x/osops-tools-contrib
Code Issues Proposed changes

Added dir and heat files for interop challange

Browse Source 
Added heat subdirectory to store files for Openstack Interop
Challange.
Added lamp subdirectory under heat to upload 3-tier LAMP heat
template files.
Uploaded the lamp 3-tier heat templates created by enterprise WG
Added a README.rst file to describe heat templates
removed whitespace again

Change-Id: Idfe86a59a60949a447783445932e5a7062330ac2
This commit is contained in:
Craig Sterrett
2016-08-05 08:26:26 -07:00
parent 4f524b4675
commit d6124c8ac8
7 changed files with 1457 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

214
heat/lamp/AppWG_3Tier.yaml Normal file
View File

@@ -0,0 +1,214 @@
heat_template_version: 2016-04-08
#The value of heat_template_version tells Heat not only the format of the template but also features that will be validated and supported
#2016-04-08 represents the Mitaka release
description: >
This is the main Heat template for the 3-tier LAMP Workload created by the Enterprise WG.
This version of the tempalte does not include autoscaling, and does not require ceilometer.
This template calls multiple nested templates which actually do the
majority of the work. This file calls the following yaml files in a ./lib subdirectory
setup_net_sg.yaml sets up the security groups and networks for Web, App, and Database
heat_app_tier.yaml starts up application servers and does on-the-fly builds
heat_web_tier.yaml starts up web servers and does on-the-fly builds
heat_sql_tier.yaml starts up mysql server and does on-the-fly builds.
NOTE: This serves as a guide to new users and is not meant for production deployment.
REQUIRED YAML FILES:
setup_net_sg.yaml, heat_app_tier.yaml, heat_sql_tier.yaml, heat_web_tier.yaml
REQUIRED PARAMETERS:
ssh_key_name, image_id, public_network_id
OPTIONAL PARAMETERS:
db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver
#Created by: Craig Sterrett 3/23/2016
######################################
#The parameters section allows for specifying input parameters that have to be provided when instantiating the template
parameters:
ssh_key_name:
type: string
label: SSH Key Name
description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances.
hidden: false
constraints:
- custom_constraint: nova.keypair
description: Must already exist on your cloud
image_id:
type: string
label: Image ID
description: >
REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify
your own Image ID in your project/tenant. This could be modified to use different
images for each tier.
hidden: false
constraints:
- custom_constraint: glance.image
description: Must be a valid image on your cloud
public_network_id:
type: string
label: Public Network
description: >
REQUIRED PARAMETER - The public network name or id used to access the internet.
This will fail if this is not a true public network
hidden: false
constraints:
- custom_constraint: neutron.network
description: Must be a valid network on your cloud
db_instance_flavor:
type: string
label: Database server instance flavor
description: The flavor type to use for db server.
default: m1.small
hidden: false
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor provided by your cloud provider.
app_instance_flavor:
type: string
label: Application server instance flavor
description: The flavor type to use for app servers.
default: m1.small
hidden: false
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor provided by your cloud provider.
web_instance_flavor:
type: string
label: Web server instance flavor
description: The flavor type to use for web servers.
default: m1.small
hidden: false
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor provided by your cloud provider.
db_server_name:
type: string
label: Server Name
description: Name of the database servers
hidden: false
default: db_server
app_server_name:
type: string
label: Server Name
description: Name of the application servers
hidden: false
default: app_server
web_server_name:
type: string
label: Server Name
description: Name of the web servers
hidden: false
default: web_server
dns_nameserver:
type: comma_delimited_list
label: DNS Name Server
description: The IP address of a DNS nameserver in list format
default: 8.8.8.8,8.8.4.4
######################################
#The resources section defines actual resources that make up a stack deployed from the HOT template (for instance compute instances, networks, storage volumes).
resources:
####################
#Setup Networking and Security Group
#Call the setup_net_sg.yaml file
network_setup:
type: lib/setup_net_sg.yaml
properties:
public_network_id: { get_param: public_network_id }
dns_nameserver: { get_param: dns_nameserver }
####################
##Kick off a Database server
launch_db_server:
type: lib/heat_sql_tier.yaml
properties:
ssh_key_name: { get_param: ssh_key_name }
server_name: { get_param: db_server_name }
instance_flavor: { get_param: db_instance_flavor }
image_id: { get_param: image_id }
private_network_id: {get_attr: [network_setup, db_private_network_id]}
security_group: {get_attr: [network_setup, db_security_group_id]}
####################
##Kick off two application servers
#Utilizing Heat resourcegroup to kick off multiple copies
app_server_resource_group:
type: OS::Heat::ResourceGroup
properties:
count: 2
resource_def:
type: lib/heat_app_tier.yaml
properties:
ssh_key_name:
get_param: ssh_key_name
server_name:
get_param: app_server_name
instance_flavor:
get_param: app_instance_flavor
image_id:
get_param: image_id
private_network_id: {get_attr: [network_setup, app_private_network_id]}
security_group: {get_attr: [network_setup, app_security_group_id]}
pool_name: {get_attr: [network_setup, app_lbaas_pool_name]}
db_server_ip: {get_attr: [launch_db_server, instance_ip]}
#Just passing something for metadata, it's not used in this script but is used in
#the autoscaling script
metadata: {"metering.stack": {get_param: "OS::stack_id"}}
####################
##Kick off two web servers
#Utilizing Heat resourcegroup to kick off multiple copies
web_server_resource_group:
type: OS::Heat::ResourceGroup
properties:
count: 2
resource_def:
type: lib/heat_web_tier.yaml
properties:
ssh_key_name:
get_param: ssh_key_name
server_name:
get_param: web_server_name
instance_flavor:
get_param: web_instance_flavor
image_id:
get_param: image_id
private_network_id: {get_attr: [network_setup, web_private_network_id]}
app_lbaas_vip: {get_attr: [network_setup, app_lbaas_IP]}
security_group: {get_attr: [network_setup, web_security_group_id]}
pool_name: {get_attr: [network_setup, web_lbaas_pool_name]}
#Just passing something for metadata, it's not used in this script but is used in
#the autoscaling script
metadata: {"metering.stack": {get_param: "OS::stack_id"}}
######################################
#The outputs section defines output parameters that should be available to the user after a stack has been created.
outputs:
web_lbaas_ip:
description: >
This is the floating IP assigned to the WEB LoadBalancer.
value: {get_attr: [network_setup, web_lbaas_IP]}
app_lbaas_ip:
description: >
This is the floating IP assigned to the Application LoadBalancer.
value: {get_attr: [network_setup, app_lbaas_IP]}

