Created
December 14, 2018 15:42
-
-
Save frippe75/125d967d798eefa840b37857c9b51af0 to your computer and use it in GitHub Desktop.
Openshift-Ansible generated Openstack Heat templates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[centos@deploy openshift-ansibleu2sHxF]$ cat * | |
heat_template_version: pike | |
description: Simple template to generate the needed vlan ids | |
parameters: | |
number_of_vlan_ids: | |
type: number | |
description: Number of vlan segmentation IDs | |
default: 1 | |
resources: | |
segmentation_ids: | |
type: OS::Heat::ResourceGroup | |
properties: | |
count: { get_param: number_of_vlan_ids } | |
removal_policies: [ { "resource_list": ["0"] } ] | |
resource_def: | |
type: OS::Heat::Value | |
properties: | |
type: string | |
value: "%index%" | |
outputs: | |
vlan_ids: | |
value: { get_attr: [segmentation_ids, value] } | |
heat_template_version: pike | |
description: OpenShift cluster server | |
parameters: | |
name: | |
type: string | |
label: Name | |
description: Name | |
group: | |
type: string | |
label: Host Group | |
description: The Primary Ansible Host Group | |
default: host | |
cluster_env: | |
type: string | |
label: Cluster environment | |
description: Environment of the cluster | |
cluster_id: | |
type: string | |
label: Cluster ID | |
description: Identifier of the cluster | |
type: | |
type: string | |
label: Type | |
description: Type master or node | |
subtype: | |
type: string | |
label: Sub-type | |
description: Sub-type compute or infra for nodes, default otherwise | |
default: default | |
key_name: | |
type: string | |
label: Key name | |
description: Key name of keypair | |
image: | |
type: string | |
label: Image | |
description: Name of the image | |
flavor: | |
type: string | |
label: Flavor | |
description: Name of the flavor | |
net: | |
type: string | |
label: Net ID | |
description: Net resource | |
net_name: | |
type: string | |
label: Net name | |
description: Net name | |
subnet: | |
type: string | |
label: Subnet ID | |
description: Subnet resource | |
secgrp: | |
type: comma_delimited_list | |
label: Security groups | |
description: Security group resources | |
api_lb_pool: | |
default: '' | |
type: string | |
label: API LoadBalancer pool ID | |
description: API Loadbalancer pool resource | |
router_lb_pool_http: | |
type: string | |
label: Router LoadBalancer pool ID for HTTP | |
default: "" | |
router_lb_pool_https: | |
type: string | |
label: Router LoadBalancer pool ID for HTTPS | |
default: "" | |
attach_float_net: | |
type: boolean | |
default: true | |
label: Attach-float-net | |
description: A switch for floating network port connection | |
floating_network: | |
type: string | |
default: '' | |
label: Floating network | |
description: Network to allocate floating IP from | |
availability_zone: | |
type: string | |
description: The Availability Zone to launch the instance. | |
default: nova | |
volume_size: | |
type: number | |
description: Size of the volume to be created. | |
default: 1 | |
constraints: | |
- range: { min: 1, max: 1024 } | |
description: must be between 1 and 1024 Gb. | |
openshift_node_group_name: | |
type: string | |
default: '' | |
description: The openshift node group name for this server. | |
scheduler_hints: | |
type: json | |
description: Server scheduler hints. | |
default: {} | |
outputs: | |
name: | |
description: Name of the server | |
value: { get_attr: [ server, name ] } | |
private_ip: | |
description: Private IP of the server | |
value: | |
get_attr: | |
- server | |
- addresses | |
- { get_param: net_name } | |
- 0 | |
- addr | |
floating_ip: | |
description: Floating IP of the server | |
value: | |
get_attr: | |
- server | |
- addresses | |
- { get_param: net_name } | |
- 1 | |
- addr | |
conditions: | |
no_floating: {not: { get_param: attach_float_net} } | |
resources: | |
server: | |
type: OS::Nova::Server | |
properties: | |
name: { get_param: name } | |
key_name: { get_param: key_name } | |
image: { get_param: image } | |
flavor: { get_param: flavor } | |
networks: | |
- port: { get_resource: port } | |
user_data: | |
str_replace: | |
template: {get_file: user-data} | |
params: | |
"%OPENSHIFT_NODE_CONFIG_NAME%": { get_param: openshift_node_group_name } | |
user_data_format: RAW | |
user_data_update_policy: IGNORE | |
metadata: | |
group: { get_param: group } | |
environment: { get_param: cluster_env } | |
clusterid: { get_param: cluster_id } | |
host-type: { get_param: type } | |
sub-host-type: { get_param: subtype } | |
openshift_node_group_name: { get_param: openshift_node_group_name } | |
scheduler_hints: { get_param: scheduler_hints } | |
port: | |
type: OS::Neutron::Port | |
properties: | |
network: { get_param: net } | |
fixed_ips: | |
- subnet: { get_param: subnet } | |
security_groups: { get_param: secgrp } | |
floating-ip: | |
condition: { not: no_floating } | |
type: OS::Neutron::FloatingIP | |
properties: | |
floating_network: { get_param: floating_network } | |
port_id: { get_resource: port } | |
cinder_volume: | |
type: OS::Cinder::Volume | |
properties: | |
size: { get_param: volume_size } | |
availability_zone: { get_param: availability_zone } | |
metadata: | |
purpose: openshift_docker_storage | |
volume_attachment: | |
type: OS::Cinder::VolumeAttachment | |
properties: | |
volume_id: { get_resource: cinder_volume } | |
instance_uuid: { get_resource: server } | |
api_lb_member: | |
type: OS::Octavia::PoolMember | |
condition: | |
not: {equals: [{get_param: api_lb_pool}, ""]} | |
properties: | |
pool: { get_param: api_lb_pool } | |
protocol_port: 6443 | |
address: { get_attr: [server, first_address]} | |
router_lb_pool_member_http: | |
condition: | |
not: {equals: [{get_param: router_lb_pool_http}, ""]} | |
type: OS::Octavia::PoolMember | |
properties: | |
pool: { get_param: router_lb_pool_http } | |
protocol_port: 80 | |
address: { get_attr: [server, first_address]} | |
subnet: { get_param: subnet } | |
router_lb_pool_member_https: | |
condition: | |
not: {equals: [{get_param: router_lb_pool_https}, ""]} | |
type: OS::Octavia::PoolMember | |
properties: | |
pool: { get_param: router_lb_pool_https } | |
protocol_port: 443 | |
address: { get_attr: [server, first_address]} | |
subnet: { get_param: subnet } | |
heat_template_version: pike | |
description: OpenShift cluster | |
parameters: | |
outputs: | |
etcd_names: | |
description: Name of the etcds | |
value: { get_attr: [ etcd, name ] } | |
etcd_ips: | |
description: IPs of the etcds | |
value: { get_attr: [ etcd, private_ip ] } | |
etcd_floating_ips: | |
description: Floating IPs of the etcds | |
value: { get_attr: [ etcd, floating_ip ] } | |
master_names: | |
description: Name of the masters | |
value: { get_attr: [ masters, name ] } | |
master_ips: | |
description: IPs of the masters | |
value: { get_attr: [ masters, private_ip ] } | |
master_floating_ips: | |
description: Floating IPs of the masters | |
value: { get_attr: [ masters, floating_ip ] } | |
node_names: | |
description: Name of the nodes | |
value: { get_attr: [ compute_nodes, name ] } | |
node_ips: | |
description: IPs of the nodes | |
value: { get_attr: [ compute_nodes, private_ip ] } | |
node_floating_ips: | |
description: Floating IPs of the nodes | |
value: { get_attr: [ compute_nodes, floating_ip ] } | |
infra_names: | |
description: Name of the nodes | |
value: { get_attr: [ infra_nodes, name ] } | |
infra_ips: | |
description: IPs of the nodes | |
value: { get_attr: [ infra_nodes, private_ip ] } | |
infra_floating_ips: | |
description: Floating IPs of the nodes | |
value: { get_attr: [ infra_nodes, floating_ip ] } | |
public_api_ip: | |
description: IP address for the API/UI endpoint | |
value: { get_attr: [masters, resource.0, floating_ip] } | |
public_router_ip: | |
description: IP address of the apps/router endpoint | |
# NOTE(shadower): The VM-based loadbalancer only supports master nodes | |
value: { get_attr: [infra_nodes, resource.0, floating_ip] } | |
private_api_ip: | |
description: > | |
The address of the private OpenShift API. This is used during OpenShift | |
deployment and for API access by the internal pods and services. | |
value: { get_attr: [masters, resource.0, private_ip] } | |
conditions: | |
no_floating: false | |
resources: | |
# NOTE: With Kuryr, the load balancer is necessary. | |
net: | |
type: OS::Neutron::Net | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-net | |
params: | |
cluster_id: openshift.lab.net | |
subnet: | |
type: OS::Neutron::Subnet | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-subnet | |
params: | |
cluster_id: openshift.lab.net | |
network: { get_resource: net } | |
cidr: 192.168.99.0/24 | |
allocation_pools: | |
- start: 192.168.99.3 | |
end: 192.168.99.254 | |
dns_nameservers: | |
router: | |
type: OS::Neutron::Router | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-router | |
params: | |
cluster_id: openshift.lab.net | |
external_gateway_info: | |
network: external_network | |
interface: | |
type: OS::Neutron::RouterInterface | |
properties: | |
router_id: { get_resource: router } | |
subnet_id: { get_resource: subnet } | |
# keypair: | |
# type: OS::Nova::KeyPair | |
# properties: | |
# name: | |
# str_replace: | |
# template: openshift-ansible-cluster_id-keypair | |
# params: | |
# cluster_id: openshift.lab.net | |
# public_key: openshift | |
common-secgrp: | |
type: OS::Neutron::SecurityGroup | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-common-secgrp | |
params: | |
cluster_id: openshift.lab.net | |
description: | |
str_replace: | |
template: Basic ssh/icmp security group for cluster_id OpenShift cluster | |
params: | |
cluster_id: openshift.lab.net | |
rules: [{"protocol": "tcp", "direction": "ingress", "port_range_min": 22, "port_range_max": 22, "remote_ip_prefix": "0.0.0.0/0"}, {"remote_ip_prefix": "0.0.0.0/0", "direction": "ingress", "protocol": "icmp"}] | |
master-secgrp: | |
type: OS::Neutron::SecurityGroup | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-master-secgrp | |
params: | |
cluster_id: openshift.lab.net | |
description: | |
str_replace: | |
template: Security group for cluster_id OpenShift cluster master | |
params: | |
cluster_id: openshift.lab.net | |
rules: [{"protocol": "tcp", "direction": "ingress", "port_range_min": 4001, "port_range_max": 4001}, {"protocol": "tcp", "direction": "ingress", "port_range_min": "6443", "port_range_max": "6443"}, {"protocol": "tcp", "direction": "ingress", "port_range_min": "8443", "port_range_max": "8443"}, {"protocol": "tcp", "direction": "ingress", "port_range_min": 8053, "port_range_max": 8053}, {"protocol": "udp", "direction": "ingress", "port_range_min": 8053, "port_range_max": 8053}, {"protocol": "tcp", "direction": "ingress", "port_range_min": 24224, "port_range_max": 24224}, {"protocol": "udp", "direction": "ingress", "port_range_min": 24224, "port_range_max": 24224}, {"protocol": "tcp", "direction": "ingress", "port_range_min": 9090, "port_range_max": 9090}] | |
etcd-secgrp: | |
type: OS::Neutron::SecurityGroup | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-etcd-secgrp | |
params: | |
cluster_id: openshift.lab.net | |
description: | |
str_replace: | |
template: Security group for cluster_id etcd cluster | |
params: | |
cluster_id: openshift.lab.net | |
rules: [{"protocol": "tcp", "direction": "ingress", "port_range_min": 2379, "port_range_max": 2379, "remote_ip_prefix": "0.0.0.0/0"}, {"protocol": "tcp", "direction": "ingress", "port_range_min": 2380, "port_range_max": 2380, "remote_mode": "remote_group_id"}] | |
node-secgrp: | |
type: OS::Neutron::SecurityGroup | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-node-secgrp | |
params: | |
cluster_id: openshift.lab.net | |
description: | |
str_replace: | |
template: Security group for cluster_id OpenShift cluster nodes | |
params: | |
cluster_id: openshift.lab.net | |
rules: [{"protocol": "tcp", "direction": "ingress", "port_range_min": 53, "port_range_max": 53}, {"protocol": "udp", "direction": "ingress", "port_range_min": 53, "port_range_max": 53}, {"protocol": "tcp", "direction": "ingress", "port_range_min": 10250, "port_range_max": 10250, "remote_mode": "remote_group_id"}, {"protocol": "udp", "direction": "ingress", "port_range_min": 4789, "port_range_max": 4789, "remote_mode": "remote_group_id"}, {"protocol": "tcp", "direction": "ingress", "port_range_min": 10010, "port_range_max": 10010, "remote_mode": "remote_group_id"}] | |
infra-secgrp: | |
type: OS::Neutron::SecurityGroup | |
properties: | |
name: | |
str_replace: | |
template: openshift-ansible-cluster_id-infra-secgrp | |
params: | |
cluster_id: openshift.lab.net | |
description: | |
str_replace: | |
template: Security group for cluster_id OpenShift infrastructure cluster nodes | |
params: | |
cluster_id: openshift.lab.net | |
rules: [{"protocol": "tcp", "direction": "ingress", "port_range_min": 80, "port_range_max": 80}, {"protocol": "tcp", "direction": "ingress", "port_range_min": 443, "port_range_max": 443}] | |
lb-secgrp: | |
type: OS::Neutron::SecurityGroup | |
properties: | |
name: openshift-ansible-openshift.lab.net-lb-secgrp | |
description: Security group for openshift.lab.net cluster Load Balancer | |
rules: | |
[{"protocol": "tcp", "direction": "ingress", "port_range_min": 443, "port_range_max": 443, "remote_ip_prefix": "0.0.0.0/0"}, {"protocol": "tcp", "direction": "ingress", "port_range_min": "6443", "port_range_max": "6443", "remote_ip_prefix": "0.0.0.0/0"}] | |
etcd: | |
type: OS::Heat::ResourceGroup | |
properties: | |
count: 0 | |
resource_def: | |
type: server.yaml | |
properties: | |
name: | |
str_replace: | |
template: hostname-%index%domain_suffix | |
params: | |
hostname: etcd | |
domain_suffix: .openshift.lab.net | |
cluster_env: lab.net | |
cluster_id: openshift.lab.net | |
group: | |
str_replace: | |
template: k8s_type.cluster_id | |
params: | |
k8s_type: etcds | |
cluster_id: openshift.lab.net | |
type: etcd | |
image: CentOS-7-proxy | |
flavor: m1.medium | |
key_name: openshift | |
net: { get_resource: net } | |
subnet: { get_resource: subnet } | |
net_name: | |
str_replace: | |
template: openshift-ansible-cluster_id-net | |
params: | |
cluster_id: openshift.lab.net | |
secgrp: | |
- { get_resource: etcd-secgrp } | |
- { get_resource: common-secgrp } | |
floating_network: | |
if: | |
- no_floating | |
- '' | |
- external_network | |
volume_size: 2 | |
depends_on: | |
- interface | |
masters: | |
type: OS::Heat::ResourceGroup | |
properties: | |
count: 1 | |
resource_def: | |
type: server.yaml | |
properties: | |
name: | |
str_replace: | |
template: hostname-%index%domain_suffix | |
params: | |
hostname: master | |
domain_suffix: .openshift.lab.net | |
cluster_env: lab.net | |
cluster_id: openshift.lab.net | |
group: | |
str_replace: | |
template: k8s_type.cluster_id | |
params: | |
k8s_type: masters | |
cluster_id: openshift.lab.net | |
type: master | |
openshift_node_group_name: node-config-master | |
image: CentOS-7-proxy | |
flavor: m1.medium | |
key_name: openshift | |
net: { get_resource: net } | |
subnet: { get_resource: subnet } | |
net_name: | |
str_replace: | |
template: openshift-ansible-cluster_id-net | |
params: | |
cluster_id: openshift.lab.net | |
secgrp: | |
- { get_resource: common-secgrp } | |
- { get_resource: master-secgrp } | |
- { get_resource: node-secgrp } | |
- { get_resource: etcd-secgrp } | |
floating_network: | |
if: | |
- no_floating | |
- '' | |
- external_network | |
volume_size: 15 | |
depends_on: | |
- interface | |
compute_nodes: | |
type: OS::Heat::ResourceGroup | |
properties: | |
count: 3 | |
removal_policies: | |
- resource_list: [] | |
resource_def: | |
type: server.yaml | |
properties: | |
name: | |
str_replace: | |
template: hostname-%index%domain_suffix | |
params: | |
hostname: app-node | |
domain_suffix: .openshift.lab.net | |
cluster_env: lab.net | |
cluster_id: openshift.lab.net | |
group: | |
str_replace: | |
template: k8s_type.cluster_id | |
params: | |
k8s_type: nodes | |
cluster_id: openshift.lab.net | |
type: node | |
subtype: app | |
openshift_node_group_name: node-config-compute | |
image: CentOS-7-proxy | |
flavor: m1.medium | |
key_name: openshift | |
net: { get_resource: net } | |
subnet: { get_resource: subnet } | |
net_name: | |
str_replace: | |
template: openshift-ansible-cluster_id-net | |
params: | |
cluster_id: openshift.lab.net | |
secgrp: | |
- { get_resource: node-secgrp } | |
- { get_resource: common-secgrp } | |
floating_network: | |
if: | |
- no_floating | |
- '' | |
- external_network | |
volume_size: 15 | |
depends_on: | |
- interface | |
infra_nodes: | |
type: OS::Heat::ResourceGroup | |
properties: | |
count: 1 | |
resource_def: | |
type: server.yaml | |
properties: | |
name: | |
str_replace: | |
template: hostname-%index%domain_suffix | |
params: | |
hostname: infra-node | |
domain_suffix: .openshift.lab.net | |
cluster_env: lab.net | |
cluster_id: openshift.lab.net | |
group: | |
str_replace: | |
template: k8s_type.cluster_id | |
params: | |
k8s_type: infra | |
cluster_id: openshift.lab.net | |
type: node | |
subtype: infra | |
openshift_node_group_name: node-config-infra | |
image: CentOS-7-proxy | |
flavor: m1.medium | |
key_name: openshift | |
net: { get_resource: net } | |
subnet: { get_resource: subnet } | |
net_name: | |
str_replace: | |
template: openshift-ansible-cluster_id-net | |
params: | |
cluster_id: openshift.lab.net | |
secgrp: | |
# TODO(bogdando) filter only required node rules into infra-secgrp | |
- { get_resource: common-secgrp } | |
- { get_resource: node-secgrp } | |
- { get_resource: infra-secgrp } | |
floating_network: | |
if: | |
- no_floating | |
- '' | |
- external_network | |
volume_size: 15 | |
depends_on: | |
- interface | |
cns: | |
type: OS::Heat::ResourceGroup | |
properties: | |
count: 0 | |
resource_def: | |
type: server.yaml | |
properties: | |
name: | |
str_replace: | |
template: hostname-%index%domain_suffix | |
params: | |
hostname: cns | |
domain_suffix: .openshift.lab.net | |
cluster_env: lab.net | |
cluster_id: openshift.lab.net | |
group: | |
str_replace: | |
template: k8s_type.cluster_id | |
params: | |
k8s_type: cns | |
cluster_id: openshift.lab.net | |
type: cns | |
openshift_node_group_name: node-config-compute | |
image: CentOS-7-proxy | |
flavor: m1.medium | |
key_name: openshift | |
net: { get_resource: net } | |
subnet: { get_resource: subnet } | |
net_name: | |
str_replace: | |
template: openshift-ansible-cluster_id-net | |
params: | |
cluster_id: openshift.lab.net | |
secgrp: | |
- { get_resource: common-secgrp } | |
- { get_resource: node-secgrp } | |
floating_network: external_network | |
volume_size: 15 | |
depends_on: | |
- interface | |
heat_template_version: pike | |
description: Template to create subports | |
parameters: | |
network: | |
type: string | |
label: Subport Network | |
subnet: | |
type: string | |
label: Subport Subnet | |
pod_access_sg: | |
type: comma_delimited_list | |
label: Pod access sg | |
resources: | |
subports: | |
type: OS::Neutron::Port | |
properties: | |
network: { get_param: network } | |
security_groups: { get_param: pod_access_sg } | |
fixed_ips: | |
- subnet: { get_param: subnet } | |
device_owner: compute:kuryr | |
outputs: | |
subport_id: | |
value: { get_resource: subports } | |
#cloud-config | |
disable_root: True | |
system_info: | |
default_user: | |
name: openshift | |
sudo: ["ALL=(ALL) NOPASSWD: ALL"] | |
write_files: | |
- path: /etc/sudoers.d/00-openshift-no-requiretty | |
permissions: 440 | |
content: | | |
Defaults:openshift !requiretty | |
- path: /root/openshift_bootstrap/openshift_settings.yaml | |
owner: 'root:root' | |
permissions: '0640' | |
content: | | |
openshift_node_config_name: %OPENSHIFT_NODE_CONFIG_NAME% | |
runcmd: | |
- [ ansible-playbook, /root/openshift_bootstrap/bootstrap.yml] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment