commit | author | age
|
b9f818
|
1 |
--- |
T |
2 |
## TODO: What variables can we strip out of here to build complex variables? |
|
3 |
## i.e. what can we add into group_vars as opposed to config_vars? |
|
4 |
## Example: We don't really need "subdomain_base_short". If we want to use this, |
|
5 |
## should just toss in group_vars/all. |
|
6 |
### Also, we should probably just create a variable reference in the README.md |
|
7 |
### For now, just tagging comments in line with configuration file. |
|
8 |
|
|
9 |
### Vars that can be removed: |
|
10 |
# use_satellite: true |
|
11 |
# use_subscription_manager: false |
|
12 |
# use_own_repos: false |
|
13 |
|
|
14 |
###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
|
15 |
###### OR PASS as "-e" args to ansible-playbook command |
|
16 |
|
|
17 |
### Common Host settings |
|
18 |
|
|
19 |
repo_method: file # Other Options are: file, satellite and rhn |
|
20 |
windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==' |
|
21 |
tower_admin_password: 'r3dh4t1!' |
|
22 |
# Do you want to run a full yum update |
|
23 |
update_packages: false |
|
24 |
#If using repo_method: satellite, you must set these values as well. |
|
25 |
# satellite_url: satellite.example.com |
|
26 |
# satellite_org: Sat_org_name |
|
27 |
# satellite_activationkey: "rhel7basic" |
|
28 |
|
|
29 |
## guid is the deployment unique identifier, it will be appended to all tags, |
|
30 |
## files and anything that identifies this environment from another "just like it" |
|
31 |
guid: defaultguid |
|
32 |
|
|
33 |
install_bastion: true |
|
34 |
install_common: true |
|
35 |
install_ipa_client: false |
|
36 |
## SB Don't set software_to_deploy from here, always use extra vars (-e) or "none" will be used |
|
37 |
#software_to_deploy: none |
|
38 |
|
|
39 |
repo_version: "3.6" |
|
40 |
osrelease: 3.6 |
|
41 |
|
|
42 |
### If you want a Key Pair name created and injected into the hosts, |
|
43 |
# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` |
|
44 |
# you can use the key used to create the environment or use your own self generated key |
|
45 |
# if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) |
|
46 |
use_own_key: true |
|
47 |
env_authorized_key: "{{guid}}key" |
|
48 |
ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem |
|
49 |
set_env_authorized_key: true |
|
50 |
# Is this running from Red Hat Ansible Tower |
|
51 |
tower_run: false |
|
52 |
|
|
53 |
### AWS EC2 Environment settings |
|
54 |
|
|
55 |
### Route 53 Zone ID (AWS) |
|
56 |
# This is the Route53 HostedZoneId where you will create your Public DNS entries |
|
57 |
# This only needs to be defined if your CF template uses route53 |
|
58 |
HostedZoneId: Z3IHLWJZOU9SRT |
|
59 |
# The region to be used, if not specified by -e in the command line |
|
60 |
aws_region: ap-southeast-2 |
|
61 |
# The key that is used to |
|
62 |
key_name: "default_key_name" |
|
63 |
|
|
64 |
## Networking (AWS) |
|
65 |
subdomain_base_short: "{{ guid }}" |
|
66 |
subdomain_base_suffix: ".example.opentlc.com" |
|
67 |
subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" |
|
68 |
|
|
69 |
## Environment Sizing |
|
70 |
|
|
71 |
bastion_instance_type: "t2.medium" |
|
72 |
|
|
73 |
support_instance_count: 1 |
|
74 |
support_instance_type: "t2.medium" |
|
75 |
|
|
76 |
activedirectory_instance_count: 1 |
|
77 |
activedirectory_instance_type: "t2.large" |
|
78 |
|
|
79 |
subnets: |
|
80 |
- name: PublicSubnet |
|
81 |
cidr: "192.168.1.0/24" |
|
82 |
routing_table: true |
|
83 |
|
|
84 |
security_groups: |
|
