RedHatTraining/agnosticd.git

Merge branch 'development' of https://github.com/sborenst/ansible_agnostic_...

sborenst

2018-09-06 febf59bde588523e1a1bf7f654116eb6e1b301ec

commit \| author \| age
e2d605	1	#jinja2: lstrip_blocks: True
S	2	---
	3	AWSTemplateFormatVersion: "2010-09-09"
	4	Mappings:
c73d82	5	{% include 'templates/region_mapping.j2' %}
e2d605	6
S	7	Resources:
	8	Vpc:
	9	Type: "AWS::EC2::VPC"
	10	Properties:
	11	CidrBlock: "192.199.0.0/16"
	12	EnableDnsSupport: true
	13	EnableDnsHostnames: true
	14	Tags:
	15	- Key: Name
	16	Value: "{{vpcid_name_tag}}"
	17	- Key: Hostlication
	18	Value:
	19	Ref: "AWS::StackId"
	20
	21	VpcInternetGateway:
	22	Type: "AWS::EC2::InternetGateway"
	23
	24	VpcGA:
	25	Type: "AWS::EC2::VPCGatewayAttachment"
	26	Properties:
	27	InternetGatewayId:
	28	Ref: VpcInternetGateway
	29	VpcId:
	30	Ref: Vpc
	31
	32	VpcRouteTable:
	33	Type: "AWS::EC2::RouteTable"
	34	Properties:
	35	VpcId:
	36	Ref: Vpc
	37
	38	VPCRouteInternetGateway:
	39	DependsOn: VpcGA
	40	Type: "AWS::EC2::Route"
	41	Properties:
	42	GatewayId:
	43	Ref: VpcInternetGateway
	44	DestinationCidrBlock: "0.0.0.0/0"
	45	RouteTableId:
	46	Ref: VpcRouteTable
	47
	48	PublicSubnet:
	49	Type: "AWS::EC2::Subnet"
	50	DependsOn:
	51	- Vpc
	52	Properties:
3934e2	53	{% if aws_availability_zone is defined %}
WK	54	AvailabilityZone: {{ aws_availability_zone }}
	55	{% endif %}
e2d605	56	CidrBlock: "192.199.0.0/24"
S	57	Tags:
	58	- Key: Name
	59	Value: "{{project_tag}}"
	60	- Key: Hostlication
	61	Value:
	62	Ref: "AWS::StackId"
	63	MapPublicIpOnLaunch: true
	64	VpcId:
	65	Ref: Vpc
c73d82	66
e2d605	67
S	68	PublicSubnetRTA:
	69	Type: "AWS::EC2::SubnetRouteTableAssociation"
	70	Properties:
	71	RouteTableId:
	72	Ref: VpcRouteTable
	73	SubnetId:
	74	Ref: PublicSubnet
	75
	76	HostSG:
	77	Type: "AWS::EC2::SecurityGroup"
	78	Properties:
	79	GroupDescription: Host
	80	VpcId:
	81	Ref: Vpc
	82	Tags:
	83	- Key: Name
	84	Value: host_sg
	85
	86	HostUDPPorts:
	87	Type: "AWS::EC2::SecurityGroupIngress"
	88	Properties:
	89	GroupId:
	90	Fn::GetAtt:
	91	- HostSG
	92	- GroupId
	93	IpProtocol: udp
	94	FromPort: 0
	95	ToPort: 65535
	96	CidrIp: "0.0.0.0/0"
	97
	98	HostTCPPorts:
	99	Type: "AWS::EC2::SecurityGroupIngress"
	100	Properties:
	101	GroupId:
	102	Fn::GetAtt:
	103	- HostSG
	104	- GroupId
	105	IpProtocol: tcp
	106	FromPort: 0
	107	ToPort: 65535
	108	CidrIp: "0.0.0.0/0"
	109
	110	zoneinternalidns:
	111	Type: "AWS::Route53::HostedZone"
	112	Properties:
	113	Name: "{{ zone_internal_dns }}"
	114	VPCs:
	115	- VPCId:
	116	Ref: Vpc
	117	VPCRegion:
	118	Ref: "AWS::Region"
	119	HostedZoneConfig:
	120	Comment: "Created By ansible agnostic deployer"
	121
	122	CerttestDNS:
	123	Type: AWS::Route53::RecordSetGroup
	124	DependsOn:
	125	- master1EIP
	126	Properties:
	127	HostedZoneId: "{{HostedZoneId}}"
	128	RecordSets:
	129	- Name: "{{certtest_public_dns}}"
	130	Type: A
	131	TTL: 10
	132	ResourceRecords:
	133	- Fn::GetAtt:
	134	- master1
	135	- PublicIp
	136
	137	CloudDNS:
	138	Type: AWS::Route53::RecordSetGroup
	139	DependsOn:
	140	{% for c in range(1,(infranode_instance_count\|int)+1) %}
	141	- "infranode{{loop.index}}EIP"
	142	{% endfor %}
	143	Properties:
	144	HostedZoneId: "{{HostedZoneId}}"
	145	RecordSets:
	146	- Name: "{{cloudapps_dns}}"
	147	Type: A
	148	TTL: 900
	149	ResourceRecords:
	150	{% for c in range(1,(infranode_instance_count\|int)+1) %}
	151	- Fn::GetAtt:
	152	- infranode{{loop.index}}
	153	- PublicIp
	154	{% endfor %}
c73d82	155
GC	156	clientVMLaunchConfiguration:
	157	Type: AWS::AutoScaling::LaunchConfiguration
	158	DependsOn: HostSG
	159	Properties:
	160	AssociatePublicIpAddress: True
	161	BlockDeviceMappings:
	162	- DeviceName: "/dev/sda1"
	163	Ebs:
	164	VolumeSize: {{ rootfs_size_clientvm }}
	165	- DeviceName: "{{docker_device}}"
	166	Ebs:
	167	VolumeSize: 100
	168	VolumeType: gp2
	169	ImageId:
	170	Fn::FindInMap:
	171	- RegionMapping
	172	- Ref: AWS::Region
	173	- RHELAMI
	174	InstanceType: {{clientvm_instance_type}}
	175	KeyName: {{key_name}}
	176	SecurityGroups:
	177	- "Fn::GetAtt":
	178	- HostSG
	179	- GroupId
	180
	181	clientVMScalingGroup:
	182	Type: AWS::AutoScaling::AutoScalingGroup
	183	DependsOn: VpcGA
	184	Properties:
	185	VPCZoneIdentifier:
	186	- Ref: PublicSubnet
	187	#AvailabilityZones:
	188	# Fn::GetAZs: ""
	189	# - Fn::GetAtt:
	190	# - PublicSubnetClientVM
	191	# - AvailabilityZone
	192	# - Fn::GetAtt:
	193	# - PublicSubnetClientVM2
	194	# - AvailabilityZone
	195	LaunchConfigurationName:
	196	Ref: clientVMLaunchConfiguration
	197	MinSize: {{num_users}}
	198	MaxSize: 200
	199	DesiredCapacity: {{num_users}}
	200	Tags:
	201	- Key: "owner"
	202	Value: "{{ email \| default('unknownuser') }}"
	203	PropagateAtLaunch: True
	204	- Key: "Project"
	205	Value: "{{project_tag}}"
	206	PropagateAtLaunch: True
	207	- Key: "{{project_tag}}"
	208	Value: "clientvm"
	209	PropagateAtLaunch: True
	210	- Key: "AnsibleGroup"
	211	Value: "clientvms"
	212	PropagateAtLaunch: True
	213	- Key: "ostype"
	214	Value: "linux"
	215	PropagateAtLaunch: True
	216
e2d605	217
S	218	{% for instance in instances %}
	219	{% if instance['dns_loadbalancer']\|d(false)\|bool and not instance['unique']\|d(false)\|bool %}
	220	{{instance['name']}}DNSLoadBalancer:
	221	Type: "AWS::Route53::RecordSetGroup"
	222	DependsOn:
	223	{% for c in range(1, (instance['count']\|int)+1) %}
	224	- {{instance['name']}}{{c}}EIP
	225	{% endfor %}
	226	Properties:
	227	HostedZoneId: {{HostedZoneId}}
	228	RecordSets:
	229	- Name: "{{instance['name']}}.{{subdomain_base}}."
