openstack
/
heat-templates
Code Issues Proposed changes
heat-templates/openshift-origin/F19/hot-template/openshift-scalable-cpu-nbgears/openshift.yaml

514 lines
18 KiB
YAML
Raw Blame History

heat_template_version: 2013-05-23
description: Template for setting up an OpenShift Origin environment
parameters:
prefix:
description: Your DNS Prefix
type: string
default: example.com
upstream_dns:
description: Upstream DNS server
type: string
default: 8.8.8.8
upstream_ntp:
description: Upstream NTP server
type: string
default: clock.redhat.com
broker_flavor:
description: Flavor of Broker instance
type: string
default: m1.medium
node_flavor:
description: Flavor of Node instance
type: string
default: m1.medium
broker_hostname:
description: Hostname of Broker instance
type: string
default: brokerinstance
node_hostname:
description: Hostname of Node instance
type: string
default: nodeinstance
username:
description: Username for accessing OpenShift Origin
type: string
default: openshift
password:
description: Password for accessing OpenShift Origin
type: string
default: password
public_net_id:
description: External network ID
type: string
private_network_name:
description: Name of the private network which will be created
type: string
default: OpenShift-Network
private_network_cidr:
description: Private network address (CIDR format)
type: string
default: 10.0.0.0/8
private_network_gateway:
description: Private network gateway
type: string
default: 10.0.0.1
private_network_dns:
description: Private network DNS
type: string
default: 8.8.8.8
private_network_pool_start:
description: Private network pool start
type: string
default: 10.0.0.2
private_network_pool_end:
description: Private network pool end
type: string
default: 10.255.255.254
dev_mode:
description: Sets development mode and extra logging.
type: string
default: false
puppet_module_url:
description: Sets the URL to pull the OpenShift Origin Puppet module from.
type: string
default: https://github.com/openshift/puppet-openshift_origin.git
puppet_module_branch:
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
type: string
default: master
controller_ip:
description: The IP address of the OpenStack Controller
type: string
default: 192.168.202.101
tenant_name:
description: The tenant name
type: string
default: admin
openstack_username:
description: Username of your OpenStack account
type: string
default: admin
openstack_password:
description: Password of your OpenStack account
type: string
default: network
asg_template_repo_address:
description: Repository address of the NodeInstanceGroup Template
type: string
public_ssh_key:
description: Public key that will be used for SSH connection to instances
type: string
ssh_key_name:
description: SSHKey name
type: string
default: OpenshiftSSHKey
image_broker_name:
description: Name of the image you have created for the broker with diskimage-builder
type: string
default: F19-x86_64-openshift-origin-broker
image_node_name:
description: Name of the image you have created for the node with diskimage-builder
type: string
default: F19-x86_64-openshift-origin-node
openshift_version:
description: Version of openshift puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- git checkout 722687c
- git checkout master
default: git checkout 722687c
stdlib_version:
description: Version of stdlib puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs/stdlib --version 4.3.2
- puppetlabs/stdlib
default: puppetlabs/stdlib --version 4.3.2
ntp_version:
description: Version of ntp puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs/ntp --version 3.1.2
- puppetlabs/ntp
default: puppetlabs/ntp --version 3.1.2
concat_version:
description: Version of concat puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs-concat --version 1.0.4
- puppetlabs-concat
default: puppetlabs-concat --version 1.0.4
lokkit_version:
description: Version of lokkit puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- rharrison-lokkit --version 0.5.0
- rharrison-lokkit
default: rharrison-lokkit --version 0.5.0
selinux_types_version:
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- blentz-selinux_types --version 0.1.0
- blentz-selinux_types
default: blentz-selinux_types --version 0.1.0
haproxy_version:
description: Version of haproxy puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- puppetlabs/haproxy --version 1.0.0
- puppetlabs/haproxy
default: puppetlabs/haproxy --version 1.0.0
keepalived_version:
description: Version of keepalived puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- arioch/keepalived --version 0.1.0
