= Cloud infrastructure template generation
|
|
Note: This is an evolution of the `infra-ec2-template-generate` role that is less CloudFormations specific. It should be backwards compatible with the functionality from the current role when `cloud_provider` is set to 'aws'.
|
|
When creating a config, you can either have the config under the `configs/{{env_type}}/files/cloud_providers/ec2_cloud_template.j2`, or use the default template. Currently, the only default template that exists is a CloudFormations template. Any other providers will need to have their respective templates stored in the config.
|
|
If you choose to use the default template, you can still customize it to your needs.
|
|
Have a look at the link:../../configs/just-some-nodes-example/env_vars.yml[env_vars.yml] file from the link:../../configs/just-some-nodes-example/[just-some-nodes-example] config.
|
|
|
=== Current status and features of the default template
|
|
Resources created by the default template:
|
|
* Instances
|
** [x] ElasticIP
|
** [x] Storage
|
* DNS
|
** Mandatory Variables:
|
*** `subdomain_base`: the AWS top-level Zone to update, for example `.openshift.opentlc.com`
|
** [ ] TODO: Public DNS Zone
|
*** [ ] TODO: Allow route53User to access only the delegated zone
|
** [x] Internal DNS Zone
|
** [x] Cloud DNS load balancer records
|
* [x] SecurityGroup
|
** [x] SecurityGroup rules
|
* [x] Subnet
|
* [ ] TODO: S3 Buckets
|
** [ ] TODO: Create a bucket and a user that has access to it
|
|
== Security Groups
|
|
The default template comes with 2 default security groups:
|
|
* DefaultSG (allow all connections from the bastion)
|
* BastionSG (allow SSH and mosh connection from the internet)
|
|
Have a look at link:defaults/main.yml[defaults/main.yml].
|
|
You can add more security group using the `security_groups` variables.
|
|
|
Then you can pick the security group**s** you want for any of the instances defined in the `instances` list.
|
