Added three-tier-tower config

Tok

2018-11-01 0502ede06c6a00d97aefb06e4cf7f3f57801f14b

Added three-tier-tower config

 ansible/configs/three-tier-tower/README.adoc

New file
@@ -0,0 +1,94 @@
= Three Tier Tower

Three Tier Tower

== Set up your "Secret" variables

* You need to provide some credentials for deployments to work
* Create a file called "env_secret_vars.yml" and put it in the
 ./ansible/configs/CONFIGNAME/ directory.
** At this point this file *has to be created* even if no vars from it are used.
* You can choose to provide these values as extra vars (-e "var=value") in the
 command line if you prefer not to keep sensitive information in a file.

.Example contents of "Secret" Vars file
----
# ## Logon credentials for Red Hat Network
# ## Required if using the subscription component
# ## of this playbook.
rhel_subscription_user: ''
rhel_subscription_pass: ''
#
# ## LDAP Bind Password
bindPassword: ''
#
# ## Desired admin name and password if required
admin_user: ""
admin_user_password: ""
#
# ## AWS Credentials. This is required.
aws_access_key_id: ""
aws_secret_access_key: ""
#If using repo_method: satellite, you must set these values as well.
satellite_url: https://satellite.example.com
satellite_org: Sat_org_name
satellite_activationkey: "rhel7basic"

----

== Review the Env_Type variable file

* This file link:./env_vars.yml[./env_vars.yml] contains all the variables you
 need to define to control the deployment of your environment.


== Running Ansible Playbook

You can run the playbook with the following arguments to overwrite the default variable values:
[source,bash]
----
REGION=ap-southeast-2
KEYNAME=ocpkey
GUID=tonyshatest1
ENVTYPE="three-tier-app"
CLOUDPROVIDER=ec2
HOSTZONEID='Z3IHLWJZOU9SRT'
REPO_PATH='https://admin.example.com/repos/ocp/3.6/'

BASESUFFIX='.example.opentlc.com'
DEPLOYER_REPO_PATH=`pwd`

ansible-playbook \
     ${DEPLOYER_REPO_PATH}/main.yml  \
    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
      -e "guid=${GUID}" \
      -e "env_type=${ENVTYPE}" \
      -e "key_name=${KEYNAME}" \
      -e "subdomain_base_suffix=${BASESUFFIX}" \
        -e "cloud_provider=${CLOUDPROVIDER}" \
        -e "aws_region=${REGION}" \
        -e "HostedZoneId=${HOSTZONEID}" \
        -e "email=name@example.com" \
      -e "install_ipa_client=false" \
      -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \
      -e "software_to_deploy=none"




----

=== To Delete an environment
----

REGION=ap-southeast-2
GUID=devgenericdemo1
ENVTYPE="three-tier-app"
CLOUDPROVIDER=ec2
#To Destroy an Env
ansible-playbook ./configs/${ENVTYPE}/destroy_env.yml \
    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
 -e "guid=${GUID}" -e "env_type=${ENVTYPE}"  -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}"  \
 -e "HostedZoneId=${HOSTZONEID}"  -e "key_name=${KEYNAME}"  -e "subdomain_base_suffix=${BASESUFFIX}"

----

 ansible/configs/three-tier-tower/destroy_env.yml

New file
@@ -0,0 +1,3 @@
---
- name: Import default destroy playbook
  import_playbook: "{{ANSIBLE_REPO_PATH}}/cloud_providers/{{cloud_provider}}_destroy_env.yml"

 ansible/configs/three-tier-tower/env_vars.yml

New file
@@ -0,0 +1,252 @@
## TODO: What variables can we strip out of here to build complex variables?
## i.e. what can we add into group_vars as opposed to config_vars?
## Example: We don't really need "subdomain_base_short". If we want to use this,
## should just toss in group_vars/all.
### Also, we should probably just create a variable reference in the README.md
### For now, just tagging comments in line with configuration file.

### Vars that can be removed:
# use_satellite: true
# use_subscription_manager: false
# use_own_repos: false

###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
###### OR PASS as "-e" args to ansible-playbook command


### Common Host settings

repo_method: file # Other Options are: file, satellite and rhn


# Do you want to run a full yum update
update_packages: false
#If using repo_method: satellite, you must set these values as well.
# satellite_url: https://satellite.example.com
# satellite_org: Sat_org_name
# satellite_activationkey: "rhel7basic"

## guid is the deployment unique identifier, it will be appended to all tags,
## files and anything that identifies this environment from another "just like it"
guid: defaultguid

# This var is used to identify stack (cloudformation, azure resourcegroup, ...)
project_tag: "{{ env_type }}-{{ guid }}"

# This is where the ssh_config file will be created, this file is used to
# define the communication method to all the hosts in the deployment
deploy_local_ssh_config_location: "{{ANSIBLE_REPO_PATH}}/workdir"

install_bastion: true
install_common: true
software_to_deploy: none

repo_version: "3.6"

### If you want a Key Pair name created and injected into the hosts,
# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
# you can use the key used to create the environment or use your own self generated key
# if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}})
use_own_key: true
env_authorized_key: "{{guid}}key"
ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
set_env_authorized_key: true

# Is this running from Red Hat Ansible Tower
tower_run: false
### Azure 

# Create a dedicated resourceGroup for this deployment
az_destroy_method: resource_group
az_resource_group: "{{ project_tag }}"

# you can operate differently: if you share on resourceGroup for all you deployments,
# you can specify a different resourceGroup and method:
#az_destroy_method: deployment
#az_resource_group: my-shared-resource-group

### AWS EC2 Environment settings

### Route 53 Zone ID (AWS)
# This is the Route53 HostedZoneId where you will create your Public DNS entries
# This only needs to be defined if your CF template uses route53
HostedZoneId: Z3IHLWJZOU9SRT
# The region to be used, if not specified by -e in the command line
aws_region: ap-southeast-2
# The key that is used to
key_name: "default_key_name"

## Networking (AWS)
subdomain_base_short: "{{ guid }}"
subdomain_base_suffix: ".example.opentlc.com"
subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}"

## Environment Sizing

bastion_instance_type: "c5.large"

frontend_instance_type: "t2.small"
app_instance_type: "{{frontend_instance_type}}"
appdb_instance_type: "{{frontend_instance_type}}"
support_instance_type: "t2.small"

frontend_instance_count: 1
app_instance_count: 2
appdb_instance_count: 1
support_instance_count: 1
rootfs_size_bastion: 50

instances:
  - name: "bastion"
    count: 1
    unique: true
    public_dns: true
    dns_loadbalancer: true
    image_id: RHELAMI
    flavor:
      ec2: "{{bastion_instance_type}}"
      azure: Standard_A2_V2
    tags:
      - key: "AnsibleGroup"
        value: "bastions"
      - key: "ostype"
        value: "linux"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}" 
    rootfs_size: "{{ rootfs_size_bastion }}"

  - name: "frontend"
    count: "{{frontend_instance_count}}"
    public_dns: true
    dns_loadbalancer: true
    image_id: RHELAMI
    flavor:
      ec2: "{{frontend_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "frontends"
      - key: "ostype"
        value: "linux"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"

  - name: "app"
    count: "{{app_instance_count}}"
    public_dns: true
    image_id: RHELAMI
    flavor:
      ec2: "{{app_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "apps"
      - key: "ostype"
        value: "rhel"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"
    key_name: "{{key_name}}"

  - name: "appdb"
    count: "{{appdb_instance_count}}"
    public_dns: true
    image_id: RHELAMI
    flavor:
      ec2: "{{appdb_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "appdbs"
      - key: "ostype"
        value: "rhel"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}" 
    key_name: "{{key_name}}"

  - name: "support"
    count: "{{support_instance_count}}"
    public_dns: true
    image_id: RHELAMI
    flavor:
      ec2: "{{support_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "support"
      - key: "ostype"
        value: "rhel"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"
    key_name: "{{key_name}}"

###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT
###### You can, but you usually wouldn't need to.
ansible_ssh_user: ec2-user
remote_user: ec2-user

common_packages:
  - python
  - unzip
  - bash-completion
  - tmux
  - bind-utils
  - wget
  - git
  - vim-enhanced
  - at
  - ansible

rhel_repos:
  - rhel-7-server-rpms
  - rhel-7-server-extras-rpms
  - epel-release-latest-7
## Currently there is no NFS created for this Environment - See ocp-workshop for clues.
# ## NFS Server settings
# nfs_vg: nfsvg
# nfs_pvs: /dev/xvdb
# nfs_export_path: /srv/nfs
#
# nfs_shares:
#   - es-storage
#   - user-vols
#   - jenkins
#   - nexus
#   - nexus2


zone_internal_dns: "{{guid}}.internal."
chomped_zone_internal_dns: "{{guid}}.internal"

frontend_public_dns: "frontendlb.{{subdomain_base}}."
#tower_public_dns: "tower.{{subdomain_base}}."
bastion_public_dns: "bastion.{{subdomain_base}}."
bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
vpcid_cidr_block: "192.168.0.0/16"
vpcid_name_tag: "{{subdomain_base}}"

az_1_name: "{{ aws_region }}a"
az_2_name: "{{ aws_region }}b"

subnet_private_1_cidr_block: "192.168.2.0/24"
subnet_private_1_az: "{{ az_2_name }}"
subnet_private_1_name_tag: "{{subdomain_base}}-private"

subnet_private_2_cidr_block: "192.168.1.0/24"
subnet_private_2_az: "{{ az_1_name }}"
subnet_private_2_name_tag: "{{subdomain_base}}-private"

subnet_public_1_cidr_block: "192.168.10.0/24"
subnet_public_1_az: "{{ az_1_name }}"
subnet_public_1_name_tag: "{{subdomain_base}}-public"

subnet_public_2_cidr_block: "192.168.20.0/24"
subnet_public_2_az: "{{ az_2_name }}"
subnet_public_2_name_tag: "{{subdomain_base}}-public"

dopt_domain_name: "{{ aws_region }}.compute.internal"

rtb_public_name_tag: "{{subdomain_base}}-public"
rtb_private_name_tag: "{{subdomain_base}}-private"


cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer "

 ansible/configs/three-tier-tower/files/cloud_providers/azure_cloud_template.j2

New file
@@ -0,0 +1,428 @@
{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters" : {
        "guid": {
            "type" : "string",
            "minLength" : 3,
            "metadata" : {
                "description" : "GUID of the environment"
            }
        },
        "DNSZone": {
            "type" : "string",
            "minLength" : 3,
            "metadata" : {
                "description" : "dns zone of the environment, to update or create"
            }
        },
        "adminUsername" : {
            "type" : "string",
            "minLength" : 1,
            "defaultValue" : "azure",
            "metadata" : {
                "description" : "User name for the Virtual Machine."
            }
        },
        "sshKeyData" : {
            "type" : "securestring",
            "metadata" : {
                "description" : "SSH RSA public key file as a string."
            }
        },
        "vmSize" : {
            "type" : "string",
            "defaultValue" : "Basic_A2",
            "allowedValues" : [
                "Basic_A2",
                "Standard_A2",
                "Standard_A3",
                "Standard_A4",
                "Standard_A5",
                "Standard_A6",
                "Standard_A7",
                "Standard_A8",
                "Standard_A9",
                "Standard_A10",
                "Standard_A11",
                "Standard_D2",
                "Standard_D3",
                "Standard_D4",
                "Standard_D11",
                "Standard_D12",
                "Standard_D13",
                "Standard_D14",
                "Standard_D2_v2",
                "Standard_D3_v2",
                "Standard_D4_v2",
                "Standard_D5_v2",
                "Standard_D11_v2",
                "Standard_D12_v2",
                "Standard_D13_v2",
                "Standard_D14_v2",
                "Standard_G1",
                "Standard_G2",
                "Standard_G3",
                "Standard_G4",
                "Standard_G5",
                "Standard_DS2",
                "Standard_DS3",
                "Standard_DS4",
                "Standard_DS11",
                "Standard_DS12",
                "Standard_DS13",
                "Standard_DS14",
                "Standard_DS2_v2",
                "Standard_DS3_v2",
                "Standard_DS4_v2",
                "Standard_DS5_v2",
                "Standard_DS11_v2",
                "Standard_DS12_v2",
                "Standard_DS13_v2",
                "Standard_DS14_v2",
                "Standard_GS1",
                "Standard_GS2",
                "Standard_GS3",
                "Standard_GS4",
                "Standard_GS5"
            ],
            "metadata" : {
                "description" : "The size of the each Node Virtual Machine."
            }
        }
    },
    "variables" : {
        "subzone": "[concat('{{guid}}.',parameters('DNSZone'))]",
        "location" : "[resourceGroup().location]",
        "virtualNetworkName" : "[concat('VNet', parameters('guid'))]",
        "addressPrefix" : "10.0.0.0/16",
        "vnetId" : "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
        "rhel" : {
            "publisher" : "Redhat",
            "offer" : "RHEL",
            "sku" : "7-RAW",
            "version" : "latest"
        },
        "tenantId" : "[subscription().tenantId]",
        "apiVersion" : "2015-06-15",
        "apiVersionCompute" : "2015-06-15",
        "apiVersionNetwork" : "2016-03-30",
        "tmApiVersion" : "2015-11-01",
        "apiVersionStorage" : "2015-06-15",
        "apiVersionLinkTemplate" : "2015-01-01",
        "nicName" : "OneVmNic",
        "publicIPAddressType" : "Dynamic",
        "subnetRef" : "[concat(variables('vnetID'),'/subnets/',variables('virtualNetworkName'))]",
        "sshKeyPath" : "[concat('/home/',parameters('adminUsername'),'/.ssh/authorized_keys')]",
        "sQuote" : "\"",
        "vmStorageAccountContainerName": "vhds",
        "storageAccountType": "Standard_LRS",
        "vhdStorageType" : "Premium_LRS",
        "storageAccountName": "[concat('vsts8',uniquestring(parameters('guid')))]"
    },
    "resources": [
        {
            "type": "Microsoft.Storage/storageAccounts",
            "name": "[variables('StorageAccountName')]",
            "apiVersion": "2016-01-01",
            "location": "[resourceGroup().location]",
            "sku": {
                "name": "[variables('storageAccountType')]"
            },
            "kind": "Storage",
            "properties": {
            }
        },
{% for instance in instances %}

