heat_template_version: 2014-10-16 description: > This template will boot a Mesos cluster with one or more masters (as specified by number_of_masters, default is 1) and one or more slaves (as specified by the number_of_slaves parameter, which defaults to 1). parameters: ssh_key_name: type: string description: name of ssh key to be provisioned on our server default: "" external_network: type: string description: uuid/name of a network to use for floating ip addresses default: public fixed_network: type: string description: uuid/name of an existing network to use to provision machines default: "" fixed_subnet: type: string description: uuid/name of an existing subnet to use to provision machines default: "" server_image: type: string default: ubuntu-mesos description: glance image used to boot the server master_flavor: type: string default: m1.small description: flavor to use when booting the master server slave_flavor: type: string default: m1.small description: flavor to use when booting the slave server dns_nameserver: type: string description: address of a dns nameserver reachable in your environment default: 8.8.8.8 number_of_slaves: type: number description: how many mesos slaves to spawn initially default: 1 fixed_network_cidr: type: string description: network range for fixed ip network default: 10.0.0.0/24 wait_condition_timeout: type: number description: > timeout for the Wait Conditions default: 6000 cluster_name: type: string description: human readable name for the mesos cluster default: my-cluster executor_registration_timeout: type: string description: > Amount of time to wait for an executor to register with the slave before considering it hung and shutting it down default: 5mins number_of_masters: type: number description: how many mesos masters to spawn initially default: 1 http_proxy: type: string description: http proxy address for docker default: "" https_proxy: type: string description: https proxy address for docker default: "" no_proxy: type: string description: no proxies for docker default: "" trustee_domain_id: type: string description: domain id of the trustee default: "" trustee_user_id: type: string description: user id of the trustee default: "" trustee_username: type: string description: username of the trustee default: "" trustee_password: type: string description: password of the trustee default: "" hidden: true trust_id: type: string description: id of the trust which is used by the trustee default: "" hidden: true region_name: type: string description: a logically separate section of the cluster username: type: string description: user name password: type: string description: > user password, not set in current implementation, only used to fill in for Mesos config file default: password hidden: true tenant_name: type: string description: > tenant_name is used to isolate access to Compute resources volume_driver: type: string description: volume driver to use for container storage default: "" domain_name: type: string description: > domain is to define the administrative boundaries for management of Keystone entities rexray_preempt: type: string description: > enables any host to take control of a volume irrespective of whether other hosts are using the volume default: "false" auth_url: type: string description: url for keystone mesos_slave_isolation: type: string description: > Isolation mechanisms to use, e.g., `posix/cpu,posix/mem`, or `cgroups/cpu,cgroups/mem`, or network/port_mapping (configure with flag: `--with-network-isolator` to enable), or `cgroups/devices/gpus/nvidia` for nvidia specific gpu isolation (configure with flag: `--enable-nvidia -gpu-support` to enable), or `external`, or load an alternate isolator module using the `--modules` flag. Note that this flag is only relevant for the Mesos Containerizer. default: "" mesos_slave_work_dir: type: string description: directory path to place framework work directories default: "" mesos_slave_image_providers: type: string description: > Comma separated list of supported image providers e.g., APPC,DOCKER default: "" mesos_slave_executor_env_variables: type: string description: > JSON object representing the environment variables that should be passed to the executor, and thus subsequently task(s). By default the executor, executor will inherit the slave's environment variables. default: "" slaves_to_remove: type: comma_delimited_list description: > List of slaves to be removed when doing an update. Individual slave may be referenced several ways: (1) The resource name (e.g.['1', '3']), (2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should be empty when doing a create. default: [] verify_ca: type: boolean description: whether or not to validate certificate authority openstack_ca: type: string hidden: true description: The OpenStack CA certificate to install on the node. nodes_affinity_policy: type: string description: > affinity policy for nodes server group constraints: - allowed_values: ["affinity", "anti-affinity", "soft-affinity", "soft-anti-affinity"] resources: ###################################################################### # # network resources. allocate a network and router for our server. # network: type: ../../common/templates/network.yaml properties: existing_network: {get_param: fixed_network} existing_subnet: {get_param: fixed_subnet} private_network_cidr: {get_param: fixed_network_cidr} dns_nameserver: {get_param: dns_nameserver} external_network: {get_param: external_network} api_lb: type: ../../common/templates/lb.yaml properties: fixed_subnet: {get_attr: [network, fixed_subnet]} external_network: {get_param: external_network} protocol: HTTP port: 8080 ###################################################################### # # security groups. we need to permit network traffic of various # sorts. # secgroup_master: type: OS::Neutron::SecurityGroup properties: rules: - protocol: icmp - protocol: tcp port_range_min: 22 port_range_max: 22 - protocol: tcp remote_mode: remote_group_id - protocol: tcp port_range_min: 5050 port_range_max: 5050 - protocol: tcp port_range_min: 8080 port_range_max: 8080 secgroup_slave_all_open: type: OS::Neutron::SecurityGroup properties: rules: - protocol: icmp - protocol: tcp - protocol: udp ###################################################################### # # Master SoftwareConfig. # write_params_master: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: fragments/write-heat-params-master.sh} inputs: - name: MESOS_MASTERS_IPS type: String - name: CLUSTER_NAME type: String - name: QUORUM type: String - name: HTTP_PROXY type: String - name: HTTPS_PROXY type: String - name: NO_PROXY type: String configure_master: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: fragments/configure-mesos-master.sh} add_proxy_master: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: fragments/add-proxy.sh} start_services_master: type: OS::Heat::SoftwareConfig properties: group: script config: {get_file: fragments/start-services-master.sh} ###################################################################### # # Master SoftwareDeployment. # write_params_master_deployment: type: OS::Heat::SoftwareDeploymentGroup properties: config: {get_resource: write_params_master} servers: {get_attr: [mesos_masters, attributes, mesos_server_id]} input_values: MESOS_MASTERS_IPS: {list_join: [' ', {get_attr: [mesos_masters, mesos_master_ip]}]} CLUSTER_NAME: {get_param: cluster_name} NUMBER_OF_MASTERS: {get_param: number_of_masters} HTTP_PROXY: {get_param: http_proxy} HTTPS_PROXY: {get_param: https_proxy} NO_PROXY: {get_param: no_proxy} configure_master_deployment: type: OS::Heat::SoftwareDeploymentGroup depends_on: - write_params_master_deployment properties: config: {get_resource: configure_master} servers: {get_attr: [mesos_masters, attributes, mesos_server_id]} add_proxy_master_deployment: type: OS::Heat::SoftwareDeploymentGroup depends_on: - configure_master_deployment properties: config: {get_resource: add_proxy_master} servers: {get_attr: [mesos_masters, attributes, mesos_server_id]} start_services_master_deployment: type: OS::Heat::SoftwareDeploymentGroup depends_on: - add_proxy_master_deployment properties: config: {get_resource: start_services_master} servers: {get_attr: [mesos_masters, attributes, mesos_server_id]} ###################################################################### # # resources that expose the IPs of either the mesos master or a given # LBaaS pool depending on whether LBaaS is enabled for the bay. # api_address_lb_switch: type: Magnum::ApiGatewaySwitcher properties: pool_public_ip: {get_attr: [api_lb, floating_address]} pool_private_ip: {get_attr: [api_lb, address]} master_public_ip: {get_attr: [mesos_masters, resource.0.mesos_master_external_ip]} master_private_ip: {get_attr: [mesos_masters, resource.0.mesos_master_ip]} ###################################################################### # # resources that expose the server group for all nodes include master # and minions. # nodes_server_group: type: OS::Nova::ServerGroup properties: policies: [{get_param: nodes_affinity_policy}] ###################################################################### # # Mesos masters. This is a resource group that will create # masters. # mesos_masters: type: OS::Heat::ResourceGroup depends_on: - network properties: count: {get_param: number_of_masters} resource_def: type: mesosmaster.yaml properties: name: list_join: - '-' - [{ get_param: 'OS::stack_name' }, 'master', '%index%'] ssh_key_name: {get_param: ssh_key_name} server_image: {get_param: server_image} master_flavor: {get_param: master_flavor} external_network: {get_param: external_network} fixed_network: {get_attr: [network, fixed_network]} fixed_subnet: {get_attr: [network, fixed_subnet]} secgroup_mesos_id: {get_resource: secgroup_master} api_pool_id: {get_attr: [api_lb, pool_id]} openstack_ca: {get_param: openstack_ca} nodes_server_group_id: {get_resource: nodes_server_group} ###################################################################### # # Mesos slaves. This is a resource group that will initially # create slaves, and needs to be manually scaled. # mesos_slaves: type: OS::Heat::ResourceGroup depends_on: - network properties: count: {get_param: number_of_slaves} removal_policies: [{resource_list: {get_param: slaves_to_remove}}] resource_def: type: mesosslave.yaml properties: name: list_join: - '-' - [{ get_param: 'OS::stack_name' }, 'slave', '%index%'] ssh_key_name: {get_param: ssh_key_name} server_image: {get_param: server_image} slave_flavor: {get_param: slave_flavor} fixed_network: {get_attr: [network, fixed_network]} fixed_subnet: {get_attr: [network, fixed_subnet]} external_network: {get_param: external_network} secgroup_slave_all_open_id: {get_resource: secgroup_slave_all_open} mesos_slave_software_configs: {get_attr: [mesos_slave_software_configs, mesos_init]} nodes_server_group_id: {get_resource: nodes_server_group} ###################################################################### # # Wait condition handler for Mesos slaves. # slave_wait_handle: type: OS::Heat::WaitConditionHandle slave_wait_condition: type: OS::Heat::WaitCondition properties: count: {get_param: number_of_slaves} handle: {get_resource: slave_wait_handle} timeout: {get_param: wait_condition_timeout} ###################################################################### # # Software configs for Mesos slaves. # mesos_slave_software_configs: type: mesos_slave_software_configs.yaml properties: mesos_masters_ips: {list_join: [' ', {get_attr: [mesos_masters, mesos_master_ip]}]} executor_registration_timeout: {get_param: executor_registration_timeout} http_proxy: {get_param: http_proxy} https_proxy: {get_param: https_proxy} no_proxy: {get_param: no_proxy} auth_url: {get_param: auth_url} username: {get_param: username} password: {get_param: password} tenant_name: {get_param: tenant_name} volume_driver: {get_param: volume_driver} region_name: {get_param: region_name} domain_name: {get_param: domain_name} rexray_preempt: {get_param: rexray_preempt} mesos_slave_isolation: {get_param: mesos_slave_isolation} mesos_slave_work_dir: {get_param: mesos_slave_work_dir} mesos_slave_image_providers: {get_param: mesos_slave_image_providers} mesos_slave_executor_env_variables: {get_param: mesos_slave_executor_env_variables} mesos_slave_wc_curl_cli: {get_attr: [slave_wait_handle, curl_cli]} verify_ca: {get_param: verify_ca} openstack_ca: {get_param: openstack_ca} outputs: api_address: value: {get_attr: [api_address_lb_switch, public_ip]} description: > This is the API endpoint of the Mesos master. Use this to access the Mesos API from outside the cluster. mesos_master_private: value: {get_attr: [mesos_masters, mesos_master_ip]} description: > This is a list of the "private" addresses of all the Mesos masters. mesos_master: value: {get_attr: [mesos_masters, mesos_master_external_ip]} description: > This is the "public" ip address of the Mesos master server. Use this address to log in to the Mesos master via ssh or to access the Mesos API from outside the cluster. mesos_slaves_private: value: {get_attr: [mesos_slaves, mesos_slave_ip]} description: > This is a list of the "private" addresses of all the Mesos slaves. mesos_slaves: value: {get_attr: [mesos_slaves, mesos_slave_external_ip]} description: > This is a list of the "public" addresses of all the Mesos slaves.