1 diff --git a/bono.yaml b/bono.yaml
2 index f0189cd..42bfecb 100644
5 @@ -23,26 +23,6 @@ parameters:
7 - custom_constraint: neutron.network
8 description: Must be a valid network ID
11 - description: ID of public signaling network
13 - - custom_constraint: neutron.network
14 - description: Must be a valid network ID
17 - description: ID of private signaling network
19 - - custom_constraint: neutron.network
20 - description: Must be a valid network ID
21 - private_sig_net_cidr:
23 - description: Private signaling network address (CIDR notation)
24 - default: 192.168.1.0/24
25 - private_sig_net_gateway:
27 - description: Private signaling network gateway address
28 - default: 192.168.1.254
31 description: Flavor to use
32 @@ -64,9 +44,6 @@ parameters:
33 base_mgmt_security_group:
35 description: ID of base security group for all Clearwater nodes (managment)
36 - bono_sig_security_group:
38 - description: ID of security group for Bono nodes (signaling)
41 description: URL for Clearwater repository
42 @@ -78,9 +55,6 @@ parameters:
45 description: IP address for DNS server on management network
48 - description: IP address for DNS server on signaling network
51 description: DNSSEC private key (Base64-encoded)
52 @@ -111,19 +85,15 @@ resources:
53 floating_network_id: { get_param: public_mgmt_net_id }
54 port_id: { get_resource: mgmt_port }
57 - type: OS::Neutron::Port
59 + type: OS::Heat::WaitCondition
61 - # Specify the network ID by string to work around OpenStack issues - see https://github.com/Metaswitch/clearwater-heat/issues/18.
62 - network_id: { str_replace: { params: { x: { get_param: private_sig_net_id } }, template: x } }
64 - - { get_param: bono_sig_security_group }
65 + handle: {get_resource: wait_handle}
70 - type: OS::Neutron::FloatingIP
72 - floating_network_id: { get_param: public_sig_net_id }
73 - port_id: { get_resource: sig_port }
75 + type: OS::Heat::WaitConditionHandle
78 type: OS::Nova::Server
79 @@ -134,7 +104,6 @@ resources:
80 key_name: { get_param: key_name }
82 - port: { get_resource: mgmt_port }
83 - - port: { get_resource: sig_port }
87 @@ -143,15 +112,11 @@ resources:
88 __zone__: { get_param: zone }
89 __public_mgmt_ip__: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
90 __private_mgmt_ip__: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
91 - __public_sig_ip__: { get_attr: [ sig_floating_ip, floating_ip_address ] }
92 - __private_sig_ip__: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
93 - __private_sig_cidr__: { get_param: private_sig_net_cidr }
94 - __private_sig_gateway__: { get_param: private_sig_net_gateway }
95 __dns_mgmt_ip__: { get_param: dns_mgmt_ip }
96 - __dns_sig_ip__: { get_param: dns_sig_ip }
97 __dnssec_key__: { get_param: dnssec_key }
98 __etcd_ip__ : { get_param: etcd_ip }
99 __index__ : { get_param: index }
100 + wc_notify: { get_attr: [wait_handle, curl_cli] }
104 @@ -159,33 +124,6 @@ resources:
105 exec > >(tee -a /var/log/clearwater-heat-bono.log) 2>&1
108 - # Set up the signaling network namespace on each boot by creating an init file and
109 - # linking to it from runlevel 2 and 3
110 - cat >/etc/init.d/signaling_namespace <<EOF
112 - # Create the signaling namespace and configure its interfaces.
115 - # Exit if the namespace is already set up.
116 - ip netns list | grep -q signaling && exit 0
118 - # eth1 is the signaling interface (and eth0 is the management interface).
119 - # We need to set eth1 up manually - only eth0 is automatically configured via DHCP.
120 - ip netns add signaling
121 - ip link set eth1 netns signaling
122 - ip netns exec signaling ip link set dev lo up
123 - ip netns exec signaling ip addr add __private_sig_ip__/$(echo __private_sig_cidr__ | cut -d / -f 2) dev eth1
124 - ip netns exec signaling ip link set dev eth1 up
125 - ip netns exec signaling ip route add default via __private_sig_gateway__
128 - chmod a+x /etc/init.d/signaling_namespace
129 - ln -s /etc/init.d/signaling_namespace /etc/rc2.d/S01signaling_namespace
130 - ln -s /etc/init.d/signaling_namespace /etc/rc3.d/S01signaling_namespace
132 - # Also set up the signaling namespace now.
133 - /etc/init.d/signaling_namespace
135 # Configure the APT software source.
136 echo 'deb __repo_url__ binary/' > /etc/apt/sources.list.d/clearwater.list
137 curl -L http://repo.cw-ngv.com/repo_key | apt-key add -
138 @@ -196,11 +134,8 @@ resources:
140 [ -n "$etcd_ip" ] || etcd_ip=__private_mgmt_ip__
141 cat > /etc/clearwater/local_config << EOF
142 - signaling_namespace=signaling
143 - signaling_dns_server=__dns_sig_ip__
144 - management_local_ip=__private_mgmt_ip__
145 - local_ip=__private_sig_ip__
146 - public_ip=__public_sig_ip__
147 + local_ip=__private_mgmt_ip__
148 + public_ip=__public_mgmt_ip__
149 public_hostname=__index__.bono.__zone__
150 etcd_cluster=$etcd_ip
152 @@ -223,8 +158,8 @@ resources:
153 while ! { nsupdate -y "__zone__:__dnssec_key__" -v << EOF
154 server __dns_mgmt_ip__
155 update add bono-__index__.__zone__. 30 $(ip2rr __public_mgmt_ip__)
156 - update add __index__.bono.__zone__. 30 $(ip2rr __public_sig_ip__)
157 - update add __zone__. 30 $(ip2rr __public_sig_ip__)
158 + update add __index__.bono.__zone__. 30 $(ip2rr __public_mgmt_ip__)
159 + update add __zone__. 30 $(ip2rr __public_mgmt_ip__)
160 update add __zone__. 30 NAPTR 0 0 "s" "SIP+D2T" "" _sip._tcp.__zone__.
161 update add __zone__. 30 NAPTR 0 0 "s" "SIP+D2U" "" _sip._udp.__zone__.
162 update add _sip._tcp.__zone__. 30 SRV 0 0 5060 __index__.bono.__zone__.
163 @@ -238,13 +173,20 @@ resources:
167 + wc_notify --data-binary '{"status": "SUCCESS"}'
169 # Use the DNS server.
170 echo 'nameserver __dns_mgmt_ip__' > /etc/dnsmasq.resolv.conf
171 echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
172 - mkdir -p /etc/netns/signaling
173 - echo 'nameserver __dns_sig_ip__' > /etc/netns/signaling/resolv.conf
174 service dnsmasq force-reload
178 + clearwater-etcdctl cluster-health
179 + clearwater-etcdctl member list
180 + cw-check_cluster_state
181 + cw-check_config_sync
185 description: IP address in public management network
186 @@ -252,9 +194,3 @@ outputs:
188 description: IP address in private management network
189 value: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
191 - description: IP address in public signaling network
192 - value: { get_attr: [ sig_floating_ip, floating_ip_address ] }
194 - description: IP address in private signaling network
195 - value: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
196 diff --git a/clearwater.yaml b/clearwater.yaml
197 index a155c60..1bfe257 100644
198 --- a/clearwater.yaml
199 +++ b/clearwater.yaml
200 @@ -37,41 +37,6 @@ parameters:
202 description: IP address of external DNS server on management network
206 - description: ID of public signaling network
208 - - custom_constraint: neutron.network
209 - description: Must be a valid network ID
210 - private_sig_net_ip_version:
212 - description: IP version (4 or 6) on the private signaling network
217 - description: Must be 4 (IPv4) or 6 (IPv6)
219 - private_sig_net_cidr:
221 - description: Private signaling network address (CIDR notation)
222 - default: 192.168.1.0/24
223 - private_sig_net_gateway:
225 - description: Private signaling network gateway address
226 - default: 192.168.1.254
227 - private_sig_net_pool_start:
229 - description: Start of private signaling network IP address pool
230 - default: 192.168.1.1
231 - private_sig_net_pool_end:
233 - description: End of private signaling network IP address pool
234 - default: 192.168.1.253
235 - external_sig_dns_ip:
237 - description: IP address of external DNS server on signaling network
241 description: Flavor to use
242 @@ -151,18 +116,6 @@ resources:
243 private_net_pool_end: { get_param: private_mgmt_net_pool_end }
244 dns_ip: { get_param: external_mgmt_dns_ip }
247 - type: ./network.yaml
249 - public_net_id: { get_param: public_sig_net_id }
250 - private_net_name: { str_replace: { params: { __stack__: { get_param: "OS::stack_name" } }, template: __stack__-private-signaling } }
251 - private_net_ip_version: { get_param: private_sig_net_ip_version }
252 - private_net_cidr: { get_param: private_sig_net_cidr }
253 - private_net_gateway: { get_param: private_sig_net_gateway }
254 - private_net_pool_start: { get_param: private_sig_net_pool_start }
255 - private_net_pool_end: { get_param: private_sig_net_pool_end }
256 - dns_ip: { get_param: external_sig_dns_ip }
259 type: ./security-groups.yaml
261 @@ -173,18 +126,16 @@ resources:
263 public_mgmt_net_id: { get_param: public_mgmt_net_id }
264 private_mgmt_net_id: { get_attr: [ mgmt_network, private_net ] }
265 - public_sig_net_id: { get_param: public_sig_net_id }
266 - private_sig_net_id: { get_attr: [ sig_network, private_net ] }
267 - private_sig_net_cidr: { get_attr: [ sig_network, private_net_cidr ] }
268 flavor: { get_param: flavor }
269 image: { get_param: image }
270 key_name: { get_param: key_name }
271 - dns_security_group: { get_attr: [ security_groups, dns ] }
272 + base_mgmt_security_group: { get_attr: [ security_groups, base_mgmt ] }
273 zone: { get_param: zone }
274 dnssec_key: { get_param: dnssec_key }
280 public_mgmt_net_id: { get_param: public_mgmt_net_id }
281 private_mgmt_net_id: { get_attr: [ mgmt_network, private_net ] }
282 @@ -192,7 +143,6 @@ resources:
283 image: { get_param: image }
284 key_name: { get_param: key_name }
285 base_mgmt_security_group: { get_attr: [ security_groups, base_mgmt ] }
286 - ellis_mgmt_security_group: { get_attr: [ security_groups, ellis_mgmt ] }
287 repo_url: { get_param: repo_url }
288 zone: { get_param: zone }
289 dn_range_start: { get_param: dn_range_start }
290 @@ -202,6 +152,7 @@ resources:
293 type: OS::Heat::ResourceGroup
296 count: { get_param: bono_cluster_size }
297 index_var: "__index__"
298 @@ -210,25 +161,20 @@ resources:
300 public_mgmt_net_id: { get_param: public_mgmt_net_id }
301 private_mgmt_net_id: { get_attr: [ mgmt_network, private_net ] }
302 - public_sig_net_id: { get_param: public_sig_net_id }
303 - private_sig_net_id: { get_attr: [ sig_network, private_net ] }
304 - private_sig_net_cidr: { get_attr: [ sig_network, private_net_cidr ] }
305 - private_sig_net_gateway: { get_attr: [ sig_network, private_net_gateway ] }
306 flavor: { get_param: flavor }
307 image: { get_param: image }
308 key_name: { get_param: key_name }
309 base_mgmt_security_group: { get_attr: [ security_groups, base_mgmt ] }
310 - bono_sig_security_group: { get_attr: [ security_groups, bono_sig ] }
311 repo_url: { get_param: repo_url }
312 zone: { get_param: zone }
313 dns_mgmt_ip: { get_attr: [ dns, private_mgmt_ip ] }
314 - dns_sig_ip: { get_attr: [ dns, private_sig_ip ] }
315 dnssec_key: { get_param: dnssec_key }
316 etcd_ip: { get_attr: [ ellis, private_mgmt_ip ] }
320 type: OS::Heat::ResourceGroup
323 count: { get_param: sprout_cluster_size }
325 @@ -237,26 +183,20 @@ resources:
327 public_mgmt_net_id: { get_param: public_mgmt_net_id }
328 private_mgmt_net_id: { get_attr: [ mgmt_network, private_net ] }
329 - public_sig_net_id: { get_param: public_sig_net_id }
330 - private_sig_net_id: { get_attr: [ sig_network, private_net ] }
331 - private_sig_net_cidr: { get_attr: [ sig_network, private_net_cidr ] }
332 - private_sig_net_gateway: { get_attr: [ sig_network, private_net_gateway ] }
333 flavor: { get_param: flavor }
334 image: { get_param: image }
335 key_name: { get_param: key_name }
336 base_mgmt_security_group: { get_attr: [ security_groups, base_mgmt ] }
337 - sprout_sig_outbound_security_group: { get_attr: [ security_groups, sprout_sig_outbound ] }
338 - sprout_sig_inbound_security_group: { get_attr: [ security_groups, sprout_sig_inbound ] }
339 repo_url: { get_param: repo_url }
340 zone: { get_param: zone }
341 dns_mgmt_ip: { get_attr: [ dns, private_mgmt_ip ] }
342 - dns_sig_ip: { get_attr: [ dns, private_sig_ip ] }
343 dnssec_key: { get_param: dnssec_key }
344 etcd_ip: { get_attr: [ ellis, private_mgmt_ip ] }
348 type: OS::Heat::ResourceGroup
351 count: { get_param: homer_cluster_size }
353 @@ -265,26 +205,20 @@ resources:
355 public_mgmt_net_id: { get_param: public_mgmt_net_id }
356 private_mgmt_net_id: { get_attr: [ mgmt_network, private_net ] }
357 - public_sig_net_id: { get_param: public_sig_net_id }
358 - private_sig_net_id: { get_attr: [ sig_network, private_net ] }
359 - private_sig_net_cidr: { get_attr: [ sig_network, private_net_cidr ] }
360 - private_sig_net_gateway: { get_attr: [ sig_network, private_net_gateway ] }
361 flavor: { get_param: flavor }
362 image: { get_param: image }
363 key_name: { get_param: key_name }
364 base_mgmt_security_group: { get_attr: [ security_groups, base_mgmt ] }
365 - homer_mgmt_security_group: { get_attr: [ security_groups, homer_mgmt ] }
366 - homer_sig_security_group: { get_attr: [ security_groups, homer_sig ] }
367 repo_url: { get_param: repo_url }
368 zone: { get_param: zone }
369 dns_mgmt_ip: { get_attr: [ dns, private_mgmt_ip ] }
370 - dns_sig_ip: { get_attr: [ dns, private_sig_ip ] }
371 dnssec_key: { get_param: dnssec_key }
372 etcd_ip: { get_attr: [ ellis, private_mgmt_ip ] }
376 type: OS::Heat::ResourceGroup
379 count: { get_param: dime_cluster_size }
381 @@ -293,26 +227,20 @@ resources:
383 public_mgmt_net_id: { get_param: public_mgmt_net_id }
384 private_mgmt_net_id: { get_attr: [ mgmt_network, private_net ] }
385 - public_sig_net_id: { get_param: public_sig_net_id }
386 - private_sig_net_id: { get_attr: [ sig_network, private_net ] }
387 - private_sig_net_cidr: { get_attr: [ sig_network, private_net_cidr ] }
388 - private_sig_net_gateway: { get_attr: [ sig_network, private_net_gateway ] }
389 flavor: { get_param: flavor }
390 image: { get_param: image }
391 key_name: { get_param: key_name }
392 base_mgmt_security_group: { get_attr: [ security_groups, base_mgmt ] }
393 - dime_mgmt_security_group: { get_attr: [ security_groups, dime_mgmt ] }
394 - dime_sig_security_group: { get_attr: [ security_groups, dime_sig ] }
395 repo_url: { get_param: repo_url }
396 zone: { get_param: zone }
397 dns_mgmt_ip: { get_attr: [ dns, private_mgmt_ip ] }
398 - dns_sig_ip: { get_attr: [ dns, private_sig_ip ] }
399 dnssec_key: { get_param: dnssec_key }
400 etcd_ip: { get_attr: [ ellis, private_mgmt_ip ] }
404 type: OS::Heat::ResourceGroup
407 count: { get_param: vellum_cluster_size }
409 @@ -321,20 +249,13 @@ resources:
411 public_mgmt_net_id: { get_param: public_mgmt_net_id }
412 private_mgmt_net_id: { get_attr: [ mgmt_network, private_net ] }
413 - public_sig_net_id: { get_param: public_sig_net_id }
414 - private_sig_net_id: { get_attr: [ sig_network, private_net ] }
415 - private_sig_net_cidr: { get_attr: [ sig_network, private_net_cidr ] }
416 - private_sig_net_gateway: { get_attr: [ sig_network, private_net_gateway ] }
417 flavor: { get_param: flavor }
418 image: { get_param: image }
419 key_name: { get_param: key_name }
420 base_mgmt_security_group: { get_attr: [ security_groups, base_mgmt ] }
421 - vellum_sig_outbound_security_group: { get_attr: [ security_groups, vellum_sig_outbound ] }
422 - vellum_sig_inbound_security_group: { get_attr: [ security_groups, vellum_sig_inbound ] }
423 repo_url: { get_param: repo_url }
424 zone: { get_param: zone }
425 dns_mgmt_ip: { get_attr: [ dns, private_mgmt_ip ] }
426 - dns_sig_ip: { get_attr: [ dns, private_sig_ip ] }
427 dnssec_key: { get_param: dnssec_key }
428 etcd_ip: { get_attr: [ ellis, private_mgmt_ip ] }
430 diff --git a/dime.yaml b/dime.yaml
431 index 642f19d..b6f115a 100644
434 @@ -23,26 +23,6 @@ parameters:
436 - custom_constraint: neutron.network
437 description: Must be a valid network ID
440 - description: ID of public signaling network
442 - - custom_constraint: neutron.network
443 - description: Must be a valid network ID
444 - private_sig_net_id:
446 - description: ID of private signaling network
448 - - custom_constraint: neutron.network
449 - description: Must be a valid network ID
450 - private_sig_net_cidr:
452 - description: Private signaling network address (CIDR notation)
453 - default: 192.168.1.0/24
454 - private_sig_net_gateway:
456 - description: Private signaling network gateway address
457 - default: 192.168.1.254
460 description: Flavor to use
461 @@ -64,12 +44,6 @@ parameters:
462 base_mgmt_security_group:
464 description: ID of base security group for all Clearwater nodes (management)
465 - dime_sig_security_group:
467 - description: ID of security group for Dime nodes (signaling)
468 - dime_mgmt_security_group:
470 - description: ID of security group for Dime nodes (management)
473 description: URL for Clearwater repository
474 @@ -81,9 +55,6 @@ parameters:
477 description: IP address for DNS server on management network
480 - description: IP address for DNS server on signaling network
483 description: DNSSEC private key (Base64-encoded)
484 @@ -107,7 +78,6 @@ resources:
485 network_id: { str_replace: { params: { x: { get_param: private_mgmt_net_id } }, template: x } }
487 - { get_param: base_mgmt_security_group }
488 - - { get_param: dime_mgmt_security_group }
491 type: OS::Neutron::FloatingIP
492 @@ -115,13 +85,15 @@ resources:
493 floating_network_id: { get_param: public_mgmt_net_id }
494 port_id: { get_resource: mgmt_port }
497 - type: OS::Neutron::Port
499 + type: OS::Heat::WaitCondition
501 - # Specify the network ID by string to work around OpenStack issues - see https://github.com/Metaswitch/clearwater-heat/issues/18.
502 - network_id: { str_replace: { params: { x: { get_param: private_sig_net_id } }, template: x } }
504 - - { get_param: dime_sig_security_group }
505 + handle: {get_resource: wait_handle}
510 + type: OS::Heat::WaitConditionHandle
513 type: OS::Nova::Server
514 @@ -132,7 +104,6 @@ resources:
515 key_name: { get_param: key_name }
517 - port: { get_resource: mgmt_port }
518 - - port: { get_resource: sig_port }
519 user_data_format: RAW
522 @@ -141,14 +112,11 @@ resources:
523 __zone__: { get_param: zone }
524 __public_mgmt_ip__: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
525 __private_mgmt_ip__: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
526 - __private_sig_ip__: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
527 - __private_sig_cidr__: { get_param: private_sig_net_cidr }
528 - __private_sig_gateway__: { get_param: private_sig_net_gateway }
529 __dns_mgmt_ip__: { get_param: dns_mgmt_ip }
530 - __dns_sig_ip__: { get_param: dns_sig_ip }
531 __dnssec_key__: { get_param: dnssec_key }
532 __etcd_ip__ : { get_param: etcd_ip }
533 __index__ : { get_param: index }
534 + wc_notify: { get_attr: [wait_handle, curl_cli] }
538 @@ -156,33 +124,6 @@ resources:
539 exec > >(tee -a /var/log/clearwater-heat-dime.log) 2>&1
542 - # Set up the signaling network namespace on each boot by creating an init file and
543 - # linking to it from runlevel 2 and 3
544 - cat >/etc/init.d/signaling_namespace <<EOF
546 - # Create the signaling namespace and configure its interfaces.
549 - # Exit if the namespace is already set up.
550 - ip netns list | grep -q signaling && exit 0
552 - # eth1 is the signaling interface (and eth0 is the management interface).
553 - # We need to set eth1 up manually - only eth0 is automatically configured via DHCP.
554 - ip netns add signaling
555 - ip link set eth1 netns signaling
556 - ip netns exec signaling ip link set dev lo up
557 - ip netns exec signaling ip addr add __private_sig_ip__/$(echo __private_sig_cidr__ | cut -d / -f 2) dev eth1
558 - ip netns exec signaling ip link set dev eth1 up
559 - ip netns exec signaling ip route add default via __private_sig_gateway__
562 - chmod a+x /etc/init.d/signaling_namespace
563 - ln -s /etc/init.d/signaling_namespace /etc/rc2.d/S01signaling_namespace
564 - ln -s /etc/init.d/signaling_namespace /etc/rc3.d/S01signaling_namespace
566 - # Also set up the signaling namespace now.
567 - /etc/init.d/signaling_namespace
569 # Configure the APT software source.
570 echo 'deb __repo_url__ binary/' > /etc/apt/sources.list.d/clearwater.list
571 curl -L http://repo.cw-ngv.com/repo_key | apt-key add -
572 @@ -193,11 +134,8 @@ resources:
574 [ -n "$etcd_ip" ] || etcd_ip=__private_mgmt_ip__
575 cat > /etc/clearwater/local_config << EOF
576 - signaling_namespace=signaling
577 - signaling_dns_server=__dns_sig_ip__
578 - management_local_ip=__private_mgmt_ip__
579 - local_ip=__private_sig_ip__
580 - public_ip=__private_sig_ip__
581 + local_ip=__private_mgmt_ip__
582 + public_ip=__private_mgmt_ip__
583 public_hostname=dime-__index__.__zone__
584 etcd_cluster=$etcd_ip
586 @@ -220,9 +158,9 @@ resources:
587 while ! { nsupdate -y "__zone__:__dnssec_key__" -v << EOF
588 server __dns_mgmt_ip__
589 update add dime-__index__.__zone__. 30 $(ip2rr __public_mgmt_ip__)
590 - update add ralf.__zone__. 30 $(ip2rr __private_sig_ip__)
591 - update add hs.__zone__. 30 $(ip2rr __private_sig_ip__)
592 - update add hs-prov.__zone__. 30 $(ip2rr __private_mgmt_ip__)
593 + update add ralf.__zone__. 30 $(ip2rr __public_mgmt_ip__)
594 + update add hs.__zone__. 30 $(ip2rr __public_mgmt_ip__)
595 + update add hs-prov.__zone__. 30 $(ip2rr __public_mgmt_ip__)
598 } && [ $retries -lt 10 ]
599 @@ -232,20 +170,23 @@ resources:
603 + wc_notify --data-binary '{"status": "SUCCESS"}'
605 # Use the DNS server.
606 echo 'nameserver __dns_mgmt_ip__' > /etc/dnsmasq.resolv.conf
607 echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
608 - mkdir -p /etc/netns/signaling
609 - echo 'nameserver __dns_sig_ip__' > /etc/netns/signaling/resolv.conf
610 service dnsmasq force-reload
614 + clearwater-etcdctl cluster-health
615 + clearwater-etcdctl member list
616 + cw-check_config_sync
620 description: IP address in public (management) network
621 value: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
623 - description: IP address in private signaling network
624 + description: IP address in private management network
625 value: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
627 - description: IP address in private signaling network
628 - value: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
629 diff --git a/dns.yaml b/dns.yaml
630 index 825ede1..11a833b 100644
633 @@ -23,22 +23,6 @@ parameters:
635 - custom_constraint: neutron.network
636 description: Must be a valid network ID
639 - description: ID of public signaling network
641 - - custom_constraint: neutron.network
642 - description: Must be a valid network ID
643 - private_sig_net_id:
645 - description: ID of private signaling network
647 - - custom_constraint: neutron.network
648 - description: Must be a valid network ID
649 - private_sig_net_cidr:
651 - description: Private signaling network address (CIDR notation)
652 - default: 192.168.1.0/24
655 description: Flavor to use
656 @@ -57,7 +41,7 @@ parameters:
658 - custom_constraint: nova.keypair
659 description: Must be a valid keypair name
660 - dns_security_group:
661 + base_mgmt_security_group:
663 description: ID of security group for DNS nodes
665 @@ -75,7 +59,7 @@ resources:
666 # Specify the network ID by string to work around OpenStack issues - see https://github.com/Metaswitch/clearwater-heat/issues/18.
667 network_id: { str_replace: { params: { x: { get_param: private_mgmt_net_id } }, template: x } }
669 - - { get_param: dns_security_group }
670 + - { get_param: base_mgmt_security_group }
673 type: OS::Neutron::FloatingIP
674 @@ -83,13 +67,15 @@ resources:
675 floating_network_id: { get_param: public_mgmt_net_id }
676 port_id: { get_resource: mgmt_port }
679 - type: OS::Neutron::Port
681 + type: OS::Heat::WaitCondition
683 - # Specify the network ID by string to work around OpenStack issues - see https://github.com/Metaswitch/clearwater-heat/issues/18.
684 - network_id: { str_replace: { params: { x: { get_param: private_sig_net_id } }, template: x } }
686 - - { get_param: dns_security_group }
687 + handle: {get_resource: wait_handle}
692 + type: OS::Heat::WaitConditionHandle
695 type: OS::Nova::Server
696 @@ -100,7 +86,6 @@ resources:
697 key_name: { get_param: key_name }
699 - port: { get_resource: mgmt_port }
700 - - port: { get_resource: sig_port }
701 user_data_format: RAW
704 @@ -108,8 +93,7 @@ resources:
705 __zone__: { get_param: zone }
706 __dnssec_key__: { get_param: dnssec_key }
707 __public_ip__: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
708 - __private_sig_ip__: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
709 - __private_sig_cidr__: { get_param: private_sig_net_cidr }
710 + wc_notify: { get_attr: [wait_handle, curl_cli] }
714 @@ -117,10 +101,6 @@ resources:
715 exec > >(tee -a /var/log/clearwater-heat-dns.log) 2>&1
718 - # Set up the signaling network interface
719 - ip addr add __private_sig_ip__/$(echo __private_sig_cidr__ | cut -d / -f 2) dev eth1
720 - ip link set dev eth1 up
724 DEBIAN_FRONTEND=noninteractive apt-get install bind9 --yes
725 @@ -163,6 +143,8 @@ resources:
726 # Now that BIND configuration is correct, kick it to reload.
729 + wc_notify --data-binary '{"status": "SUCCESS"}'
733 description: IP address in public management network
734 @@ -170,9 +152,6 @@ outputs:
736 description: IP address in private signaling network
737 value: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
739 - description: IP address in private signaling network
740 - value: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
742 description: DNS zone
743 value: { get_param: zone }
744 diff --git a/ellis.yaml b/ellis.yaml
745 index 963352d..a7ce50b 100644
748 @@ -44,9 +44,6 @@ parameters:
749 base_mgmt_security_group:
751 description: ID of base security group for all Clearwater nodes (management)
752 - ellis_mgmt_security_group:
754 - description: ID of security group for Ellis nodes (management)
757 description: URL for Clearwater repository
758 @@ -95,7 +92,6 @@ resources:
759 network_id: { str_replace: { params: { x: { get_param: private_mgmt_net_id } }, template: x } }
761 - { get_param: base_mgmt_security_group }
762 - - { get_param: ellis_mgmt_security_group }
765 type: OS::Neutron::FloatingIP
766 @@ -103,6 +99,16 @@ resources:
767 floating_network_id: { get_param: public_mgmt_net_id }
768 port_id: { get_resource: mgmt_port }
771 + type: OS::Heat::WaitCondition
773 + handle: {get_resource: wait_handle}
778 + type: OS::Heat::WaitConditionHandle
781 type: OS::Nova::Server
783 @@ -126,6 +132,7 @@ resources:
784 __dnssec_key__: { get_param: dnssec_key }
785 __etcd_ip__ : { get_param: etcd_ip }
786 __index__ : { get_param: index }
787 + wc_notify: { get_attr: [wait_handle, curl_cli] }
791 @@ -176,7 +183,7 @@ resources:
792 chronos_hostname=vellum.__zone__
793 ralf_session_store=vellum.__zone__
796 + upstream_hostname=sprout.__zone__
798 # Email server configuration
799 smtp_smarthost=localhost
800 @@ -189,6 +196,8 @@ resources:
801 turn_workaround=secret
803 ellis_cookie_key=secret
805 + reduce_cassandra_mem_usage=Y
807 /usr/share/clearwater/clearwater-config-manager/scripts/cw-config upload shared_config --autoconfirm --dir /tmp
809 @@ -223,11 +232,19 @@ resources:
813 + wc_notify --data-binary '{"status": "SUCCESS"}'
815 # Use the DNS server.
816 echo 'nameserver __dns_mgmt_ip__' > /etc/dnsmasq.resolv.conf
817 echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
818 service dnsmasq force-reload
822 + clearwater-etcdctl cluster-health
823 + clearwater-etcdctl member list
824 + cw-check_config_sync
828 description: IP address in public management network
829 diff --git a/homer.yaml b/homer.yaml
830 index 4337984..f6bedde 100644
833 @@ -23,26 +23,6 @@ parameters:
835 - custom_constraint: neutron.network
836 description: Must be a valid network ID
839 - description: ID of public signaling network
841 - - custom_constraint: neutron.network
842 - description: Must be a valid network ID
843 - private_sig_net_id:
845 - description: ID of private signaling network
847 - - custom_constraint: neutron.network
848 - description: Must be a valid network ID
849 - private_sig_net_cidr:
851 - description: Private signaling network address (CIDR notation)
852 - default: 192.168.1.0/24
853 - private_sig_net_gateway:
855 - description: Private signaling network gateway address
856 - default: 192.168.1.254
859 description: Flavor to use
860 @@ -64,12 +44,6 @@ parameters:
861 base_mgmt_security_group:
863 description: ID of base security group for all Clearwater nodes (management)
864 - homer_mgmt_security_group:
866 - description: ID of security group for Homer nodes (maangement)
867 - homer_sig_security_group:
869 - description: ID of security group for Homer nodes (signaling)
872 description: URL for Clearwater repository
873 @@ -81,9 +55,6 @@ parameters:
876 description: IP address for DNS server on management network
879 - description: IP address for DNS server on signaling network
882 description: DNSSEC private key (Base64-encoded)
883 @@ -107,7 +78,6 @@ resources:
884 network_id: { str_replace: { params: { x: { get_param: private_mgmt_net_id } }, template: x } }
886 - { get_param: base_mgmt_security_group }
887 - - { get_param: homer_mgmt_security_group }
890 type: OS::Neutron::FloatingIP
891 @@ -115,19 +85,15 @@ resources:
892 floating_network_id: { get_param: public_mgmt_net_id }
893 port_id: { get_resource: mgmt_port }
896 - type: OS::Neutron::Port
898 + type: OS::Heat::WaitCondition
900 - # Specify the network ID by string to work around OpenStack issues - see https://github.com/Metaswitch/clearwater-heat/issues/18.
