Example network creation Heat template
hello_world_Network_1.yaml, hello_world_Network_2.yaml
The following is an example template that defines a network with the structure shown below.
CAUTION:
It is not possible to create a stack using a template in which a router that will connect to an external network is defined. It is necessary to first create a stack using a template in which a router that will not connect to external networks is defined, and then update the stack by adding the property "external_gateway_info" to the router definition in the template.
To enable connections to external networks, use the file "hello_world_Network_1.yaml" described in this section to create the stack, and use "hello_world_Network_2.yaml" to update it.
An error will also occur when creating a stack using a Heat template that includes "load balancer service" or "database service" resources that can communicate with external networks. However, it is possible to successfully deploy these resources by performing stack updates similar to the one described above.
hello_world_Network_1.yaml
heat_template_version: 2013-05-23
description: Network part for service.
parameters:
az:
type: string
description: Availability zone
default: (The availability zone to be used. Example: jp-east-1a)
service_network1_name:
type: string
description: Name of the service network
default: (Arbitrary network name)
service_subnet1_name:
type: string
description: Name of the service subnetwork.
default: (Arbitrary subnet name)
service_router1_name:
type: string
description: Name of the service vrouter.
default: (Arbitrary router name)
service_subnet1_cidr:
type: string
description: CIDR representation of the service subnet.
default: (Arbitrary CIDR)
service_subnet1_gw_ip:
type: string
description: Gateway IP of Subnet
default: (The gateway address to be configured for the subnet)
service_subnet1_gw_port_name:
type: string
description: Gateway port name of Subnet
default: (Arbitrary port name)
security_group_name:
type: string
description: Security Group name
default: (Arbitrary security group name)
nameserver_ip1:
type: string
description: IP of the dns nameserver1.
default: (The IP address of DNS server 1 to be used by servers deployed to the subnet)
nameserver_ip2:
type: string
description: IP of the dns nameserver2.
default: (The IP address of DNS server 2 to be used by servers deployed to the subnet)
firewall1_name:
type: string
description: Name of the firewall1
default: (Arbitrary firewall name)
firewall1_policy_name:
type: string
description: Name of the firewall1 Policy
default: (Arbitrary firewall policy name)
resources:
service_network1:
type: OS::Neutron::Net
properties:
availability_zone: {get_param: az }
name: { get_param: service_network1_name }
service_subnet1:
type: OS::Neutron::Subnet
properties:
availability_zone: { get_param: az }
cidr: { get_param: service_subnet1_cidr }
name: { get_param: service_subnet1_name }
gateway_ip: { get_param: service_subnet1_gw_ip }
network_id: { get_resource: service_network1 }
dns_nameservers: [{ get_param: nameserver_ip1 }, { get_param: nameserver_ip2 }]
gw_port1:
type: OS::Neutron::Port
properties:
availability_zone: { get_param: az }
network_id: { get_resource: service_network1 }
fixed_ips: [{"ip_address": {get_param: service_subnet1_gw_ip }, "subnet_id": {get_resource: service_subnet1 }}]
name: { get_param: service_subnet1_gw_port_name }
service_router1:
type: OS::Neutron::Router
properties:
availability_zone: { get_param: az }
name: { get_param: service_router1_name }
service_router_interface1:
depends_on: service_router1
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: service_router1 }
port_id: { get_resource: gw_port1 }
security_group:
type: OS::Neutron::SecurityGroup
properties:
description: test Security groups rule
name: { get_param: security_group_name }
availability_zone: {get_param: az}
rules: [{"direction": ingress, "port_range_max": 22, "port_range_min": 22, "protocol": tcp, "remote_ip_prefix": 192.168.0.0/16 },
{"direction": ingress, "protocol": icmp, "remote_ip_prefix": 192.168.0.0/16 }]
firewall1:
type: OS::Neutron::Firewall
properties:
description: test Firewall
name: { get_param: firewall1_name }
availability_zone: {get_param: az }
firewall_policy_id: {get_resource: firewall1_policiy }
# For the Japan East1 / Japan West1 / Japan West2 regions, remove the comment out "#" from
# the following comment.
# router_id: {get_resource: service_router1 }
# For the Japan East2 regions, remove the comment out "#" from the following comment.
# value_specs: {"router_ids": [{get_resource: service_router1}]}
firewall1_policiy:
type: OS::Neutron::FirewallPolicy
properties:
audited: true
description: test Firewall Policy
firewall_rules: [{ get_resource: firewall_rule1 },{ get_resource: firewall_rule2 }]
name: { get_param: firewall1_policy_name }
availability_zone: {get_param: az }
firewall_rule1:
type: OS::Neutron::FirewallRule
properties:
description: test Firewall rule
destination_port: "80"
protocol: tcp
source_ip_address: {get_param: service_subnet1_cidr}
availability_zone: {get_param: az }
action: allow
firewall_rule2:
type: OS::Neutron::FirewallRule
depends_on: firewall_rule1
properties:
description: test Firewall rule2
source_port: "53"
protocol: udp
source_ip_address: {get_param: service_subnet1_cidr}
destination_ip_address: {get_param: nameserver_ip1}
availability_zone: {get_param: az}
action: allowhello_world_Network_2.yaml
heat_template_version: 2013-05-23
description: Network part for service.