343
heat/lamp/AppWG_3Tier_AutoScale.yaml Normal file
View File

@@ -0,0 +1,343 @@
heat_template_version: 2016-04-08
#The value of heat_template_version tells Heat not only the format of the template but also features that will be validated and supported
#2016-04-08 represents the Mitaka release
description: >
This is the main Heat template for the 3-tier LAMP Workload created by the Enterprise WG.
This version of the tempalte does not include autoscaling, and does not require ceilometer.
This template calls multiple nested templates which actually do the
majority of the work. This file calls the following yaml files in a ./lib subdirectory
setup_net_sg.yaml sets up the security groups and networks for Web, App, and Database
heat_app_tier.yaml starts up application servers and does on-the-fly builds
heat_web_tier.yaml starts up web servers and does on-the-fly builds
heat_sql_tier.yaml starts up mysql server and does on-the-fly builds.
NOTE: This serves as a guide to new users and is not meant for production deployment.
REQUIRED YAML FILES:
setup_net_sg.yaml, heat_app_tier.yaml, heat_sql_tier.yaml, heat_web_tier.yaml
REQUIRED PARAMETERS:
ssh_key_name, image_id, public_network_id
OPTIONAL PARAMETERS:
db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver
#Created by: Craig Sterrett 3/23/2016
######################################
#The parameters section allows for specifying input parameters that have to be provided when instantiating the template
parameters:
ssh_key_name:
type: string
label: SSH Key Name
description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances.
hidden: false
constraints:
- custom_constraint: nova.keypair
description: Must already exist on your cloud
image_id:
type: string
label: Image ID
description: >
REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify
your own Image ID in your project/tenant. This could be modified to use different
images for each tier.
hidden: false
constraints:
- custom_constraint: glance.image
description: Must be a valid image on your cloud
public_network_id:
type: string
label: Public Network
description: >
REQUIRED PARAMETER - The public network name or id used to access the internet.
This will fail if this is not a true public network
hidden: false
constraints:
- custom_constraint: neutron.network
description: Must be a valid network on your cloud
db_instance_flavor:
type: string
label: Database server instance flavor
description: The flavor type to use for db server.
default: m1.small
hidden: false
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor provided by your cloud provider.
app_instance_flavor:
type: string
label: Application server instance flavor
description: The flavor type to use for app servers.
default: m1.small
hidden: false
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor provided by your cloud provider.
web_instance_flavor:
type: string
label: Web server instance flavor
description: The flavor type to use for web servers.
default: m1.small
hidden: false
constraints:
- custom_constraint: nova.flavor
description: Must be a valid flavor provided by your cloud provider.
db_server_name:
type: string
label: Server Name
description: Name of the database servers
hidden: false
default: db_server
app_server_name:
type: string
label: Server Name
description: Name of the application servers
hidden: false
default: app_server
web_server_name:
type: string
label: Server Name
description: Name of the web servers
hidden: false
default: web_server
dns_nameserver:
type: comma_delimited_list
label: DNS Name Server
description: The IP address of a DNS nameserver in list format
default: 8.8.8.8,8.8.4.4
######################################
#The resources section defines actual resources that make up a stack deployed from the HOT template (for instance compute instances, networks, storage volumes).
resources:
####################
#Setup Networking and Security Group
#Call the setup_net_sg.yaml file
network_setup:
type: lib/setup_net_sg.yaml
properties:
public_network_id: { get_param: public_network_id }
dns_nameserver: { get_param: dns_nameserver }
####################
##Kick off a Database server
launch_db_server:
type: lib/heat_sql_tier.yaml
properties:
ssh_key_name: { get_param: ssh_key_name }
server_name: { get_param: db_server_name }
instance_flavor: { get_param: db_instance_flavor }
image_id: { get_param: image_id }
private_network_id: {get_attr: [network_setup, db_private_network_id]}
security_group: {get_attr: [network_setup, db_security_group_id]}
####################
#Autoscaling for the app servers
app_autoscale_group:
type: OS::Heat::AutoScalingGroup
properties:
desired_capacity: 2
min_size: 2
max_size: 5
resource:
type: lib/heat_app_tier.yaml
properties:
ssh_key_name:
get_param: ssh_key_name
server_name:
get_param: app_server_name
instance_flavor:
get_param: app_instance_flavor
image_id:
get_param: image_id
private_network_id: {get_attr: [network_setup, app_private_network_id]}
security_group: {get_attr: [network_setup, app_security_group_id]}
pool_name: {get_attr: [network_setup, app_lbaas_pool_name]}
db_server_ip: {get_attr: [launch_db_server, instance_ip]}
#created unique tag to be used by ceilometer to identify meters specific to the app nodes
#without some unique metadata tag, ceilometer will group together all resources in the tenant
