514 lines
18 KiB
YAML
514 lines
18 KiB
YAML
heat_template_version: 2013-05-23
|
|
|
|
description: Template for setting up an OpenShift Origin environment
|
|
|
|
parameters:
|
|
prefix:
|
|
description: Your DNS Prefix
|
|
type: string
|
|
default: example.com
|
|
upstream_dns:
|
|
description: Upstream DNS server
|
|
type: string
|
|
default: 8.8.8.8
|
|
upstream_ntp:
|
|
description: Upstream NTP server
|
|
type: string
|
|
default: clock.redhat.com
|
|
broker_flavor:
|
|
description: Flavor of Broker instance
|
|
type: string
|
|
default: m1.medium
|
|
node_flavor:
|
|
description: Flavor of Node instance
|
|
type: string
|
|
default: m1.medium
|
|
broker_hostname:
|
|
description: Hostname of Broker instance
|
|
type: string
|
|
default: brokerinstance
|
|
node_hostname:
|
|
description: Hostname of Node instance
|
|
type: string
|
|
default: nodeinstance
|
|
username:
|
|
description: Username for accessing OpenShift Origin
|
|
type: string
|
|
default: openshift
|
|
password:
|
|
description: Password for accessing OpenShift Origin
|
|
type: string
|
|
default: password
|
|
public_net_id:
|
|
description: External network ID
|
|
type: string
|
|
private_network_name:
|
|
description: Name of the private network which will be created
|
|
type: string
|
|
default: OpenShift-Network
|
|
private_network_cidr:
|
|
description: Private network address (CIDR format)
|
|
type: string
|
|
default: 10.0.0.0/8
|
|
private_network_gateway:
|
|
description: Private network gateway
|
|
type: string
|
|
default: 10.0.0.1
|
|
private_network_dns:
|
|
description: Private network DNS
|
|
type: string
|
|
default: 8.8.8.8
|
|
private_network_pool_start:
|
|
description: Private network pool start
|
|
type: string
|
|
default: 10.0.0.2
|
|
private_network_pool_end:
|
|
description: Private network pool end
|
|
type: string
|
|
default: 10.255.255.254
|
|
dev_mode:
|
|
description: Sets development mode and extra logging.
|
|
type: string
|
|
default: false
|
|
puppet_module_url:
|
|
description: Sets the URL to pull the OpenShift Origin Puppet module from.
|
|
type: string
|
|
default: https://github.com/openshift/puppet-openshift_origin.git
|
|
puppet_module_branch:
|
|
description: Sets the repo branch to pull the OpenShift Origin Puppet module from.
|
|
type: string
|
|
default: master
|
|
controller_ip:
|
|
description: The IP address of the OpenStack Controller
|
|
type: string
|
|
default: 192.168.202.101
|
|
tenant_name:
|
|
description: The tenant name
|
|
type: string
|
|
default: admin
|
|
openstack_username:
|
|
description: Username of your OpenStack account
|
|
type: string
|
|
default: admin
|
|
openstack_password:
|
|
description: Password of your OpenStack account
|
|
type: string
|
|
default: network
|
|
asg_template_repo_address:
|
|
description: Repository address of the NodeInstanceGroup Template
|
|
type: string
|
|
public_ssh_key:
|
|
description: Public key that will be used for SSH connection to instances
|
|
type: string
|
|
ssh_key_name:
|
|
description: SSHKey name
|
|
type: string
|
|
default: OpenshiftSSHKey
|
|
image_broker_name:
|
|
description: Name of the image you have created for the broker with diskimage-builder
|
|
type: string
|
|
default: F19-x86_64-openshift-origin-broker
|
|
image_node_name:
|
|
description: Name of the image you have created for the node with diskimage-builder
|
|
type: string
|
|
default: F19-x86_64-openshift-origin-node
|
|
openshift_version:
|
|
description: Version of openshift puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- git checkout 722687c
|
|
- git checkout master
|
|
default: git checkout 722687c
|
|
stdlib_version:
|
|
description: Version of stdlib puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs/stdlib --version 4.3.2
|
|
- puppetlabs/stdlib
|
|
default: puppetlabs/stdlib --version 4.3.2
|
|
ntp_version:
|
|
description: Version of ntp puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs/ntp --version 3.1.2
|
|
- puppetlabs/ntp
|
|
default: puppetlabs/ntp --version 3.1.2
|
|
concat_version:
|
|
description: Version of concat puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs-concat --version 1.0.4
|
|
- puppetlabs-concat
|
|
default: puppetlabs-concat --version 1.0.4
|
|
lokkit_version:
|
|
description: Version of lokkit puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- rharrison-lokkit --version 0.5.0
|
|
- rharrison-lokkit
|
|
default: rharrison-lokkit --version 0.5.0
|
|
selinux_types_version:
|
|
description: Version of selinux_types puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- blentz-selinux_types --version 0.1.0
|
|
- blentz-selinux_types
|
|
default: blentz-selinux_types --version 0.1.0
|
|
haproxy_version:
|
|
description: Version of haproxy puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- puppetlabs/haproxy --version 1.0.0
|
|
- puppetlabs/haproxy
|
|
default: puppetlabs/haproxy --version 1.0.0
|
|
keepalived_version:
|
|
description: Version of keepalived puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- arioch/keepalived --version 0.1.0
|
|
- arioch/keepalived
|
|
default: arioch/keepalived --version 0.1.0
|
|
sysctl_version:
|
|
description: Version of sysctl puppet module, leave the default value if you want to use a production version
|
|
type: string
|
|
constraints:
|
|
- allowed_values:
|
|
- duritong-sysctl --version 0.0.4
|
|
- duritong-sysctl
|
|
default: duritong-sysctl --version 0.0.4
|
|
|
|
resources:
|
|
openshift_origin_security_group:
|
|
type: OS::Neutron::SecurityGroup
|
|
properties:
|
|
description: OpenShift Origin Firewall Rules
|
|
rules: [
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": icmp
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 22,
|
|
"port_range_max": 22
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": udp,
|
|
"port_range_min": 53,
|
|
"port_range_max": 53
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 80,
|
|
"port_range_max": 80
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 443,
|
|
"port_range_max": 443
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 8443,
|
|
"port_range_max": 8443
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 8000,
|
|
"port_range_max": 8000
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 8080,
|
|
"port_range_max": 8080
|
|
},
|
|
{
|
|
"remote_ip_prefix": 0.0.0.0/0,
|
|
"protocol": tcp,
|
|
"port_range_min": 61613,
|
|
"port_range_max": 61613
|
|
}
|
|
]
|
|
|
|
ssh_key:
|
|
type: OS::Nova::KeyPair
|
|
properties:
|
|
name: {get_param: ssh_key_name}
|
|
public_key: {get_param: public_ssh_key}
|
|
|
|
private_network:
|
|
type: OS::Neutron::Net
|
|
properties:
|
|
name: {get_param: private_network_name}
|
|
|
|
private_sub_network:
|
|
type: OS::Neutron::Subnet
|
|
properties:
|
|
network_id: {get_resource: private_network}
|
|
cidr: {get_param: private_network_cidr}
|
|
gateway_ip: {get_param: private_network_gateway}
|
|
dns_nameservers: [ {get_param: private_network_dns} ]
|
|
allocation_pools: [{
|
|
"start": {get_param: private_network_pool_start},
|
|
"end": {get_param: private_network_pool_end}
|
|
}]
|
|
|
|
router:
|
|
type: OS::Neutron::Router
|
|
|
|
router_gateway:
|
|
type: OS::Neutron::RouterGateway
|
|
properties:
|
|
router_id: {get_resource: router}
|
|
network_id: {get_param: public_net_id}
|
|
|
|
router_interface:
|
|
type: OS::Neutron::RouterInterface
|
|
properties:
|
|
router_id: {get_resource: router}
|
|
subnet_id: {get_resource: private_sub_network}
|
|
|
|
broker_port:
|
|
type: OS::Neutron::Port
|
|
properties:
|
|
network_id: {get_resource: private_network}
|
|
fixed_ips: [
|
|
subnet_id: {get_resource: private_sub_network}
|
|
]
|
|
security_groups: [{get_resource: openshift_origin_security_group}]
|
|
|
|
broker_floating_ip:
|
|
type: OS::Neutron::FloatingIP
|
|
properties:
|
|
floating_network_id: {get_param: public_net_id}
|
|
port_id: {get_resource: broker_port}
|
|
|
|
broker_wait_handle:
|
|
type: AWS::CloudFormation::WaitConditionHandle
|
|
|
|
broker_wait_condition:
|
|
type: AWS::CloudFormation::WaitCondition
|
|
depends_on: broker_instance
|
|
properties:
|
|
Handle: {get_resource: broker_wait_handle}
|
|
Timeout: 1800
|
|
|
|
broker_user_data:
|
|
type: OS::Heat::SoftwareConfig
|
|
properties:
|
|
group: ungrouped
|
|
config:
|
|
str_replace:
|
|
template: |
|
|
#!/bin/bash -x
|
|
/usr/sbin/dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom -K /var/named $Prefix
|
|
export DNS_SEC_KEY=`cat /var/named/K$Prefix.*.key | awk '{print $8}'`
|
|
export PREFIX=$Prefix
|
|
export UPSTREAM_DNS=$UpstreamDNS
|
|
export UPSTREAM_NTP=$UpstreamNTP
|
|
export BROKER_WAIT_HANDLE="$BrokerWaitHandle"
|
|
export HOSTNAME=$BrokerHostname
|
|
export USERNAME=$Username
|
|
export PASSWORD=$Password
|
|
export DEV_MODE=$DevMode
|
|
export PUPPET_MODULE_URL=$PuppetURL
|
|
export PUPPET_MODULE_BRANCH=$PuppetBranch
|
|
cat << EOF > /root/configure.pp
|
|
\$my_hostname="${HOSTNAME}.${PREFIX}"
|
|
exec { "set hostname":
|
|
command => "/bin/hostname \${my_hostname} ; echo \${my_hostname} > /etc/hostname"
|
|
}
|
|
class { 'openshift_origin' :
|
|
roles => ['broker','nameserver','msgserver','datastore'],
|
|
bind_key => '${DNS_SEC_KEY}',
|
|
domain => '${PREFIX}',
|
|
register_host_with_nameserver => true,
|
|
conf_nameserver_upstream_dns => ['${UPSTREAM_DNS}'],
|
|
ntp_servers => ['${UPSTREAM_NTP} iburst'],
|
|
