openstack/heat-templates
Code Issues Proposed changes
f9d687a9d7
heat-templates/openshift-origin/F18/OpenShiftAutoScaling.yaml
Steven Dake a980af8e15 Make room for F19 OpenShift Origin Files 
Move F18 OpenShift origin files into the F18 directory

Change-Id: I3318347085a1e640839c41ab58e233835e185f49
2013-10-08 17:16:32 -07:00

391 lines
15 KiB
YAML
Raw Blame History

HeatTemplateFormatVersion: '2012-12-12'
Description: Template for setting up an AutoScaled OpenShift Origin environment
Parameters:
KeyName:
Description: Name of an existing keypair to enable SSH access to the instances
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: '[-_ a-zA-Z0-9]*'
Prefix:
Description: Your DNS Prefix
Type: String
Default: example.com
UpstreamDNS:
Description: Upstream DNS server
Type: String
Default: 8.8.8.8
BrokerServerFlavor:
Description: Flavor of broker server
Type: String
Default: m1.small
AllowedValues: [m1.small, m1.medium, m1.large, m1.xlarge]
ConstraintDescription: Must be a valid server flavor
NodeServerFlavor:
Description: Flavor of node servers
Type: String
Default: m1.small
AllowedValues: [m1.small, m1.medium, m1.large, m1.xlarge]
ConstraintDescription: Must be a valid server flavor
NodeCountMinimum:
Description: Minimum number of nodes to scale down to
Type: String
Default: '1'
AllowedPattern: '[0-9]*'
NodeCountMaximum:
Description: Maximum number of nodes to scale up to
Type: String
Default: '3'
AllowedPattern: '[0-9]*'
Mappings:
JeosImages:
Broker:
Image: F18-x86_64-openshift-origin-broker-cfntools
Node:
Image: F18-x86_64-openshift-origin-node-cfntools
Resources:
OpenshiftUser:
Type: AWS::IAM::User
OpenshiftOriginKeys:
Type: AWS::IAM::AccessKey
Properties:
UserName:
Ref: OpenshiftUser
OpenshiftOriginNodeGroup:
Type: AWS::AutoScaling::AutoScalingGroup
DependsOn: BrokerWaitCondition
Properties:
AvailabilityZones: []
LaunchConfigurationName:
Ref: NodeLaunchConfig
MinSize:
Ref: NodeCountMinimum
MaxSize:
Ref: NodeCountMaximum
LoadBalancerNames: []
OpenshiftOriginScaleUpPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName:
Ref: OpenshiftOriginNodeGroup
Cooldown: '120'
ScalingAdjustment: '1'
OpenshiftOriginScaleDownPolicy:
Type: AWS::AutoScaling::ScalingPolicy
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName:
Ref: OpenshiftOriginNodeGroup
Cooldown: '60'
ScalingAdjustment: '-1'
NodeScaleUp:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: Scale-up if event received from broker
MetricName: Heartbeat
Namespace: system/linux
Statistic: SampleCount
Period: '60'
EvaluationPeriods: '1'
Threshold: '0'
AlarmActions: [{Ref: OpenshiftOriginScaleUpPolicy}]
Dimensions:
- Name: AutoScalingGroupName
Value:
Ref: OpenshiftOriginNodeGroup
ComparisonOperator: GreaterThanThreshold
NodeScaleDown:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmDescription: Scale-down if event received from broker
MetricName: Heartbeat
Namespace: system/linux
Statistic: SampleCount
Period: '60'
EvaluationPeriods: '1'
Threshold: '0'
AlarmActions: [{Ref: OpenshiftOriginScaleDownPolicy}]
Dimensions:
- Name: AutoScalingGroupName
Value:
Ref: OpenshiftOriginNodeGroup
ComparisonOperator: GreaterThanThreshold
OpenShiftOriginSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Standard firewall rules
SecurityGroupIngress:
- {IpProtocol: udp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0}
- {IpProtocol: tcp, FromPort: '53', ToPort: '53', CidrIp: 0.0.0.0/0}
- {IpProtocol: tcp, FromPort: '22', ToPort: '22', CidrIp: 0.0.0.0/0}
- {IpProtocol: tcp, FromPort: '80', ToPort: '80', CidrIp: 0.0.0.0/0}
- {IpProtocol: tcp, FromPort: '443', ToPort: '443', CidrIp: 0.0.0.0/0}
- {IpProtocol: tcp, FromPort: '8000', ToPort: '8000', CidrIp: 0.0.0.0/0}