metadata: {"metering.autoscale_group_name": "app_autoscale_group"}
####################
app_scaleup_policy:
type: OS::Heat::ScalingPolicy
properties:
adjustment_type: change_in_capacity
auto_scaling_group_id: { get_resource: app_autoscale_group }
#cooldown prevents duplicate alarms while instances spin up. Set the value large
#enough to allow for instance to startup and begin taking requests.
cooldown: 900
scaling_adjustment: 1
app_cpu_alarm_high:
type: OS::Ceilometer::Alarm
properties:
meter_name: cpu_util
statistic: avg
#period needs to be greater than the sampling rate in the pipleine.config file in /etc/ceilometer
period: 600
evaluation_periods: 1
#Alarms if CPU utilization for ALL app nodes averaged together exceeds 50%
threshold: 50
repeat_actions: true
alarm_actions:
- {get_attr: [app_scaleup_policy, alarm_url]}
#Collect data only on servers with the autoscale_group_name metadata set to app_autoscale_group
#Otherwise ceilometer would look at all servers in the project
matching_metadata: {'metadata.user_metadata.autoscale_group_name': "app_autoscale_group"}
comparison_operator: gt
app_scaledown_policy:
type: OS::Heat::ScalingPolicy
properties:
adjustment_type: change_in_capacity
auto_scaling_group_id: { get_resource: app_autoscale_group }
#cooldown prevents duplicate alarms while instances shut down. Set the value large
#enough to allow for instance to shutdown and things stabilize.
cooldown: 900
scaling_adjustment: -1
app_cpu_alarm_low:
type: OS::Ceilometer::Alarm
properties:
meter_name: cpu_util
statistic: avg
#period needs to be greater than the sampling rate in the pipleine.config file in /etc/ceilometer
period: 600
evaluation_periods: 1
#Alarms if CPU utilization for ALL app nodes averaged together drops below 20%
threshold: 20
repeat_actions: true
alarm_actions:
- {get_attr: [app_scaledown_policy, alarm_url]}
#Collect data only on servers with the autoscale_group_name metadata set to app_autoscale_group
#Otherwise ceilometer would look at all servers in the project
matching_metadata: {'metadata.user_metadata.autoscale_group_name': "app_autoscale_group"}
comparison_operator: lt
####################
#Autoscaling for the web servers
web_autoscale_group:
type: OS::Heat::AutoScalingGroup
properties:
desired_capacity: 2
min_size: 2
max_size: 5
resource:
type: lib/heat_web_tier.yaml
properties:
ssh_key_name:
get_param: ssh_key_name
server_name:
get_param: web_server_name
instance_flavor:
get_param: web_instance_flavor
image_id:
get_param: image_id
private_network_id: {get_attr: [network_setup, web_private_network_id]}
app_lbaas_vip: {get_attr: [network_setup, app_lbaas_IP]}
security_group: {get_attr: [network_setup, web_security_group_id]}
pool_name: {get_attr: [network_setup, web_lbaas_pool_name]}
metadata: {"metering.autoscale_group_name": "web_autoscale_group"}
####################
web_scaleup_policy:
type: OS::Heat::ScalingPolicy
properties:
adjustment_type: change_in_capacity
auto_scaling_group_id: { get_resource: web_autoscale_group }
cooldown: 900
scaling_adjustment: 1
web_cpu_alarm_high:
type: OS::Ceilometer::Alarm
properties:
meter_name: cpu_util
statistic: avg
period: 600
evaluation_periods: 1
threshold: 50
repeat_actions: true
alarm_actions:
- {get_attr: [web_scaleup_policy, alarm_url]}
matching_metadata: {'metadata.user_metadata.autoscale_group_name': "web_autoscale_group"}
comparison_operator: gt
web_scaledown_policy:
type: OS::Heat::ScalingPolicy
properties:
adjustment_type: change_in_capacity
auto_scaling_group_id: { get_resource: web_autoscale_group }
cooldown: 900
scaling_adjustment: -1
web_cpu_alarm_low:
type: OS::Ceilometer::Alarm
properties:
meter_name: cpu_util
statistic: avg
period: 600
evaluation_periods: 1
threshold: 20
repeat_actions: true
alarm_actions:
- {get_attr: [web_scaledown_policy, alarm_url]}
matching_metadata: {'metadata.user_metadata.autoscale_group_name': "web_autoscale_group"}
comparison_operator: lt
######################################
#The outputs section defines output parameters that should be available to the user after a stack has been created.
outputs:
web_lbaas_ip:
description: >
This is the floating IP assigned to the WEB LoadBalancer.
value: {get_attr: [network_setup, web_lbaas_IP]}
app_lbaas_ip:
description: >
This is the floating IP assigned to the Application LoadBalancer.
value: {get_attr: [network_setup, app_lbaas_IP]}
web_scale_up_url:
description: >
This URL is the webhook to scale up the WEB autoscaling group. You
can invoke the scale-up operation by doing an HTTP POST to this
URL; no body nor extra headers are needed. You do need to be authenticated
Example: source openrc; curl -X POST "<url>"
value: {get_attr: [web_scaleup_policy, alarm_url]}
web_scale_down_url:
description: >
This URL is the webhook to scale down the WEB autoscaling group.
value: {get_attr: [web_scaledown_policy, alarm_url]}
app_scale_up_url:
description: >
This URL is the webhook to scale up the application autoscaling group. You
can invoke the scale-up operation by doing an HTTP POST to this
URL; no body nor extra headers are needed.
value: {get_attr: [app_scaleup_policy, alarm_url]}
app_scale_down_url:
description: >
This URL is the webhook to scale down the application autoscaling group.
value: {get_attr: [app_scaledown_policy, alarm_url]}

