246 lines
7.8 KiB
YAML
246 lines
7.8 KiB
YAML
heat_template_version: 2013-05-23
|
|
|
|
description: >
|
|
Fantastic HEAT teamplate that creates a wonderful Wordpress website.
|
|
Homework of Cloud networking (BMEVITMMA02).
|
|
NEPTUN: Y8O353
|
|
Name: Kristof Torma
|
|
Copyright, all memes reserved.
|
|
parameters:
|
|
|
|
instance_type:
|
|
type: string
|
|
description: Instance type for WordPress server
|
|
default: m1.small
|
|
image_id:
|
|
type: string
|
|
description: >
|
|
Name or ID of the image to use for the WordPress server.
|
|
Recommended values are fedora-20.i386 or fedora-20.x86_64;
|
|
get them from http://cloud.fedoraproject.org/fedora-20.i386.qcow2
|
|
or http://cloud.fedoraproject.org/fedora-20.x86_64.qcow2 .
|
|
default: fedora-20.x86_64
|
|
private_net_name:
|
|
type: string
|
|
description: Name of private network to be created
|
|
default: private-netw
|
|
private_net_cidr:
|
|
type: string
|
|
description: Private network address (CIDR notation)
|
|
default: 192.168.69.0/24
|
|
private_net_gateway:
|
|
type: string
|
|
description: Private network gateway address
|
|
default: 192.168.69.1
|
|
private_net_pool_start:
|
|
type: string
|
|
description: Start of private network IP address allocation pool
|
|
default: 192.168.69.2
|
|
private_net_pool_end:
|
|
type: string
|
|
description: End of private network IP address allocation pool
|
|
default: 192.168.69.254
|
|
db_name:
|
|
type: string
|
|
description: WordPress database name
|
|
default: wordpress
|
|
constraints:
|
|
- length: { min: 1, max: 64 }
|
|
description: db_name must be between 1 and 64 characters
|
|
- allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
|
|
description: >
|
|
db_name must begin with a letter and contain only alphanumeric
|
|
characters
|
|
db_username:
|
|
type: string
|
|
description: The WordPress database admin account username
|
|
default: admin
|
|
hidden: true
|
|
constraints:
|
|
- length: { min: 1, max: 16 }
|
|
description: db_username must be between 1 and 16 characters
|
|
- allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*'
|
|
description: >
|
|
db_username must begin with a letter and contain only alphanumeric
|
|
characters
|
|
db_password:
|
|
type: string
|
|
description: The WordPress database admin account password
|
|
default: admin
|
|
hidden: true
|
|
constraints:
|
|
- length: { min: 1, max: 41 }
|
|
description: db_password must be between 1 and 41 characters
|
|
- allowed_pattern: '[a-zA-Z0-9]*'
|
|
description: db_password must contain only alphanumeric characters
|
|
db_root_password:
|
|
type: string
|
|
description: Root password for MySQL
|
|
default: admin
|
|
hidden: true
|
|
constraints:
|
|
- length: { min: 1, max: 41 }
|
|
description: db_root_password must be between 1 and 41 characters
|
|
- allowed_pattern: '[a-zA-Z0-9]*'
|
|
description: db_root_password must contain only alphanumeric characters
|
|
|
|
resources:
|
|
private_net:
|
|
type: OS::Neutron::Net
|
|
properties:
|
|
name: { get_param: private_net_name }
|
|
|
|
private_subnet:
|
|
type: OS::Neutron::Subnet
|
|
properties:
|
|
dns_nameservers: [ "8.8.8.8" ]
|
|
network_id: { get_resource: private_net }
|
|
cidr: { get_param: private_net_cidr }
|
|
gateway_ip: { get_param: private_net_gateway }
|
|
allocation_pools:
|
|
- start: { get_param: private_net_pool_start }
|
|
end: { get_param: private_net_pool_end }
|
|
|
|
router:
|
|
type: OS::Neutron::Router
|
|
properties:
|
|
external_gateway_info:
|
|
network: ext-net
|
|
|
|
router_interface:
|
|
type: OS::Neutron::RouterInterface
|
|
properties:
|
|
router_id: { get_resource: router }
|
|
subnet_id: { get_resource: private_subnet }
|
|
|
|
db_instance:
|
|
type: OS::Nova::Server
|
|
properties:
|
|
image: { get_param: image_id }
|
|
