forked from larsks/heat-docker-example
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-server.yml
307 lines (275 loc) · 8.68 KB
/
docker-server.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
heat_template_version: 2013-05-23
description: An example of using the Docker plugin for Heat.
parameters:
server_image:
type: string
default: fedora-20-x86_64-updated
description: glance image used to boot the server
server_flavor:
type: string
default: m1.small
description: flavor to use when booting the server
external_network_id:
type: string
description: uuid of a network to use for floating ip addresses
mysql_root_password:
type: string
description: root password for mysql instance
default: secret
dns_nameserver:
type: string
description: address of a dns nameserver reachable in your environment
default: 8.8.8.8
ssh_key_name:
type: string
description: name of ssh key to be provisioned on docker server
default: lars
resources:
######################################################################
#
# network resources. allocate a network and router for our server.
# it would also be possible to take advantage of existing network
# resources (and have the deployer provide network and subnet ids,
# etc, as parameters), but I wanted to minmize the amount of
# configuration necessary to make this go.
fixed_network:
type: "OS::Neutron::Net"
# This is the subnet on which we will deploy our docker server.
fixed_subnet:
type: "OS::Neutron::Subnet"
properties:
cidr: 10.0.0.0/24
network_id:
get_resource: fixed_network
dns_nameservers:
- get_param: dns_nameserver
# create a router attached to the external network provided as a
# parameter to this stack.
extrouter:
type: "OS::Neutron::Router"
properties:
external_gateway_info:
network:
get_param: external_network_id
# attached fixed_subnet to our extrouter router.
extrouter_inside:
type: "OS::Neutron::RouterInterface"
properties:
router_id:
get_resource: extrouter
subnet_id:
get_resource:
fixed_subnet
######################################################################
#
# security groups. we need to permit network traffic of various
# sorts.
#
# this permits ssh and icmp traffic
secgroup_common:
type: "OS::Neutron::SecurityGroup"
properties:
rules:
- protocol: icmp
- port_range_min: 22
port_range_max: 22
protocol: tcp
# this permits mysql traffic
secgroup_db:
type: "OS::Neutron::SecurityGroup"
properties:
rules:
- port_range_min: 3306
port_range_max: 3306
protocol: tcp
# this permits access to the docker server we're setting up.
secgroup_docker:
type: "OS::Neutron::SecurityGroup"
properties:
rules:
- port_range_min: 2375
port_range_max: 2375
protocol: tcp
# this permits http/https traffic
secgroup_webserver:
type: "OS::Neutron::SecurityGroup"
properties:
rules:
- port_range_min: 80
port_range_max: 80
protocol: tcp
- port_range_min: 443
port_range_max: 443
protocol: tcp
- port_range_min: 8080
port_range_max: 8080
protocol: tcp
######################################################################
#
# Create a wait condition. We will use this to synchronize the
# creation of the Docker contains with the target Docker server (to
# ensure that we don't attempt to create containers before Docker is
# available).
#
docker_wait_handle:
type: "AWS::CloudFormation::WaitConditionHandle"
docker_wait_condition:
type: "AWS::CloudFormation::WaitCondition"
depends_on:
- docker_server
properties:
Handle:
get_resource: docker_wait_handle
Timeout: "6000"
######################################################################
#
# This is our Docker server. It is designed to boot a Fedora
# image, install and start docker, and then notify Heat that things
# are ready for booting some containers.
#
docker_server:
type: "OS::Nova::Server"
properties:
image:
get_param: server_image
flavor:
get_param: server_flavor
key_name:
get_param: ssh_key_name
user_data_format: RAW
user_data:
# We're using Heat's 'str_replace' function in order to
# substitute into this script the Heat-generated URL for
# signaling the docker_wait_condition resource.
str_replace:
template: |
#!/bin/sh
yum -y upgrade
# I have occasionally seen 'yum install' fail with errors
# trying to contact mirrors. Because it can be a pain to
# delete and re-create the stack, just loop here until it
# succeeds.
while :; do
yum -y install docker-io
[ -x /usr/bin/docker ] && break
sleep 5
done
# Add a tcp socket for docker
cat > /etc/systemd/system/docker-tcp.socket <<EOF
[Unit]
Description=Docker remote access socket
[Socket]
ListenStream=2375
BindIPv6Only=both
Service=docker.service
[Install]
WantedBy=sockets.target
EOF
# Start and enable the docker service.
for sock in docker.socket docker-tcp.socket; do
systemctl start $sock
systemctl enable $sock
done
# Signal heat that we are finished settings things up.
cfn-signal -e0 --data 'OK' -r 'Setup complete' '$WAIT_HANDLE'
params:
"$WAIT_HANDLE":
get_resource: docker_wait_handle
networks:
- port:
get_resource: docker_server_eth0
# attach a port to the server with a fixed address from
# fixed_subnet and associate it with appropriate security groups.
docker_server_eth0:
type: "OS::Neutron::Port"
properties:
network_id:
get_resource: fixed_network
security_groups:
- get_resource:
secgroup_common
- get_resource:
secgroup_db
- get_resource:
secgroup_webserver
- get_resource:
secgroup_docker
fixed_ips:
- subnet_id:
get_resource:
fixed_subnet
# associate a floating ip address with the port created in the
# previous resource.
docker_server_floating:
type: "OS::Neutron::FloatingIP"
# workaround for stack delete problems as suggested in:
# https://bugs.launchpad.net/heat/+bug/1299259/comments/4
depends_on:
- extrouter_inside
properties:
floating_network_id:
get_param:
external_network_id
port_id:
get_resource: docker_server_eth0
######################################################################
#
# database container. this runs the official mysql container. we
# map port 3306 in the container to port 3306 on the host.
#
# The 'depends_on' clause in this resource definition means that
# Heat will not attempt to instantiate this resource until we signal
# the docker_wait_condition.
#
docker_dbserver:
type: "DockerInc::Docker::Container"
depends_on:
- docker_wait_condition
properties:
# set the docker enpoint to a url pointing at the ip address of
# the docker_server we started, above. We use Heat's
# 'str_replace' function in order to substitute the address into
# the URL.
docker_endpoint:
str_replace:
template: "tcp://$HOST:2375"
params:
"$HOST":
get_attr:
- docker_server_floating
- floating_ip_address
image: mysql
env:
# The official MySQL docker image expect the database root
# password to be provided in the MYSQL_ROOT_PASSWORD
# environment variable.
- str_replace:
template: MYSQL_ROOT_PASSWORD=$PASSWORD
params:
"$PASSWORD":
get_param:
mysql_root_password
port_specs:
- 3306
port_bindings:
3306: 3306
######################################################################
#
# a simple webserver. we map port 80 in the container to port 80 on
# the host.
#
docker_webserver:
type: "DockerInc::Docker::Container"
depends_on:
- docker_wait_condition
properties:
docker_endpoint:
str_replace:
template: "tcp://$HOST:2375"
params:
"$HOST": { get_attr: [ docker_server_floating, floating_ip_address ] }
image: larsks/simpleweb
port_specs:
- 80
port_bindings:
80: 80