magnum/magnum/templates/docker-swarm/swarmnode.yaml

282 lines
7.5 KiB
YAML

heat_template_version: 2013-05-23
description: >
This is a nested stack that defines a single swarm node,
based on a vanilla Fedora 20 cloud image. This stack is included by
a ResourceGroup resource in the parent template (swarm.yaml).
parameters:
server_image:
type: string
default: fedora-atomic
description: glance image used to boot the server
server_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
ssh_key_name:
type: string
description: name of ssh key to be provisioned on our server
default: lars
external_network:
type: string
description: uuid/name of a network to use for floating ip addresses
fixed_network_id:
type: string
description: Network from which to allocate fixed addresses.
fixed_subnet_id:
type: string
description: Subnet from which to allocate fixed addresses.
discovery_url:
type: string
description: url provided for node discovery
http_proxy:
type: string
description: http proxy address for docker
default: ""
https_proxy:
type: string
description: https proxy address for docker
default: ""
no_proxy:
type: string
description: no proxies for docker
default: ""
swarm_master_ip:
type: string
description: swarm master's ip address
user_token:
type: string
description: token used for communicating back to Magnum for TLS certs
bay_uuid:
type: string
description: identifier for the bay this template is generating
magnum_url:
type: string
description: endpoint to retrieve TLS certs from
tls_disabled:
type: boolean
description: whether or not to disable TLS
resources:
node_cloud_init_wait_handle:
type: "AWS::CloudFormation::WaitConditionHandle"
node_cloud_init_wait_condition:
type: "AWS::CloudFormation::WaitCondition"
depends_on:
- swarm_node
properties:
Handle:
get_resource: node_cloud_init_wait_handle
Timeout: 6000
node_agent_wait_handle:
type: "AWS::CloudFormation::WaitConditionHandle"
node_agent_wait_condition:
type: "AWS::CloudFormation::WaitCondition"
depends_on:
- swarm_node
properties:
Handle:
get_resource: node_agent_wait_handle
Timeout: 6000
######################################################################
#
# security groups. we need to permit network traffic of various
# sorts.
#
secgroup_node:
type: "OS::Neutron::SecurityGroup"
properties:
rules:
- protocol: icmp
- protocol: tcp
- protocol: udp
######################################################################
#
# software configs. these are components that are combined into
# a multipart MIME user-data archive.
write_heat_params:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-heat-params.yaml}
params:
"$WAIT_HANDLE": {get_resource: node_cloud_init_wait_handle}
"$HTTP_PROXY": {get_param: http_proxy}
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
"$SWARM_MASTER_IP": {get_param: swarm_master_ip}
"$SWARM_NODE_IP": {get_attr: [swarm_node_eth0, fixed_ips, 0, ip_address]}
"$BAY_UUID": {get_param: bay_uuid}
"$USER_TOKEN": {get_param: user_token}
"$MAGNUM_URL": {get_param: magnum_url}
"$TLS_DISABLED": {get_param: tls_disabled}
configure_swarm:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/configure-swarm.sh}
remove_docker_key:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/remove-docker-key.sh}
make_cert:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/make-cert.py}
write_docker_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/write-docker-service.sh}
write_docker_socket:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/write-docker-socket.yaml}
write_swarm_agent_failure_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-bay-failure-service.yaml}
params:
"$SERVICE": swarm-agent
"$WAIT_HANDLE": {get_resource: node_agent_wait_handle}
write_swarm_agent_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-swarm-agent-service.yaml}
params:
"$NODE_IP": {get_attr: [swarm_node_eth0, fixed_ips, 0, ip_address]}
"$DISCOVERY_URL": {get_param: discovery_url}
"$WAIT_HANDLE": {get_resource: node_agent_wait_handle}
"$HTTP_PROXY": {get_param: http_proxy}
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
enable_services:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/enable-services.sh}
params:
"$NODE_SERVICES": "docker.socket swarm-agent"
cfn_signal:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/cfn-signal.sh}
disable_selinux:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/disable-selinux.sh}
add_proxy:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/add-proxy.sh}
swarm_node_init:
type: "OS::Heat::MultipartMime"
properties:
parts:
- config: {get_resource: disable_selinux}
- config: {get_resource: remove_docker_key}
- config: {get_resource: write_heat_params}
- config: {get_resource: make_cert}
- config: {get_resource: write_swarm_agent_failure_service}
- config: {get_resource: write_swarm_agent_service}
- config: {get_resource: write_docker_service}
- config: {get_resource: write_docker_socket}
- config: {get_resource: configure_swarm}
- config: {get_resource: add_proxy}
- config: {get_resource: enable_services}
- config: {get_resource: cfn_signal}
swarm_node:
type: "OS::Nova::Server"
properties:
image:
get_param: server_image
flavor:
get_param: server_flavor
key_name:
get_param: ssh_key_name
user_data_format: RAW
user_data: {get_resource: swarm_node_init}
networks:
- port:
get_resource: swarm_node_eth0
swarm_node_eth0:
type: "OS::Neutron::Port"
properties:
network_id:
get_param: fixed_network_id
security_groups:
- get_resource: secgroup_node
fixed_ips:
- subnet_id:
get_param: fixed_subnet_id
swarm_node_floating:
type: "OS::Neutron::FloatingIP"
properties:
floating_network:
get_param: external_network
port_id:
get_resource: swarm_node_eth0
outputs:
swarm_node_ip:
value: {get_attr: [swarm_node_eth0, fixed_ips, 0, ip_address]}
swarm_node_external_ip:
value: {get_attr: [swarm_node_floating, floating_ip_address]}