	230	Type: A
	231	TTL: 900
	232	ResourceRecords:
	233	{% for c in range(1,(instance['count'] \|int)+1) %}
	234	- "Fn::GetAtt":
	235	- {{instance['name']}}{{c}}
	236	- PublicIp
	237	{% endfor %}
	238	{% endif %}
	239
	240	{% for c in range(1,(instance['count'] \|int)+1) %}
	241	{{instance['name']}}{{loop.index}}:
	242	Type: "AWS::EC2::Instance"
	243	Properties:
	244	ImageId:
	245	Fn::FindInMap:
	246	- RegionMapping
	247	- Ref: AWS::Region
	248	- {{ instance['image_id'] \| default('RHELAMI') }}
	249	InstanceType: "{{instance['flavor'][cloud_provider]}}"
	250	KeyName: "{{instance['key_name'] \| default(key_name)}}"
	251	{% if instance['UserData'] is defined %}
	252	{{instance['UserData']}}
	253	{% endif %}
	254	SecurityGroupIds:
	255	- "Fn::GetAtt":
	256	- HostSG
	257	- GroupId
	258	SubnetId:
	259	Ref: PublicSubnet
	260	Tags:
	261	{% if instance['unique'] \| d(false) \| bool %}
	262	- Key: Name
	263	Value: {{instance['name']}}
	264	- Key: internaldns
	265	Value: {{instance['name']}}.{{chomped_zone_internal_dns}}
	266	{% else %}
	267	- Key: Name
	268	Value: {{instance['name']}}{{loop.index}}
	269	- Key: internaldns
	270	Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}}
	271	{% endif %}
	272	{% if instance['name'] == 'node' %}
	273	{% if c > (node_instance_count\|int) - (new_node_instance_count\|int) %}
	274	- Key: newnode
	275	Value: true
	276	{% endif %}
	277	{% endif %}
	278	- Key: "owner"
	279	Value: "{{ email \| default('unknownuser') }}"
	280	- Key: "Project"
	281	Value: "{{project_tag}}"
	282	- Key: "{{project_tag}}"
	283	Value: "{{ instance['name'] }}"
	284	{% for tag in instance['tags'] %}
	285	- Key: {{tag['key']}}
	286	Value: {{tag['value']}}
	287	{% endfor %}
	288	BlockDeviceMappings:
	289	- DeviceName: "/dev/sda1"
	290	Ebs:
	291	VolumeSize: {{ instance['rootfs_size'] \| default('50') }}
	292	{% for vol in instance['volumes']\|default([]) if
	293	(vol.purpose\|d('') == 'glusterfs' and install_glusterfs\|bool)
	294	or (vol.purpose\|d('') == 'nfs' and install_nfs\|bool)
	295	or vol.purpose\|d('') not in ['glusterfs', 'nfs'] %}
	296	- DeviceName: "{{ vol['device_name'] }}"
	297	Ebs:
	298	VolumeType: "{{ vol['volume_type'] \| d('gp2') }}"
	299	VolumeSize: "{{ vol['volume_size'] \| d('20') }}"
	300	{% endfor %}
	301
	302	{{instance['name']}}{{loop.index}}InternalDNS:
	303	Type: "AWS::Route53::RecordSetGroup"
	304	Properties:
	305	HostedZoneId:
	306	Ref: zoneinternalidns
	307	RecordSets:
	308	{% if instance['unique'] \| d(false) \| bool %}
	309	- Name: "{{instance['name']}}.{{zone_internal_dns}}"
	310	{% else %}
	311	- Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}"
	312	{% endif %}
	313	Type: A
	314	TTL: 10
	315	ResourceRecords:
	316	- "Fn::GetAtt":
	317	- {{instance['name']}}{{loop.index}}
	318	- PrivateIp
	319
	320	{% if instance['public_dns'] %}
	321	{{instance['name']}}{{loop.index}}EIP:
	322	Type: "AWS::EC2::EIP"
	323	DependsOn:
	324	- VpcGA
	325	Properties:
	326	InstanceId:
	327	Ref: {{instance['name']}}{{loop.index}}
	328
	329	{{instance['name']}}{{loop.index}}PublicDNS:
	330	Type: "AWS::Route53::RecordSetGroup"
	331	DependsOn:
	332	- {{instance['name']}}{{loop.index}}EIP
	333	Properties:
	334	HostedZoneId: {{HostedZoneId}}
	335	RecordSets:
	336	{% if instance['unique'] \| d(false) \| bool %}
	337	- Name: "{{instance['name']}}.{{subdomain_base}}."
