heat_template_version: 2013-05-23 description: Template for setting up an OpenShift Origin environment parameters: prefix: description: Your DNS Prefix type: string default: example.com upstream_dns: description: Upstream DNS server type: string default: upstream_ntp: description: Upstream NTP server type: string default: clock.redhat.com broker_flavor: description: Flavor of Broker instance type: string default: m1.medium node_flavor: description: Flavor of Node instance type: string default: m1.medium broker_hostname: description: Hostname of Broker instance type: string default: brokerinstance node_hostname: description: Hostname of Node instance type: string default: nodeinstance username: description: Username for accessing OpenShift Origin type: string default: openshift password: description: Password for accessing OpenShift Origin type: string default: password public_net_id: description: External network ID type: string private_network_name: description: Name of the private network wich will be created type: string default: OpenShift-Network private_network_cidr: description: Private network address (CIDR format) type: string default: private_network_gateway: description: Private network gateway type: string default: private_network_dns: description: Private network DNS type: string default: private_network_pool_start: description: Private network pool start type: string default: private_network_pool_end: description: Private network pool end type: string default: dev_mode: description: Sets development mode and extra logging. type: string default: false puppet_module_url: description: Sets the URL to pull the OpenShift Origin Puppet module from. type: string default: https://github.com/openshift/puppet-openshift_origin.git puppet_module_branch: description: Sets the repo branch to pull the OpenShift Origin Puppet module from. type: string default: master controller_ip: description: The IP address of the OpenStack Controller type: string default: tenant_name: description: The tenant name type: string default: admin openstack_username: description: Username of your OpenStack account type: string default: admin openstack_password: description: Password of your OpenStack account type: string default: network asg_template_repo_address: description: Repository address of the NodeInstanceGroup Template type: string public_ssh_key: description: Public key that will be used for SSH connection to instances type: string ssh_key_name: description: SSHKey name type: string default: OpenshiftSSHKey image_broker_name: description: Name of the image you have created for the broker with diskimage-builder type: string default: F19-x86_64-openshift-origin-broker image_node_name: description: Name of the image you have created for the node with diskimage-builder type: string default: F19-x86_64-openshift-origin-node openshift_version: description: Version of openshift puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - git checkout 722687c - git checkout master default: git checkout 722687c stdlib_version: description: Version of stdlib puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - puppetlabs/stdlib --version 4.3.2 - puppetlabs/stdlib default: puppetlabs/stdlib --version 4.3.2 ntp_version: description: Version of ntp puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - puppetlabs/ntp --version 3.1.2 - puppetlabs/ntp default: puppetlabs/ntp --version 3.1.2 concat_version: description: Version of concat puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - puppetlabs-concat --version 1.0.4 - puppetlabs-concat default: puppetlabs-concat --version 1.0.4 lokkit_version: description: Version of lokkit puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - rharrison-lokkit --version 0.5.0 - rharrison-lokkit default: rharrison-lokkit --version 0.5.0 selinux_types_version: description: Version of selinux_types puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - blentz-selinux_types --version 0.1.0 - blentz-selinux_types default: blentz-selinux_types --version 0.1.0 haproxy_version: description: Version of haproxy puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - puppetlabs/haproxy --version 1.0.0 - puppetlabs/haproxy default: puppetlabs/haproxy --version 1.0.0 keepalived_version: description: Version of keepalived puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - arioch/keepalived --version 0.1.0 - arioch/keepalived default: arioch/keepalived --version 0.1.0 sysctl_version: description: Version of sysctl puppet module, leave the default value if you want to use a production version type: string constraints: - allowed_values: - duritong-sysctl --version 0.0.4 - duritong-sysctl default: duritong-sysctl --version 0.0.4 resources: openshift_origin_security_group: type: OS::Neutron::SecurityGroup properties: description: OpenShift Origin Firewall Rules rules: [ { "remote_ip_prefix":, "protocol": icmp }, { "remote_ip_prefix":, "protocol": tcp, "port_range_min": 22, "port_range_max": 22 }, { "remote_ip_prefix":, "protocol": udp, "port_range_min": 53, "port_range_max": 53 }, { "remote_ip_prefix":, "protocol": tcp, "port_range_min": 80, "port_range_max": 80 }, { "remote_ip_prefix":, "protocol": tcp, "port_range_min": 443, "port_range_max": 443 }, { "remote_ip_prefix":, "protocol": tcp, "port_range_min": 8443, "port_range_max": 8443 }, { "remote_ip_prefix":, "protocol": tcp, "port_range_min": 8000, "port_range_max": 8000 }, { "remote_ip_prefix":, "protocol": tcp, "port_range_min": 8080, "port_range_max": 8080 }, { "remote_ip_prefix":, "protocol": tcp, "port_range_min": 61613, "port_range_max": 61613 } ] ssh_key: type: OS::Nova::KeyPair properties: name: {get_param: ssh_key_name} public_key: {get_param: public_ssh_key} private_network: type: OS::Neutron::Net properties: name: {get_param: private_network_name} private_sub_network: type: OS::Neutron::Subnet properties: network_id: {get_resource: private_network} cidr: {get_param: private_network_cidr} gateway_ip: {get_param: private_network_gateway} dns_nameservers: [ {get_param: private_network_dns} ] allocation_pools: [{ "start": {get_param: private_network_pool_start}, "end": {get_param: private_network_pool_end} }] router: type: OS::Neutron::Router router_gateway: type: OS::Neutron::RouterGateway properties: router_id: {get_resource: router} network_id: {get_param: public_net_id} router_interface: type: OS::Neutron::RouterInterface properties: router_id: {get_resource: router} subnet_id: {get_resource: private_sub_network} broker_port: type: OS::Neutron::Port properties: network_id: {get_resource: private_network} fixed_ips: [ subnet_id: {get_resource: private_sub_network} ] security_groups: [{get_resource: openshift_origin_security_group}] broker_floating_ip: type: OS::Neutron::FloatingIP properties: floating_network_id: {get_param: public_net_id} port_id: {get_resource: broker_port} broker_wait_handle: type: AWS::CloudFormation::WaitConditionHandle broker_wait_condition: type: AWS::CloudFormation::WaitCondition depends_on: broker_instance properties: Handle: {get_resource: broker_wait_handle} Timeout: 1800 broker_user_data: type: OS::Heat::SoftwareConfig properties: group: ungrouped config: str_replace: template: | #!/bin/bash -x /usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'` export PREFIX=$Prefix export UPSTREAM_DNS=$UpstreamDNS export UPSTREAM_NTP=$UpstreamNTP export BROKER_WAIT_HANDLE="$BrokerWaitHandle" export HOSTNAME=$BrokerHostname export USERNAME=$Username export PASSWORD=$Password export DEV_MODE=$DevMode export PUPPET_MODULE_URL=$PuppetURL export PUPPET_MODULE_BRANCH=$PuppetBranch cat << EOF > /root/configure.pp \$my_hostname="${HOSTNAME}.${PREFIX}" exec { "set hostname": command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname" } class { 'openshift_origin' : roles => ['broker','nameserver','msgserver','datastore'], bind_key => '${DNS_SEC_KEY}', domain => '${PREFIX}', register_host_with_nameserver => true, conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'], ntp_servers => ['${UPSTREAM_NTP} iburst'], broker_hostname => \$my_hostname, nameserver_hostname => \$my_hostname, datastore_hostname => \$my_hostname, msgserver_hostname => \$my_hostname, broker_auth_plugin => 'htpasswd', openshift_user1 => '${USERNAME}', openshift_password1 => '${PASSWORD}', development_mode => ${DEV_MODE}, } EOF cat << EOF > ~/nbGears.sh #!/bin/bash -x MEMORY=\$(cat /proc/meminfo | grep "MemTotal:" | cut -d : -f 2 | tr -d ' ' | tr -d 'kB') GEARS=\$(/usr/sbin/oo-stats | grep "Gears active count" | cut -d : -f 2 | cut -d " " -f 2) NODES=\$(/usr/sbin/oo-stats | grep "Nodes count" | cut -d : -f 2 | cut -d " " -f 2) let "GEARSPERNODE=\$MEMORY/512000" let "RESULT=\$GEARS*100/\$NODES/\$GEARSPERNODE" curl http://$ControllerIP:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -d '{"auth": {"tenantName": "$TenantName", "passwordCredentials": {"username": "$UserName", "password": "$OpenStackPassword"}}}' > auth_token.dat TOKEN=\$(awk -F"[,:]" '{for(i=1;i<=NF;i++) {if(\$i~/id\042/) {print \$(i+1)} } }' auth_token.dat | awk -F'"' '{print \$2; exit}') curl -X POST -H "X-Auth-Token: \$TOKEN" -H 'Content-Type: application/json' -d '[{"counter_name": "gear", "user_id": "1", "resource_id": "1","counter_unit": "%", "counter_volume":'"\$RESULT"', "project_id": "1", "counter_type": "gauge"}]' http://$ControllerIP:8777/v2/meters/gear EOF chmod 744 ~/nbGears.sh cat << EOF > /etc/cron.d/cronNbGears * * * * * root ~/nbGears.sh EOF /sbin/service crond restart mkdir -p /etc/puppet/modules git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin cd /etc/puppet/modules/openshift_origin $OpenShiftVersion puppet module install $StdlibVersion puppet module install $NtpVersion puppet module install $ConcatVersion puppet module install $LokkitVersion puppet module install $SelinuxVersion puppet module install $HaproxyVersion puppet module install $KeepalivedVersion puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log setenforce 0 /opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE} chkconfig activemq on service activemq start setenforce 1 params: $Prefix: {get_param: prefix} $UpstreamDNS: {get_param: upstream_dns} $UpstreamNTP: {get_param: upstream_ntp} $BrokerWaitHandle: {get_resource: broker_wait_handle} $BrokerHostname: {get_param: broker_hostname} $Username: {get_param: username} $Password: {get_param: password} $DevMode: {get_param: dev_mode} $PuppetURL: {get_param: puppet_module_url} $PuppetBranch: {get_param: puppet_module_branch} $OpenShiftVersion: {get_param: openshift_version} $StdlibVersion: {get_param: stdlib_version} $NtpVersion: {get_param: ntp_version} $ConcatVersion: {get_param: concat_version} $LokkitVersion: {get_param: lokkit_version} $SelinuxVersion: {get_param: selinux_types_version} $HaproxyVersion: {get_param: haproxy_version} $KeepalivedVersion: {get_param: keepalived_version} $ControllerIP: {get_param: controller_ip} $TenantName: {get_param: tenant_name} $UserName: {get_param: openstack_username} $OpenStackPassword: {get_param: openstack_password} broker_instance: type: OS::Nova::Server properties: image: {get_param: image_broker_name} flavor: {get_param: broker_flavor} key_name: {get_resource: ssh_key} networks: [ port: {get_resource: broker_port} ] user_data: {get_resource: broker_user_data} user_data_format: RAW asg: type: OS::Heat::AutoScalingGroup depends_on: - router_gateway - broker_wait_condition properties: min_size: 1 max_size: 4 resource: type: {get_param: asg_template_repo_address} properties: private_network: {get_resource: private_network} private_sub_network: {get_resource: private_sub_network} ssh_key: {get_resource: ssh_key} security_group: {get_resource: openshift_origin_security_group} broker_ip: {get_attr: [broker_instance, first_address]} broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]} scale_up_policy: type: OS::Heat::ScalingPolicy properties: adjustment_type: change_in_capacity auto_scaling_group_id: {get_resource: asg} cooldown: 60 scaling_adjustment: 1 scale_down_policy: type: OS::Heat::ScalingPolicy properties: adjustment_type: change_in_capacity auto_scaling_group_id: {get_resource: asg} cooldown: 60 scaling_adjustment: -1 gears_alarm_high: type: OS::Ceilometer::Alarm properties: description: Scale-up if the average number of Gears is > 4 / node for 2 minutes meter_name: gear statistic: avg period: 120 evaluation_periods: 1 threshold: 80 alarm_actions: - {get_attr: [scale_up_policy, alarm_url]} comparison_operator: gt gears_alarm_low: type: OS::Ceilometer::Alarm properties: description: Scale-down if the average number of Gears is < 1 / node for 10 minutes meter_name: gear statistic: avg period: 600 evaluation_periods: 1 threshold: 20 alarm_actions: - {get_attr: [scale_down_policy, alarm_url]} comparison_operator: lt