- arioch/keepalived
default: arioch/keepalived --version 0.1.0
sysctl_version:
description: Version of sysctl puppet module, leave the default value if you want to use a production version
type: string
constraints:
- allowed_values:
- duritong-sysctl --version 0.0.4
- duritong-sysctl
default: duritong-sysctl --version 0.0.4
resources:
openshift_origin_security_group:
type: OS::Neutron::SecurityGroup
properties:
description: OpenShift Origin Firewall Rules
rules: [
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": icmp
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 22,
"port_range_max": 22
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": udp,
"port_range_min": 53,
"port_range_max": 53
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 80,
"port_range_max": 80
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 443,
"port_range_max": 443
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 8443,
"port_range_max": 8443
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 8000,
"port_range_max": 8000
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 8080,
"port_range_max": 8080
},
{
"remote_ip_prefix": 0.0.0.0/0,
"protocol": tcp,
"port_range_min": 61613,
"port_range_max": 61613
}
]
ssh_key:
type: OS::Nova::KeyPair
properties:
name: {get_param: ssh_key_name}
public_key: {get_param: public_ssh_key}
private_network:
type: OS::Neutron::Net
properties:
name: {get_param: private_network_name}
private_sub_network:
type: OS::Neutron::Subnet
properties:
network_id: {get_resource: private_network}
cidr: {get_param: private_network_cidr}
gateway_ip: {get_param: private_network_gateway}
dns_nameservers: [ {get_param: private_network_dns} ]
allocation_pools: [{
"start": {get_param: private_network_pool_start},
"end": {get_param: private_network_pool_end}
}]
router:
type: OS::Neutron::Router
router_gateway:
type: OS::Neutron::RouterGateway
properties:
router_id: {get_resource: router}
network_id: {get_param: public_net_id}
router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: {get_resource: router}
subnet_id: {get_resource: private_sub_network}
broker_port:
type: OS::Neutron::Port
properties:
network_id: {get_resource: private_network}
fixed_ips: [
subnet_id: {get_resource: private_sub_network}
]
security_groups: [{get_resource: openshift_origin_security_group}]
broker_floating_ip:
type: OS::Neutron::FloatingIP
properties:
floating_network_id: {get_param: public_net_id}
port_id: {get_resource: broker_port}
broker_wait_handle:
type: AWS::CloudFormation::WaitConditionHandle
broker_wait_condition:
type: AWS::CloudFormation::WaitCondition
depends_on: broker_instance
properties:
Handle: {get_resource: broker_wait_handle}
Timeout: 1800
broker_user_data:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template: |
#!/bin/bash -x
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
export PREFIX=$Prefix
export UPSTREAM_DNS=$UpstreamDNS
export UPSTREAM_NTP=$UpstreamNTP
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
export HOSTNAME=$BrokerHostname
export USERNAME=$Username
export PASSWORD=$Password
export DEV_MODE=$DevMode
export PUPPET_MODULE_URL=$PuppetURL
export PUPPET_MODULE_BRANCH=$PuppetBranch
cat << EOF > /root/configure.pp
\$my_hostname="${HOSTNAME}.${PREFIX}"
exec { "set hostname":
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
}
class { 'openshift_origin' :
roles => ['broker','nameserver','msgserver','datastore'],
bind_key => '${DNS_SEC_KEY}',
domain => '${PREFIX}',
register_host_with_nameserver => true,
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
ntp_servers => ['${UPSTREAM_NTP} iburst'],
broker_hostname => \$my_hostname,
nameserver_hostname => \$my_hostname,
datastore_hostname => \$my_hostname,
msgserver_hostname => \$my_hostname,
broker_auth_plugin => 'htpasswd',
openshift_user1 => '${USERNAME}',
openshift_password1 => '${PASSWORD}',
development_mode => ${DEV_MODE},
}
EOF
cat << EOF > ~/nbGears.sh
#!/bin/bash -x
MEMORY=\$(cat /proc/meminfo | grep "MemTotal:" | cut -d : -f 2 | tr -d ' ' | tr -d 'kB')
GEARS=\$(/usr/sbin/oo-stats | grep "Gears active count" | cut -d : -f 2 | cut -d " " -f 2)
NODES=\$(/usr/sbin/oo-stats | grep "Nodes count" | cut -d : -f 2 | cut -d " " -f 2)
let "GEARSPERNODE=\$MEMORY/512000"
let "RESULT=\$GEARS*100/\$NODES/\$GEARSPERNODE"
curl http://$ControllerIP:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -d '{"auth": {"tenantName": "$TenantName", "passwordCredentials": {"username": "$UserName", "password": "$OpenStackPassword"}}}' > auth_token.dat