	338	{% else %}
	339	- Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}."
	340	{% endif %}
	341	Type: A
	342	TTL: 10
	343	ResourceRecords:
	344	- "Fn::GetAtt":
	345	- {{instance['name']}}{{loop.index}}
	346	- PublicIp
	347	{% endif %}
	348	{% endfor %}
	349	{% endfor %}
	350
	351	Route53User:
	352	Type: AWS::IAM::User
	353	Properties:
	354	Policies:
	355	- PolicyName: Route53Access
	356	PolicyDocument:
	357	Statement:
	358	- Effect: Allow
	359	Action: route53domains:*
	360	Resource: "*"
	361	- Effect: Allow
	362	Action: route53:*
	363	Resource: "*"
	364
	365	Route53UserAccessKey:
	366	DependsOn: Route53User
	367	Type: AWS::IAM::AccessKey
	368	Properties:
	369	UserName:
	370	Ref: Route53User
	371
	372	RegistryS3:
	373	Type: "AWS::S3::Bucket"
	374	Properties:
	375	BucketName: "{{ env_type }}-{{ guid }}"
	376	Tags:
	377	- Key: Name
	378	Value: "s3-{{ env_type }}-{{ guid }}"
	379	- Key: Project
	380	Value: "{{project_tag}}"
	381	- Key: owner
	382	Value: "{{ email \| default('unknown')}}"
	383
	384	S3User:
	385	Type: AWS::IAM::User
	386	DependsOn:
	387	- RegistryS3
	388	Properties:
	389	Policies:
	390	- PolicyName: S3Access
	391	PolicyDocument:
	392	Statement:
	393	- Effect: Allow
	394	Action: s3:ListAllMyBuckets
	395	Resource: "*"
	396	- Effect: Allow
	397	Action: "s3:*"
	398	Resource:
	399	Fn::Join:
	400	- ""
	401	- - "arn:aws:s3:::"
	402	- Ref: RegistryS3
	403	- "/*"
	404
	405	S3UserAccessKey:
	406	Type: AWS::IAM::AccessKey
	407	DependsOn:
	408	- S3User
	409	Properties:
	410	UserName:
	411	Ref: S3User
	412
	413	BucketPolicy:
	414	Type: AWS::S3::BucketPolicy
	415	DependsOn:
	416	- RegistryS3
	417	Properties:
	418	PolicyDocument:
	419	Id: Give registry access to user
	420	Statement:
	421	- Sid: AllAccess
	422	Action:
	423	- "s3:*"
	424	Effect: Allow
	425	Resource:
	426	Fn::Join:
	427	- ""
	428	- - "arn:aws:s3:::"
	429	- Ref: RegistryS3
	430	Principal:
	431	AWS:
	432	Fn::GetAtt:
	433	- S3User
	434	- Arn
	435	Bucket:
	436	Ref: RegistryS3
	437
	438	Outputs:
c73d82	439	AutoScalingGroupClientVM:
GC	440	Value:
	441	Ref: clientVMScalingGroup
e2d605	442	Route53internalzoneOutput:
S	443	Description: The ID of the internal route 53 zone
	444	Value:
	445	Ref: zoneinternalidns
	446	S3User:
	447	Value:
	448	Ref: S3User
	449	Description: IAM User for RegistryS3
	450	S3UserAccessKey:
	451	Value:
	452	Ref: S3UserAccessKey
	453	Description: IAM User for RegistryS3
	454	S3UserSecretAccessKey:
	455	Value:
	456	Fn::GetAtt:
	457	- S3UserAccessKey
	458	- SecretAccessKey
	459	Description: IAM User for RegistryS3
	460	Route53User:
	461	Value:
	462	Ref: Route53User
	463	Description: IAM User for Route53 (Let's Encrypt)
	464	Route53UserAccessKey:
	465	Value:
	466	Ref: Route53UserAccessKey
	467	Description: IAM User for Route53 (Let's Encrypt)
	468	Route53UserSecretAccessKey:
	469	Value:
	470	Fn::GetAtt:
	471	- Route53UserAccessKey
	472	- SecretAccessKey
	473	Description: IAM User for Route53 (Let's Encrypt)