view | history | commit | commitdiff
prakhar1985
2019-07-15 942473ae840c8bddc41fc8f6b6fd99adaa4d512f
commit | author | age
b9f818 1 ---
T 2 ## TODO: What variables can we strip out of here to build complex variables?
3 ## i.e. what can we add into group_vars as opposed to config_vars?
4 ## Example: We don't really need "subdomain_base_short". If we want to use this,
5 ## should just toss in group_vars/all.
6 ### Also, we should probably just create a variable reference in the README.md
7 ### For now, just tagging comments in line with configuration file.
8
9 ### Vars that can be removed:
10 # use_satellite: true
11 # use_subscription_manager: false
12 # use_own_repos: false
13
14 ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
15 ###### OR PASS as "-e" args to ansible-playbook command
16
17 ### Common Host settings
18
19 repo_method: file # Other Options are: file, satellite and rhn
20 windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg=='
21 tower_admin_password: 'r3dh4t1!'
22 # Do you want to run a full yum update
23 update_packages: false
24 #If using repo_method: satellite, you must set these values as well.
25 # satellite_url: satellite.example.com
26 # satellite_org: Sat_org_name
27 # satellite_activationkey: "rhel7basic"
28
29 ## guid is the deployment unique identifier, it will be appended to all tags,
30 ## files and anything that identifies this environment from another "just like it"
31 guid: defaultguid
32
33 install_bastion: true
34 install_common: true
35 install_ipa_client: false
36 ## SB Don't set software_to_deploy from here, always use extra vars (-e) or "none" will be used
37 #software_to_deploy: none
38
39 repo_version: "3.6"
40 osrelease: 3.6
41
42 ### If you want a Key Pair name created and injected into the hosts,
43 # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
44 # you can use the key used to create the environment or use your own self generated key
45 # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}})
46 use_own_key: true
47 env_authorized_key: "{{guid}}key"
48 ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
49 set_env_authorized_key: true
50 # Is this running from Red Hat Ansible Tower
51 tower_run: false
52
53 ### AWS EC2 Environment settings
54
55 ### Route 53 Zone ID (AWS)
56 # This is the Route53 HostedZoneId where you will create your Public DNS entries
57 # This only needs to be defined if your CF template uses route53
58 HostedZoneId: Z3IHLWJZOU9SRT
59 # The region to be used, if not specified by -e in the command line
60 aws_region: ap-southeast-2
61 # The key that is used to
62 key_name: "default_key_name"
63
64 ## Networking (AWS)
65 subdomain_base_short: "{{ guid }}"
66 subdomain_base_suffix: ".example.opentlc.com"
67 subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}"
68
69 ## Environment Sizing
70
71 bastion_instance_type: "t2.medium"
72
73 support_instance_count: 1
74 support_instance_type: "t2.medium"
75
76 activedirectory_instance_count: 1
77 activedirectory_instance_type: "t2.large"
78
79 subnets:
80   - name: PublicSubnet
81     cidr: "192.168.1.0/24"
82     routing_table: true
83
84 security_groups:
85   - name: BastionSG
86     rules:
87       - name: BasSSHPublic
88         description: "SSH public"
89         from_port: 22
90         to_port: 22
91         protocol: tcp
92         cidr: "0.0.0.0/0"
93         rule_type: Ingress
94   - name: WINSG
95     rules:
96       - name: WINPortsTCP
97         description: "Win tcp"
98         from_port: 0
99         to_port: 65535
100         protocol: tcp
101         cidr: "0.0.0.0/0"
102         rule_type: Ingress
103       - name: WINPortsUdp
104         description: "Win udp"
105         from_port: 0
106         to_port: 65535
107         protocol: udp
108         cidr: "0.0.0.0/0"
109         rule_type: Ingress
110   - name: HostSG
111     rules:
112       - name: HostSSHPublic
113         description: "SSH public"
114         from_port: 22
115         to_port: 22
116         protocol: tcp
117         cidr: "0.0.0.0/0"
118         rule_type: Ingress
119       - name: HostUDPPorts
120         description: "Only from Itself udp"
121         from_port: 0
122         to_port: 65535
123         protocol: udp
124         group: HostSG
125         rule_type: Ingress
126       - name: HostTCPPorts
127         description: "Only from Itself tcp"
128         from_port: 0
129         to_port: 65535
130         protocol: tcp
131         group: HostSG
132         rule_type: Ingress
133       - name: BastionUDPPorts
134         description: "Only from bastion"
135         from_port: 0
136         to_port: 65535
137         protocol: udp
138         group: BastionSG
139         rule_type: Ingress
140       - name: BastionTCPPorts
141         description: "Only from bastion"
142         from_port: 0
143         to_port: 65535
144         protocol: tcp
145         group: BastionSG
