satellite config + roles/rhn-subscription-manager,satellite-installation

Mitesh Sharma

2019-03-28 4f0de913941ddf7ba6625b9ac2fa82e920515b4e

satellite config + roles/rhn-subscription-manager,satellite-installation

 ansible/configs/satellite-vm/README.adoc

New file
@@ -0,0 +1,57 @@
= satellite-vm config

== Review the Env_Type variable file

* This file link:./env_vars.yml[./env_vars.yml] contains all the variables you
 need to define to control the deployment of your environment.


== Running Ansible Playbook

You can run the playbook with the following arguments to overwrite the default variable values:
From the `ansible_agnostic_deployer/ansible` directory run
`
[source,bash]
----
ENVTYPE=satellite-vm
GUID=test01
BASESUFFIX='.example.opentlc.com'
CLOUDPROVIDER=ec2
REGION=us-east-1
HOSTZONEID='Z3IHLWJZOU9SRT'
KEYNAME=ocpkey
RHN_USER=<rhn_username>
RHN_PASS=<rhn_password>

ansible-playbook main.yml  \
      -e "guid=${GUID}" \
      -e "env_type=${ENVTYPE}" \
      -e "key_name=${KEYNAME}" \
      -e "subdomain_base_suffix=${BASESUFFIX}" \
      -e "cloud_provider=${CLOUDPROVIDER}" \
      -e "aws_region=${REGION}" \
      -e "HostedZoneId=${HOSTZONEID}" \
      -e "email=name@example.com" \
      -e "output_dir=/tmp/workdir" \
      -e "rhn_username=${RHN_USER}"  \
      -e "rhn_password=${RHN_PASS}" \
      -e @~/secret.yml

=== To Delete an environment
----

REGION=us-east-1
KEYNAME=ocpkey
GUID=test01
ENVTYPE=satellite-vm
CLOUDPROVIDER=ec2

ansible-playbook configs/${ENVTYPE}/destroy_env.yml \
        -e "guid=${GUID}" -e "env_type=${ENVTYPE}" \
        -e "cloud_provider=${CLOUDPROVIDER}" \
        -e "aws_region=${REGION}"  -e "key_name=${KEYNAME}"  \
        -e "subdomain_base_suffix=${BASESUFFIX}" \
        -e @~/secret.yml -vv

       
----

 ansible/configs/satellite-vm/destroy_env.yml

New file
@@ -0,0 +1,18 @@
---
- import_playbook: ../../include_vars.yml

- name: Delete Infrastructure
  hosts: localhost
  connection: local
  gather_facts: False
  become: no
  tasks:
    - name: Run infra-ec2-template-destroy
      include_role:
        name: "infra-{{cloud_provider}}-template-destroy"
      when: cloud_provider == 'ec2'

    - name: Run infra-azure-template-destroy
      include_role:
        name: "infra-{{cloud_provider}}-template-destroy"
      when: cloud_provider == 'azure'

 ansible/configs/satellite-vm/env_vars.yml

New file
@@ -0,0 +1,293 @@
---
## TODO: What variables can we strip out of here to build complex variables?
## i.e. what can we add into group_vars as opposed to config_vars?
## Example: We don't really need "subdomain_base_short". If we want to use this,
## should just toss in group_vars/all.
### Also, we should probably just create a variable reference in the README.md
### For now, just tagging comments in line with configuration file.

### Vars that can be removed:
# use_satellite: true

use_own_repos: false
rhn_subscription_manager: True
username: "{{ rhn_username}}" 
password: "{{ rhn_password }}" 
satellite_admin: admin
satellite_admin_password: r3dh4t1! 
repo_pool_ids: 
  - 8a85f98460bfb0470160c2ff22f13e47
subscription_enable_repos:
  - rhel-7-server-rpms 
  - rhel-server-rhscl-7-rpms 
  - rhel-7-server-satellite-6.4-rpms 
  - rhel-7-server-satellite-maintenance-6-rpms 
  - rhel-7-server-ansible-2.6-rpms
  
install_satellite: True
###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
###### OR PASS as "-e" args to ansible-playbook command

### Common Host settings

repo_method: file # Other Options are: file, satellite and rhn
tower_admin_password: 'r3dh4t1!'
# Do you want to run a full yum update
update_packages: false
#If using repo_method: satellite, you must set these values as well.
# satellite_url: https://satellite.example.com
# satellite_org: Sat_org_name
# satellite_activationkey: "rhel7basic"

## guid is the deployment unique identifier, it will be appended to all tags,
## files and anything that identifies this environment from another "just like it"
guid: defaultguid

install_bastion: true
install_common: true
install_ipa_client: false
## SB Don't set software_to_deploy from here, always use extra vars (-e) or "none" will be used
#software_to_deploy: none

repo_version: "3.6"
osrelease: 3.6

### If you want a Key Pair name created and injected into the hosts,
# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
# you can use the key used to create the environment or use your own self generated key
# if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}})
use_own_key: true
env_authorized_key: "{{guid}}key"
ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
set_env_authorized_key: true
# Is this running from Red Hat Ansible Tower
tower_run: false

