494 lines
18 KiB
YAML
494 lines
18 KiB
YAML
heat_template_version: 2013-05-23
|
|
|
|
description: Template for setting up an OpenShift Origin environment
|
|
|
|
parameters:
|
|
prefix:
|
|
description: Your DNS Prefix
|
|
type: string
|
|
default: example.com
|
|
upstream_dns:
|
|
description: Upstream DNS server
|
|
type: string
|
|
default: 8.8.8.8
|
|
upstream_ntp:
|
|
description: Upstream NTP server
|
|
type: string
|
|
default: clock.redhat.com
|
|
broker_flavor:
|
|
description: Flavor of Broker instance
|
|
type: string
|
|
default: m1.medium
|
|
node_flavor:
|
|
description: Flavor of Node instance
|
|
type: string
|
|
default: m1.medium
|
|
broker_hostname:
|
|
description: Hostname of Broker instance
|
|
type: string
|
|
default: brokerinstance
|
|
node_hostname:
|
|
description: Hostname of Node instance
|
|
type: string
|
|
default: nodeinstance
|
|
username:
|
|
description: Username for accessing OpenShift Origin
|
|
type: string
|
|
default: openshift
|
|
password:
|
|
description: Password for accessing OpenShift Origin
|
|
type: string
|
|
default: password
|
|
public_net_id:
|
|
description: External network ID
|
|
type: string
|
|
private_network_name:
|
|
description: Name of the private network wich will be created
|
|
type: string
|
|
default: OpenShift-Network
|
|
private_network_cidr:
|
|
description: Private network address (CIDR format)
|
|
type: string
|
|
default: 10.0.0.0/8
|
|
private_network_gateway:
|
|
description: Private network gateway
|
|
type: string
|
|
default: 10.0.0.1
|
|
private_network_dns:
|
|
description: Private network DNS
|
|
type: string
|
|
default: 8.8.8.8
|
|
private_network_pool_start:
|
|
description: Private network pool start
|
|
type: string
|
|
default: 10.0.0.2
|
|
private_network_pool_end:
|
|
description: Private network pool end
|
|
type: string
|
|
default: 10.255.255.254
|
|
dev_mode:
|
|
description: Sets development mode and extra logging.
|
|
type: string
|
|
default: false
|
|
puppet_module_url:
|
|
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
|
type: string
|
|
default: https://github.com/openshift/puppet-openshift_origin.git
|
|
puppet_module_branch:
|
|
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
|
type: string
|
|
default: master
|
|
public_ssh_key:
|
|
description: Public key that will be used for SSH connection to instances
|
|
type: string
|
|
ssh_key_name:
|
|
description: SSHKey name
|
|
type: string
|
|
default: OpenshiftSSHKey
|
|
image_broker_name:
|
|
description: Name of the image you have created for the broker with diskimage-builder
|
|
type: string
|
|
default: F19-x86_64-openshift-origin-broker
|
|
image_node_name:
|
|
description: Name of the image you have created for the node with diskimage-builder
|
|
type: string
|
|
default: F19-x86_64-openshift-origin-node
|
|
openshift_version:
|
|
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- git checkout 722687c
|
|
- git checkout master
|
|
default: git checkout 722687c
|
|
stdlib_version:
|
|
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs/stdlib --version 4.3.2
|
|
- puppetlabs/stdlib
|
|
default: puppetlabs/stdlib --version 4.3.2
|
|
ntp_version:
|
|
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs/ntp --version 3.1.2
|
|
- puppetlabs/ntp
|
|
default: puppetlabs/ntp --version 3.1.2
|
|
concat_version:
|
|
description: Version of concat puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs-concat --version 1.0.4
|
|
- puppetlabs-concat
|
|
default: puppetlabs-concat --version 1.0.4
|
|
lokkit_version:
|
|
