tripleo-heat-templates/ci/pingtests/scenario002-multinode.yaml
Emilien Macchi 44ec61345d scenario002: updating volume encryption provider
https://review.openstack.org/#/c/416672 made the new luks provider required.
Let's use it.

Closes-Bug: #1658755
Change-Id: Icc7c3c933af6621959ce3e6af99c73b4afd87509
2017-01-24 09:45:02 +00:00

159 lines
4.2 KiB
YAML

heat_template_version: ocata
description: >
HOT template to created resources deployed by scenario002.
parameters:
key_name:
type: string
description: Name of keypair to assign to servers
default: 'pingtest_key'
image:
type: string
description: Name of image to use for servers
default: 'pingtest_image'
public_net_name:
type: string
default: 'nova'
description: >
ID or name of public network for which floating IP addresses will be allocated
private_net_name:
type: string
description: Name of private network to be created
default: 'default-net'
private_net_cidr:
type: string
description: Private network address (CIDR notation)
default: '192.168.2.0/24'
private_net_gateway:
type: string
description: Private network gateway address
default: '192.168.2.1'
private_net_pool_start:
type: string
description: Start of private network IP address allocation pool
default: '192.168.2.100'
private_net_pool_end:
type: string
default: '192.168.2.200'
description: End of private network IP address allocation pool
resources:
key_pair:
type: OS::Nova::KeyPair
properties:
save_private_key: true
name: {get_param: key_name }
private_net:
type: OS::Neutron::Net
properties:
name: { get_param: private_net_name }
private_subnet:
type: OS::Neutron::Subnet
properties:
network_id: { get_resource: private_net }
cidr: { get_param: private_net_cidr }
gateway_ip: { get_param: private_net_gateway }
allocation_pools:
- start: { get_param: private_net_pool_start }
end: { get_param: private_net_pool_end }
router:
type: OS::Neutron::Router
properties:
external_gateway_info:
network: { get_param: public_net_name }
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: private_subnet }
luks_volume_type:
type: OS::Cinder::VolumeType
properties:
name: LUKS
encrypted_volume_type:
type: OS::Cinder::EncryptedVolumeType
properties:
volume_type: {get_resource: luks_volume_type}
provider: luks
cipher: aes-xts-plain64
control_location: front-end
key_size: 256
volume1:
type: OS::Cinder::Volume
depends_on: encrypted_volume_type
properties:
name: Volume1
image: { get_param: image }
size: 1
volume_type: {get_resource: luks_volume_type}
server1:
type: OS::Nova::Server
depends_on: volume1
properties:
name: Server1
block_device_mapping:
- device_name: vda
volume_id: { get_resource: volume1 }
flavor: { get_resource: test_flavor }
key_name: { get_resource: key_pair }
networks:
- port: { get_resource: server1_port }
server1_port:
type: OS::Neutron::Port
properties:
network_id: { get_resource: private_net }
fixed_ips:
- subnet_id: { get_resource: private_subnet }
security_groups: [{ get_resource: server_security_group }]
server1_floating_ip:
type: OS::Neutron::FloatingIP
# TODO: investigate why we need this depends_on and if we could
# replace it by router_id with get_resource: router_interface
depends_on: router_interface
properties:
floating_network: { get_param: public_net_name }
port_id: { get_resource: server1_port }
server_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: Add security group rules for server
name: pingtest-security-group
rules:
- remote_ip_prefix: 0.0.0.0/0
protocol: tcp
port_range_min: 22
port_range_max: 22
- remote_ip_prefix: 0.0.0.0/0
protocol: icmp
test_flavor:
type: OS::Nova::Flavor
properties:
ram: 512
vcpus: 1
zaqar_queue:
type: OS::Zaqar::Queue
properties:
name: pingtest-queue
outputs:
server1_private_ip:
description: IP address of server1 in private network
value: { get_attr: [ server1, first_address ] }
server1_public_ip:
description: Floating IP address of server1 in public network
value: { get_attr: [ server1_floating_ip, floating_ip_address ] }