### AWS EC2 Environment settings

### Route 53 Zone ID (AWS)
# This is the Route53 HostedZoneId where you will create your Public DNS entries
# This only needs to be defined if your CF template uses route53
HostedZoneId: Z3IHLWJZOU9SRT
# The region to be used, if not specified by -e in the command line
aws_region: ap-southeast-2
# The key that is used to
key_name: "default_key_name"

## Networking (AWS)
subdomain_base_short: "{{ guid }}"
subdomain_base_suffix: ".example.opentlc.com"
subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}"

## Environment Sizing

bastion_instance_type: "t2.medium"

satellite_instance_count: 1
satellite_instance_type: "t2.large"

subnets:
  - name: PublicSubnet
    cidr: "192.168.1.0/24"
    routing_table: true

security_groups:
  - name: BastionSG
    rules:
      - name: BasSSHPublic
        description: "SSH public"
        from_port: 22
        to_port: 22
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress

  - name: SatSG
    rules:
      - name: SatSSHPublic
        description: "SSH public"
        from_port: 22
        to_port: 22
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress        
      - name: SatUDPPorts
        description: "Only from bastion"
        from_port: 0
        to_port: 65535
        protocol: udp
        group: BastionSG
        rule_type: Ingress
      - name: SatHTTPPorts
        description: "HTTP Public"
        from_port: 80
        to_port: 80
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress
      - name: SatHTTPSPorts
        description: "HTTPS Public"
        from_port: 443
        to_port: 443
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress       
      - name: SatKatello5646Ports
        description: "Katello/qpid Public"
        from_port: 5646
        to_port: 5646
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress   
      - name: SatKatello5647Ports
        description: "Katello/qpid Public"
        from_port: 5647
        to_port: 5647
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatamqpPorts
        description: "amqp Public"
        from_port: 5671
        to_port: 5671
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatPuppetPorts
        description: "Puppet Public"
        from_port: 8140
        to_port: 8140
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatForemanPorts
        description: "Foreman Smart Proxy Public"
        from_port: 9090
        to_port: 9090
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatDNSTCPPorts
        description: "DNS Public"
        from_port: 53
        to_port: 53
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatDNSUDPPorts
        description: "DNS Public"
        from_port: 53
        to_port: 53
        protocol: udp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatDHCP67Ports
        description: "DHCP Public"
        from_port: 67
        to_port: 67
        protocol: udp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatDHCP68Ports
        description: "DHCP Public"
        from_port: 68
        to_port: 68
        protocol: udp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 
      - name: SatTFTPPorts
        description: "TFTP Public"
        from_port: 69
        to_port: 69
        protocol: udp
        cidr: "0.0.0.0/0"
        rule_type: Ingress 

instances:
  - name: "satellite"
    count: "{{satellite_instance_count}}"
    public_dns: true
    security_group: "SatSG"
    flavor:
      "ec2": "{{satellite_instance_type}}"
    tags:
      - key: "AnsibleGroup"
        value: "satellites"
      - key: "ostype"
        value: "rhel"
    key_name: "{{key_name}}"


###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT
###### You can, but you usually wouldn't need to.
ansible_user: ec2-user
remote_user: ec2-user

common_packages:
  - python
  - unzip
  - bash-completion
  - tmux
  - bind-utils
  - wget
  - git
  - vim-enhanced
  - at
  - python27-python-pip
  - gcc
  - mosh
  - python-pip

rhel_repos:
  - rhel-7-server-rpms
  - rhel-7-server-extras-rpms
  - epel-release-latest-7


project_tag: "{{ env_type }}-{{ guid }}"

zone_internal_dns: "{{guid}}.internal."
chomped_zone_internal_dns: "{{guid}}.internal"

# cloudapps_dns: '*.apps.{{subdomain_base}}.'
# tower_public_dns: "towerlb.{{subdomain_base}}."

#tower_public_dns: "tower.{{subdomain_base}}."
bastion_public_dns: "bastion.{{subdomain_base}}."
bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
# we don't use this anymore <sborenst>
# satellite_public_dns: "ad.{{subdomain_base}}."
# satellite_public_dns_chomped: "ad.{{subdomain_base}}"

vpcid_cidr_block: "192.168.0.0/16"
vpcid_name_tag: "{{subdomain_base}}"

az_1_name: "{{ aws_region }}a"
az_2_name: "{{ aws_region }}b"

subnet_private_1_cidr_block: "192.168.2.0/24"
subnet_private_1_az: "{{ az_2_name }}"
subnet_private_1_name_tag: "{{subdomain_base}}-private"

subnet_private_2_cidr_block: "192.168.1.0/24"
subnet_private_2_az: "{{ az_1_name }}"
subnet_private_2_name_tag: "{{subdomain_base}}-private"

subnet_public_1_cidr_block: "192.168.10.0/24"
subnet_public_1_az: "{{ az_1_name }}"
subnet_public_1_name_tag: "{{subdomain_base}}-public"

subnet_public_2_cidr_block: "192.168.20.0/24"
subnet_public_2_az: "{{ az_2_name }}"
subnet_public_2_name_tag: "{{subdomain_base}}-public"

dopt_domain_name: "{{ aws_region }}.compute.internal"

rtb_public_name_tag: "{{subdomain_base}}-public"
rtb_private_name_tag: "{{subdomain_base}}-private"


cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer "


secret_dir: "~/secrets"

 ansible/configs/satellite-vm/files/cloud_providers/ec2_cloud_template.j2

New file
@@ -0,0 +1,347 @@
AWSTemplateFormatVersion: "2010-09-09"
Mappings:
  RegionMapping:
    eu-west-3:
      WIN2012R2: ami-040ef025ec13d58bf # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    us-east-1:
      RHELAMI: ami-c998b6b2
      WIN2012R2AMI: ami-0fba87d7f8c8744d4 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    us-east-2:
      RHELAMI: ami-cfdafaaa
      WIN2012R2AMI: ami-0679e5ac84d15f15e # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    us-west-1:
      RHELAMI: ami-66eec506
      WIN2012R2AMI: ami-04370c2a300903acc # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    us-west-2:
      RHELAMI: ami-9fa343e7
      WIN2012R2AMI: ami-02e27664434db6def # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    eu-west-1:
      RHELAMI: ami-bb9a6bc2
      WIN2012R2AMI: ami-01dbaf1c50a36891d # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    eu-west-2:
      WIN2012R2AMI: ami-0a7551990da17b8d6 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    ca-central-1:
      WIN2012R2AMI: ami-0a27bbef221046aae # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    eu-central-1:
      RHELAMI: ami-d74be5b8
      WIN2012R2AMI: ami-0d55859ee09a59138 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    ap-northeast-1:
      RHELAMI: ami-30ef0556
      WIN2012R2AMI: ami-0a45b66bda01c89c8 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    ap-northeast-2:
      RHELAMI: ami-44db152a
      WIN2012R2AMI: ami-0b3a3970b73d5b63a # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    ap-southeast-1:
      RHELAMI: ami-10bb2373
      WIN2012R2AMI: ami-0bf96f139bff648cc # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    ap-southeast-2:
      RHELAMI: ami-ccecf5af
      WIN2012R2AMI: ami-0664c039c4dea5193 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    sa-east-1:
      RHELAMI: ami-a789ffcb
      WIN2012R2AMI: ami-01d74c2e93478e2f5 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
    ap-south-1:
      RHELAMI: ami-cdbdd7a2
      WIN2012R2AMI: ami-0bd1dc65d74266ee2 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14
  DNSMapping:
    "us-east-1":
      domain: "us-east-1.compute.internal"
    "us-west-1":
      domain: "us-west-1.compute.internal"
    "us-west-2":
      domain: "us-west-2.compute.internal"
    "eu-west-1":
      domain: "eu-west-1.compute.internal"
    "eu-central-1":
      domain: "eu-central-1.compute.internal"
    "ap-northeast-1":
      domain: "ap-northeast-1.compute.internal"
    "ap-northeast-2":
      domain: "ap-northeast-2.compute.internal"
    "ap-southeast-1":
      domain: "ap-southeast-1.compute.internal"
    "ap-southeast-2":
      domain: "ap-southeast-2.compute.internal"
    "sa-east-1":
      domain: "sa-east-1.compute.internal"
    "ap-south-1":
      domain: "ap-south-1.compute.internal"
Resources:
   Vpc:
    Type: "AWS::EC2::VPC"
    Properties:
     CidrBlock: "{{vpcid_cidr_block}}"
     EnableDnsSupport: true
     EnableDnsHostnames: true
     Tags:
      - Key: Name
        Value: "{{vpcid_name_tag}}"
      - Key: Hostlication
        Value:
          Ref: "AWS::StackId"
   VpcInternetGateway:
    Type: "AWS::EC2::InternetGateway"
   VpcGA:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
     InternetGatewayId:
      Ref: VpcInternetGateway
     VpcId:
      Ref: Vpc
   VpcRouteTable:
    Type: "AWS::EC2::RouteTable"
    Properties:
     VpcId:
      Ref: Vpc
   VPCRouteInternetGateway:
    DependsOn: VpcGA
    Type: "AWS::EC2::Route"
    Properties:
     GatewayId:
      Ref: VpcInternetGateway
     DestinationCidrBlock: "0.0.0.0/0"
     RouteTableId:
      Ref: VpcRouteTable

{% for subnet in subnets %}
   {{subnet['name']}}:
    Type: "AWS::EC2::Subnet"
    DependsOn:
      - Vpc
    Properties:
      CidrBlock: "{{subnet['cidr']}}"
      Tags:
        - Key: Name
          Value: "{{project_tag}}"
      MapPublicIpOnLaunch: true
      VpcId:
        Ref: Vpc
{% endfor %}

   PublicSubnetRTA:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
     RouteTableId:
      Ref: VpcRouteTable
     SubnetId:
      Ref: PublicSubnet
{% for security_group in security_groups %}
   {{security_group['name']}}:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: Host
      VpcId:
        Ref: Vpc
      Tags:
        - Key: Name
          Value: "{{security_group['name']}}"
{% endfor %}

