Simple YAML Help
This snippet is provided to help others create a simple YAML file for use with the VTA. Below are basic topics to help you understand the components of a YAML and their configurations.
Open Stack YAML Format
heat_template_version: ocata
resources:
heat_template_version: ocata defines the version of the YAML that tells the OpenStack Heat component how to process the file. The version for this examples is ocata and each version is different based on new features introduced. All new versions include previous version features. The best practices is to use the lowest version possible that incorporates all the features in the YAML. This ensures the YAML can be used on as many OpenStack deployments as possible. You can reference the Heat Specification for more information regarding the features in each version.
resources: defines the starting boundary for the list of resources that Heat will create. These include networks, subnets, routers, ports, instances, etc. We'll go into more detail on some of the basic resources and their format and configuration in the subsequent sections.
YAML files are indent sensitive, meaning the indents (white space at the beginning of each line) changes the scope of that line. The indentation is usually two spaces. Everything on the same indentation is a component of the item above it with less white space. For heat_template_version: and resources: they are on the same indentation, zero, or no white space, and thus a part of the first thing above it with less, which is nothing so they are root components of the YAML file. Components that are indented below these root components are thus components of their respective root component.
heat_template_version: has nothing indented below it but resources: does: soho_net:, soho_subnet:, soho_router:, soho_router_interface:, instance_port:, and my_instance:. Each of these components, now called resources because they fall under resources:, also have components indented under them that further define those resources.
Comments in a YAML file are represented by a #. These are used to define sections and document meaning behind configurations to improve readability of the YAML.
Networks
A network resource is needed in order to have a subnet or network segment. You will mostly just give a name to a network so you can later assign a subnet to it.
soho_net:
type: OS::Neutron::Net
properties:
name: soho_netsoho_net at the top of the block names the resource within the YAML file to then be referenced like a variable, as you'll see below in the Subnets section. You can name this what ever you'd like.
type: OS::Neutron::Net declares the soho_net resource as a Network. If you are defining a network you need this line, unchanged.
properties: allows you to define attributes associated to this network type resource. Here we only define the name: attribute of the soho_net network resource. For a list of other properties you can check the specificiation.
name: defines the resource name once deployed in the environment. Though the name matches the resource name listed above, these names are different. The one above is only used as a variable within the YAML file while this name is tagged to the actual resource that is created. These are typically made the same for simplicity and trace-ability but they can be different.
Subnets
Routers
Ports
Instances
Resources
heat_template_version: ocata
resources:
###################################################################################################
# NETWORKS
###################################################################################################
soho_net:
type: OS::Neutron::Net
properties:
name: soho_net
###################################################################################################
# SUBNETS
###################################################################################################
# Single subnet implementation.
# IP pools for soho: 192.168.0.0/24
soho_subnet:
type: OS::Neutron::Subnet
depends_on: soho_net
properties:
name: soho_subnet
cidr: 192.168.0.0/24
dns_nameservers: [10.50.255.254,]
network_id: { get_resource: soho_net }
#########################################################
# ROUTERS - one port & interface per subnet per router
#########################################################
# SOHO ROUTER #########################################
soho_router:
type: OS::Neutron::Router
properties:
name: soho_router
# External gateway added for internet access
external_gateway_info: { network: public }
soho_router_interface:
type: OS::Neutron::RouterInterface
depends_on: soho_router
properties:
router_id: { get_resource: soho_router }
subnet: { get_resource: soho_subnet }
###################################################################################################
# PORTS
###################################################################################################
instance_port:
type: OS::Neutron::Port
properties:
network: { get_resource: soho_net }
###################################################################################################
# INSTANCES
###################################################################################################
my_instance:
type: OS::Nova::Server
properties:
name: my-comp
image: Debian-Stretch
flavor: cy.medium
networks:
- port: { get_resource: instance_port }
user_data_format: RAW
user_data: |
#!/bin/bash
# Add hostname to /etc/hosts
echo 127.0.0.1 $(hostname) >> /etc/hosts
# Add special domain to /etc/hosts
#echo "127.0.0.1 www.evil.tgt" >> /etc/hosts
# Setup users and passwords
echo "root:toor" | chpasswd # Change password for root, if required
useradd student -m -U -s /bin/bash # First, add the user and give them a shell
usermod -aG sudo student # Give them sudo priviledges, if required
echo "student:password" | chpasswd # Update the user password.
# Establish a proximal proxy cache for faster downloads
PROXY_UP=`ping -c1 -W3 pkg-cache.bbh.cyberschool.army.mil >/dev/null 2>&1 ; echo $?`
if [ $PROXY_UP -lt 1 ]; then
# Old (internal only): http://acng.bbh.cyberschool.army.mil:3142
echo 'Acquire::http::proxy "http://pkg-cache.bbh.cyberschool.army.mil:3142";' > /etc/apt/apt.conf.d/02proxy
fi
# Update, Upgrade & Install any required packages
apt -y update
apt -y upgrade
##################################################
# In this section insert the packages you need
# apt-get -y install <pkg-name>, <pkg-name>, ...
# e.g. python, ftp, telnet, samba, nmap, curl, ...
#
##################################################
updatedb
mandb
##################################################
# Add any special host configurations here
#
# wget/curl publicly/locally available files/programs to then execute/use
#
# configure iptables rules
#
# configure SSH
# sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
##################################################