65
heat/lamp/README.rst Normal file
View File

@@ -0,0 +1,65 @@
3-Tier LAMP Sample Heat Template
================================
These heat templates deploy WordPress on a 3-Tier LAMP architecture. There are two versions of the primary template, one which creates a static environment which does not require ceilometer, and one which provides autoscaling of the web and application tiers based on CPU load, which does require ceilometer.
**The WordPress 3-Tier LAMP Architecture Sample**
====== ====================== =====================================
Tier Function Details
====== ====================== =====================================
Web Reverse Proxy Server Apache + mod_proxy
App WordPress Server Apache, PHP, MySQL Client, WordPress
Data Database Server MySQL
====== ====================== =====================================
-----------------
Heat File Details
-----------------
The template uses a nested structure, with two different primary yaml files, both of which utilize the same 4 nested files. The templates were tested using Mitaka release of OpenStack, and Ubuntu server 14.04 and Centos7.
**EnterpriseWG_3Tier.yaml:** If you want a static environment, run this yaml file. This will create a static environment, with two load balanced web servers, and two load balanced application servers, and a single database server using cinder block storage for the database files.
REQUIRED PARAMETERS:
* ssh_key_name, image_id, public_network_id
OPTIONAL PARAMETERS:
* db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver
**EnterpriseWG _3Tier_AutoScale.yaml:** If you want a dynamic autoscaling environment, run this yaml file. This yaml files sets up heat autoscaling groups.
REQUIRED PARAMETERS:
* ssh_key_name, image_id, public_network_id
OPTIONAL PARAMETERS:
* db_instance_flavor, app_instance_flavor, web_instance_flavor, db_server_name, app_server_name, web_server_name, dns_nameserver
The following 4 yaml files are called by the primary files above, and are by default expected to be in a lib subdirectory:
**setup_net_sg.yaml:** This file creates 3 separate private networks, one for each tier. In addition it creates two load balancers (using neutron LBaaS V1), one which has a public IP that connects the web private network to the public network, and one with a private IP that connects the web network to the application network. The template also creates a router connecting the application network to the database network. In addition to the networks and routers, the template creates 3 security groups, one for each of the tiers.
**heat_web_tier.yaml:** This template file launches the web tier nodes. In addition to launching instances, it installs and configures Apache and Apache modproxy which is used to redirect traffic to the application nodes.
**heat_app_tier.yaml:** This template file launches the application tier nodes. In addition to launching the instances, it installs Apache, PHP, MySQL client, and finally WordPress.
**heat_sql_tier.yaml:** This template file launches the database tier node and installs MySQL. In addition it creates a cinder block device to store the database files. The template also creates the required users and databases for the WordPress application.
-------------------------------
Running the heat template files
-------------------------------
First you need to source your credential file. You may download a copy of the credential file from Horizon under Project>Compute>Access & Security>API Access
**Example to setup the static environment**
openstack stack create --template AppWG_3Tier.yaml --parameter ssh_key_name=mykey --parameter image_id=ubuntu --parameter dns_nameserver="8.8.8.8,8.8.4.4" --parameter public_network_id=external_network ThreeTierLAMP
**Example to setup the autoscaling environment**
openstack stack create --template AppWG_3Tier.yaml --parameter ssh_key_name=mykey --parameter image_id=centos --parameter dns_nameserver="8.8.8.8,8.8.4.4" --parameter public_network_id=external_network ThreeTierLAMP

138
heat/lamp/lib/heat_app_tier.yaml Normal file
View File

@@ -0,0 +1,138 @@
heat_template_version: 2013-05-23
description: >
This is a nested Heat used by the 3-Tier Architecture Workload reference document
created by the Enterprise Working Group. These templates demonstrate a sample
LAMP architecture supporting Wordpress. This template file launches the application
tier nodes, and installs Apache, PHP, MySQL client, and finally WordPress.
This serves as a guide to new users and is not meant for production deployment.
#Created by: Craig Sterrett 3/23/2016
parameters:
ssh_key_name:
type: string
label: SSH Key Name
description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances.
hidden: false
default: cloudkey
server_name:
type: string
label: Server Name
description: REQUIRED PARAMETER - Name of the instance to spin up.
hidden: false
default: App_Server
instance_flavor:
type: string
label: Instance Flavor
description: The flavor type to use for each server.
default: m1.small
hidden: false
image_id:
type: string
label: Image ID
description: >
REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify
your own Image ID in your project/tenant.
hidden: false
private_network_id:
type: string
default: App_Tier_private_network
description: The private Application network that will be utilized for all App servers
security_group:
type: string
default: Workload_App_SG
description: The Application security group that will be utilized for all App servers
pool_name:
type: string
description: LBaaS Pool to join
db_server_ip:
type: string
description: Database Server IP
metadata:
type: json
resources:
app_server:
type: OS::Nova::Server
properties:
name: { get_param: server_name }
image: { get_param: image_id }
flavor: { get_param: instance_flavor }
key_name: { get_param: ssh_key_name }
metadata: { get_param: metadata }
networks:
- network: { get_param: private_network_id }
security_groups:
- { get_param: security_group }
user_data_format: RAW
user_data:
str_replace:
params:
$db_server_ip: { get_param: db_server_ip }
template: |
#!/bin/bash -v
#use apt-get for Debian/ubuntu, and yum for centos/fedora
if apt-get -v &> /dev/null
then
apt-get update -y
apt-get upgrade -y
#Install PHP5, and mysql
apt-get -y install apache2 php5 libapache2-mod-php5 php5-mysql php5-gd mysql-client
elif which yum &> /dev/null
then
yum update -y
#Install PHP5, and mysql
setenforce 0
yum install -y php php-mysql
yum install -y wget
yum install php-gd
fi
# install wordpress
# download wordpress
wget http://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
# configure wordpress
cp wordpress/wp-config-sample.php wordpress/wp-config.php
sed -i 's/database_name_here/wordpress/' wordpress/wp-config.php
sed -i 's/username_here/wordpress_user/' wordpress/wp-config.php
sed -i 's/password_here/wordpress/' wordpress/wp-config.php
sed -i 's/localhost/$db_server_ip/' wordpress/wp-config.php
# install a copy of the configured wordpress into apache's www directory
rm /var/www/html/index.html
cp -R wordpress/* /var/www/html/
# give apache ownership of the application files
chown -R www-data:www-data /var/www/html/
chown -R apache:apache /var/www/html/
chmod -R g+w /var/www/html/
#Allow remote database connection
setsebool -P httpd_can_network_connect=1
systemctl restart httpd.service
Pool_Member:
type: OS::Neutron::PoolMember
properties:
pool_id: {get_param: pool_name}
address: {get_attr: [app_server, first_address]}
protocol_port: 80
outputs:
app_private_ip:
description: Private IP address of the Web node
value: { get_attr: [app_server, first_address] }
lb_member:
description: LoadBalancer member details.
value: { get_attr: [Pool_Member, show] }

