---
|
## TODO: What variables can we strip out of here to build complex variables?
|
## i.e. what can we add into group_vars as opposed to config_vars?
|
## Example: We don't really need "subdomain_base_short". If we want to use this,
|
## should just toss in group_vars/all.
|
### Also, we should probably just create a variable reference in the README.md
|
### For now, just tagging comments in line with configuration file.
|
|
### Vars that can be removed:
|
# use_satellite: true
|
# use_subscription_manager: false
|
# use_own_repos: false
|
|
###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
|
###### OR PASS as "-e" args to ansible-playbook command
|
|
|
|
### Common Host settings
|
|
repo_method: file # Other Options are: file, satellite and rhn
|
windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg=='
|
tower_admin_password: 'r3dh4t1!'
|
# Do you want to run a full yum update
|
update_packages: false
|
#If using repo_method: satellite, you must set these values as well.
|
# satellite_url: satellite.example.com
|
# satellite_org: Sat_org_name
|
# satellite_activationkey: "rhel7basic"
|
|
## guid is the deployment unique identifier, it will be appended to all tags,
|
## files and anything that identifies this environment from another "just like it"
|
guid: defaultguid
|
|
install_bastion: true
|
install_common: true
|
install_ipa_client: false
|
## SB Don't set software_to_deploy from here, always use extra vars (-e) or "none" will be used
|
#software_to_deploy: none
|
|
repo_version: "3.6"
|
osrelease: 3.6
|
|
### If you want a Key Pair name created and injected into the hosts,
|
# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
|
# you can use the key used to create the environment or use your own self generated key
|
# if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}})
|
use_own_key: true
|
env_authorized_key: "{{guid}}key"
|
ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
|
set_env_authorized_key: true
|
# Is this running from Red Hat Ansible Tower
|
tower_run: false
|
|
### FTL settings
|
|
install_ftl: false
|
|
|
### AWS EC2 Environment settings
|
|
### Route 53 Zone ID (AWS)
|
# This is the Route53 HostedZoneId where you will create your Public DNS entries
|
# This only needs to be defined if your CF template uses route53
|
HostedZoneId: Z3IHLWJZOU9SRT
|
# The region to be used, if not specified by -e in the command line
|
aws_region: ap-southeast-2
|
# The key that is used to
|
key_name: "default_key_name"
|
|
## Networking (AWS)
|
subdomain_base_short: "{{ guid }}"
|
subdomain_base_suffix: ".example.opentlc.com"
|
subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}"
|
|
## Environment Sizing
|
|
bastion_instance_type: "t2.medium"
|
|
support_instance_count: 1
|
support_instance_type: "t2.medium"
|
|
activedirectory_instance_count: 1
|
activedirectory_instance_type: "t2.large"
|
|
subnets:
|
- name: PublicSubnet
|
cidr: "192.168.1.0/24"
|
routing_table: true
|
|
security_groups:
|
- name: BastionSG
|
rules:
|
- name: BasSSHPublic
|
description: "SSH public"
|
from_port: 22
|
to_port: 22
|
protocol: tcp
|
cidr: "0.0.0.0/0"
|
rule_type: Ingress
|
- name: WINSG
|
rules:
|
- name: WINPortsTCP
|
description: "Win tcp"
|
from_port: 0
|
to_port: 65535
|
protocol: tcp
|
cidr: "0.0.0.0/0"
|
rule_type: Ingress
|
- name: WINPortsUdp
|
description: "Win udp"
|
from_port: 0
|
to_port: 65535
|
protocol: udp
|
cidr: "0.0.0.0/0"
|
rule_type: Ingress
|
- name: HostSG
|
rules:
|
- name: HostSSHPublic
|
description: "SSH public"
|
from_port: 22
|
to_port: 22
|
protocol: tcp
|
cidr: "0.0.0.0/0"
|
rule_type: Ingress
|
- name: HostUDPPorts
|
description: "Only from Itself udp"
|
from_port: 0
|
to_port: 65535
|
protocol: udp
|
group: HostSG
|
rule_type: Ingress
|
- name: HostTCPPorts
|
description: "Only from Itself tcp"
|
from_port: 0
|
to_port: 65535
|
protocol: tcp
|
group: HostSG
|
rule_type: Ingress
|
- name: BastionUDPPorts
|
description: "Only from bastion"
|
from_port: 0
|
to_port: 65535
|
protocol: udp
|
group: BastionSG
|
rule_type: Ingress
|
- name: BastionTCPPorts
|
description: "Only from bastion"
|
from_port: 0
|
to_port: 65535
|
protocol: tcp
|
group: BastionSG
|
rule_type: Ingress
|
|
instances:
|
- name: "ad"
|
count: "{{activedirectory_instance_count}}"
|
public_dns: true
|
security_group: "WINSG"
|
flavor:
|
"ec2": "{{activedirectory_instance_type}}"
|
image_id: WIN2012R2AMI
|
UserData: |
|
UserData:
|
"Fn::Base64":
|
"Fn::Join":
|
- ""
|
- - "<powershell>\n"
|
- "$admin = [adsi]('WinNT://./administrator, user')\n"
|
- "$admin.PSBase.Invoke('SetPassword', '{{windows_password}}')\n"
|
- "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n"
|
- "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n"
|
- "</powershell>"
|
tags:
|
- key: "AnsibleGroup"
|
value: "activedirectories,windows"
|
- key: "ostype"
|
value: "windows"
|
|
|
- name: "support"
|
count: "{{support_instance_count}}"
|
public_dns: true
|
security_group: "HostSG"
|
flavor:
|
"ec2": "{{support_instance_type}}"
|
tags:
|
- key: "AnsibleGroup"
|
value: "support"
|
- key: "ostype"
|
value: "rhel"
|
key_name: "{{key_name}}"
|
|
# - name: "frontend"
|
# count: "{{frontend_instance_count}}"
|
# public_dns: true
|
# security_group: "HostSG"
|
# dns_loadbalancer: true
|
# flavor:
|
# "ec2": "{{frontend_instance_type}}"
|
# tags:
|
# - key: "AnsibleGroup"
|
# value: "frontends"
|
# - key: "ostype"
|
# value: "linux"
|
# - name: "app"
|
# count: "{{app_instance_count}}"
|
# public_dns: true
|
# security_group: "HostSG"
|
# flavor:
|
# "ec2": "{{app_instance_type}}"
|
# tags:
|
# - key: "AnsibleGroup"
|
# value: "apps"
|
# - key: "ostype"
|
# value: "rhel"
|
# key_name: "{{key_name}}"
|
# - name: "appdb"
|
# count: "{{appdb_instance_count}}"
|
# public_dns: true
|
# security_group: "HostSG"
|
# flavor:
|
# "ec2": "{{appdb_instance_type}}"
|
# tags:
|
# - key: "AnsibleGroup"
|
# value: "appdbs"
|
# - key: "ostype"
|
# value: "rhel"
|
# key_name: "{{key_name}}"
|
|
install_win_ssh: false
|
install_win_ad: false
|
|
###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT
|
###### You can, but you usually wouldn't need to.
|
ansible_user: ec2-user
|
remote_user: ec2-user
|
|
common_packages:
|
- python
|
- unzip
|
- bash-completion
|
- tmux
|
- bind-utils
|
- wget
|
- git
|
- vim-enhanced
|
- at
|
- python-pip
|
- gcc
|
|
|
rhel_repos:
|
- rhel-7-server-rpms
|
- rhel-7-server-extras-rpms
|
- epel-release-latest-7
|
|
## Currently there is no NFS created for this Environment - See ocp-workshop for clues.
|
# ## NFS Server settings
|
# nfs_vg: nfsvg
|
# nfs_pvs: /dev/xvdb
|
# nfs_export_path: /srv/nfs
|
#
|
# nfs_shares:
|
# - es-storage
|
# - user-vols
|
# - jenkins
|
# - nexus
|
# - nexus2
|
|
project_tag: "{{ env_type }}-{{ guid }}"
|
|
zone_internal_dns: "{{guid}}.internal."
|
chomped_zone_internal_dns: "{{guid}}.internal"
|
|
cloudapps_dns: '*.apps.{{subdomain_base}}.'
|
tower_public_dns: "towerlb.{{subdomain_base}}."
|
|
#tower_public_dns: "tower.{{subdomain_base}}."
|
bastion_public_dns: "bastion.{{subdomain_base}}."
|
bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
|
# we don't use this anymore <sborenst>
|
# activedirectory_public_dns: "ad.{{subdomain_base}}."
|
# activedirectory_public_dns_chomped: "ad.{{subdomain_base}}"
|
|
vpcid_cidr_block: "192.168.0.0/16"
|
vpcid_name_tag: "{{subdomain_base}}"
|
|
az_1_name: "{{ aws_region }}a"
|
az_2_name: "{{ aws_region }}b"
|
|
subnet_private_1_cidr_block: "192.168.2.0/24"
|
subnet_private_1_az: "{{ az_2_name }}"
|
subnet_private_1_name_tag: "{{subdomain_base}}-private"
|
|
subnet_private_2_cidr_block: "192.168.1.0/24"
|
subnet_private_2_az: "{{ az_1_name }}"
|
subnet_private_2_name_tag: "{{subdomain_base}}-private"
|
|
subnet_public_1_cidr_block: "192.168.10.0/24"
|
subnet_public_1_az: "{{ az_1_name }}"
|
subnet_public_1_name_tag: "{{subdomain_base}}-public"
|
|
subnet_public_2_cidr_block: "192.168.20.0/24"
|
subnet_public_2_az: "{{ az_2_name }}"
|
subnet_public_2_name_tag: "{{subdomain_base}}-public"
|
|
dopt_domain_name: "{{ aws_region }}.compute.internal"
|
|
rtb_public_name_tag: "{{subdomain_base}}-public"
|
rtb_private_name_tag: "{{subdomain_base}}-private"
|
|
|
cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer "
|
|
|
secret_dir: "~/secrets"
|