heat_template_version: 2018-08-31 description: > File docker_swarm.yaml, Install a docker swarm master and a worker node, both based on Fedora30 cloud images, we are using an existing private network and external network, a floating-ip is only assigned to the master and a custom security group is created, to test use openstack stack create --dry-run --timeout 3000 --template docker_swarm.yaml marks-docker-swarm, remove --dry-run flag to deploy the stack. parameters: key_name: type: string label: Key Name description: Name of key-pair to be used for compute instance default: marks-keypair-stein root_password: type: string label: Root User Password description: Password to be used for root user hidden: true default: password constraints: - length: { min: 6, max: 8 } description: Password length must be between 6 and 8 characters. - allowed_pattern: "[a-zA-Z0-9]+" description: Password must consist of characters and numbers only. net: description: name of network used to launch instance. type: string default: marks-network-10-0-1 subnet: description: name of subnet within network used to launch instance. type: string default: marks-network-10-0-1-subnet1 public_network: description: name of the public network to associate floating ip from. type: string default: external_network resources: docker-master-server: type: OS::Nova::Server properties: name: docker-master key_name: { get_param: key_name } image: Fedora 30 flavor: fedora30-docker-min security_groups: [{ get_resource: docker_security_group }] availability_zone: nova networks: - network: { get_param: net } user_data: str_replace: template: | #!/bin/bash echo "Customising system image..." # For troubleshooting use a known password for console login echo "$ROOTPSWD" | passwd root --stdin timedatectl set-timezone Pacific/Auckland wc_notify --data-binary '{"status": "SUCCESS"}' # # Temporarily allow internet lookups for package installs, the # temp change here does not survive a reboot which is what we want # as in use the node should not have internat access. echo "nameserver 192.168.1.1" >> /etc/resolv.conf sync yum -y install iputils psmisc bind-utils rsyslog docker systemctl enable rsyslog systemctl start rsyslog # F30 does not create the docker group when installing docker, create it # and add the fedora cloud-image user to th group. groupadd docker usermod -a -G docker fedora # Also cannot run in swarm mode in default live-restore configuration so # aletr docker start command before starting it. cp -p /etc/sysconfig/docker /root/sysconfig_docker.supplied cat /root/sysconfig_docker.supplied | sed -e's/--selinux-enabled --log-driver=journald --live-restore/--selinux-enabled --log-driver=journald/' > /etc/sysconfig/docker systemctl enable docker systemctl start docker # Docker version 1.13.1 onward does not allow parameters to swarm init, which bugzilla notes # causes a lot of problems on multi-interface systems. # Do the swarm init and SAVE the join token command in a file for later use to join the workers docker swarm init | tee /root/jointoken.txt # For testing cp -p /etc/selinux/config /root/selinux_config.supplied cat /root/selinux_config.supplied | sed -e's/SELINUX=enforcing/SELINUX=permissive/' > /etc/selinux/config setenforce 0 # echo "...end of install" exit 0 # ... done params: $ROOTPSWD: { get_param: root_password } floating_ip: type: OS::Neutron::FloatingIP properties: floating_network: {get_param: public_network} association: type: OS::Neutron::FloatingIPAssociation properties: floatingip_id: { get_resource: floating_ip } port_id: {get_attr: [docker-master-server, addresses, {get_param: net}, 0, port]} docker-node0-server: type: OS::Nova::Server depends_on: docker-master-server properties: name: docker-node0 key_name: { get_param: key_name } image: Fedora 30 flavor: fedora30-docker-min security_groups: [{ get_resource: docker_security_group }] availability_zone: nova networks: - network: { get_param: net } user_data: str_replace: template: | #!/bin/bash echo "Customising system image..." # For troubleshooting use a known password for console login echo "$ROOTPSWD" | passwd root --stdin timedatectl set-timezone Pacific/Auckland wc_notify --data-binary '{"status": "SUCCESS"}' echo "nameserver 192.168.1.1" >> /etc/resolv.conf yum -y install telnet iputils psmisc bind-utils rsyslog docker sync systemctl enable rsyslog systemctl start rsyslog # F30 does not create the docker group when installing docker, create it groupadd docker usermod -a -G docker fedora # Also cannot run in swarm mode in default live-restore configuration cp -p /etc/sysconfig/docker /root/sysconfig_docker.supplied cat /root/sysconfig_docker.supplied | sed -e's/--selinux-enabled --log-driver=journald --live-restore/--selinux-enabled --log-driver=journald/' > /etc/sysconfig/docker systemctl enable docker systemctl start docker # # For testing cp -p /etc/selinux/config /root/selinux_config.supplied cat /root/selinux_config.supplied | sed -e's/SELINUX=enforcing/SELINUX=permissive/' > /etc/selinux/config setenforce 0 # logger "To join this server to the docker swarm master use the command stored on the master in /root/jointoken.txt" echo "To join this server to the docker swarm master use the command stored on the master in /root/jointoken.txt" echo "...end of install" exit 0 # ... done params: $ROOTPSWD: { get_param: root_password } docker_security_group: type: OS::Neutron::SecurityGroup properties: description: Ports needed for a a docker swarm. name: docker-security-group rules: [ {remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 22, port_range_max: 22}, {remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 2376, port_range_max: 2376}, {remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 2377, port_range_max: 2377}, {remote_ip_prefix: 0.0.0.0/0, protocol: tcp, port_range_min: 7946, port_range_max: 7946}, {remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 4789, port_range_max: 4789}, {remote_ip_prefix: 0.0.0.0/0, protocol: udp, port_range_min: 7946, port_range_max: 7946}, {remote_ip_prefix: 0.0.0.0/0, protocol: icmp}] outputs: instance_keypair: description: SSH Key-Pair to be used to access the instances value: { get_param: key_name } instance_private_ip_master: description: Private IP address of docker-master value: { get_attr: [docker-master-server, networks, {get_param: net}, 0] } instance_public_ip_master: description: Public IP address of agent server value: { get_attr: [docker-master-server, networks, {get_param: net}, 1] } instance_rootpw: description: Default root password for all servers value: { get_param: root_password } instance_private_ip_node0: description: Private IP address of docker-node0 value: { get_attr: [docker-node0-server, networks, {get_param: net}, 0] }