################################################################################ # Copyright (c) 2015 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # ################################################################################ # # Objective: # Demonstrates a virtual router port forwarding setup # Sets up ports, VM instances, and forwarding rules # # Pre-Reqs: # An environment capable of launching 3 VMs # Image imported to glance # Keypair imported to nova # Private network created # Public (external) network created with attachment to private subnet # Router create connecting private network to public network # # Mandatory Template Parameters: # KEYPAIR # IMAGE # FLAVOR # ROUTER_ID # PRIVATE_NET # PRIVATE_SUBNET # # Tenant Considerations: # Should be run as tenant. # Can be run as admin # # Sample CLI syntax: # heat stack-create -f PortForwarding.yaml \ # -P ROUTER_ID=812b639cd3714d389a4e2662b114b72b \ # -P KEYPAIR=tenant1-keypair \ # -P FLAVOR=small \ # -P PRIVATE_NET=tenant1-mgmt \ # -P PRIVATE_SUBNET=tenant1-mgmt-subnet0 \ # DNAT # # Expected Outcome: # 3 VM instances launched # 3 Neutron port forwarding rules (1 to each VM) (neutron portforwarding-list) # ################################################################################ heat_template_version: 2015-04-30 description: > HOT template to deploy three servers into an existing neutron tenant network and assign port forwarding rules to each server so they are accessible from the public network via specific layer4 port numbers. parameters: KEYPAIR: type: string description: Name of keypair to assign to servers constraints: - custom_constraint: nova.keypair KEYPAIR_ADMIN_USER: type: string description: Name of user account to inject ssh keys from keypair default: 'ec2-user' IMAGE: type: string description: Name of image to use for servers default: tis-centos-guest constraints: - custom_constraint: glance.image FLAVOR: type: string description: Flavor to use for servers default: small constraints: - custom_constraint: nova.flavor ROUTER_ID: type: string description: ID of public facing router that handles NAT translations constraints: - custom_constraint: neutron.router PRIVATE_NET: type: string description: Name of private network into which servers get deployed constraints: - custom_constraint: neutron.network PRIVATE_SUBNET: type: string description: Name of private sub network into which servers get deployed constraints: - custom_constraint: neutron.subnet PRIVATE_PORT_NUMBER: type: number description: Layer4 protocol port number which will terminate on each VM default: 80 PROTOCOL: type: string description: Layer4 protocol of all port mappings default: tcp SERVER1_PUBLIC_PORT_NUMBER: type: number description: Public layer4 protocol portnum which terminates on server1 default: 8080 SERVER2_PUBLIC_PORT_NUMBER: type: number description: Public layer4 protocol portnum which terminates on server2 default: 8081 SERVER3_PUBLIC_PORT_NUMBER: type: number description: Public layer4 protocol portnum which terminates on server3 default: 8082 resources: server1: type: OS::Nova::Server properties: name: Server1 image: { get_param: IMAGE } flavor: { get_param: FLAVOR } key_name: { get_param: KEYPAIR } admin_user: { get_param: KEYPAIR_ADMIN_USER } networks: - port: { get_resource: server1_port } server1_port: type: OS::Neutron::Port properties: network: { get_param: PRIVATE_NET } fixed_ips: - subnet: { get_param: PRIVATE_SUBNET } server1_rule: type: WR::Neutron::PortForwarding properties: router_id: { get_param: ROUTER_ID } inside_addr: { get_attr: [ server1, first_address ] } inside_port: { get_param: PRIVATE_PORT_NUMBER } outside_port: { get_param: SERVER1_PUBLIC_PORT_NUMBER } protocol: { get_param: PROTOCOL } description: "Server1 port forwarding rule" server2: type: OS::Nova::Server properties: name: Server2 image: { get_param: IMAGE } flavor: { get_param: FLAVOR } key_name: { get_param: KEYPAIR } admin_user: { get_param: KEYPAIR_ADMIN_USER } networks: - port: { get_resource: server2_port } server2_port: type: OS::Neutron::Port properties: network: { get_param: PRIVATE_NET } fixed_ips: - subnet: { get_param: PRIVATE_SUBNET } server2_rule: type: WR::Neutron::PortForwarding properties: router_id: { get_param: ROUTER_ID } inside_addr: { get_attr: [ server2, first_address ] } inside_port: { get_param: PRIVATE_PORT_NUMBER } outside_port: { get_param: SERVER2_PUBLIC_PORT_NUMBER } protocol: { get_param: PROTOCOL } description: "Server2 port forwarding rule" server3: type: OS::Nova::Server properties: name: Server3 image: { get_param: IMAGE } flavor: { get_param: FLAVOR } key_name: { get_param: KEYPAIR } admin_user: { get_param: KEYPAIR_ADMIN_USER } networks: - port: { get_resource: server3_port } server3_port: type: OS::Neutron::Port properties: network: { get_param: PRIVATE_NET } fixed_ips: - subnet: { get_param: PRIVATE_SUBNET } server3_rule: type: WR::Neutron::PortForwarding properties: # required properties router_id: { get_param: ROUTER_ID } inside_addr: { get_attr: [ server3, first_address ] } inside_port: { get_param: PRIVATE_PORT_NUMBER } outside_port: { get_param: SERVER3_PUBLIC_PORT_NUMBER } protocol: { get_param: PROTOCOL } # optional properties description: "Server3 port forwarding rule"