Last active
September 28, 2021 10:28
-
-
Save pratikmallya/4b9cba01b79991af3f0b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
heat_template_version: 2013-05-23 | |
description: | | |
This is a Heat template to deploy a single Linux server running WordPress. | |
parameter_groups: | |
- label: Server Settings | |
parameters: | |
- server_hostname | |
- image | |
- flavor | |
- label: WordPress Settings | |
parameters: | |
- domain | |
- username | |
parameters: | |
# Server settings | |
server_hostname: | |
label: Server Name | |
description: Hostname to use for the server that's built. | |
type: string | |
default: WordPress | |
constraints: | |
- length: | |
min: 1 | |
max: 64 | |
- allowed_pattern: "^[a-zA-Z][a-zA-Z0-9-]*$" | |
description: | | |
Must begin with a letter and contain only alphanumeric characters. | |
image: | |
label: Operating System | |
description: | | |
Required: Server image used for all servers that are created as a part of | |
this deployment. | |
type: string | |
default: Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM) | |
constraints: | |
- allowed_values: | |
- Ubuntu 14.04 LTS (Trusty Tahr) (PVHVM) | |
description: Must be a supported operating system. | |
flavor: | |
label: Server Size | |
description: | | |
Required: Rackspace Cloud Server flavor to use. The size is based on the | |
amount of RAM for the provisioned server. | |
type: string | |
default: 4 GB General Purpose v1 | |
constraints: | |
- allowed_values: | |
- 1 GB General Purpose v1 | |
- 2 GB General Purpose v1 | |
- 4 GB General Purpose v1 | |
- 8 GB General Purpose v1 | |
- 15 GB I/O v1 | |
- 30 GB I/O v1 | |
- 1GB Standard Instance | |
- 2GB Standard Instance | |
- 4GB Standard Instance | |
- 8GB Standard Instance | |
- 15GB Standard Instance | |
- 30GB Standard Instance | |
description: | | |
Must be a valid Rackspace Cloud Server flavor for the region you have | |
selected to deploy into. | |
# WordPress settings | |
domain: | |
label: Site Domain | |
description: Domain to be used with WordPress site | |
type: string | |
default: "example.com" | |
constraints: | |
- allowed_pattern: "^[a-zA-Z0-9.-]{1,255}.[a-zA-Z]{2,15}$" | |
description: Must be a valid domain name | |
database_name: | |
label: Database Name | |
description: WordPress database name | |
type: string | |
default: wordpress | |
constraints: | |
- allowed_pattern: "^[0-9a-zA-Z$_]{1,64}$" | |
description: | | |
Maximum length of 64 characters, may only contain letters, numbers, and | |
underscores. | |
username: | |
label: Username | |
description: "Username for system, database, and WordPress logins." | |
type: string | |
default: wp_user | |
constraints: | |
- allowed_pattern: "^[a-zA-Z0-9 _.@-]{1,16}$" | |
description: | | |
Must be shorter than 16 characters and may only contain alphanumeric | |
characters, ' ', '_', '.', '@', and/or '-'. | |
resources: | |
# Random password generation | |
database_password: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 16 | |
sequence: lettersdigits | |
mysql_root_password: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 16 | |
sequence: lettersdigits | |
mysql_repl_password: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 16 | |
sequence: lettersdigits | |
mysql_debian_password: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 16 | |
sequence: lettersdigits | |
# Random strings for WP salting | |
wp_auth: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 32 | |
sequence: hexdigits | |
wp_logged_in: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 32 | |
sequence: hexdigits | |
wp_nonce: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 32 | |
sequence: hexdigits | |
wp_secure_auth: | |
type: "OS::Heat::RandomString" | |
properties: | |
length: 32 | |
sequence: hexdigits | |
sync_key: | |
type: "OS::Nova::KeyPair" | |
properties: | |
name: | |
str_replace: | |
template: "%stack_id%-sync" | |
params: | |
"%stack_id%": { get_param: "OS::stack_id" } | |
save_private_key: true | |
ssh_key: | |
type: "OS::Nova::KeyPair" | |
properties: | |
name: { get_param: "OS::stack_id" } | |
save_private_key: true | |
wait_condition: | |
type: OS::Heat::SwiftSignal | |
properties: | |
handle: { get_resource: wait_condition_handle } | |
timeout: 1800 | |
wait_condition_handle: | |
type: OS::Heat::SwiftSignalHandle | |
wordpress_cloud_init: | |
type: OS::Heat::CloudConfig | |
properties: | |
cloud_config: | |
package_update: true | |
packages: | |
- git | |
write_files: | |
# Set salt-minion to only use local resources | |
- path: /etc/salt/minion.d/local.conf | |
permissions: '0644' | |
content: | | |
file_client: local | |
mysql.default_file: '/etc/mysql/debian.cnf' | |
# Write out Pillar top.sls | |
- path: /srv/pillar/top.sls | |
permissions: '0600' | |
content: | | |
base: | |
'*': | |
- localhost | |
# Write out State top.sls | |
- path: /srv/salt/top.sls | |
permissions: '0644' | |
content: | | |
base: | |
'*': | |
- salt-minion | |
- apache | |
- memcached | |
- mysql | |
- mysql.database | |
- mysql.user | |
- mysql.grant | |
- php | |
- varnish | |
- wordpress | |
- users | |
- vsftpd | |
- holland | |
- holland.mysqldump | |
# Example Pillar Data using %value% notation | |
# See example pillar data from states repository. | |
- path: /srv/pillar/localhost.sls | |
permissions: '0600' | |
content: | |
str_replace: | |
template: | | |
apache: | |
disable_default_site: True | |
http_port: %http_port% | |
https_port: %https_port% | |
vhosts: | |
- domain: %url% | |
docroot: %destination%/%public% | |
holland: | |
backupsets: | |
default: | |
"holland:backup": | |
plugin: mysqldump | |
backups-to-keep: 7 | |
auto-purge-failures: yes | |
purge-policy: after-backup | |
estimated-size-factor: 1.0 | |
mysqldump: | |
file-per-database: yes | |
compression: | |
method: gzip | |
inline: yes | |
level: 1 | |
"mysql:client": | |
user: root | |
password: %mysql_root_password% | |
mysql: | |
root_password: %mysql_root_password% | |
mysql-database: | |
name: %db_name% | |
mysql-grant: | |
user: %wp_user% | |
database: %db_name% | |
mysql-user: | |
user: %wp_user% | |
pass: %database_password% | |
users: | |
%wp_user%: | |
home: %destination%/%public% | |
createhome: True | |
user_dir_mode: 0775 | |
prime_group: | |
name: www-data | |
varnish: | |
listen_port: %varnish_port% | |
vsftpd: | |
local_umask: 002 | |
additional_configuration: | |
- "ssl_enable=YES" | |
- "ssl_ciphers=HIGH" | |
- "force_local_logins_ssl=NO" | |
- "force_local_data_ssl=NO" | |
- "pasv_min_port=%vsftpd_pasv_min_port%" | |
- "pasv_max_port=%vsftpd_pasv_max_port%" | |
wordpress: | |
domain: %url% | |
user: %wp_user% | |
pass: %database_password% | |
db_host: localhost | |
db_name: %db_name% | |
db_user: %wp_user% | |
db_pass: %database_password% | |
group_write: True | |
params: | |
"%http_port%": 8080 | |
"%https_port%": 443 | |
"%url%": { get_param: domain } | |
"%destination%": "/var/www/vhosts" | |
"%public%": { get_param: domain } | |
"%mysql_root_password%": { get_attr: [mysql_root_password, value] } | |
"%db_name%": { get_param: database_name } | |
"%wp_user%": { get_param: username } | |
"%database_password%": { get_attr: [database_password, value] } | |
"%varnish_port%": 80 | |
"%vsftpd_pasv_min_port%": 10050 | |
"%vsftpd_pasv_max_port%": 10100 | |
# Salt Bootstrap script | |
- path: /tmp/heat/salt_run.sh | |
permissions: '0500' | |
content: | |
str_replace: | |
template: | | |
#!/bin/bash | |
# Install salt-minion using Salt Bootstrap | |
curl -L https://bootstrap.saltstack.com | sudo sh -s -- -P | |
salt-minion --versions | |
# Clone down States | |
mkdir -p /tmp/heat/states | |
git clone https://github.com/rackspace-orchestration-templates/salt-states.git /tmp/heat/states | |
cp -nr /tmp/heat/states/* /srv/salt/ | |
# Run local highstate | |
salt-call --local state.highstate | |
# Open and Enable ufw | |
ufw allow %https_port% | |
ufw allow %varnish_port% | |
ufw allow 22 | |
ufw allow 21 | |
ufw allow proto tcp to any port %vsftpd_pasv_min_port%:%vsftpd_pasv_max_port% | |
ufw --force enable | |
wc_notify --data-binary '{"status": "SUCCESS"}' | |
params: | |
wc_notify: { get_attr: ['wait_condition_handle', 'curl_cli'] } | |
"%https_port%": 443 | |
"%varnish_port%": 80 | |
"%vsftpd_pasv_min_port%": 10050 | |
"%vsftpd_pasv_max_port%": 10100 | |
runcmd: | |
- /tmp/heat/salt_run.sh | |
# Server resources | |
wordpress_server: | |
type: "OS::Nova::Server" | |
depends_on: ssh_key | |
properties: | |
name: { get_param: server_hostname } | |
flavor: { get_param: flavor } | |
image: { get_param: image } | |
key_name: { get_resource: ssh_key } | |
metadata: | |
rax-heat: { get_param: "OS::stack_id" } | |
config_drive: "true" | |
user_data_format: RAW | |
user_data: { get_resource: wordpress_cloud_init } | |
outputs: | |
private_key: | |
description: SSH Private Key | |
value: { get_attr: [ssh_key, private_key] } | |
server_ip: | |
description: Server IP | |
value: { get_attr: [wordpress_server, accessIPv4] } | |
domain: | |
description: domain for wordpress configuration | |
value: { get_param: domain } | |
wordpress_user: | |
description: WordPress User | |
value: { get_param: username } | |
wordpress_password: | |
description: WordPress Password | |
value: { get_attr: [database_password, value] } | |
mysql_root_password: | |
description: MySQL Root Password | |
value: { get_attr: [mysql_root_password, value] } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment