heat_template_version: 2013-05-23
description: |
  Template which creates nova server instances with 2 security groups
parameters:
  key:
    type: string
  flavor:
    type: string
  image:
    type: string
  volume_size:
    type: number
  subnet_cidr:
    type: string
  external_net:
    type: string
  dns_servers:
    type: comma_delimited_list
resources:
  volume:
    type: OS::Cinder::Volume
    properties:
      size: { get_param: volume_size }

  volume_attachment:
    type: OS::Cinder::VolumeAttachment
    properties:
      volume_id: { get_resource: volume }
      instance_uuid: { get_resource: instance }

  instance:
    type: OS::Nova::Server
    properties:
      image: { get_param: image }
      flavor: { get_param: flavor }
      key_name: { get_param: key }
      networks:
         - port: { get_resource: server_port }

  network:
    type: OS::Neutron::Net
    properties:
      name: network

  subnet:
    type: OS::Neutron::Subnet
    properties:
      network_id: { get_resource: network }
      name: subnet
      ip_version: 4
      cidr: { get_param: subnet_cidr }
      dns_nameservers: { get_param: dns_servers }

  router:
    type: OS::Neutron::Router
    properties:
      name: router
      admin_state_up: true
      external_gateway_info:
        network: { get_param: external_net }

  router_interface:
    type: OS::Neutron::RouterInterface
    properties:
      router_id: {get_resource: router}
      subnet_id: {get_resource: subnet}

  server_port:
    type: OS::Neutron::Port
    properties:
      network_id: { get_resource: network }
      fixed_ips:
        - subnet_id: { get_resource: subnet }
      security_groups: [{ get_resource: security_group_1 }]

  floating_ip:
    type: OS::Neutron::FloatingIP
    properties:
      floating_network: { get_param: external_net }
      port_id: { get_resource: server_port }

  security_group_1:
    type: OS::Neutron::SecurityGroup
    properties:
      description: Add 1st security group rule
      name: sg-1
      rules:
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
          port_range_min: 22
          port_range_max: 22
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
          port_range_min: 80
          port_range_max: 80
        - remote_ip_prefix: 0.0.0.0/0
          protocol: tcp
          port_range_min: 443
          port_range_max: 443
        - remote_group_id: { get_resource: security_group_1 }
          remote_mode: remote_group_id
          protocol: tcp
          port_range_min: 1
          port_range_max: 65535
        - remote_group_id: { get_resource: security_group_1 }
          remote_mode: remote_group_id
          protocol: udp
          port_range_min: 1
          port_range_max: 65535
        - remote_group_id: { get_resource: security_group_2 }
          remote_mode: remote_group_id
          protocol: tcp
          port_range_min: 1
          port_range_max: 65535
        - remote_group_id: { get_resource: security_group_2 }
          remote_mode: remote_group_id
          protocol: udp
          port_range_min: 1
          port_range_max: 65535

  security_group_2:
    type: OS::Neutron::SecurityGroup
    properties:
      description: Add 2nd security group rule
      name: sg-2
      rules:
        - remote_group_id: { get_resource: security_group_1 }
          remote_mode: remote_group_id
          protocol: tcp
          port_range_min: 1
          port_range_max: 65535
        - remote_group_id: { get_resource: security_group_1 }
          remote_mode: remote_group_id
          protocol: udp
          port_range_min: 1
          port_range_max: 65535
        - remote_group_id: { get_resource: security_group_2 }
          remote_mode: remote_group_id
          protocol: tcp
          port_range_min: 1
          port_range_max: 65535
        - remote_group_id: { get_resource: security_group_2 }
          remote_mode: remote_group_id
          protocol: udp
          port_range_min: 1
          port_range_max: 65535