{% for security_group in security_groups %}
{% for rule in security_group['rules'] %}
   {{security_group['name']}}{{rule['name']}}:
    Type: "AWS::EC2::SecurityGroup{{rule['rule_type']}}"
    Properties:
     GroupId:
       Fn::GetAtt:
         - "{{security_group['name']}}"
         - GroupId
     IpProtocol: {{rule['protocol']}}
     FromPort: {{rule['from_port']}}
     ToPort: {{rule['to_port']}}
{% if rule['cidr'] is defined %}
     CidrIp: "{{rule['cidr']}}"
{% endif  %}
{% if rule['group'] is defined %}
     SourceSecurityGroupId:
       Fn::GetAtt:
        - "{{rule['group']}}"
        - GroupId
{% endif  %}
{% endfor %}
{% endfor %}

   zoneinternalidns:
    Type: "AWS::Route53::HostedZone"
    Properties:
     Name: "{{ zone_internal_dns }}"
     VPCs:
      - VPCId:
          Ref: Vpc
        VPCRegion:
          Ref: "AWS::Region"
     HostedZoneConfig:
      Comment: "Created By ansible agnostic deployer"
   BastionDNS:
    Type: "AWS::Route53::RecordSetGroup"
    DependsOn:
     - BastionEIP
    Properties:
     HostedZoneId: "{{HostedZoneId}}"
     RecordSets:
      - Name: "bastion.{{subdomain_base}}."
        Type: A
        TTL: 10
        ResourceRecords:
        - "Fn::GetAtt":
          - Bastion
          - PublicIp
   Bastion:
    Type: "AWS::EC2::Instance"
    Properties:
     ImageId:
      "Fn::FindInMap":
       - RegionMapping
       - Ref: "AWS::Region"
       - RHELAMI
     InstanceType: "{{bastion_instance_type}}"
     KeyName: "{{key_name}}"
     SecurityGroupIds:
        - "Fn::GetAtt":
          - BastionSG
          - GroupId
     SubnetId:
      Ref: PublicSubnet
     Tags:
        - Key: Name
          Value: bastion
        - Key: AnsibleGroup
          Value: bastions
        - Key: Project
          Value: "{{project_tag}}"
        - Key: "{{project_tag}}"
          Value: bastion
        - Key: internaldns
          Value: "bastion.{{chomped_zone_internal_dns}}"
        - Key: owner
          Value: "{{ email | default('unknown')}}"
   BastionEIP:
    Type: "AWS::EC2::EIP"
    DependsOn:
     - VpcGA
    Properties:
     InstanceId:
      Ref: Bastion
   BastionInternalDNS:
    Type: "AWS::Route53::RecordSetGroup"
    Properties:
     HostedZoneId:
      Ref: zoneinternalidns
     RecordSets:
      - Name: "bastion.{{zone_internal_dns}}"
        Type: A
        TTL: 10
        ResourceRecords:
        - "Fn::GetAtt":
          - Bastion
          - PrivateIp

{% for instance in instances %}
{% if instance['dns_loadbalancer']|d(false)|bool %}
   {{instance['name']}}DNSLoadBalancer:
    Type: "AWS::Route53::RecordSetGroup"
    DependsOn:
{% for c in range(1,(instance['count'] |int)+1) %}
    - {{instance['name']}}{{c}}EIP
{% endfor %}
    Properties:
     HostedZoneId: {{HostedZoneId}}
     RecordSets:
      - Name: "{{instance['name']}}.{{subdomain_base}}."
        Type: A
        TTL: 900
        ResourceRecords:
{% for c in range(1,(instance['count'] |int)+1) %}
{% set instancecount = loop %}
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PublicIp
{% endfor %}
{% endif %}

{% for c in range(1,(instance['count'] |int)+1) %}
{% set instancecount = loop %}
#this is host {{instance['name']}}{{loop.index}}

   {{instance['name']}}{{loop.index}}:
    Type: "AWS::EC2::Instance"
    Properties:
     ImageId:
      "Fn::FindInMap":
       - RegionMapping
       - Ref: "AWS::Region"
       - {{ instance['image_id'] | default('RHELAMI') }}

     InstanceType: "{{instance['flavor'][cloud_provider]}}"
     KeyName: "{{instance['key_name'] | default(key_name)}}"
{% if instance['UserData'] is defined %}
     {{instance['UserData']}}
{% endif %}
     SecurityGroupIds:
        - "Fn::GetAtt":
          - {{instance['security_group']}}
          - GroupId
     SubnetId:
      Ref: PublicSubnet
     Tags:
      - Key: Name
        Value: {{instance['name']}}{{instancecount.index}}
      - Key: internaldns
        Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}}
      - Key: "owner"
        Value: "{{ email | default('unknownuser') }}"
      - Key: "Project"
        Value: "{{project_tag}}"
      - Key: "{{project_tag}}"
        Value: "{{ instance['name'] }}"
{% for tag in instance['tags'] %}
      - Key: {{tag['key']}}
        Value: {{tag['value']}}
{% endfor %}
     BlockDeviceMappings:
        - DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 50
        - DeviceName: "/dev/xvdb"
          Ebs:
            VolumeType: gp2
            VolumeSize: 20
   {{instance['name']}}{{loop.index}}InternalDNS:
    Type: "AWS::Route53::RecordSetGroup"
    Properties:
     HostedZoneId:
      Ref: zoneinternalidns
     RecordSets:
      - Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}"
        Type: A
        TTL: 10
        ResourceRecords:
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PrivateIp
{% if instance['public_dns'] %}
   {{instance['name']}}{{loop.index}}EIP:
     Type: "AWS::EC2::EIP"
     DependsOn:
      - VpcGA
     Properties:
      InstanceId:
       Ref: {{instance['name']}}{{loop.index}}
   {{instance['name']}}{{loop.index}}PubliclDNS:
     Type: "AWS::Route53::RecordSetGroup"
     DependsOn:
        - {{instance['name']}}{{loop.index}}EIP
     Properties:
      HostedZoneId: {{HostedZoneId}}
      RecordSets:
         - Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}."
           Type: A
           TTL: 10
           ResourceRecords:
           - "Fn::GetAtt":
             - {{instance['name']}}{{loop.index}}
             - PublicIp
{% endif %}

{% endfor %}
{% endfor %}

 ansible/configs/satellite-vm/files/cloud_providers/ec2_cloud_template_json.j2

New file
@@ -0,0 +1,1014 @@
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": { },
  "Mappings": {
    "RegionMapping": {
      "us-east-1": {
        "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd"
      },
      "us-east-2": {
        "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938"
      },
      "us-west-1": {
        "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5"
      },
      "us-west-2": {
        "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944"
      },
      "eu-west-1": {
        "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214"
      },
      "eu-central-1": {
        "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec"
      },
      "ap-northeast-1": {
        "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4"
      },
      "ap-northeast-2": {
        "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267"
      },
      "ap-southeast-1": {
        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab"
      },
      "ap-southeast-2": {
        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925"
      },
      "sa-east-1": {
        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c"
      },
      "ap-south-1": {
        "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed"
      }
    },
    "DNSMapping": {
      "us-east-1": {
        "domain": "us-east-1.compute.internal"
      },
      "us-west-1": {
        "domain": "us-west-1.compute.internal"
      },
      "us-west-2": {
        "domain": "us-west-2.compute.internal"
      },
      "eu-west-1": {
        "domain": "eu-west-1.compute.internal"
      },
      "eu-central-1": {
        "domain": "eu-central-1.compute.internal"
      },
      "ap-northeast-1": {
        "domain": "ap-northeast-1.compute.internal"
      },
      "ap-northeast-2": {
        "domain": "ap-northeast-2.compute.internal"
      },
      "ap-southeast-1": {
        "domain": "ap-southeast-1.compute.internal"
      },
      "ap-southeast-2": {
        "domain": "ap-southeast-2.compute.internal"
      },
      "sa-east-1": {
        "domain": "sa-east-1.compute.internal"
      },
      "ap-south-1": {
        "domain": "ap-south-1.compute.internal"
      }
    }
  },
  "Resources": {
    "Vpc": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "192.168.0.0/16",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "true",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{vpcid_name_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ]
      }
    },
    "VpcInternetGateway": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {}
    },
    "VpcGA": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "InternetGatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VpcRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VPCRouteInternetGateway": {
      "DependsOn" : "VpcGA",
  "Type": "AWS::EC2::Route",
      "Properties": {
        "GatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        }
      }
    },
    "PublicSubnet": {
      "Type": "AWS::EC2::Subnet",
      "DependsOn": [
        "Vpc"
      ],
      "Properties": {
        "CidrBlock": "192.168.0.0/24",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ],
        "MapPublicIpOnLaunch": "true",
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "PublicSubnetRTA": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        },
        "SubnetId": {
          "Ref": "PublicSubnet"
        }
      }
    },
    "HostSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Host",
        "VpcId": {
          "Ref": "Vpc"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "host_sg"
          }
        ]
      }
    },
    "HostUDPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "udp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "HostTCPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "zoneinternalidns": {
      "Type": "AWS::Route53::HostedZone",
      "Properties": {
        "Name": "{{ zone_internal_dns }}",
        "VPCs" :  [{
      "VPCId": { "Ref" : "Vpc" },
      "VPCRegion": { "Ref": "AWS::Region" } } ],
        "HostedZoneConfig": {
          "Comment": "Created By ansible agnostic deployer"
        }
      }
    },
    "WindowsDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "Windows1EIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{activedirectory_public_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "windows1",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "BastionDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{bastion_public_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "CloudDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{cloudapps_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "TowerDNSLoadBalancer": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": "tower{{tower_instance_count}}EIP",
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
        {
          "Name" : "{{tower_public_dns}}",
          "Type" : "A",
          "TTL" : "900",
          "ResourceRecords" : [
{% for c in range(1,(tower_instance_count|int)+1) %}

{ "Fn::GetAtt": [ "tower{{loop.index}}", "PublicIp" ] }{% if loop.index < tower_instance_count   %},{% endif %}

{% endfor %}
          ]}]
    }},
    {% for c in range(1,(tower_instance_count|int)+1) %}