85 |
- name: BastionSG |
|
86 |
rules: |
|
87 |
- name: BasSSHPublic |
|
88 |
description: "SSH public" |
|
89 |
from_port: 22 |
|
90 |
to_port: 22 |
|
91 |
protocol: tcp |
|
92 |
cidr: "0.0.0.0/0" |
|
93 |
rule_type: Ingress |
|
94 |
- name: WINSG |
|
95 |
rules: |
|
96 |
- name: WINPortsTCP |
|
97 |
description: "Win tcp" |
|
98 |
from_port: 0 |
|
99 |
to_port: 65535 |
|
100 |
protocol: tcp |
|
101 |
cidr: "0.0.0.0/0" |
|
102 |
rule_type: Ingress |
|
103 |
- name: WINPortsUdp |
|
104 |
description: "Win udp" |
|
105 |
from_port: 0 |
|
106 |
to_port: 65535 |
|
107 |
protocol: udp |
|
108 |
cidr: "0.0.0.0/0" |
|
109 |
rule_type: Ingress |
|
110 |
- name: HostSG |
|
111 |
rules: |
|
112 |
- name: HostSSHPublic |
|
113 |
description: "SSH public" |
|
114 |
from_port: 22 |
|
115 |
to_port: 22 |
|
116 |
protocol: tcp |
|
117 |
cidr: "0.0.0.0/0" |
|
118 |
rule_type: Ingress |
|
119 |
- name: HostUDPPorts |
|
120 |
description: "Only from Itself udp" |
|
121 |
from_port: 0 |
|
122 |
to_port: 65535 |
|
123 |
protocol: udp |
|
124 |
group: HostSG |
|
125 |
rule_type: Ingress |
|
126 |
- name: HostTCPPorts |
|
127 |
description: "Only from Itself tcp" |
|
128 |
from_port: 0 |
|
129 |
to_port: 65535 |
|
130 |
protocol: tcp |
|
131 |
group: HostSG |
|
132 |
rule_type: Ingress |
|
133 |
- name: BastionUDPPorts |
|
134 |
description: "Only from bastion" |
|
135 |
from_port: 0 |
|
136 |
to_port: 65535 |
|
137 |
protocol: udp |
|
138 |
group: BastionSG |
|
139 |
rule_type: Ingress |
|
140 |
- name: BastionTCPPorts |
|
141 |
description: "Only from bastion" |
|
142 |
from_port: 0 |
|
143 |
to_port: 65535 |
|
144 |
protocol: tcp |
|
145 |
group: BastionSG |
|
146 |
rule_type: Ingress |
|
147 |
|
|
148 |
instances: |
|
149 |
- name: "ad" |
|
150 |
count: "{{activedirectory_instance_count}}" |
|
151 |
public_dns: true |
|
152 |
security_group: "WINSG" |
|
153 |
flavor: |
|
154 |
"ec2": "{{activedirectory_instance_type}}" |
|
155 |
image_id: WIN2012R2AMI |
|
156 |
UserData: | |
|
157 |
UserData: |
|
158 |
"Fn::Base64": |
|
159 |
"Fn::Join": |
|
160 |
- "" |
|
161 |
- - "<powershell>\n" |
|
162 |
- "$admin = [adsi]('WinNT://./administrator, user')\n" |
|
163 |
- "$admin.PSBase.Invoke('SetPassword', '{{windows_password}}')\n" |
|
164 |
- "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n" |
|
165 |
- "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n" |
|
166 |
- "</powershell>" |
|
167 |
tags: |
|
168 |
- key: "AnsibleGroup" |
|
169 |
value: "activedirectories,windows" |
|
170 |
- key: "ostype" |
|
171 |
value: "windows" |
|
172 |
|
|
173 |
|
|
174 |
- name: "support" |
|
175 |
count: "{{support_instance_count}}" |
|
176 |
public_dns: true |
|
177 |
security_group: "HostSG" |
|
178 |
flavor: |
|
179 |
"ec2": "{{support_instance_type}}" |
|
180 |
tags: |
|
181 |
- key: "AnsibleGroup" |
|
182 |
value: "support" |
|
183 |
- key: "ostype" |
|
184 |
value: "rhel" |
|
185 |
key_name: "{{key_name}}" |
|
186 |
|
|
187 |
# - name: "frontend" |
|
188 |
# count: "{{frontend_instance_count}}" |
|
189 |
# public_dns: true |
|
190 |
# security_group: "HostSG" |
|
191 |
# dns_loadbalancer: true |
|
192 |
# flavor: |
|
193 |
# "ec2": "{{frontend_instance_type}}" |
|
194 |
# tags: |
|
195 |
# - key: "AnsibleGroup" |
|
196 |
# value: "frontends" |
|
197 |
# - key: "ostype" |
|
198 |
# value: "linux" |
|
199 |
# - name: "app" |
|
200 |
# count: "{{app_instance_count}}" |
|
201 |
# public_dns: true |
|
202 |
# security_group: "HostSG" |
|
203 |
# flavor: |
|
204 |
# "ec2": "{{app_instance_type}}" |
|
205 |
# tags: |
|
206 |
# - key: "AnsibleGroup" |
|
207 |
# value: "apps" |
|
208 |
# - key: "ostype" |
|
209 |
# value: "rhel" |
|
210 |
# key_name: "{{key_name}}" |
|
211 |
# - name: "appdb" |
|
212 |
# count: "{{appdb_instance_count}}" |
|
213 |
# public_dns: true |
|
214 |
# security_group: "HostSG" |
|
215 |
# flavor: |
|
216 |
# "ec2": "{{appdb_instance_type}}" |
|
217 |
# tags: |
|
218 |
# - key: "AnsibleGroup" |
|
219 |
# value: "appdbs" |
|
220 |
# - key: "ostype" |
|
221 |
# value: "rhel" |
|
222 |
# key_name: "{{key_name}}" |
|
223 |
|
|
224 |
install_win_ssh: false |
|
225 |
install_win_ad: false |
|
226 |
|
|
227 |
###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT |
|
228 |
###### You can, but you usually wouldn't need to. |
|
229 |
ansible_user: ec2-user |
|
230 |
remote_user: ec2-user |
|
231 |
|
|
232 |
common_packages: |
|
233 |
- python |
|
234 |
- unzip |
|
235 |
- bash-completion |
|
236 |
- tmux |
|
237 |
- bind-utils |
|
238 |
- wget |
|
239 |
- git |
|
240 |
- vim-enhanced |
|
241 |
- at |
|
242 |
- python-pip |
|
243 |
- gcc |
|
244 |
|
942473
|
245 |
|
b9f818
|
246 |
rhel_repos: |
T |
247 |
- rhel-7-server-rpms |
|
248 |
- rhel-7-server-extras-rpms |
|
249 |
- epel-release-latest-7 |
|
250 |
|
|
251 |
## Currently there is no NFS created for this Environment - See ocp-workshop for clues. |
|
252 |
# ## NFS Server settings |
|
253 |
# nfs_vg: nfsvg |
|
254 |
# nfs_pvs: /dev/xvdb |
|
255 |
# nfs_export_path: /srv/nfs |
|
256 |
# |
|
257 |
# nfs_shares: |
|
258 |
# - es-storage |
|
259 |
# - user-vols |
|
260 |
# - jenkins |
|
261 |
# - nexus |
|
262 |
# - nexus2 |
|
263 |
|
|
264 |
project_tag: "{{ env_type }}-{{ guid }}" |
|
265 |
|
|
266 |
zone_internal_dns: "{{guid}}.internal." |
|
267 |
chomped_zone_internal_dns: "{{guid}}.internal" |
|
268 |
|
|
269 |
cloudapps_dns: '*.apps.{{subdomain_base}}.' |
|
270 |
tower_public_dns: "towerlb.{{subdomain_base}}." |
|
271 |
|
|
272 |
#tower_public_dns: "tower.{{subdomain_base}}." |
|
273 |
bastion_public_dns: "bastion.{{subdomain_base}}." |
|
274 |
bastion_public_dns_chomped: "bastion.{{subdomain_base}}" |
|
275 |
# we don't use this anymore <sborenst> |
|
276 |
# activedirectory_public_dns: "ad.{{subdomain_base}}." |
|
277 |
# activedirectory_public_dns_chomped: "ad.{{subdomain_base}}" |
|
278 |
|
|
279 |
vpcid_cidr_block: "192.168.0.0/16" |
|
280 |
vpcid_name_tag: "{{subdomain_base}}" |
|
281 |
|
|
282 |
az_1_name: "{{ aws_region }}a" |
|
283 |
az_2_name: "{{ aws_region }}b" |
|
284 |
|
|
285 |
subnet_private_1_cidr_block: "192.168.2.0/24" |
|
286 |
subnet_private_1_az: "{{ az_2_name }}" |
|
287 |
subnet_private_1_name_tag: "{{subdomain_base}}-private" |
|
288 |
|
|
289 |
subnet_private_2_cidr_block: "192.168.1.0/24" |
|
290 |
subnet_private_2_az: "{{ az_1_name }}" |
|
291 |
subnet_private_2_name_tag: "{{subdomain_base}}-private" |
|
292 |
|
|
293 |
subnet_public_1_cidr_block: "192.168.10.0/24" |
|
294 |
subnet_public_1_az: "{{ az_1_name }}" |
|
295 |
subnet_public_1_name_tag: "{{subdomain_base}}-public" |
|
296 |
|
|
297 |
subnet_public_2_cidr_block: "192.168.20.0/24" |
|
298 |
subnet_public_2_az: "{{ az_2_name }}" |
|
299 |
subnet_public_2_name_tag: "{{subdomain_base}}-public" |
|
300 |
|
|
301 |
dopt_domain_name: "{{ aws_region }}.compute.internal" |
|
302 |
|
|
303 |
rtb_public_name_tag: "{{subdomain_base}}-public" |
|
304 |
rtb_private_name_tag: "{{subdomain_base}}-private" |
|
305 |
|
|
306 |
|
|
307 |
cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " |
|
308 |
|
|
309 |
|
|
310 |
secret_dir: "~/secrets" |