: + description: Private network pool start + type: string + default: 10.0.0.2 + private_network_pool_end: + description: Private network pool end + type: string + default: 10.255.255.254 + dev_mode: + description: Sets development mode and extra logging. + type: string + default: false + puppet_module_url: + description: Sets the URL to pull the OpenShift Origin Puppet module from. + type: string + default: https://github.com/openshift/puppet-openshift_origin.git + puppet_module_branch: + description: Sets the repo branch to pull the OpenShift Origin Puppet module from. + type: string + default: master + private_network: + description: private network. + type: string + private_sub_network: + description: private sub network. + type: string + security_group: + description: security group. + type: string + broker_ip: + description: broker ip. + type: string + broker_wait_condition_data: + description: broker wait condition data. + type: string + metadata: + type: json + ssh_key: + description: SSHKey created in principal template file + type: string + image_broker_name: + description: Name of the image you have created for the broker with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-broker + image_node_name: + description: Name of the image you have created for the node with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-node + openshift_version: + description: Version of openshift puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - git checkout 722687c + - git checkout master + default: git checkout 722687c + stdlib_version: + description: Version of stdlib puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/stdlib --version 4.3.2 + - puppetlabs/stdlib + default: puppetlabs/stdlib --version 4.3.2 + ntp_version: + description: Version of ntp puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/ntp --version 3.1.2 + - puppetlabs/ntp + default: puppetlabs/ntp --version 3.1.2 + concat_version: + description: Version of concat puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs-concat --version 1.0.4 + - puppetlabs-concat + default: puppetlabs-concat --version 1.0.4 + lokkit_version: + description: Version of lokkit puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - rharrison-lokkit --version 0.5.0 + - rharrison-lokkit + default: rharrison-lokkit --version 0.5.0 + selinux_types_version: + description: Version of selinux_types puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - blentz-selinux_types --version 0.1.0 + - blentz-selinux_types + default: blentz-selinux_types --version 0.1.0 + haproxy_version: + description: Version of haproxy puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/haproxy --version 1.0.0 + - puppetlabs/haproxy + default: puppetlabs/haproxy --version 1.0.0 + keepalived_version: + description: Version of keepalived puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - arioch/keepalived --version 0.1.0 + - arioch/keepalived + default: arioch/keepalived --version 0.1.0 + sysctl_version: + description: Version of sysctl puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - duritong-sysctl --version 0.0.4 + - duritong-sysctl + default: duritong-sysctl --version 0.0.4 + +resources: + + node_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + node_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: node_instance + properties: + Handle: {get_resource: node_wait_handle} + Timeout: 1800 + + node_port: + type: OS::Neutron::Port + properties: + network_id: {get_param: private_network} + fixed_ips: [ + subnet_id: {get_param: private_sub_network} + ] + security_groups: [{get_param: security_group}] + + node_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: node_port} + + node_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'` + export BROKER_IP=$BrokerIP + export NODE_FLOATING_IP=$NodeFloatingIP + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export NODE_WAIT_HANDLE="$NodeWaitHandle" + export HOSTNAME=$NodeHostname + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['node'], + bind_key => '${DNS_SEC_KEY}', + nameserver_ip_addr => '${BROKER_IP}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + broker_hostname => '${BROKER_IP}', + msgserver_hostname => '${BROKER_IP}', + ntp_servers => ['${UPSTREAM_NTP} iburst'], + node_hostname => \$my_hostname, + install_method => 'yum', + jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat', + development_mode => ${DEV_MODE}, + node_ip_addr => '${NODE_FLOATING_IP}', + } + EOF + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $SysctlVersion + puppet module install $LokkitVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE} + setenforce 1 + params: + $BrokerWaitConditionData: {get_param: broker_wait_condition_data} + $BrokerIP: {get_param: broker_ip} + $NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]} + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $NodeWaitHandle: {get_resource: node_wait_handle} + $NodeHostname: {get_param: node_hostname} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $SysctlVersion: {get_param: sysctl_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + + node_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_node_name} + flavor: {get_param: node_flavor} + key_name: {get_param: ssh_key} + networks: [ + port: {get_resource: node_port} + ] + user_data: {get_resource: node_user_data} + user_data_format: RAW + metadata: {get_param: metadata} diff --git a/openshift-origin/F19/hot-template/openshift-scalable-cpu/openshift.yaml b/openshift-origin/F19/hot-template/openshift-scalable-cpu/openshift.yaml new file mode 100644 index 00000000..a360a0b6 --- /dev/null +++ b/openshift-origin/F19/hot-template/openshift-scalable-cpu/openshift.yaml @@ -0,0 +1,467 @@ +heat_template_version: 2013-05-23 + +description: Template for setting up an OpenShift Origin environment + +parameters: + prefix: + description: Your DNS Prefix + type: string + default: example.com + upstream_dns: + description: Upstream DNS server + type: string + default: 8.8.8.8 + upstream_ntp: + description: Upstream NTP server + type: string + default: clock.redhat.com + broker_flavor: + description: Flavor of Broker instance + type: string + default: m1.medium + node_flavor: + description: Flavor of Node instance + type: string + default: m1.medium + broker_hostname: + description: Hostname of Broker instance + type: string + default: brokerinstance + node_hostname: + description: Hostname of Node instance + type: string + default: nodeinstance + username: + description: Username for accessing OpenShift Origin + type: string + default: openshift + password: + description: Password for accessing OpenShift Origin + type: string + default: password + public_net_id: + description: External network ID + type: string + private_network_name: + description: Name of the private network wich will be created + type: string + default: OpenShift-Network + private_network_cidr: + description: Private network address (CIDR format) + type: string + default: 10.0.0.0/8 + private_network_gateway: + description: Private network gateway + type: string + default: 10.0.0.1 + private_network_dns: + description: Private network DNS + type: string + default: 8.8.8.8 + private_network_pool_start: + description: Private network pool start + type: string + default: 10.0.0.2 + private_network_pool_end: + description: Private network pool end + type: string + default: 10.255.255.254 + dev_mode: + description: Sets development mode and extra logging. + type: string + default: false + puppet_module_url: + description: Sets the URL to pull the OpenShift Origin Puppet module from. + type: string + default: https://github.com/openshift/puppet-openshift_origin.git + puppet_module_branch: + description: Sets the repo branch to pull the OpenShift Origin Puppet module from. + type: string + default: master + controller_ip: + description: The IP address of the OpenStack Controller + type: string + default: 192.168.202.101 + tenant_name: + description: The tenant name + type: string + default: admin + openstack_username: + description: Username of your Openstack account + type: string + default: admin + openstack_password: + description: Password of your Openstack account + type: string + default: network + node_instance_group_template_repo_address: + description: Repository address of the NodeInstanceGroup Template + type: string + public_ssh_key: + description: Public key that will be used for SSH connection to instances + type: string + ssh_key_name: + description: SSHKey name + type: string + default: OpenshiftSSHKey + image_broker_name: + description: Name of the image you have created for the broker with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-broker + image_node_name: + description: Name of the image you have created for the node with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-node + openshift_version: + description: Version of openshift puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - git checkout 722687c + - git checkout master + default: git checkout 722687c + stdlib_version: + description: Version of stdlib puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/stdlib --version 4.3.2 + - puppetlabs/stdlib + default: puppetlabs/stdlib --version 4.3.2 + ntp_version: + description: Version of ntp puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/ntp --version 3.1.2 + - puppetlabs/ntp + default: puppetlabs/ntp --version 3.1.2 + concat_version: + description: Version of concat puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs-concat --version 1.0.4 + - puppetlabs-concat + default: puppetlabs-concat --version 1.0.4 + lokkit_version: + description: Version of lokkit puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - rharrison-lokkit --version 0.5.0 + - rharrison-lokkit + default: rharrison-lokkit --version 0.5.0 + selinux_types_version: + description: Version of selinux_types puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - blentz-selinux_types --version 0.1.0 + - blentz-selinux_types + default: blentz-selinux_types --version 0.1.0 + haproxy_version: + description: Version of haproxy puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/haproxy --version 1.0.0 + - puppetlabs/haproxy + default: puppetlabs/haproxy --version 1.0.0 + keepalived_version: + description: Version of keepalived puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - arioch/keepalived --version 0.1.0 + - arioch/keepalived + default: arioch/keepalived --version 0.1.0 + sysctl_version: + description: Version of sysctl puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - duritong-sysctl --version 0.0.4 + - duritong-sysctl + default: duritong-sysctl --version 0.0.4 + +resources: + openshift_origin_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: OpenShift Origin Firewall Rules + rules: [ + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": icmp + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 22, + "port_range_max": 22 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": udp, + "port_range_min": 53, + "port_range_max": 53 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 80, + "port_range_max": 80 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 443, + "port_range_max": 443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8443, + "port_range_max": 8443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8000, + "port_range_max": 8000 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8080, + "port_range_max": 8080 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 61613, + "port_range_max": 61613 + } + ] + + ssh_key: + type: OS::Nova::KeyPair + properties: + name: {get_param: ssh_key_name} + public_key: {get_param: public_ssh_key} + + private_network: + type: OS::Neutron::Net + properties: + name: {get_param: private_network_name} + + private_sub_network: + type: OS::Neutron::Subnet + properties: + network_id: {get_resource: private_network} + cidr: {get_param: private_network_cidr} + gateway_ip: {get_param: private_network_gateway} + dns_nameservers: [ {get_param: private_network_dns} ] + allocation_pools: [{ + "start": {get_param: private_network_pool_start}, + "end": {get_param: private_network_pool_end} + }] + + router: + type: OS::Neutron::Router + + router_gateway: + type: OS::Neutron::RouterGateway + properties: + router_id: {get_resource: router} + network_id: {get_param: public_net_id} + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: {get_resource: router} + subnet_id: {get_resource: private_sub_network} + + broker_port: + type: OS::Neutron::Port + properties: + network_id: {get_resource: private_network} + fixed_ips: [ + subnet_id: {get_resource: private_sub_network} + ] + security_groups: [{get_resource: openshift_origin_security_group}] + + broker_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: broker_port} + + broker_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + broker_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: broker_instance + properties: + Handle: {get_resource: broker_wait_handle} + Timeout: 1800 + + broker_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + /usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix + export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'` + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export BROKER_WAIT_HANDLE="$BrokerWaitHandle" + export HOSTNAME=$BrokerHostname + export USERNAME=$Username + export PASSWORD=$Password + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['broker','nameserver','msgserver','datastore'], + bind_key => '${DNS_SEC_KEY}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'], + ntp_servers => ['${UPSTREAM_NTP} iburst'], + broker_hostname => \$my_hostname, + nameserver_hostname => \$my_hostname, + datastore_hostname => \$my_hostname, + msgserver_hostname => \$my_hostname, + broker_auth_plugin => 'htpasswd', + openshift_user1 => '${USERNAME}', + openshift_password1 => '${PASSWORD}', + development_mode => ${DEV_MODE}, + } + EOF + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $ConcatVersion + puppet module install $LokkitVersion + puppet module install $SelinuxVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE} + chkconfig activemq on + service activemq start + setenforce 1 + params: + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $BrokerWaitHandle: {get_resource: broker_wait_handle} + $BrokerHostname: {get_param: broker_hostname} + $Username: {get_param: username} + $Password: {get_param: password} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $ConcatVersion: {get_param: concat_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + $ControllerIP: {get_param: controller_ip} + $TenantName: {get_param: tenant_name} + $UserName: {get_param: openstack_username} + $OpenStackPassword: {get_param: openstack_password} + + broker_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_broker_name} + flavor: {get_param: broker_flavor} + key_name: {get_resource: ssh_key} + networks: [ + port: {get_resource: broker_port} + ] + user_data: {get_resource: broker_user_data} + user_data_format: RAW + + node_instance_group: + type: OS::Heat::AutoScalingGroup + depends_on: + - router_gateway + - broker_wait_condition + properties: + min_size: 1 + max_size: 4 + resource: + type: {get_param: node_instance_group_template_repo_address} + properties: + metadata: {"metering.group": "node_instance_group"} + private_network: {get_resource: private_network} + private_sub_network: {get_resource: private_sub_network} + ssh_key: {get_resource: ssh_key} + security_group: {get_resource: openshift_origin_security_group} + broker_ip: {get_attr: [broker_instance, first_address]} + broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]} + + scale_up_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: node_instance_group} + cooldown: 60 + scaling_adjustment: 1 + + scale_down_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: node_instance_group} + cooldown: 60 + scaling_adjustment: -1 + + cpu_alarm_high: + type: OS::Ceilometer::Alarm + properties: + description: Scale-up if the average CPU > 80% for 1 minute + meter_name: cpu_util + statistic: avg + period: 60 + evaluation_periods: 1 + threshold: 80 + alarm_actions: + - {get_attr: [scale_up_policy, alarm_url]} + comparison_operator: gt + matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'} + + cpu_alarm_low: + type: OS::Ceilometer::Alarm + properties: + description: Scale-down if the average CPU < 20% for 10 minutes + meter_name: cpu_util + statistic: avg + period: 600 + evaluation_periods: 1 + threshold: 20 + alarm_actions: + - {get_attr: [scale_down_policy, alarm_url]} + comparison_operator: lt + matching_metadata: {'metadata.user_metadata.group': 'node_instance_group'} diff --git a/openshift-origin/F19/hot-template/openshift-scalable-nbgears/nodeinstance.yaml b/openshift-origin/F19/hot-template/openshift-scalable-nbgears/nodeinstance.yaml new file mode 100644 index 00000000..f6423c79 --- /dev/null +++ b/openshift-origin/F19/hot-template/openshift-scalable-nbgears/nodeinstance.yaml @@ -0,0 +1,292 @@ +heat_template_version: 2013-05-23 + +description: Template for setting up an OpenShift Origin environment + +parameters: + prefix: + description: Your DNS Prefix + type: string + default: example.com + upstream_dns: + description: Upstream DNS server + type: string + default: 8.8.8.8 + upstream_ntp: + description: Upstream NTP server + type: string + default: clock.redhat.com + broker_flavor: + description: Flavor of Broker instance + type: string + default: m1.medium + node_flavor: + description: Flavor of Node instance + type: string + default: m1.medium + broker_hostname: + description: Hostname of Broker instance + type: string + default: brokerinstance + node_hostname: + description: Hostname of Node instance + type: string + default: nodeinstance + username: + description: Username for accessing OpenShift Origin + type: string + default: openshift + password: + description: Password for accessing OpenShift Origin + type: string + default: password + public_net_id: + description: External network ID + type: string + private_network_name: + description: Name of the private network wich will be created + type: string + default: OpenShift-Network + private_network_cidr: + description: Private network address (CIDR format) + type: string + default: 10.0.0.0/8 + private_network_gateway: + description: Private network gateway + type: string + default: 10.0.0.1 + private_network_dns: + description: Private network DNS + type: string + default: 8.8.8.8 + private_network_pool_start: + description: Private network pool start + type: string + default: 10.0.0.2 + private_network_pool_end: + description: Private network pool end + type: string + default: 10.255.255.254 + dev_mode: + description: Sets development mode and extra logging. + type: string + default: false + puppet_module_url: + description: Sets the URL to pull the OpenShift Origin Puppet module from. + type: string + default: https://github.com/openshift/puppet-openshift_origin.git + puppet_module_branch: + description: Sets the repo branch to pull the OpenShift Origin Puppet module from. + type: string + default: master + private_network: + description: private network. + type: string + private_sub_network: + description: private sub network. + type: string + security_group: + description: security group. + type: string + broker_ip: + description: broker ip. + type: string + broker_wait_condition_data: + description: broker wait condition data. + type: string + ssh_key: + description: SSHKey created in principal template file + type: string + image_broker_name: + description: Name of the image you have created for the broker with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-broker + image_node_name: + description: Name of the image you have created for the node with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-node + openshift_version: + description: Version of openshift puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - git checkout 722687c + - git checkout master + default: git checkout 722687c + stdlib_version: + description: Version of stdlib puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/stdlib --version 4.3.2 + - puppetlabs/stdlib + default: puppetlabs/stdlib --version 4.3.2 + ntp_version: + description: Version of ntp puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/ntp --version 3.1.2 + - puppetlabs/ntp + default: puppetlabs/ntp --version 3.1.2 + concat_version: + description: Version of concat puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs-concat --version 1.0.4 + - puppetlabs-concat + default: puppetlabs-concat --version 1.0.4 + lokkit_version: + description: Version of lokkit puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - rharrison-lokkit --version 0.5.0 + - rharrison-lokkit + default: rharrison-lokkit --version 0.5.0 + selinux_types_version: + description: Version of selinux_types puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - blentz-selinux_types --version 0.1.0 + - blentz-selinux_types + default: blentz-selinux_types --version 0.1.0 + haproxy_version: + description: Version of haproxy puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/haproxy --version 1.0.0 + - puppetlabs/haproxy + default: puppetlabs/haproxy --version 1.0.0 + keepalived_version: + description: Version of keepalived puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - arioch/keepalived --version 0.1.0 + - arioch/keepalived + default: arioch/keepalived --version 0.1.0 + sysctl_version: + description: Version of sysctl puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - duritong-sysctl --version 0.0.4 + - duritong-sysctl + default: duritong-sysctl --version 0.0.4 + +resources: + + node_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + node_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: node_instance + properties: + Handle: {get_resource: node_wait_handle} + Timeout: 1800 + + node_port: + type: OS::Neutron::Port + properties: + network_id: {get_param: private_network} + fixed_ips: [ + subnet_id: {get_param: private_sub_network} + ] + security_groups: [{get_param: security_group}] + + node_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: node_port} + + node_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'` + export BROKER_IP=$BrokerIP + export NODE_FLOATING_IP=$NodeFloatingIP + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export NODE_WAIT_HANDLE="$NodeWaitHandle" + export HOSTNAME=$NodeHostname + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['node'], + bind_key => '${DNS_SEC_KEY}', + nameserver_ip_addr => '${BROKER_IP}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + broker_hostname => '${BROKER_IP}', + msgserver_hostname => '${BROKER_IP}', + ntp_servers => ['${UPSTREAM_NTP} iburst'], + node_hostname => \$my_hostname, + install_method => 'yum', + jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat', + development_mode => ${DEV_MODE}, + node_ip_addr => '${NODE_FLOATING_IP}', + } + EOF + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $SysctlVersion + puppet module install $LokkitVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE} + setenforce 1 + params: + $BrokerWaitConditionData: {get_param: broker_wait_condition_data} + $BrokerIP: {get_param: broker_ip} + $NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]} + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $NodeWaitHandle: {get_resource: node_wait_handle} + $NodeHostname: {get_param: node_hostname} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $SysctlVersion: {get_param: sysctl_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + + node_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_node_name} + flavor: {get_param: node_flavor} + key_name: {get_param: ssh_key} + networks: [ + port: {get_resource: node_port} + ] + user_data: {get_resource: node_user_data} + user_data_format: RAW diff --git a/openshift-origin/F19/hot-template/openshift-scalable-nbgears/openshift.yaml b/openshift-origin/F19/hot-template/openshift-scalable-nbgears/openshift.yaml new file mode 100644 index 00000000..7182e3d0 --- /dev/null +++ b/openshift-origin/F19/hot-template/openshift-scalable-nbgears/openshift.yaml @@ -0,0 +1,484 @@ +heat_template_version: 2013-05-23 + +description: Template for setting up an OpenShift Origin environment + +parameters: + prefix: + description: Your DNS Prefix + type: string + default: example.com + upstream_dns: + description: Upstream DNS server + type: string + default: 8.8.8.8 + upstream_ntp: + description: Upstream NTP server + type: string + default: clock.redhat.com + broker_flavor: + description: Flavor of Broker instance + type: string + default: m1.medium + node_flavor: + description: Flavor of Node instance + type: string + default: m1.medium + broker_hostname: + description: Hostname of Broker instance + type: string + default: brokerinstance + node_hostname: + description: Hostname of Node instance + type: string + default: nodeinstance + username: + description: Username for accessing OpenShift Origin + type: string + default: openshift + password: + description: Password for accessing OpenShift Origin + type: string + default: password + public_net_id: + description: External network ID + type: string + private_network_name: + description: Name of the private network wich will be created + type: string + default: OpenShift-Network + private_network_cidr: + description: Private network address (CIDR format) + type: string + default: 10.0.0.0/8 + private_network_gateway: + description: Private network gateway + type: string + default: 10.0.0.1 + private_network_dns: + description: Private network DNS + type: string + default: 8.8.8.8 + private_network_pool_start: + description: Private network pool start + type: string + default: 10.0.0.2 + private_network_pool_end: + description: Private network pool end + type: string + default: 10.255.255.254 + dev_mode: + description: Sets development mode and extra logging. + type: string + default: false + puppet_module_url: + description: Sets the URL to pull the OpenShift Origin Puppet module from. + type: string + default: https://github.com/openshift/puppet-openshift_origin.git + puppet_module_branch: + description: Sets the repo branch to pull the OpenShift Origin Puppet module from. + type: string + default: master + controller_ip: + description: The IP address of the OpenStack Controller + type: string + default: 192.168.202.101 + tenant_name: + description: The tenant name + type: string + default: admin + openstack_username: + description: Username of your Openstack account + type: string + default: admin + openstack_password: + description: Password of your Openstack account + type: string + default: network + node_instance_group_template_repo_address: + description: Repository address of the NodeInstanceGroup Template + type: string + public_ssh_key: + description: Public key that will be used for SSH connection to instances + type: string + ssh_key_name: + description: SSHKey name + type: string + default: OpenshiftSSHKey + image_broker_name: + description: Name of the image you have created for the broker with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-broker + image_node_name: + description: Name of the image you have created for the node with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-node + openshift_version: + description: Version of openshift puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - git checkout 722687c + - git checkout master + default: git checkout 722687c + stdlib_version: + description: Version of stdlib puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/stdlib --version 4.3.2 + - puppetlabs/stdlib + default: puppetlabs/stdlib --version 4.3.2 + ntp_version: + description: Version of ntp puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/ntp --version 3.1.2 + - puppetlabs/ntp + default: puppetlabs/ntp --version 3.1.2 + concat_version: + description: Version of concat puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs-concat --version 1.0.4 + - puppetlabs-concat + default: puppetlabs-concat --version 1.0.4 + lokkit_version: + description: Version of lokkit puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - rharrison-lokkit --version 0.5.0 + - rharrison-lokkit + default: rharrison-lokkit --version 0.5.0 + selinux_types_version: + description: Version of selinux_types puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - blentz-selinux_types --version 0.1.0 + - blentz-selinux_types + default: blentz-selinux_types --version 0.1.0 + haproxy_version: + description: Version of haproxy puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/haproxy --version 1.0.0 + - puppetlabs/haproxy + default: puppetlabs/haproxy --version 1.0.0 + keepalived_version: + description: Version of keepalived puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - arioch/keepalived --version 0.1.0 + - arioch/keepalived + default: arioch/keepalived --version 0.1.0 + sysctl_version: + description: Version of sysctl puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - duritong-sysctl --version 0.0.4 + - duritong-sysctl + default: duritong-sysctl --version 0.0.4 + +resources: + openshift_origin_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: OpenShift Origin Firewall Rules + rules: [ + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": icmp + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 22, + "port_range_max": 22 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": udp, + "port_range_min": 53, + "port_range_max": 53 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 80, + "port_range_max": 80 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 443, + "port_range_max": 443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8443, + "port_range_max": 8443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8000, + "port_range_max": 8000 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8080, + "port_range_max": 8080 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 61613, + "port_range_max": 61613 + } + ] + + ssh_key: + type: OS::Nova::KeyPair + properties: + name: {get_param: ssh_key_name} + public_key: {get_param: public_ssh_key} + + private_network: + type: OS::Neutron::Net + properties: + name: {get_param: private_network_name} + + private_sub_network: + type: OS::Neutron::Subnet + properties: + network_id: {get_resource: private_network} + cidr: {get_param: private_network_cidr} + gateway_ip: {get_param: private_network_gateway} + dns_nameservers: [ {get_param: private_network_dns} ] + allocation_pools: [{ + "start": {get_param: private_network_pool_start}, + "end": {get_param: private_network_pool_end} + }] + + router: + type: OS::Neutron::Router + + router_gateway: + type: OS::Neutron::RouterGateway + properties: + router_id: {get_resource: router} + network_id: {get_param: public_net_id} + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: {get_resource: router} + subnet_id: {get_resource: private_sub_network} + + broker_port: + type: OS::Neutron::Port + properties: + network_id: {get_resource: private_network} + fixed_ips: [ + subnet_id: {get_resource: private_sub_network} + ] + security_groups: [{get_resource: openshift_origin_security_group}] + + broker_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: broker_port} + + broker_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + broker_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: broker_instance + properties: + Handle: {get_resource: broker_wait_handle} + Timeout: 1800 + + broker_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + /usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix + export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'` + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export BROKER_WAIT_HANDLE="$BrokerWaitHandle" + export HOSTNAME=$BrokerHostname + export USERNAME=$Username + export PASSWORD=$Password + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['broker','nameserver','msgserver','datastore'], + bind_key => '${DNS_SEC_KEY}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'], + ntp_servers => ['${UPSTREAM_NTP} iburst'], + broker_hostname => \$my_hostname, + nameserver_hostname => \$my_hostname, + datastore_hostname => \$my_hostname, + msgserver_hostname => \$my_hostname, + broker_auth_plugin => 'htpasswd', + openshift_user1 => '${USERNAME}', + openshift_password1 => '${PASSWORD}', + development_mode => ${DEV_MODE}, + } + EOF + cat << EOF > ~/nbGears.sh + #!/bin/bash -x + MEMORY=\$(cat /proc/meminfo | grep "MemTotal:" | cut -d : -f 2 | tr -d ' ' | tr -d 'kB') + GEARS=\$(/usr/sbin/oo-stats | grep "Gears active count" | cut -d : -f 2 | cut -d " " -f 2) + NODES=\$(/usr/sbin/oo-stats | grep "Nodes count" | cut -d : -f 2 | cut -d " " -f 2) + let "GEARSPERNODE=\$MEMORY/512000" + let "RESULT=\$GEARS*100/\$NODES/\$GEARSPERNODE" + curl http://$ControllerIP:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -d '{"auth": {"tenantName": "$TenantName", "passwordCredentials": {"username": "$UserName", "password": "$OpenStackPassword"}}}' > auth_token.dat + TOKEN=\$(awk -F"[,:]" '{for(i=1;i<=NF;i++) + {if(\$i~/id\042/) + {print \$(i+1)} + } + }' auth_token.dat | awk -F'"' '{print \$2; exit}') + curl -X POST -H "X-Auth-Token: \$TOKEN" -H 'Content-Type: application/json' -d '[{"counter_name": "gear", "user_id": "1", "resource_id": "1","counter_unit": "%", "counter_volume":'"\$RESULT"', "project_id": "1", "counter_type": "gauge"}]' http://$ControllerIP:8777/v2/meters/gear + EOF + chmod 744 ~/nbGears.sh + cat << EOF > /etc/cron.d/cronNbGears + * * * * * root ~/nbGears.sh + EOF + /sbin/service crond restart + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $ConcatVersion + puppet module install $LokkitVersion + puppet module install $SelinuxVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE} + chkconfig activemq on + service activemq start + setenforce 1 + params: + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $BrokerWaitHandle: {get_resource: broker_wait_handle} + $BrokerHostname: {get_param: broker_hostname} + $Username: {get_param: username} + $Password: {get_param: password} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $ConcatVersion: {get_param: concat_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + $ControllerIP: {get_param: controller_ip} + $TenantName: {get_param: tenant_name} + $UserName: {get_param: openstack_username} + $OpenStackPassword: {get_param: openstack_password} + + broker_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_broker_name} + flavor: {get_param: broker_flavor} + key_name: {get_resource: ssh_key} + networks: [ + port: {get_resource: broker_port} + ] + user_data: {get_resource: broker_user_data} + user_data_format: RAW + + node_instance_group: + type: OS::Heat::AutoScalingGroup + depends_on: + - router_gateway + - broker_wait_condition + properties: + min_size: 1 + max_size: 4 + resource: + type: {get_param: node_instance_group_template_repo_address} + properties: + private_network: {get_resource: private_network} + private_sub_network: {get_resource: private_sub_network} + ssh_key: {get_resource: ssh_key} + security_group: {get_resource: openshift_origin_security_group} + broker_ip: {get_attr: [broker_instance, first_address]} + broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]} + + scale_up_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: node_instance_group} + cooldown: 60 + scaling_adjustment: 1 + + scale_down_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: node_instance_group} + cooldown: 60 + scaling_adjustment: -1 + + gears_alarm_high: + type: OS::Ceilometer::Alarm + properties: + description: Scale-up if the average number of Gears is > 4 / node for 2 minutes + meter_name: gear + statistic: avg + period: 120 + evaluation_periods: 1 + threshold: 80 + alarm_actions: + - {get_attr: [scale_up_policy, alarm_url]} + comparison_operator: gt + + gears_alarm_low: + type: OS::Ceilometer::Alarm + properties: + description: Scale-down if the average number of Gears is < 1 / node for 10 minutes + meter_name: gear + statistic: avg + period: 600 + evaluation_periods: 1 + threshold: 20 + alarm_actions: + - {get_attr: [scale_down_policy, alarm_url]} + comparison_operator: lt diff --git a/openshift-origin/F19/hot-template/openshift/openshift.yaml b/openshift-origin/F19/hot-template/openshift/openshift.yaml new file mode 100644 index 00000000..fccb70c2 --- /dev/null +++ b/openshift-origin/F19/hot-template/openshift/openshift.yaml @@ -0,0 +1,493 @@ +heat_template_version: 2013-05-23 + +description: Template for setting up an OpenShift