broker_hostname => \$my_hostname,
|
|
nameserver_hostname => \$my_hostname,
|
|
datastore_hostname => \$my_hostname,
|
|
msgserver_hostname => \$my_hostname,
|
|
broker_auth_plugin => 'htpasswd',
|
|
openshift_user1 => '${USERNAME}',
|
|
openshift_password1 => '${PASSWORD}',
|
|
development_mode => ${DEV_MODE},
|
|
}
|
|
EOF
|
|
cat << EOF > ~/nbGears.sh
|
|
#!/bin/bash -x
|
|
MEMORY=\$(cat /proc/meminfo | grep "MemTotal:" | cut -d : -f 2 | tr -d ' ' | tr -d 'kB')
|
|
GEARS=\$(/usr/sbin/oo-stats | grep "Gears active count" | cut -d : -f 2 | cut -d " " -f 2)
|
|
NODES=\$(/usr/sbin/oo-stats | grep "Nodes count" | cut -d : -f 2 | cut -d " " -f 2)
|
|
let "GEARSPERNODE=\$MEMORY/512000"
|
|
let "RESULT=\$GEARS*100/\$NODES/\$GEARSPERNODE"
|
|
curl http://$ControllerIP:35357/v2.0/tokens -X POST -H "Content-Type: application/json" -d '{"auth": {"tenantName": "$TenantName", "passwordCredentials": {"username": "$UserName", "password": "$OpenStackPassword"}}}' > auth_token.dat
|
|
TOKEN=\$(awk -F"[,:]" '{for(i=1;i<=NF;i++)
|
|
{if(\$i~/id\042/)
|
|
{print \$(i+1)}
|
|
}
|
|
}' auth_token.dat | awk -F'"' '{print \$2; exit}')
|
|
curl -X POST -H "X-Auth-Token: \$TOKEN" -H 'Content-Type: application/json' -d '[{"counter_name": "gear", "user_id": "1", "resource_id": "1","counter_unit": "%", "counter_volume":'"\$RESULT"', "project_id": "1", "counter_type": "gauge"}]' http://$ControllerIP:8777/v2/meters/gear
|
|
EOF
|
|
chmod 744 ~/nbGears.sh
|
|
cat << EOF > /etc/cron.d/cronNbGears
|
|
* * * * * root ~/nbGears.sh
|
|
EOF
|
|
/sbin/service crond restart
|
|
mkdir -p /etc/puppet/modules
|
|
git clone -b ${PUPPET_MODULE_BRANCH} ${PUPPET_MODULE_URL} /etc/puppet/modules/openshift_origin
|
|
cd /etc/puppet/modules/openshift_origin
|
|
$OpenShiftVersion
|
|
puppet module install $StdlibVersion
|
|
puppet module install $NtpVersion
|
|
puppet module install $ConcatVersion
|
|
puppet module install $LokkitVersion
|
|
puppet module install $SelinuxVersion
|
|
puppet module install $HaproxyVersion
|
|
puppet module install $KeepalivedVersion
|
|
puppet apply --verbose /root/configure.pp | tee /var/log/configure_openshift.log
|
|
setenforce 0
|
|
/opt/aws/bin/cfn-signal -e 0 --data "${DNS_SEC_KEY}" -r 'Broker setup complete' ${BROKER_WAIT_HANDLE}
|
|
chkconfig activemq on
|
|
service activemq start
|
|
setenforce 1
|
|
params:
|
|
$Prefix: {get_param: prefix}
|
|
$UpstreamDNS: {get_param: upstream_dns}
|
|
$UpstreamNTP: {get_param: upstream_ntp}
|
|
$BrokerWaitHandle: {get_resource: broker_wait_handle}
|
|
$BrokerHostname: {get_param: broker_hostname}
|
|
$Username: {get_param: username}
|
|
$Password: {get_param: password}
|
|
$DevMode: {get_param: dev_mode}
|
|
$PuppetURL: {get_param: puppet_module_url}
|
|
$PuppetBranch: {get_param: puppet_module_branch}
|
|
$OpenShiftVersion: {get_param: openshift_version}
|
|
$StdlibVersion: {get_param: stdlib_version}
|
|
$NtpVersion: {get_param: ntp_version}
|
|
$ConcatVersion: {get_param: concat_version}
|
|
$LokkitVersion: {get_param: lokkit_version}
|
|
$SelinuxVersion: {get_param: selinux_types_version}
|
|
$HaproxyVersion: {get_param: haproxy_version}
|
|