- {IpProtocol: tcp, FromPort: '8443', ToPort: '8443', CidrIp: 0.0.0.0/0}
BrokerWaitHandle:
Type: AWS::CloudFormation::WaitConditionHandle
BrokerWaitCondition:
Type: AWS::CloudFormation::WaitCondition
DependsOn: BrokerInstance
Properties:
Handle:
Ref: BrokerWaitHandle
Timeout: '6000'
BrokerInstance:
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap: [JeosImages, Broker, Image]
InstanceType:
Ref: BrokerServerFlavor
KeyName:
Ref: KeyName
SecurityGroups: [{Ref: OpenShiftOriginSecurityGroup}]
Tags:
- Key: Name
Value:
Fn::Join:
- '-'
- ['openshift', {Ref: Prefix}, 'broker']
UserData:
Fn::Base64:
Fn::Join:
- ''
- - |-
#!/bin/bash -x
export PREFIX=
- {Ref: Prefix}
- |-
export UPSTREAM_DNS=
- {Ref: UpstreamDNS}
- |-
export BROKER_WAIT_HANDLE="
- {Ref: BrokerWaitHandle}
- |-
"
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named ${PREFIX}
export DNS_SEC_KEY="`cat /var/named/K${PREFIX}.*.key | awk '{print $8}'`"
export EC2_INSTANCE_ID="`facter ec2_instance_id`"
export IP_ADDRESS="`facter ipaddress`"
mkdir -p /etc/heat
cat << EOF > /etc/heat/heat-credentials
AWSAccessKeyId=
- {Ref: OpenshiftOriginKeys}
- |-
AWSSecretKey=
- Fn::GetAtt: [OpenshiftOriginKeys, SecretAccessKey]
- |-
EOF
chmod 0400 /etc/heat/heat-credentials
cat << EOF > /etc/heat/notify-scale-up
#!/bin/bash
/opt/aws/bin/cfn-push-stats --credential-file /etc/heat/heat-credentials --heartbeat --watch
- {Ref: NodeScaleUp}
- |-
EOF
chmod 0700 /etc/heat/notify-scale-up
cat << EOF > /etc/heat/notify-scale-down
#!/bin/bash
/opt/aws/bin/cfn-push-stats --credential-file /etc/heat/heat-credentials --heartbeat --watch
- {Ref: NodeScaleDown}
- |-
EOF
chmod 0700 /etc/heat/notify-scale-down
cat << EOF > /root/configure.pp
\$my_hostname="\${ec2_instance_id}.${PREFIX}"
file { "update network settings - hostname":
path => "/etc/sysconfig/network",
content => "NETWORKING=yes\nNETWORKING_IPV6=no\nHOSTNAME=\${my_hostname}"
}
exec { "set hostname":
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
}
augeas{ "etc hosts setup" :
context => "/files/etc/hosts",
changes => [
"set 01/ipaddr \${ipaddress}",
"set 01/canonical \${my_hostname}",
],
}
augeas{ "network peerdns setup" :
context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0",
changes => [
"set PEERDNS no",
],
}
class { 'openshift_origin' :
node_fqdn => \$my_hostname,
cloud_domain => '${PREFIX}',
named_tsig_priv_key => '${DNS_SEC_KEY}',
dns_servers => ['${UPSTREAM_DNS}'],
os_unmanaged_users => ['ec2-user'],
enable_network_services => true,
configure_firewall => true,
configure_ntp => true,
configure_activemq => true,
configure_qpid => false,
configure_mongodb => true,
configure_named => true,
configure_broker => true,
configure_console => true,
configure_node => false,
development_mode => true,
named_ipaddress => \$ipaddress,
mongodb_fqdn => \$my_hostname,
mq_fqdn => \$my_hostname,
broker_fqdn => \$my_hostname,
}
EOF
mkdir -p /etc/puppet/modules
puppet module install openshift/openshift_origin
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
setsebool -P httpd_unified=on
service network restart | tee /var/log/configure_openshift.log;
service mongod restart | tee /var/log/configure_openshift.log;
service activemq restart | tee /var/log/configure_openshift.log;
service httpd restart | tee /var/log/configure_openshift.log;
service openshift-broker restart | tee /var/log/configure_openshift.log;
service openshift-console restart | tee /var/log/configure_openshift.log;
service named restart | tee /var/log/configure_openshift.log;
cat << EOF > /etc/resolv.conf
; generated by heat
search ${PREFIX}
nameserver 127.0.0.1
EOF
cat << _EOF > /root/nsupdate.cmd
