heat_template_version: 2013-05-23 description: > Topology 1: - 4 servers (Cirros)) - 2 Logical Switches - 1 Logical Router (Shared) - 2 Security Group allowing HTTP Topology 2: - 2 servers (Cirros)) - 2 Logical Switch - 1 Logical Router (Exclusive) - 1 Security Group allowing HTTP parameters: public_net: label: Public Network ID for external connectivity type: string description: > ID or name of public network # Need to update this network UUID for each vPod. default: ext-net dmz_network: default: ext-net description: "External network" type: string ubuntu_image: default: cirros description: "Ubuntu image" type: string resources: # Topology1 heat_NAT_web_net: type: OS::Neutron::Net properties: name: heat_NAT_web heat_NAT_web_subnet: type: OS::Neutron::Subnet properties: network_id: { get_resource: heat_NAT_web_net } cidr: 10.21.1.0/24 dns_nameservers: [ "10.166.17.90" ] heat_NAT_db_net: type: OS::Neutron::Net properties: name: heat_NAT_db heat_NAT_db_subnet: type: OS::Neutron::Subnet properties: network_id: { get_resource: heat_NAT_db_net } cidr: 10.21.2.0/24 dns_nameservers: [ "10.166.17.90" ] my_key: type: OS::Nova::KeyPair properties: save_private_key: true name: my_key router: type: OS::Neutron::Router properties: admin_state_up: true name: heat_NAT_router router_gw: type: OS::Neutron::RouterGateway properties: network_id: { get_param: public_net} router_id: { get_resource: router } router_interface1: type: OS::Neutron::RouterInterface properties: router_id: { get_resource: router } subnet_id: { get_resource: heat_NAT_web_subnet } router_interface2: type: OS::Neutron::RouterInterface properties: router_id: { get_resource: router } subnet_id: { get_resource: heat_NAT_db_subnet } heat_NAT_web_secgroup: type: OS::Neutron::SecurityGroup properties: name: heat_NAT_web_secgroup rules: - protocol: tcp remote_ip_prefix: 0.0.0.0/0 port_range_min: 443 port_range_max: 443 - protocol: tcp remote_ip_prefix: 0.0.0.0/0 port_range_min: 22 port_range_max: 22 - protocol: icmp remote_ip_prefix: 0.0.0.0/0 heat_NAT_db_secgroup: type: OS::Neutron::SecurityGroup properties: name: heat_NAT_db_secgroup rules: - protocol: tcp remote_mode: remote_group_id remote_group_id: { get_resource: heat_NAT_web_secgroup } port_range_min: 3307 port_range_max: 3307 - protocol: icmp remote_ip_prefix: 0.0.0.0/0 server1_port: type: OS::Neutron::Port properties: network_id: { get_resource: heat_NAT_web_net } security_groups: - { get_resource: heat_NAT_web_secgroup } server1_instance: type: OS::Nova::Server properties: image: cirros flavor: m1.tiny key_name: { get_resource: my_key } networks: - port: { get_resource: server1_port } server1_floating_ip: type: OS::Neutron::FloatingIP properties: floating_network_id: { get_param: public_net } port_id: { get_resource: server1_port } server2_port: type: OS::Neutron::Port properties: network_id: { get_resource: heat_NAT_db_net } security_groups: - { get_resource: heat_NAT_db_secgroup } server2_instance: type: OS::Nova::Server properties: image: cirros flavor: m1.tiny key_name: { get_resource: my_key } networks: - port: { get_resource: server2_port } server3_port: type: OS::Neutron::Port properties: network_id: { get_resource: heat_NAT_db_net } security_groups: - { get_resource: heat_NAT_db_secgroup } server3_instance: type: OS::Nova::Server properties: image: cirros flavor: m1.tiny key_name: { get_resource: my_key } networks: - port: { get_resource: server3_port } server4_port: type: OS::Neutron::Port properties: network_id: { get_resource: heat_NAT_web_net } security_groups: - { get_resource: heat_NAT_web_secgroup } server4_instance: type: OS::Nova::Server properties: image: cirros flavor: m1.tiny key_name: { get_resource: my_key } networks: - port: { get_resource: server4_port } # Topology2 dmz_router: properties: admin_state_up: true external_gateway_info: network: get_param: dmz_network name: Fn::Join: - '_' - [get_param: "OS::stack_name", "DmzGateway"] value_specs: router_type: exclusive type: "OS::Neutron::Router" floatingip_jump: properties: floating_network: get_param: dmz_network type: "OS::Neutron::FloatingIP" floatingip_jump_association: depends_on: - floatingip_jump - server_jump1 - router_interface_subnet_mgmt_dmz properties: floating_ip: get_resource: floatingip_jump server_id: get_resource: server_jump1 type: "OS::Nova::FloatingIPAssociation" network_mgmt: properties: admin_state_up: true name: Fn::Join: - '_' - [get_param: "OS::stack_name", "mgmt"] shared: false type: "OS::Neutron::Net" network_mgmt2: properties: admin_state_up: true name: Fn::Join: - '_' - [get_param: "OS::stack_name", "mgmt2"] shared: false type: "OS::Neutron::Net" port_dmz_jump: depends_on: - security_group - subnet_mgmt properties: fixed_ips: - ip_address: "50.0.0.10" security_groups: - get_resource: security_group network_id: get_resource: network_mgmt type: "OS::Neutron::Port" port_dmz_jump2: depends_on: - security_group - subnet_mgmt properties: fixed_ips: - ip_address: "60.0.0.10" security_groups: - get_resource: security_group network_id: get_resource: network_mgmt2 type: "OS::Neutron::Port" port_mgmt_dmz_router: depends_on: - security_group - subnet_mgmt properties: fixed_ips: - ip_address: "50.0.0.254" network_id: get_resource: network_mgmt security_groups: - get_resource: security_group type: "OS::Neutron::Port" router_interface_subnet_mgmt_dmz: depends_on: - dmz_router - port_mgmt_dmz_router properties: port_id: get_resource: port_mgmt_dmz_router router_id: get_resource: dmz_router type: "OS::Neutron::RouterInterface" port_mgmt_dmz_router2: depends_on: - security_group - subnet_mgmt2 properties: fixed_ips: - ip_address: "60.0.0.254" network_id: get_resource: network_mgmt2 security_groups: - get_resource: security_group type: "OS::Neutron::Port" router_interface_subnet_mgmt_dmz2: depends_on: - dmz_router - port_mgmt_dmz_router2 properties: port_id: get_resource: port_mgmt_dmz_router2 router_id: get_resource: dmz_router type: "OS::Neutron::RouterInterface" security_group: properties: description: "Allows all" name: Fn::Join: - '_' - [get_param: "OS::stack_name", "Permissive"] rules: - direction: ingress ethertype: IPv4 port_range_max: 65535 port_range_min: 1 protocol: tcp remote_ip_prefix: 0.0.0.0/0 - direction: ingress ethertype: IPv4 port_range_max: 65535 port_range_min: 1 protocol: udp remote_ip_prefix: 0.0.0.0/0 - direction: ingress ethertype: IPv4 protocol: icmp remote_ip_prefix: 0.0.0.0/0 - direction: egress ethertype: IPv4 port_range_max: 65535 port_range_min: 1 protocol: tcp remote_ip_prefix: 0.0.0.0/0 - direction: egress ethertype: IPv4 port_range_max: 65535 port_range_min: 1 protocol: udp remote_ip_prefix: 0.0.0.0/0 - direction: egress ethertype: IPv4 protocol: icmp remote_ip_prefix: 0.0.0.0/0 type: "OS::Neutron::SecurityGroup" server_jump1: depends_on: - port_dmz_jump properties: diskConfig: MANUAL flavor: m1.tiny image: get_param: ubuntu_image key_name: { get_resource: my_key } name: Fn::Join: - '_' - [get_param: "OS::stack_name", "JumpServer1"] networks: - port: get_resource: port_dmz_jump networks: - port: get_resource: port_dmz_jump type: "OS::Nova::Server" subnet_mgmt: depends_on: - network_mgmt properties: allocation_pools: - end: "50.0.0.250" start: "50.0.0.2" cidr: 50.0.0.0/24 dns_nameservers: - "172.17.100.11" enable_dhcp: true ip_version: 4 name: Fn::Join: - '_' - [get_param: "OS::stack_name", "DMZSubnet"] network_id: get_resource: network_mgmt type: "OS::Neutron::Subnet" subnet_mgmt2: depends_on: - network_mgmt2 properties: allocation_pools: - end: "60.0.0.250" start: "60.0.0.2" cidr: 60.0.0.0/24 dns_nameservers: - "172.17.100.11" enable_dhcp: true ip_version: 4 name: Fn::Join: - '_' - [get_param: "OS::stack_name", "DMZSubnet2"] network_id: get_resource: network_mgmt2 type: "OS::Neutron::Subnet" server_jump2: properties: diskConfig: MANUAL flavor: m1.tiny image: get_param: ubuntu_image key_name: { get_resource: my_key } name: Fn::Join: - '_' - [get_param: "OS::stack_name", "JumpServer2"] networks: - port: get_resource: port_dmz_jump2 depends_on: [ port_dmz_jump2 ] type: OS::Nova::Server outputs: topo1_server1_floatingip: description: Floating IP address of Topology1_Server1_floatingip value: { get_attr: [ server1_floating_ip, floating_ip_address ] } topo1_server1_private_ip: description: Private IP address of the deployed compute instance value: { get_attr: [server1_instance, networks, heat_NAT_web, 0] } topo1_server2_private_ip: description: Private IP address of the deployed compute instance value: { get_attr: [server2_instance, networks, heat_NAT_db, 0] } topo1_server3_private_ip: description: Private IP address of the deployed compute instance value: { get_attr: [server3_instance, networks, heat_NAT_db, 0] } topo1_server4_private_ip: description: Private IP address of the deployed compute instance value: { get_attr: [server4_instance, networks, heat_NAT_web, 0] } private_key: description: Private key value: { get_attr: [ my_key, private_key ] }