Heat template to create a v2 Service Chain in Contrail (thanks Ganesha, Nicolas, Bernhard). It is verified to work in Contrail version 3.0.2.

heat_contrail_service_chain.yaml

heat_template_version: 2015-04-30

parameters:
  management_network:
    type: string
    description: Name of management network to be created
  left_vn:
    type: string
    description: Name of left network to be created
  right_vn:
    type: string
    description: Name of right network to be created
  left_vn_fqdn:
    type: string
    description: FQ Name of the left network
  right_vn_fqdn:
    type: string
    description: FQ Name of the right network
  image:
    type: string
    description: Name of the image
  flavor:
    type: string
    description: Flavor
  domain:
    type: string
    description: Name of the Domain
  service_template1_name:
    type: string
    label: Service template fq name
    description: Service template for port tuple
  service_template2_name:
    type: string
    label: Service template fq name
    description: Service template for port tuple
  service_template_properties_version:
    type: string
    description: Indicates service version
  service_template1_properties_service_mode:
    type: string
    description: service mode
  service_template2_properties_service_mode:
    type: string
    description: service mode
  service_template_properties_service_type:
    type: string
    description: service type
  service_template1_properties_interface_type_service_interface_type_1:
    type: string
    description: service_interface_type for the ServiceTemplate
  service_template1_properties_interface_type_service_interface_type_2:
    type: string
    description: service_interface_type for the ServiceTemplate
  service_template1_properties_interface_type_service_interface_type_3:
    type: string
    description: service_interface_type for the ServiceTemplate
  service_template2_properties_interface_type_service_interface_type_1:
    type: string
    description: service_interface_type for the ServiceTemplate
  service_template2_properties_interface_type_service_interface_type_2:
    type: string
    description: service_interface_type for the ServiceTemplate
  service_template2_properties_interface_type_service_interface_type_3:
    type: string
    description: service_interface_type for the ServiceTemplate

  service_template_properties_ordered_interfaces:
    type: string
    description: Indicates service interfaces are ordered
  service_template_properties_service_virtualization_type:
    type: string
    description: Indicates virtualization type

  service_instance1_name:
    type: string
    label: Service instance name
    description: Service instance for port tuple
  service_instance1_fq_name:
    type: string
    label: Service instance fq name
    description: Service instance FQDN for port tuple
  pt1_name:
    type: string
    description: Name of the Port-Tuple
  service_instance2_name:
    type: string
    label: Service instance name
    description: Service instance for port tuple
  service_instance2_fq_name:
    type: string
    label: Service instance fq name
    description: Service instance FQDN for port tuple
  pt2_name:
    type: string
    description: Name of the Port-Tuple

  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_1:
    type: string
    description: subnet prefix for mgmt network
  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len_1:
    type: string
    description: subnet prefix len for mgmt network
  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_2:
    type: string
    description: subnet prefix for left network
  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len_2:
    type: string
    description: subnet prefix len for left network
  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_3:
    type: string
    description: subnet prefix for right network
  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len_3:
    type: string
    description: subnet prefix len for right network
  network_ipam_refs_data_ipam_subnets_addr_from_start_true:
    type: boolean
    description: Address allocation from start of the pool
  
  svm1_name: 
    type: string
    description: Name of the SVM1
  svm1_flavor:
    type: string
    description: Flavor of the SVM1
  svm1_image: 
    type: string
    description: Name of the SVM1 image
  svm2_name: 
    type: string
    description: Name of the SVM2
  svm2_flavor:
    type: string
    description: Flavor of the SVM2
  svm2_image: 
    type: string
    description: Name of the SVM2 image

  image:
    type: string
    description: Name of the end VM image 
  flavor: 
    type: string
    description: Flavor of the end VMs
  left_vm_name:
    type: string
    description: Name of the left VM
  right_vm_name: 
    type: string
    description: Name of the right VM
 
  policy_name:
    type: string
    description: Name of the Policy
  policy_fq_name:
    type: string
    description: FQDN of the Policy 
  simple_action:
    type: string
    description: Pass or Deny
  protocol:
    type: string
    description: Protocol
  src_port_end:
    type: number
    description: End of the Source Port Range
  src_port_start:
    type: number
    description: Start of the Source Port Range
  direction:
    type: string
    description: Direction of the Policy
  dst_port_end:
    type: number
    description: End of the Destination Port Range
  dst_port_start:
    type: number
    description: Start of the Destination Port Range
  apply_services:
    type: comma_delimited_list
    description: The Services List

resources:
  template_NetworkIpam_1:
    type: OS::ContrailV2::NetworkIpam
    properties:
      name: { get_param: management_network }

  template_NetworkIpam_2:
    type: OS::ContrailV2::NetworkIpam
    properties:
      name: { get_param: left_vn }