    "PublicHostDNS{{loop.index}}": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": "tower{{tower_instance_count}}EIP",
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
        {
          "Name" : "tower{{loop.index}}.{{subdomain_base}}.",
          "Type" : "A",
          "TTL" : "900",
          "ResourceRecords" : [

{ "Fn::GetAtt": [ "tower{{loop.index}}", "PublicIp" ] }

          ]}]
    }},
{% endfor %}

    "Bastion": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{bastion_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "bastion"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "bastions"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "bastion"
          },
          {
            "Key": "internaldns",
            "Value": "bastion.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ]
      }
    },
      "BastionEIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "Bastion" }
          }
      },
    "BastionInternalDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "bastion.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },

  {% for c in range(1,(tower_instance_count|int)+1) %}
        "tower{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{tower_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "tower{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "towers"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "tower"
              },
              {
                "Key": "internaldns",
                "Value": "tower{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 20
                }
              }
            ]
          }

        },
      "tower{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "tower{{loop.index}}" }
          }
      },
        "tower{{loop.index}}DNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "tower{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "tower{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },

        {% endfor %}

        {% for c in range(1,(frontend_instance_count|int)+1) %}
        "frontend{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{frontend_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "frontend{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "frontends"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "frontend"
              },
              {
                "Key": "internaldns",
                "Value": "frontend{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 30
                }
              }
            ]
          }

        },

        "frontend{{loop.index}}DNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "frontend{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "frontend{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
        {% for c in range(1,(app_instance_count|int)+1) %}
        "app{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{app_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "app{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "apps"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "app"
              },
              {
                "Key": "internaldns",
                "Value": "app{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 30
                }
              }
            ]
          }

        },

        "app{{loop.index}}DNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "app{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "app{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
    {% for c in range(1,(appdb_instance_count|int)+1) %}
    "appdb{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{appdb_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "appdb{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "appdbs"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "appdb"
          },
          {
            "Key": "internaldns",
            "Value": "appdb{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 30
            }
          }
        ]
      }

    },

    "appdb{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "appdb{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "appdb{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    {% endfor %}
    {% for c in range(1,(windows_instance_count|int)+1) %}
    "windows{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "WIN2012R2AMI"
          ]
        },
        "InstanceType": "{{windows_instance_type}}",
        "KeyName": "{{key_name}}",
        "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
          "<powershell>\n",
          "$admin = [adsi]('WinNT://./administrator, user')\n",
          "$admin.PSBase.Invoke('SetPassword', '{{ windows_password | default(generated_windows_password) }}')\n",
          "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n",
          "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n",
          "</powershell>"
          ]]}},
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "windows{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "windowss"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "windows"
          },
          {
            "Key": "{{ project_tag }}_ostype",
            "Value": "windows"
          },
          {
            "Key": "internaldns",
            "Value": "windows{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 30
            }
          }
        ]
      }

    },
      "Windows{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "windows{{loop.index}}" }
          }
      },
    "windows{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "windows{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "windows{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    {% endfor %}
    {% for c in range(1,(support_instance_count|int)+1) %}
    "support{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{support_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "support{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "support"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "support"
          },
          {
            "Key": "internaldns",
            "Value": "support{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 50
            }
          }
        ]
      }

    },
    "support{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "support{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "support{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    }{% if loop.index < support_instance_count %},{% endif %}
  {% endfor %}
  },
  "Outputs": {
    "Route53internalzoneOutput": {
      "Description": "The ID of the internal route 53 zone",
      "Value": {
        "Ref": "zoneinternalidns"
      }
    }
  }
}

 ansible/configs/satellite-vm/files/hosts_template.j2

New file
@@ -0,0 +1,18 @@
[all:vars]
{# ###########################################################################
### Ansible Vars
########################################################################### #}
timeout=60
ansible_become=yes
ansible_user={{remote_user}}

[all:children]
satellite

{# # These are the satellitehosts #}

[satellites]
{% for host in groups['satellites'] %}
satellite{{loop.index}}.{{chomped_zone_internal_dns}} ssh_host={{host}}
{% endfor %}


 ansible/configs/satellite-vm/files/manifest_satellite-vm.zip

Binary files differ

 ansible/configs/satellite-vm/files/repos_template.j2

New file
@@ -0,0 +1,26 @@

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7


### satellite repos ##### 
[rhel-7-server-rpms]
name=Red Hat Enterprise Linux 7
baseurl={{own_repo_path}}/rhel-7-server-rpms
enabled=1
gpgcheck=0


[rhel-server-rhscl-7-rpms]
name=Red Hat Enterprise Linux 7 RHSCL
baseurl={{own_repo_path}}/rhel-server-rhscl-7-rpms
enabled=1
gpgcheck=0



 ansible/configs/satellite-vm/files/tower_hosts_template.j2

New file
@@ -0,0 +1,39 @@
[GenericExample:vars]

