tosca_definitions_version: tosca_simple_yaml_1_0_0 metadata: template_name: Main imports: ContrailComputeGlobalTypes: file: ContrailComputeGlobalTypesServiceTemplate.yaml CinderVolumeGlobalTypes: file: CinderVolumeGlobalTypesServiceTemplate.yaml ContrailVirtualNetworkGlobalType: file: ContrailVirtualNetworkGlobalTypeServiceTemplate.yaml AbstractSubstituteGlobalTypes: file: AbstractSubstituteGlobalTypesServiceTemplate.yaml ContrailPortGlobalTypes: file: ContrailPortGlobalTypesServiceTemplate.yaml GlobalSubstitutionTypes: file: GlobalSubstitutionTypesServiceTemplate.yaml NeutronPortGlobalTypes: file: NeutronPortGlobalTypesServiceTemplate.yaml NeutronNetGlobalTypes: file: NeutronNetGlobalTypesServiceTemplate.yaml CommonGlobalTypes: file: CommonGlobalTypesServiceTemplate.yaml ContrailAbstractSubstituteGlobalTypes: file: ContrailAbstractSubstituteGlobalTypesServiceTemplate.yaml ContrailNetworkRuleGlobalType: file: ContrailNetworkRuleGlobalTypeServiceTemplate.yaml NeutronSecurityRulesGlobalTypes: file: NeutronSecurityRulesGlobalTypesServiceTemplate.yaml NovaServerGlobalTypes: file: NovaServerGlobalTypesServiceTemplate.yaml ContrailV2VirtualMachineInterfaceGlobalType: file: ContrailV2VirtualMachineInterfaceGlobalTypeServiceTemplate.yaml topology_template: inputs: Internal1_shared: hidden: false immutable: false type: string service_policy_name: hidden: false immutable: false type: string description: Policy Name st_static_routes_list: hidden: false immutable: false type: string description: List of static routes enabled-disabled st_type: hidden: false immutable: false type: string description: service type Internal2_forwarding_mode: hidden: false immutable: false type: string st_service_interface_type_list: hidden: false immutable: false type: string description: List of interface types st_mode: hidden: false immutable: false type: string description: service mode Cricket_OCS_protected_net_id: hidden: false immutable: false type: string description: Name of Cricket OCS network oam_mgmt_net_0_id: hidden: false immutable: false type: string description: Name of OAM network start_dst_ports: hidden: false immutable: false type: float description: Start of dst port st_flavor: hidden: false immutable: false type: string description: Flavor availability_zone_1: hidden: false immutable: false type: string description: availability zone Internal2_shared: hidden: false immutable: false type: string service_instance_name: hidden: false immutable: false type: string description: Service instance name st_scaling: hidden: false immutable: false type: string description: Indicates whether service scaling is enabled max_num_fw_instances: hidden: false immutable: false type: float description: maximum number of firewall instances for scaling Internal1_net_name: hidden: false immutable: false type: string start_src_ports: hidden: false immutable: false type: float description: Start of src port service_policy_direction: hidden: false immutable: false type: string description: Direction of Policy st_name: hidden: false immutable: false type: string description: Name of service template Internal2_net_name: hidden: false immutable: false type: string hsl_direct_net3: hidden: false immutable: false type: string hsl_direct_net4: hidden: false immutable: false type: string HSL_direct_net_gateway: hidden: false immutable: false type: string description: HSL (Logging) network gateway address hsl_direct_net1: hidden: false immutable: false type: string hsl_direct_net2: hidden: false immutable: false type: string st_image: hidden: false immutable: false type: string description: Name of the image st_shared_ip_list: hidden: false immutable: false type: string description: List of shared ip enabled-disabled Cricket_OCS_direct_net_id: hidden: false immutable: false type: string description: Name of Cricket OCS network Internal1_forwarding_mode: hidden: false immutable: false type: string end_src_ports: hidden: false immutable: false type: float description: End of src port end_dst_ports: hidden: false immutable: false type: float description: End of dst port HSL_direct_net_id: hidden: false immutable: false type: string description: Name of HSL (Logging) network HSL_direct_net_cidr: hidden: false immutable: false type: string description: HSL (Logging) network address (CIDR notation) node_templates: Internal2-net: type: org.openecomp.resource.vl.nodes.heat.network.contrail.VirtualNetwork properties: shared: get_input: Internal1_shared forwarding_mode: get_input: Internal1_forwarding_mode