heat_template_version: 2013-05-23

description: >
  Heat WordPress template to support F20, using only Heat OpenStack-native
  resource types, and without the requirement for heat-cfntools in the image.
  WordPress is web software you can use to create a beautiful website or blog.
  This template installs a single-instance WordPress deployment using a local
  MySQL database to store the data.

parameters:

  key_name:
    type: string
    description: Name of a KeyPair to enable SSH access to the instance
  instance_type:
    type: string
    description: Instance type for WordPress server
    default: m1.small
  image_id:
    type: string
    description: >
      Name or ID of the image to use for the WordPress server.
      Recommended values are fedora-20.i386 or fedora-20.x86_64;
      get them from http://cloud.fedoraproject.org/fedora-20.i386.qcow2
      or http://cloud.fedoraproject.org/fedora-20.x86_64.qcow2 .
    default: fedora-20.x86_64
  private_net_name:
    type: string
    description: Name of private network to be created
  private_net_cidr:
    type: string
    description: Private network address (CIDR notation)
  private_net_gateway:
    type: string
    description: Private network gateway address
  private_net_pool_start:
    type: string
    description: Start of private network IP address allocation pool
  private_net_pool_end:
    type: string
    description: End of private network IP address allocation pool
  db_name:
    type: string
    description: WordPress database name
    default: wordpress
    constraints:
      - length: { min: 1, max: 64 }
        description: db_name must be between 1 and 64 characters
      - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
        description: >
          db_name must begin with a letter and contain only alphanumeric
          characters
  db_username:
    type: string
    description: The WordPress database admin account username
    default: admin
    hidden: true
    constraints:
      - length: { min: 1, max: 16 }
        description: db_username must be between 1 and 16 characters
      - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
        description: >
          db_username must begin with a letter and contain only alphanumeric
          characters
  db_password:
    type: string
    description: The WordPress database admin account password
    default: admin
    hidden: true
    constraints:
      - length: { min: 1, max: 41 }
        description: db_password must be between 1 and 41 characters
      - allowed_pattern: '[a-zA-Z0-9]*'
        description: db_password must contain only alphanumeric characters
  db_root_password:
    type: string
    description: Root password for MySQL
    default: admin
    hidden: true
    constraints:
      - length: { min: 1, max: 41 }
        description: db_root_password must be between 1 and 41 characters
      - allowed_pattern: '[a-zA-Z0-9]*'
        description: db_root_password must contain only alphanumeric characters

resources:
  private_net:
    type: OS::Neutron::Net
    properties:
      name: { get_param: private_net_name }

  private_subnet:
    type: OS::Neutron::Subnet
    properties:
      dns_nameservers: "8.8.8.8"
      network_id: { get_resource: private_net }
      cidr: { get_param: private_net_cidr }
      gateway_ip: { get_param: private_net_gateway }
      allocation_pools:
        - start: { get_param: private_net_pool_start }
          end: { get_param: private_net_pool_end }

  router:
    type: OS::Neutron::Router
    properties:
      external_gateway_info:
        network: ext_net

  router_interface:
    type: OS::Neutron::RouterInterface
    properties:
      router_id: { get_resource: router }
      subnet_id: { get_resource: private_subnet }

  db_instance:
    type: OS::Nova::Server
    properties:
      security_groups: [{ get_resource: db_security_group }]
      image: { get_param: image_id }
      flavor: { get_param: instance_type }
      key_name: { get_param: key_name }
      networks:
        - port: { get_resource: db_port }
      user_data:
        str_replace:
          template: |
            #!/bin/bash -v
            sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
            yum -y install mariadb mariadb-server
            touch /var/log/mariadb/mariadb.log
            chown mysql.mysql /var/log/mariadb/mariadb.log
            systemctl start mariadb.service

            # Setup MySQL root password and create a user
            mysqladmin -u root password db_rootpassword
            cat << EOF | mysql -u root --password=db_rootpassword
            CREATE DATABASE db_name;
            GRANT ALL PRIVILEGES ON db_name.* TO "db_user"@"localhost"
            IDENTIFIED BY "db_password";
            FLUSH PRIVILEGES;
            EXIT
            EOF
          params:
            db_rootpassword: { get_param: db_root_password }
            db_name: { get_param: db_name }
            db_user: { get_param: db_username }
            db_password: { get_param: db_password }

  db_port:
    type: OS::Neutron::Port
    properties:
      network_id: { get_resource: private_net }
      fixed_ips:
        - subnet_id: { get_resource: private_subnet }

  db_security_group:
    type: OS::Neutron::SecurityGroup
    properties:
      description: Add security group rules for Wordpress
      name: mariadb-security-group
      rules:
        - remote_ip_prefix: { get_resource: private_subnet }
          protocol: tcp
          port_range_min: 3306
          port_range_max: 3306
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
        - remote_ip_prefix: 0.0.0.0/0
          protocol: icmp

  webs_instance:
    type: OS::Nova::Server
    properties:
      security_groups: [{ get_resource: web_security_group }]
      image: { get_param: image_id }
      flavor: { get_param: instance_type }
      key_name: { get_param: key_name }
      networks:
        - port: { get_resource: web_port }
      user_data:
        str_replace:
          template: |
            #!/bin/bash -v
            sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
            yum -y install httpd wordpress
            sed -i "/Deny from All/d" /etc/httpd/conf.d/wordpress.conf
            sed -i "s/Require local/Require all granted/" /etc/httpd/conf.d/wordpress.conf
            sed -i s/database_name_here/db_name/ /etc/wordpress/wp-config.php
            sed -i s/username_here/db_user/ /etc/wordpress/wp-config.php
            sed -i s/password_here/db_password/ /etc/wordpress/wp-config.php

            systemctl start httpd.service
          params:
            db_rootpassword: { get_param: db_root_password }
            db_name: { get_param: db_name }
            db_user: { get_param: db_username }
            db_password: { get_param: db_password }

  web_port:
    type: OS::Neutron::Port
    properties:
      network_id: { get_resource: private_net }
      fixed_ips:
        - subnet_id: { get_resource: private_subnet }

  web_floating_ip:
    type: OS::Neutron::FloatingIP
    properties:
      floating_network: ext_net
      port_id: { get_resource: web_port }

  web_security_group:
    type: OS::Neutron::SecurityGroup
    properties:
      description: Add security group rules for Wordpress
      name: wordpress-security-group
      rules:
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
          port_range_min: 443
          port_range_max: 443
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
          port_range_min: 80
          port_range_max: 80
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
        - remote_ip_prefix: 0.0.0.0/0
          protocol: icmp

outputs:
  WebsiteURL:
    description: URL for Wordpress wiki
    value:
      str_replace:
        template: http://host/wordpress
        params:
          host: { get_attr: [wordpress_instance, first_address] }