flavor: { get_param: instance_type }
|
|
networks:
|
|
- port: { get_resource: db_port }
|
|
user_data:
|
|
str_replace:
|
|
template: |
|
|
#!/bin/bash -v
|
|
sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
|
|
yum -y install mariadb mariadb-server
|
|
touch /var/log/mariadb/mariadb.log
|
|
chown mysql.mysql /var/log/mariadb/mariadb.log
|
|
systemctl start mariadb.service
|
|
|
|
# Setup MySQL root password and create a user
|
|
mysqladmin -u root password db_rootpassword
|
|
cat << EOF | mysql -u root --password=db_rootpassword
|
|
CREATE DATABASE db_name;
|
|
GRANT ALL PRIVILEGES ON db_name.* TO "db_user"@"%"
|
|
IDENTIFIED BY "db_password";
|
|
FLUSH PRIVILEGES;
|
|
EXIT
|
|
EOF
|
|
params:
|
|
db_rootpassword: { get_param: db_root_password }
|
|
db_name: { get_param: db_name }
|
|
db_user: { get_param: db_username }
|
|
db_password: { get_param: db_password }
|
|
|
|
db_port:
|
|
type: OS::Neutron::Port
|
|
properties:
|
|
network_id: { get_resource: private_net }
|
|
security_groups: [{ get_resource: db_security_group }]
|
|
fixed_ips:
|
|
- subnet_id: { get_resource: private_subnet }
|
|
|
|
db_security_group:
|
|
type: OS::Neutron::SecurityGroup
|
|
properties:
|
|
description: Add security group rules for Wordpress
|
|
name: mariadb-security-group
|
|
rules:
|
|
- remote_ip_prefix: { get_param: private_net_cidr }
|
|
protocol: tcp
|
|
port_range_min: 3306
|
|
port_range_max: 3306
|
|
- remote_ip_prefix: 0.0.0.0/0
|
|
protocol: tcp
|
|
port_range_min: 22
|
|
port_range_max: 22
|
|
- remote_ip_prefix: 0.0.0.0/0
|
|
protocol: icmp
|
|
|
|
webs_instance:
|
|
type: OS::Nova::Server
|
|
properties:
|
|
image: { get_param: image_id }
|
|
flavor: { get_param: instance_type }
|
|
networks:
|
|
- port: { get_resource: web_port }
|
|
user_data:
|
|
str_replace:
|
|
template: |
|
|
#!/bin/bash -v
|
|
sed -i "s/metalink=https/metalink=http/" /etc/yum.repos.d/*
|
|
yum -y install httpd wordpress
|
|
sed -i "/Deny from All/d" /etc/httpd/conf.d/wordpress.conf
|
|
sed -i "s/Require local/Require all granted/" /etc/httpd/conf.d/wordpress.conf
|
|
sed -i s/database_name_here/db_name/ /etc/wordpress/wp-config.php
|
|
sed -i s/username_here/db_user/ /etc/wordpress/wp-config.php
|
|
sed -i s/password_here/db_password/ /etc/wordpress/wp-config.php
|
|
sed -i s/localhost/db_ipaddr/ /etc/wordpress/wp-config.php
|
|
|
|
setsebool -P httpd_can_network_connect_db 1
|
|
|
|
systemctl start httpd.service
|
|
params:
|
|
db_rootpassword: { get_param: db_root_password }
|
|
db_name: { get_param: db_name }
|
|
db_user: { get_param: db_username }
|
|
db_password: { get_param: db_password }
|
|
db_ipaddr: { get_attr: [ db_instance, first_address ] }
|
|
|
|
web_port:
|
|
type: OS::Neutron::Port
|
|
properties:
|
|
network_id: { get_resource: private_net }
|
|
security_groups: [{ get_resource: web_security_group }]
|
|
fixed_ips:
|
|
- subnet_id: { get_resource: private_subnet }
|
|
|
|
web_floating_ip:
|
|
type: OS::Neutron::FloatingIP
|
|
properties:
|
|
floating_network: ext-net
|
|
port_id: { get_resource: web_port }
|
|
|
|
web_security_group:
|
|
type: OS::Neutron::SecurityGroup
|
|
properties:
|
|
description: Add security group rules for Wordpress
|
|
name: wordpress-security-group
|
|
rules:
|
|
- remote_ip_prefix: 0.0.0.0/0
|
|
protocol: tcp
|
|
port_range_min: 443
|
|
port_range_max: 443
|
|
- remote_ip_prefix: 0.0.0.0/0
|
|
protocol: tcp
|
|
port_range_min: 80
|
|
port_range_max: 80
|
|
- remote_ip_prefix: 0.0.0.0/0
|
|
protocol: tcp
|
|
port_range_min: 22
|
|
port_range_max: 22
|
|
- remote_ip_prefix: 0.0.0.0/0
|
|
protocol: icmp
|
|
|
|
outputs:
|
|
WebsiteURL:
|
|
description: URL for Wordpress wiki
|
|
value:
|
|
str_replace:
|
|
template: http://host/wordpress
|
|
params:
|
|
host: { get_attr: [web_floating_ip, floating_ip_address] }
|