/openstack-heat_cent6_8

(This repository is not updating now but hosted for archiving for CentOS v6.8.) OpenStack Heat Template to orchestrate Personium infrastructure.

Apache License 2.0Apache-2.0

HeatTemplate for creating Personium 3server unit

Overview

This HeatTemplate automatically constructs the network and server configuration for Personium 3 Server unit in OpenStack.

Precondition

  • The operation confirmation is done by FUJITSU Cloud Service K5 of OpenStack base IaaS.
  • The network connecting to the Internet and the SSL-VPN connection for server access are excluded from the creation of this HeatTemplate.

Construction environment

The configuration that can be created with this HeatTemplate is shown below.

File structure

File name Contents
01_personium_network.yaml Create networks and firewalls.
02_personium_server.yaml Create servers for Personium.

Flow of creation

I will explain the flow of creation using this HeatTemplate.

1: Create Keypair (Manual)

Create a KeyPair to log in to the server for Personium.

2: Preparation for network creation

Edit 01_personium_network.yaml.

  • Set the Availability Zone used for the default of availability_zone in the Parameters section.
  availability_zone:
    type: string
    description: Availability zone
    default: { Availability zone } # set Availability zone

3: Create network

Use 01_personium_network.yaml to create the network.

4: Connect with external network

Connect DMZ network, Secure network, Management network to external network.

5: Preparation for server creation

Edit 02_personium_server.yaml.

  • Set the availability zone you are using to the default of availability_zone in the Parameters section.
  availability_zone:
    type: string
    description: Availability zone
    default: { Availability zone } # set Availability zone
  • Network ID setting
    Obtain the ID of the created network, and in the Parameters section Set to default of dmz_network_id, secure_network_id, mng_network_id.
dmz_network_id:
  type: string
  description: ID of the dmz network.
  default: { dmz_network_id } #set dmz network id.
  secure_network_id:
  type: string
  description: ID of the secure network.
  default: { secure_network_id } #set secure network id.
mng_network_id:
  type: string
  description: ID of the management network.
  default: { management_network_id } #set management network id.
  • KeyPair setting Obtain the name of the created KeyPair and in the Parameters section Set to web_server_key_name, ap_server_key_name, es_server_key_name default.
web_server_key_name:
  type: string
  description: Name of web server key.
  default: { your_server_keyname } #set server KeyPair name.
ap_server_key_name:
  type: string
  description: Name of ap server key.
  default: { your_server_keyname } #set server KeyPair name.
es_server_key_name:
  type: string
  description: Name of es server key.
  default: { your_server_keyname } #set server KeyPair name.
  • Certificate setting Edit the user_data of the web_server in the resources section according to the certificate you are creating.
  web_server:
    type: OS::Nova::Server
    properties:

        --Omission--

    user_data_format: RAW
    user_data:
      str_replace:
        template: |
          #!/bin/bash -v

      --Omission--

          openssl genrsa 2048 > /root/ansible/resource/web/opt/nginx/conf/server.key
          openssl req -new -key /root/ansible/resource/web/opt/nginx/conf/server.key << EOF > /root/ansible/resource/web/opt/nginx/conf/server.csr
          { Country Name } # set country name
          { State or Province Name } # set state name
          { Locality Name } # set locality name
          { Organization Name } # set oganization name
          { Organizational Unit Name } # set oganization unit name
          { Common Name } # set common name
          { Email Address } # set mail address
          { A challenge password } # set password
          { An optional company name } # set company name
          EOF
          openssl x509 -days 3650 -req -signkey  /root/ansible/resource/web/opt/nginx/conf/server.key < /root/ansible/resource/web/opt/nginx/conf/server.csr > /root/ansible/resource/web/opt/nginx/conf/server.crt

          openssl genrsa -out /root/ansible/resource/ap/opt/x509/unit.key 2048 -outform DER
          openssl req -new -key /root/ansible/resource/ap/opt/x509/unit.key -out /root/ansible/resource/ap/opt/x509/unit.csr << EOF
          { Country Name } # set country name
          { State or Province Name } # set state name
          { Locality Name } # set locality name
          { Organization Name } # set oganization name
          { Organizational Unit Name } # set oganization unit name
          { Common Name } # set common name
          { Email Address } # set mail address
          { A challenge password } # set password
          { An optional company name } # set company name
          EOF

          openssl x509 -req -days 3650 -signkey /root/ansible/resource/ap/opt/x509/unit.key -out /root/ansible/resource/ap/opt/x509/unit-self-sign.crt < /root/ansible/resource/ap/opt/x509/unit.csr

6: Create SSL-VPN (Manual)

Create an SSL-VPN connection to the Management network.

7: Setup Personium

Follow the steps below to set up Personium. ansible/3-server_unit