  template_NetworkIpam_3:
    type: OS::ContrailV2::NetworkIpam
    properties:
      name: { get_param: right_vn }

  template_VirtualNetwork_1:
    type: OS::ContrailV2::VirtualNetwork
    depends_on: [ template_NetworkIpam_1 ]
    properties:
      name: { get_param: management_network }
      network_ipam_refs: [{ get_resource: template_NetworkIpam_1 }]
      network_ipam_refs_data:
        [{
          network_ipam_refs_data_ipam_subnets:
            [{
              network_ipam_refs_data_ipam_subnets_subnet:
                {
                  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_1 },
                  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len_1 },
                },
	      network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: network_ipam_refs_data_ipam_subnets_addr_from_start_true },
            }]
         }]

  template_VirtualNetwork_2:
    type: OS::ContrailV2::VirtualNetwork
    depends_on: [ template_NetworkIpam_2, template_NetworkPolicy ]
    properties:
      name: { get_param: left_vn }
      network_ipam_refs: [{ get_resource: template_NetworkIpam_2 }]
      network_ipam_refs_data:
        [{
          network_ipam_refs_data_ipam_subnets:
            [{
              network_ipam_refs_data_ipam_subnets_subnet:
                {
                  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_2 },
                  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len_2 },
                },
               network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: network_ipam_refs_data_ipam_subnets_addr_from_start_true },
 	     }]
	 }]
      network_policy_refs: [{ get_param: policy_fq_name }]
      network_policy_refs_data:
        [{
          network_policy_refs_data_sequence:
            {
              network_policy_refs_data_sequence_major: 0,
              network_policy_refs_data_sequence_minor: 0,
            },
        }]
        
  template_VirtualNetwork_3:
    type: OS::ContrailV2::VirtualNetwork
    depends_on: [ template_NetworkIpam_3, template_NetworkPolicy ]
    properties:
      name: { get_param: right_vn }
      network_ipam_refs: [{ get_resource: template_NetworkIpam_3 }]
      network_ipam_refs_data:
        [{
          network_ipam_refs_data_ipam_subnets:
            [{
              network_ipam_refs_data_ipam_subnets_subnet:
                {
                  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_3 },
                  network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len_3 },
                },
	      network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: network_ipam_refs_data_ipam_subnets_addr_from_start_true },
            }]
         }]
      network_policy_refs: [{ get_param: policy_fq_name }]
      network_policy_refs_data:
        [{
          network_policy_refs_data_sequence:
            {
              network_policy_refs_data_sequence_major: 0,
              network_policy_refs_data_sequence_minor: 0,
            },
        }]

  template_ServiceTemplate1:
    type: OS::ContrailV2::ServiceTemplate
    properties:
      name: { get_param: service_template1_name }
      service_template_properties:
        {
          service_template_properties_version: { get_param: service_template_properties_version },
          service_template_properties_service_mode: { get_param: service_template1_properties_service_mode },
          service_template_properties_service_type: { get_param: service_template_properties_service_type },
          service_template_properties_interface_type:
            [
              {
              service_template_properties_interface_type_service_interface_type: { get_param: service_template1_properties_interface_type_service_interface_type_1 },
              },
              {
              service_template_properties_interface_type_service_interface_type: { get_param: service_template1_properties_interface_type_service_interface_type_2 },
              },
              {
              service_template_properties_interface_type_service_interface_type: { get_param: service_template1_properties_interface_type_service_interface_type_3 },
              }
            ],
          service_template_properties_ordered_interfaces: { get_param: service_template_properties_ordered_interfaces },
          service_template_properties_service_virtualization_type: { get_param: service_template_properties_service_virtualization_type },
        }
      domain: { get_param: domain }

  template_ServiceTemplate2:
    type: OS::ContrailV2::ServiceTemplate
    properties:
      name: { get_param: service_template2_name }
      service_template_properties:
        {
          service_template_properties_version: { get_param: service_template_properties_version },
          service_template_properties_service_mode: { get_param: service_template2_properties_service_mode },
          service_template_properties_service_type: { get_param: service_template_properties_service_type },
          service_template_properties_interface_type:
            [
              {
              service_template_properties_interface_type_service_interface_type: { get_param: service_template2_properties_interface_type_service_interface_type_1 },
              },            
              {
              service_template_properties_interface_type_service_interface_type: { get_param: service_template2_properties_interface_type_service_interface_type_2 },
              },
              {
              service_template_properties_interface_type_service_interface_type: { get_param: service_template2_properties_interface_type_service_interface_type_3 },
              },
            ],
          service_template_properties_ordered_interfaces: { get_param: service_template_properties_ordered_interfaces },
          service_template_properties_service_virtualization_type: { get_param: service_template_properties_service_virtualization_type },
        }
      domain: { get_param: domain }

