heat_template_version: 2014-10-16 description: OpenShift cluster parameters: cluster_env: type: string label: Cluster environment description: Environment of the cluster cluster_id: type: string label: Cluster ID description: Identifier of the cluster subnet_24_prefix: type: string label: subnet /24 prefix description: /24 subnet prefix of the network of the cluster (dot separated number triplet) dns_nameservers: type: comma_delimited_list label: DNS nameservers list description: List of DNS nameservers external_net: type: string label: External network description: Name of the external network default: external ssh_public_key: type: string label: SSH public key description: SSH public key hidden: true ssh_incoming: type: string label: Source of ssh connections description: Source of legitimate ssh connections default: 0.0.0.0/0 node_port_incoming: type: string label: Source of node port connections description: Authorized sources targetting node ports default: 0.0.0.0/0 num_etcd: type: number label: Number of etcd nodes description: Number of etcd nodes num_masters: type: number label: Number of masters description: Number of masters num_nodes: type: number label: Number of compute nodes description: Number of compute nodes num_infra: type: number label: Number of infrastructure nodes description: Number of infrastructure nodes num_dns: type: number label: Number of dns servers description: Number of dns servers etcd_image: type: string label: Etcd image description: Name of the image for the etcd servers master_image: type: string label: Master image description: Name of the image for the master servers node_image: type: string label: Node image description: Name of the image for the compute node servers infra_image: type: string label: Infra image description: Name of the image for the infra node servers dns_image: type: string label: DNS image description: Name of the image for the DNS server etcd_flavor: type: string label: Etcd flavor description: Flavor of the etcd servers master_flavor: type: string label: Master flavor description: Flavor of the master servers node_flavor: type: string label: Node flavor description: Flavor of the compute node servers infra_flavor: type: string label: Infra flavor description: Flavor of the infra node servers dns_flavor: type: string label: DNS flavor description: Flavor of the DNS server master_volume_size: type: number description: Size of the volume to be created. default: 5 constraints: - range: { min: 1, max: 1024 } description: must be between 1 and 1024 Gb. app_volume_size: type: number description: Size of the volume to be created. default: 5 constraints: - range: { min: 1, max: 1024 } description: must be between 1 and 1024 Gb. infra_volume_size: type: number description: Size of the volume to be created. default: 5 constraints: - range: { min: 1, max: 1024 } description: must be between 1 and 1024 Gb. dns_volume_size: type: number description: Size of the volume to be created. default: 5 constraints: - range: { min: 1, max: 1024 } description: must be between 1 and 1024 Gb. etcd_volume_size: type: number description: Size of the volume to be created. default: 5 constraints: - range: { min: 1, max: 1024 } description: must be between 1 and 1024 Gb. outputs: etcd_names: description: Name of the etcds value: { get_attr: [ etcd, name ] } etcd_ips: description: IPs of the etcds value: { get_attr: [ etcd, private_ip ] } etcd_floating_ips: description: Floating IPs of the etcds value: { get_attr: [ etcd, floating_ip ] } master_names: description: Name of the masters value: { get_attr: [ masters, name ] } master_ips: description: IPs of the masters value: { get_attr: [ masters, private_ip ] } master_floating_ips: description: Floating IPs of the masters value: { get_attr: [ masters, floating_ip ] } node_names: description: Name of the nodes value: { get_attr: [ compute_nodes, name ] } node_ips: description: IPs of the nodes value: { get_attr: [ compute_nodes, private_ip ] } node_floating_ips: description: Floating IPs of the nodes value: { get_attr: [ compute_nodes, floating_ip ] } infra_names: description: Name of the nodes value: { get_attr: [ infra_nodes, name ] } infra_ips: description: IPs of the nodes value: { get_attr: [ infra_nodes, private_ip ] } infra_floating_ips: description: Floating IPs of the nodes value: { get_attr: [ infra_nodes, floating_ip ] } dns_name: description: Name of the DNS value: get_attr: - dns - name dns_floating_ip: description: Floating IP of the DNS value: get_attr: - dns - addresses - str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } - 1 - addr resources: net: type: OS::Neutron::Net properties: name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } subnet: type: OS::Neutron::Subnet properties: name: str_replace: template: openshift-ansible-cluster_id-subnet params: cluster_id: { get_param: cluster_id } network: { get_resource: net } cidr: str_replace: template: subnet_24_prefix.0/24 params: subnet_24_prefix: { get_param: subnet_24_prefix } allocation_pools: - start: str_replace: template: subnet_24_prefix.3 params: subnet_24_prefix: { get_param: subnet_24_prefix } end: str_replace: template: subnet_24_prefix.254 params: subnet_24_prefix: { get_param: subnet_24_prefix } dns_nameservers: - 10.9.48.31 # - { get_param: dns_nameservers } # repeat: # for_each: # <%nameserver%>: { get_param: dns_nameservers } # template: <%nameserver%> router: type: OS::Neutron::Router properties: name: str_replace: template: openshift-ansible-cluster_id-router params: cluster_id: { get_param: cluster_id } external_gateway_info: network: { get_param: external_net } interface: type: OS::Neutron::RouterInterface properties: router_id: { get_resource: router } subnet_id: { get_resource: subnet } # keypair: # type: OS::Nova::KeyPair # properties: # name: # str_replace: # template: openshift-ansible-cluster_id-keypair # params: # cluster_id: { get_param: cluster_id } # public_key: { get_param: ssh_public_key } master-secgrp: type: OS::Neutron::SecurityGroup properties: name: str_replace: template: openshift-ansible-cluster_id-master-secgrp params: cluster_id: { get_param: cluster_id } description: str_replace: template: Security group for cluster_id OpenShift cluster master params: cluster_id: { get_param: cluster_id } rules: - direction: ingress protocol: tcp port_range_min: 22 port_range_max: 22 remote_ip_prefix: { get_param: ssh_incoming } - direction: ingress protocol: tcp port_range_min: 4001 port_range_max: 4001 - direction: ingress protocol: tcp port_range_min: 8443 port_range_max: 8443 - direction: ingress protocol: tcp port_range_min: 8444 port_range_max: 8444 - direction: ingress protocol: tcp port_range_min: 53 port_range_max: 53 - direction: ingress protocol: udp port_range_min: 53 port_range_max: 53 - direction: ingress protocol: tcp port_range_min: 8053 port_range_max: 8053 - direction: ingress protocol: udp port_range_min: 8053 port_range_max: 8053 - direction: ingress protocol: tcp port_range_min: 24224 port_range_max: 24224 - direction: ingress protocol: udp port_range_min: 24224 port_range_max: 24224 - direction: ingress protocol: tcp port_range_min: 2224 port_range_max: 2224 - direction: ingress protocol: udp port_range_min: 5404 port_range_max: 5404 - direction: ingress protocol: udp port_range_min: 5405 port_range_max: 5405 - direction: ingress protocol: tcp port_range_min: 9090 port_range_max: 9090 etcd-secgrp: type: OS::Neutron::SecurityGroup properties: name: str_replace: template: openshift-ansible-cluster_id-etcd-secgrp params: cluster_id: { get_param: cluster_id } description: str_replace: template: Security group for cluster_id etcd cluster params: cluster_id: { get_param: cluster_id } rules: - direction: ingress protocol: tcp port_range_min: 22 port_range_max: 22 remote_ip_prefix: { get_param: ssh_incoming } - direction: ingress protocol: tcp port_range_min: 2379 port_range_max: 2379 remote_mode: remote_group_id remote_group_id: { get_resource: master-secgrp } - direction: ingress protocol: tcp port_range_min: 2380 port_range_max: 2380 remote_mode: remote_group_id node-secgrp: type: OS::Neutron::SecurityGroup properties: name: str_replace: template: openshift-ansible-cluster_id-node-secgrp params: cluster_id: { get_param: cluster_id } description: str_replace: template: Security group for cluster_id OpenShift cluster nodes params: cluster_id: { get_param: cluster_id } rules: - direction: ingress protocol: tcp port_range_min: 22 port_range_max: 22 remote_ip_prefix: { get_param: ssh_incoming } - direction: ingress protocol: tcp port_range_min: 10250 port_range_max: 10250 remote_mode: remote_group_id - direction: ingress protocol: tcp port_range_min: 10255 port_range_max: 10255 remote_mode: remote_group_id - direction: ingress protocol: udp port_range_min: 10255 port_range_max: 10255 remote_mode: remote_group_id - direction: ingress protocol: udp port_range_min: 4789 port_range_max: 4789 remote_mode: remote_group_id - direction: ingress protocol: tcp port_range_min: 30000 port_range_max: 32767 remote_ip_prefix: { get_param: node_port_incoming } infra-secgrp: type: OS::Neutron::SecurityGroup properties: name: str_replace: template: openshift-ansible-cluster_id-infra-secgrp params: cluster_id: { get_param: cluster_id } description: str_replace: template: Security group for cluster_id OpenShift infrastructure cluster nodes params: cluster_id: { get_param: cluster_id } rules: - direction: ingress