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- rharrison-lokkit --version 0.5.0
|
|
- rharrison-lokkit
|
|
default: rharrison-lokkit --version 0.5.0
|
|
selinux_types_version:
|
|
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- blentz-selinux_types --version 0.1.0
|
|
- blentz-selinux_types
|
|
default: blentz-selinux_types --version 0.1.0
|
|
haproxy_version:
|
|
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs/haproxy --version 1.0.0
|
|
- puppetlabs/haproxy
|
|
default: puppetlabs/haproxy --version 1.0.0
|
|
keepalived_version:
|
|
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- arioch/keepalived --version 0.1.0
|
|
- arioch/keepalived
|
|
default: arioch/keepalived --version 0.1.0
|
|
sysctl_version:
|
|
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- duritong-sysctl --version 0.0.4
|
|
- duritong-sysctl
|
|
default: duritong-sysctl --version 0.0.4
|
|
|
|
resources:
|
|
openshift_origin_security_group:
|
|
type: OS::Neutron::SecurityGroup
|
|
properties:
|
|
description: OpenShift Origin Firewall Rules
|
|
rules: [
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": icmp
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 22,
|
|
"port_range_max": 22
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": udp,
|
|
"port_range_min": 53,
|
|
"port_range_max": 53
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 80,
|
|
"port_range_max": 80
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 443,
|
|
"port_range_max": 443
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 8443,
|
|
"port_range_max": 8443
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 8000,
|
|
"port_range_max": 8000
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 8080,
|
|
"port_range_max": 8080
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 61613,
|
|
"port_range_max": 61613
|
|
}
|
|
]
|
|
|
|
ssh_key:
|
|
type: OS::Nova::KeyPair
|
|
properties:
|
|
name: {get_param: ssh_key_name}
|
|
public_key: {get_param: public_ssh_key}
|
|
|
|
private_network:
|
|
type: OS::Neutron::Net
|
|
properties:
|
|
name: {get_param: private_network_name}
|
|
|
|
private_sub_network:
|
|
type: OS::Neutron::Subnet
|
|
properties:
|
|
network_id: {get_resource: private_network}
|
|
cidr: {get_param: private_network_cidr}
|
|
gateway_ip: {get_param: private_network_gateway}
|
|
dns_nameservers: [ {get_param: private_network_dns} ]
|
|
allocation_pools: [{
|
|
"start": {get_param: private_network_pool_start},
|
|
"end": {get_param: private_network_pool_end}
|
|
}]
|
|
|
|
router:
|
|
type: OS::Neutron::Router
|
|
|
|
router_gateway:
|
|
type: OS::Neutron::RouterGateway
|
|
properties:
|
|
router_id: {get_resource: router}
|
|
network_id: {get_param: public_net_id}
|
|
|
|
router_interface:
|
|
type: OS::Neutron::RouterInterface
|
|
properties:
|
|
router_id: {get_resource: router}
|
|
subnet_id: {get_resource: private_sub_network}
|
|
|
|
broker_port:
|
|
type: OS::Neutron::Port
|
|
properties:
|
|
network_id: {get_resource: private_network}
|
|
fixed_ips: [
|
|
subnet_id: {get_resource: private_sub_network}
|
|
]
|
|
security_groups: [{get_resource: openshift_origin_security_group}]
|
|
|
|
broker_floating_ip:
|
|
type: OS::Neutron::FloatingIP
|
|
properties:
|
|
floating_network_id: {get_param: public_net_id}
|
|
port_id: {get_resource: broker_port}
|
|
|
|
broker_wait_handle:
|
|
type: AWS::CloudFormation::WaitConditionHandle
|
|
|
|
broker_wait_condition:
|
|
type: AWS::CloudFormation::WaitCondition
|
|
depends_on: broker_instance
|
|
properties:
|
|
Handle: {get_resource: broker_wait_handle}
|
|
