provisioning.yaml

tosca_definitions_version: cloudify_dsl_1_3

imports:
  - http://www.getcloudify.org/spec/cloudify/4.4/types.yaml
  - plugin:cloudify-openstack-plugin?version=2.14.7

inputs:

  security_group_name:
    type: string
    default: opencontrail_sg
    description: security group name to use

  left_network_name:
    type: string
    default: left_net
    description: left side (LAN/branch) network name to set

  left_network_subnet_name:
    type: string
    default: left_subnet
    description: left side (LAN/branch) subnet name to set

  left_subnet_cidr:
    type: string
    default: 10.10.1.0/24
    description: left side (LAN/branch) network CIDR in format of x.x.x.x/y

  right_network_name:
    type: string
    default: right_net
    description:  right side (WAN/internet) network name to set

  right_network_subnet_name:
    type: string
    default: right_subnet
    description: right side (WAN/internet) subnet name to set

  right_subnet_cidr:
    type: string
    default: 10.10.2.0/24
    description: right side (WAN/internet) network CIDR in format of x.x.x.x/y

  image:
    type: string
    default: cirros-0.4.0-x86_64
    description: VM image for the service instance

  flavor:
    type: string
    default: tiny
    description:  openstack flavor name to use for the VM instance

dsl_definitions:
  openstack_config: &openstack_config
    username: { get_secret: opencontrail_keystone_username }
    password: { get_secret: opencontrail_keystone_password }
    tenant_name: { get_secret: opencontrail_keystone_tenant_name }
    auth_url: { get_secret: opencontrail_keystone_url }
    region: { get_secret: opencontrail_keystone_region }

node_templates:

  left_vm:
    type: cloudify.openstack.nodes.Server
    properties:
      image: { get_input: image }
      flavor: { get_input: flavor }
      install_agent: false
      openstack_config: *openstack_config
    relationships:
      - target: security_group
        type: cloudify.openstack.server_connected_to_security_group
      - target: left_port
        type: cloudify.relationships.connected_to

  right_vm:
    type: cloudify.openstack.nodes.Server
    properties:
      image: { get_input: image }
      flavor: { get_input: flavor }
      install_agent: false
      openstack_config: *openstack_config
    relationships:
      - target: security_group
        type: cloudify.openstack.server_connected_to_security_group
      - target: right_port
        type: cloudify.relationships.connected_to

  left_network:
    type: cloudify.openstack.nodes.Network
    properties:
      openstack_config: *openstack_config
      resource_id: { get_input: left_network_name }
      use_external_resource : false

  left_subnet:
    type: cloudify.openstack.nodes.Subnet
    properties:
      openstack_config: *openstack_config
      resource_id: { get_input: left_network_subnet_name }
      use_external_resource : false
      subnet:
        ip_version: 4
        cidr: { get_input: left_subnet_cidr }
    relationships:
      - target: left_network
        type: cloudify.relationships.contained_in

  left_port:
    type: cloudify.openstack.nodes.Port
    properties:
      openstack_config: *openstack_config
    relationships:
      - type: cloudify.relationships.contained_in
        target: left_network
      - type: cloudify.relationships.depends_on
        target: left_subnet
      - target: security_group
        type: cloudify.openstack.port_connected_to_security_group

  right_network:
    type: cloudify.openstack.nodes.Network
    properties:
      openstack_config: *openstack_config
      resource_id: { get_input: right_network_name }
      use_external_resource : false

  right_subnet:
    type: cloudify.openstack.nodes.Subnet
    properties:
      openstack_config: *openstack_config
      resource_id: { get_input: right_network_subnet_name }
      use_external_resource : false
      subnet:
        ip_version: 4
        cidr: { get_input: right_subnet_cidr }
    relationships:
      - target: right_network
        type: cloudify.relationships.contained_in

  right_port:
    type: cloudify.openstack.nodes.Port
    properties:
      openstack_config: *openstack_config
    relationships:
      - type: cloudify.relationships.contained_in
        target: right_network
      - type: cloudify.relationships.depends_on
        target: right_subnet
      - target: security_group
        type: cloudify.openstack.port_connected_to_security_group

  # security
  security_group:
    type: cloudify.openstack.nodes.SecurityGroup
    properties:
      openstack_config: *openstack_config
      use_external_resource: false
      resource_id: { get_input: security_group_name }
      security_group:
        name: { get_input: security_group_name }
      rules:
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
        - protocol: icmp
          port_range_min: 0
          port_range_max: 255
          remote_ip_prefix: 0.0.0.0/0

capabilities:
  left_network_name:
    description: Name of created left network
    value: { get_attribute: [right_network, external_name] }
  right_network_name:
    description: Name of created right network
    value: { get_attribute: [left_network, external_name] }