protocol: tcp port_range_min: 80 port_range_max: 80 - direction: ingress protocol: tcp port_range_min: 443 port_range_max: 443 dns-secgrp: type: OS::Neutron::SecurityGroup properties: name: str_replace: template: openshift-ansible-cluster_id-dns-secgrp params: cluster_id: { get_param: cluster_id } description: str_replace: template: Security group for cluster_id cluster DNS params: cluster_id: { get_param: cluster_id } rules: - direction: ingress protocol: tcp port_range_min: 22 port_range_max: 22 remote_ip_prefix: { get_param: ssh_incoming } - direction: ingress protocol: udp port_range_min: 53 port_range_max: 53 remote_ip_prefix: { get_param: node_port_incoming } - direction: ingress protocol: tcp port_range_min: 53 port_range_max: 53 remote_ip_prefix: { get_param: node_port_incoming } etcd: type: OS::Heat::ResourceGroup properties: count: { get_param: num_etcd } resource_def: type: heat_stack_server.yaml properties: name: str_replace: template: k8s_type-%index%.cluster_id.cluster_env params: cluster_id: { get_param: cluster_id } k8s_type: etcd cluster_env: { get_param: cluster_env } cluster_env: { get_param: cluster_env } cluster_id: { get_param: cluster_id } type: etcd image: { get_param: etcd_image } flavor: { get_param: etcd_flavor } key_name: { get_param: ssh_public_key } net: { get_resource: net } subnet: { get_resource: subnet } secgrp: - { get_resource: etcd-secgrp } floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } volume_size: { get_param: etcd_volume_size } depends_on: - interface masters: type: OS::Heat::ResourceGroup properties: count: { get_param: num_masters } resource_def: type: heat_stack_server.yaml properties: name: str_replace: template: k8s_type-%index%.cluster_id.cluster_env params: cluster_id: { get_param: cluster_id } k8s_type: master cluster_env: { get_param: cluster_env } cluster_env: { get_param: cluster_env } cluster_id: { get_param: cluster_id } type: master image: { get_param: master_image } flavor: { get_param: master_flavor } key_name: { get_param: ssh_public_key } net: { get_resource: net } subnet: { get_resource: subnet } secgrp: - { get_resource: master-secgrp } - { get_resource: node-secgrp } floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } volume_size: { get_param: master_volume_size } depends_on: - interface compute_nodes: type: OS::Heat::ResourceGroup properties: count: { get_param: num_nodes } resource_def: type: heat_stack_server.yaml properties: name: str_replace: template: subtype-k8s_type-%index%.cluster_id.cluster_env params: cluster_id: { get_param: cluster_id } k8s_type: node subtype: app cluster_env: { get_param: cluster_env } cluster_env: { get_param: cluster_env } cluster_id: { get_param: cluster_id } type: node subtype: app image: { get_param: node_image } flavor: { get_param: node_flavor } key_name: { get_param: ssh_public_key } net: { get_resource: net } subnet: { get_resource: subnet } secgrp: - { get_resource: node-secgrp } floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } volume_size: { get_param: app_volume_size } depends_on: - interface infra_nodes: type: OS::Heat::ResourceGroup properties: count: { get_param: num_infra } resource_def: type: heat_stack_server.yaml properties: name: str_replace: template: subtypek8s_type-%index%.cluster_id.cluster_env params: cluster_id: { get_param: cluster_id } k8s_type: node subtype: infra cluster_env: { get_param: cluster_env } cluster_env: { get_param: cluster_env } cluster_id: { get_param: cluster_id } type: node subtype: infra image: { get_param: infra_image } flavor: { get_param: infra_flavor } key_name: { get_param: ssh_public_key } net: { get_resource: net } subnet: { get_resource: subnet } secgrp: - { get_resource: node-secgrp } - { get_resource: infra-secgrp } floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } volume_size: { get_param: infra_volume_size } depends_on: - interface dns: type: OS::Heat::ResourceGroup properties: count: { get_param: num_dns } resource_def: type: heat_stack_server.yaml properties: name: str_replace: template: k8s_type-%index%.cluster_id.cluster_env params: cluster_id: { get_param: cluster_id } k8s_type: dns cluster_env: { get_param: cluster_env } cluster_env: { get_param: cluster_env } cluster_id: { get_param: cluster_id } type: dns image: { get_param: dns_image } flavor: { get_param: dns_flavor } key_name: { get_param: ssh_public_key } net: { get_resource: net } subnet: { get_resource: subnet } secgrp: - { get_resource: node-secgrp } - { get_resource: dns-secgrp } floating_network: { get_param: external_net } net_name: str_replace: template: openshift-ansible-cluster_id-net params: cluster_id: { get_param: cluster_id } volume_size: { get_param: dns_volume_size } depends_on: - interface