210
heat/lamp/lib/heat_sql_tier.yaml Normal file
View File

@@ -0,0 +1,210 @@
heat_template_version: 2013-05-23
description: >
This is a nested Heat used by the 3-Tier Architecture Workload reference document
created by the Enterprise Working Group. These templates demonstrate a sample
LAMP architecture supporting Wordpress. This template file launches the database
tier node, creates a cinder block device to store the database files and creates
the required users and databases for the WordPress application.
This serves as a guide to new users and is not meant for production deployment.
#Created by: Craig Sterrett 3/23/2016
parameters:
ssh_key_name:
type: string
label: SSH Key Name
description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances.
hidden: false
default: cloudkey
server_name:
type: string
label: Server Name
description: REQUIRED PARAMETER - Name of the instance to spin up.
hidden: false
default: DB_Server
instance_flavor:
type: string
label: Instance Flavor
description: The flavor type to use for each server.
default: m1.small
hidden: false
image_id:
type: string
label: Image ID
description: >
REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify
your own Image ID in your project/tenant.
hidden: false
private_network_id:
type: string
default: DB_Tier_private_network
description: The private database network that will be utilized for all DB servers
security_group:
type: string
default: Workload_DB_SG
description: The database security group that will be utilized for all DB servers
db_name:
type: string
description: MYSQL database name
default: wordpress
constraints:
- length: { min: 1, max: 64 }
description: db_name must be between 1 and 64 characters
- allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
description: >
db_name must begin with a letter and contain only alphanumeric
characters
db_username:
type: string
description: MYSQL database admin account username
default: wordpress_user
hidden: true
db_password:
type: string
description: MYSQL database admin account password
default: wordpress
hidden: true
constraints:
- length: { min: 1, max: 41 }
description: db_password must be between 1 and 41 characters
- allowed_pattern: '[a-zA-Z0-9]*'
description: db_password must contain only alphanumeric characters
db_root_password:
type: string
description: Root password for MySQL
default: admin
hidden: true
constraints:
- length: { min: 1, max: 41 }
description: db_root_password must be between 1 and 41 characters
- allowed_pattern: '[a-zA-Z0-9]*'
description: db_root_password must contain only alphanumeric characters
db_volume_size:
type: string
description: Database cinder volume size (in GB) for database files
default: 2
hidden: true
resources:
#Setup a cinder volume for storage of the datbase files
db_files_volume:
type: OS::Cinder::Volume
properties:
size: { get_param: db_volume_size }
name: DB_Files
db_volume_attachment:
type: OS::Cinder::VolumeAttachment
properties:
volume_id: { get_resource: db_files_volume }
instance_uuid: { get_resource: MYSQL_instance }
#Install MySQL and setup wordpress DB and set usernames and passwords
MYSQL_instance:
type: OS::Nova::Server
properties:
name: { get_param: server_name }
image: { get_param: image_id }
flavor: { get_param: instance_flavor }
key_name: { get_param: ssh_key_name }
networks:
- network: { get_param: private_network_id }
security_groups:
- { get_param: security_group }
user_data_format: RAW
user_data:
str_replace:
template: |
#!/bin/bash -v
#make mount point for cinder volume and prepare volume
mkdir /mnt/db_files
chown mysql:mysql /mnt/db_files
volume_path="/dev/disk/by-id/virtio-$(echo volume_id | cut -c -20)"
echo ${volume_path}
mkfs.ext4 ${volume_path}
echo "${volume_path} /mnt/db_files ext4 defaults 1 2" >> /etc/fstab
mount /mnt/db_files
#use apt-get for Debian/ubuntu, and yum for centos/fedora
if apt-get -v &> /dev/null
then
apt-get update -y
apt-get upgrade -y
#Next line stops mysql install from popping up request for root password
export DEBIAN_FRONTEND=noninteractive
apt-get install -q -y --force-yes mariadb-server
touch /var/log/mariadb/mariadb.log
chown mysql:mysql /var/log/mariadb/mariadb.log
#Ubuntu mysql install blocks remote access by default
sed -i 's/bind-address/#bind-address/' /etc/mysql/my.cnf
service mysql stop
#Move the database to the cinder device
mv -f /var/lib/mysql /mnt/db_files/
#edit data file location in the mysql config file
sed -i 's/\/var\/lib\/mysql/\/mnt\/db_files\/mysql/' /etc/mysql/my.cnf
service mysql start
elif which yum &> /dev/null
then
yum update -y
setenforce 0
yum -y install mariadb-server mariadb
systemctl start mariadb
systemctl stop mariadb
chown mysql:mysql /mnt/db_files
touch /var/log/mariadb/mariadb.log
chown mysql:mysql /var/log/mariadb/mariadb.log
#Move the database to the cinder device
mv -f /var/lib/mysql /mnt/db_files/
#edit data file location in the mysql config file
sed -i 's/\/var\/lib\/mysql/\/mnt\/db_files\/mysql/' /etc/my.cnf
#need to modify the socket info for the clients
echo "[client]" >> /etc/my.cnf
echo "socket=/mnt/db_files/mysql/mysql.sock" >> /etc/my.cnf
systemctl start mariadb
systemctl enable mariadb
fi
# Setup MySQL root password and create a user and add remote privs to app subnet
mysqladmin -u root password db_rootpassword
# create wordpress database
cat << EOF | mysql -u root --password=db_rootpassword
CREATE DATABASE db_name;
CREATE USER 'db_user'@'localhost';
SET PASSWORD FOR 'db_user'@'localhost'=PASSWORD("db_password");
GRANT ALL PRIVILEGES ON db_name.* TO 'db_user'@'localhost' IDENTIFIED BY 'db_password';
CREATE USER 'db_user'@'%';
SET PASSWORD FOR 'db_user'@'%'=PASSWORD("db_password");
GRANT ALL PRIVILEGES ON db_name.* TO 'db_user'@'%' IDENTIFIED BY 'db_password';
FLUSH PRIVILEGES;
EOF
params:
db_rootpassword: { get_param: db_root_password }
db_name: { get_param: db_name }
db_user: { get_param: db_username }
db_password: { get_param: db_password }
volume_id: {get_resource: db_files_volume }
outputs:
completion:
description: >
MYSQL Setup is complete, login username and password are
value:
str_replace:
template: >
Database Name=$dbName, Database Admin Acct=$dbAdmin
params:
$dbName: { get_param: db_name }
$dbAdmin: { get_param: db_username }
instance_ip:
description: IP address of the deployed compute instance
value: { get_attr: [MYSQL_instance, first_address] }

