summaryrefslogtreecommitdiffstats
path: root/roles/openstack-stack/templates/heat_stack.yaml.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openstack-stack/templates/heat_stack.yaml.j2')
-rw-r--r--roles/openstack-stack/templates/heat_stack.yaml.j2193
1 files changed, 142 insertions, 51 deletions
diff --git a/roles/openstack-stack/templates/heat_stack.yaml.j2 b/roles/openstack-stack/templates/heat_stack.yaml.j2
index 54941db06..b6b5e3613 100644
--- a/roles/openstack-stack/templates/heat_stack.yaml.j2
+++ b/roles/openstack-stack/templates/heat_stack.yaml.j2
@@ -54,6 +54,7 @@ outputs:
description: Floating IPs of the nodes
value: { get_attr: [ infra_nodes, floating_ip ] }
+{% if num_dns|int > 0 %}
dns_name:
description: Name of the DNS
value:
@@ -68,9 +69,11 @@ outputs:
dns_private_ips:
description: Private IPs of the DNS
value: { get_attr: [ dns, private_ip ] }
+{% endif %}
resources:
+{% if not provider_network %}
net:
type: OS::Neutron::Net
properties:
@@ -127,6 +130,8 @@ resources:
router_id: { get_resource: router }
subnet_id: { get_resource: subnet }
+{% endif %}
+
# keypair:
# type: OS::Nova::KeyPair
# properties:
@@ -156,6 +161,13 @@ resources:
port_range_min: 22
port_range_max: 22
remote_ip_prefix: {{ ssh_ingress_cidr }}
+{% if use_bastion|bool %}
+ - direction: ingress
+ protocol: tcp
+ port_range_min: 22
+ port_range_max: 22
+ remote_ip_prefix: {{ bastion_ingress_cidr }}
+{% endif %}
- direction: ingress
protocol: icmp
remote_ip_prefix: {{ ssh_ingress_cidr }}
@@ -398,6 +410,7 @@ resources:
port_range_min: 443
port_range_max: 443
+{% if num_dns|int > 0 %}
dns-secgrp:
type: OS::Neutron::SecurityGroup
properties:
@@ -432,7 +445,9 @@ resources:
port_range_min: 53
port_range_max: 53
remote_ip_prefix: "{{ openstack_subnet_prefix }}.0/24"
-{% if num_masters > 1 %}
+{% endif %}
+
+{% if num_masters|int > 1 or ui_ssh_tunnel|bool %}
lb-secgrp:
type: OS::Neutron::SecurityGroup
properties:
@@ -443,14 +458,21 @@ resources:
protocol: tcp
port_range_min: {{ openshift_master_api_port | default(8443) }}
port_range_max: {{ openshift_master_api_port | default(8443) }}
- remote_ip_prefix: {{ lb_ingress_cidr }}
- {% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %}
+ remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }}
+{% if ui_ssh_tunnel|bool %}
+ - direction: ingress
+ protocol: tcp
+ port_range_min: {{ openshift_master_api_port | default(8443) }}
+ port_range_max: {{ openshift_master_api_port | default(8443) }}
+ remote_ip_prefix: {{ ssh_ingress_cidr }}
+{% endif %}
+{% if openshift_master_console_port is defined and openshift_master_console_port != openshift_master_api_port %}
- direction: ingress
protocol: tcp
port_range_min: {{ openshift_master_console_port | default(8443) }}
port_range_max: {{ openshift_master_console_port | default(8443) }}
- remote_ip_prefix: {{ lb_ingress_cidr }}
- {% endif %}
+ remote_ip_prefix: {{ lb_ingress_cidr | default(bastion_ingress_cidr) }}
+{% endif %}
{% endif %}
etcd:
@@ -458,14 +480,18 @@ resources:
properties:
count: {{ num_etcd }}
resource_def:
+{% if use_bastion|bool %}
+ type: server_nofloating.yaml
+{% else %}
type: server.yaml
+{% endif %}
properties:
name:
str_replace:
template: k8s_type-%index%.cluster_id
params:
cluster_id: {{ stack_name }}
- k8s_type: etcd
+ k8s_type: {{ etcd_hostname }}
cluster_env: {{ public_dns_domain }}
cluster_id: {{ stack_name }}
