satellite config + roles/rhn-subscription-manager,satellite-installation
New file |
| | |
| | | = satellite-vm config |
| | | |
| | | == Review the Env_Type variable file |
| | | |
| | | * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you |
| | | need to define to control the deployment of your environment. |
| | | |
| | | |
| | | == Running Ansible Playbook |
| | | |
| | | You can run the playbook with the following arguments to overwrite the default variable values: |
| | | From the `ansible_agnostic_deployer/ansible` directory run |
| | | ` |
| | | [source,bash] |
| | | ---- |
| | | ENVTYPE=satellite-vm |
| | | GUID=test01 |
| | | BASESUFFIX='.example.opentlc.com' |
| | | CLOUDPROVIDER=ec2 |
| | | REGION=us-east-1 |
| | | HOSTZONEID='Z3IHLWJZOU9SRT' |
| | | KEYNAME=ocpkey |
| | | RHN_USER=<rhn_username> |
| | | RHN_PASS=<rhn_password> |
| | | |
| | | ansible-playbook main.yml \ |
| | | -e "guid=${GUID}" \ |
| | | -e "env_type=${ENVTYPE}" \ |
| | | -e "key_name=${KEYNAME}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "email=name@example.com" \ |
| | | -e "output_dir=/tmp/workdir" \ |
| | | -e "rhn_username=${RHN_USER}" \ |
| | | -e "rhn_password=${RHN_PASS}" \ |
| | | -e @~/secret.yml |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | |
| | | REGION=us-east-1 |
| | | KEYNAME=ocpkey |
| | | GUID=test01 |
| | | ENVTYPE=satellite-vm |
| | | CLOUDPROVIDER=ec2 |
| | | |
| | | ansible-playbook configs/${ENVTYPE}/destroy_env.yml \ |
| | | -e "guid=${GUID}" -e "env_type=${ENVTYPE}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" -e "key_name=${KEYNAME}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" \ |
| | | -e @~/secret.yml -vv |
| | | |
| | | |
| | | ---- |
New file |
| | |
| | | --- |
| | | - import_playbook: ../../include_vars.yml |
| | | |
| | | - name: Delete Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | tasks: |
| | | - name: Run infra-ec2-template-destroy |
| | | include_role: |
| | | name: "infra-{{cloud_provider}}-template-destroy" |
| | | when: cloud_provider == 'ec2' |
| | | |
| | | - name: Run infra-azure-template-destroy |
| | | include_role: |
| | | name: "infra-{{cloud_provider}}-template-destroy" |
| | | when: cloud_provider == 'azure' |
New file |
| | |
| | | --- |
| | | ## TODO: What variables can we strip out of here to build complex variables? |
| | | ## i.e. what can we add into group_vars as opposed to config_vars? |
| | | ## Example: We don't really need "subdomain_base_short". If we want to use this, |
| | | ## should just toss in group_vars/all. |
| | | ### Also, we should probably just create a variable reference in the README.md |
| | | ### For now, just tagging comments in line with configuration file. |
| | | |
| | | ### Vars that can be removed: |
| | | # use_satellite: true |
| | | |
| | | use_own_repos: false |
| | | rhn_subscription_manager: True |
| | | username: "{{ rhn_username}}" |
| | | password: "{{ rhn_password }}" |
| | | satellite_admin: admin |
| | | satellite_admin_password: r3dh4t1! |
| | | repo_pool_ids: |
| | | - 8a85f98460bfb0470160c2ff22f13e47 |
| | | subscription_enable_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-server-rhscl-7-rpms |
| | | - rhel-7-server-satellite-6.4-rpms |
| | | - rhel-7-server-satellite-maintenance-6-rpms |
| | | - rhel-7-server-ansible-2.6-rpms |
| | | |
| | | install_satellite: True |
| | | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | |
| | | ### Common Host settings |
| | | |
| | | repo_method: file # Other Options are: file, satellite and rhn |
| | | tower_admin_password: 'r3dh4t1!' |
| | | # Do you want to run a full yum update |
| | | update_packages: false |
| | | #If using repo_method: satellite, you must set these values as well. |
| | | # satellite_url: https://satellite.example.com |
| | | # satellite_org: Sat_org_name |
| | | # satellite_activationkey: "rhel7basic" |
| | | |
| | | ## guid is the deployment unique identifier, it will be appended to all tags, |
| | | ## files and anything that identifies this environment from another "just like it" |
| | | guid: defaultguid |
| | | |
| | | install_bastion: true |
| | | install_common: true |
| | | install_ipa_client: false |
| | | ## SB Don't set software_to_deploy from here, always use extra vars (-e) or "none" will be used |
| | | #software_to_deploy: none |
| | | |
| | | repo_version: "3.6" |
| | | osrelease: 3.6 |
| | | |
| | | ### If you want a Key Pair name created and injected into the hosts, |
| | | # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` |
| | | # you can use the key used to create the environment or use your own self generated key |
| | | # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) |
| | | use_own_key: true |
| | | env_authorized_key: "{{guid}}key" |
| | | ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem |
| | | set_env_authorized_key: true |
| | | # Is this running from Red Hat Ansible Tower |
| | | tower_run: false |
| | | |
| | | ### AWS EC2 Environment settings |
| | | |
| | | ### Route 53 Zone ID (AWS) |
| | | # This is the Route53 HostedZoneId where you will create your Public DNS entries |
| | | # This only needs to be defined if your CF template uses route53 |
| | | HostedZoneId: Z3IHLWJZOU9SRT |
| | | # The region to be used, if not specified by -e in the command line |
| | | aws_region: ap-southeast-2 |
| | | # The key that is used to |
| | | key_name: "default_key_name" |
| | | |
| | | ## Networking (AWS) |
| | | subdomain_base_short: "{{ guid }}" |
| | | subdomain_base_suffix: ".example.opentlc.com" |
| | | subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" |
| | | |
| | | ## Environment Sizing |
| | | |
| | | bastion_instance_type: "t2.medium" |
| | | |
| | | satellite_instance_count: 1 |
| | | satellite_instance_type: "t2.large" |
| | | |
| | | subnets: |
| | | - name: PublicSubnet |
| | | cidr: "192.168.1.0/24" |
| | | routing_table: true |
| | | |
| | | security_groups: |
| | | - name: BastionSG |
| | | rules: |
| | | - name: BasSSHPublic |
| | | description: "SSH public" |
| | | from_port: 22 |
| | | to_port: 22 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | |
| | | - name: SatSG |
| | | rules: |
| | | - name: SatSSHPublic |
| | | description: "SSH public" |
| | | from_port: 22 |
| | | to_port: 22 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatUDPPorts |
| | | description: "Only from bastion" |
| | | from_port: 0 |
| | | to_port: 65535 |
| | | protocol: udp |
| | | group: BastionSG |
| | | rule_type: Ingress |
| | | - name: SatHTTPPorts |
| | | description: "HTTP Public" |
| | | from_port: 80 |
| | | to_port: 80 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatHTTPSPorts |
| | | description: "HTTPS Public" |
| | | from_port: 443 |
| | | to_port: 443 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatKatello5646Ports |
| | | description: "Katello/qpid Public" |
| | | from_port: 5646 |
| | | to_port: 5646 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatKatello5647Ports |
| | | description: "Katello/qpid Public" |
| | | from_port: 5647 |
| | | to_port: 5647 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatamqpPorts |
| | | description: "amqp Public" |
| | | from_port: 5671 |
| | | to_port: 5671 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatPuppetPorts |
| | | description: "Puppet Public" |
| | | from_port: 8140 |
| | | to_port: 8140 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatForemanPorts |
| | | description: "Foreman Smart Proxy Public" |
| | | from_port: 9090 |
| | | to_port: 9090 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatDNSTCPPorts |
| | | description: "DNS Public" |
| | | from_port: 53 |
| | | to_port: 53 |
| | | protocol: tcp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatDNSUDPPorts |
| | | description: "DNS Public" |
| | | from_port: 53 |
| | | to_port: 53 |
| | | protocol: udp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatDHCP67Ports |
| | | description: "DHCP Public" |
| | | from_port: 67 |
| | | to_port: 67 |
| | | protocol: udp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatDHCP68Ports |
| | | description: "DHCP Public" |
| | | from_port: 68 |
| | | to_port: 68 |
| | | protocol: udp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | - name: SatTFTPPorts |
| | | description: "TFTP Public" |
| | | from_port: 69 |
| | | to_port: 69 |
| | | protocol: udp |
| | | cidr: "0.0.0.0/0" |
| | | rule_type: Ingress |
| | | |
| | | instances: |
| | | - name: "satellite" |
| | | count: "{{satellite_instance_count}}" |
| | | public_dns: true |
| | | security_group: "SatSG" |
| | | flavor: |
| | | "ec2": "{{satellite_instance_type}}" |
| | | tags: |
| | | - key: "AnsibleGroup" |
| | | value: "satellites" |
| | | - key: "ostype" |
| | | value: "rhel" |
| | | key_name: "{{key_name}}" |
| | | |
| | | |
| | | ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### You can, but you usually wouldn't need to. |
| | | ansible_user: ec2-user |
| | | remote_user: ec2-user |
| | | |
| | | common_packages: |
| | | - python |
| | | - unzip |
| | | - bash-completion |
| | | - tmux |
| | | - bind-utils |
| | | - wget |
| | | - git |
| | | - vim-enhanced |
| | | - at |
| | | - python27-python-pip |
| | | - gcc |
| | | - mosh |
| | | - python-pip |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | - epel-release-latest-7 |
| | | |
| | | |
| | | project_tag: "{{ env_type }}-{{ guid }}" |
| | | |
| | | zone_internal_dns: "{{guid}}.internal." |
| | | chomped_zone_internal_dns: "{{guid}}.internal" |
| | | |
| | | # cloudapps_dns: '*.apps.{{subdomain_base}}.' |
| | | # tower_public_dns: "towerlb.{{subdomain_base}}." |
| | | |
| | | #tower_public_dns: "tower.{{subdomain_base}}." |