network_name: get_input: Internal2_net_name Internal1-net: type: org.openecomp.resource.vl.nodes.heat.network.contrail.VirtualNetwork properties: shared: get_input: Internal1_shared forwarding_mode: get_input: Internal1_forwarding_mode network_name: get_input: Internal1_net_name Internal3-net: type: org.openecomp.resource.vl.nodes.heat.network.contrail.VirtualNetwork properties: shared: get_input: Internal1_shared forwarding_mode: get_input: Internal1_forwarding_mode network_name: get_input: Internal2_net_name hsl_direct_net: type: org.openecomp.resource.vl.nodes.heat.network.contrail.VirtualNetwork properties: network_name: get_input: HSL_direct_net_id subnets: hsl_ip_subnet: cidr: get_input: HSL_direct_net_cidr gateway_ip: get_input: HSL_direct_net_gateway service_instance: type: org.openecomp.resource.abstract.nodes.heat.service_template directives: - substitutable properties: flavor: get_input: st_flavor availability_zone: get_input: availability_zone_1 image_name: get_input: st_image service_template_filter: substitute_service_template: service_instanceServiceTemplate.yaml count: get_input: max_num_fw_instances scaling_enabled: get_input: st_scaling mandatory: false service_type: get_input: st_type static_routes_list: - token: - get_input: st_static_routes_list - ',' - 0 - token: - get_input: st_static_routes_list - ',' - 1 - token: - get_input: st_static_routes_list - ',' - 2 - token: - get_input: st_static_routes_list - ',' - 3 - token: - get_input: st_static_routes_list - ',' - 4 service_template_name: get_input: st_name service_interface_type_list: - token: - get_input: st_service_interface_type_list - ',' - 0 - token: - get_input: st_service_interface_type_list - ',' - 1 - token: - get_input: st_service_interface_type_list - ',' - 2 - token: - get_input: st_service_interface_type_list - ',' - 3 - token: - get_input: st_service_interface_type_list - ',' - 4 interface_list: - virtual_network: get_input: hsl_direct_net1 - virtual_network: get_input: hsl_direct_net2 - virtual_network: get_input: hsl_direct_net3 - virtual_network: get_input: hsl_direct_net4 - virtual_network: hsl_direct_net service_instance_name: get_input: service_instance_name service_mode: get_input: st_mode shared_ip_list: - token: - get_input: st_shared_ip_list - ',' - 0 - token: - get_input: st_shared_ip_list - ',' - 1 - token: - get_input: st_shared_ip_list - ',' - 2 - token: - get_input: st_shared_ip_list - ',' - 3 - token: - get_input: st_shared_ip_list - ',' - 4 requirements: - link_port_0: capability: tosca.capabilities.network.Linkable node: Internal1-net relationship: tosca.relationships.network.LinksTo - link_port_1: capability: tosca.capabilities.network.Linkable node: Internal2-net relationship: tosca.relationships.network.LinksTo - link_port_2: capability: tosca.capabilities.network.Linkable node: Internal3-net relationship: tosca.relationships.network.LinksTo - link_port_4: capability: tosca.capabilities.network.Linkable node: hsl_direct_net relationship: tosca.relationships.network.LinksTo - dependency: capability: tosca.capabilities.Node node: hsl_direct_net relationship: tosca.relationships.DependsOn service_policy: type: org.openecomp.resource.vfc.rules.nodes.heat.network.contrail.NetworkRules properties: entries: policy_rule: - src_ports: - start_port: get_input: start_src_ports end_port: get_input: end_src_ports protocol: any action_list: apply_service: - service_instance dst_addresses: - virtual_network: get_input: Cricket_OCS_direct_net_id dst_ports: - start_port: get_input: start_dst_ports end_port: get_input: end_dst_ports src_addresses: - virtual_network: get_input: Cricket_OCS_protected_net_id direction: get_input: service_policy_direction name: get_input: service_policy_name requirements: - dependency: capability: tosca.capabilities.Node node: service_instance relationship: tosca.relationships.DependsOn groups: OCS-fw: type: org.openecomp.groups.heat.HeatStack properties: heat_file: ../Artifacts/OCS-fw.yml description: | Based on the following reference for the HOT-DMZ-FW template: Version 3.5 8-10-2015 (Authors: Art Mishurov,am254u & Johhny Chen, jc3066) - HOT-DMZ-FW template that creates two DMZ networks (direct and protected) with a scaled out firewall service between the two. members: - hsl_direct_net - service_instance - service_policy network_base: type: org.openecomp.groups.heat.HeatStack properties: heat_file: ../Artifacts/network_base.yml description: ASC External Networks Template members: - Internal2-net - Internal1-net - Internal3-net