Untitled
Never
heat_template_version: 2016-04-08
parameters:
NetName:
default: network
type: string
SubnetName:
type: string
default: subnet
RouterName:
type: string
default: router
resources:
Net:
type: OS::Neutron::Net
properties:
admin_state_up: True
name: { get_param: NetName }
shared: False
PrivateSubnet:
type: OS::Neutron::Subnet
properties:
name: subnet
cidr: 10.0.0.0/24
dns_nameservers:
- 8.8.8.8
- 8.8.4.4
enable_dhcp: True
network: { get_resource: Net }
Router:
type: OS::Neutron::Router
properties:
admin_state_up: True
name: { get_param: RouterName }
external_gateway_info: {
enable_snat: True,
network: ext-net
}
RouterPort:
type: OS::Neutron::Port
properties:
name: RouterPort
fixed_ips:
- ip_address: 10.0.0.1
network: { get_resource: Net }
RouterInterface:
type: OS::Neutron::RouterInterface
properties:
router: { get_resource: Router }
port: { get_resource: RouterPort }
JumpPort:
type: OS::Neutron::Port
properties:
name: JumpPort
network: { get_resource: Net }
fixed_ips:
- ip_address: 10.0.0.14
security_groups:
- { get_resource: SecurityGroup }
Jump:
type: OS::Nova::Server
properties:
name: jump
availability_zone: compute1
flavor: linux
image: ubuntu_server_18.04_amd64_Openstack
user_data_update_policy: REPLACE
key_name: cvikokey
networks:
- port: { get_resource: JumpPort }
user_data_format: RAW
user_data: |
#!/bin/bash
apt-get update -y
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -s 0.0.0.0/0 -d 10.0.0.14/32 -p tcp --dport 80 -j DNAT --to 10.0.0.19:80
iptables -t nat -A POSTROUTING -s 0.0.0.0/0 -d 10.0.0.19/32 -p tcp --dport 80 -j SNAT --to-source 10.0.0.14
Apache:
type: OS::Nova::Server
properties:
name: apache
availability_zone: compute1
flavor: linux
image: ubuntu_server_18.04_amd64_Openstack
user_data_update_policy: REPLACE
key_name: cvikokey
networks:
- port: { get_resource: ApachePort }
user_data_format: RAW
user_data: |
#!/bin/bash
apt-get update -y
apt install apache2 -y
ApachePort:
type: OS::Neutron::Port
properties:
name: ApachePort
network: { get_resource: Net }
fixed_ips:
- ip_address: 10.0.0.19
security_groups:
- { get_resource: ApacheSecurity }
Proxy:
type: OS::Nova::Server
properties:
name: proxy
availability_zone: compute1
flavor: linux
image: ubuntu_server_18.04_amd64_Openstack
user_data_update_policy: REPLACE
key_name: cvikokey
networks:
- port: { get_resource: ProxyPort }
user_data_format: RAW
user_data: |
#!/bin/bash
apt-get update -y
apt install squid -y
systemctl start squid
systemctl enable squid
ProxyPort:
type: OS::Neutron::Port
properties:
name: ProxyPort
network: { get_resource: Net }
fixed_ips:
- ip_address: 10.0.0.3
security_groups:
- { get_resource: ProxySecurity }
JumpFloatingIP:
type: OS::Neutron::FloatingIP
properties:
floating_network: ext-net
JumpFloatingIPAssociation:
type: OS::Neutron::FloatingIPAssociation
properties:
floatingip_id: { get_resource: JumpFloatingIP }
port_id: { get_resource: JumpPort }
SecurityGroup:
type: OS::Neutron::SecurityGroup
properties:
name: jumpSecurity
rules:
- protocol: tcp
ethertype: IPv4
remote_ip_prefix: 158.193.0.0/16
direction: ingress
port_range_min: 22
port_range_max: 22
- protocol: icmp
direction: ingress
remote_ip_prefix: 158.193.0.0/16
- direction: egress
ethertype: IPv4
protocol: tcp
port_range_min: 1
port_range_max: 65535
remote_ip_prefix: 0.0.0.0/0
- direction: egress
ethertype: IPv4
protocol: udp
port_range_min: 1
port_range_max: 65535
remote_ip_prefix: 0.0.0.0/0
- direction: egress
ethertype: IPv4
protocol: icmp
remote_ip_prefix: 0.0.0.0/0
- protocol: tcp
direction: ingress
port_range_min: 80
port_range_max: 80
remote_ip_prefix: 0.0.0.0/0
- protocol: tcp
direction: egress
port_range_min: 80
port_range_max: 80
remote_ip_prefix: 0.0.0.0/0
ProxySecurity:
type: OS::Neutron::SecurityGroup
properties:
name: ProxySecurity
rules:
- protocol: tcp
ethertype: IPv4
remote_ip_prefix: 0.0.0.0/0
direction: ingress
port_range_min: 22
port_range_max: 22
- protocol: icmp
ethertype: IPv4
direction: ingress
remote_ip_prefix: 0.0.0.0/0
- direction: egress
ethertype: IPv4
protocol: icmp
remote_ip_prefix: 0.0.0.0/0
- direction: ingress
protocol: tcp
port_range_min: 3128
port_range_max: 3128
remote_ip_prefix: 0.0.0.0/0
ApacheSecurity:
type: OS::Neutron::SecurityGroup
properties:
name: ApacheSecurity
rules:
- protocol: tcp
ethertype: IPv4
remote_ip_prefix: 0.0.0.0/0
direction: ingress
port_range_min: 22
port_range_max: 22
- protocol: icmp
ethertype: IPv4
direction: ingress
remote_ip_prefix: 0.0.0.0/0
- direction: egress
ethertype: IPv4
protocol: icmp
remote_ip_prefix: 0.0.0.0/0
- protocol: tcp
direction: ingress
port_range_min: 80
port_range_max: 80
remote_ip_prefix: 0.0.0.0/0
- protocol: tcp
direction: egress
port_range_min: 80
port_range_max: 80
remote_ip_prefix: 0.0.0.0/0
- protocol: tcp
direction: egress
port_range_min: 53
port_range_max: 53
remote_ip_prefix: 0.0.0.0/0
- protocol: udp
direction: egress
port_range_min: 53
port_range_max: 53
remote_ip_prefix: 0.0.0.0/0