{% if instance['dns_loadbalancer']|d(false)|bool and not instance['unique']|d(false)|bool %}
        {
            "type": "Microsoft.Network/dnszones/a",
            "name": "[concat(variables('subzone'), '/', '{{instance['name']}}')]",
            "apiVersion": "2016-04-01",
            "dependsOn": [
{% for c in range(1,(instance['count'] |int)+1) %}
  {% if instance['unique']|d(false)|bool %}
    {% set instancename = instance['name'] %}
    {% else %}
    {% set instancename = instance['name'] + (loop.index|string) %}
  {% endif %}
                "[resourceId('Microsoft.Network/publicIPAddresses/', '{{instancename}}-PublicIP')]",
{% endfor %}
                "[resourceId('Microsoft.Network/dnsZones/', variables('subzone'))]",
            ],
            "properties": {
                "TTL": 3600,
                "ARecords": [
                    {
{% for c in range(1,(instance['count'] |int)+1) %}
  {% if instance['unique']|d(false)|bool %}
    {% set instancename = instance['name'] %}
    {% else %}
    {% set instancename = instance['name'] + (loop.index|string) %}
  {% endif %}
                        "ipv4Address": "[reference('{{instancename}}-PublicIP').ipAddress]"
{% endfor %}
                    }
                ]
            }
        },
{% endif %}


{% for c in range(1,(instance['count'] |int)+1) %}

  {% if instance['unique']|d(false)|bool %}
    {% set instancename = instance['name'] %}
    {% else %}
    {% set instancename = instance['name'] + (loop.index|string) %}
  {% endif %}

{% if instance['public_dns']|d(false)|bool %}
        {
            "type": "Microsoft.Network/dnszones/a",
            "name": "[concat(variables('subzone'), '/', '{{instancename}}')]",
            "apiVersion": "2016-04-01",
            "dependsOn": [
                "[resourceId('Microsoft.Network/publicIPAddresses/', '{{instancename}}-PublicIP')]",
                "[resourceId('Microsoft.Network/dnsZones/', variables('subzone'))]",
            ],
            "properties": {
                "TTL": 3600,
                "ARecords": [
                    {
                        "ipv4Address": "[reference('{{instancename}}-PublicIP').ipAddress]"
                    }
                ]
            }
        },
        {
            "apiVersion" : "2017-04-01",
            "type" : "Microsoft.Network/publicIPAddresses",
            "name" : "{{instancename}}-PublicIP",
            "location" : "[resourceGroup().location]",
            "properties" : {
                "publicIPAllocationMethod" : "Static",
                "dnsSettings" : {
                    "domainNameLabel" : "{{instancename}}-{{guid}}"
                }
            }
        },
        {
            "apiVersion" : "2017-04-01",
            "type" : "Microsoft.Network/networkInterfaces",
            "name" : "{{instancename}}-Interface",
            "location" : "[resourceGroup().location]",
            "dependsOn" : [
                "[resourceId('Microsoft.Network/publicIPAddresses/', '{{instancename}}-PublicIP')]",
                "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
            ],
            "properties" : {
                "ipConfigurations" : [
                    {
                        "name" : "ipconfig1",
                        "properties" : {
                            "privateIPAllocationMethod" : "Dynamic",
                            "publicIPAddress" : {
                                "id" : "[resourceId('Microsoft.Network/publicIPAddresses','{{instancename}}-PublicIP')]"
                            },
                            "subnet" : {
                                "id" : "[variables('subnetRef')]"
                            }
                        }
                    }
                ]
            }
        },
{% endif %}
        {
            "apiVersion" : "2017-03-30",
            "type" : "Microsoft.Compute/virtualMachines",
            "name" : "{{instancename}}",
            "location" : "[resourceGroup().location]",
            "dependsOn" : [
                "[resourceId('Microsoft.Network/networkInterfaces/', '{{instancename}}-Interface')]"
            ],
            "tags": {
                "Name": "{{instancename}}",
                "internaldns": "{{instancename}}.{{chomped_zone_internal_dns}}",
                "owner": "{{ email | default('unknownuser') }}",
                "Project": "{{project_tag}}",
{% for tag in instance['tags'] %}
                "{{tag['key']}}": "{{tag['value']}}",
{% endfor %}
                "{{project_tag}}": "{{ instance['name'] }}"
            },
            "properties" : {
                "hardwareProfile" : {
                    "vmSize" : "{{instance['flavor'][cloud_provider]}}"
                },
                "osProfile" : {
                    "computerName" : "{{instancename}}",
                    "adminUsername" : "[parameters('adminUsername')]",
                    "linuxConfiguration" : {
                        "disablePasswordAuthentication" : "true",
                        "ssh" : {
                            "publicKeys" : [
                                {
                                    "path" : "[variables('sshKeyPath')]",
                                    "keyData" : "[parameters('sshKeyData')]"
                                }
                            ]
                        }
                    }
                },
                "storageProfile" : {
                    "imageReference" : "[variables('rhel')]",
                    "osDisk" : {
                        "caching" : "ReadWrite",
                        "name" : "{{instancename}}-osdisk",
                        "createOption" : "FromImage",
                        "diskSizeGB" : "{{instance['rootfs_size']|d('50')}}"
                    },
                    "dataDisks" : [
{% for vol in instance['volumes']|default([]) %}
                        {
                            "caching" : "None",
                            "createOption" : "Empty",
                            "lun" : "{{loop.index}}",
                            "name": "{{instancename}}-{{vol['device_name']}}",
                            "diskSizeGB" : "{{vol['volume_size']}}"
                        },
{% endfor %}
                    ]
                },
                "networkProfile" : {
                    "networkInterfaces" : [
                        {
                            "id" : "[resourceId('Microsoft.Network/networkInterfaces','{{instancename}}-Interface')]"
                        }
                    ]
                },
                "diagnosticsProfile" : {
                    "bootDiagnostics" : {
                        "enabled" : "false",
                        "storageUri" : "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob)]"
                    }
                }
            }
        },
{% endfor %}
{% endfor %}
        {
            "name": "[variables('subzone')]",
            "type": "Microsoft.Network/dnsZones",
            "apiVersion": "2017-09-01",
            "location" : "global",
        },
        {
            "apiVersion": "2017-05-10",
            "name": "nestedTemplate",
            "type": "Microsoft.Resources/deployments",
            "resourceGroup": "dns",
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {},
                    "variables": {},
                    "resources": [
                    ]
                },
                "parameters": {}
            }
        },
        {
            "apiVersion" : "[variables('apiVersion')]",
            "type" : "Microsoft.Network/virtualNetworks",
            "name" : "[variables('virtualNetworkName')]",
            "location" : "[variables('location')]",
            "tags" : {
                "displayName" : "VirtualNetwork"
            },
            "properties" : {
                "addressSpace" : {
                    "addressPrefixes" : [
                        "[variables('addressPrefix')]"
                    ]
                },
                "subnets" : [
                    {
                        "name" : "[variables('virtualNetworkName')]",
                        "properties" : {
                            "addressPrefix" : "[variables('addressPrefix')]"
                        }
                    }
                ]
            }
        },
        {
            "type" : "Microsoft.Network/networkSecurityGroups",
            "name" : "[concat(resourceGroup().name, 'nsg')]",
            "tags" : {
                "displayName" : "NetworkSecurityGroup"
            },
            "apiVersion" : "[variables('apiVersion')]",
            "location" : "[resourceGroup().location]",
            "properties" : {
                "securityRules" : [
                    {
                        "name" : "default-allow-openshift-router-https",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "443",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2000,
                            "direction" : "Inbound"
                        }
                    },
                    {
                        "name" : "default-allow-openshift-router-http\n",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "80",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2001,
                            "direction" : "Inbound"
                        }
                    },
                    {
                        "name" : "default-allow-openshift-master",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "8443",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2002,
                            "direction" : "Inbound"
                        }
                    },
                    {
                        "name" : "default-allow-ssh",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "22",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2003,
                            "direction" : "Inbound"
                        }
                    }
                ]
            }
        }
    ],
    "outputs" : {
    }
}

 ansible/configs/three-tier-tower/files/cloud_providers/ec2_cloud_template.j2

New file
@@ -0,0 +1,287 @@
AWSTemplateFormatVersion: "2010-09-09"
Mappings:
  RegionMapping:
    us-east-1:
      RHELAMI: ami-c998b6b2
      WIN2012R2AMI: ami-93118ee9
    us-east-2:
      RHELAMI: ami-cfdafaaa
      WIN2012R2AMI: ami-72745d17
    us-west-1:
      RHELAMI: ami-66eec506
      WIN2012R2AMI: ami-ef95ae8f
    us-west-2:
      RHELAMI: ami-9fa343e7
      WIN2012R2AMI: ami-af5980d7
    eu-west-1:
      RHELAMI: ami-bb9a6bc2
      WIN2012R2AMI: ami-24f04d5d
    eu-west-2:
      WIN2012R2AMI: ami-6a746a0e
    ca-central-1:
      WIN2012R2AMI: ami-4e4cf72a
    eu-central-1:
      RHELAMI: ami-d74be5b8
      WIN2012R2AMI: ami-88c14ee7
    ap-northeast-1:
      RHELAMI: ami-30ef0556
      WIN2012R2AMI: ami-dcdd66ba
    ap-northeast-2:
      RHELAMI: ami-0f5a8361
      WIN2012R2AMI: ami-681cbb06
    ap-southeast-1:
      RHELAMI: ami-10bb2373
      WIN2012R2AMI: ami-f887d59b
    ap-southeast-2:
      RHELAMI: ami-ccecf5af
      WIN2012R2AMI: ami-f601f494
    sa-east-1:
      RHELAMI: ami-a789ffcb
      WIN2012R2AMI: ami-42a5e12e
    ap-south-1:
      RHELAMI: ami-cdbdd7a2
      WIN2012R2AMI: ami-b9e8a6d6
  DNSMapping:
    "us-east-1":
      domain: "us-east-1.compute.internal"
    "us-west-1":
      domain: "us-west-1.compute.internal"
    "us-west-2":
      domain: "us-west-2.compute.internal"
    "eu-west-1":
      domain: "eu-west-1.compute.internal"
    "eu-central-1":
      domain: "eu-central-1.compute.internal"
    "ap-northeast-1":
      domain: "ap-northeast-1.compute.internal"
    "ap-northeast-2":
      domain: "ap-northeast-2.compute.internal"
    "ap-southeast-1":
      domain: "ap-southeast-1.compute.internal"
    "ap-southeast-2":
      domain: "ap-southeast-2.compute.internal"
    "sa-east-1":
      domain: "sa-east-1.compute.internal"
    "ap-south-1":
      domain: "ap-south-1.compute.internal"
Resources:
   Vpc:
    Type: "AWS::EC2::VPC"
    Properties:
     CidrBlock: "192.199.0.0/16"
     EnableDnsSupport: true
     EnableDnsHostnames: true
     Tags:
      - Key: Name
        Value: "{{vpcid_name_tag}}"
      - Key: Hostlication
        Value:
          Ref: "AWS::StackId"
   VpcInternetGateway:
    Type: "AWS::EC2::InternetGateway"
   VpcGA:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
     InternetGatewayId:
      Ref: VpcInternetGateway
     VpcId:
      Ref: Vpc
   VpcRouteTable:
    Type: "AWS::EC2::RouteTable"
    Properties:
     VpcId:
      Ref: Vpc
   VPCRouteInternetGateway:
    DependsOn: VpcGA
    Type: "AWS::EC2::Route"
    Properties:
     GatewayId:
      Ref: VpcInternetGateway
     DestinationCidrBlock: "0.0.0.0/0"
     RouteTableId:
      Ref: VpcRouteTable
   PublicSubnet:
    Type: "AWS::EC2::Subnet"
    DependsOn:
     - Vpc
    Properties:
     CidrBlock: "192.199.0.0/24"
     Tags:
      - Key: Name
        Value: "{{project_tag}}"
      - Key: Hostlication
        Value:
          Ref: "AWS::StackId"
     MapPublicIpOnLaunch: true
     VpcId:
      Ref: Vpc
   PublicSubnetRTA:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
     RouteTableId:
      Ref: VpcRouteTable
     SubnetId:
      Ref: PublicSubnet
   HostSG:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
     GroupDescription: Host
     VpcId:
      Ref: Vpc
     Tags:
      - Key: Name
        Value: host_sg
   HostUDPPorts:
    Type: "AWS::EC2::SecurityGroupIngress"
    Properties:
     GroupId:
      "Fn::GetAtt":
       - HostSG
       - GroupId
     IpProtocol: udp
     FromPort: 0
     ToPort: 65535
     CidrIp: "0.0.0.0/0"
   HostTCPPorts:
    Type: "AWS::EC2::SecurityGroupIngress"
    Properties:
     GroupId:
      "Fn::GetAtt":
       - HostSG
       - GroupId
     IpProtocol: tcp
     FromPort: 0
     ToPort: 65535
     CidrIp: "0.0.0.0/0"
   zoneinternalidns:
    Type: "AWS::Route53::HostedZone"
    Properties:
     Name: "{{ zone_internal_dns }}"
     VPCs:
      - VPCId:
          Ref: Vpc
        VPCRegion:
          Ref: "AWS::Region"
     HostedZoneConfig:
      Comment: "Created By ansible agnostic deployer"

{% for instance in instances %}
{% if instance['dns_loadbalancer']|d(false)|bool and not instance['unique']|d(false)|bool %}
   {{instance['name']}}DNSLoadBalancer:
    Type: "AWS::Route53::RecordSetGroup"
    DependsOn:
{% for c in range(1,(instance['count'] |int)+1) %}
    - {{instance['name']}}{{c}}EIP
{% endfor %}
    Properties:
     HostedZoneId: {{HostedZoneId}}
     RecordSets:
      - Name: "{{instance['name']}}.{{subdomain_base}}."
        Type: A
        TTL: 900
        ResourceRecords:
{% for c in range(1,(instance['count'] |int)+1) %}
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PublicIp
{% endfor %}
{% endif %}

{% for c in range(1,(instance['count'] |int)+1) %}
   {{instance['name']}}{{loop.index}}:
    Type: "AWS::EC2::Instance"
    Properties:
     ImageId:
      "Fn::FindInMap":
       - RegionMapping
       - Ref: "AWS::Region"
       - {{ instance['image_id'] | default('RHELAMI') }}

     InstanceType: "{{instance['flavor'][cloud_provider]}}"
     KeyName: "{{instance['key_name'] | default(key_name)}}"
{% if instance['UserData'] is defined %}
     {{instance['UserData']}}
{% endif %}
     SecurityGroupIds:
        - "Fn::GetAtt":
          - HostSG
          - GroupId
     SubnetId:
      Ref: PublicSubnet
     Tags:
{% if instance['unique'] | d(false) | bool %}
      - Key: Name
        Value: {{instance['name']}}
      - Key: internaldns
        Value: {{instance['name']}}.{{chomped_zone_internal_dns}}
{% else %}
      - Key: Name
        Value: {{instance['name']}}{{loop.index}}
      - Key: internaldns
        Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}}
{% endif %}
      - Key: "owner"
        Value: "{{ email | default('unknownuser') }}"
      - Key: "Project"
        Value: "{{project_tag}}"
      - Key: "{{project_tag}}"
        Value: "{{ instance['name'] }}"
{% for tag in instance['tags'] %}
      - Key: {{tag['key']}}
        Value: {{tag['value']}}
{% endfor %}
     BlockDeviceMappings:
        - DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 50
        - DeviceName: "/dev/xvdb"
          Ebs:
            VolumeType: gp2
            VolumeSize: 20
   {{instance['name']}}{{loop.index}}InternalDNS:
    Type: "AWS::Route53::RecordSetGroup"
    Properties:
     HostedZoneId:
      Ref: zoneinternalidns
     RecordSets:
{% if instance['unique'] | d(false) | bool %}
      - Name: "{{instance['name']}}.{{zone_internal_dns}}"
{% else %}
      - Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}"
{% endif %}
        Type: A
        TTL: 10
        ResourceRecords:
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PrivateIp
{% if instance['public_dns'] %}
   {{instance['name']}}{{loop.index}}EIP:
     Type: "AWS::EC2::EIP"
     DependsOn:
      - VpcGA
     Properties:
      InstanceId:
       Ref: {{instance['name']}}{{loop.index}}
   {{instance['name']}}{{loop.index}}PubliclDNS:
     Type: "AWS::Route53::RecordSetGroup"
     DependsOn:
        - {{instance['name']}}{{loop.index}}EIP
     Properties:
      HostedZoneId: {{HostedZoneId}}
      RecordSets:
{% if instance['unique'] | d(false) | bool %}
        - Name: "{{instance['name']}}.{{subdomain_base}}."
{% else %}
        - Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}."
{% endif %}
          Type: A
          TTL: 10
          ResourceRecords:
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PublicIp
{% endif %}