###########################################################################
### Ansible Vars
###########################################################################
[all:vars]
ansible_become=true
admin_password="{{tower_admin_password}}"

pg_host='support1.{{chomped_zone_internal_dns}}'
pg_port='5432'

pg_database='awx'
pg_username='awx'
pg_password="{{tower_admin_password}}"

rabbitmq_port=5672
rabbitmq_vhost=tower

rabbitmq_username=tower
rabbitmq_password="{{tower_admin_password}}"
rabbitmq_cookie=cookiemonster

rabbitmq_use_long_name=true

[GenericExample:children]
# These
tower
database

[tower]
## These are the towers
{% for host in groups['towers'] %}
tower{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=tower{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}}
{% endfor %}

## These are the supporthosts
[database]
support1.{{chomped_zone_internal_dns}}

 ansible/configs/satellite-vm/post_infra.yml

New file
@@ -0,0 +1,24 @@
- name: Step 002 Post Infrastructure
  hosts: localhost
  connection: local
  become: false
  tags:
    - step002
    - post_infrastructure
  tasks:
    - name: Job Template to launch a Job Template with update on launch inventory set
      uri:
        url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/"
        method: POST
        user: "{{tower_admin}}"
        password: "{{tower_admin_password}}"
        body:
          extra_vars:
            guid: "{{guid}}"
            ipa_host_password: "{{ipa_host_password}}"

        body_format: json
        validate_certs: False
        HEADER_Content-Type: "application/json"
        status_code: 200, 201
      when: tower_run == 'true'

 ansible/configs/satellite-vm/post_software.yml

New file
@@ -0,0 +1,36 @@
- name: Step 00xxxxx post software
  hosts: support
  gather_facts: False
  become: yes
  tasks:
    - debug:
        msg: "Post-Software tasks Started"


- name: Step lab post software deployment
  hosts: bastions
  gather_facts: False
  become: yes
  tags:
    - opentlc_bastion_tasks
  tasks:
    - import_role:
        name: bastion-opentlc-ipa
      when: install_ipa_client|bool



- name: PostSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - post_flight_check
  tasks:

    - debug:
        msg: "Post-Software checks completed successfully"
  
   


 ansible/configs/satellite-vm/pre_infra.yml

New file
@@ -0,0 +1,12 @@
- name: Step 000 Pre Infrastructure
  hosts: localhost
  connection: local
  become: false
  tags:
    - step001
    - pre_infrastructure
  tasks:
    - name: Pre-Infra
      debug: 
        msg: "Pre-Infra work is done"


 ansible/configs/satellite-vm/pre_software.yml

New file
@@ -0,0 +1,55 @@
---
- name: Step 003 - Create env key
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - step003
    - generate_env_keys
  tasks:
    - name: Generate SSH keys
      shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N ""
      args:
        creates: "{{output_dir}}/{{env_authorized_key}}"
      when: set_env_authorized_key
 

- name: Configure all hosts with Repositories, Common Files and Set environment key
  hosts: bastion
  become: true
  gather_facts: False
  tags:
    - step004
    - common_tasks
  roles:
    - { role: "set-repositories", when: 'repo_method is defined' }
    - { role: "common", when: 'install_common' }
    - { role: "bastion", when: 'install_bastion' }
    - { role: "ansible-version-lock" }


- name: Configuring Bastion Hosts
  hosts: all
  become: true
  roles:
   - { role: "set_env_authorized_key", when: 'set_env_authorized_key' }
   - role: "rhn-subscription-manager" 
     when: ( rhn_subscription_manager) and (inventory_hostname in groups['satellites']) 
  tags:
    - step004
    - bastion_tasks

 

- name: PreSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - flight_check
  tasks:

    - debug:
        msg: "Pre-Software checks completed successfully"

 ansible/configs/satellite-vm/sample_vars.yml

New file
@@ -0,0 +1,28 @@
---
# sample configuration file 
#
# Usage: ansible-playbook main.yml -e @configs/just-some-nodes-example/sample.yml
#
# Ideally keep your copy OUTSIDE your repo, especially if using Cloud Credentials

env_type: satellite-vm          # Name of config to deploy
output_dir: /tmp/workdir                # Writable working scratch directory
email: name@example.com                 # User info for notifications

guid: guid02                             # Unique string used in FQDN
subdomain_base_suffix: .example.opentlc.com      # Your domain used in FQDN

# Path to yum repos
own_repo_path: http://you-own.repo.com/repos 

# Cloud specfic settings - example given here for AWS

cloud_provider: ec2                     # Which AgnosticD Cloud Provider to use 
aws_region: us-east-1                   # AWS Region to deploy in
HostedZoneId: Z3IHLWJZOU9SRT            # You will need to change this
key_name: ocpkey                        # Keyname must exist in AWS

# AWS Credentials. These are required (don't sync them to your fork)
# aws_access_key_id: 
# aws_secret_access_key: 
...

 ansible/configs/satellite-vm/software.yml

New file
@@ -0,0 +1,27 @@
---
- name: Step 00xxxxx software
  hosts: localhost
  gather_facts: False
  become: false
  tasks:
    - debug:
        msg: "Software tasks Started"
    

- name: Configuring Bastion Hosts
  hosts: satellites
  become: true
  roles:
  #  - { role: "rhn-subscription-manager", when: rhn_subscription_manager }
    - { role: "satellite-installation", when: install_satellite }   