key ${PREFIX} ${DNS_SEC_KEY}
server ${IP_ADDRESS} 53
update delete ${EC2_INSTANCE_ID}.${PREFIX} A
update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}
send
_EOF
cat /root/nsupdate.cmd | nsupdate
setenforce 1
# All is well so signal success
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r "Broker setup complete" "${BROKER_WAIT_HANDLE}"
NodeLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId:
Fn::FindInMap: [JeosImages, Node, Image]
InstanceType:
Ref: NodeServerFlavor
KeyName:
Ref: KeyName
SecurityGroups: [{Ref: OpenShiftOriginSecurityGroup}]
UserData:
Fn::Base64:
Fn::Join:
- ''
- - |-
#!/bin/bash -x
export DNS_SEC_KEY="`python -c 'print
- Fn::GetAtt: [BrokerWaitCondition, Data]
- |-
["00000"]'`"
export BROKER_IP=
- Fn::GetAtt: [BrokerInstance, PublicIp]
- |-
export PREFIX=
- {Ref: Prefix}
- |-
export EC2_INSTANCE_ID="`facter ec2_instance_id`"
export IP_ADDRESS="`facter ipaddress`"
cat << EOF > /root/configure.pp
\$my_hostname="\${ec2_instance_id}.${PREFIX}"
file { "update network settings - hostname":
path => "/etc/sysconfig/network",
content => "NETWORKING=yes\nNETWORKING_IPV6=no\nHOSTNAME=\${my_hostname}"
}
exec { "set hostname":
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
}
augeas{ "etc hosts setup" :
context => "/files/etc/hosts",
changes => [
"set 01/ipaddr \${ipaddress}",
"set 01/canonical \${my_hostname}",
],
}
augeas{ "network peerdns setup" :
context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0",
changes => [
"set PEERDNS no",
],
}
class { "openshift_origin" :
node_fqdn => \$my_hostname,
cloud_domain => '${PREFIX}',
named_tsig_priv_key => '${DNS_SEC_KEY}',
dns_servers => ['${BROKER_IP}'],
os_unmanaged_users => ['ec2-user'],
enable_network_services => true,
configure_firewall => true,
configure_ntp => true,
configure_activemq => false,
configure_qpid => false,
configure_mongodb => false,
configure_named => false,
configure_broker => false,
configure_console => false,
configure_node => true,
development_mode => true,
named_ipaddress => '${BROKER_IP}',
mongodb_fqdn => '${BROKER_IP}',
mq_fqdn => '${BROKER_IP}',
broker_fqdn => '${BROKER_IP}',
}
EOF
mkdir -p /etc/puppet/modules
puppet module install openshift/openshift_origin
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log;
service network restart | tee /var/log/configure_openshift.log;
service cgconfig restart | tee /var/log/configure_openshift.log;
service cgred restart | tee /var/log/configure_openshift.log;
service openshift-cgroups restart | tee /var/log/configure_openshift.log;
service openshift-node-web-proxy restart | tee /var/log/configure_openshift.log;
service openshift-gears restart | tee /var/log/configure_openshift.log;
service openshift-port-proxy restart | tee /var/log/configure_openshift.log;
service mcollective restart | tee /var/log/configure_openshift.log;
service httpd restart | tee /var/log/configure_openshift.log;
service sshd restart | tee /var/log/configure_openshift.log;
cat << EOF > /etc/resolv.conf
; generated by heat
search ${PREFIX}
nameserver ${BROKER_IP}
EOF
cat << _EOF > /root/nsupdate.cmd
key ${PREFIX} ${DNS_SEC_KEY}
server ${BROKER_IP} 53
update delete ${EC2_INSTANCE_ID}.${PREFIX} A
update add ${EC2_INSTANCE_ID}.${PREFIX} 180 A ${IP_ADDRESS}
send
_EOF
cat /root/nsupdate.cmd | nsupdate
setenforce 1
Outputs:
OpenShiftConsole:
Value:
Fn::Join:
- ''
- ['https://', 'Fn::GetAtt': [BrokerInstance, PublicIp], '/console']
Description: URL for OpenShift Origins console
NameServerEntry:
Value:
Fn::Join:
- ''
- ['nameserver ', 'Fn::GetAtt': [BrokerInstance, PublicIp]]
Description: Entry to insert into /etc/resolv.conf for application host names to resolve
View Git Blame Copy Permalink