| | | bastion_public_dns: "bastion.{{subdomain_base}}." |
| | | bastion_public_dns_chomped: "bastion.{{subdomain_base}}" |
| | | # we don't use this anymore <sborenst> |
| | | # satellite_public_dns: "ad.{{subdomain_base}}." |
| | | # satellite_public_dns_chomped: "ad.{{subdomain_base}}" |
| | | |
| | | vpcid_cidr_block: "192.168.0.0/16" |
| | | vpcid_name_tag: "{{subdomain_base}}" |
| | | |
| | | az_1_name: "{{ aws_region }}a" |
| | | az_2_name: "{{ aws_region }}b" |
| | | |
| | | subnet_private_1_cidr_block: "192.168.2.0/24" |
| | | subnet_private_1_az: "{{ az_2_name }}" |
| | | subnet_private_1_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_private_2_cidr_block: "192.168.1.0/24" |
| | | subnet_private_2_az: "{{ az_1_name }}" |
| | | subnet_private_2_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_public_1_cidr_block: "192.168.10.0/24" |
| | | subnet_public_1_az: "{{ az_1_name }}" |
| | | subnet_public_1_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | subnet_public_2_cidr_block: "192.168.20.0/24" |
| | | subnet_public_2_az: "{{ az_2_name }}" |
| | | subnet_public_2_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | dopt_domain_name: "{{ aws_region }}.compute.internal" |
| | | |
| | | rtb_public_name_tag: "{{subdomain_base}}-public" |
| | | rtb_private_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | |
| | | cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " |
| | | |
| | | |
| | | secret_dir: "~/secrets" |
New file |
| | |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: |
| | | eu-west-3: |
| | | WIN2012R2: ami-040ef025ec13d58bf # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | us-east-1: |
| | | RHELAMI: ami-c998b6b2 |
| | | WIN2012R2AMI: ami-0fba87d7f8c8744d4 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | us-east-2: |
| | | RHELAMI: ami-cfdafaaa |
| | | WIN2012R2AMI: ami-0679e5ac84d15f15e # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | us-west-1: |
| | | RHELAMI: ami-66eec506 |
| | | WIN2012R2AMI: ami-04370c2a300903acc # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | us-west-2: |
| | | RHELAMI: ami-9fa343e7 |
| | | WIN2012R2AMI: ami-02e27664434db6def # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | eu-west-1: |
| | | RHELAMI: ami-bb9a6bc2 |
| | | WIN2012R2AMI: ami-01dbaf1c50a36891d # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | eu-west-2: |
| | | WIN2012R2AMI: ami-0a7551990da17b8d6 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | ca-central-1: |
| | | WIN2012R2AMI: ami-0a27bbef221046aae # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | eu-central-1: |
| | | RHELAMI: ami-d74be5b8 |
| | | WIN2012R2AMI: ami-0d55859ee09a59138 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | ap-northeast-1: |
| | | RHELAMI: ami-30ef0556 |
| | | WIN2012R2AMI: ami-0a45b66bda01c89c8 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | ap-northeast-2: |
| | | RHELAMI: ami-44db152a |
| | | WIN2012R2AMI: ami-0b3a3970b73d5b63a # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | ap-southeast-1: |
| | | RHELAMI: ami-10bb2373 |
| | | WIN2012R2AMI: ami-0bf96f139bff648cc # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | ap-southeast-2: |
| | | RHELAMI: ami-ccecf5af |
| | | WIN2012R2AMI: ami-0664c039c4dea5193 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | sa-east-1: |
| | | RHELAMI: ami-a789ffcb |
| | | WIN2012R2AMI: ami-01d74c2e93478e2f5 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | ap-south-1: |
| | | RHELAMI: ami-cdbdd7a2 |
| | | WIN2012R2AMI: ami-0bd1dc65d74266ee2 # Windows_Server-2012-R2_RTM-English-64Bit-Base-2018.10.14 |
| | | DNSMapping: |
| | | "us-east-1": |
| | | domain: "us-east-1.compute.internal" |
| | | "us-west-1": |
| | | domain: "us-west-1.compute.internal" |
| | | "us-west-2": |
| | | domain: "us-west-2.compute.internal" |
| | | "eu-west-1": |
| | | domain: "eu-west-1.compute.internal" |
| | | "eu-central-1": |
| | | domain: "eu-central-1.compute.internal" |
| | | "ap-northeast-1": |
| | | domain: "ap-northeast-1.compute.internal" |
| | | "ap-northeast-2": |
| | | domain: "ap-northeast-2.compute.internal" |
| | | "ap-southeast-1": |
| | | domain: "ap-southeast-1.compute.internal" |
| | | "ap-southeast-2": |
| | | domain: "ap-southeast-2.compute.internal" |
| | | "sa-east-1": |
| | | domain: "sa-east-1.compute.internal" |
| | | "ap-south-1": |
| | | domain: "ap-south-1.compute.internal" |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "{{vpcid_cidr_block}}" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | |
| | | {% for subnet in subnets %} |
| | | {{subnet['name']}}: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | CidrBlock: "{{subnet['cidr']}}" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{project_tag}}" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | {% endfor %} |