TOKEN=\$(awk -F"[,:]" '{for(i=1;i<=NF;i++)
{if(\$i~/id\042/)
{print \$(i+1)}
}
}' auth_token.dat | awk -F'"' '{print \$2; exit}')
curl -X POST -H "X-Auth-Token: \$TOKEN" -H 'Content-Type: application/json' -d '[{"counter_name": "gear", "user_id": "1", "resource_id": "1","counter_unit": "%", "counter_volume":'"\$RESULT"', "project_id": "1", "counter_type": "gauge"}]' http://$ControllerIP:8777/v2/meters/gear
EOF
chmod 744 ~/nbGears.sh
cat << EOF > /etc/cron.d/cronNbGears
* * * * * root ~/nbGears.sh
EOF
/sbin/service crond restart
mkdir -p /etc/puppet/modules
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
cd /etc/puppet/modules/openshift_origin
$OpenShiftVersion
puppet module install $StdlibVersion
puppet module install $NtpVersion
puppet module install $ConcatVersion
puppet module install $LokkitVersion
puppet module install $SelinuxVersion
puppet module install $HaproxyVersion
puppet module install $KeepalivedVersion
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
setenforce 0
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
chkconfig activemq on
service activemq start
setenforce 1
params:
$Prefix: {get_param: prefix}
$UpstreamDNS: {get_param: upstream_dns}
$UpstreamNTP: {get_param: upstream_ntp}
$BrokerWaitHandle: {get_resource: broker_wait_handle}
$BrokerHostname: {get_param: broker_hostname}
$Username: {get_param: username}
$Password: {get_param: password}
$DevMode: {get_param: dev_mode}
$PuppetURL: {get_param: puppet_module_url}
$PuppetBranch: {get_param: puppet_module_branch}
$OpenShiftVersion: {get_param: openshift_version}
$StdlibVersion: {get_param: stdlib_version}
$NtpVersion: {get_param: ntp_version}
$ConcatVersion: {get_param: concat_version}
$LokkitVersion: {get_param: lokkit_version}
$SelinuxVersion: {get_param: selinux_types_version}
$HaproxyVersion: {get_param: haproxy_version}
$KeepalivedVersion: {get_param: keepalived_version}
$ControllerIP: {get_param: controller_ip}
$TenantName: {get_param: tenant_name}
$UserName: {get_param: openstack_username}
$OpenStackPassword: {get_param: openstack_password}
broker_instance:
type: OS::Nova::Server
properties:
image: {get_param: image_broker_name}
flavor: {get_param: broker_flavor}
key_name: {get_resource: ssh_key}
networks: [
port: {get_resource: broker_port}
]
user_data: {get_resource: broker_user_data}
user_data_format: RAW
asg:
type: OS::Heat::AutoScalingGroup
depends_on:
- router_gateway
- broker_wait_condition
properties:
min_size: 1
max_size: 4
resource:
type: {get_param: asg_template_repo_address}
properties:
metadata: {"metering.group": "asg"}
private_network: {get_resource: private_network}
private_sub_network: {get_resource: private_sub_network}
ssh_key: {get_resource: ssh_key}
security_group: {get_resource: openshift_origin_security_group}
broker_ip: {get_attr: [broker_instance, first_address]}
broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]}
scale_up_policy:
type: OS::Heat::ScalingPolicy
properties:
adjustment_type: change_in_capacity
auto_scaling_group_id: {get_resource: asg}
cooldown: 60
scaling_adjustment: 1
scale_down_policy:
type: OS::Heat::ScalingPolicy
properties:
adjustment_type: change_in_capacity
auto_scaling_group_id: {get_resource: asg}
cooldown: 60
scaling_adjustment: -1
cpu_alarm_high:
type: OS::Ceilometer::Alarm
properties:
description: Scale-up if the average CPU > 80% for 1 minute
meter_name: cpu_util
statistic: avg
period: 60
evaluation_periods: 1
threshold: 80
alarm_actions:
- {get_attr: [scale_up_policy, alarm_url]}
comparison_operator: gt
matching_metadata: {'metadata.user_metadata.group': 'asg'}
cpu_alarm_low:
type: OS::Ceilometer::Alarm
properties:
description: Scale-down if the average CPU < 20% for 10 minutes
meter_name: cpu_util
statistic: avg
period: 600
evaluation_periods: 1
threshold: 20
alarm_actions:
- {get_attr: [scale_down_policy, alarm_url]}
comparison_operator: lt
matching_metadata: {'metadata.user_metadata.group': 'asg'}
gears_alarm_high:
type: OS::Ceilometer::Alarm
properties:
description: Scale-up if the average number of Gears is > 4 / node for 2 minutes
meter_name: gear
statistic: avg
period: 120
evaluation_periods: 1
threshold: 80
alarm_actions:
- {get_attr: [scale_up_policy, alarm_url]}
comparison_operator: gt
gears_alarm_low:
type: OS::Ceilometer::Alarm
properties:
description: Scale-down if the average number of Gears is < 1 / node for 10 minutes
meter_name: gear
statistic: avg
period: 600
evaluation_periods: 1
threshold: 20
alarm_actions:
- {get_attr: [scale_down_policy, alarm_url]}
comparison_operator: lt
View Git Blame Copy Permalink