901 - network_id: { str_replace: { params: { x: { get_param: private_sig_net_id } }, template: x } }
903 - - { get_param: homer_sig_security_group }
904 + handle: {get_resource: wait_handle}
909 - type: OS::Neutron::FloatingIP
911 - floating_network_id: { get_param: public_sig_net_id }
912 - port_id: { get_resource: sig_port }
914 + type: OS::Heat::WaitConditionHandle
917 type: OS::Nova::Server
918 @@ -138,7 +104,6 @@ resources:
919 key_name: { get_param: key_name }
921 - port: { get_resource: mgmt_port }
922 - - port: { get_resource: sig_port }
923 user_data_format: RAW
926 @@ -147,15 +112,11 @@ resources:
927 __zone__: { get_param: zone }
928 __public_mgmt_ip__: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
929 __private_mgmt_ip__: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
930 - __public_sig_ip__: { get_attr: [ sig_floating_ip, floating_ip_address ] }
931 - __private_sig_ip__: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
932 - __private_sig_cidr__: { get_param: private_sig_net_cidr }
933 - __private_sig_gateway__: { get_param: private_sig_net_gateway }
934 __dns_mgmt_ip__: { get_param: dns_mgmt_ip }
935 - __dns_sig_ip__: { get_param: dns_sig_ip }
936 __dnssec_key__: { get_param: dnssec_key }
937 __etcd_ip__ : { get_param: etcd_ip }
938 __index__ : { get_param: index }
939 + wc_notify: { get_attr: [wait_handle, curl_cli] }
943 @@ -163,33 +124,6 @@ resources:
944 exec > >(tee -a /var/log/clearwater-heat-homer.log) 2>&1
947 - # Set up the signaling network namespace on each boot by creating an init file and
948 - # linking to it from runlevel 2 and 3
949 - cat >/etc/init.d/signaling_namespace <<EOF
951 - # Create the signaling namespace and configure its interfaces.
954 - # Exit if the namespace is already set up.
955 - ip netns list | grep -q signaling && exit 0
957 - # eth1 is the signaling interface (and eth0 is the management interface).
958 - # We need to set eth1 up manually - only eth0 is automatically configured via DHCP.
959 - ip netns add signaling
960 - ip link set eth1 netns signaling
961 - ip netns exec signaling ip link set dev lo up
962 - ip netns exec signaling ip addr add __private_sig_ip__/$(echo __private_sig_cidr__ | cut -d / -f 2) dev eth1
963 - ip netns exec signaling ip link set dev eth1 up
964 - ip netns exec signaling ip route add default via __private_sig_gateway__
967 - chmod a+x /etc/init.d/signaling_namespace
968 - ln -s /etc/init.d/signaling_namespace /etc/rc2.d/S01signaling_namespace
969 - ln -s /etc/init.d/signaling_namespace /etc/rc3.d/S01signaling_namespace
971 - # Also set up the signaling namespace now.
972 - /etc/init.d/signaling_namespace
974 # Configure the APT software source.
975 echo 'deb __repo_url__ binary/' > /etc/apt/sources.list.d/clearwater.list
976 curl -L http://repo.cw-ngv.com/repo_key | apt-key add -
977 @@ -200,11 +134,8 @@ resources:
979 [ -n "$etcd_ip" ] || etcd_ip=__private_mgmt_ip__
980 cat > /etc/clearwater/local_config << EOF
981 - signaling_namespace=signaling
982 - signaling_dns_server=__dns_sig_ip__
983 - management_local_ip=__private_mgmt_ip__
984 - local_ip=__private_sig_ip__
985 - public_ip=__public_sig_ip__
986 + local_ip=__private_mgmt_ip__
987 + public_ip=__public_mgmt_ip__
988 public_hostname=homer-__index__.__zone__
989 etcd_cluster=$etcd_ip
991 @@ -227,7 +158,7 @@ resources:
992 while ! { nsupdate -y "__zone__:__dnssec_key__" -v << EOF
993 server __dns_mgmt_ip__
994 update add homer-__index__.__zone__. 30 $(ip2rr __public_mgmt_ip__)
995 - update add homer.__zone__. 30 $(ip2rr __public_sig_ip__)
996 + update add homer.__zone__. 30 $(ip2rr __public_mgmt_ip__)
999 } && [ $retries -lt 10 ]
1000 @@ -237,14 +168,20 @@ resources:
1004 - # Use the DNS server.
1005 + wc_notify --data-binary '{"status": "SUCCESS"}'
1007 # Use the DNS server.
1008 echo 'nameserver __dns_mgmt_ip__' > /etc/dnsmasq.resolv.conf
1009 echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
1010 - mkdir -p /etc/netns/signaling
1011 - echo 'nameserver __dns_sig_ip__' > /etc/netns/signaling/resolv.conf
1012 service dnsmasq force-reload
1016 + clearwater-etcdctl cluster-health
1017 + clearwater-etcdctl member list
1018 + cw-check_cluster_state
1019 + cw-check_config_sync
1023 description: IP address in public management network
1024 @@ -252,9 +189,3 @@ outputs:
1026 description: IP address in private management network
1027 value: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
1029 - description: IP address in public signaling network
1030 - value: { get_attr: [ sig_floating_ip, floating_ip_address ] }
1032 - description: IP address in private signaling network
1033 - value: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
1034 diff --git a/security-groups.yaml b/security-groups.yaml
1035 index 5921d32..c73fe2b 100644
1036 --- a/security-groups.yaml
1037 +++ b/security-groups.yaml
1038 @@ -32,340 +32,14 @@ resources:
1042 - port_range_min: 22
1043 - port_range_max: 22
1045 + port_range_max: 65535
1048 - port_range_min: 161
1049 - port_range_max: 161
1052 - port_range_min: 2380
1053 - port_range_max: 2380
1054 - remote_mode: remote_group_id
1055 - #remote_group_id: { get_resource: base_mgmt } # omit remote_group_id to reference yourself
1057 - port_range_min: 4000
1058 - port_range_max: 4000
1059 - remote_mode: remote_group_id
1060 - #remote_group_id: { get_resource: base_mgmt } # omit remote_group_id to reference yourself
1063 - type: OS::Neutron::SecurityGroup
1065 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-dns } }
1066 - description: Security group for DNS nodes
1068 - # All egress traffic
1069 - - direction: egress
1071 - - direction: egress
1077 - port_range_min: 22
1078 - port_range_max: 22
1081 - port_range_min: 53
1082 - port_range_max: 53
1084 - port_range_min: 53
1085 - port_range_max: 53
1088 - type: OS::Neutron::SecurityGroup
1090 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-ellis-mgmt } }
1091 - description: Security group for Ellis nodes (management)
1095 - port_range_min: 80
1096 - port_range_max: 80
1099 - port_range_min: 443
1100 - port_range_max: 443
1103 - type: OS::Neutron::SecurityGroup
1105 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-bono-sig } }
1106 - description: Security group for Bono nodes (signaling)
1110 - port_range_min: 3478
1111 - port_range_max: 3478
1113 - port_range_min: 3478
1114 - port_range_max: 3478
1117 - port_range_min: 5058
1118 - port_range_max: 5058
1119 - remote_mode: remote_group_id
1120 - #remote_group_id: { get_resource: bono_sig } # omit remote_group_id to reference yourself
1122 - port_range_min: 5058
1123 - port_range_max: 5058
1124 - remote_mode: remote_group_id
1125 - remote_group_id: { get_resource: sprout_sig_outbound }
1128 - port_range_min: 5060
1129 - port_range_max: 5060
1131 - port_range_min: 5060
1132 - port_range_max: 5060
1133 - # External SIP/WebSocket
1135 - port_range_min: 5062
1136 - port_range_max: 5062
1139 - port_range_min: 32768
1141 port_range_max: 65535
1144 - sprout_sig_outbound:
1145 - type: OS::Neutron::SecurityGroup
1147 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-sprout-sig-outbound } }
1148 - description: Security group for Sprout nodes outbound traffic (signaling)
1152 - port_range_min: 5052
1153 - port_range_max: 5052
1154 - remote_mode: remote_group_id
1155 - #remote_group_id: { get_resource: sprout_sig_outbound } # omit remote_group_id to reference yourself
1157 - port_range_min: 5054
1158 - port_range_max: 5054
1159 - remote_mode: remote_group_id
1160 - #remote_group_id: { get_resource: sprout_sig_outbound } # omit remote_group_id to reference yourself
1162 - sprout_sig_inbound:
1163 - type: OS::Neutron::SecurityGroup
1165 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-sprout-sig-inbound } }
1166 - description: Security group for Sprout nodes inbound traffic (signaling)
1170 - port_range_min: 5052
1171 - port_range_max: 5052
1172 - remote_mode: remote_group_id
1173 - remote_group_id: { get_resource: bono_sig }
1175 - port_range_min: 5054
1176 - port_range_max: 5054
1177 - remote_mode: remote_group_id
1178 - remote_group_id: { get_resource: bono_sig }
1179 - # Chronos timer pops