{% endfor %}
{% endfor %}

 ansible/configs/three-tier-tower/files/cloud_providers/ec2_cloud_template_json.j2

New file
@@ -0,0 +1,792 @@
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": { },
  "Mappings": {
    "RegionMapping": {
      "us-east-1": {
        "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-7da4ab6b"
      },
      "us-east-2": {
        "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-ffae8f9a"
      },
      "us-west-1": {
        "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-a11836c1"
      },
      "us-west-2": {
        "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-a1c1ddd8"
      },
      "eu-west-1": {
        "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-cc8e98a8"
      },
      "eu-central-1": {
        "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-da1ebdb5"
      },
      "ap-northeast-1": {
        "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-4312cc2d"
      },
      "ap-northeast-2": {
        "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-68756f0f"
      },
      "ap-southeast-1": {
        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-7644d315"
      },
      "ap-southeast-2": {
        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-468f9225"
      },
      "sa-east-1": {
        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-c8285ca4"
      },
      "ap-south-1": {
        "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-8eafd6e1"
      }
    },
    "DNSMapping": {
      "us-east-1": {
        "domain": "us-east-1.compute.internal"
      },
      "us-west-1": {
        "domain": "us-west-1.compute.internal"
      },
      "us-west-2": {
        "domain": "us-west-2.compute.internal"
      },
      "eu-west-1": {
        "domain": "eu-west-1.compute.internal"
      },
      "eu-central-1": {
        "domain": "eu-central-1.compute.internal"
      },
      "ap-northeast-1": {
        "domain": "ap-northeast-1.compute.internal"
      },
      "ap-northeast-2": {
        "domain": "ap-northeast-2.compute.internal"
      },
      "ap-southeast-1": {
        "domain": "ap-southeast-1.compute.internal"
      },
      "ap-southeast-2": {
        "domain": "ap-southeast-2.compute.internal"
      },
      "sa-east-1": {
        "domain": "sa-east-1.compute.internal"
      },
      "ap-south-1": {
        "domain": "ap-south-1.compute.internal"
      }
    }
  },
  "Resources": {
    "Vpc": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "192.199.0.0/16",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "true",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{vpcid_name_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ]
      }
    },
    "VpcInternetGateway": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {}
    },
    "VpcGA": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "InternetGatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VpcRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VPCRouteInternetGateway": {
      "DependsOn" : "VpcGA",
  "Type": "AWS::EC2::Route",
      "Properties": {
        "GatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        }
      }
    },
    "PublicSubnet": {
      "Type": "AWS::EC2::Subnet",
      "DependsOn": [
        "Vpc"
      ],
      "Properties": {
        "CidrBlock": "192.199.0.0/24",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ],
        "MapPublicIpOnLaunch": "true",
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "PublicSubnetRTA": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        },
        "SubnetId": {
          "Ref": "PublicSubnet"
        }
      }
    },
    "HostSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Host",
        "VpcId": {
          "Ref": "Vpc"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "host_sg"
          }
        ]
      }
    },
    "HostUDPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "udp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "HostTCPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "zoneinternalidns": {
      "Type": "AWS::Route53::HostedZone",
      "Properties": {
        "Name": "{{ zone_internal_dns }}",
        "VPCs" :  [{
      "VPCId": { "Ref" : "Vpc" },
      "VPCRegion": { "Ref": "AWS::Region" } } ],
        "HostedZoneConfig": {
          "Comment": "Created By ansible agnostic deployer"
        }
      }
    },
    "BastionDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{bastion_public_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "CloudDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{cloudapps_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "FrontendDNSLoadBalancer": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": "frontend{{frontend_instance_count}}EIP",
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
        {
          "Name" : "{{frontend_public_dns}}",
          "Type" : "A",
          "TTL" : "900",
          "ResourceRecords" : [
{% for c in range(1,(frontend_instance_count|int)+1) %}

{ "Fn::GetAtt": [ "frontend{{loop.index}}", "PublicIp" ] }{% if loop.index < frontend_instance_count   %},{% endif %}

{% endfor %}
          ]}]
    }},
    {% for c in range(1,(frontend_instance_count|int)+1) %}

    "PublicHostDNS{{loop.index}}": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": "frontend{{frontend_instance_count}}EIP",
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
        {
          "Name" : "frontend{{loop.index}}.{{subdomain_base}}.",
          "Type" : "A",
          "TTL" : "900",
          "ResourceRecords" : [

{ "Fn::GetAtt": [ "frontend{{loop.index}}", "PublicIp" ] }

          ]}]
    }},
{% endfor %}

    "Bastion": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{bastion_instance_type}}",
        "KeyName": "{{key_name}}",
        "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
          "#!/bin/bash -xe\n",
          "sed -i '2i ldap_group_nesting_level=0' /etc/sssd/sssd.conf \n",
          "systemctl restart sssd \n",
          "echo 'PermitRootLogin without-password' >> /etc/ssh/sshd_config \n",
          "sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config \n",
          "sed -i 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \n",
          "systemctl restart sshd \n"
          ]]}},
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "bastion"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "bastions"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "bastion"
          },
          {
            "Key": "internaldns",
            "Value": "bastion.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ]
      }
    },
      "BastionEIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "Bastion" }
          }
      },
    "BastionInternalDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "bastion.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    {% for c in range(1,(frontend_instance_count|int)+1) %}
        "frontend{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{frontend_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "frontend{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "frontends"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "frontend"
              },
              {
                "Key": "internaldns",
                "Value": "frontend{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 30
                }
              }
            ]
          }

        },
      "frontend{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "frontend{{loop.index}}" }
          }
      },
        "frontend{{loop.index}}DNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "frontend{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "frontend{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
        {% for c in range(1,(app_instance_count|int)+1) %}
        "app{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{app_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "app{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "apps"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "app"
              },
              {
                "Key": "internaldns",
                "Value": "app{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 30
                }
              }
            ]
          }

