blame | history | raw
Guillaume Coré
2020-03-11 1d970fbaa4bd88c9d094d9587db59fdf9cd0239a 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

---


osp_default_rootfs_size: 30


 


opentlc_admin_pub_keys:


  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Avw03Dmh1R2QWQ4CV7JgEsXnHQjNhfppD5aZmh0q/64p6lW+2oNKTT7fVQcrsdmlJwrMd5apkUGrOcq0hHXQMEVZEKUmEjko2BqD5A9/zNX7apObW88bFFfgxc91lOT+e+wfCFsrr3b2SJ3+KL6nTBJV7Lf46i6z86vhiDPjqL7U9kTS+bK9ldU20vpn8h+ZAIaiafVWfjihUjhNpcUY46klixV1YcAkBGCbE+YR6RAAc6vWy0zB3YJnTUl9OFt213ofi1qjuWKVMmOxORxPKB4/JQ+hfAsCMysoVFnFYs10dWxaySK63OgY9uLNyaIwkEaVVIfcViRVm0DZfoNH gucore


  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvZvn+GL0wTOsAdh1ikIQoqj2Fw/RA6F14O347rgKdpkgOQpGQk1k2gM8wcla2Y1o0bPIzwlNy1oh5o9uNjZDMeDcEXWuXbu0cRBy4pVRhh8a8zAZfssnqoXHHLyPyHWpdTmgIhr0UIGYrzHrnySAnUcDp3gJuE46UEBtrlyv94cVvZf+EZUTaZ+2KjTRLoNryCn7vKoGHQBooYg1DeHLcLSRWEADUo+bP0y64+X/XTMZOAXbf8kTXocqAgfl/usbYdfLOgwU6zWuj8vxzAKuMEXS1AJSp5aeqRKlbbw40IkTmLoQIgJdb2Zt98BH/xHDe9xxhscUCfWeS37XLp75J backdoor_opentlc_key


 


all_ssh_authorized_keys: "{{ opentlc_admin_pub_keys + [user_pub_key|d()] }}"


 


 


default_security_groups:


  - name: BastionSG


    description: >-


      Bastion security group allows basic ICMP


      and SSH adn Mosh ingress and egress to *


    rules:


 


      - name: SSHPublic


        description: "Public Access for bastions"


        from_port: 22


        to_port: 22


        protocol: tcp


        cidr: "0.0.0.0/0"


        rule_type: Ingress


 


  - name: DefaultSG


    description: >-


      Default SG to allow ICMP and everything from bastion,


      and from inside default SG


    rules:


      - name: FromBastionTCP


        description: "Allow everything from Bastion"


        from_port: 1


        to_port: 65535


        protocol: tcp


        from_group: BastionSG


        rule_type: Ingress


 


      - name: FromBastionUDP


        description: "Allow everything from Bastion"


        from_port: 1


        to_port: 65535


        protocol: udp


        from_group: BastionSG


        rule_type: Ingress


 


# Environment specific security groups


security_groups: []


 


# A list of the private networks and subnets to create in the project


# You can create as many as you want, but at least one is required.


# Use the name of the networks where appropriate in the instance list


networks:


  - name: default


    shared: "false"


    subnet_cidr: 192.168.47.0/24


    gateway_ip: 192.168.47.1


    allocation_start: 192.168.47.10


    allocation_end: 192.168.47.254


    dns_nameservers: []


    create_router: true


 


# The external network in OpenStack where the floating IPs (FIPs) come from


provider_network: external


 


default_metadata:


  owner: "{{ email | default('unknownuser') }}"


  Project: "{{ project_tag }}"


  guid: "{{ guid }}"


  env_type: "{{ env_type }}"