139
heat/lamp/lib/heat_web_tier.yaml Normal file
View File

@@ -0,0 +1,139 @@
heat_template_version: 2013-05-23
description: >
This is a nested Heat used by the 3-Tier Architecture Workload reference document
created by the Enterprise Working Group. These templates demonstrate a sample
LAMP architecture supporting Wordpress. This template installs and configures
Apache and Apache modproxy which is used to redirect traffic to the application nodes.
This serves as a guide to new users and is not meant for production deployment.
#Created by: Craig Sterrett 3/23/2016
parameters:
ssh_key_name:
type: string
label: SSH Key Name
description: REQUIRED PARAMETER -Name of an existing SSH KeyPair to enable SSH access to instances.
hidden: false
default: cloudkey
server_name:
type: string
label: Server Name
description: REQUIRED PARAMETER - Name of the instance to spin up.
hidden: false
default: Web_Server
instance_flavor:
type: string
label: Instance Flavor
description: The flavor type to use for each server.
default: m1.small
hidden: false
image_id:
type: string
label: Image ID
description: >
REQUIRED PARAMETER - The image id to be used for the compute instance. Please specify
your own Image ID in your project/tenant.
hidden: false
private_network_id:
type: string
default: Web_Tier_private_network
description: The private Web network that will be utilized for all web servers
security_group:
type: string
default: Workload_Web_SG
description: The Web security group that will be utilized for all web servers
pool_name:
type: string
description: LBaaS Pool to join
app_lbaas_vip:
type: string
description: Application LBaaS virtual IP
metadata:
type: json
resources:
web_server:
type: OS::Nova::Server
properties:
name: { get_param: server_name }
image: { get_param: image_id }
flavor: { get_param: instance_flavor }
key_name: { get_param: ssh_key_name }
metadata: { get_param: metadata }
networks:
- network: { get_param: private_network_id }
security_groups:
- { get_param: security_group }
user_data_format: RAW
user_data:
str_replace:
params:
$app_lbaas_vip: { get_param: app_lbaas_vip }
template: |
#!/bin/bash -v
#centos has this "security" feature in sudoers to keep scripts from sudo, comment it out
sed -i '/Defaults \+requiretty/s/^/#/' /etc/sudoers
#use apt-get for Debian/ubuntu, and yum for centos/fedora
if apt-get -v &> /dev/null
then
apt-get update -y
apt-get upgrade -y
#Install Apache
apt-get -y --force-yes install apache2
apt-get install y libapache2-mod-proxy-html libxml2-dev
a2enmod proxy
a2enmod proxy_http
a2enmod deflate
a2enmod headers
a2enmod proxy_connect
a2enmod proxy_html
cat > /etc/apache2/sites-enabled/000-default.conf << EOL
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://$app_lbaas_vip/
ProxyPassReverse / http://$app_lbaas_vip/
ServerName localhost
</VirtualHost>
EOL
/etc/init.d/apache2 restart
elif which yum &> /dev/null
then
#yum update -y
#Install Apache
yum install -y httpd
yum install -y wget
cat >> /etc/httpd/conf/httpd.conf << EOL
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://$app_lbaas_vip/
ProxyPassReverse / http://$app_lbaas_vip/
ServerName localhost
</VirtualHost>
EOL
service httpd restart
fi
Pool_Member:
type: OS::Neutron::PoolMember
properties:
pool_id: {get_param: pool_name}
address: {get_attr: [web_server, first_address]}
protocol_port: 80
outputs:
web_private_ip:
description: Private IP address of the Web node
value: { get_attr: [web_server, first_address] }
lb_member:
description: LoadBalancer member details.
value: { get_attr: [Pool_Member, show] }

348
heat/lamp/lib/setup_net_sg.yaml Normal file
View File

@@ -0,0 +1,348 @@
heat_template_version: 2016-04-08
description: >
This is a nested Heat used by the 3-Tier Architecture Workload reference document
created by the Enterprise Working Group. These templates demonstrate a sample
LAMP architecture supporting Wordpress. This template file creates 3 separate
private networks, two load balancers(LBaaS V1), and creates 3 security groups.
This serves as a guide to new users and is not meant for production deployment.
REQUIRED PARAMETERS:
public_network_id
#Created by: Craig Sterrett 3/23/2016
parameters:
public_network_id:
type: string
label: Public Network
description: >
REQUIRED PARAMETER - The public network name or id used to access the internet.
This will fail if this is not a true public network
dns_nameserver:
type: comma_delimited_list
label: DNS Name Server
description: The IP address of a DNS nameserver
default: 8.8.8.8,8.8.4.4
resources:
#Create 3 private Networks, one for each Tier
# create a private network/subnet for the web servers
web_private_network:
type: OS::Neutron::Net
properties:
name: Web_Tier_private_network
web_private_network_subnet:
type: OS::Neutron::Subnet
properties:
cidr: 192.168.100.0/24
#Need to define default gateway in order for LBaaS namespace to pick it up
#If you let neutron grant a default gateway IP, then the LBaaS namespace may
#not pick it up and you will have routing issues
gateway_ip: 192.168.100.4
allocation_pools: [{ "start": 192.168.100.10, "end": 192.168.100.200 }]
#This routing information will get passed to the instances as they startup
#Provide the routes to the App network otherwise everything will try to go out the
#default gateway
host_routes: [{"destination": 192.168.101.0/24, "nexthop": 192.168.100.5}]
network: { get_resource: web_private_network }
name: Web_Tier_private_subnet
dns_nameservers: { get_param: dns_nameserver }
enable_dhcp: true
# create a router between the public/external network and the web network
public_router:
type: OS::Neutron::Router
properties:
name: PublicWebRouter
external_gateway_info:
network: { get_param: public_network_id }
# attach the web private network to the public router
public_router_interface:
type: OS::Neutron::RouterInterface
properties:
router: { get_resource: public_router }
subnet: { get_resource: web_private_network_subnet }
#############################
# create a private network/subnet for the Application servers
App_private_network:
type: OS::Neutron::Net
properties:
name: App_Tier_private_network
App_private_network_subnet:
type: OS::Neutron::Subnet
properties:
cidr: 192.168.101.0/24
#Need to define default gateway in order for LBaaS namespace to pick it up
#If you let neutron grant a default gateway IP, then the LBaaS namespace may
#not pick it up and you will have routing issues
gateway_ip: 192.168.101.5
#setting aside lower IP's to leave room for routers
allocation_pools: [{ "start": 192.168.101.10, "end": 192.168.101.200 }]
#This routing information will get passed to the instances as they startup
#Provide both the routes to the DB nework and to the web network
host_routes: [{"destination": 192.168.100.0/24, "nexthop": 192.168.101.5}, {"destination": 192.168.102.0/24, "nexthop": 192.168.101.6}, {"destination": 0.0.0.0/24, "nexthop": 192.168.100.4}]
network: { get_resource: App_private_network }
name: App_Tier_private_subnet
dns_nameservers: { get_param: dns_nameserver }
enable_dhcp: true
# create a router linking App and Web network
App_router:
type: OS::Neutron::Router
properties:
name: "AppWebRouter"
external_gateway_info: {"network": { get_param: public_network_id }, "enable_snat": True}
# Create a port connecting the App_router to the App network
web_router_app_port:
type: OS::Neutron::Port
properties:
name: "App_Net_Port"
network: { get_resource: App_private_network }
#Assign the default gateway address
#The default gateway will get set as the default route in the LBaaS namespace
fixed_ips: [{"ip_address": 192.168.101.5}]
# Create a port connecting the App_router to the Web network
web_router_web_port:
type: OS::Neutron::Port
properties:
name: "Web_Net_Port"
network: { get_resource: web_private_network }
fixed_ips: [{"ip_address": 192.168.100.5}]
App_router_interface1:
type: OS::Neutron::RouterInterface
properties:
router: { get_resource: App_router }
port: { get_resource: web_router_app_port }
App_router_interface2:
type: OS::Neutron::RouterInterface
properties:
router: { get_resource: App_router }
port: { get_resource: web_router_web_port }
##############################
#Create two Load Balancers one for the Web tier with a public IP and one for the App Tier
#with only private network access
#LBaaS V1 Load Balancer for Web Tier
Web_Tier_LoadBalancer:
type: OS::Neutron::LoadBalancer
properties:
protocol_port: 80
pool_id: {get_resource: Web_Server_Pool}
#LBaaS V1 Monitor for Web Tier
Web_Tier_Monitor:
type: OS::Neutron::HealthMonitor
properties:
type: TCP
delay: 5
max_retries: 5
timeout: 5
#LBaaS V1 Pool for Web Tier
Web_Server_Pool:
type: OS::Neutron::Pool
properties:
protocol: HTTP
monitors: [{get_resource: Web_Tier_Monitor}]
subnet: {get_resource: web_private_network_subnet}