| | | |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | {% for security_group in security_groups %} |
| | | {{security_group['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{security_group['name']}}" |
| | | {% endfor %} |
| | | |
| | | {% for security_group in security_groups %} |
| | | {% for rule in security_group['rules'] %} |
| | | {{security_group['name']}}{{rule['name']}}: |
| | | Type: "AWS::EC2::SecurityGroup{{rule['rule_type']}}" |
| | | Properties: |
| | | GroupId: |
| | | Fn::GetAtt: |
| | | - "{{security_group['name']}}" |
| | | - GroupId |
| | | IpProtocol: {{rule['protocol']}} |
| | | FromPort: {{rule['from_port']}} |
| | | ToPort: {{rule['to_port']}} |
| | | {% if rule['cidr'] is defined %} |
| | | CidrIp: "{{rule['cidr']}}" |
| | | {% endif %} |
| | | {% if rule['group'] is defined %} |
| | | SourceSecurityGroupId: |
| | | Fn::GetAtt: |
| | | - "{{rule['group']}}" |
| | | - GroupId |
| | | {% endif %} |
| | | {% endfor %} |
| | | {% endfor %} |
| | | |
| | | zoneinternalidns: |
| | | Type: "AWS::Route53::HostedZone" |
| | | Properties: |
| | | Name: "{{ zone_internal_dns }}" |
| | | VPCs: |
| | | - VPCId: |
| | | Ref: Vpc |
| | | VPCRegion: |
| | | Ref: "AWS::Region" |
| | | HostedZoneConfig: |
| | | Comment: "Created By ansible agnostic deployer" |
| | | BastionDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - BastionEIP |
| | | Properties: |
| | | HostedZoneId: "{{HostedZoneId}}" |
| | | RecordSets: |
| | | - Name: "bastion.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - Bastion |
| | | - PublicIp |
| | | Bastion: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - RHELAMI |
| | | InstanceType: "{{bastion_instance_type}}" |
| | | KeyName: "{{key_name}}" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - BastionSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: bastion |
| | | - Key: AnsibleGroup |
| | | Value: bastions |
| | | - Key: Project |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: bastion |
| | | - Key: internaldns |
| | | Value: "bastion.{{chomped_zone_internal_dns}}" |
| | | - Key: owner |
| | | Value: "{{ email | default('unknown')}}" |
| | | BastionEIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: Bastion |
| | | BastionInternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "bastion.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - Bastion |
| | | - PrivateIp |
| | | |
| | | {% for instance in instances %} |
| | | {% if instance['dns_loadbalancer']|d(false)|bool %} |
| | | {{instance['name']}}DNSLoadBalancer: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | {% for c in range(1,(instance['count'] |int)+1) %} |
| | | - {{instance['name']}}{{c}}EIP |
| | | {% endfor %} |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "{{instance['name']}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 900 |
| | | ResourceRecords: |
| | | {% for c in range(1,(instance['count'] |int)+1) %} |
| | | {% set instancecount = loop %} |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | {% endif %} |
| | | |
| | | {% for c in range(1,(instance['count'] |int)+1) %} |
| | | {% set instancecount = loop %} |
| | | #this is host {{instance['name']}}{{loop.index}} |
| | | |
| | | {{instance['name']}}{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - {{ instance['image_id'] | default('RHELAMI') }} |
| | | |
| | | InstanceType: "{{instance['flavor'][cloud_provider]}}" |
| | | KeyName: "{{instance['key_name'] | default(key_name)}}" |
| | | {% if instance['UserData'] is defined %} |
| | | {{instance['UserData']}} |
| | | {% endif %} |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - {{instance['security_group']}} |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: {{instance['name']}}{{instancecount.index}} |
| | | - Key: internaldns |
| | | Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}} |
| | | - Key: "owner" |
| | | Value: "{{ email | default('unknownuser') }}" |
| | | - Key: "Project" |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: "{{ instance['name'] }}" |
| | | {% for tag in instance['tags'] %} |
| | | - Key: {{tag['key']}} |
| | | Value: {{tag['value']}} |
| | | {% endfor %} |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: 50 |
| | | - DeviceName: "/dev/xvdb" |
| | | Ebs: |
| | | VolumeType: gp2 |
| | | VolumeSize: 20 |
| | | {{instance['name']}}{{loop.index}}InternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{loop.index}} |
| | | - PrivateIp |
| | | {% if instance['public_dns'] %} |
| | | {{instance['name']}}{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: {{instance['name']}}{{loop.index}} |
| | | {{instance['name']}}{{loop.index}}PubliclDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - {{instance['name']}}{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - {{instance['name']}}{{loop.index}} |
| | | - PublicIp |
| | | {% endif %} |
| | | |
