Untitled
Never
heat_template_version: 2016-04-08 parameters: NetName: default: network type: string SubnetName: type: string default: subnet RouterName: type: string default: router resources: Net: type: OS::Neutron::Net properties: admin_state_up: True name: { get_param: NetName } shared: False PrivateSubnet: type: OS::Neutron::Subnet properties: name: subnet cidr: 10.0.0.0/24 dns_nameservers: - 8.8.8.8 - 8.8.4.4 enable_dhcp: True network: { get_resource: Net } Router: type: OS::Neutron::Router properties: admin_state_up: True name: { get_param: RouterName } external_gateway_info: { enable_snat: True, network: ext-net } RouterPort: type: OS::Neutron::Port properties: name: RouterPort fixed_ips: - ip_address: 10.0.0.1 network: { get_resource: Net } RouterInterface: type: OS::Neutron::RouterInterface properties: router: { get_resource: Router } port: { get_resource: RouterPort } JumpPort: type: OS::Neutron::Port properties: name: JumpPort network: { get_resource: Net } fixed_ips: - ip_address: 10.0.0.14 security_groups: - { get_resource: SecurityGroup } Jump: type: OS::Nova::Server properties: name: jump availability_zone: compute1 flavor: linux image: ubuntu_server_18.04_amd64_Openstack user_data_update_policy: REPLACE key_name: cvikokey networks: - port: { get_resource: JumpPort } user_data_format: RAW user_data: | #!/bin/bash apt-get update -y sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -s 0.0.0.0/0 -d 10.0.0.14/32 -p tcp --dport 80 -j DNAT --to 10.0.0.19:80 iptables -t nat -A POSTROUTING -s 0.0.0.0/0 -d 10.0.0.19/32 -p tcp --dport 80 -j SNAT --to-source 10.0.0.14 Apache: type: OS::Nova::Server properties: name: apache availability_zone: compute1 flavor: linux image: ubuntu_server_18.04_amd64_Openstack user_data_update_policy: REPLACE key_name: cvikokey networks: - port: { get_resource: ApachePort } user_data_format: RAW user_data: | #!/bin/bash apt-get update -y apt install apache2 -y ApachePort: type: OS::Neutron::Port properties: name: ApachePort network: { get_resource: Net } fixed_ips: - ip_address: 10.0.0.19 security_groups: - { get_resource: ApacheSecurity } Proxy: type: OS::Nova::Server properties: name: proxy availability_zone: compute1 flavor: linux image: ubuntu_server_18.04_amd64_Openstack user_data_update_policy: REPLACE key_name: cvikokey networks: - port: { get_resource: ProxyPort } user_data_format: RAW user_data: | #!/bin/bash apt-get update -y apt install squid -y systemctl start squid systemctl enable squid ProxyPort: type: OS::Neutron::Port properties: name: ProxyPort network: { get_resource: Net } fixed_ips: - ip_address: 10.0.0.3 security_groups: - { get_resource: ProxySecurity } JumpFloatingIP: type: OS::Neutron::FloatingIP properties: floating_network: ext-net JumpFloatingIPAssociation: type: OS::Neutron::FloatingIPAssociation properties: floatingip_id: { get_resource: JumpFloatingIP } port_id: { get_resource: JumpPort } SecurityGroup: type: OS::Neutron::SecurityGroup properties: name: jumpSecurity rules: - protocol: tcp ethertype: IPv4 remote_ip_prefix: 158.193.0.0/16 direction: ingress port_range_min: 22 port_range_max: 22 - protocol: icmp direction: ingress remote_ip_prefix: 158.193.0.0/16 - direction: egress ethertype: IPv4 protocol: tcp port_range_min: 1 port_range_max: 65535 remote_ip_prefix: 0.0.0.0/0 - direction: egress ethertype: IPv4 protocol: udp port_range_min: 1 port_range_max: 65535 remote_ip_prefix: 0.0.0.0/0 - direction: egress ethertype: IPv4 protocol: icmp remote_ip_prefix: 0.0.0.0/0 - protocol: tcp direction: ingress port_range_min: 80 port_range_max: 80 remote_ip_prefix: 0.0.0.0/0 - protocol: tcp direction: egress port_range_min: 80 port_range_max: 80 remote_ip_prefix: 0.0.0.0/0 ProxySecurity: type: OS::Neutron::SecurityGroup properties: name: ProxySecurity rules: - protocol: tcp ethertype: IPv4 remote_ip_prefix: 0.0.0.0/0 direction: ingress port_range_min: 22 port_range_max: 22 - protocol: icmp ethertype: IPv4 direction: ingress remote_ip_prefix: 0.0.0.0/0 - direction: egress ethertype: IPv4 protocol: icmp remote_ip_prefix: 0.0.0.0/0 - direction: ingress protocol: tcp port_range_min: 3128 port_range_max: 3128 remote_ip_prefix: 0.0.0.0/0 ApacheSecurity: type: OS::Neutron::SecurityGroup properties: name: ApacheSecurity rules: - protocol: tcp ethertype: IPv4 remote_ip_prefix: 0.0.0.0/0 direction: ingress port_range_min: 22 port_range_max: 22 - protocol: icmp ethertype: IPv4 direction: ingress remote_ip_prefix: 0.0.0.0/0 - direction: egress ethertype: IPv4 protocol: icmp remote_ip_prefix: 0.0.0.0/0 - protocol: tcp direction: ingress port_range_min: 80 port_range_max: 80 remote_ip_prefix: 0.0.0.0/0 - protocol: tcp direction: egress port_range_min: 80 port_range_max: 80 remote_ip_prefix: 0.0.0.0/0 - protocol: tcp direction: egress port_range_min: 53 port_range_max: 53 remote_ip_prefix: 0.0.0.0/0 - protocol: udp direction: egress port_range_min: 53 port_range_max: 53 remote_ip_prefix: 0.0.0.0/0