Created
November 17, 2017 17:29
-
-
Save allthingsclowd/d620d3e53a5a239d21599b1ca1628cf0 to your computer and use it in GitHub Desktop.
VPN Demo Heat Template 2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| heat_template_version: 2013-05-23 | |
| # Author: Graham Land | |
| # Date: 15/11/2017 | |
| # Purpose: Demo IPSec VPNaaS - Base for Project B - Two Networks and a Router with two Servers C & D | |
| # | |
| # Twitter: @allthingsclowd | |
| # Blog: https://allthingscloud.eu | |
| # | |
| # | |
| description: Template for VPNaaS (IPSec) Demo Project B - Two Networks and a Router with two Servers C & D | |
| # Input parameters | |
| parameters: | |
| k5_image: | |
| type: string | |
| label: Image name or ID | |
| description: Image to be used for compute instance | |
| default: "Ubuntu Server 16.04 LTS (English) 01" | |
| flavor: | |
| type: string | |
| label: Flavor | |
| description: Type of instance (flavor) to be used | |
| default: "P-1" | |
| ssh_key_pair: | |
| type: string | |
| label: Key name | |
| description: Name of key-pair to be used for compute instance | |
| default: "LEMP-KP-AZ2" | |
| availability_zone: | |
| type: string | |
| label: Availability Zone | |
| description: Region AZ to use | |
| default: "uk-1b" | |
| my_ip: | |
| type: string | |
| label: The IP Address (CIDR format) of My PC on the Internet | |
| description: PC Internet IP Address (CIDR format) | |
| default: "31.53.253.24/32" | |
| # K5 Infrastructure resources to be built | |
| resources: | |
| # Create a private network | |
| private_network_a: | |
| type: OS::Neutron::Net | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| name: "Network-C" | |
| # Create a new subnet on the private network | |
| private_subnet_a: | |
| type: OS::Neutron::Subnet | |
| depends_on: private_network_a | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| name: "Subnetwork-C" | |
| network_id: { get_resource: private_network_a } | |
| cidr: "192.168.10.0/24" | |
| gateway_ip: "192.168.10.254" | |
| allocation_pools: | |
| - start: "192.168.10.100" | |
| end: "192.168.10.150" | |
| dns_nameservers: ["62.60.39.9", "62.60.42.9"] | |
| # Create a second private network | |
| private_network_b: | |
| type: OS::Neutron::Net | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| name: "Network-D" | |
| # Create a new subnet on the second private network | |
| private_subnet_b: | |
| type: OS::Neutron::Subnet | |
| depends_on: private_network_b | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| name: "Subnetwork-D" | |
| network_id: { get_resource: private_network_b } | |
| cidr: "10.0.10.0/24" | |
| gateway_ip: "10.0.10.254" | |
| allocation_pools: | |
| - start: "10.0.10.100" | |
| end: "10.0.10.150" | |
| dns_nameservers: ["62.60.39.9", "62.60.42.9"] | |
| # Create a virtual router | |
| virtual_router: | |
| type: OS::Neutron::Router | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| name: "Simple-Virtual-Router" | |
| # Connect an interface on the private network's subnet to the router | |
| virtual_router_interface_1: | |
| type: OS::Neutron::RouterInterface | |
| depends_on: virtual_router | |
| properties: | |
| router_id: { get_resource: virtual_router } | |
| subnet_id: { get_resource: private_subnet_a } | |
| # Connect an interface on the private network's subnet to the router | |
| virtual_router_interface_2: | |
| type: OS::Neutron::RouterInterface | |
| depends_on: virtual_router | |
| properties: | |
| router_id: { get_resource: virtual_router } | |
| subnet_id: { get_resource: private_subnet_b } | |
| # Create security group | |
| security_group: | |
| type: OS::Neutron::SecurityGroup | |
| properties: | |
| description: VPN Security Group | |
| name: VPN-SG | |
| rules: | |
| # allow inbound traffic from remote VPN subnet | |
| - remote_ip_prefix: 192.168.0.0/24 | |
| protocol: tcp | |
| - remote_ip_prefix: 192.168.0.0/24 | |
| protocol: icmp | |
| # allow inbound traffic from my remote PC | |
| - remote_ip_prefix: { get_param: my_ip } | |
| protocol: icmp | |
| - remote_ip_prefix: { get_param: my_ip } | |
| protocol: tcp | |
| port_range_min: 22 | |
| port_range_max: 22 | |
| ################### Server A ################################################################ | |
| # Create a system volume for use with the server | |
| server-A-sys-vol: | |
| type: OS::Cinder::Volume | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| name: "Server-C-boot-vol" | |
| size: 3 | |
| volume_type: "M1" | |
| image : { get_param: k5_image } | |
| server-A-port: | |
| type: OS::Neutron::Port | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| network_id: { get_resource: private_network_a } | |
| name: "Server-C-Port" | |
| fixed_ips: | |
| - subnet_id: { get_resource: private_subnet_a } | |
| security_groups: [{ get_resource: security_group }] | |
| # Build a server using the system volume defined above | |
| server-A: | |
| type: OS::Nova::Server | |
| depends_on: private_network_a | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| key_name: { get_param: ssh_key_pair } | |
| image: { get_param: k5_image } | |
| flavor: { get_param: flavor } | |
| admin_user: ubuntu | |
| metadata: { "fcx.autofailover": True } | |
| block_device_mapping: [{"volume_size": "3", "volume_id": {get_resource: server-A-sys-vol}, "delete_on_termination": True, "device_name": "/dev/vda"}] | |
| name: "Server-C" | |
| networks: | |
| - port: { get_resource: server-A-port } | |
| ########################################################################################################### | |
| ################### Server B ################################################################ | |
| # Create a system volume for use with the server | |
| server-B-sys-vol: | |
| type: OS::Cinder::Volume | |
| depends_on: private_network_b | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| name: "Server-D-boot-vol" | |
| size: 3 | |
| volume_type: "M1" | |
| image : { get_param: k5_image } | |
| # Build a server using the system volume defined above | |
| server-B: | |
| type: OS::Nova::Server | |
| properties: | |
| availability_zone: { get_param: availability_zone } | |
| key_name: { get_param: ssh_key_pair } | |
| image: { get_param: k5_image } | |
| flavor: { get_param: flavor } | |
| admin_user: ubuntu | |
| metadata: { "fcx.autofailover": True } | |
| block_device_mapping: [{"volume_size": "3", "volume_id": {get_resource: server-B-sys-vol}, "delete_on_termination": True, "device_name": "/dev/vda"}] | |
| name: "Server-D" | |
| networks: | |
| - network: { get_resource: private_network_b } | |
| ########################################################################################################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment