Created
June 22, 2015 18:29
-
-
Save jasonnerothin/c85fd0b78e2dd5e82709 to your computer and use it in GitHub Desktop.
OpenStack manager blueprint 3.2-build without block device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tosca_definitions_version: cloudify_dsl_1_0 | |
imports: | |
- http://www.getcloudify.org/spec/cloudify/3.2/types.yaml | |
- http://www.getcloudify.org/spec/openstack-plugin/1.2/plugin.yaml | |
- http://www.getcloudify.org/spec/fabric-plugin/1.2/plugin.yaml | |
inputs: | |
keystone_username: | |
default: '' | |
type: string | |
keystone_password: | |
default: '' | |
type: string | |
keystone_tenant_name: | |
default: '' | |
type: string | |
keystone_url: | |
default: '' | |
type: string | |
region: | |
default: '' | |
type: string | |
nova_url: | |
default: '' | |
type: string | |
neutron_url: | |
default: '' | |
type: string | |
manager_public_key_name: | |
type: string | |
agent_public_key_name: | |
type: string | |
image_id: | |
type: string | |
flavor_id: | |
type: string | |
external_network_name: | |
type: string | |
use_existing_manager_keypair: | |
type: boolean | |
default: false | |
use_existing_agent_keypair: | |
type: boolean | |
default: false | |
manager_server_name: | |
default: cloudify-manager-server | |
type: string | |
manager_server_user: | |
default: ubuntu | |
type: string | |
manager_private_key_path: | |
default: ~/.ssh/cloudify-manager-kp.pem | |
type: string | |
agent_private_key_path: | |
default: ~/.ssh/cloudify-agent-kp.pem | |
type: string | |
agents_user: | |
default: ubuntu | |
type: string | |
resources_prefix: | |
default: '' | |
type: string | |
management_network_name: | |
default: cloudify-management-network | |
type: string | |
management_subnet_name: | |
default: cloudify-management-network-subnet | |
type: string | |
management_router: | |
default: cloudify-management-router | |
type: string | |
manager_security_group_name: | |
default: cloudify-sg-manager | |
type: string | |
agents_security_group_name: | |
default: cloudify-sg-agents | |
type: string | |
manager_port_name: | |
default: cloudify-manager-port | |
type: string | |
manager_volume_name: | |
default: cloudify-manager-volume | |
type: string | |
node_templates: | |
management_keypair: | |
type: cloudify.openstack.nodes.KeyPair | |
properties: | |
use_external_resource: { get_input: use_existing_manager_keypair } | |
resource_id: { get_input: manager_public_key_name } | |
private_key_path: { get_input: manager_private_key_path } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
agent_keypair: | |
type: cloudify.openstack.nodes.KeyPair | |
properties: | |
use_external_resource: { get_input: use_existing_agent_keypair } | |
resource_id: { get_input: agent_public_key_name } | |
private_key_path: { get_input: agent_private_key_path } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
management_network: | |
type: cloudify.openstack.nodes.Network | |
properties: | |
resource_id: { get_input: management_network_name } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
management_subnet: | |
type: cloudify.openstack.nodes.Subnet | |
properties: | |
resource_id: { get_input: management_subnet_name } | |
subnet: | |
ip_version: 4 | |
cidr: 10.67.79.0/24 | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
relationships: | |
- target: management_network | |
type: cloudify.relationships.contained_in | |
- target: router | |
type: cloudify.openstack.subnet_connected_to_router | |
manager_port: | |
type: cloudify.openstack.nodes.Port | |
properties: | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
resource_id: { get_input: manager_port_name } | |
relationships: | |
- type: cloudify.relationships.contained_in | |
target: management_network | |
- type: cloudify.relationships.depends_on | |
target: management_subnet | |
- type: cloudify.openstack.port_connected_to_security_group | |
target: management_security_group | |
router: | |
type: cloudify.openstack.nodes.Router | |
properties: | |
resource_id: { get_input: management_router } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
relationships: | |
- target: external_network | |
type: cloudify.relationships.connected_to | |
external_network: | |
type: cloudify.openstack.nodes.Network | |
properties: | |
use_external_resource: true | |
resource_id: { get_input: external_network_name } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
agents_security_group: | |
type: cloudify.openstack.nodes.SecurityGroup | |
properties: | |
resource_id: { get_input: agents_security_group_name } | |
security_group: | |
description: Security group for Cloudify agent VMs | |
rules: | |
- port: 22 | |
remote_ip_prefix: { get_property: [management_subnet, subnet, cidr] } | |
- port: 5985 | |
remote_ip_prefix: { get_property: [management_subnet, subnet, cidr] } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
management_security_group: | |
type: cloudify.openstack.nodes.SecurityGroup | |
properties: | |
resource_id: { get_input: manager_security_group_name } | |
security_group: | |
description: Security group for Cloudify Manager VM | |
rules: | |
- port: 80 | |
remote_ip_prefix: 0.0.0.0/0 | |
- port: 443 | |
remote_ip_prefix: 0.0.0.0/0 | |
- port: 22 | |
remote_ip_prefix: 0.0.0.0/0 | |
- port: 8101 | |
remote_ip_prefix: { get_property: [management_subnet, subnet, cidr] } | |
- port: 5672 | |
remote_ip_prefix: { get_property: [management_subnet, subnet, cidr] } | |
- port: 53229 | |
remote_ip_prefix: { get_property: [management_subnet, subnet, cidr] } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
manager_server_ip: | |
type: cloudify.openstack.nodes.FloatingIP | |
properties: | |
floatingip: | |
floating_network_name: { get_input: external_network_name } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
manager_server: | |
type: cloudify.openstack.nodes.Server | |
properties: | |
resource_id: { get_input: manager_server_name } | |
install_agent: false | |
server: | |
image: { get_input: image_id } | |
flavor: { get_input: flavor_id } | |
management_network_name: { get_property: [management_network, resource_id] } | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
relationships: | |
- target: manager_server_ip | |
type: cloudify.openstack.server_connected_to_floating_ip | |
- target: management_keypair | |
type: cloudify.openstack.server_connected_to_keypair | |
- target: manager_port | |
type: cloudify.openstack.server_connected_to_port | |
openstack_configuration: | |
type: openstack_configuration | |
properties: | |
openstack_config: | |
username: { get_input: keystone_username } | |
password: { get_input: keystone_password } | |
tenant_name: { get_input: keystone_tenant_name } | |
auth_url: { get_input: keystone_url } | |
region: { get_input: region } | |
nova_url: { get_input: nova_url } | |
neutron_url: { get_input: neutron_url } | |
# volume: | |
# type: cloudify.openstack.nodes.Volume | |
# properties: | |
# volume: | |
# size: 10 | |
# openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
# resource_id: { get_input: manager_volume_name } | |
# relationships: | |
# - type: cloudify.openstack.volume_attached_to_server | |
# target: manager_server | |
# manager_data: | |
# type: cloudify.nodes.FileSystem | |
# properties: | |
# fs_type: ext4 | |
# fs_mount_path: /var/lib/docker | |
# interfaces: | |
# cloudify.interfaces.lifecycle: | |
# configure: | |
# implementation: fabric.fabric_plugin.tasks.run_script | |
# inputs: | |
# script_path: https://raw.githubusercontent.com/cloudify-cosmo/cloudify-manager/master/resources/rest-service/cloudify/fs/mkfs.sh | |
# fabric_env: | |
# user: { get_input: manager_server_user } | |
# key_filename: { get_property: [management_keypair, private_key_path] } | |
# host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
# relationships: | |
# - type: cloudify.relationships.file_system_depends_on_volume | |
# target: volume | |
# source_interfaces: | |
# cloudify.interfaces.relationship_lifecycle: | |
# preconfigure: | |
# implementation: fabric.fabric_plugin.tasks.run_script | |
# inputs: | |
# script_path: https://raw.githubusercontent.com/cloudify-cosmo/cloudify-manager/master/resources/rest-service/cloudify/fs/fdisk.sh | |
# device_name: { get_attribute: [TARGET, device_name] } | |
# fabric_env: | |
# user: { get_input: manager_server_user } | |
# key_filename: { get_property: [management_keypair, private_key_path] } | |
# host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
# | |
# - type: cloudify.relationships.file_system_contained_in_compute | |
# target: manager_server | |
# source_interfaces: | |
# cloudify.interfaces.relationship_lifecycle: | |
# establish: | |
# implementation: fabric.fabric_plugin.tasks.run_script | |
# inputs: | |
# script_path: https://raw.githubusercontent.com/cloudify-cosmo/cloudify-manager/master/resources/rest-service/cloudify/fs/mount-docker.sh | |
# fabric_env: | |
# user: { get_input: manager_server_user } | |
# key_filename: { get_property: [management_keypair, private_key_path] } | |
# host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
# unlink: | |
# implementation: fabric.fabric_plugin.tasks.run_script | |
# inputs: | |
# script_path: https://raw.githubusercontent.com/cloudify-cosmo/cloudify-manager/master/resources/rest-service/cloudify/fs/unmount.sh | |
# fabric_env: | |
# user: { get_input: manager_server_user } | |
# key_filename: { get_property: [management_keypair, private_key_path] } | |
# host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
manager: | |
type: cloudify.nodes.CloudifyManager | |
properties: | |
cloudify_packages: | |
agents: | |
ubuntu_agent_url: http://gigaspaces-repository-eu.s3.amazonaws.com/org/cloudify3/3.2.0/ga-RELEASE/cloudify-ubuntu-agent_3.2.0-ga-b200_amd64.deb | |
centos_agent_url: http://gigaspaces-repository-eu.s3.amazonaws.com/org/cloudify3/3.2.0/ga-RELEASE/cloudify-centos-final-agent_3.2.0-ga-b200_amd64.deb | |
windows_agent_url: http://gigaspaces-repository-eu.s3.amazonaws.com/org/cloudify3/3.2.0/ga-RELEASE/cloudify-windows-agent_3.2.0-ga-b200_amd64.deb | |
docker: | |
docker_url: http://gigaspaces-repository-eu.s3.amazonaws.com/org/cloudify3/3.2.0/ga-RELEASE/cloudify-docker_3.2.0-ga-b200.tar | |
cloudify: | |
resources_prefix: { get_input: resources_prefix } | |
cloudify_agent: | |
min_workers: 0 | |
max_workers: 5 | |
remote_execution_port: 22 | |
user: { get_input: agents_user } | |
workflows: | |
task_retries: -1 # this means forever | |
task_retry_interval: 30 | |
policy_engine: | |
start_timeout: 30 | |
security: | |
######################################################################### | |
# Setting 'enabled' to true will activate security on the REST service, | |
# according to the below configuration. Each request received by the | |
# REST service will be authenticated, and communication can be limited | |
# to SSL. | |
enabled: false | |
######################################################################### | |
# A list of one or more authentication providers. Cloudify will use | |
# these providers in the order specified in the list (Mandatory). | |
# The list below sets Flask-secuREST's password-based and token-based | |
# authentication providers. | |
# ** Note: Passwords are usually not store as plaintext. Set passowrd_hash | |
# to match the hash scheme used in the selected datastore. | |
# Acceptable values: 'bcrypt', 'des_crypt', 'pbkdf2_sha256', | |
# pbkdf2_sha512', 'sha256_crypt' and 'sha512_crypt'. | |
authentication_providers: | |
- name: password | |
implementation: flask_securest.authentication_providers.password:PasswordAuthenticator | |
properties: | |
password_hash: plaintext | |
- name: token | |
implementation: flask_securest.authentication_providers.token:TokenAuthenticator | |
properties: | |
secret_key: my_secret | |
######################################################################### | |
# A user-store implementation is used to find a matching user | |
# and load its details (Mandatory unless you specified a custom | |
# authentication provider that does not require it). | |
# The configuration below will use Flask-secuREST's "simple userstore" | |
# implementation, with the users listed inline. | |
userstore_driver: | |
implementation: flask_securest.userstores.simple:SimpleUserstore | |
properties: | |
userstore: | |
user1: | |
username: example_user1 | |
password: example_password1 | |
email: example_user1@your_domain.dom | |
user2: | |
username: example_user2 | |
password: example_password2 | |
email: example_user2@your_domain.dom | |
user3: | |
username: example_user3 | |
password: example_password3 | |
email: example_user3@your_domain.dom | |
identifying_attribute: username | |
######################################################################### | |
# REST calls to "MANAGER_IP/tokens" will generate and return | |
# authentication tokens if an auth_token_generator is set (Optional). | |
# The below configuration sets Flask_secuREST's token module as the | |
# token generator. | |
# ** Note: Set the same secret key as in your token authenticator | |
auth_token_generator: | |
implementation: flask_securest.authentication_providers.token:TokenAuthenticator | |
properties: | |
secret_key: my_secret | |
expires_in_seconds: 600 | |
######################################################################### | |
# Enabling SSL limits communication with the server to SSL only (Optional). | |
# If enabled, both certificate and private key are mandatory. | |
ssl: | |
enabled: false | |
certificate_path: "" | |
private_key_path: "" | |
######################################################################### | |
# Security log file properties (Optional, the default values are as | |
# shown below). | |
# ** Note: The log file is located on the rest-service container | |
# | |
audit_log_file: /var/log/cloudify/rest-security-audit.log | |
audit_log_level: INFO # values: CRITICAL, ERROR, WARNING, INFO, DEBUG | |
audit_log_file_size_MB: 100 | |
audit_log_files_backup_count: 20 | |
relationships: | |
- target: manager_server | |
type: cloudify.relationships.contained_in | |
- target: manager_data | |
type: cloudify.relationships.depends_on | |
interfaces: | |
cloudify.interfaces.lifecycle: | |
configure: | |
implementation: fabric.fabric_plugin.tasks.run_task | |
inputs: | |
tasks_file: scripts/configure.py | |
task_name: configure | |
task_properties: | |
openstack_config: { get_property: [openstack_configuration, openstack_config] } | |
fabric_env: | |
user: { get_input: manager_server_user } | |
key_filename: { get_property: [management_keypair, private_key_path] } | |
host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
start: | |
implementation: fabric.fabric_plugin.tasks.run_module_task | |
inputs: | |
task_mapping: cloudify_cli.bootstrap.tasks.bootstrap_docker | |
task_properties: | |
cloudify_packages: { get_property: [manager, cloudify_packages] } | |
agent_local_key_path: { get_property: [agent_keypair, private_key_path] } | |
provider_context: { get_attribute: [manager, provider_context] } | |
fabric_env: | |
user: { get_input: manager_server_user } | |
key_filename: { get_property: [management_keypair, private_key_path] } | |
host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
stop: | |
implementation: fabric.fabric_plugin.tasks.run_module_task | |
inputs: | |
task_mapping: cloudify_cli.bootstrap.tasks.stop_manager_container | |
fabric_env: | |
user: { get_input: manager_server_user } | |
key_filename: { get_property: [management_keypair, private_key_path] } | |
host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
delete: | |
implementation: fabric.fabric_plugin.tasks.run_module_task | |
inputs: | |
task_mapping: cloudify_cli.bootstrap.tasks.stop_docker_service | |
fabric_env: | |
user: { get_input: manager_server_user } | |
key_filename: { get_property: [management_keypair, private_key_path] } | |
host_string: { get_attribute: [manager_server_ip, floating_ip_address] } | |
cloudify.interfaces.validation: | |
creation: | |
implementation: cli.cloudify_cli.bootstrap.tasks.creation_validation | |
inputs: | |
cloudify_packages: { get_property: [manager, cloudify_packages] } | |
node_types: | |
openstack_configuration: | |
derived_from: cloudify.nodes.Root | |
properties: | |
openstack_config: {} | |
plugins: | |
cli: | |
install: false | |
executor: central_deployment_agent | |
outputs: | |
manager_ip: | |
value: { get_attribute: [manager_server_ip, floating_ip_address] } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment