openstack
/
heat-templates
Code Issues Proposed changes
heat-templates/openshift-origin/F19/hot-template/openshift/openshift.yaml

494 lines
18 KiB
YAML
Raw Blame History

heat_template_version: 2013-05-23
description: Template for setting up an OpenShift Origin environment
parameters:
prefix:
description: Your DNS Prefix
type: string
default: example.com
upstream_dns:
description: Upstream DNS server
type: string
default: 8.8.8.8
upstream_ntp:
description: Upstream NTP server
type: string
default: clock.redhat.com
broker_flavor:
description: Flavor of Broker instance
type: string
default: m1.medium
node_flavor:
description: Flavor of Node instance
type: string
default: m1.medium
broker_hostname:
description: Hostname of Broker instance
type: string
default: brokerinstance
node_hostname:
description: Hostname of Node instance
type: string
default: nodeinstance
username:
description: Username for accessing OpenShift Origin
type: string
default: openshift
password:
description: Password for accessing OpenShift Origin
type: string
default: password
public_net_id:
description: External network ID
type: string
private_network_name:
description: Name of the private network wich will be created
type: string
default: OpenShift-Network
private_network_cidr:
description: Private network address (CIDR format)
type: string
default: 10.0.0.0/8
private_network_gateway:
description: Private network gateway
type: string
default: 10.0.0.1
private_network_dns:
description: Private network DNS
type: string
default: 8.8.8.8
private_network_pool_start:
description: Private network pool start
type: string
default: 10.0.0.2
private_network_pool_end:
description: Private network pool end
type: string
default: 10.255.255.254
dev_mode:
description: Sets development mode and extra logging.
type: string
default: false
puppet_module_url:
description: Sets the URL to pull the OpenShift Origin Puppet module from.
type: string
default: https://github.com/openshift/puppet-openshift_origin.git
puppet_module_branch:
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
type: string
default: master
public_ssh_key:
description: Public key that will be used for SSH connection to instances
type: string
ssh_key_name:
description: SSHKey name
type: string
default: OpenshiftSSHKey
image_broker_name:
description: Name of the image you have created for the broker with diskimage-builder
type: string
default: F19-x86_64-openshift-origin-broker
image_node_name:
description: Name of the image you have created for the node with diskimage-builder
type: string
default: F19-x86_64-openshift-origin-node
openshift_version:
description: Version of openshift puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- git checkout 722687c
- git checkout master
default: git checkout 722687c
stdlib_version:
description: Version of stdlib puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs/stdlib --version 4.3.2
- puppetlabs/stdlib
default: puppetlabs/stdlib --version 4.3.2
ntp_version:
description: Version of ntp puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs/ntp --version 3.1.2
- puppetlabs/ntp
default: puppetlabs/ntp --version 3.1.2
concat_version:
description: Version of concat puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs-concat --version 1.0.4
- puppetlabs-concat
default: puppetlabs-concat --version 1.0.4
lokkit_version:
description: Version of lokkit puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- rharrison-lokkit --version 0.5.0
- rharrison-lokkit
default: rharrison-lokkit --version 0.5.0
selinux_types_version:
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- blentz-selinux_types --version 0.1.0
- blentz-selinux_types
default: blentz-selinux_types --version 0.1.0
haproxy_version:
description: Version of haproxy puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs/haproxy --version 1.0.0
- puppetlabs/haproxy
default: puppetlabs/haproxy --version 1.0.0
keepalived_version:
description: Version of keepalived puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- arioch/keepalived --version 0.1.0
- arioch/keepalived
default: arioch/keepalived --version 0.1.0
sysctl_version:
description: Version of sysctl puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- duritong-sysctl --version 0.0.4
- duritong-sysctl