lb_method: ROUND_ROBIN
vip:
protocol_port: 80
# Create a VIP port
web_vip_port:
type: OS::Neutron::Port
properties:
network: { get_resource: web_private_network }
security_groups: [{ get_resource: web_security_group }]
fixed_ips:
- subnet_id: { get_resource: web_private_network_subnet }
# Floating_IP:
Web_Network_Floating_IP:
type: OS::Neutron::FloatingIP
properties:
floating_network: {get_param: public_network_id}
port_id: { get_resource: web_vip_port }
# Associate the Floating IP:
association:
type: OS::Neutron::FloatingIPAssociation
properties:
floatingip_id: { get_resource: Web_Network_Floating_IP }
port_id: { get_attr: [ Web_Server_Pool, vip, port_id ] }
#****************************************
#App Load Balancer
App_Tier_LoadBalancer:
type: OS::Neutron::LoadBalancer
properties:
protocol_port: 80
pool_id: {get_resource: App_Server_Pool}
#LBaaS V1 Monitor for App Tier
App_Tier_Monitor:
type: OS::Neutron::HealthMonitor
properties:
type: TCP
delay: 5
max_retries: 5
timeout: 5
#LBaaS V1 Pool for App Tier
App_Server_Pool:
type: OS::Neutron::Pool
properties:
protocol: HTTP
monitors: [{get_resource: App_Tier_Monitor}]
subnet_id: {get_resource: App_private_network_subnet}
lb_method: ROUND_ROBIN
vip:
protocol_port: 80
#############################
# create a private network/subnet for the Database servers
DB_private_network:
type: OS::Neutron::Net
properties:
name: DB_Tier_private_network
DB_private_network_subnet:
type: OS::Neutron::Subnet
properties:
cidr: 192.168.102.0/24
gateway_ip: 192.168.102.6
allocation_pools: [{ "start": 192.168.102.10, "end": 192.168.102.200 }]
host_routes: [{"destination": 192.168.101.0/24, "nexthop": 192.168.102.6}]
network: { get_resource: DB_private_network }
dns_nameservers: { get_param: dns_nameserver }
enable_dhcp: true
# create a router linking Database and App network
DB_router:
type: OS::Neutron::Router
properties:
name: "AppDBRouter"
external_gateway_info: {"network": { get_param: public_network_id }, "enable_snat": True}
# Create a port connecting the db_router to the db network
db_router_db_port:
type: OS::Neutron::Port
properties:
network: { get_resource: DB_private_network }
name: "DB_Net_Port"
fixed_ips: [{"ip_address": 192.168.102.6}]
# Create a port connecting the db_router to the app network
db_router_app_port:
type: OS::Neutron::Port
properties:
network: { get_resource: App_private_network }
name: "DB_Router_App_Port"
fixed_ips: [{"ip_address": 192.168.101.6}]
# Now lets add our ports to our router
db_router_interface1:
type: OS::Neutron::RouterInterface
properties:
router: { get_resource: DB_router }
port: { get_resource: db_router_db_port }
db_router_interface2:
type: OS::Neutron::RouterInterface
properties:
router: { get_resource: DB_router }
port: { get_resource: db_router_app_port }
#################
#Create separate security groups for each Tier
# create a specific web security group that routes just web and ssh traffic
web_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: A application specific security group that passes ports 22 and 80
name: Workload_Web_SG
rules:
- protocol: tcp
port_range_min: 22
port_range_max: 22
- protocol: tcp
port_range_min: 80
port_range_max: 80
# create a specific application layer security group that routes database port 3306 traffic, web and ssh
app_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: A application specific security group that passes ports 22, 80 and 3306
name: Workload_App_SG
rules:
- protocol: tcp
port_range_min: 22
port_range_max: 22
- protocol: tcp
port_range_min: 80
port_range_max: 80
- protocol: tcp
port_range_min: 3306
port_range_max: 3306
# create a specific database security group that routes just database port 3306 traffic and ssh
db_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: A database specific security group that just passes port 3306 and 22 for ssh
name: Workload_DB_SG
rules:
- protocol: tcp
port_range_min: 22
port_range_max: 22
- protocol: tcp
port_range_min: 3306
port_range_max: 3306
outputs:
#Return a bunch of values so we can use them later in the Parent Heat template when we spin up servers
db_private_network_id:
description: Database private network ID
value: {get_resource: DB_private_network}
web_private_network_id:
description: Web private network ID
value: {get_resource: web_private_network}
app_private_network_id:
description: App private network ID
value: {get_resource: App_private_network}
db_security_group_id:
description: Database security group ID
value: {get_resource: db_security_group}
app_security_group_id:
description: App security group ID
value: {get_resource: app_security_group}
web_security_group_id:
description: Web security group ID
value: {get_resource: web_security_group}
web_lbaas_pool_name:
description: Name of Web LBaaS Pool
value: {get_resource: Web_Server_Pool}
app_lbaas_pool_name:
description: Name of App LBaaS Pool
value: {get_resource: App_Server_Pool}
web_lbaas_IP:
description: Public floating IP assigned to web LBaaS
value: { get_attr: [ Web_Network_Floating_IP, floating_ip_address ] }
app_lbaas_IP:
description: Internal floating IP assigned to app LBaaS
value: {get_attr: [ App_Server_Pool, vip, address]}