        },

        "app{{loop.index}}DNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "app{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "app{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
    {% for c in range(1,(appdb_instance_count|int)+1) %}
    "appdb{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{appdb_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "appdb{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "appdbs"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "appdb"
          },
          {
            "Key": "internaldns",
            "Value": "appdb{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 30
            }
          }
        ]
      }

    },

    "appdb{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "appdb{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "appdb{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    {% endfor %}
    {% for c in range(1,(support_instance_count|int)+1) %}
    "support{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{support_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "support{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "support"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "support"
          },
          {
            "Key": "internaldns",
            "Value": "support{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 50
            }
          }
        ]
      }

    },
    "support{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "support{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "support{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    }{% if loop.index < support_instance_count %},{% endif %}
  {% endfor %}
  },
  "Outputs": {
    "Route53internalzoneOutput": {
      "Description": "The ID of the internal route 53 zone",
      "Value": {
        "Ref": "zoneinternalidns"
      }
    }
  }
}

 ansible/configs/three-tier-tower/files/cloud_providers/terraform_ec2_cloud_template.tf.j2

New file
@@ -0,0 +1,164 @@
#----------------------------------------------
# Terraform ec2 variables
#----------------------------------------------
variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "security_group" { default = "{{ env_type }}-host_sg" }
variable "keypair" { default = "{{ env_type }}-{{ key_name }}" }
variable "aws_region" { default = "us-east-1" }

variable "aws_amis" {
    type = "map"
    default = {
        RHELAMI.ap-northeast-1 = "ami-5de0433c"
        RHELAMI.ap-northeast-2 = "ami-44db152a"
        RHELAMI.ap-southeast-1 = "ami-2c95344f"
        RHELAMI.ap-southeast-2 = "ami-39ac915a"
        RHELAMI.ap-south-1     = "ami-cdbdd7a2"
        RHELAMI.eu-central-1   = "ami-e4c63e8b"
        RHELAMI.eu-west-1      = "ami-02ace471"
        RHELAMI.sa-east-1      = "ami-7de77b11"
        RHELAMI.us-east-1      = "ami-b63769a1"
        RHELAMI.us-east-2      = "ami-0932686c"
        RHELAMI.us-gov-west-1  = "ami-91cfafb2"
        RHELAMI.us-west-1      = "ami-2cade64c"
        RHELAMI.us-west-2      = "ami-6f68cf0f"
        WIN2012R2AMI.us-east-1       = "ami-7da4ab6b"
        WIN2012R2AMI.us-east-2       = "ami-ffae8f9a"
        WIN2012R2AMI.us-west-1       = "ami-a11836c1"
        WIN2012R2AMI.us-west-2       = "ami-a1c1ddd8"
        WIN2012R2AMI.eu-west-1       = "ami-cc8e98a8"
        WIN2012R2AMI.eu-central-1    = "ami-da1ebdb5"
        WIN2012R2AMI.ap-northeast-1  = "ami-4312cc2d"
        WIN2012R2AMI.ap-northeast-2  = "ami-68756f0f"
        WIN2012R2AMI.ap-southeast-1  = "ami-7644d315"
        WIN2012R2AMI.ap-southeast-2  = "ami-468f9225"
        WIN2012R2AMI.sa-east-1       = "ami-c8285ca4"
        WIN2012R2AMI.ap-south-1      = "ami-8eafd6e1"
    }
}

variable "ebs_root_block_size" { default = "{{ rootfs_size_bastion }}" }

#----------------------------------------------
# Access credentials
#----------------------------------------------
provider "aws" {
    access_key = "${var.aws_access_key}"
    secret_key = "${var.aws_secret_key}"
    region     = "${var.aws_region}"
}

#----------------------------------------------
# VPC
#----------------------------------------------
# Main VPC that will contain everything.
resource "aws_vpc" "main" {
  cidr_block           = "192.199.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
 
  tags { 
    Name = "{{vpcid_name_tag}}" 
  }
}

# The public subnet is where resources connected to the internet will go
resource "aws_subnet" "public" {
    vpc_id                  = "${aws_vpc.main.id}"
    cidr_block              = "192.199.0.0/24"
    map_public_ip_on_launch = true
    tags { Name = "{{project_tag}}-public-subnet" }
}

# Internet accessible route table + gateway for the public subnet
resource "aws_internet_gateway" "public" {
  vpc_id = "${aws_vpc.main.id}"
  tags { Name = "{{vpcid_name_tag}}-igw" }
}

resource "aws_route_table" "public" {
  vpc_id = "${aws_vpc.main.id}"
  route {
      cidr_block = "0.0.0.0/0"
      gateway_id = "${aws_internet_gateway.public.id}"
  }
  tags { Name = "{{vpcid_name_tag}}-public-rt" }
}

resource "aws_route_table_association" "public" {
  subnet_id      = "${aws_subnet.public.id}"
  route_table_id = "${aws_route_table.public.id}"
}

#----------------------------------------------
# Security Group
#----------------------------------------------
resource "aws_security_group" "host_sg" {
  name   = "{{ env_type }}-host_sg"
  vpc_id = "${aws_vpc.main.id}"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }

}


{% for instance in instances %}
variable "{{instance['name']}}_os_version" { default = "{{instance['image_id']}}" }
variable "{{instance['name']}}_instance_type" { default = "{{ instance['name'] + '_instance_type' }}" }  # c4.large
variable "{{instance['name']}}_instance_count" { default = "{{ instance['name'] + '_instance_count' }}" }  # c4.large

#----------------------------------------------
# Instance : {{instance['name']}}
#----------------------------------------------
resource "aws_instance" "{{instance['name']}}_host" {
  count             = "{{instance['count']}}"
  ami               = "${lookup(var.aws_amis, "${var.{{instance['name']}}_os_version}.${var.aws_region}")}"
  instance_type     = "${var.{{instance['name']}}_instance_type}"
  subnet_id         = "${aws_subnet.public.id}"
  key_name          = "${var.keypair}"
  security_groups   = [ "${aws_security_group.host_sg.id}" ]

  root_block_device = {
    volume_type     = "gp2"
    volume_size     = "${var.ebs_root_block_size}"
  }
  tags {
    Name              = "{{ env_type }}-{{instance['name']}}-${count.index}"
    Role              = "{{ env_type }}-{{instance['name']}}"
    Workshop          = "{{ env_type }}"
    sshUser           = "ec2-user"
    Index             = "${count.index}"
{% for tag in instance['tags'] %}
    {{tag['key']}}      = "{{tag['value']}}"
{% endfor %}
  }
}