$KeepalivedVersion: {get_param: keepalived_version}
|
|
$ControllerIP: {get_param: controller_ip}
|
|
$TenantName: {get_param: tenant_name}
|
|
$UserName: {get_param: openstack_username}
|
|
$OpenStackPassword: {get_param: openstack_password}
|
|
|
|
broker_instance:
|
|
type: OS::Nova::Server
|
|
properties:
|
|
image: {get_param: image_broker_name}
|
|
flavor: {get_param: broker_flavor}
|
|
key_name: {get_resource: ssh_key}
|
|
networks: [
|
|
port: {get_resource: broker_port}
|
|
]
|
|
user_data: {get_resource: broker_user_data}
|
|
user_data_format: RAW
|
|
|
|
asg:
|
|
type: OS::Heat::AutoScalingGroup
|
|
depends_on:
|
|
- router_gateway
|
|
- broker_wait_condition
|
|
properties:
|
|
min_size: 1
|
|
max_size: 4
|
|
resource:
|
|
type: {get_param: asg_template_repo_address}
|
|
properties:
|
|
metadata: {"metering.group": "asg"}
|
|
private_network: {get_resource: private_network}
|
|
private_sub_network: {get_resource: private_sub_network}
|
|
ssh_key: {get_resource: ssh_key}
|
|
security_group: {get_resource: openshift_origin_security_group}
|
|
broker_ip: {get_attr: [broker_instance, first_address]}
|
|
broker_wait_condition_data: {get_attr: [broker_wait_condition, Data]}
|
|
|
|
scale_up_policy:
|
|
type: OS::Heat::ScalingPolicy
|
|
properties:
|
|
adjustment_type: change_in_capacity
|
|
auto_scaling_group_id: {get_resource: asg}
|
|
cooldown: 60
|
|
scaling_adjustment: 1
|
|
|
|
scale_down_policy:
|
|
type: OS::Heat::ScalingPolicy
|
|
properties:
|
|
adjustment_type: change_in_capacity
|
|
auto_scaling_group_id: {get_resource: asg}
|
|
cooldown: 60
|
|
scaling_adjustment: -1
|
|
|
|
cpu_alarm_high:
|
|
type: OS::Ceilometer::Alarm
|
|
properties:
|
|
description: Scale-up if the average CPU > 80% for 1 minute
|
|
meter_name: cpu_util
|
|
statistic: avg
|
|
period: 60
|
|
evaluation_periods: 1
|
|
threshold: 80
|
|
alarm_actions:
|
|
- {get_attr: [scale_up_policy, alarm_url]}
|
|
comparison_operator: gt
|
|
matching_metadata: {'metadata.user_metadata.group': 'asg'}
|
|
|
|
cpu_alarm_low:
|
|
type: OS::Ceilometer::Alarm
|
|
properties:
|
|
description: Scale-down if the average CPU < 20% for 10 minutes
|
|
meter_name: cpu_util
|
|
statistic: avg
|
|
period: 600
|
|
evaluation_periods: 1
|
|
threshold: 20
|
|
alarm_actions:
|
|
- {get_attr: [scale_down_policy, alarm_url]}
|
|
comparison_operator: lt
|
|
matching_metadata: {'metadata.user_metadata.group': 'asg'}
|
|
|
|
gears_alarm_high:
|
|
type: OS::Ceilometer::Alarm
|
|
properties:
|
|
description: Scale-up if the average number of Gears is > 4 / node for 2 minutes
|
|
meter_name: gear
|
|
statistic: avg
|
|
period: 120
|
|
evaluation_periods: 1
|
|
threshold: 80
|
|
alarm_actions:
|
|
- {get_attr: [scale_up_policy, alarm_url]}
|
|
comparison_operator: gt
|
|
|
|
gears_alarm_low:
|
|
type: OS::Ceilometer::Alarm
|
|
properties:
|
|
description: Scale-down if the average number of Gears is < 1 / node for 10 minutes
|
|
meter_name: gear
|
|
statistic: avg
|
|
period: 600
|
|
evaluation_periods: 1
|
|
threshold: 20
|
|
alarm_actions:
|
|
- {get_attr: [scale_down_policy, alarm_url]}
|
|
comparison_operator: lt
|