  template_ServiceInstance1:
    type: OS::ContrailV2::ServiceInstance
    depends_on: [ template_ServiceTemplate1 ]
    properties:
      name: { get_param: service_instance1_name }
      service_instance_properties:
        {
          service_instance_properties_interface_list:
            [
              {
                service_instance_properties_interface_list_virtual_network:
                 {
                   list_join: [':', { get_attr: [ template_VirtualNetwork_1, fq_name ] } ]
                 },
              },
              {
              service_instance_properties_interface_list_virtual_network:
                {
                   list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ]
                },
              },
              {
              service_instance_properties_interface_list_virtual_network:
                {
                   list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ]
                },
              },
            ],
        }
      service_template_refs: [{ get_resource: template_ServiceTemplate1 }]

  template_ServiceInstance2:
    type: OS::ContrailV2::ServiceInstance
    depends_on: [ template_ServiceTemplate2 ]
    properties:
      name: { get_param: service_instance2_name }
      service_instance_properties:
        {
          service_instance_properties_interface_list:
            [
              {
                service_instance_properties_interface_list_virtual_network:
                 {
                   list_join: [':', { get_attr: [ template_VirtualNetwork_1, fq_name ] } ]
                 },
              },              
              {
                service_instance_properties_interface_list_virtual_network:
                 {
                   list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ]
                 },
              },
              {
              service_instance_properties_interface_list_virtual_network:
                {
                   list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ]
                },
              },
            ],
        }
      service_template_refs: [{ get_resource: template_ServiceTemplate2 }]

  template_PortTuple1:
    type: OS::ContrailV2::PortTuple
    depends_on: [ template_ServiceInstance1 ]
    properties:
      name: { get_param: pt1_name }
      service_instance: { list_join: [':', { get_attr: [ template_ServiceInstance1, fq_name ] } ] }

  template_PortTuple2:
    type: OS::ContrailV2::PortTuple
    depends_on: [ template_ServiceInstance2 ]
    properties:
      name: { get_param: pt2_name }
      service_instance: { list_join: [':', { get_attr: [ template_ServiceInstance2, fq_name ] } ] }

  template_VirtualMachineInterface_1:
    type: OS::ContrailV2::VirtualMachineInterface
    depends_on: [ template_PortTuple1 ]
    properties:
      virtual_machine_interface_properties:
        {
          virtual_machine_interface_properties_service_interface_type: { get_param: service_template1_properties_interface_type_service_interface_type_1 },
        }
      port_tuple_refs: [{ get_resource: template_PortTuple1 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_1, fq_name ] } ] }]
  
  template_VirtualMachineInterface_2:
    type: OS::ContrailV2::VirtualMachineInterface
    depends_on: [ template_PortTuple1 ]
    properties:
      virtual_machine_interface_properties:
        {
          virtual_machine_interface_properties_service_interface_type: { get_param: service_template1_properties_interface_type_service_interface_type_2 },
        }
      port_tuple_refs: [{ get_resource: template_PortTuple1 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ] }]

  template_VirtualMachineInterface_3:
    type: OS::ContrailV2::VirtualMachineInterface
    depends_on: [ template_PortTuple1 ]
    properties:
      virtual_machine_interface_properties:
        {
          virtual_machine_interface_properties_service_interface_type: { get_param: service_template1_properties_interface_type_service_interface_type_3 },
        }
      port_tuple_refs: [{ get_resource: template_PortTuple1 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ] }]

  template_InstanceIp_1:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_1, template_VirtualNetwork_1 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_1 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_1, fq_name ] } ] }]

  template_InstanceIp_2:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_2, template_VirtualNetwork_2 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_2 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ] }]

  template_InstanceIp_3:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_3, template_VirtualNetwork_3 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_3 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ] }]

  template_VirtualMachineInterface_21:
    type: OS::ContrailV2::VirtualMachineInterface
    depends_on: [ template_PortTuple2 ]
    properties:
      virtual_machine_interface_properties:
        {
          virtual_machine_interface_properties_service_interface_type: { get_param: service_template2_properties_interface_type_service_interface_type_1 },
        }
      port_tuple_refs: [{ get_resource: template_PortTuple2 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_1, fq_name ] } ] }]
  
  template_VirtualMachineInterface_22:
    type: OS::ContrailV2::VirtualMachineInterface
    depends_on: [ template_PortTuple2 ]
    properties:
      virtual_machine_interface_properties:
        {
          virtual_machine_interface_properties_service_interface_type: { get_param: service_template2_properties_interface_type_service_interface_type_2 },
        }
      port_tuple_refs: [{ get_resource: template_PortTuple2 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ] }]

  template_VirtualMachineInterface_23:
    type: OS::ContrailV2::VirtualMachineInterface
    depends_on: [ template_PortTuple2 ]
    properties:
      virtual_machine_interface_properties:
        {
          virtual_machine_interface_properties_service_interface_type: { get_param: service_template2_properties_interface_type_service_interface_type_3 },
        }
      port_tuple_refs: [{ get_resource: template_PortTuple2 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ] }]

  template_InstanceIp_21:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_21, template_VirtualNetwork_1 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_21 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_1, fq_name ] } ] }]

  template_InstanceIp_22:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_22, template_VirtualNetwork_2 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_22 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ] }]

  template_InstanceIp_23:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_23, template_VirtualNetwork_3 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_23 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ] }]

  template_InstanceIp_4:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_4, template_VirtualNetwork_2 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_4 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ] }]

  template_InstanceIp_5:
    type: OS::ContrailV2::InstanceIp
    depends_on: [ template_VirtualMachineInterface_5, template_VirtualNetwork_3 ]
    properties:
      virtual_machine_interface_refs: [{ get_resource: template_VirtualMachineInterface_5 }]
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ] }]

  instance1:
    type: OS::Nova::Server
    depends_on: [ template_InstanceIp_1, template_InstanceIp_2, template_InstanceIp_3 ]
    properties:
      name: {get_param: svm1_name }
      image: { get_param:  svm1_image }
      flavor: { get_param: svm1_flavor }
      networks:
        - port: { get_resource: template_VirtualMachineInterface_1 }
        - port: { get_resource: template_VirtualMachineInterface_2 }
        - port: { get_resource: template_VirtualMachineInterface_3 }

  instance2:
    type: OS::Nova::Server
    depends_on: [ template_InstanceIp_21, template_InstanceIp_22, template_InstanceIp_23 ]
    properties:
      name: {get_param: svm2_name }
      image: { get_param:  svm2_image }
      flavor: { get_param: svm2_flavor }
      networks:
        - port: { get_resource: template_VirtualMachineInterface_21 }
        - port: { get_resource: template_VirtualMachineInterface_22 }
        - port: { get_resource: template_VirtualMachineInterface_23 }

  template_VirtualMachineInterface_4:
    type: OS::ContrailV2::VirtualMachineInterface
    properties:
      name: { get_param: left_vm_name }
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_2, fq_name ] } ] }]
  
  template_VirtualMachineInterface_5:
    type: OS::ContrailV2::VirtualMachineInterface
    properties:
      name: { get_param: right_vm_name }
      virtual_network_refs: [{ list_join: [':', { get_attr: [ template_VirtualNetwork_3, fq_name ] } ] }]
  
  template_leftVM:
    type: OS::Nova::Server
    depends_on: [ template_InstanceIp_4 ]
    properties:
      name: {get_param: left_vm_name }
      image: { get_param:  image }
      flavor: { get_param: flavor }
      networks:
        - port: { get_resource: template_VirtualMachineInterface_4 }

  template_rightVM:
    type: OS::Nova::Server
    depends_on: [ template_InstanceIp_5 ]
    properties:
      name: {get_param: right_vm_name }
      image: { get_param:  image }
      flavor: { get_param: flavor }
      networks:
        - port: { get_resource: template_VirtualMachineInterface_5 }

  template_NetworkPolicy:
    type: OS::ContrailV2::NetworkPolicy
    properties:
      name: { get_param: policy_name }
      network_policy_entries: { network_policy_entries_policy_rule: [{ 
		network_policy_entries_policy_rule_direction: { get_param: direction },
		network_policy_entries_policy_rule_protocol: { get_param: protocol },
		network_policy_entries_policy_rule_src_ports: [{
			network_policy_entries_policy_rule_src_ports_start_port: { get_param: src_port_start },
			network_policy_entries_policy_rule_src_ports_end_port: { get_param: src_port_end }
								}],
 		network_policy_entries_policy_rule_dst_ports: [{
			network_policy_entries_policy_rule_dst_ports_start_port: { get_param: dst_port_start },
			network_policy_entries_policy_rule_dst_ports_end_port: { get_param: dst_port_end }
								}],
		network_policy_entries_policy_rule_dst_addresses: [{
			network_policy_entries_policy_rule_dst_addresses_virtual_network: { get_param: right_vn_fqdn }
								}],
		network_policy_entries_policy_rule_src_addresses: [{
			network_policy_entries_policy_rule_src_addresses_virtual_network: { get_param: left_vn_fqdn }
								}],
		network_policy_entries_policy_rule_action_list: { 
			network_policy_entries_policy_rule_action_list_simple_action: { get_param: simple_action },
			network_policy_entries_policy_rule_action_list_apply_service: 
								  { get_param: apply_services }
									}}]
	}