heat_template_version: 2015-04-30 description: > HOT template to create a vIPR-ATM firwall service instance. This template creates the following - Contrail Port Tuple for this firwall service instance - Virtual machine interfaces and IP addresses attached to the two service virtual networks. These virtual machine interfaces will be used by the vIPR firewall service instance - Neutron ports for OAM, HA0, and HA1 networks - OS::Nova::Server with the created virtual machine interface and ports. This is the firewall service instance virtual machine. parameters: oam_net_id: type: string constraints: - custom_constraint: neutron.network description: This network must currently exist. description: Neutron UUID for the managemnet network name of the vIPR-ATM firewall vipr_atm_oam_net_security_groups: type: comma_delimited_list description: List of the security group to apply to the vIPR-ATM firewall management port vipr_atm_service_left_fqdn: type: string constraints: - allowed_pattern: ^(?:[^:]{1,64}:){2}(?:[^:]{1,255})$ description: | A valid Contrail FQDN that contains three parts seperated by ':'. The first two part are 1 to 64 characters long and must not contain ':'. The third part is 1 to 255 characters long and must not contain ':'. description: FQDN of the Left service network for the vIPR-ATM firewall vipr_atm_service_right_fqdn: type: string constraints: - allowed_pattern: ^(?:[^:]{1,64}:){2}(?:[^:]{1,255})$ description: | A valid Contrail FQDN that contains three parts seperated by ':'. The first two part are 1 to 64 characters long and must not contain ':'. The third part is 1 to 255 characters long and must not contain ':'. description: FQDN of the Right service network for the vIPR-ATM firewall vipr_atm_ha_one_id: type: string constraints: - custom_constraint: neutron.network description: This network must currently exist. description: Neutron UUID of the first high availability network for the vIPR-ATM firewall vipr_atm_ha_one_ip_0: type: string constraints: - allowed_pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ description: A valid IPv4 dot quad IP address. description: Fixed IP to apply to the vIPR-ATM firewall ha0 port vipr_atm_ha_one_security_groups: type: comma_delimited_list description: List of the security group to apply to the vIPR-ATM firewall ha0 port vipr_atm_ha_two_id: type: string constraints: - custom_constraint: neutron.network description: This network must currently exist. description: Neutron UUID of the second high availability network for the vIPR-ATM firewal vipr_atm_ha_two_ip_0: type: string constraints: - allowed_pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ description: A valid IPv4 dot quad IP address. description: Fixed IP to apply to the vIPR-ATM firewall ha1 port vipr_atm_ha_two_security_groups: type: comma_delimited_list description: List of the security group to apply to the vIPR-ATM firewall ha1 port vipr_atm_contrail_service_instance_fqdn: type: string constraints: - allowed_pattern: ^(?:[^:]{1,64}:){2}(?:[^:]{1,255})$ description: | A valid Contrail FQDN that contains three parts seperated by ':'. The first two part are 1 to 64 characters long and must not contain ':'. The third part is 1 to 255 characters long and must not contain ':'. description: FQDN of the vIPR-ATM firewall Contrail service instance for the port tuple vipr_atm_name_0: type: string constraints: - length: { min: 1, max: 255 } description: A string with length of at least 1 and less than 255. description: Name of the vIPR-ATM firewall virtual machine vipr_atm_image_name: type: string constraints: - custom_constraint: glance.image description: This image must currently exist. description: Image name of the vIPR-ATM firewall virtual machine vipr_atm_flavor_name: type: string constraints: - custom_constraint: nova.flavor description: This flavor must currently exist. description: Flavor for the vIPR-ATM firewall virtual machine vipr_atm_server_group: type: string constraints: - length: { min: 1, max: 255 } description: A string with length of at least 1 and less than 255. description: Server Group with anti-affinity policy for the vIPR-ATM firewall virtual machine vipr_atm_valet_eg_0: type: string constraints: - length: { min: 1, max: 255 } description: A string with length of at least 1 and less than 255. description: The Valet 1.0 Exclusivity Group for the vIPR-ATM firewall virtual machine availability_zone_0: type: string constraints: - length: { min: 1, max: 255 } description: A string with length of at least 1 and less than 255. description: Availability Zone for the vIPR-ATM firewall virtual machine vnf_id: type: string constraints: - length: { min: 1, max: 255 } description: A string with