Si vous avez suivi jusqu’ici les différents templates que j’ai créé, vous ne devriez pas avoir de mal à comprendre celui-ci. Une fois que vous avez la logique, le plus long est d’écrire les user-data afin de déployer une machine des plus opérationnelles. Il faut également essayer d’optimiser ses scripts bash afin d’améliorer la vitesse de déploiement des instances.

On n’hésite surtout pas à demander des valeurs pour nos variables à l’utilisateur afin de rendre les applications personnalisables (vous pouvez tout de même proposer des valeurs par défaut comme vu précédemment).

heat_template_version: ocata
description: Deploiement d'une application LAMP

parameters:
  network_name:
    type: string
    label: Nom du reseau
    description: Nom du reseau

  subnetwork_name:
    type: string
    label: Nom du sous reseau
    description: Nom du sous reseau

  ip_network:
    type: string
    label: IP du reseau
    description: IP de votre reseau

  gateway_ip:
    type: string
    label: IP de la passerelle
    description: IP souhaite pour la passerelle

  router_name:
    type: string
    label: Nom du routeur
    description: Nom de votre routeur

  pass_apache:
    type: string
    label: Mot de passe de l'utilisateur de la machine Apache
    default: ubuntu
    hidden: true

  pass_mysql:
    type: string
    label: Mot de passe de l'utilisateur de la machine MySQL
    default: ubuntu
    hidden: true

  pass_admin:
    type: string
    label: Mot de passe de l'utilisateur de la machine Admin
    default: ubuntu
    hidden: true

  pass_bd:
    type: string
    label: Mot de passe de la base de donnees
    default: ubuntu
    hidden: true


resources:
  network1:
    type: OS::Neutron::Net
    properties:
      name: { get_param: network_name }
 
  subnetwork1:
    type: OS::Neutron::Subnet
    properties:
      name: { get_param: subnetwork_name }
      cidr: { get_param: ip_network }
      gateway_ip: { get_param: gateway_ip }
      network_id: { get_resource: network1 }
      enable_dhcp: true

  router1:
    type: OS::Neutron::Router
    properties:
      name: { get_param: router_name }
      external_gateway_info:
      network: bd7b0ab5-befb-4dbf-a3c8-786a9ae0d828

  router1_interface:
    type: OS::Neutron::RouterInterface
    properties:
      router_id: { get_resource: router1 }
      subnet_id: { get_resource: subnetwork1 }

  server1:
    type: OS::Nova::Server
    properties:
      name: Apache
      image: "Ubuntu_16.04"
      flavor: "U-medium"
      networks:
        - port: { get_resource: server1_port }
      user_data: 
        str_replace:
          template: |
            #!/bin/bash
            sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
            service sshd restart
            echo "ubuntu:$PASS_APACHE" | chpasswd
            apt-get --yes update
            apt-get --yes install apache2 php libapache2-mod-php php-mysql mysql-client
            wget http://formations.telecom-bretagne.eu/syst/Cloud/ressources/adminer-4.3.1.php-source
            mv adminer-4.3.1.php-source /var/www/html/index.php
            rm /var/www/html/index.html
            service apache2 restart 
          params:
           $PASS_APACHE: {get_param: pass_apache} 
  
  server1_port:
  type: OS::Neutron::Port
  properties:
    network_id: { get_resource: network1 }
    security_groups: [Apache-LAMP]
 
  server1_floating_ip:
  type: OS::Neutron::FloatingIP
  properties:
    floating_network_id: bd7b0ab5-befb-4dbf-a3c8-786a9ae0d828
    port_id: { get_resource: server1_port }

  server2:
  type: OS::Nova::Server
  properties:
    name: MySQL
    image: "Ubuntu_16.04"
    flavor: "U-medium"
    networks:
      - port: { get_resource: server2_port }
    user_data: 
      str_replace:
        template: |
          #!/bin/bash
          sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
          service sshd restart
          echo "ubuntu:$PASS_MYSQL" | chpasswd
          apt-get --yes update
          echo "mysql-server mysql-server/root_password password $PASS_BD" | debconf-set-selections
          echo "mysql-server mysql-server/root_password_again password $PASS_BD" | debconf-set-selections
          apt-get --yes install mysql-server
          sed -i "s/\(bind-address.*=.* 127.0.0.1\).*/\#bind-address = 127.0.0.1/" /etc/mysql/mysql.conf.d/mysqld.cnf
          mysql -u root --password="$PASS_BD" -e "CREATE USER 'root'@'%' IDENTIFIED BY '$PASS_BD';
          GRANT ALL PRIVILEGES ON *.* to 'root'@'%';
          FLUSH PRIVILEGES;"
          service mysql restart
        params:
         $PASS_MYSQL: {get_param: pass_mysql}
         $PASS_BD: {get_param: pass_bd}
 