Origin environment + +parameters: + prefix: + description: Your DNS Prefix + type: string + default: example.com + upstream_dns: + description: Upstream DNS server + type: string + default: 8.8.8.8 + upstream_ntp: + description: Upstream NTP server + type: string + default: clock.redhat.com + broker_flavor: + description: Flavor of Broker instance + type: string + default: m1.medium + node_flavor: + description: Flavor of Node instance + type: string + default: m1.medium + broker_hostname: + description: Hostname of Broker instance + type: string + default: brokerinstance + node_hostname: + description: Hostname of Node instance + type: string + default: nodeinstance + username: + description: Username for accessing OpenShift Origin + type: string + default: openshift + password: + description: Password for accessing OpenShift Origin + type: string + default: password + public_net_id: + description: External network ID + type: string + private_network_name: + description: Name of the private network wich will be created + type: string + default: OpenShift-Network + private_network_cidr: + description: Private network address (CIDR format) + type: string + default: 10.0.0.0/8 + private_network_gateway: + description: Private network gateway + type: string + default: 10.0.0.1 + private_network_dns: + description: Private network DNS + type: string + default: 8.8.8.8 + private_network_pool_start: + description: Private network pool start + type: string + default: 10.0.0.2 + private_network_pool_end: + description: Private network pool end + type: string + default: 10.255.255.254 + dev_mode: + description: Sets development mode and extra logging. + type: string + default: false + puppet_module_url: + description: Sets the URL to pull the OpenShift Origin Puppet module from. + type: string + default: https://github.com/openshift/puppet-openshift_origin.git + puppet_module_branch: + description: Sets the repo branch to pull the OpenShift Origin Puppet module from. + type: string + default: master + public_ssh_key: + description: Public key that will be used for SSH connection to instances + type: string + ssh_key_name: + description: SSHKey name + type: string + default: OpenshiftSSHKey + image_broker_name: + description: Name of the image you have created for the broker with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-broker + image_node_name: + description: Name of the image you have created for the node with diskimage-builder + type: string + default: F19-x86_64-openshift-origin-node + openshift_version: + description: Version of openshift puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - git checkout 722687c + - git checkout master + default: git checkout 722687c + stdlib_version: + description: Version of stdlib puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/stdlib --version 4.3.2 + - puppetlabs/stdlib + default: puppetlabs/stdlib --version 4.3.2 + ntp_version: + description: Version of ntp puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/ntp --version 3.1.2 + - puppetlabs/ntp + default: puppetlabs/ntp --version 3.1.2 + concat_version: + description: Version of concat puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs-concat --version 1.0.4 + - puppetlabs-concat + default: puppetlabs-concat --version 1.0.4 + lokkit_version: + description: Version of lokkit puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - rharrison-lokkit --version 0.5.0 + - rharrison-lokkit + default: rharrison-lokkit --version 0.5.0 + selinux_types_version: + description: Version of selinux_types puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - blentz-selinux_types --version 0.1.0 + - blentz-selinux_types + default: blentz-selinux_types --version 0.1.0 + haproxy_version: + description: Version of haproxy puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - puppetlabs/haproxy --version 1.0.0 + - puppetlabs/haproxy + default: puppetlabs/haproxy --version 1.0.0 + keepalived_version: + description: Version of keepalived puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - arioch/keepalived --version 0.1.0 + - arioch/keepalived + default: arioch/keepalived --version 0.1.0 + sysctl_version: + description: Version of sysctl puppet module, leave the default value if you want to use a production version + type: string + constraints: + - allowed_values: + - duritong-sysctl --version 0.0.4 + - duritong-sysctl + default: duritong-sysctl --version 0.0.4 + +resources: + openshift_origin_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: OpenShift Origin Firewall Rules + rules: [ + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": icmp + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 22, + "port_range_max": 22 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": udp, + "port_range_min": 53, + "port_range_max": 53 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 80, + "port_range_max": 80 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 443, + "port_range_max": 443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8443, + "port_range_max": 8443 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8000, + "port_range_max": 8000 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 8080, + "port_range_max": 8080 + }, + { + "remote_ip_prefix": 0.0.0.0/0, + "protocol": tcp, + "port_range_min": 61613, + "port_range_max": 61613 + } + ] + + ssh_key: + type: OS::Nova::KeyPair + properties: + name: {get_param: ssh_key_name} + public_key: {get_param: public_ssh_key} + + private_network: + type: OS::Neutron::Net + properties: + name: {get_param: private_network_name} + + private_sub_network: + type: OS::Neutron::Subnet + properties: + network_id: {get_resource: private_network} + cidr: {get_param: private_network_cidr} + gateway_ip: {get_param: private_network_gateway} + dns_nameservers: [ {get_param: private_network_dns} ] + allocation_pools: [{ + "start": {get_param: private_network_pool_start}, + "end": {get_param: private_network_pool_end} + }] + + router: + type: OS::Neutron::Router + + router_gateway: + type: OS::Neutron::RouterGateway + properties: + router_id: {get_resource: router} + network_id: {get_param: public_net_id} + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: {get_resource: router} + subnet_id: {get_resource: private_sub_network} + + broker_port: + type: OS::Neutron::Port + properties: + network_id: {get_resource: private_network} + fixed_ips: [ + subnet_id: {get_resource: private_sub_network} + ] + security_groups: [{get_resource: openshift_origin_security_group}] + + broker_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: broker_port} + + broker_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + broker_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: broker_instance + properties: + Handle: {get_resource: broker_wait_handle} + Timeout: 1800 + + broker_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + /usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix + export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'` + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export BROKER_WAIT_HANDLE="$BrokerWaitHandle" + export HOSTNAME=$BrokerHostname + export USERNAME=$Username + export PASSWORD=$Password + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['broker','nameserver','msgserver','datastore'], + bind_key => '${DNS_SEC_KEY}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'], + ntp_servers => ['${UPSTREAM_NTP} iburst'], + broker_hostname => \$my_hostname, + nameserver_hostname => \$my_hostname, + datastore_hostname => \$my_hostname, + msgserver_hostname => \$my_hostname, + broker_auth_plugin => 'htpasswd', + openshift_user1 => '${USERNAME}', + openshift_password1 => '${PASSWORD}', + development_mode => ${DEV_MODE}, + } + EOF + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $ConcatVersion + puppet module install $LokkitVersion + puppet module install $SelinuxVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE} + chkconfig activemq on + service activemq start + setenforce 1 + params: + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $BrokerWaitHandle: {get_resource: broker_wait_handle} + $BrokerHostname: {get_param: broker_hostname} + $Username: {get_param: username} + $Password: {get_param: password} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $ConcatVersion: {get_param: concat_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + + broker_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_broker_name} + flavor: {get_param: broker_flavor} + key_name: {get_resource: ssh_key} + networks: [ + port: {get_resource: broker_port} + ] + user_data: {get_resource: broker_user_data} + user_data_format: RAW + + node_port: + type: OS::Neutron::Port + properties: + network_id: {get_resource: private_network} + fixed_ips: [ + subnet_id: {get_resource: private_sub_network} + ] + security_groups: [{get_resource: openshift_origin_security_group}] + + node_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: {get_param: public_net_id} + port_id: {get_resource: node_port} + + node_wait_handle: + type: AWS::CloudFormation::WaitConditionHandle + + node_wait_condition: + type: AWS::CloudFormation::WaitCondition + depends_on: node_instance + properties: + Handle: {get_resource: node_wait_handle} + Timeout: 1800 + + node_user_data: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -x + export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'` + export BROKER_IP=$BrokerIP + export NODE_FLOATING_IP=$NodeFloatingIP + export PREFIX=$Prefix + export UPSTREAM_DNS=$UpstreamDNS + export UPSTREAM_NTP=$UpstreamNTP + export NODE_WAIT_HANDLE="$NodeWaitHandle" + export HOSTNAME=$NodeHostname + export DEV_MODE=$DevMode + export PUPPET_MODULE_URL=$PuppetURL + export PUPPET_MODULE_BRANCH=$PuppetBranch + cat << EOF > /root/configure.pp + \$my_hostname="${HOSTNAME}.${PREFIX}" + exec { "set hostname": + command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" + } + class { 'openshift_origin' : + roles => ['node'], + bind_key => '${DNS_SEC_KEY}', + nameserver_ip_addr => '${BROKER_IP}', + domain => '${PREFIX}', + register_host_with_nameserver => true, + broker_hostname => '${BROKER_IP}', + msgserver_hostname => '${BROKER_IP}', + ntp_servers => ['${UPSTREAM_NTP} iburst'], + node_hostname => \$my_hostname, + install_method => 'yum', + jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat', + development_mode => ${DEV_MODE}, + node_ip_addr => '${NODE_FLOATING_IP}', + } + EOF + mkdir -p /etc/puppet/modules + git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin + cd /etc/puppet/modules/openshift_origin + $OpenShiftVersion + puppet module install $StdlibVersion + puppet module install $NtpVersion + puppet module install $SysctlVersion + puppet module install $LokkitVersion + puppet module install $HaproxyVersion + puppet module install $KeepalivedVersion + puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log + setenforce 0 + /opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE} + setenforce 1 + params: + $BrokerWaitConditionData: {get_attr: [broker_wait_condition, Data]} + $BrokerIP: {get_attr: [broker_instance, first_address]} + $NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]} + $Prefix: {get_param: prefix} + $UpstreamDNS: {get_param: upstream_dns} + $UpstreamNTP: {get_param: upstream_ntp} + $NodeWaitHandle: {get_resource: node_wait_handle} + $NodeHostname: {get_param: node_hostname} + $DevMode: {get_param: dev_mode} + $PuppetURL: {get_param: puppet_module_url} + $PuppetBranch: {get_param: puppet_module_branch} + $OpenShiftVersion: {get_param: openshift_version} + $StdlibVersion: {get_param: stdlib_version} + $NtpVersion: {get_param: ntp_version} + $SysctlVersion: {get_param: sysctl_version} + $LokkitVersion: {get_param: lokkit_version} + $SelinuxVersion: {get_param: selinux_types_version} + $HaproxyVersion: {get_param: haproxy_version} + $KeepalivedVersion: {get_param: keepalived_version} + + node_instance: + type: OS::Nova::Server + properties: + image: {get_param: image_node_name} + flavor: {get_param: node_flavor} + key_name: {get_resource: ssh_key} + networks: [ + port: {get_resource: node_port} + ] + user_data: {get_resource: node_user_data} + user_data_format: RAW