1181 - port_range_min: 9888
1182 - port_range_max: 9888
1183 - remote_mode: remote_group_id
1184 - remote_group_id: { get_resource: vellum_sig_outbound }
1185 - # Notifications from Homestead
1187 - port_range_min: 9888
1188 - port_range_max: 9888
1189 - remote_mode: remote_group_id
1190 - remote_group_id: { get_resource: dime_sig }
1193 - type: OS::Neutron::SecurityGroup
1195 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-homer-mgmt } }
1196 - description: Security group for Homer nodes (management)
1200 - port_range_min: 7888
1201 - port_range_max: 7888
1203 - port_range_min: 7888
1204 - port_range_max: 7888
1205 - remote_mode: remote_group_id
1206 - remote_group_id: { get_resource: sprout_sig_outbound }
1209 - type: OS::Neutron::SecurityGroup
1211 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-homer-sig } }
1212 - description: Security group for Homer nodes (signaling)
1216 - port_range_min: 7888
1217 - port_range_max: 7888
1219 - port_range_min: 7888
1220 - port_range_max: 7888
1221 - remote_mode: remote_group_id
1222 - remote_group_id: { get_resource: sprout_sig_outbound }
1224 - port_range_min: 9160
1225 - port_range_max: 9160
1226 - remote_mode: remote_group_id
1227 - #remote_group_id: { get_resource: homer_sig } # omit remote_group_id to reference yourself
1230 - type: OS::Neutron::SecurityGroup
1232 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-dime-mgmt } }
1233 - description: Security group for Dime nodes (management)
1235 - # REST-ful Provisioning API
1237 - port_range_min: 8889
1238 - port_range_max: 8889
1239 - remote_mode: remote_group_id
1240 - remote_group_id: { get_resource: ellis_mgmt }
1243 - type: OS::Neutron::SecurityGroup
1245 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-dime-sig } }
1246 - description: Security group for Dime nodes (signaling)
1248 - # Cx-like HTTP API
1250 - port_range_min: 8888
1251 - port_range_max: 8888
1252 - remote_mode: remote_group_id
1253 - remote_group_id: { get_resource: bono_sig }
1255 - port_range_min: 8888
1256 - port_range_max: 8888
1257 - remote_mode: remote_group_id
1258 - remote_group_id: { get_resource: sprout_sig_outbound }
1259 - # Rf-like/HTTP API
1261 - port_range_min: 10888
1262 - port_range_max: 10888
1263 - remote_mode: remote_group_id
1264 - remote_group_id: { get_resource: bono_sig }
1266 - port_range_min: 10888
1267 - port_range_max: 10888
1268 - remote_mode: remote_group_id
1269 - remote_group_id: { get_resource: sprout_sig_outbound }
1270 - # Chronos timer pops
1272 - port_range_min: 10888
1273 - port_range_max: 10888
1274 - remote_mode: remote_group_id
1275 - remote_group_id: { get_resource: vellum_sig_outbound }
1277 - vellum_sig_outbound:
1278 - type: OS::Neutron::SecurityGroup
1280 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-vellum-sig-outbound } }
1281 - description: Security group for Vellum nodes outbound traffic (signaling)
1285 - port_range_min: 7253
1286 - port_range_max: 7253
1287 - remote_mode: remote_group_id
1288 - #remote_group_id: { get_resource: vellum_sig_outbound } # omit remote_group_id to reference yourself
1291 - port_range_min: 7000
1292 - port_range_max: 7000
1293 - remote_mode: remote_group_id
1294 - #remote_group_id: { get_resource: vellum_sig_outbound } # omit remote_group_id to reference yourself
1295 - # Memcached listening to Astaire
1297 - port_range_min: 11211
1298 - port_range_max: 11211
1299 - remote_mode: remote_group_id
1300 - #remote_group_id: { get_resource: vellum_sig_outbound } # omit remote_group_id to reference yourself
1302 - vellum_sig_inbound:
1303 - type: OS::Neutron::SecurityGroup
1305 - name: { str_replace: { params: { __name_prefix__: { get_param: "name_prefix" } }, template: __name_prefix__-vellum-sig-inbound } }
1306 - description: Security group for Vellum nodes inbound traffic (signaling)
1310 - port_range_min: 11311
1311 - port_range_max: 11311
1312 - remote_mode: remote_group_id
1313 - remote_group_id: { get_resource: sprout_sig_outbound }
1316 - port_range_min: 11311
1317 - port_range_max: 11311
1318 - remote_mode: remote_group_id
1319 - remote_group_id: { get_resource: dime_sig }
1322 - port_range_min: 7253
1323 - port_range_max: 7253
1324 - remote_mode: remote_group_id
1325 - remote_group_id: { get_resource: sprout_sig_outbound }
1328 - port_range_min: 7253
1329 - port_range_max: 7253
1330 - remote_mode: remote_group_id
1331 - remote_group_id: { get_resource: dime_sig }
1332 - # Cassandra Thrift
1334 - port_range_min: 9160
1335 - port_range_max: 9160
1336 - remote_mode: remote_group_id
1337 - remote_group_id: { get_resource: dime_sig }
1338 - # Cassandra Thrift
1340 - port_range_min: 9160
1341 - port_range_max: 9160
1342 - remote_mode: remote_group_id
1343 - remote_group_id: { get_resource: homer_sig }
1347 description: Base security group for all Clearwater nodes (management)
1348 - value: { get_resource: base_mgmt }
1350 - description: Security group for DNS nodes
1351 - value: { get_resource: dns }
1353 - description: Security group for Ellis nodes (managment)
1354 - value: { get_resource: ellis_mgmt }
1356 - description: Security group for Bono nodes (signaling)
1357 - value: { get_resource: bono_sig }
1358 - sprout_sig_outbound:
1359 - description: Security group for Sprout nodes outbound traffic (signaling)
1360 - value: { get_resource: sprout_sig_outbound }
1361 - sprout_sig_inbound:
1362 - description: Security group for Sprout nodes inbound traffic (signaling)
1363 - value: { get_resource: sprout_sig_inbound }
1365 - description: Security group for Homer nodes (management)
1366 - value: { get_resource: homer_mgmt }
1368 - description: Security group for Homer nodes (signaling)
1369 - value: { get_resource: homer_sig }
1371 - description: Security group for Dime nodes (management)
1372 - value: { get_resource: dime_mgmt }
1374 - description: Security group for Dime nodes (signaling)
1375 - value: { get_resource: dime_sig }
1376 - vellum_sig_outbound:
1377 - description: Security group for Vellum nodes outbound traffic (signaling)
1378 - value: { get_resource: vellum_sig_outbound }
1379 - vellum_sig_inbound:
1380 - description: Security group for Vellum nodes inbound traffic (signaling)
1381 - value: { get_resource: vellum_sig_inbound }
1382 + value: { get_resource: base_mgmt }
1383 diff --git a/sprout.yaml b/sprout.yaml
1384 index 9c533b7..f84915a 100644
1387 @@ -23,26 +23,6 @@ parameters:
1389 - custom_constraint: neutron.network
1390 description: Must be a valid network ID
1391 - public_sig_net_id:
1393 - description: ID of public signaling network
1395 - - custom_constraint: neutron.network
1396 - description: Must be a valid network ID
1397 - private_sig_net_id:
1399 - description: ID of private signaling network
1401 - - custom_constraint: neutron.network
1402 - description: Must be a valid network ID
1403 - private_sig_net_cidr:
1405 - description: Private signaling network address (CIDR notation)
1406 - default: 192.168.1.0/24
1407 - private_sig_net_gateway:
1409 - description: Private signaling network gateway address
1410 - default: 192.168.1.254
1413 description: Flavor to use
1414 @@ -64,12 +44,6 @@ parameters:
1415 base_mgmt_security_group:
1417 description: ID of base security group for all Clearwater nodes (management)
1418 - sprout_sig_outbound_security_group:
1420 - description: ID of security group for Sprout nodes outbound traffic (signaling)
1421 - sprout_sig_inbound_security_group:
1423 - description: ID of security group for Sprout nodes inbound traffic (signaling)
1426 description: URL for Clearwater repository
1427 @@ -81,9 +55,6 @@ parameters:
1430 description: IP address for DNS server on management network
1433 - description: IP address for DNS server on signaling network
1436 description: DNSSEC private key (Base64-encoded)
1437 @@ -114,14 +85,15 @@ resources:
1438 floating_network_id: { get_param: public_mgmt_net_id }
1439 port_id: { get_resource: mgmt_port }
1442 - type: OS::Neutron::Port
1444 + type: OS::Heat::WaitCondition
1446 - # Specify the network ID by string to work around OpenStack issues - see https://github.com/Metaswitch/clearwater-heat/issues/18.
1447 - network_id: { str_replace: { params: { x: { get_param: private_sig_net_id } }, template: x } }
1449 - - { get_param: sprout_sig_outbound_security_group }
1450 - - { get_param: sprout_sig_inbound_security_group }
1451 + handle: {get_resource: wait_handle}
1456 + type: OS::Heat::WaitConditionHandle
1459 type: OS::Nova::Server
1460 @@ -132,7 +104,6 @@ resources:
1461 key_name: { get_param: key_name }
1463 - port: { get_resource: mgmt_port }
1464 - - port: { get_resource: sig_port }
1465 user_data_format: RAW
1468 @@ -141,14 +112,11 @@ resources:
1469 __zone__: { get_param: zone }
1470 __public_mgmt_ip__: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
1471 __private_mgmt_ip__: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
1472 - __private_sig_ip__: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
1473 - __private_sig_cidr__: { get_param: private_sig_net_cidr }
1474 - __private_sig_gateway__: { get_param: private_sig_net_gateway }
1475 __dns_mgmt_ip__: { get_param: dns_mgmt_ip }
1476 - __dns_sig_ip__: { get_param: dns_sig_ip }
1477 __dnssec_key__: { get_param: dnssec_key }
1478 __etcd_ip__ : { get_param: etcd_ip }
1479 __index__ : { get_param: index }
1480 + wc_notify: { get_attr: [wait_handle, curl_cli] }
1484 @@ -156,33 +124,6 @@ resources:
1485 exec > >(tee -a /var/log/clearwater-heat-sprout.log) 2>&1
1488 - # Set up the signaling network namespace on each boot by creating an init file and
1489 - # linking to it from runlevel 2 and 3
1490 - cat >/etc/init.d/signaling_namespace <<EOF
1492 - # Create the signaling namespace and configure its interfaces.
1495 - # Exit if the namespace is already set up.
1496 - ip netns list | grep -q signaling && exit 0
1498 - # eth1 is the signaling interface (and eth0 is the management interface).
1499 - # We need to set eth1 up manually - only eth0 is automatically configured via DHCP.
1500 - ip netns add signaling
1501 - ip link set eth1 netns signaling
1502 - ip netns exec signaling ip link set dev lo up
1503 - ip netns exec signaling ip addr add __private_sig_ip__/$(echo __private_sig_cidr__ | cut -d / -f 2) dev eth1
1504 - ip netns exec signaling ip link set dev eth1 up
1505 - ip netns exec signaling ip route add default via __private_sig_gateway__
1508 - chmod a+x /etc/init.d/signaling_namespace
1509 - ln -s /etc/init.d/signaling_namespace /etc/rc2.d/S01signaling_namespace
1510 - ln -s /etc/init.d/signaling_namespace /etc/rc3.d/S01signaling_namespace
1512 - # Also set up the signaling namespace now.
1513 - /etc/init.d/signaling_namespace
1515 # Configure the APT software source.
1516 echo 'deb __repo_url__ binary/' > /etc/apt/sources.list.d/clearwater.list
1517 curl -L http://repo.cw-ngv.com/repo_key | apt-key add -
1518 @@ -193,11 +134,8 @@ resources:
1520 [ -n "$etcd_ip" ] || etcd_ip=__private_mgmt_ip__
1521 cat > /etc/clearwater/local_config << EOF
1522 - signaling_namespace=signaling
1523 - signaling_dns_server=__dns_sig_ip__
1524 - management_local_ip=__private_mgmt_ip__
1525 - local_ip=__private_sig_ip__
1526 - public_ip=__private_sig_ip__
1527 + local_ip=__private_mgmt_ip__
1528 + public_ip=__private_mgmt_ip__
1529 public_hostname=__index__.sprout.__zone__
1530 etcd_cluster=$etcd_ip
1532 @@ -220,10 +158,10 @@ resources:
1533 while ! { nsupdate -y "__zone__:__dnssec_key__" -v << EOF
1534 server __dns_mgmt_ip__
1535 update add sprout-__index__.__zone__. 30 $(ip2rr __public_mgmt_ip__)
1536 - update add __index__.sprout.__zone__. 30 $(ip2rr __private_sig_ip__)
1537 - update add sprout.__zone__. 30 $(ip2rr __private_sig_ip__)
1538 - update add scscf.sprout.__zone__. 30 $(ip2rr __private_sig_ip__)
1539 - update add icscf.sprout.__zone__. 30 $(ip2rr __private_sig_ip__)
1540 + update add __index__.sprout.__zone__. 30 $(ip2rr __public_mgmt_ip__)
1541 + update add sprout.__zone__. 30 $(ip2rr __public_mgmt_ip__)
1542 + update add scscf.sprout.__zone__. 30 $(ip2rr __public_mgmt_ip__)
1543 + update add icscf.sprout.__zone__. 30 $(ip2rr __public_mgmt_ip__)
1544 update add sprout.__zone__. 30 NAPTR 0 0 "s" "SIP+D2T" "" _sip._tcp.sprout.__zone__.
1545 update add _sip._tcp.sprout.__zone__. 30 SRV 0 0 5054 __index__.sprout.__zone__.
1546 update add icscf.sprout.__zone__. 30 NAPTR 0 0 "s" "SIP+D2T" "" _sip._tcp.icscf.sprout.__zone__.
1547 @@ -239,20 +177,24 @@ resources:
1551 + wc_notify --data-binary '{"status": "SUCCESS"}'
1553 # Use the DNS server.