- name: Software flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - post_flight_check
  tasks:
    - debug:
        msg: "Software checks completed successfully"

 ansible/roles/rhn-subscription-manager/tasks/main.yml

New file
@@ -0,0 +1,56 @@
---
- name: Same as above but subscribe to a specific pool by ID.
  redhat_subscription:
    state: present
    username: "{{ username }}"
    password: "{{ password }}"
    pool_ids: "{{ repo_pool_ids }}"
  tags:
    - subscription

- name: list current repository files
  shell: "ls -1 /etc/yum.repos.d/"
  register: repodircontents
  tags:
    - subscription

- name: remove current repository files
  file:
    path: /etc/yum.repos.d/{{ item }}
    state: absent
  with_items: "{{ repodircontents.stdout_lines }}"
  ignore_errors: true
  tags:
    - subscription  


- name: Disable all repos by default
  command: subscription-manager repos --disable "*"
  tags:
    - subscription

- name: Enable the requisite rhel7 repos
  shell: subscription-manager repos --enable "{{ item }}"
  loop: "{{ subscription_enable_repos }}"
  tags:
    - subscription

- name: Import keys
  rpm_key: 
    state: present 
    key: /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta
  tags:
    - subscription

- name: Unset and release repos
  shell: subscription-manager release --unset
  tags:
    - subscription

- name: Clean yum cache
  shell:  yum clean all
  tags:
    - subscription




 ansible/roles/satellite-installation/tasks/firewalld.yml

New file
@@ -0,0 +1,32 @@
---
- name: firewall | Install Firewalld
  yum:
    name: firewalld
    state: present
  tags:
    - firewalld

- name: firewall | Enable and Start Firewalld
  service:
    name: firewalld
    enabled: yes
    state: started
  tags:
    - firewalld


- name: firewall | Enable ports in firewall
  firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
  with_items:
    - "{{ firewall_ports }}"

- name: firewall | Enable service in firewall
  firewalld:
    service: "{{ item }}"
    permanent: yes
    state: enabled
  with_items:
    - "{{ firewall_services }}"

 ansible/roles/satellite-installation/tasks/main.yml

New file
@@ -0,0 +1,3 @@
---
- include: satellite_installation.yml
- include: firewalld.yml

 ansible/roles/satellite-installation/tasks/satellite_installation.yml

New file
@@ -0,0 +1,75 @@
---
- name: Colleting host name
  shell: hostname
  register:  hostname_output

- shell: /sbin/ip address show eth0 | grep "\<inet\>" | awk '{print $2}' | awk -F / '{print $1}'
  register: ip_output

- name: Add internal dns name in hosts file
  lineinfile: 
    dest: /etc/hosts 
    state: present 
    insertafter: EOF 
    line: '{{ip_output.stdout}}  {{ hostname_output.stdout }}'
  tags:
    - satellite
- name: Update system
  package: 
    name: '*'
    state: latest
  tags:
    - satellite

- name: Install Satellite Package
  package: 
    name: satellite
    state: latest
  tags:
    - satellite

- name: configure satellite 
  shell: satellite-installer --scenario satellite 
    --foreman-admin-username {{ satellite_admin }}
    --foreman-admin-password {{ satellite_admin_password }}
  tags:
    - satellite

- name: Copy manifest
  copy:
    src: ./files/manifest_satellite-vm.zip
    dest: /tmp
  tags:
    - satellite
    - manifest

- name: Uploading manifest 
  shell:  hammer subscription upload  
    --file /tmp/manifest_satellite-vm.zip 
    --organization "Default Organization"
  tags:
    - satellite
    - manifest
    

- name: Setting up satellite repository
  shell:  hammer repository-set enable 
    --organization "Default Organization" 
    --product 'Red Hat Enterprise Linux Server' 
    --basearch='x86_64' 
    --name 'Red Hat Satellite Tools 6.4 (for RHEL 7 Server) (RPMs)'
  tags:
    - satellite
    - manifest
    

- name: Sync repo
  shell: hammer repository synchronize 
    --organization "Default Organization" 
    --product 'Red Hat Enterprise Linux Server' 
    --name 'Red Hat Satellite Tools 6.4 for RHEL 7 Server RPMs x86_64' 
    --async
  tags:
    - satellite
    - manifest
    

 ansible/roles/satellite-installation/vars/main.yml

New file
@@ -0,0 +1,38 @@
---
firewall_services:
  - ssh
  - RH-Satellite-6
# - dns
# - dhcp
# - dhcpv6
# - tftp
# - libvirt-tls
# - ldap
# - ldaps
# - docker-registry
# - vnc-server

# List of ports to add into the firewall via Firewalld
# See README.md for an explanation.
firewall_ports:
# - 22/tcp
# - 53/udp
# - 53/tcp
# - 67/udp
# - 68/udp
# - 69/udp
# - 80/tcp
# - 389/tcp
# - 443/tcp
# - 639/tcp
# - 5000/tcp
# - 5646/tcp
# - 5647/tcp
# - 5671/tcp
# - 5674/tcp
  - 7911/tcp
  - 8000/tcp
# - 8140/tcp
  - 8443/tcp
# - 9090/tcp
# - 16514/tcp