ansible/configs/ansible-tower-implementation/default_vars.yml
New file @@ -0,0 +1,77 @@ --- ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT ###### OR PASS as "-e" args to ansible-playbook command ### Common Host settings env_type: satellite-vm output_dir: /tmp/workdir # Writable working scratch directory email: "{{env_type}}@example.com" ## guid is the deployment unique identifier, it will be appended to all tags, ## files and anything that identifies this environment from another "just like it" guid: defaultguid ### Other Options are: file, satellite and rhn repo_method: file use_own_repos: true ### For RHN login # repo_method: rhn # rhsm_pool_ids: # - 8a85f99b6b498682016b521dfe463949 # rhel_subscription_user: # rhel_subscription_pass: ### If using repo_method: satellite, you must set these values as well. # satellite_url: satellite.example.com # satellite_org: Sat_org_name # satellite_activationkey: "rhel7basic" ###### repo_version: "3.6.0-1" tower_version: "{{repo_version}}" # This is where the ssh_config file will be created, this file is used to # define the communication method to all the hosts in the deployment deploy_local_ssh_config_location: "{{output_dir}}/" key_name: ocpkey # Keyname must exist in AWS ### If you want a Key Pair name created and injected into the hosts, # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` # you can use the key used to create the environment or use your own self generated key # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) use_own_key: true env_authorized_key: "{{guid}}key" set_env_authorized_key: true default_key_name: ~/.ssh/{{key_name}}.pem install_bastion: true install_common: true install_ipa_client: false tower_run: false update_packages: false update_all_packages: false install_satellite: True configure_satellite: false # This var is used to identify stack (cloudformation, azure resourcegroup, ...) project_tag: "{{ env_type }}-{{ guid }}" rhel_repos: - rhel-7-server-rpms - rhel-7-server-extras-rpms - epel-release-latest-7 common_packages: - python - unzip - bash-completion - tmux - bind-utils - wget - git - vim-enhanced - at - ansible cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " ... ansible/configs/ansible-tower-implementation/default_vars_ec2.yml
New file @@ -0,0 +1,161 @@ ################################################################################ ### Environment Settings for aws ################################################################################ ## Environment Sizing cloud_provider: ec2 # Which AgnosticD Cloud Provider to use ### Route 53 Zone ID (AWS) # This is the Route53 HostedZoneId where you will create your Public DNS entries # This only needs to be defined if your CF template uses route53 HostedZoneId: Z3IHLWJZOU9SRT aws_region: ap-southeast-2 ansible_user: ec2-user remote_user: ec2-user ## Environment Sizing bastion_instance_type: "t3.medium" tower_instance_type: "t3.medium" server_instance_type: "t3.small" tower_instance_count: 1 server_instance_count: 2 rootfs_size_bastion: 50 bastion_instance_image: RHELAMI tower_instance_image: RHELAMI server_instance_image: RHELAMI security_groups: - name: BastionSG rules: - name: BasSSHPublic description: "SSH public" from_port: 22 to_port: 22 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: TowerSG rules: - name: SatHTTPSPorts description: "HTTPS Public" from_port: 443 to_port: 443 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: BastionUDPPorts description: "Only from bastion" from_port: 0 to_port: 65535 protocol: udp from_group: DefaultSG rule_type: Ingress - name: BastionTCPPorts description: "Only from bastion" from_port: 0 to_port: 65535 protocol: tcp from_group: DefaultSG rule_type: Ingress # Environment Instances instances: - name: "bastion" count: 1 unique: true public_dns: true dns_loadbalancer: false security_groups: - BastionSG - DefaultSG image: "{{ bastion_instance_image }}" flavor: ec2: "{{bastion_instance_type}}" rootfs_size: "{{ rootfs_size_bastion }}" tags: - key: "AnsibleGroup" value: "bastions" - key: "ostype" value: "linux" - key: "instance_filter" value: "{{ env_type }}-{{ email }}" - name: "tower" count: "{{tower_instance_count}}" public_dns: true dns_loadbalancer: true security_groups: - TowerSG - DefaultSG image: "{{tower_instance_type}}" flavor: ec2: "{{tower_instance_type}}" tags: - key: "AnsibleGroup" value: "towers" - key: "ostype" value: "linux" - key: "instance_filter" value: "{{ env_type }}-{{ email }}" - name: "server" count: "{{server_instance_count}}" public_dns: false security_groups: - DefaultSG image: "{{server_instance_type}}" flavor: ec2: "{{server_instance_type}}" key_name: "{{key_name}}" tags: - key: "AnsibleGroup" value: "servers" - key: "ostype" value: "linux" - key: "instance_filter" value: "{{ env_type }}-{{ email }}" ### Networking (AWS) subdomain_base_short: "{{ guid }}" subdomain_base_suffix: ".example.opentlc.com" subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" zone_internal_dns: "{{guid}}.internal." chomped_zone_internal_dns: "{{guid}}.internal" tower_public_dns: "towerlb.{{subdomain_base}}." #tower_public_dns: "tower.{{subdomain_base}}." bastion_public_dns: "bastion.{{subdomain_base}}." bastion_public_dns_chomped: "bastion.{{subdomain_base}}" vpcid_cidr_block: "192.168.0.0/16" vpcid_name_tag: "{{subdomain_base}}" az_1_name: "{{ aws_region }}a" az_2_name: "{{ aws_region }}b" subnet_private_1_cidr_block: "192.168.2.0/24" subnet_private_1_az: "{{ az_2_name }}" subnet_private_1_name_tag: "{{subdomain_base}}-private" subnet_private_2_cidr_block: "192.168.1.0/24" subnet_private_2_az: "{{ az_1_name }}" subnet_private_2_name_tag: "{{subdomain_base}}-private" subnet_public_1_cidr_block: "192.168.10.0/24" subnet_public_1_az: "{{ az_1_name }}" subnet_public_1_name_tag: "{{subdomain_base}}-public" subnet_public_2_cidr_block: "192.168.20.0/24" subnet_public_2_az: "{{ az_2_name }}" subnet_public_2_name_tag: "{{subdomain_base}}-public" dopt_domain_name: "{{ aws_region }}.compute.internal" rtb_public_name_tag: "{{subdomain_base}}-public" rtb_private_name_tag: "{{subdomain_base}}-private" ansible/configs/ansible-tower-implementation/default_vars_osp.yml
New file @@ -0,0 +1,123 @@ ################################################################################ ### OSP Environment variables ################################################################################ cloud_provider: osp install_student_user: false ansible_user: cloud-user remote_user: cloud-user osp_cluster_dns_zone: red.osp.opentlc.com osp_cluster_dns_server: ddns01.opentlc.com use_dynamic_dns: true osp_project_create: true student_name: student admin_user: opentlc-mgr bastion_instance_type: 2c2g30d server_instance_type: 2c2g30d tower_instance_type: 2c4g30d _image: rhel-server-7.7-update-2 bastion_instance_image: "{{ _image }}" server_instance_image: "{{ _image }}" tower_instance_image: "{{ _image }}" tower_instance_count: 1 server_instance_count: 2 rootfs_size_bastion: 50 security_groups: - name: TowerSG rules: - name: SatHTTPSPorts description: "HTTPS Public" from_port: 443 to_port: 443 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: BastionUDPPorts description: "Only from bastion" from_port: 1 to_port: 65535 protocol: udp from_group: DefaultSG rule_type: Ingress - name: BastionTCPPorts description: "Only from bastion" from_port: 1 to_port: 65535 protocol: tcp from_group: DefaultSG rule_type: Ingress # Environment Instances instances: - name: bastion count: 1 unique: true public_dns: true dns_loadbalancer: true floating_ip: true image_id: "{{ bastion_instance_image }}" flavor: osp: "{{bastion_instance_type}}" tags: - key: "AnsibleGroup" value: "bastions" - key: "ostype" value: "linux" - key: "instance_filter" value: "{{ env_type }}-{{ email }}" rootfs_size: "{{ rootfs_size_bastion }}" security_groups: - BastionSG - DefaultSG - name: "tower" count: "{{tower_instance_count}}" public_dns: true dns_loadbalancer: true floating_ip: true image_id: "{{ tower_instance_image }}" flavor: osp: "{{tower_instance_type}}" tags: - key: "AnsibleGroup" value: "towers" - key: "ostype" value: "linux" - key: "instance_filter" value: "{{ env_type }}-{{ email }}" security_groups: - TowerSG - DefaultSG - name: "server" count: "{{server_instance_count}}" public_dns: false floating_ip: false image_id: "{{ server_instance_image }}" flavor: osp: "{{server_instance_type}}" tags: - key: "AnsibleGroup" value: "servers" - key: "ostype" value: "rhel" - key: "instance_filter" value: "{{ env_type }}-{{ email }}" key_name: "{{key_name}}" security_groups: - DefaultSG
File was deleted ansible/configs/ansible-tower-implementation/files/cloud_providers/azure_cloud_template.j2
File was deleted ansible/configs/ansible-tower-implementation/files/cloud_providers/osp_cloud_template_master.j2