Timeout: 1800
|
|
|
|
broker_user_data:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config:
|
|
str_replace:
|
|
template: |
|
|
#!/bin/bash -x
|
|
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
|
|
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
|
|
export PREFIX=$Prefix
|
|
export UPSTREAM_DNS=$UpstreamDNS
|
|
export UPSTREAM_NTP=$UpstreamNTP
|
|
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
|
|
export HOSTNAME=$BrokerHostname
|
|
export USERNAME=$Username
|
|
export PASSWORD=$Password
|
|
export DEV_MODE=$DevMode
|
|
export PUPPET_MODULE_URL=$PuppetURL
|
|
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
|
cat << EOF > /root/configure.pp
|
|
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
|
exec { "set hostname":
|
|
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
|
}
|
|
class { 'openshift_origin' :
|
|
roles => ['broker','nameserver','msgserver','datastore'],
|
|
bind_key => '${DNS_SEC_KEY}',
|
|
domain => '${PREFIX}',
|
|
register_host_with_nameserver => true,
|
|
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
|
|
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
|
broker_hostname => \$my_hostname,
|
|
nameserver_hostname => \$my_hostname,
|
|
datastore_hostname => \$my_hostname,
|
|
msgserver_hostname => \$my_hostname,
|
|
broker_auth_plugin => 'htpasswd',
|
|
openshift_user1 => '${USERNAME}',
|
|
openshift_password1 => '${PASSWORD}',
|
|
development_mode => ${DEV_MODE},
|
|
}
|
|
EOF
|
|
mkdir -p /etc/puppet/modules
|
|
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
|
cd /etc/puppet/modules/openshift_origin
|
|
$OpenShiftVersion
|
|
puppet module install $StdlibVersion
|
|
puppet module install $NtpVersion
|
|
puppet module install $ConcatVersion
|
|
puppet module install $LokkitVersion
|
|
puppet module install $SelinuxVersion
|
|
puppet module install $HaproxyVersion
|
|
puppet module install $KeepalivedVersion
|
|
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
|
setenforce 0
|
|
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
|
|
chkconfig activemq on
|
|
service activemq start
|
|
setenforce 1
|
|
params:
|
|
$Prefix: {get_param: prefix}
|
|
$UpstreamDNS: {get_param: upstream_dns}
|
|
$UpstreamNTP: {get_param: upstream_ntp}
|
|
$BrokerWaitHandle: {get_resource: broker_wait_handle}
|
|
$BrokerHostname: {get_param: broker_hostname}
|
|
$Username: {get_param: username}
|
|
$Password: {get_param: password}
|
|
$DevMode: {get_param: dev_mode}
|
|
$PuppetURL: {get_param: puppet_module_url}
|
|
$PuppetBranch: {get_param: puppet_module_branch}
|
|
$OpenShiftVersion: {get_param: openshift_version}
|
|
$StdlibVersion: {get_param: stdlib_version}
|
|
$NtpVersion: {get_param: ntp_version}
|
|
$ConcatVersion: {get_param: concat_version}
|
|
$LokkitVersion: {get_param: lokkit_version}
|
|
$SelinuxVersion: {get_param: selinux_types_version}
|
|
$HaproxyVersion: {get_param: haproxy_version}
|
|
$KeepalivedVersion: {get_param: keepalived_version}
|
|
|
|
broker_instance:
|
|
type: OS::Nova::Server
|
|
properties:
|
|
image: {get_param: image_broker_name}
|
|
flavor: {get_param: broker_flavor}
|
|
key_name: {get_resource: ssh_key}
|
|
networks: [
|
|
port: {get_resource: broker_port}
|
|
]
|
|
user_data: {get_resource: broker_user_data}
|
|
user_data_format: RAW
|
|
|
|
node_port:
|
|
type: OS::Neutron::Port
|
|
properties:
|
|
network_id: {get_resource: private_network}
|
|
fixed_ips: [
|
|
subnet_id: {get_resource: private_sub_network}
|
|
]
|
|
security_groups: [{get_resource: openshift_origin_security_group}]
|
|
|
|
node_floating_ip:
|
|
type: OS::Neutron::FloatingIP
|
|
properties:
|
|
floating_network_id: {get_param: public_net_id}
|
|
port_id: {get_resource: node_port}
|
|
|
|
node_wait_handle:
|
|
type: AWS::CloudFormation::WaitConditionHandle
|
|
|
|
node_wait_condition:
|
|
type: AWS::CloudFormation::WaitCondition
|
|
depends_on: node_instance
|
|
properties:
|
|
Handle: {get_resource: node_wait_handle}
|
|
Timeout: 1800
|
|
|
|
node_user_data:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config:
|
|
str_replace:
|
|
template: |
|
|
#!/bin/bash -x
|
|
export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'`
|
|
export BROKER_IP=$BrokerIP
|
|
export NODE_FLOATING_IP=$NodeFloatingIP
|
|
export PREFIX=$Prefix
|
|
export UPSTREAM_DNS=$UpstreamDNS
|
|
export UPSTREAM_NTP=$UpstreamNTP
|
|
export NODE_WAIT_HANDLE="$NodeWaitHandle"
|
|
export HOSTNAME=$NodeHostname
|
|
export DEV_MODE=$DevMode
|
|
export PUPPET_MODULE_URL=$PuppetURL
|
|
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
|
cat << EOF > /root/configure.pp
|
|
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
|
exec { "set hostname":
|
|
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
|
}
|
|
class { 'openshift_origin' :
|
|
roles => ['node'],
|
|
bind_key => '${DNS_SEC_KEY}',
|
|
nameserver_ip_addr => '${BROKER_IP}',
|
|
domain => '${PREFIX}',
|
|
register_host_with_nameserver => true,
|
|
broker_hostname => '${BROKER_IP}',
|
|
msgserver_hostname => '${BROKER_IP}',
|
|
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
|
node_hostname => \$my_hostname,
|
|
install_method => 'yum',
|
|
jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',
|
|
development_mode => ${DEV_MODE},
|
|
node_ip_addr => '${NODE_FLOATING_IP}',
|
|
}
|
|
EOF
|
|
mkdir -p /etc/puppet/modules
|
|
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
|
cd /etc/puppet/modules/openshift_origin
|
|
$OpenShiftVersion
|
|
puppet module install $StdlibVersion
|
|
puppet module install $NtpVersion
|
|
puppet module install $SysctlVersion
|
|
puppet module install $LokkitVersion
|
|
puppet module install $HaproxyVersion
|
|
puppet module install $KeepalivedVersion
|
|
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
|
setenforce 0
|
|
/opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE}
|
|
setenforce 1
|
|
params:
|
|
$BrokerWaitConditionData: {get_attr: [broker_wait_condition, Data]}
|
|
$BrokerIP: {get_attr: [broker_instance, first_address]}
|
|
$NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]}
|
|
$Prefix: {get_param: prefix}
|
|
$UpstreamDNS: {get_param: upstream_dns}
|
|
$UpstreamNTP: {get_param: upstream_ntp}
|
|
$NodeWaitHandle: {get_resource: node_wait_handle}
|
|
$NodeHostname: {get_param: node_hostname}
|
|
$DevMode: {get_param: dev_mode}
|
|
$PuppetURL: {get_param: puppet_module_url}
|
|
$PuppetBranch: {get_param: puppet_module_branch}
|
|
$OpenShiftVersion: {get_param: openshift_version}
|
|
$StdlibVersion: {get_param: stdlib_version}
|
|
$NtpVersion: {get_param: ntp_version}
|
|
$SysctlVersion: {get_param: sysctl_version}
|
|
$LokkitVersion: {get_param: lokkit_version}
|
|
$SelinuxVersion: {get_param: selinux_types_version}
|
|
$HaproxyVersion: {get_param: haproxy_version}
|
|
$KeepalivedVersion: {get_param: keepalived_version}
|
|
|
|
node_instance:
|
|
type: OS::Nova::Server
|
|
properties:
|
|
image: {get_param: image_node_name}
|
|
flavor: {get_param: node_flavor}
|
|
key_name: {get_resource: ssh_key}
|
|
networks: [
|
|
port: {get_resource: node_port}
|
|
]
|
|
user_data: {get_resource: node_user_data}
|
|
user_data_format: RAW
|