#----------------------------------------------
# DNS
#----------------------------------------------
resource "aws_route53_record" "{{instance['name']}}_dns" {
  # same number of records as instances
  count = "{{instance['count']}}"
  zone_id = "{{ HostedZoneId }}"
  name = "{{instance['name']}}.{{subdomain_base}}."
  type = "A"
  ttl = "900"
  # matches up record N to instance N
  records = ["${element(aws_instance.{{instance['name']}}_host.*.public_ip, count.index)}"]
}

{% endfor %}

 ansible/configs/three-tier-tower/files/cloud_providers/terraform_ec2_cloud_template.tfvars.j2

New file
@@ -0,0 +1,2 @@
aws_access_key = "{{ aws_access_key_id }}"
aws_secret_key = "{{ aws_secret_access_key }}"

 ansible/configs/three-tier-tower/files/hosts_template.j2

New file
@@ -0,0 +1,40 @@
[3tierapp:vars]

###########################################################################
### Ansible Vars
###########################################################################
timeout=60
ansible_become=yes
ansible_ssh_user={{remote_user}}
ansible_ssh_private_key_file="~/.ssh/{{guid}}key.pem"
ansible_ssh_common_args="-o StrictHostKeyChecking=no"
[3tierapp:children]
frontends
apps
appdbs
support


[frontends]
## These are the frontends
{% for host in groups['frontends'] %}
frontend{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=frontend{{loop.index}}.{{subdomain_base}}
{% endfor %}

[apps]
## These are the apps
{% for host in groups['apps']  %}
app{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=app{{loop.index}}.{{subdomain_base}}
{% endfor %}

[appdbs]
## These are the appdbs
{% for host in groups['appdbs'] %}
appdb{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=appdb{{loop.index}}.{{subdomain_base}}
{% endfor %}

## These are the support
[support]
{% for host in groups['support'] %}
support{{loop.index}}.{{chomped_zone_internal_dns}} ansible_ssh_host=support{{loop.index}}.{{subdomain_base}}
{% endfor %}

 ansible/configs/three-tier-tower/files/repos_template.j2

New file
@@ -0,0 +1,32 @@
[rhel-7-server-rpms]
name=Red Hat Enterprise Linux 7
baseurl={{own_repo_path}}/rhel-7-server-rpms
enabled=1
gpgcheck=0

[rhel-7-server-rh-common-rpms]
name=Red Hat Enterprise Linux 7 Common
baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms
enabled=1
gpgcheck=0

[rhel-7-server-extras-rpms]
name=Red Hat Enterprise Linux 7 Extras
baseurl={{own_repo_path}}/rhel-7-server-extras-rpms
enabled=1
gpgcheck=0

[rhel-7-server-optional-rpms]
name=Red Hat Enterprise Linux 7 Optional
baseurl={{own_repo_path}}/rhel-7-server-optional-rpms
enabled=1
gpgcheck=0

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

 ansible/configs/three-tier-tower/post_infra.yml

New file
@@ -0,0 +1,28 @@
- name: Step 002 Post Infrastructure
  hosts: localhost
  connection: local
  become: false
  vars_files:
    - "./env_vars.yml"
    - "./env_secret_vars.yml"
  tags:
    - step002
    - post_infrastructure
  tasks:

    - name: Job Template to launch a Job Template with update on launch inventory set
      uri:
        url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/"
        method: POST
        user: "{{tower_admin}}"
        password: "{{tower_admin_password}}"
        body:
          extra_vars:
            guid: "{{guid}}"
            ipa_host_password: "{{ipa_host_password}}"

        body_format: json
        validate_certs: False
        HEADER_Content-Type: "application/json"
        status_code: 200, 201
      when: tower_run == 'true'

 ansible/configs/three-tier-tower/post_software.yml

New file
@@ -0,0 +1,43 @@
- name: Step 00xxxxx post software
  hosts: support
  gather_facts: False
  become: yes
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
  tasks:
    - debug:
        msg: "Post-Software tasks Started"

- name: Step lab post software deployment
  hosts: bastions
  gather_facts: False
  become: yes
  tags:
    - opentlc_bastion_tasks
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
  tasks:
    - import_role:
        name: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa"
      when: install_ipa_client|bool

    # sssd bug, fixed by restart
    - name: restart sssd
      service:
        name: sssd
        state: restarted
      when: install_ipa_client

- name: PostSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - post_flight_check
  tasks:
    - debug:
        msg: "Post-Software checks completed successfully"

 ansible/configs/three-tier-tower/pre_infra.yml

New file
@@ -0,0 +1,33 @@
- name: Step 000 Pre Infrastructure
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - step001
    - pre_infrastructure
    - generate_env_keys
  tasks:
    - debug:
        msg: "Step 000 Pre Infrastructure"

    - name: Generate SSH keys
      shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N ""
      args:
        creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}"
      when: set_env_authorized_key

    - name: fix permission
      file:
        path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}"
        mode: 0400
      when: set_env_authorized_key

    - name: Generate SSH pub key
      shell: ssh-keygen -y -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" > "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub"
      args:
        creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}.pub"
      when: set_env_authorized_key

 ansible/configs/three-tier-tower/pre_software.yml

New file
@@ -0,0 +1,44 @@
# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }}

- name: Configure all hosts with Repositories, Common Files and Set environment key
  hosts:
    - all:!windows
  become: true
  gather_facts: False
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - step004
    - common_tasks
  roles:
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' }
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' }
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' }

- name: Configuring Bastion Hosts
  hosts: bastions
  become: true
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  roles:
    -  { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' }
  tags:
    - step004
    - bastion_tasks


- name: PreSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - flight_check
  tasks:
    - debug:
        msg: "Pre-Software checks completed successfully"

 ansible/configs/three-tier-tower/software.yml

New file
@@ -0,0 +1,19 @@
---
- name: Step 00xxxxx software
  hosts: localhost
  gather_facts: False
  become: false
  tasks:
    - debug:
        msg: "Software tasks Started"

- name: Software flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - post_flight_check
  tasks:
    - debug:
        msg: "Software checks completed successfully"