worker.yaml

heat_template_version: 2014-10-16


description: >
  A host used for HPC worker node.


parameters:

  key_name:
    description: >
      A pre-submitted SSH key to access the VM hosts
    type: string
    constraints:
    - custom_constraint: nova.keypair

  image:
    description: >
      Select a base image to use for the infrastructure server
    type: string
    constraints:
    - custom_constraint: glance.image

  flavor:
    description: >
      Define the hardware characteristics for the VMs: CPU, Memory, base disk
    type: string
    constraints:
    - custom_constraint: nova.flavor

  hostname:
    description: >
      The Infrastructure hostname portion of the FQDN
    type: string

  timeout:
    description: Time to wait until the setup is ready.
    type: number
    default: 600

  # Software Subscription information
  rhn_username:
    description: >
      A valid user with entitlements to RHEL and OpenShift software repos
    type: string

  rhn_password:
    description: >
      The password for the RHN user
    type: string
    hidden: true

  rhn_pool:
    description: >
      A subscription pool containing the RHEL and OpenShift software repos
      OPTIONAL
    type: string
    hidden: true

  ssh_user:
    description: >
      The user for SSH access to the VM hosts
    type: string


  fixed_network:
    description: >
      The name or ID of the internal network
    type: string
    constraints:
    - custom_constraint: neutron.network

  fixed_subnet:
    description: >
      The name or ID of the internal IPv4 space
    type: string
    constraints:
    - custom_constraint: neutron.subnet



resources:

  random_hostname_suffix:
    type: OS::Heat::RandomString
    properties:
      character_classes: [{"class": lowercase}, {"class": digits}]
      length: 8

  # A VM to provide HPC worker services
  host:
    type: OS::Nova::Server
    properties:
      name:
        str_replace:
          template: "HOST-SUFFIX"
          params:
            HOST: {get_param: hostname}
            SUFFIX: {get_attr: [random_hostname_suffix, value]}
      admin_user: {get_param: ssh_user}
      image: {get_param: image}
      flavor: {get_param: flavor}
      key_name: {get_param: key_name}
      networks:
      - port: {get_resource: port}
      user_data_format: SOFTWARE_CONFIG
      user_data: {get_resource: init}

  # Install, configure and enable the Heat configuration agent
  #config_agent:
  #  type: collect-config-setup/install_config_agent_centos_yum.yaml


  # Collect the results from a set of resources
  init:
    type: OS::Heat::MultipartMime
    properties:
      parts:
      - config: {get_resource: rhn_register}
      - config: {get_resource: host_update}
      #- config: {get_attr: [config_agent, config]}
      #  type: multipart
      - config: {get_resource: node_boot}

  # Create a network connection on the internal and apply security
  port:
    type: OS::Neutron::Port
    properties:
      security_groups:
      - {get_resource: security_group}
      network: {get_param: fixed_network}
      fixed_ips:
      - subnet: {get_param: fixed_subnet}
      replacement_policy: AUTO

  # Define the network access policy for the node
  security_group:
    type: OS::Neutron::SecurityGroup
    properties:
      rules:
      - protocol: icmp
      # Just open everything for now:
      - protocol: tcp
        port_range_min: 0
        port_range_max: 65535
      - protocol: udp
        port_range_min: 0
        port_range_max: 65535

  node_boot:
    type: OS::Heat::SoftwareConfig
    properties:
      config:
        str_replace:
          params:
            $WC_NOTIFY: { get_attr: ['wait_handle', 'curl_cli'] }
          template: |
            #!/bin/bash
            set -eu
            set -x
            set -o pipefail
            function notify_success() {
              $WC_NOTIFY --data-binary  "{\"status\": \"SUCCESS\", \"reason\": \"$1\", \"data\": \"$1\"}"
              exit 0
            }
            function notify_failure() {
              $WC_NOTIFY --data-binary "{\"status\": \"FAILURE\", \"reason\": \"$1\", \"data\": \"$1\"}"
              exit 1
            }
            # Required for SSH pipelining
            sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
            notify_success "worker node has been prepared for running HPC."

  # Register the host with RHN for access to software packages
  rhn_register:
    type: OS::Heat::SoftwareConfig
    properties:
      config:
        str_replace:
          params:
            $RHN_USERNAME: {get_param: rhn_username}
            $RHN_PASSWORD: {get_param: rhn_password}
            $POOL_ID: {get_param: rhn_pool}
          template: |
            #!/bin/bash
            set -eu
            set -x
            set -o pipefail
            if [ -n "$RHN_USERNAME" -a -n "$RHN_PASSWORD" ]; then
              subscription-manager register \
                         --username="$RHN_USERNAME" \
                         --password="$RHN_PASSWORD"
              if [ -n "$POOL_ID" ]; then
                subscription-manager attach --pool $POOL_ID
              else
                subscription-manager attach --auto
              fi
              subscription-manager repos --disable="*"
              subscription-manager repos \
                         --enable="rhel-7-server-rpms"
              rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
            fi

  host_update:
    type: OS::Heat::SoftwareConfig
    properties:
      config:
        str_replace:
          template: |
            #!/bin/bash
            set -eux
            set -o pipefail
            function notify_success() {
              $WC_NOTIFY --data-binary  "{\"status\": \"SUCCESS\", \"reason\": \"$1\", \"data\": \"$1\"}"
              exit 0
            }
            function notify_failure() {
              $WC_NOTIFY --data-binary "{\"status\": \"FAILURE\", \"reason\": \"$1\", \"data\": \"$1\"}"
              exit 1
            }
            if [ -e /run/ostree-booted ]; then
              atomic host upgrade || notify_failure "failed to run 'atomic host upgrade'"
            else
              yum install -y deltarpm || notify_failure "could not install deltarpm"
              yum -y update || notify_failure "could not update RPMs"
            fi
          params:
            $WC_NOTIFY: {get_attr: ['wait_handle', 'curl_cli'] }



  # Wait until the cloud-init process ends and reports or times out
  wait_condition:
    type: OS::Heat::WaitCondition
    properties:
      handle: {get_resource: wait_handle}
      timeout: {get_param: timeout}

  # This is passed to infra_init cloud-init script as a curl CLI command
  # When the cloud-init process ends it queries the URL with
  # a message which ends the wait and returns the value
  wait_handle:
    type: OS::Heat::WaitConditionHandle