146         rule_type: Ingress
147
148 instances:
149   - name: "ad"
150     count: "{{activedirectory_instance_count}}"
151     public_dns: true
152     security_group: "WINSG"
153     flavor:
154       "ec2": "{{activedirectory_instance_type}}"
155     image_id: WIN2012R2AMI
156     UserData: |
157          UserData:
158                 "Fn::Base64":
159                    "Fn::Join":
160                      - ""
161                      - - "<powershell>\n"
162                        - "$admin = [adsi]('WinNT://./administrator, user')\n"
163                        - "$admin.PSBase.Invoke('SetPassword', '{{windows_password}}')\n"
164                        - "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n"
165                        - "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n"
166                        - "</powershell>"
167     tags:
168       - key: "AnsibleGroup"
169         value: "activedirectories,windows"
170       - key: "ostype"
171         value: "windows"
172
173
174   - name: "support"
175     count: "{{support_instance_count}}"
176     public_dns: true
177     security_group: "HostSG"
178     flavor:
179       "ec2": "{{support_instance_type}}"
180     tags:
181       - key: "AnsibleGroup"
182         value: "support"
183       - key: "ostype"
184         value: "rhel"
185     key_name: "{{key_name}}"
186
187 # - name: "frontend"
188 #   count: "{{frontend_instance_count}}"
189 #   public_dns: true
190 #   security_group: "HostSG"
191 #   dns_loadbalancer: true
192 #   flavor:
193 #     "ec2": "{{frontend_instance_type}}"
194 #   tags:
195 #     - key: "AnsibleGroup"
196 #       value: "frontends"
197 #     - key: "ostype"
198 #       value: "linux"
199 # - name: "app"
200 #   count: "{{app_instance_count}}"
201 #   public_dns: true
202 #   security_group: "HostSG"
203 #   flavor:
204 #     "ec2": "{{app_instance_type}}"
205 #   tags:
206 #     - key: "AnsibleGroup"
207 #       value: "apps"
208 #     - key: "ostype"
209 #       value: "rhel"
210 #   key_name: "{{key_name}}"
211 # - name: "appdb"
212 #   count: "{{appdb_instance_count}}"
213 #   public_dns: true
214 #   security_group: "HostSG"
215 #   flavor:
216 #     "ec2": "{{appdb_instance_type}}"
217 #   tags:
218 #     - key: "AnsibleGroup"
219 #       value: "appdbs"
220 #     - key: "ostype"
221 #       value: "rhel"
222 #   key_name: "{{key_name}}"
223
224 install_win_ssh: false
225 install_win_ad: false
226
227 ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT
228 ###### You can, but you usually wouldn't need to.
229 ansible_user: ec2-user
230 remote_user: ec2-user
231
232 common_packages:
233   - python
234   - unzip
235   - bash-completion
236   - tmux
237   - bind-utils
238   - wget
239   - git
240   - vim-enhanced
241   - at
242   - python-pip
243   - gcc
244
942473 245
b9f818 246 rhel_repos:
T 247   - rhel-7-server-rpms
248   - rhel-7-server-extras-rpms
249   - epel-release-latest-7
250
251 ## Currently there is no NFS created for this Environment - See ocp-workshop for clues.
252 # ## NFS Server settings
253 # nfs_vg: nfsvg
254 # nfs_pvs: /dev/xvdb
255 # nfs_export_path: /srv/nfs
256 #
257 # nfs_shares:
258 #   - es-storage
259 #   - user-vols
260 #   - jenkins
261 #   - nexus
262 #   - nexus2
263
264 project_tag: "{{ env_type }}-{{ guid }}"
265
266 zone_internal_dns: "{{guid}}.internal."
267 chomped_zone_internal_dns: "{{guid}}.internal"
268
269 cloudapps_dns: '*.apps.{{subdomain_base}}.'
270 tower_public_dns: "towerlb.{{subdomain_base}}."
271
272 #tower_public_dns: "tower.{{subdomain_base}}."
273 bastion_public_dns: "bastion.{{subdomain_base}}."
274 bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
275 # we don't use this anymore <sborenst>
276 # activedirectory_public_dns: "ad.{{subdomain_base}}."
277 # activedirectory_public_dns_chomped: "ad.{{subdomain_base}}"
278
279 vpcid_cidr_block: "192.168.0.0/16"
280 vpcid_name_tag: "{{subdomain_base}}"
281
282 az_1_name: "{{ aws_region }}a"
283 az_2_name: "{{ aws_region }}b"
284
285 subnet_private_1_cidr_block: "192.168.2.0/24"
286 subnet_private_1_az: "{{ az_2_name }}"
287 subnet_private_1_name_tag: "{{subdomain_base}}-private"
288
289 subnet_private_2_cidr_block: "192.168.1.0/24"
290 subnet_private_2_az: "{{ az_1_name }}"
291 subnet_private_2_name_tag: "{{subdomain_base}}-private"
292
293 subnet_public_1_cidr_block: "192.168.10.0/24"
294 subnet_public_1_az: "{{ az_1_name }}"
295 subnet_public_1_name_tag: "{{subdomain_base}}-public"
296
297 subnet_public_2_cidr_block: "192.168.20.0/24"
298 subnet_public_2_az: "{{ az_2_name }}"
299 subnet_public_2_name_tag: "{{subdomain_base}}-public"
300
301 dopt_domain_name: "{{ aws_region }}.compute.internal"
302
303 rtb_public_name_tag: "{{subdomain_base}}-public"
304 rtb_private_name_tag: "{{subdomain_base}}-private"
305
306
307 cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer "
308
309
310 secret_dir: "~/secrets"