parameters:
az:
type: string
description: Availability zone
default: (The availability zone to be used. Example: jp-east-1a)
service_network1_name:
type: string
description: Name of the service network
default: (Arbitrary network name)
service_subnet1_name:
type: string
description: Name of the service subnetwork.
default: (Arbitrary subnet name)
service_router1_name:
type: string
description: Name of the service vrouter.
default: (Arbitrary router name)
service_subnet1_cidr:
type: string
description: CIDR representation of the service subnet.
default: (Arbitrary CIDR)
service_subnet1_gw_ip:
type: string
description: Gateway IP of Subnet
default: (The gateway address to be configured for the subnet)
service_subnet1_gw_port_name:
type: string
description: Gateway port name of Subnet
default: (Arbitrary port name)
security_group_name:
type: string
description: Security Group name
default: (Arbitrary security group name)
nameserver_ip1:
type: string
description: IP of the dns nameserver1.
default: (The DNS server to be used by servers deployed to the subnet)
nameserver_ip2:
type: string
description: IP of the dns nameserver2.
default: (The DNS server to be used by servers deployed to the subnet)
firewall1_name:
type: string
description: Name of the firewall1
default: (Arbitrary firewall name)
firewall1_policy_name:
type: string
description: Name of the firewall1 Policy
default: (Arbitrary firewall policy name)
ext-net:
type: string
default: (The name of the external network to be used. Example:inf_az1_ext-net01)
resources:
service_network1:
type: OS::Neutron::Net
properties:
availability_zone: {get_param: az }
name: { get_param: service_network1_name }
service_subnet1:
type: OS::Neutron::Subnet
properties:
availability_zone: { get_param: az }
cidr: { get_param: service_subnet1_cidr }
name: { get_param: service_subnet1_name }
gateway_ip: { get_param: service_subnet1_gw_ip }
network_id: { get_resource: service_network1 }
dns_nameservers: [{ get_param: nameserver_ip1 }, { get_param: nameserver_ip2 }]
gw_port1:
type: OS::Neutron::Port
properties:
availability_zone: { get_param: az }
network_id: { get_resource: service_network1 }
fixed_ips: [{"ip_address": {get_param: service_subnet1_gw_ip }, "subnet_id": {get_resource: service_subnet1 }}]
name: { get_param: service_subnet1_gw_port_name }
service_router1:
type: OS::Neutron::Router
properties:
# Update the stack by adding the following line to enable
# the router to connect to external networks.
external_gateway_info: {"network": {get_param: ext-net} }
availability_zone: { get_param: az }
name: { get_param: service_router1_name }
service_router_interface1:
depends_on: service_router1
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: service_router1 }
port_id: { get_resource: gw_port1 }
security_group:
type: OS::Neutron::SecurityGroup
properties:
description: test Security groups rule
name: { get_param: security_group_name }
availability_zone: {get_param: az}
rules: [{"direction": ingress, "port_range_max": 22, "port_range_min": 22, "protocol": tcp, "remote_ip_prefix": 192.168.0.0/16 },
{"direction": ingress, "protocol": icmp, "remote_ip_prefix": 192.168.0.0/16 }]
firewall1:
type: OS::Neutron::Firewall
properties:
description: test Firewall
name: { get_param: firewall1_name }
availability_zone: {get_param: az }
firewall_policy_id: {get_resource: firewall1_policiy }
# For the Japan East1 / Japan West1 / Japan West2 regions, remove the comment out "#" from
# the following comment.
# router_id: {get_resource: service_router1 }
# For the Japan East2 regions, remove the comment out "#" from the following comment.
value_specs: {"router_ids": [{get_resource: service_router1}]}
firewall1_policiy:
type: OS::Neutron::FirewallPolicy
properties:
audited: true
description: test Firewall Policy
firewall_rules: [{ get_resource: firewall_rule1 },{ get_resource: firewall_rule2 }]
name: { get_param: firewall1_policy_name }
availability_zone: {get_param: az }
firewall_rule1:
type: OS::Neutron::FirewallRule
properties:
description: test Firewall rule
destination_port: "80"
protocol: tcp
source_ip_address: {get_param: service_subnet1_cidr}
availability_zone: {get_param: az }
action: allow
firewall_rule2:
type: OS::Neutron::FirewallRule
depends_on: firewall_rule1
properties:
description: test Firewall rule2
source_port: "53"
protocol: udp
source_ip_address: {get_param: service_subnet1_cidr}
destination_ip_address: {get_param: nameserver_ip1}
availability_zone: {get_param: az}
action: allow