crowbar · shimizuf · Mar 16, 2017 · Mar 21, 2017 · Mar 21, 2017 · Mar 21, 2017
diff --git a/bin/crowbar_escm b/bin/crowbar_escm
@@ -0,0 +1,23 @@
+#!/usr/bin/env ruby
+#
+# Copyright 2017, SUSE LINUX GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require File.join(File.expand_path(File.dirname(__FILE__)), "barclamp_lib")
+@barclamp = "escm"
+@timeout = 3600
+
+main
+
diff --git a/chef/cookbooks/escm/README.md b/chef/cookbooks/escm/README.md
@@ -0,0 +1 @@
+Chef Cookbook to install and configure ESCM
diff --git a/chef/cookbooks/escm/attributes/default.rb b/chef/cookbooks/escm/attributes/default.rb
@@ -0,0 +1,22 @@
+#
+# Copyright 2017, SUSE LINUX GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+default[:escm][:proxy][:no_proxy_default] = "localhost,127.0.0.1"
+
+default[:escm][:ssl][:certfile] = "/etc/escm/ssl/certs/signing_cert.pem"
+default[:escm][:ssl][:keyfile] = "/etc/escm/ssl/private/signing_key.pem"
+default[:escm][:ssl][:generate_certs] = false
+default[:escm][:ssl][:ca_certs] = "/etc/escm/ssl/certs/ca.pem"
diff --git a/chef/cookbooks/escm/files/default/application.yaml b/chef/cookbooks/escm/files/default/application.yaml
@@ -0,0 +1,261 @@
+# heat stack-create --poll -f application.yaml -P logs_volume_id=$logs_volume_id -P data_volume_id=$data_volume_id -P key_name=default -P flavor=d1.tiny escm
+heat_template_version: 2015-10-15
+
+description: |
+  # This is how you deploy the whole thing:
+  # 1) Instantiate volumes.yaml as follows
+  heat stack-create --poll -f volumes.yaml escm
+
+  # 2) Retrieve outputs from escm:
+  logs_volume_id=$(heat output-show escm logs_volume_id | sed 's/"//g')
+  data_volume_id=$(heat output-show escm data_volume_id | sed 's/"//g')
+
+  # 3) Create application stack:
+  heat stack-create --poll -f application.yaml -P logs_volume_id=$logs_volume_id -P data_volume_id=$data_volume_id -P key_name=<your nova keypair's name> escm
+
+
+
+parameters:
+  floating_network:
+    type: string
+    default: floating
+    description: Network to draw Floating IPs from
+  image:
+    type: string
+    default: sles12-sp1
+    description: Glance image to use for server
+  flavor:
+    type: string
+    default: escm.medium
+    description: Nova flavor to use for server
+  key_name:
+    type: string
+    default: escm
+    description: Keypair name
+  logs_volume_id:
+    type: string
+    description: The Cinder volume for logs
+  data_volume_id:
+    type: string
+    description: The Cinder volume for data
+  ssh_cert:
+    default: ""
+    type: string
+    description: SSH key to add to servers' /root/.ssh/authorized_keys
+  wait_condition_timeout:
+    default: 1800
+    type: number
+
+resources:
+
+  wait_handle:
+    type: OS::Heat::WaitConditionHandle
+
+  wait_condition:
+    type: OS::Heat::WaitCondition
+    depends_on: appserver
+    properties:
+      handle: { get_resource: wait_handle }
+      timeout: { get_param: wait_condition_timeout }
+
+  db_password:
+    type: OS::Heat::RandomString
+
+  key_secret:
+    type: OS::Heat::RandomString
+
+  db_core_password:
+    type: OS::Heat::RandomString
+
+  db_app_password:
+    type: OS::Heat::RandomString
+
+  ### Network infrastructure ###
+
+  escm_network:
+    type: OS::Neutron::Net
+    properties:
+      name: escm
+
+  escm_subnet:
+    type: OS::Neutron::Subnet
+    properties:
+      cidr: 10.0.0.1/24
+      name: escm
+      network:
+        get_resource: escm_network
+
+  router:
+    type: OS::Neutron::Router
+    properties:
+      external_gateway_info:
+        network:
+          get_param: floating_network
+
+
+  router_interface:
+    type: OS::Neutron::RouterInterface
+    properties:
+      router: { get_resource: router }
+      subnet: { get_resource: escm_subnet }
+
+  allow_inbound:
+    type: OS::Neutron::SecurityGroup
+    properties:
+      description: "Allow inbound SSH and HTTP traffic"
+      name: escm
+      rules:
+        - direction: ingress
+          remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          ethertype: IPv4
+          port_range_min: 22