| | | {% endfor %} |
| | | {% endfor %} |
New file |
| | |
| | | { |
| | | "AWSTemplateFormatVersion": "2010-09-09", |
| | | "Parameters": { }, |
| | | "Mappings": { |
| | | "RegionMapping": { |
| | | "us-east-1": { |
| | | "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd" |
| | | }, |
| | | "us-east-2": { |
| | | "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938" |
| | | }, |
| | | "us-west-1": { |
| | | "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5" |
| | | }, |
| | | "us-west-2": { |
| | | "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944" |
| | | }, |
| | | "eu-west-1": { |
| | | "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214" |
| | | }, |
| | | "eu-central-1": { |
| | | "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925" |
| | | }, |
| | | "sa-east-1": { |
| | | "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c" |
| | | }, |
| | | "ap-south-1": { |
| | | "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed" |
| | | } |
| | | }, |
| | | "DNSMapping": { |
| | | "us-east-1": { |
| | | "domain": "us-east-1.compute.internal" |
| | | }, |
| | | "us-west-1": { |
| | | "domain": "us-west-1.compute.internal" |
| | | }, |
| | | "us-west-2": { |
| | | "domain": "us-west-2.compute.internal" |
| | | }, |
| | | "eu-west-1": { |
| | | "domain": "eu-west-1.compute.internal" |
| | | }, |
| | | "eu-central-1": { |
| | | "domain": "eu-central-1.compute.internal" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "domain": "ap-northeast-1.compute.internal" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "domain": "ap-northeast-2.compute.internal" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "domain": "ap-southeast-1.compute.internal" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "domain": "ap-southeast-2.compute.internal" |
| | | }, |
| | | "sa-east-1": { |
| | | "domain": "sa-east-1.compute.internal" |
| | | }, |
| | | "ap-south-1": { |
| | | "domain": "ap-south-1.compute.internal" |
| | | } |
| | | } |
| | | }, |
| | | "Resources": { |
| | | "Vpc": { |
| | | "Type": "AWS::EC2::VPC", |
| | | "Properties": { |
| | | "CidrBlock": "192.168.0.0/16", |
| | | "EnableDnsSupport": "true", |
| | | "EnableDnsHostnames": "true", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{vpcid_name_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "VpcInternetGateway": { |
| | | "Type": "AWS::EC2::InternetGateway", |
| | | "Properties": {} |
| | | }, |
| | | "VpcGA": { |
| | | "Type": "AWS::EC2::VPCGatewayAttachment", |
| | | "Properties": { |
| | | "InternetGatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VpcRouteTable": { |
| | | "Type": "AWS::EC2::RouteTable", |
| | | "Properties": { |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VPCRouteInternetGateway": { |
| | | "DependsOn" : "VpcGA", |
| | | "Type": "AWS::EC2::Route", |
| | | "Properties": { |
| | | "GatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "DestinationCidrBlock": "0.0.0.0/0", |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnet": { |
| | | "Type": "AWS::EC2::Subnet", |
| | | "DependsOn": [ |
| | | "Vpc" |
| | | ], |
| | | "Properties": { |
| | | "CidrBlock": "192.168.0.0/24", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ], |
| | | "MapPublicIpOnLaunch": "true", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnetRTA": { |
| | | "Type": "AWS::EC2::SubnetRouteTableAssociation", |
| | | "Properties": { |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | }, |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | } |
| | | } |
| | | }, |
| | | "HostSG": { |
| | | "Type": "AWS::EC2::SecurityGroup", |
| | | "Properties": { |
| | | "GroupDescription": "Host", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "host_sg" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "HostUDPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "udp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "HostTCPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "tcp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "zoneinternalidns": { |
| | | "Type": "AWS::Route53::HostedZone", |
| | | "Properties": { |
| | | "Name": "{{ zone_internal_dns }}", |
| | | "VPCs" : [{ |
| | | "VPCId": { "Ref" : "Vpc" }, |
| | | "VPCRegion": { "Ref": "AWS::Region" } } ], |
| | | "HostedZoneConfig": { |
| | | "Comment": "Created By ansible agnostic deployer" |
| | | } |
| | | } |
| | | }, |
| | | "WindowsDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "Windows1EIP" ], |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{activedirectory_public_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "windows1", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "BastionDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "BastionEIP" ], |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{bastion_public_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "CloudDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "BastionEIP" ], |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "{{cloudapps_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "TowerDNSLoadBalancer": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": "tower{{tower_instance_count}}EIP", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name" : "{{tower_public_dns}}", |
