all requirements stisfied

2020-04-19 19:04:57 +02:00 · 2020-04-19 19:04:57 +02:00 · 98319036df
commit 98319036df
parent f3896d3814
1 changed files with 125 additions and 4 deletions
--- a/heat_homework.yml
+++ b/heat_homework.yml
@ -24,7 +24,21 @@ parameters:
      get them from http://cloud.fedoraproject.org/fedora-20.i386.qcow2
      or http://cloud.fedoraproject.org/fedora-20.x86_64.qcow2 .
    default: fedora-20.x86_64
-
+  private_net_name:
+    type: string
+    description: Name of private network to be created
+  private_net_cidr:
+    type: string
+    description: Private network address (CIDR notation)
+  private_net_gateway:
+    type: string
+    description: Private network gateway address
+  private_net_pool_start:
+    type: string
+    description: Start of private network IP address allocation pool
+  private_net_pool_end:
+    type: string
+    description: End of private network IP address allocation pool
  db_name:
    type: string
    description: WordPress database name
@ -70,20 +84,49 @@ parameters:
        description: db_root_password must contain only alphanumeric characters

 resources:
-  wordpress_instance:
+  private_net:
+    type: OS::Neutron::Net
+    properties:
+      name: { get_param: private_net_name }
+
+  private_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      dns_nameservers: "8.8.8.8"
+      network_id: { get_resource: private_net }
+      cidr: { get_param: private_net_cidr }
+      gateway_ip: { get_param: private_net_gateway }
+      allocation_pools:
+        - start: { get_param: private_net_pool_start }
+          end: { get_param: private_net_pool_end }
+
+  router:
+    type: OS::Neutron::Router
+    properties:
+      external_gateway_info:
+        network: ext_net
+
+  router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router_id: { get_resource: router }
+      subnet_id: { get_resource: private_subnet }
+
+  db_instance:
    type: OS::Nova::Server
    properties:
+      security_groups: [{ get_resource: db_security_group }]
      image: { get_param: image_id }
      flavor: { get_param: instance_type }
      key_name: { get_param: key_name }
      networks:
-        - network: tun0-net
+        - port: { get_resource: db_port }
      user_data:
        str_replace:
          template: |
            #!/bin/bash -v
            sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
-            yum -y install mariadb mariadb-server httpd wordpress
+            yum -y install mariadb mariadb-server
            touch /var/log/mariadb/mariadb.log
            chown mysql.mysql /var/log/mariadb/mariadb.log
            systemctl start mariadb.service
@ -97,7 +140,51 @@ resources:
            FLUSH PRIVILEGES;
            EXIT
            EOF
+          params:
+            db_rootpassword: { get_param: db_root_password }
+            db_name: { get_param: db_name }
+            db_user: { get_param: db_username }
+            db_password: { get_param: db_password }

+  db_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_resource: private_net }
+      fixed_ips:
+        - subnet_id: { get_resource: private_subnet }
+
+  db_security_group:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      description: Add security group rules for Wordpress
+      name: mariadb-security-group
+      rules:
+        - remote_ip_prefix: { get_resource: private_subnet }
+          protocol: tcp
+          port_range_min: 3306
+          port_range_max: 3306
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: icmp
+
+  webs_instance:
+    type: OS::Nova::Server
+    properties:
+      security_groups: [{ get_resource: web_security_group }]
+      image: { get_param: image_id }
+      flavor: { get_param: instance_type }
+      key_name: { get_param: key_name }
+      networks:
+        - port: { get_resource: web_port }
+      user_data:
+        str_replace:
+          template: |
+            #!/bin/bash -v
+            sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
+            yum -y install httpd wordpress
            sed -i "/Deny from All/d" /etc/httpd/conf.d/wordpress.conf
            sed -i "s/Require local/Require all granted/" /etc/httpd/conf.d/wordpress.conf
            sed -i s/database_name_here/db_name/ /etc/wordpress/wp-config.php
@ -111,6 +198,40 @@ resources:
            db_user: { get_param: db_username }
            db_password: { get_param: db_password }

+  web_port:
+    type: OS::Neutron::Port
+    properties:
+      network_id: { get_resource: private_net }
+      fixed_ips:
+        - subnet_id: { get_resource: private_subnet }
+
+  web_floating_ip:
+    type: OS::Neutron::FloatingIP
+    properties:
+      floating_network: ext_net
+      port_id: { get_resource: web_port }
+
+  web_security_group:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      description: Add security group rules for Wordpress
+      name: wordpress-security-group
+      rules:
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 443
+          port_range_max: 443
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 80
+          port_range_max: 80
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          port_range_min: 22
+          port_range_max: 22
+        - remote_ip_prefix: 0.0.0.0/0
+          protocol: icmp
+
 outputs:
  WebsiteURL:
    description: URL for Wordpress wiki