-
Notifications
You must be signed in to change notification settings - Fork 35
/
compute-nest-on-premises-solution-sag.yml
475 lines (475 loc) · 14.6 KB
/
compute-nest-on-premises-solution-sag.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 该模版通过集成SAG、CCN、CEN、VPC、ECS等组件,自动化搭建云下到云上的网络桥梁,实现跨VPC与跨账户的安全访问云下服务,支持配置云下服务列表与自定义网络设置,提供终端节点服务访问能力。
en: This template, by integrating components such as SAG (Smart Access Gateway),
CCN (Cloud Connect Network), CEN (Cloud Enterprise Network), VPC (Virtual Private
Cloud), and ECS (Elastic Cloud Server), automates the establishment of a network
bridge from on-premises to the cloud, enabling secure access to on-premises services
across VPCs and accounts. It supports configuration of on-premises service lists
and custom network settings, while providing endpoint service access capabilities.
Parameters:
DMZCidrBlock:
Type: String
Label:
en: VPC network segment
zh-cn: 企业内部网络网段
Description:
en: 'The ip address range of the enterprise in the CidrBlock form; <br>You can
use the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font
color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>'
zh-cn: 企业云下网络ip地址段范围,<br>您可以使用以下的ip地址段或其子网:<br><font color='green'>[10.0.0.0/8]</font><br><font
color='green'>[172.16.0.0/12]</font><br><font color='green'>[192.168.0.0/16]</font>
Default: 10.1.0.0/16
Server:
Type: Json
Label:
en: Cloud service information
zh-cn: 云下服务信息
Description:
en: The cloud service list needs to enter the configuration ServerId (service
IP), service type ServerType (IP), port (Port)
zh-cn: 云下服务列表需要输入配置ServerId(服务IP),服务类型ServerType(IP),端口(Port),IP和ID与实际云下IP一致,参照模板复制粘贴修改IP和ID即可完成配置,其他参数不变
Default:
- Port: 80
ServerId: 10.1.1.102
ServerIp: 10.1.1.102
ServerType: Ip
Weight: 100
VpcCidrBlock:
Type: String
Label:
en: VPC network segment
zh-cn: 专有网络网段
Description:
en: 'The ip address range of the VPC in the CidrBlock form; <br>You can use
the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font
color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>'
zh-cn: 专有网络ip地址段范围,<br>您可以使用以下的ip地址段或其子网:<br><font color='green'>[10.0.0.0/8]</font><br><font
color='green'>[172.16.0.0/12]</font><br><font color='green'>[192.168.0.0/16]</font>
Default: 192.168.0.0/16
VSwitchZone1:
Type: String
Label:
en: VSwitch 1 availability zone
zh-cn: 交换机1可用区
Description:
en: Availability zone id.<br><b>note:<font color='blue'>East China 1 (Hangzhou)
and North China 2 (Beijing) are recommended to select Availability Zones J
and K to complete the NLB configuration, and Availability Zones D and E are
recommended for South China 1 (Shenzhen) and East China 2 (Shanghai) (the
two Availability Zones should not be duplicated)</font></b>
zh-cn: 可用区Id。<br><b>注: <font color='blue'>华东1(杭州)和华北2(北京)推荐选择可用区J,K即可完成NLB配置,华南1(深圳)和华东2(上海)推荐可用区D,E。(两个可用区不重复即可)</font></b>
AssociationProperty: ALIYUN::NLB::Zone::ZoneId
AssociationPropertyMetadata:
ExclusiveTo:
- VSwitchZone2
VSwitchCidrBlock1:
Type: String
Label:
en: VSwitch 1 network segment
zh-cn: 交换机1网段
Description:
en: Must be a sub-network segment of the proprietary network and is not occupied
by other v-switches.
zh-cn: 必须是所属专有网络的子网段,并且没有被其他交换机占用。
Default: 192.168.3.0/24
VSwitchZone2:
Type: String
Label:
en: VSwitch 2 availability zone
zh-cn: 交换机2可用区
Description:
en: Please select a different availability area than v-switch 1,<br><b>note:
<font color='blue'>East China 1 (Hangzhou) and North China 2 (Beijing) are
recommended to select Availability Zones J and K to complete the NLB configuration,
and Availability Zones D and E are recommended for South China 1 (Shenzhen)
and East China 2 (Shanghai) (the two Availability Zones should not be duplicated)</font></b>
zh-cn: 请选择与交换机1不同的可用区,<br><b>注: <font color='blue'>华东1(杭州)和华北2(北京)推荐选择可用区J,K即可完成NLB配置,华南1(深圳)和华东2(上海)推荐可用区D,E(两个可用区不重复即可)</font></b>
AssociationProperty: ALIYUN::NLB::Zone::ZoneId
AssociationPropertyMetadata:
ExclusiveTo:
- VSwitchZone1
VSwitchCidrBlock2:
Type: String
Label:
en: VSwitch 1 network segment
zh-cn: 交换机1网段
Description:
en: Must be a sub-network segment of the proprietary network and is not occupied
by other v-switches.
zh-cn: 必须是所属专有网络的子网段,并且没有被其他交换机占用。
Default: 192.168.4.0/24
PrivateLinkServerName:
Type: String
Label:
en: Service Name
zh-cn: 终端节点服务名称
Description:
en: Name of the server resource.
zh-cn: 服务端资源名称
Default: private_link_service
ReceiverCountry:
Type: String
Description: The country of the recipient address.
Default: 中国
ReceiverZip:
Type: String
Description: The postcode of the recipient address.
Default: '310000'
HaType:
Type: String
Description: |-
The deployment mode. Valid values:
no_backup: You buy only one SAG device to connect private networks to Alibaba Cloud.
cold_backup: You buy two SAG devices in active-standby mode. One SAG device serves as an active
device and the other serves as a standby device. Only the active device is connected
to Alibaba Cloud. If the active device is not working as expected, you must manually
perform a switchover.
warm_backup: You buy two SAG devices in active-active mode. Both SAG devices are connected to
Alibaba Cloud. If an active device is not working as expected, a failover is automatically
performed.
Note If you want to create an SAG vCPE instance, set the value to warm_backup.
Default: warm_backup
AllowedValues:
- cold_backup
- no_backup
- warm_backup
Period:
Type: Number
Description: |-
The subscription period of the SAG instance. Unit: months.
Valid values: 1 to 9, 12, 24, and 36.
Default: 12
MaxBandWidth:
Type: Number
Description: |-
The bandwidth of the SAG instance.
If you want to create an SAG CPE instance and the model is sag-100wm, valid values of this parameter are 2 to 50. Unit: Mbit/s.
If you want to create an SAG CPE instance and the model is sag-1000, valid values of this parameter are 10 to 500. Unit: Mbit/s.
If you want to create an SAG vCPE instance, valid values of this parameter are 10 to 1000. Unit: Mbit/s.
Default: 15
AutoPay:
Type: Boolean
Description: |-
Specifies whether to enable auto-payment for the instance. Valid values:
true: yes
false: no
If you set the parameter to false, go to Billing Management to complete the payment
after you call this operation. After you complete the payment, the instance can be
created.
Default: 'False'
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
ChargeType:
Type: String
Description: "The billing method of the SAG instance. \nSet the value to PREPAY,\
\ which specifies the subscription billing method."
Default: PREPAY
Resources:
CenInstance:
Type: ALIYUN::CEN::CenInstance
Properties:
Name:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
EcsVpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock:
Ref: VpcCidrBlock
VpcName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
EcsVSwitch1:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: VSwitchZone1
VpcId:
Ref: EcsVpc
CidrBlock:
Ref: VSwitchCidrBlock1
VSwitchName:
Fn::Join:
- '-'
- - VSwitch1
- StackId
- Ref: ALIYUN::StackId
EcsVSwitch2:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: VSwitchZone2
VpcId:
Ref: EcsVpc
CidrBlock:
Ref: VSwitchCidrBlock2
VSwitchName:
Fn::Join:
- '-'
- - VSwitch1
- StackId
- Ref: ALIYUN::StackId
NlbLoadBalancer:
Type: ALIYUN::NLB::LoadBalancer
Properties:
VpcId:
Ref: EcsVpc
AddressType: Intranet
ZoneMappings:
- VSwitchId:
Ref: EcsVSwitch1
ZoneId:
Ref: VSwitchZone1
- VSwitchId:
Ref: EcsVSwitch2
ZoneId:
Ref: VSwitchZone2
DependsOn:
- EcsVpc
NlbServerGroup:
Type: ALIYUN::NLB::ServerGroup
Properties:
VpcId:
Ref: EcsVpc
HealthCheckConfig:
HealthCheckConnectTimeout: null
HealthCheckEnabled: true
HttpCheckMethod: Get
Protocol: TCP
ServerGroupName: Test
ServerGroupType: Ip
Servers:
Ref: Server
DependsOn:
- EcsVpc
NlbListener:
Type: ALIYUN::NLB::Listener
Properties:
ListenerPort: 80
ListenerProtocol: TCP
LoadBalancerId:
Ref: NlbLoadBalancer
ServerGroupId:
Ref: NlbServerGroup
DependsOn:
- NlbLoadBalancer
- NlbServerGroup
CenVpcAttachment:
Type: ALIYUN::CEN::CenInstanceAttachment
Properties:
CenId:
Ref: CenInstance
ChildInstanceId:
Ref: EcsVpc
ChildInstanceRegionId:
Ref: ALIYUN::Region
ChildInstanceType: VPC
DependsOn:
- CenInstance
- NlbListener
SagCloudConnectNetwork:
Type: ALIYUN::SAG::CloudConnectNetwork
Properties:
Description: CloudConnectNetwork
Name:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
CenCcnAttachment:
Type: ALIYUN::CEN::CenInstanceAttachment
Properties:
CenId:
Ref: CenInstance
ChildInstanceId:
Ref: SagCloudConnectNetwork
ChildInstanceRegionId: ccn-cn-shanghai
ChildInstanceType: CCN
DependsOn:
- CenVpcAttachment
- SagCloudConnectNetwork
EcsSecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Fn::GetAtt:
- EcsVpc
- VpcId
SecurityGroupEgress:
- DestCidrIp: 0.0.0.0/0
IpProtocol: all
NicType: internet
PortRange: -1/-1
Priority: 1
- DestCidrIp: 0.0.0.0/0
IpProtocol: all
NicType: intranet
PortRange: -1/-1
Priority: 1
SecurityGroupIngress:
- IpProtocol: all
NicType: internet
PortRange: -1/-1
Priority: 1
SourceCidrIp: 0.0.0.0/0
- IpProtocol: all
NicType: intranet
PortRange: -1/-1
Priority: 1
SourceCidrIp: 0.0.0.0/0
SecurityGroupName:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
SmartAccessGateway:
Type: ALIYUN::SAG::SmartAccessGateway
Properties:
Activate: true
AutoPay:
Ref: AutoPay
BuyerMessage: Placeholder Message
ChargeType:
Ref: ChargeType
CidrBlock:
Ref: DMZCidrBlock
HaType:
Ref: HaType
HardWareSpec: sag-vcpe
MaxBandWidth:
Ref: MaxBandWidth
Name:
Fn::Join:
- '-'
- - StackId
- Ref: ALIYUN::StackId
Period:
Ref: Period
ReceiverAddress: Unknown Address
ReceiverCity: Unknow City
ReceiverCountry:
Ref: ReceiverCountry
ReceiverDistrict: Unknown District
ReceiverEmail: Unknown Email
ReceiverMobile: 1884085****
ReceiverName: Unknown Name
ReceiverState: Unknown State
ReceiverTown: Unknow Town
ReceiverZip:
Ref: ReceiverZip
RoutingStrategy: static
SagSmartAccessGatewayBinding:
Type: ALIYUN::SAG::SmartAccessGatewayBinding
Properties:
CcnId:
Fn::GetAtt:
- SagCloudConnectNetwork
- CcnId
SmartAGId:
Fn::GetAtt:
- SmartAccessGateway
- SmartAGId
DependsOn:
- SagCloudConnectNetwork
- SmartAccessGateway
VpcEndpointService:
Type: ALIYUN::PrivateLink::VpcEndpointService
Properties:
AutoAcceptEnabled: true
Resource:
- ResourceId:
Ref: NlbLoadBalancer
ResourceType: nlb
ZoneId:
Ref: VSwitchZone1
- ResourceId:
Ref: NlbLoadBalancer
ResourceType: nlb
ZoneId:
Ref: VSwitchZone2
ServiceDescription:
Ref: PrivateLinkServerName
ServiceResourceType: nlb
Outputs:
CcnId:
Value:
Fn::GetAtt:
- SagCloudConnectNetwork
- CcnId
CenId:
Value:
Fn::GetAtt:
- CenInstance
- CenId
EndpointServiceDomain:
Value:
Fn::GetAtt:
- VpcEndpointService
- ServiceDomain
EndpointServiceId:
Value:
Fn::GetAtt:
- VpcEndpointService
- ServiceId
EndpointServiceName:
Value:
Fn::GetAtt:
- VpcEndpointService
- ServiceName
OrderId:
Description: The ID of the order.
Value:
Fn::GetAtt:
- SmartAccessGateway
- OrderId
SmartAGId:
Description: The ID of the SAG instance.
Value:
Fn::GetAtt:
- SmartAccessGateway
- SmartAGId
VpcId:
Value:
Fn::GetAtt:
- EcsVpc
- VpcId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- DMZCidrBlock
- Server
Label:
default: 云下网络配置
- Parameters:
- VpcCidrBlock
- VSwitchZone1
- VSwitchCidrBlock1
- VSwitchZone2
- VSwitchCidrBlock2
Label:
default: VPC
- Parameters:
- PrivateLinkServerName
Label:
default: PrivateLink
- Parameters:
- ReceiverCountry
- ReceiverZip
- HaType
- Period
- MaxBandWidth
- AutoPay
- ChargeType
Label:
default: SAG
TemplateTags:
- acs:solution:计算巢虚拟互联网云下服务上云(SAG版本)