default: duritong-sysctl --version 0.0.4
resources:
openshift_origin_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: OpenShift Origin Firewall Rules
rules: [
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": icmp
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 22,
"port_range_max": 22
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": udp,
"port_range_min": 53,
"port_range_max": 53
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 80,
"port_range_max": 80
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 443,
"port_range_max": 443
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 8443,
"port_range_max": 8443
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 8000,
"port_range_max": 8000
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 8080,
"port_range_max": 8080
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 61613,
"port_range_max": 61613
}
]
ssh_key:
type: OS::Nova::KeyPair
properties:
name: {get_param: ssh_key_name}
public_key: {get_param: public_ssh_key}
private_network:
type: OS::Neutron::Net
properties:
name: {get_param: private_network_name}
private_sub_network:
type: OS::Neutron::Subnet
properties:
network_id: {get_resource: private_network}
cidr: {get_param: private_network_cidr}
gateway_ip: {get_param: private_network_gateway}
dns_nameservers: [ {get_param: private_network_dns} ]
allocation_pools: [{
"start": {get_param: private_network_pool_start},
"end": {get_param: private_network_pool_end}
}]
router:
type: OS::Neutron::Router
router_gateway:
type: OS::Neutron::RouterGateway
properties:
router_id: {get_resource: router}
network_id: {get_param: public_net_id}
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: {get_resource: router}
subnet_id: {get_resource: private_sub_network}
broker_port:
type: OS::Neutron::Port
properties:
network_id: {get_resource: private_network}
fixed_ips: [
subnet_id: {get_resource: private_sub_network}
]
security_groups: [{get_resource: openshift_origin_security_group}]
broker_floating_ip:
type: OS::Neutron::FloatingIP
properties:
floating_network_id: {get_param: public_net_id}
port_id: {get_resource: broker_port}
broker_wait_handle:
type: AWS::CloudFormation::WaitConditionHandle
broker_wait_condition:
type: AWS::CloudFormation::WaitCondition
depends_on: broker_instance
properties:
Handle: {get_resource: broker_wait_handle}
Timeout: 1800
broker_user_data:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: |
#!/bin/bash -x
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
export PREFIX=$Prefix
export UPSTREAM_DNS=$UpstreamDNS
export UPSTREAM_NTP=$UpstreamNTP
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
export HOSTNAME=$BrokerHostname
export USERNAME=$Username
export PASSWORD=$Password
export DEV_MODE=$DevMode
export PUPPET_MODULE_URL=$PuppetURL
export PUPPET_MODULE_BRANCH=$PuppetBranch
cat << EOF > /root/configure.pp
\$my_hostname="${HOSTNAME}.${PREFIX}"
exec { "set hostname":
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
}
class { 'openshift_origin' :
roles => ['broker','nameserver','msgserver','datastore'],
bind_key => '${DNS_SEC_KEY}',
domain => '${PREFIX}',
register_host_with_nameserver => true,
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
ntp_servers => ['${UPSTREAM_NTP} iburst'],
broker_hostname => \$my_hostname,
nameserver_hostname => \$my_hostname,
datastore_hostname => \$my_hostname,
msgserver_hostname => \$my_hostname,
broker_auth_plugin => 'htpasswd',
openshift_user1 => '${USERNAME}',
openshift_password1 => '${PASSWORD}',
development_mode => ${DEV_MODE},
}
EOF
mkdir -p /etc/puppet/modules
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
cd /etc/puppet/modules/openshift_origin
$OpenShiftVersion
puppet module install $StdlibVersion
puppet module install $NtpVersion
puppet module install $ConcatVersion
puppet module install $LokkitVersion
puppet module install $SelinuxVersion
puppet module install $HaproxyVersion
puppet module install $KeepalivedVersion
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
setenforce 0
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
chkconfig activemq on
service activemq start
setenforce 1
params:
$Prefix: {get_param: prefix}
$UpstreamDNS: {get_param: upstream_dns}
$UpstreamNTP: {get_param: upstream_ntp}
$BrokerWaitHandle: {get_resource: broker_wait_handle}
$BrokerHostname: {get_param: broker_hostname}
$Username: {get_param: username}
$Password: {get_param: password}
$DevMode: {get_param: dev_mode}
$PuppetURL: {get_param: puppet_module_url}
$PuppetBranch: {get_param: puppet_module_branch}
$OpenShiftVersion: {get_param: openshift_version}
$StdlibVersion: {get_param: stdlib_version}
$NtpVersion: {get_param: ntp_version}
$ConcatVersion: {get_param: concat_version}
$LokkitVersion: {get_param: lokkit_version}
$SelinuxVersion: {get_param: selinux_types_version}
$HaproxyVersion: {get_param: haproxy_version}
$KeepalivedVersion: {get_param: keepalived_version}
broker_instance:
type: OS::Nova::Server
properties:
image: {get_param: image_broker_name}
flavor: {get_param: broker_flavor}
key_name: {get_resource: ssh_key}
networks: [
port: {get_resource: broker_port}
]
user_data: {get_resource: broker_user_data}
user_data_format: RAW
node_port:
type: OS::Neutron::Port
properties:
network_id: {get_resource: private_network}
fixed_ips: [
subnet_id: {get_resource: private_sub_network}
]
security_groups: [{get_resource: openshift_origin_security_group}]
node_floating_ip:
type: OS::Neutron::FloatingIP
properties:
floating_network_id: {get_param: public_net_id}
port_id: {get_resource: node_port}
node_wait_handle:
type: AWS::CloudFormation::WaitConditionHandle
node_wait_condition:
type: AWS::CloudFormation::WaitCondition
depends_on: node_instance
properties:
Handle: {get_resource: node_wait_handle}
Timeout: 1800
node_user_data:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: |
#!/bin/bash -x
export DNS_SEC_KEY=`python -c 'print $BrokerWaitConditionData["00000"]'`
export BROKER_IP=$BrokerIP
export NODE_FLOATING_IP=$NodeFloatingIP
export PREFIX=$Prefix
export UPSTREAM_DNS=$UpstreamDNS
export UPSTREAM_NTP=$UpstreamNTP
export NODE_WAIT_HANDLE="$NodeWaitHandle"
export HOSTNAME=$NodeHostname
export DEV_MODE=$DevMode
export PUPPET_MODULE_URL=$PuppetURL
export PUPPET_MODULE_BRANCH=$PuppetBranch
cat << EOF > /root/configure.pp
\$my_hostname="${HOSTNAME}.${PREFIX}"
exec { "set hostname":
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
}
class { 'openshift_origin' :
roles => ['node'],
bind_key => '${DNS_SEC_KEY}',
nameserver_ip_addr => '${BROKER_IP}',
domain => '${PREFIX}',
register_host_with_nameserver => true,
broker_hostname => '${BROKER_IP}',
msgserver_hostname => '${BROKER_IP}',
ntp_servers => ['${UPSTREAM_NTP} iburst'],
node_hostname => \$my_hostname,
install_method => 'yum',
jenkins_repo_base => 'http://pkg.jenkins-ci.org/redhat',
development_mode => ${DEV_MODE},
node_ip_addr => '${NODE_FLOATING_IP}',
}
EOF
mkdir -p /etc/puppet/modules
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
cd /etc/puppet/modules/openshift_origin
$OpenShiftVersion
puppet module install $StdlibVersion
puppet module install $NtpVersion
puppet module install $SysctlVersion
puppet module install $LokkitVersion
puppet module install $HaproxyVersion
puppet module install $KeepalivedVersion
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
setenforce 0
/opt/aws/bin/cfn-signal -e 0 -r 'Node setup complete' ${NODE_WAIT_HANDLE}
setenforce 1
params:
$BrokerWaitConditionData: {get_attr: [broker_wait_condition, Data]}
$BrokerIP: {get_attr: [broker_instance, first_address]}
$NodeFloatingIP: {get_attr: [node_floating_ip, floating_ip_address]}
$Prefix: {get_param: prefix}
$UpstreamDNS: {get_param: upstream_dns}
$UpstreamNTP: {get_param: upstream_ntp}
$NodeWaitHandle: {get_resource: node_wait_handle}
$NodeHostname: {get_param: node_hostname}
$DevMode: {get_param: dev_mode}
$PuppetURL: {get_param: puppet_module_url}
$PuppetBranch: {get_param: puppet_module_branch}
$OpenShiftVersion: {get_param: openshift_version}
$StdlibVersion: {get_param: stdlib_version}
$NtpVersion: {get_param: ntp_version}
$SysctlVersion: {get_param: sysctl_version}
$LokkitVersion: {get_param: lokkit_version}
$SelinuxVersion: {get_param: selinux_types_version}
$HaproxyVersion: {get_param: haproxy_version}
$KeepalivedVersion: {get_param: keepalived_version}
node_instance:
type: OS::Nova::Server
properties:
image: {get_param: image_node_name}
flavor: {get_param: node_flavor}
key_name: {get_resource: ssh_key}
networks: [
port: {get_resource: node_port}
]
user_data: {get_resource: node_user_data}
user_data_format: RAW
View Git Blame Copy Permalink