From 98319036df24a331b0a2ad43948d1e165b6bb872 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torma=20Krist=C3=B3f?= <tormakristof@tormakristof.eu>
Date: Sun, 19 Apr 2020 19:04:57 +0200
Subject: [PATCH] all requirements stisfied

---
 heat_homework.yml | 129 ++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 125 insertions(+), 4 deletions(-)

diff --git a/heat_homework.yml b/heat_homework.yml
index 30f8267..8f4c005 100644
--- a/heat_homework.yml
+++ b/heat_homework.yml
@@ -24,7 +24,21 @@ parameters:
       get them from http://cloud.fedoraproject.org/fedora-20.i386.qcow2
       or http://cloud.fedoraproject.org/fedora-20.x86_64.qcow2 .
     default: fedora-20.x86_64
-
+  private_net_name:
+    type: string
+    description: Name of private network to be created
+  private_net_cidr:
+    type: string
+    description: Private network address (CIDR notation)
+  private_net_gateway:
+    type: string
+    description: Private network gateway address
+  private_net_pool_start:
+    type: string
+    description: Start of private network IP address allocation pool
+  private_net_pool_end:
+    type: string
+    description: End of private network IP address allocation pool
   db_name:
     type: string
     description: WordPress database name
@@ -70,20 +84,49 @@ parameters:
         description: db_root_password must contain only alphanumeric characters
 
 resources:
-  wordpress_instance:
+  private_net:
+    type: OS::Neutron::Net
+    properties:
+      name: { get_param: private_net_name }
+
+  private_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      dns_nameservers: "8.8.8.8"
+      network_id: { get_resource: private_net }
+      cidr: { get_param: private_net_cidr }
+      gateway_ip: { get_param: private_net_gateway }
+      allocation_pools:
+        - start: { get_param: private_net_pool_start }
+          end: { get_param: private_net_pool_end }
+
+  router:
+    type: OS::Neutron::Router
+    properties:
+      external_gateway_info:
+        network: ext_net
+
+  router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router_id: { get_resource: router }
+      subnet_id: { get_resource: private_subnet }
+
+  db_instance:
     type: OS::Nova::Server
     properties:
+      security_groups: [{ get_resource: db_security_group }]
       image: { get_param: image_id }
       flavor: { get_param: instance_type }
       key_name: { get_param: key_name }
       networks:
-        - network: tun0-net
+        - port: { get_resource: db_port }
       user_data:
         str_replace:
           template: |
             #!/bin/bash -v
             sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
-            yum -y install mariadb mariadb-server httpd wordpress
+            yum -y install mariadb mariadb-server
             touch /var/log/mariadb/mariadb.log
             chown mysql.mysql /var/log/mariadb/mariadb.log
             systemctl start mariadb.service
@@ -97,7 +140,51 @@ resources:
             FLUSH PRIVILEGES;
             EXIT
             EOF
+          params:
+            db_rootpassword: { get_param: db_root_password }
+            db_name: { get_param: db_name }
+            db_user: { get_param: db_username }
+            db_password: { get_param: db_password }
 
+  db_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_resource: private_net }
+      fixed_ips:
+        - subnet_id: { get_resource: private_subnet }
+
+  db_security_group:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      description: Add security group rules for Wordpress
+      name: mariadb-security-group
+      rules:
+        - remote_ip_prefix: { get_resource: private_subnet }
+          protocol: tcp
+          port_range_min: 3306
+          port_range_max: 3306
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: icmp
+
+  webs_instance:
+    type: OS::Nova::Server
+    properties:
+      security_groups: [{ get_resource: web_security_group }]
+      image: { get_param: image_id }
+      flavor: { get_param: instance_type }
+      key_name: { get_param: key_name }
+      networks:
+        - port: { get_resource: web_port }
+      user_data:
+        str_replace:
+          template: |
+            #!/bin/bash -v
+            sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
+            yum -y install httpd wordpress
             sed -i "/Deny from All/d" /etc/httpd/conf.d/wordpress.conf
             sed -i "s/Require local/Require all granted/" /etc/httpd/conf.d/wordpress.conf
             sed -i s/database_name_here/db_name/ /etc/wordpress/wp-config.php
@@ -111,6 +198,40 @@ resources:
             db_user: { get_param: db_username }
             db_password: { get_param: db_password }
 
+  web_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_resource: private_net }
+      fixed_ips:
+        - subnet_id: { get_resource: private_subnet }
+
+  web_floating_ip:
+    type: OS::Neutron::FloatingIP
+    properties:
+      floating_network: ext_net
+      port_id: { get_resource: web_port }
+
+  web_security_group:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      description: Add security group rules for Wordpress
+      name: wordpress-security-group
+      rules:
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 443
+          port_range_max: 443
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 80
+          port_range_max: 80
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: icmp
+
 outputs:
   WebsiteURL:
     description: URL for Wordpress wiki