openstack
/
magnum
Code Issues Proposed changes
magnum/magnum/templates/swarm/swarm.yaml

437 lines
13 KiB
YAML
Raw Blame History

heat_template_version: 2013-05-23
description: >
This template will boot a Docker swarm cluster. A swarm cluster is made up
of a single master node, and N agent nodes. Every node in the cluster,
including the master, is running a Docker daemon and a swarm agent
advertising it to the cluster. The master is running an addition swarm
master container listening on port 2376. By default, the cluster is made
up of one master node and one agent node.
parameters:
#
# REQUIRED PARAMETERS
#
ssh_key_name:
type: string
description: name of ssh key to be provisioned on our server
external_network:
type: string
description: uuid/name of a network to use for floating ip addresses
discovery_url:
type: string
description: url provided for node discovery
user_token:
type: string
description: token used for communicating back to Magnum for TLS certs
bay_uuid:
type: string
description: identifier for the bay this template is generating
magnum_url:
type: string
description: endpoint to retrieve TLS certs from
#
# OPTIONAL PARAMETERS
#
server_image:
type: string
default: fedora-atomic
description: glance image used to boot the server
server_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
dns_nameserver:
type: string
description: address of a dns nameserver reachable in your environment
default: 8.8.8.8
http_proxy:
type: string
description: http proxy address for docker
default: ""
https_proxy:
type: string
description: https proxy address for docker
default: ""
no_proxy:
type: string
description: no proxies for docker
default: ""
number_of_nodes:
type: string
description: how many swarm nodes to spawn
default: 1
fixed_network_cidr:
type: string
description: network range for fixed ip network
default: "10.0.0.0/24"
tls_disabled:
type: boolean
description: whether or not to enable TLS
default: False
resources:
cloud_init_wait_handle:
type: "AWS::CloudFormation::WaitConditionHandle"
cloud_init_wait_condition:
type: "AWS::CloudFormation::WaitCondition"
depends_on:
- swarm_master
properties:
Handle:
get_resource: cloud_init_wait_handle
Timeout: 6000
master_wait_handle:
type: "AWS::CloudFormation::WaitConditionHandle"
master_wait_condition:
type: "AWS::CloudFormation::WaitCondition"
depends_on:
- swarm_master
properties:
Handle:
get_resource: master_wait_handle
Timeout: 6000
agent_wait_handle:
type: "AWS::CloudFormation::WaitConditionHandle"
agent_wait_condition:
type: "AWS::CloudFormation::WaitCondition"
depends_on:
- swarm_master
properties:
Handle:
get_resource: agent_wait_handle
Timeout: 6000
######################################################################
#
# network resources. allocate a network and router for our server.
# it would also be possible to take advantage of existing network
# resources (and have the deployer provide network and subnet ids,
# etc, as parameters), but I wanted to minmize the amount of
# configuration necessary to make this go.
fixed_network:
type: "OS::Neutron::Net"
# This is the subnet on which we will deploy our server.
fixed_subnet:
type: "OS::Neutron::Subnet"
properties:
cidr: {get_param: fixed_network_cidr}
network_id:
get_resource: fixed_network
dns_nameservers:
- get_param: dns_nameserver
# create a router attached to the external network provided as a
# parameter to this stack.
extrouter:
type: "OS::Neutron::Router"
properties:
external_gateway_info:
network:
get_param: external_network
# attached fixed_subnet to our extrouter router.
extrouter_inside:
type: "OS::Neutron::RouterInterface"
properties:
router_id:
get_resource: extrouter
subnet_id:
get_resource:
fixed_subnet
######################################################################
#
# security groups. we need to permit network traffic of various
# sorts.
#
secgroup_manager:
type: "OS::Neutron::SecurityGroup"
properties:
rules:
- protocol: icmp
- protocol: tcp
- protocol: udp
######################################################################
#
# software configs. these are components that are combined into
# a multipart MIME user-data archive.
#
write_heat_params:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-heat-params.yaml}
params:
"$WAIT_HANDLE": {get_resource: cloud_init_wait_handle}
"$HTTP_PROXY": {get_param: http_proxy}
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
"$SWARM_MASTER_IP": {get_attr: [swarm_master_eth0, fixed_ips, 0, ip_address]}
"$SWARM_NODE_IP": {get_attr: [swarm_master_eth0, fixed_ips, 0, ip_address]}
"$BAY_UUID": {get_param: bay_uuid}
"$USER_TOKEN": {get_param: user_token}
"$MAGNUM_URL": {get_param: magnum_url}
"$TLS_DISABLED": {get_param: tls_disabled}
configure_swarm:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/configure-swarm.sh}
remove_docker_key:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/remove-docker-key.sh}
make_cert:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/make-cert.py}
write_docker_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/write-docker-service.sh}
write_swarm_agent_failure_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-bay-failure-service.yaml}
params:
"$SERVICE": swarm-agent
"$WAIT_HANDLE": {get_resource: agent_wait_handle}
write_swarm_manager_failure_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-bay-failure-service.yaml}
params:
"$SERVICE": swarm-manager
"$WAIT_HANDLE": {get_resource: master_wait_handle}
write_docker_socket:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/write-docker-socket.yaml}
write_swarm_agent_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-swarm-agent-service.yaml}
params:
"$NODE_IP": {get_attr: [swarm_master_eth0, fixed_ips, 0, ip_address]}
"$DISCOVERY_URL": {get_param: discovery_url}
"$WAIT_HANDLE": {get_resource: agent_wait_handle}
"$HTTP_PROXY": {get_param: http_proxy}
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
write_swarm_master_service:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/write-swarm-master-service.sh}
params:
"$DISCOVERY_URL": {get_param: discovery_url}
"$WAIT_HANDLE": {get_resource: master_wait_handle}
"$HTTP_PROXY": {get_param: http_proxy}
"$HTTPS_PROXY": {get_param: https_proxy}
"$NO_PROXY": {get_param: no_proxy}
"$TLS_DISABLED": {get_param: tls_disabled}
enable_services:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config:
str_replace:
template: {get_file: fragments/enable-services.sh}
params:
"$NODE_SERVICES": "docker.socket swarm-agent swarm-manager"
cfn_signal:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/cfn-signal.sh}
disable_selinux:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/disable-selinux.sh}
add_proxy:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/add-proxy.sh}
swarm_master_init:
type: "OS::Heat::MultipartMime"
properties:
parts:
- config: {get_resource: disable_selinux}
- config: {get_resource: remove_docker_key}
- config: {get_resource: write_heat_params}
- config: {get_resource: make_cert}
- config: {get_resource: write_swarm_agent_failure_service}
- config: {get_resource: write_swarm_manager_failure_service}
- config: {get_resource: write_docker_service}
- config: {get_resource: write_docker_socket}
- config: {get_resource: write_swarm_agent_service}
- config: {get_resource: write_swarm_master_service}
- config: {get_resource: configure_swarm}
- config: {get_resource: add_proxy}
- config: {get_resource: enable_services}
- config: {get_resource: cfn_signal}
######################################################################
#
# Swarm_manager is a special node running the swarm manage daemon along
# side the swarm agent.
#
swarm_master:
type: "OS::Nova::Server"
depends_on:
- extrouter_inside
properties:
image:
get_param: server_image
flavor:
get_param: server_flavor
key_name:
get_param: ssh_key_name
user_data_format: RAW
user_data: {get_resource: swarm_master_init}
networks:
- port:
get_resource: swarm_master_eth0
swarm_master_eth0:
type: "OS::Neutron::Port"
properties:
network_id:
get_resource: fixed_network
security_groups:
- get_resource: secgroup_manager
fixed_ips:
- subnet_id:
get_resource: fixed_subnet
swarm_master_floating:
type: "OS::Neutron::FloatingIP"
depends_on:
- extrouter_inside
properties:
floating_network:
get_param: external_network
port_id:
get_resource: swarm_master_eth0
swarm_nodes:
type: "OS::Heat::ResourceGroup"
depends_on:
- extrouter_inside
properties:
count: {get_param: number_of_nodes}
resource_def:
type: swarmnode.yaml
properties:
ssh_key_name: {get_param: ssh_key_name}
server_image: {get_param: server_image}
server_flavor: {get_param: server_flavor}
fixed_network_id: {get_resource: fixed_network}
fixed_subnet_id: {get_resource: fixed_subnet}
external_network: {get_param: external_network}
discovery_url: {get_param: discovery_url}
http_proxy: {get_param: http_proxy}
https_proxy: {get_param: https_proxy}
no_proxy: {get_param: no_proxy}
swarm_master_ip: {get_attr: [swarm_master_eth0, fixed_ips, 0, ip_address]}
bay_uuid: {get_param: bay_uuid}
user_token: {get_param: user_token}
magnum_url: {get_param: magnum_url}
tls_disabled: {get_param: tls_disabled}
outputs:
api_address:
value: {get_attr: [swarm_master_floating, floating_ip_address]}
description: >
This is the API endpoint of the Swarm masters. Use this to access
the Swarm API server from outside the cluster.
swarm_master_private:
value: {get_attr: [swarm_master_eth0, fixed_ips, 0, ip_address]}
description: >
This is a list of the "private" addresses of all the Swarm masters.
swarm_master:
value: {get_attr: [swarm_master_floating, floating_ip_address]}
description: >
This is a list of "public" ip addresses of all Swarm master.
Use these addresses to log into the Swarm masters via ssh.
swarm_nodes_private:
value: {get_attr: [swarm_nodes, swarm_node_ip]}
description: >
This is a list of the "private" addresses of all the Swarm nodes.
swarm_nodes:
value: {get_attr: [swarm_nodes, swarm_node_external_ip]}
description: >
This is a list of the "public" addresses of all the Swarm nodes. Use
these addresses to, e.g., log into the nodes.
discovery_url:
value: {get_param: discovery_url}
description: >
This the discovery url for Swarm cluster.
View Git Blame Copy Permalink