  server2_port:
    type: OS::Neutron::Port
    properties:
      network_id: { get_resource: network1 }
      security_groups: [MySQL-LAMP]

  server3:
    type: OS::Nova::Server
    properties:
      name: Admin
      image: "Ubuntu_16.04"
      flavor: "U-small"
      networks:
        - port: { get_resource: server3_port }
      user_data: 
        str_replace:
          template: |
            #!/bin/bash
            sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
            service sshd restart
            echo "ubuntu:$PASS_ADMIN" | chpasswd
            apt-get --yes update
            apt-get --yes install openssh-client 
          params:
           $PASS_ADMIN: {get_param: pass_admin}
 
  server3_port:
    type: OS::Neutron::Port
    properties:
      network_id: { get_resource: network1 }
      security_groups: [Admin-LAMP]
 
  server3_floating_ip:
    type: OS::Neutron::FloatingIP
    properties:
      floating_network_id: bd7b0ab5-befb-4dbf-a3c8-786a9ae0d828
      port_id: { get_resource: server3_port }

  apache_security_group:
    type: OS::Neutron::SecurityGroup
    properties:
      description: Apache Acces Rules
      name: Apache-LAMP
      rules: [{"remote_ip_prefix": 0.0.0.0/0, "protocol": tcp, "port_range_min": 22, "port_range_max": 22}, {"remote_ip_prefix": 0.0.0.0/0, "protocol": icmp}, {"remote_ip_prefix": 0.0.0.0/0, "protocol": tcp, "port_range_min": 3306, "port_range_max": 3306}, {"remote_ip_prefix": 0.0.0.0/0, "protocol": tcp, "port_range_min": 80, "port_range_max": 80}, {"remote_ip_prefix": 0.0.0.0/0, "protocol": tcp, "port_range_min": 443, "port_range_max": 443}]

 mysql_security_group:
   type: OS::Neutron::SecurityGroup
   properties:
     description: MySQL Acces Rules
     name: MySQL-LAMP
     rules: [{"remote_ip_prefix": 0.0.0.0/0, "protocol": tcp, "port_range_min": 22, "port_range_max": 22}, {"remote_ip_prefix": 0.0.0.0/0, "protocol": icmp}, {"remote_ip_prefix": 0.0.0.0/0, "protocol": tcp, "port_range_min": 3306, "port_range_max": 3306}]

  admin_security_group:
    type: OS::Neutron::SecurityGroup
    properties:
      description: Admin Acces Rules
      name: Admin-LAMP
      rules: [{"remote_ip_prefix": 0.0.0.0/0, "protocol": tcp, "port_range_min": 22, "port_range_max": 22}, {"remote_ip_prefix": 0.0.0.0/0, "protocol": icmp}]


outputs:

  IP_Privee_Apache:
    description: Adresse IP de la machine Apache dans le reseau prive
    value: { get_attr: [ server1, first_address ] }

  IP_Public_Apache:
    description: Adresse IP flotante de la machine Apache dans le reseau public
    value: { get_attr: [ server1_floating_ip, floating_ip_address ] }

  IP_Privee_MySQL:
    description: Adresse IP de la machine MySQL dans le reseau prive
    value: { get_attr: [ server2, first_address ] }

  IP_Privee_Admin:
    description: Adresse IP de la machine Admin dans le reseau prive
    value: { get_attr: [ server3, first_address ] }

  IP_Public_Admin: 
    description: Adresse IP flotante de la machine Admin dans le reseau public
    value: { get_attr: [ server3_floating_ip, floating_ip_address ] }

  User:
    description: Utilisateur commun a toutes les machines
    value: ubuntu