group:
@@ -475,25 +501,34 @@ resources:
k8s_type: etcds
cluster_id: {{ stack_name }}
type: etcd
- image: {{ openstack_image }}
+ image: {{ openstack_etcd_image }}
flavor: {{ etcd_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
+{% endif %}
+ secgrp:
+ - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}etcd-secgrp{% endif %} }
+ - { get_resource: common-secgrp }
+{% if not use_bastion|bool and not provider_network %}
+ floating_network: {{ external_network }}
+{% endif %}
volume_size: {{ etcd_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
-{% if num_masters > 1 %}
+{% if num_masters|int > 1 %}
loadbalancer:
type: OS::Heat::ResourceGroup
properties:
@@ -506,7 +541,7 @@ resources:
template: k8s_type-%index%.cluster_id
params:
cluster_id: {{ stack_name }}
- k8s_type: lb
+ k8s_type: {{ lb_hostname }}
cluster_env: {{ public_dns_domain }}
cluster_id: {{ stack_name }}
group:
@@ -516,23 +551,32 @@ resources:
k8s_type: lb
cluster_id: {{ stack_name }}
type: lb
- image: {{ openstack_image }}
+ image: {{ openstack_lb_image }}
flavor: {{ lb_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: lb-secgrp }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
- volume_size: 5
+{% endif %}
+ secgrp:
+ - { get_resource: lb-secgrp }
+ - { get_resource: common-secgrp }
+ {% if not provider_network %}
+ floating_network: {{ external_network }}
+ {% endif %}
+ volume_size: {{ lb_volume_size }}
+ {% if not provider_network %}
depends_on:
- interface
+ {% endif %}
{% endif %}
masters:
@@ -540,14 +584,18 @@ resources:
properties:
count: {{ num_masters }}
resource_def:
+{% if use_bastion|bool %}
+ type: server_nofloating.yaml
+{% else %}
type: server.yaml
+{% endif %}
properties:
name:
str_replace:
template: k8s_type-%index%.cluster_id
params:
cluster_id: {{ stack_name }}
- k8s_type: master
+ k8s_type: {{ master_hostname }}
cluster_env: {{ public_dns_domain }}
cluster_id: {{ stack_name }}
group:
@@ -557,31 +605,40 @@ resources:
k8s_type: masters
cluster_id: {{ stack_name }}
type: master
- image: {{ openstack_image }}
+ image: {{ openstack_master_image }}
flavor: {{ master_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
+ net_name:
+ str_replace:
+ template: openshift-ansible-cluster_id-net
+ params:
+ cluster_id: {{ stack_name }}
+{% endif %}
secgrp:
{% if openstack_flat_secgrp|default(False)|bool %}
- { get_resource: flat-secgrp }
{% else %}
- { get_resource: master-secgrp }
- { get_resource: node-secgrp }
-{% if num_etcd == 0 %}
+{% if num_etcd|int == 0 %}
- { get_resource: etcd-secgrp }
{% endif %}
{% endif %}
- { get_resource: common-secgrp }
+{% if not use_bastion|bool and not provider_network %}
floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
+{% endif %}
volume_size: {{ master_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
compute_nodes:
type: OS::Heat::ResourceGroup
@@ -590,15 +647,18 @@ resources:
removal_policies:
- resource_list: {{ nodes_to_remove }}
resource_def:
+{% if use_bastion|bool %}
+ type: server_nofloating.yaml
+{% else %}
type: server.yaml
+{% endif %}
properties:
name:
str_replace:
- template: subtype-k8s_type-%index%.cluster_id
+ template: sub_type_k8s_type-%index%.cluster_id
params:
cluster_id: {{ stack_name }}
- k8s_type: node
- subtype: app
+ sub_type_k8s_type: {{ node_hostname }}
cluster_env: {{ public_dns_domain }}
cluster_id: {{ stack_name }}
group:
@@ -613,23 +673,32 @@ resources:
{% for k, v in openshift_cluster_node_labels.app.iteritems() %}
{{ k|e }}: {{ v|e }}
{% endfor %}
- image: {{ openstack_image }}
+ image: {{ openstack_node_image }}
flavor: {{ node_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
- volume_size: {{ app_volume_size }}
+{% endif %}
+ secgrp:
+ - { get_resource: {% if openstack_flat_secgrp|default(False)|bool %}flat-secgrp{% else %}node-secgrp{% endif %} }
+ - { get_resource: common-secgrp }
+{% if not use_bastion|bool and not provider_network %}
+ floating_network: {{ external_network }}
+{% endif %}
+ volume_size: {{ node_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
infra_nodes:
type: OS::Heat::ResourceGroup
@@ -640,11 +709,10 @@ resources:
properties:
name:
str_replace:
- template: subtypek8s_type-%index%.cluster_id
+ template: sub_type_k8s_type-%index%.cluster_id
params:
cluster_id: {{ stack_name }}
- k8s_type: node
- subtype: infra
+ sub_type_k8s_type: {{ infra_hostname }}
cluster_env: {{ public_dns_domain }}
cluster_id: {{ stack_name }}
group:
@@ -659,11 +727,21 @@ resources:
{% for k, v in openshift_cluster_node_labels.infra.iteritems() %}
{{ k|e }}: {{ v|e }}
{% endfor %}
- image: {{ openstack_image }}
+ image: {{ openstack_infra_image }}
flavor: {{ infra_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
+ net_name:
+ str_replace:
+ template: openshift-ansible-cluster_id-net
+ params:
+ cluster_id: {{ stack_name }}
+{% endif %}
secgrp:
# TODO(bogdando) filter only required node rules into infra-secgrp
{% if openstack_flat_secgrp|default(False)|bool %}
@@ -671,18 +749,21 @@ resources:
{% else %}
- { get_resource: node-secgrp }
{% endif %}
+{% if ui_ssh_tunnel|bool and num_masters|int < 2 %}
+ - { get_resource: lb-secgrp }
+{% endif %}
- { get_resource: infra-secgrp }
- { get_resource: common-secgrp }
+{% if not provider_network %}
floating_network: {{ external_network }}
- net_name:
- str_replace:
- template: openshift-ansible-cluster_id-net
- params:
- cluster_id: {{ stack_name }}
+{% endif %}
volume_size: {{ infra_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
+{% if num_dns|int > 0 %}
dns:
type: OS::Heat::ResourceGroup
properties:
@@ -695,7 +776,7 @@ resources:
template: k8s_type-%index%.cluster_id
params:
cluster_id: {{ stack_name }}
- k8s_type: dns
+ k8s_type: {{ dns_hostname }}
cluster_env: {{ public_dns_domain }}
cluster_id: {{ stack_name }}
group:
@@ -705,20 +786,30 @@ resources:
k8s_type: dns
cluster_id: {{ stack_name }}
type: dns
- image: {{ openstack_image }}
+ image: {{ openstack_dns_image }}
flavor: {{ dns_flavor }}
key_name: {{ ssh_public_key }}
+{% if provider_network %}
+ net: {{ provider_network }}
+ net_name: {{ provider_network }}
+{% else %}
net: { get_resource: net }
subnet: { get_resource: subnet }
- secgrp:
- - { get_resource: dns-secgrp }
- - { get_resource: common-secgrp }
- floating_network: {{ external_network }}
net_name:
str_replace:
template: openshift-ansible-cluster_id-net
params:
cluster_id: {{ stack_name }}
+{% endif %}
+ secgrp:
+ - { get_resource: dns-secgrp }
+ - { get_resource: common-secgrp }
+{% if not provider_network %}
+ floating_network: {{ external_network }}
+{% endif %}
volume_size: {{ dns_volume_size }}
+{% if not provider_network %}
depends_on:
- interface
+{% endif %}
+{% endif %}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 12:16:17 +0000