+          port_range_max: 22
+        - direction: ingress
+          remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          ethertype: IPv4
+          port_range_min: 8081
+          port_range_max: 8081
+        - direction: ingress
+          remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          ethertype: IPv4
+          port_range_min: 8443
+          port_range_max: 8443
+        - direction: ingress
+          remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          ethertype: IPv4
+          port_range_min: 8543
+          port_range_max: 8543
+        - direction: ingress
+          remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          ethertype: IPv4
+          port_range_min: 8681
+          port_range_max: 8681
+        - direction: ingress
+          remote_ip_prefix: 0.0.0.0/0
+          protocol: tcp
+          ethertype: IPv4
+          port_range_min: 8881
+          port_range_max: 8881
+        - direction: egress
+          protocol: tcp
+          ethertype: IPv4
+        - direction: egress
+          protocol: tcp
+          ethertype: IPv6
+        - direction: egress
+          protocol: udp
+          ethertype: IPv4
+        - direction: egress
+          protocol: udp
+          ethertype: IPv6
+        - direction: egress
+          protocol: icmp
+          ethertype: IPv4
+        - direction: egress
+          protocol: icmp
+          ethertype: IPv6
+
+  # Parameters that will be available to both user data scripts
+  user_data_params:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config:
+        str_replace:
+          template: {get_file: user-data/heat-config}
+          params:
+            $LOGS_VOLUME_DEV:
+              list_join:
+                - ""
+                - - "/dev/disk/by-id/virtio-"
+                  - { get_param: logs_volume_id }
+            $DATA_VOLUME_DEV:
+              list_join:
+                - ""
+                - - "/dev/disk/by-id/virtio-"
+                  - { get_param: data_volume_id }
+            $SSH_CERT: { get_param: ssh_cert }
+            $WAIT_CURL: { get_attr: [ wait_handle, curl_cli ] }
+
+  # User data payload for appserver
+  userdata_appserver:
+    type: OS::Heat::MultipartMime
+    properties:
+      parts:
+        - config: {get_resource: user_data_params}
+
+  ### Servers ###
+
+  appserver:
+    type: OS::Nova::Server
+    properties:
+      name: appserver
+      config_drive: true
+      flavor: { get_param: flavor }
+      image: { get_param: image }
+      key_name: { get_param: key_name }
+      networks:
+        - port: { get_resource: port_appserver }
+      user_data_format: RAW
+      user_data: { get_resource: userdata_appserver }
+
+  port_appserver:
+    type: OS::Neutron::Port
+    properties:
+      network:
+        get_resource: escm_network
+      security_groups:
+        - get_resource: allow_inbound
+
+  ip_appserver:
+    type: OS::Neutron::FloatingIP
+    properties:
+      port_id: { get_resource: port_appserver }
+      floating_network:
+        get_param: floating_network
+
+  logs_volume_attachment:
+    type: OS::Cinder::VolumeAttachment
+    properties:
+      instance_uuid: { get_resource: appserver }
+      volume_id: { get_param: logs_volume_id }
+
+  data_volume_attachment:
+    type: OS::Cinder::VolumeAttachment
+    properties:
+      instance_uuid: { get_resource: appserver }
+      volume_id: { get_param: data_volume_id }
+
+outputs:
+  # Retrieval after stack creation (presuming stack is named `mystack`):
+  # heat output-show mystack ip_appserver
+  ip_appserver:
+    value:
+      get_attr:
+        - ip_appserver
+        - floating_ip_address
+  db_password:
+     value:
+       get_attr:
+          - db_password
+          - value
+  db_core_password:
+     value:
+       get_attr:
+          - db_core_password
+          - value
+  db_app_password:
+     value:
+       get_attr:
+          - db_app_password
+          - value
+  key_secret:
+     value:
+       get_attr:
+          - key_secret
+          - value