heat_template_version: 2013-05-23 description: > An example Heat Orchestration Template (HOT). WordPress is web software you can use to create a beautiful website or blog. This template installs two instances: one running a WordPress deployment and the other using a local MySQL database to store the data. parameters: key_name: type: string description : Name of a KeyPair to enable SSH access to the instance default: my-key instance_type: type: string description: Instance type for web and DB servers default: m1.small constraints: - allowed_values: [m1.tiny, m1.small, m1.medium, m1.large, m1.xlarge] description: instance_type must be a valid instance type image_id: type: string description: > Name or ID of the image to use for the WordPress server. Recommended values are fedora-20.i386 or fedora-20.x86_64; get them from http://cloud.fedoraproject.org/fedora-20.i386.qcow2 or http://cloud.fedoraproject.org/fedora-20.x86_64.qcow2 . default: fedora-20.x86_64 public_net: type: string description: > ID or name of public network for which floating IP addresses will be allocated default: external private_net_name: type: string description: Name of private network to be created default: private private_net_cidr: type: string description: Private network address (CIDR notation) default: 10.0.0.0/24 private_net_gateway: type: string description: Private network gateway address default: 10.0.0.1 private_net_pool_start: type: string description: Start of private network IP address allocation pool default: 10.0.0.101 private_net_pool_end: type: string description: End of private network IP address allocation pool default: 10.0.0.199 private_net_dns: type: string description: Private network DNS server address default: 8.8.8.8 db_name: type: string description: WordPress database name default: wordpress constraints: - length: { min: 1, max: 64 } description: db_name must be between 1 and 64 characters - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*' description: > db_name must begin with a letter and contain only alphanumeric characters db_username: type: string description: The WordPress database admin account username default: admin hidden: true constraints: - length: { min: 1, max: 16 } description: db_username must be between 1 and 16 characters - allowed_pattern: '[a-zA-Z][a-zA-Z0-9]*' description: > db_username must begin with a letter and contain only alphanumeric characters db_password: type: string description: The WordPress database admin account password default: admin hidden: true constraints: - length: { min: 1, max: 41 } description: db_password must be between 1 and 41 characters - allowed_pattern: '[a-zA-Z0-9]*' description: db_password must contain only alphanumeric characters db_root_password: type: string description: Root password for MySQL default: admin hidden: true constraints: - length: { min: 1, max: 41 } description: db_root_password must be between 1 and 41 characters - allowed_pattern: '[a-zA-Z0-9]*' description: db_root_password must contain only alphanumeric characters resources: private_net: type: OS::Neutron::Net properties: name: { get_param: private_net_name } private_subnet: type: OS::Neutron::Subnet depends_on: private_net properties: network_id: { get_resource: private_net } cidr: { get_param: private_net_cidr } gateway_ip: { get_param: private_net_gateway } allocation_pools: - start: { get_param: private_net_pool_start } end: { get_param: private_net_pool_end } dns_nameservers: [{ get_param: private_net_dns }] router: type: OS::Neutron::Router depends_on: private_net properties: external_gateway_info: network: { get_param: public_net } router_interface: type: OS::Neutron::RouterInterface depends_on: [ router, private_subnet ] properties: router_id: { get_resource: router } subnet_id: { get_resource: private_subnet } database_server_security_group: type: OS::Neutron::SecurityGroup properties: description: Add security group rules for server name: db_server_security-group rules: - remote_ip_prefix: 0.0.0.0/0 protocol: tcp port_range_min: 22 port_range_max: 22 - remote_ip_prefix: { get_param: private_net_cidr } protocol: tcp port_range_min: 3306 port_range_max: 3306 - remote_ip_prefix: 0.0.0.0/0 protocol: icmp web_server_security_group: type: OS::Neutron::SecurityGroup properties: description: Add security group rules for server name: web_server_security-group rules: - remote_ip_prefix: 0.0.0.0/0 protocol: tcp port_range_min: 22 port_range_max: 22 - remote_ip_prefix: 0.0.0.0/0 protocol: tcp port_range_min: 80 port_range_max: 80 - remote_ip_prefix: 0.0.0.0/0 protocol: icmp database_server: type: OS::Nova::Server depends_on: database_server_port properties: image: { get_param: image_id } flavor: { get_param: instance_type } key_name: { get_param: key_name } networks: - port: { get_resource: database_server_port } user_data: str_replace: template: | #!/bin/bash -v yum -y clean all yum -y install mariadb mariadb-server touch /var/log/mariadb/mariadb.log chown mysql.mysql /var/log/mariadb/mariadb.log systemctl start mariadb.service # Setup MySQL root password and create a user mysqladmin -u root password db_rootpassword cat << EOF | mysql -u root --password=db_rootpassword CREATE DATABASE db_name; GRANT ALL PRIVILEGES ON db_name.* TO "db_user"@"%" IDENTIFIED BY "db_password"; FLUSH PRIVILEGES; EXIT EOF params: db_rootpassword: { get_param: db_root_password } db_name: { get_param: db_name } db_user: { get_param: db_username } db_password: { get_param: db_password } database_server_port: type: OS::Neutron::Port depends_on: [ private_net, database_server_security_group ] properties: network_id: { get_resource: private_net } fixed_ips: - subnet_id: { get_resource: private_subnet } security_groups: [{ get_resource: database_server_security_group }] web_server: type: OS::Nova::Server depends_on: [ web_server_port, database_server ] properties: image: { get_param: image_id } flavor: { get_param: instance_type } key_name: { get_param: key_name } networks: - port: { get_resource: web_server_port } user_data: str_replace: template: | #!/bin/bash -v yum -y clean all yum -y install httpd wordpress sed -i "/Deny from All/d" /etc/httpd/conf.d/wordpress.conf sed -i "s/Require local/Require all granted/" /etc/httpd/conf.d/wordpress.conf sed -i s/database_name_here/db_name/ /etc/wordpress/wp-config.php sed -i s/username_here/db_user/ /etc/wordpress/wp-config.php sed -i s/password_here/db_password/ /etc/wordpress/wp-config.php sed -i s/localhost/db_ipaddr/ /etc/wordpress/wp-config.php setenforce 0 # Otherwise net traffic with DB is disabled systemctl start httpd.service params: db_rootpassword: { get_param: db_root_password } db_name: { get_param: db_name } db_user: { get_param: db_username } db_password: { get_param: db_password } db_ipaddr: { get_attr: [database_server, networks, private, 0] } web_server_port: type: OS::Neutron::Port depends_on: [ private_net, web_server_security_group ] properties: network_id: { get_resource: private_net } fixed_ips: - subnet_id: { get_resource: private_subnet } security_groups: [{ get_resource: web_server_security_group }] outputs: website_url: description: URL for Wordpress wiki value: Attach Floating IP to Web_Server, and access to http://your_floating_ip/wordpress.