-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathblueprint.yaml
259 lines (235 loc) · 8.31 KB
/
blueprint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
tosca_definitions_version: cloudify_dsl_1_3
description: >
See README.md file.
imports:
- http://cloudify.co/spec/cloudify/5.0.0/types.yaml
- plugin:cloudify-azure-plugin
inputs:
azure_config:
description: >
Parameters for connecting to Azure.
type: cloudify.datatypes.azure.Config
default:
subscription_id: { get_secret: default_azure_subscription_id }
tenant_id: { get_secret: default_azure_tenant_id }
client_id: { get_secret: default_azure_client_id }
client_secret: { get_secret: default_azure_client_secret }
azure_location:
description: >
Azure Location code for creating resources.
type: string
default: { get_secret: default_azure_location }
resource_name_prefix:
description: >
Prefix to prepend to resource names.
type: string
resource_group_name:
description: >
Name of resource group to create for the deployment.
type: string
cfy_resource_group_name:
description: >
Name of resource group where the Cloudify Manager virtual network
is located.
type: string
default: { get_secret: default_azure_cfy_resource_group_name }
cfy_vnet_name:
description: >
Name of virtual network to create our subnet in.
This virtual network is expected to exist already - for this demo,
Cloudify Manager and the new VM share the same virtual network.
type: string
default: { get_secret: default_azure_cfy_vnet_name }
cfy_subnet_name:
description: >
Name of subnet to which Cloudify Manager is connected. The new VM
will have a leg in this subnet.
type: string
default: { get_secret: default_azure_cfy_subnet_name }
image:
description: >
Image to use.
default:
publisher: OpenLogic
offer: CentOS
sku: 7.6
version: latest
size:
description: >
Name of Virtual Machine Size in Azure.
type: string
default: Standard_B1s
ssh_user:
type: string
default: { get_secret: default_linux_agent_user }
public_key_data:
description: >
SSH public key to inject to the VM's authorized_keys file.
type: string
default: { get_secret: default_public_key_data }
private_key_path:
description: >
Path, on Cloudify Manager, to the private key used to SSH to
the new VM. This is used in order to install the agent.
type: string
default: { get_secret: default_private_key_path }
node_templates:
resource_group:
type: cloudify.azure.nodes.ResourceGroup
properties:
azure_config: { get_input: azure_config }
name: { get_input: resource_group_name }
location: { get_input: azure_location }
storage_account:
type: cloudify.azure.nodes.storage.StorageAccount
properties:
azure_config: { get_input: azure_config }
name: { concat: [ { get_input: resource_name_prefix }, 'sg' ] }
location: { get_input: azure_location }
resource_config:
accountType: Standard_LRS
relationships:
- type: cloudify.azure.relationships.contained_in_resource_group
target: resource_group
nic:
type: cloudify.azure.nodes.network.NetworkInterfaceCard
properties:
azure_config: { get_input: azure_config }
name: { concat: [ { get_input: resource_name_prefix }, 'nic' ] }
location: { get_input: azure_location }
primary: true
relationships:
- type: cloudify.azure.relationships.contained_in_resource_group
target: resource_group
- type: cloudify.azure.relationships.nic_connected_to_network_security_group
target: network_security_group
- type: cloudify.azure.relationships.nic_connected_to_ip_configuration
target: public_ip_cfg
public_ip_cfg:
type: cloudify.azure.nodes.network.IPConfiguration
properties:
azure_config: { get_input: azure_config }
name: { concat: [ { get_input: resource_name_prefix }, 'ipcfg' ] }
location: { get_input: azure_location }
resource_config:
privateIPAllocationMethod: Dynamic
relationships:
- type: cloudify.azure.relationships.contained_in_resource_group
target: resource_group
- type: cloudify.azure.relationships.ip_configuration_connected_to_subnet
target: subnet
- type: cloudify.azure.relationships.ip_configuration_connected_to_public_ip
target: public_ip
network_security_group:
type: cloudify.azure.nodes.network.NetworkSecurityGroup
properties:
azure_config: { get_input: azure_config }
name: { concat: [ { get_input: resource_name_prefix }, 'sgrp' ] }
location: { get_input: azure_location }
resource_config:
securityRules:
- name: sg_http_test
properties:
description: HTTP access
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: 8080
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
priority: 103
access: Allow
direction: Inbound
- name: sg_http_console
properties:
description: JBOSS console access
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: 9990
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
priority: 104
access: Allow
direction: Inbound
- name: sg_ssh
properties:
description: SSH access
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: 22
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
priority: 105
access: Allow
direction: Inbound
relationships:
- type: cloudify.azure.relationships.contained_in_resource_group
target: resource_group
virtual_network:
type: cloudify.azure.nodes.network.VirtualNetwork
properties:
azure_config: { get_input: azure_config }
name: { get_input: cfy_vnet_name }
location: { get_input: azure_location }
resource_group_name: { get_input: cfy_resource_group_name }
use_external_resource: true
subnet:
type: cloudify.azure.nodes.network.Subnet
properties:
azure_config: { get_input: azure_config }
name: { get_input: cfy_subnet_name }
location: { get_input: azure_location }
resource_group_name: { get_input: cfy_resource_group_name }
use_external_resource: true
relationships:
- type: cloudify.azure.relationships.contained_in_virtual_network
target: virtual_network
public_ip:
type: cloudify.azure.nodes.network.PublicIPAddress
properties:
azure_config: { get_input: azure_config }
name: { concat: [ { get_input: resource_name_prefix }, 'ip' ] }
location: { get_input: azure_location }
resource_config:
publicIPAllocationMethod: Static
relationships:
- type: cloudify.azure.relationships.contained_in_resource_group
target: resource_group
vm:
type: cloudify.azure.nodes.compute.VirtualMachine
properties:
azure_config: { get_input: azure_config }
location: { get_input: azure_location }
os_family: linux
name: { concat: [ { get_input: resource_name_prefix }, 'vm' ] }
resource_config:
hardwareProfile:
vmSize: { get_input: size }
storageProfile:
imageReference: { get_input: image }
osProfile:
computerName: { get_property: [SELF, name] }
adminUsername: centos
linuxConfiguration:
ssh:
publicKeys:
- path: /home/centos/.ssh/authorized_keys
keyData: { get_input: public_key_data }
disablePasswordAuthentication: True
agent_config:
install_method: none
relationships:
- type: cloudify.azure.relationships.contained_in_resource_group
target: resource_group
- type: cloudify.azure.relationships.connected_to_storage_account
target: storage_account
- type: cloudify.azure.relationships.connected_to_nic
target: nic
capabilities:
private_ip:
value: { get_attribute: [vm, ip] }
public_ip:
value: { get_attribute: [public_ip, public_ip_address] }
ssh_user:
value: { get_input: ssh_user }
private_key_path:
value: { get_input: private_key_path }