length of at least 1 and less than 255. description: Unique ID for this VF instance vnf_name: type: string constraints: - length: { min: 1, max: 255 } description: A string with length of at least 1 and less than 255. description: Unique Name for this VF instance vf_module_id: type: string constraints: - length: { min: 1, max: 255 } description: A string with length of at least 1 and less than 255. description: Unique ID for the VF Module instance resources: # Create the Port Tuple vIPR_ATM_RPT: type: OS::ContrailV2::PortTuple properties: name: str_replace: template: VM_NAME_PORT_TUPLE params: VM_NAME: { get_param: vipr_atm_name_0 } service_instance: { get_param: vipr_atm_contrail_service_instance_fqdn } # Left Port (Virtual Machine Interface) vIPR_ATM_Left_RVMI: type: OS::ContrailV2::VirtualMachineInterface depends_on: [ vIPR_ATM_RPT ] properties: name: str_replace: template: VM_NAME_PORT_3 params: VM_NAME: { get_param: vipr_atm_name_0 } virtual_machine_interface_properties: { virtual_machine_interface_properties_service_interface_type: 'left' } port_tuple_refs: [{ get_resource: vIPR_ATM_RPT }] virtual_network_refs: [{ get_param: vipr_atm_service_left_fqdn }] # Right Port (Virtual Machine Interface) vIPR_ATM_Right_RVMI: type: OS::ContrailV2::VirtualMachineInterface depends_on: [ vIPR_ATM_RPT ] properties: name: str_replace: template: VM_NAME_PORT_4 params: VM_NAME: { get_param: vipr_atm_name_0 } virtual_machine_interface_properties: { virtual_machine_interface_properties_service_interface_type: 'right' } port_tuple_refs: [{ get_resource: vIPR_ATM_RPT }] virtual_network_refs: [{ get_param: vipr_atm_service_right_fqdn }] # Left Instance IP vIPR_ATM_Left_RII: type: OS::ContrailV2::InstanceIp depends_on: [ vIPR_ATM_Left_RVMI ] properties: name: str_replace: template: VM_NAME_INSTANCE_IP_LEFT params: VM_NAME: { get_param: vipr_atm_name_0 } virtual_machine_interface_refs: [{ get_resource: vIPR_ATM_Left_RVMI }] virtual_network_refs: [{ get_param: vipr_atm_service_left_fqdn }] # Right Instance IP vIPR_ATM_Right_RII: type: OS::ContrailV2::InstanceIp depends_on: [ vIPR_ATM_Right_RVMI ] properties: name: str_replace: template: VM_NAME_INSTANCE_IP_RIGHT params: VM_NAME: { get_param: vipr_atm_name_0 } virtual_machine_interface_refs: [{ get_resource: vIPR_ATM_Right_RVMI }] virtual_network_refs: [{ get_param: vipr_atm_service_right_fqdn }] # OAM Network Port (not part of Port Tuple) vIPR_ATM_OAM_0_Port: type: OS::Neutron::Port properties: name: str_replace: template: VM_NAME_PORT_0 params: VM_NAME: { get_param: vipr_atm_name_0 } network: { get_param: oam_net_id } security_groups: { get_param: vipr_atm_oam_net_security_groups } # HA One Port (not part of Port Tuple) vIPR_ATM_Ha_One_0_Port: type: OS::Neutron::Port properties: name: str_replace: template: VM_NAME_PORT_1 params: VM_NAME: { get_param: vipr_atm_name_0 } network: { get_param: vipr_atm_ha_one_id } fixed_ips: [ { "ip_address": { get_param: vipr_atm_ha_one_ip_0 } } ] security_groups: { get_param: vipr_atm_ha_one_security_groups } # HA Two Port (not part of Port Tuple) vIPR_ATM_Ha_Two_0_Port: type: OS::Neutron::Port properties: name: str_replace: template: VM_NAME_PORT_2 params: VM_NAME: { get_param: vipr_atm_name_0 } network: { get_param: vipr_atm_ha_two_id } fixed_ips: [ { "ip_address": { get_param: vipr_atm_ha_two_ip_0 } } ] security_groups: { get_param: vipr_atm_ha_two_security_groups } # Valet Exclusivity Group vIPR_ATM_Valet_EG_0: type: ATT::Valet::GroupAssignment properties: group_name: { get_param: vipr_atm_valet_eg_0 } group_type: exclusivity level: host resources: - { get_resource: vIPR_ATM_Firewall } # Create the VM and bind the five ports to it # vIPR_ATM_Firewall_Cloud_Config: # type: OS::Heat::CloudConfig # properties: # cloud_config: # password: ubuntu # chpasswd: { expire: False } # ssh_pwauth: True # manage_etc_hosts: true vIPR_ATM_Firewall: type: OS::Nova::Server depends_on: - vIPR_ATM_Left_RII - vIPR_ATM_Right_RII - vIPR_ATM_OAM_0_Port - vIPR_ATM_Ha_One_0_Port - vIPR_ATM_Ha_Two_0_Port properties: name: { get_param: vipr_atm_name_0 } image: { get_param: vipr_atm_image_name } flavor: { get_param: vipr_atm_flavor_name } availability_zone: { get_param: availability_zone_0 } scheduler_hints: group: { get_param: vipr_atm_server_group } networks: - port: { get_resource: vIPR_ATM_OAM_0_Port } - port: { get_resource: vIPR_ATM_Ha_One_0_Port } - port: { get_resource: vIPR_ATM_Ha_Two_0_Port } - port: { get_resource: vIPR_ATM_Left_RVMI } - port: { get_resource: vIPR_ATM_Right_RVMI } metadata: vnf_id: { get_param: vnf_id } vnf_name: { get_param: vnf_name } vf_module_id: { get_param: vf_module_id } # user_data_format: RAW # user_data: { get_resource: vIPR_ATM_Firewall_Cloud_Config }