New file @@ -0,0 +1,225 @@ #jinja2: lstrip_blocks: "True" --- heat_template_version: 2018-03-02 description: >- Top level HOT for creating new project, network resources and instances. This template relies on ResourceGroups and a nested template that is called to provision instances, ports, & floating IPs. resources: {{ guid }}-infra_key: type: OS::Nova::KeyPair properties: name: {{ guid }}-infra_key save_private_key: true {% if osp_project_create | bool %} {{ guid }}-project_user: type: OS::Keystone::User properties: name: {{ guid }}-user password: {{ heat_user_password }} domain: Default {{ guid }}-project_role_user: type: OS::Keystone::UserRoleAssignment properties: user: {get_resource: {{ guid }}-project_user} roles: - {project: {{ osp_project_name }}, role: _member_} - {project: {{ osp_project_name }}, role: swiftoperator} depends_on: - {{ guid }}-project_user {% endif %} {% for network in networks %} {{ network['name'] }}-network: type: OS::Neutron::Net properties: name: "{{ guid }}-{{ network['name'] }}-network" shared: {{ network['shared'] }} {{ network['name'] }}-subnet: type: OS::Neutron::Subnet properties: name: "{{ guid }}-{{ network['name'] }}-subnet" network_id: {get_resource: {{ network['name'] }}-network} {% if network['dns_nameservers'] is defined %} dns_nameservers: {{ network['dns_nameservers'] }} {% endif %} cidr: {{ network['subnet_cidr'] }} gateway_ip: {{ network['gateway_ip'] }} allocation_pools: - start: {{ network['allocation_start'] }} end: {{ network['allocation_end'] }} {% if network['create_router'] %} {{ network['name'] }}-router: type: OS::Neutron::Router properties: name: "{{ guid }}-{{ network['name'] }}-router" external_gateway_info: network: "{{ provider_network }}" {{ network['name'] }}-router_private_interface: type: OS::Neutron::RouterInterface properties: router: {get_resource: {{ network['name'] }}-router} subnet: {get_resource: {{ network['name'] }}-subnet} {% endif %} {% endfor %} ################### # Security groups # ################### {% for security_group in security_groups | list + default_security_groups | list %} {{ security_group['name'] }}: type: OS::Neutron::SecurityGroup properties: name: {{ guid }}-{{ security_group['name'] }} {% if security_group['description'] is defined %} description: "{{ security_group['description'] }}" {% endif %} {% for rule in security_group.rules %} {% if rule['name'] is defined %} {{ guid }}-{{ security_group['name'] }}-rule_{{ rule['name'] }}: {% else %} {{ guid }}-{{ security_group['name'] }}-rule_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}: {% endif %} type: OS::Neutron::SecurityGroupRule properties: security_group: {get_resource: {{ security_group['name'] }}} direction: {{ rule['direction'] | default(rule.rule_type) | lower }} protocol: {{ rule['protocol'] | lower }} {% if rule['description'] is defined %} description: {{ rule['description'] }} {% endif %} {% if rule['port_range_min'] is defined or rule.from_port is defined %} port_range_min: {{ rule['port_range_min'] | default(rule.from_port) }} {% endif %} {% if rule['port_range_max'] is defined or rule.to_port is defined %} port_range_max: {{ rule['port_range_max'] | default(rule.to_port) }} {% endif %} {% if rule['remote_ip_prefix'] is defined or rule.cidr is defined %} remote_ip_prefix: {{ rule['remote_ip_prefix'] | default(rule.cidr) }} {% endif %} {% if rule['remote_group'] is defined or rule.from_group is defined %} remote_group: {get_resource: {{ rule['remote_group'] | default(rule.from_group) }}} {% endif %} depends_on: {{ security_group['name'] }} {% endfor %} {% endfor %} ############# # Instances # ############# {% for instance in instances %} {% for myinstanceindex in range(instance.count|int) %} {% set iname = instance.name if instance.count == 1 else [instance.name, loop.index] | join() %} ########### {{ iname }} ########### port_{{ iname }}: type: OS::Neutron::Port properties: network: { get_resource: {{ instance['network'] | default('default') }}-network } security_groups: {% if instance.security_groups is defined %} {% for security_group in instance.security_groups %} - {get_resource: {{ security_group }}} {% endfor %} {% endif %} depends_on: - {{ instance['network'] | default('default') }}-router_private_interface {% if instance.floating_ip | default(false) or instance.public_dns | default(false) %} fip_{{ iname }}: type: OS::Neutron::FloatingIP properties: floating_network: {{ provider_network }} depends_on: - {{ instance['network'] | default('default') }}-router_private_interface fip_association_{{ iname }}: type: OS::Neutron::FloatingIPAssociation properties: floatingip_id: {get_resource: fip_{{ iname }}} port_id: {get_resource: port_{{ iname }}} {% endif %} server_{{ iname }}: type: OS::Nova::Server properties: name: {{ iname }} flavor: {{ instance.flavor.osp }} key_name: {get_resource: {{ guid }}-infra_key} block_device_mapping_v2: - image: {{ instance.image_id }} delete_on_termination: true volume_size: {{ instance['rootfs_size'] | default(osp_default_rootfs_size) }} boot_index: 0 user_data: | #cloud-config ssh_authorized_keys: {{ all_ssh_authorized_keys | to_json }} user_data_format: RAW networks: - port: {get_resource: port_{{ iname }}} {% if instance['metadata'] is defined %} metadata: {{ instance.metadata | combine(default_metadata) | to_json }} {% endif %} {% if instance.tags is defined %} # Convert EC2 tags metadata: {% for key, value in default_metadata.items() %} '{{ key }}': {{ value | to_json }} {% endfor %} {% for tag in instance.tags %} '{{ tag.key }}': {{ tag.value | to_json }} {% endfor %} {% endif %} depends_on: - {{ instance['network'] | default('default') }}-router_private_interface {% if 'security_groups' in instance %} {% for security_group in instance.security_groups %} - {{ security_group }} {% endfor %} {% endif %} {% if instance.volumes is defined %} #### Volumes for {{ iname }} #### {% for volume in instance.volumes %} {% set loopvolume = loop %} {% set vname = ["volume", iname, loopvolume.index] | join('_') %} {{ vname }}: type: OS::Cinder::Volume properties: size: {{ volume.volume_size }} {% if volume.volume_name is defined %} name: {{ volume.volume_name }} {% endif %} volume_attachment_{{ vname }}: type: OS::Cinder::VolumeAttachment properties: volume_id: {get_resource: {{ vname }}} instance_uuid: {get_resource: server_{{ iname }}} {% endfor %} {% endif %} {% endfor %} {% endfor %} outputs: {{ guid }}-infra_key: description: The SSH infra key value: {get_attr: [{{ guid }}-infra_key, private_key]} ansible/configs/ansible-tower-implementation/files/cloud_providers/terraform_ec2_cloud_template.tf.j2
File was deleted ansible/configs/ansible-tower-implementation/files/cloud_providers/terraform_ec2_cloud_template.tfvars.j2
File was deleted ansible/configs/ansible-tower-implementation/sample_vars_ec2.yml
New file @@ -0,0 +1,9 @@ --- env_type: ansible-tower-implementation output_dir: /tmp/workdir # Writable working scratch directory email: ans-tower-imp@example.com guid: guid01 cloud_provider: ec2 aws_region: ap-southeast-2
@@ -1,58 +1,9 @@ --- # sample vars configuration file # # This file is passed to ansible-playbook to set key vars which need to be set # and typically customized for a sucessful deployment. # # Usage: ansible-playbook main.yml -e @configs/ansible-tower-implementation/sample_vars.yml # # Ideally make and keep a copy OUTSIDE your repo, especially if using Cloud Credentials # Credentials can also be set seperately i.e. ~/secrets.yml and passed in with # a 2nd `-e` argument i.e. -e ~/secrets.yml env_type: ansible-tower-implementation # Name of config to deploy env_type: ansible-tower-implementation # Name of config to deploy output_dir: /tmp/output_dir # Writable working scratch directory email: name@example.com # User info for notifications guid: guid01 # Your Global UNIQUE Identifier repo_method: file own_repo_path: http://admin.example.com/repos/version ansible_user: cloud-user remote_user: cloud-user # Cloud specfic settings - example given here for OSP cloud_provider: osp # Which AgnosticD Cloud Provider to use # The domain that you want to add DNS entries to email: name@example.com cloud_provider: osp guid: guid01 osp_cluster_dns_zone: red.osp.opentlc.com # The dynamic DNS server you will add entries to. # NOTE: This is only serverlicable when {{ use_dynamic_dns}} is true osp_cluster_dns_server: ddns01.opentlc.com use_dynamic_dns: true # Instance type bastion_instance_type: 2c2g30d server_instance_type: 2c2g30d tower_instance_type: 2c4g30d #___image: rhel-guest-7.7u2 # blue ___image: rhel-server-7.7-update-2 # red bastion_instance_image: "{{ ___image }}" server_instance_image: "{{ ___image }}" tower_instance_image: "{{ ___image }}" student_name: student admin_user: opentlc-mgr #admin_user: gucore update_all_packages: false osp_project_create: true
