blob: c5f95d87d4f8c0cdcc5f6cf5a1674166235fea9b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
heat_template_version: 2014-10-16
description: OpenShift cluster
parameters:
cluster-id:
type: string
label: Cluster ID
description: Identifier of the cluster
network-prefix:
type: string
label: Network prefix
description: Prefix of the network objects
cidr:
type: string
label: CIDR
description: CIDR of the network of the cluster
dns-nameservers:
type: comma_delimited_list
label: DNS nameservers list
description: List of DNS nameservers
external-net:
type: string
label: External network
description: Name of the external network
default: external
ssh-incoming:
type: string
label: Source of ssh connections
description: Source of legitimate ssh connections
resources:
net:
type: OS::Neutron::Net
properties:
name:
str_replace:
template: network-prefix-net
params:
network-prefix: { get_param: network-prefix }
subnet:
type: OS::Neutron::Subnet
properties:
name:
str_replace:
template: network-prefix-subnet
params:
network-prefix: { get_param: network-prefix }
network: { get_resource: net }
cidr: { get_param: cidr }
dns_nameservers: { get_param: dns-nameservers }
router:
type: OS::Neutron::Router
properties:
name:
str_replace:
template: network-prefix-router
params:
network-prefix: { get_param: network-prefix }
external_gateway_info:
network: { get_param: external-net }
interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: router }
subnet_id: { get_resource: subnet }
node-secgrp:
type: OS::Neutron::SecurityGroup
properties:
name:
str_replace:
template: network-prefix-node-secgrp
params:
network-prefix: { get_param: network-prefix }
description:
str_replace:
template: Security group for cluster-id OpenShift cluster nodes
params:
cluster-id: { get_param: cluster-id }
rules:
- direction: ingress
protocol: tcp
port_range_min: 22
port_range_max: 22
remote_ip_prefix: { get_param: ssh-incoming }
- direction: ingress
protocol: udp
port_range_min: 4789
port_range_max: 4789
remote_mode: remote_group_id
- direction: ingress
protocol: tcp
port_range_min: 10250
port_range_max: 10250
remote_mode: remote_group_id
remote_group_id: { get_resource: master-secgrp }
master-secgrp:
type: OS::Neutron::SecurityGroup
properties:
name:
str_replace:
template: network-prefix-master-secgrp
params:
network-prefix: { get_param: network-prefix }
description:
str_replace:
template: Security group for cluster-id OpenShift cluster master
params:
cluster-id: { get_param: cluster-id }
rules:
- direction: ingress
protocol: tcp
port_range_min: 22
port_range_max: 22
remote_ip_prefix: { get_param: ssh-incoming }
- direction: ingress
protocol: tcp
port_range_min: 4001
port_range_max: 4001
- direction: ingress
protocol: tcp
port_range_min: 8443
port_range_max: 8443
- direction: ingress
protocol: tcp
port_range_min: 53
port_range_max: 53
- direction: ingress
protocol: udp
port_range_min: 53
port_range_max: 53
- direction: ingress
protocol: tcp
port_range_min: 24224
port_range_max: 24224
- direction: ingress
protocol: udp
port_range_min: 24224
port_range_max: 24224
|