1554 echo 'nameserver __dns_mgmt_ip__' > /etc/dnsmasq.resolv.conf
1555 echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
1556 - mkdir -p /etc/netns/signaling
1557 - echo 'nameserver __dns_sig_ip__' > /etc/netns/signaling/resolv.conf
1558 service dnsmasq force-reload
1562 + clearwater-etcdctl cluster-health
1563 + clearwater-etcdctl member list
1564 + cw-check_cluster_state
1565 + cw-check_config_sync
1569 description: IP address in public (management) network
1570 value: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
1572 - description: IP address in private signaling network
1573 + description: IP address in private management network
1574 value: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
1576 - description: IP address in private signaling network
1577 - value: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
1578 diff --git a/vellum.yaml b/vellum.yaml
1579 index aab71f9..8f63557 100644
1582 @@ -23,26 +23,6 @@ parameters:
1584 - custom_constraint: neutron.network
1585 description: Must be a valid network ID
1586 - public_sig_net_id:
1588 - description: ID of public signaling network
1590 - - custom_constraint: neutron.network
1591 - description: Must be a valid network ID
1592 - private_sig_net_id:
1594 - description: ID of private signaling network
1596 - - custom_constraint: neutron.network
1597 - description: Must be a valid network ID
1598 - private_sig_net_cidr:
1600 - description: Private signaling network address (CIDR notation)
1601 - default: 192.168.1.0/24
1602 - private_sig_net_gateway:
1604 - description: Private signaling network gateway address
1605 - default: 192.168.1.254
1608 description: Flavor to use
1609 @@ -64,12 +44,6 @@ parameters:
1610 base_mgmt_security_group:
1612 description: ID of base security group for all Clearwater nodes (management)
1613 - vellum_sig_outbound_security_group:
1615 - description: ID of security group for Vellum nodes outbound traffic (signaling)
1616 - vellum_sig_inbound_security_group:
1618 - description: ID of security group for Vellum nodes inbound traffic (signaling)
1621 description: URL for Clearwater repository
1622 @@ -81,9 +55,6 @@ parameters:
1625 description: IP address for DNS server on management network
1628 - description: IP address for DNS server on signaling network
1631 description: DNSSEC private key (Base64-encoded)
1632 @@ -114,14 +85,15 @@ resources:
1633 floating_network_id: { get_param: public_mgmt_net_id }
1634 port_id: { get_resource: mgmt_port }
1637 - type: OS::Neutron::Port
1639 + type: OS::Heat::WaitCondition
1641 - # Specify the network ID by string to work around OpenStack issues - see https://github.com/Metaswitch/clearwater-heat/issues/18.
1642 - network_id: { str_replace: { params: { x: { get_param: private_sig_net_id } }, template: x } }
1644 - - { get_param: vellum_sig_outbound_security_group }
1645 - - { get_param: vellum_sig_inbound_security_group }
1646 + handle: {get_resource: wait_handle}
1651 + type: OS::Heat::WaitConditionHandle
1654 type: OS::Nova::Server
1655 @@ -132,7 +104,6 @@ resources:
1656 key_name: { get_param: key_name }
1658 - port: { get_resource: mgmt_port }
1659 - - port: { get_resource: sig_port }
1660 user_data_format: RAW
1663 @@ -141,47 +112,18 @@ resources:
1664 __zone__: { get_param: zone }
1665 __public_mgmt_ip__: { get_attr: [ mgmt_floating_ip, floating_ip_address ] }
1666 __private_mgmt_ip__: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
1667 - __private_sig_ip__: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }
1668 - __private_sig_cidr__: { get_param: private_sig_net_cidr }
1669 - __private_sig_gateway__: { get_param: private_sig_net_gateway }
1670 __dns_mgmt_ip__: { get_param: dns_mgmt_ip }
1671 - __dns_sig_ip__: { get_param: dns_sig_ip }
1672 __dnssec_key__: { get_param: dnssec_key }
1673 __etcd_ip__ : { get_param: etcd_ip }
1674 __index__ : { get_param: index }
1675 + wc_notify: { get_attr: [wait_handle, curl_cli] }
1679 # Log all output to file.
1680 exec > >(tee -a /var/log/clearwater-heat-vellum.log) 2>&1
1683 - # Set up the signaling network namespace on each boot by creating an init file and
1684 - # linking to it from runlevel 2 and 3
1685 - cat >/etc/init.d/signaling_namespace <<EOF
1687 - # Create the signaling namespace and configure its interfaces.
1690 - # Exit if the namespace is already set up.
1691 - ip netns list | grep -q signaling && exit 0
1693 - # eth1 is the signaling interface (and eth0 is the management interface).
1694 - # We need to set eth1 up manually - only eth0 is automatically configured via DHCP.
1695 - ip netns add signaling
1696 - ip link set eth1 netns signaling
1697 - ip netns exec signaling ip link set dev lo up
1698 - ip netns exec signaling ip addr add __private_sig_ip__/$(echo __private_sig_cidr__ | cut -d / -f 2) dev eth1
1699 - ip netns exec signaling ip link set dev eth1 up
1700 - ip netns exec signaling ip route add default via __private_sig_gateway__
1703 - chmod a+x /etc/init.d/signaling_namespace
1704 - ln -s /etc/init.d/signaling_namespace /etc/rc2.d/S01signaling_namespace
1705 - ln -s /etc/init.d/signaling_namespace /etc/rc3.d/S01signaling_namespace
1707 - # Also set up the signaling namespace now.
1708 - /etc/init.d/signaling_namespace
1709 + sysctl -w net.ipv6.conf.lo.disable_ipv6=0
1711 # Configure the APT software source.
1712 echo 'deb __repo_url__ binary/' > /etc/apt/sources.list.d/clearwater.list
1713 @@ -193,11 +135,8 @@ resources:
1715 [ -n "$etcd_ip" ] || etcd_ip=__private_mgmt_ip__
1716 cat > /etc/clearwater/local_config << EOF
1717 - signaling_namespace=signaling
1718 - signaling_dns_server=__dns_sig_ip__
1719 - management_local_ip=__private_mgmt_ip__
1720 - local_ip=__private_sig_ip__
1721 - public_ip=__private_sig_ip__
1722 + local_ip=__private_mgmt_ip__
1723 + public_ip=__private_mgmt_ip__
1724 public_hostname=__index__.vellum.__zone__
1725 etcd_cluster=$etcd_ip
1727 @@ -206,7 +145,7 @@ resources:
1728 mkdir -p /etc/chronos
1729 cat > /etc/chronos/chronos.conf << EOF
1731 - bind-address = __private_sig_ip__
1732 + bind-address = __private_mgmt_ip__
1736 @@ -218,7 +157,7 @@ resources:
1740 - servers = __dns_sig_ip__
1741 + servers = __dns_mgmt_ip__
1744 # Now install the software.
1745 @@ -239,7 +178,7 @@ resources:
1746 while ! { nsupdate -y "__zone__:__dnssec_key__" -v << EOF
1747 server __dns_mgmt_ip__
1748 update add vellum-__index__.__zone__. 30 $(ip2rr __public_mgmt_ip__)
1749 - update add vellum.__zone__. 30 $(ip2rr __private_sig_ip__)
1750 + update add vellum.__zone__. 30 $(ip2rr __public_mgmt_ip__)
1753 } && [ $retries -lt 10 ]
1754 @@ -249,13 +188,20 @@ resources:
1758 + wc_notify --data-binary '{"status": "SUCCESS"}'
1760 # Use the DNS server.
1761 echo 'nameserver __dns_mgmt_ip__' > /etc/dnsmasq.resolv.conf
1762 echo 'RESOLV_CONF=/etc/dnsmasq.resolv.conf' >> /etc/default/dnsmasq
1763 - mkdir -p /etc/netns/signaling
1764 - echo 'nameserver __dns_sig_ip__' > /etc/netns/signaling/resolv.conf
1765 service dnsmasq force-reload
1769 + clearwater-etcdctl cluster-health
1770 + clearwater-etcdctl member list
1771 + cw-check_cluster_state
1772 + cw-check_config_sync
1776 description: IP address in public management network
1777 @@ -263,6 +209,3 @@ outputs:
1779 description: IP address in private management network
1780 value: { get_attr: [ mgmt_port, fixed_ips, 0, ip_address ] }
1782 - description: IP address in private signaling network
1783 - value: { get_attr: [ sig_port, fixed_ips, 0, ip_address ] }