| | | "Type" : "A", |
| | | "TTL" : "900", |
| | | "ResourceRecords" : [ |
| | | {% for c in range(1,(tower_instance_count|int)+1) %} |
| | | |
| | | { "Fn::GetAtt": [ "tower{{loop.index}}", "PublicIp" ] }{% if loop.index < tower_instance_count %},{% endif %} |
| | | |
| | | {% endfor %} |
| | | ]}] |
| | | }}, |
| | | {% for c in range(1,(tower_instance_count|int)+1) %} |
| | | |
| | | "PublicHostDNS{{loop.index}}": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": "tower{{tower_instance_count}}EIP", |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name" : "tower{{loop.index}}.{{subdomain_base}}.", |
| | | "Type" : "A", |
| | | "TTL" : "900", |
| | | "ResourceRecords" : [ |
| | | |
| | | { "Fn::GetAtt": [ "tower{{loop.index}}", "PublicIp" ] } |
| | | |
| | | ]}] |
| | | }}, |
| | | {% endfor %} |
| | | |
| | | "Bastion": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{bastion_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "bastions" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "bastion.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "BastionEIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "Bastion" } |
| | | } |
| | | }, |
| | | "BastionInternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "bastion.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | {% for c in range(1,(tower_instance_count|int)+1) %} |
| | | "tower{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{tower_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "tower{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "towers" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "tower" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "tower{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 20 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "tower{{loop.index}}EIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "tower{{loop.index}}" } |
| | | } |
| | | }, |
| | | "tower{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "tower{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "tower{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | {% endfor %} |
| | | |
| | | {% for c in range(1,(frontend_instance_count|int)+1) %} |
| | | "frontend{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{frontend_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "frontend{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "frontends" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "frontend" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "frontend{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 30 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | |
| | | "frontend{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "frontend{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "frontend{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | {% for c in range(1,(app_instance_count|int)+1) %} |
| | | "app{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{app_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "app{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "apps" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "app" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "app{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 30 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | |
| | | "app{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "app{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "app{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | {% for c in range(1,(appdb_instance_count|int)+1) %} |
| | | "appdb{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{appdb_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "appdb{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "appdbs" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "appdb" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "appdb{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 30 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | |
| | | "appdb{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "appdb{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "appdb{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | {% for c in range(1,(windows_instance_count|int)+1) %} |
| | | "windows{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "WIN2012R2AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{windows_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ |
| | | "<powershell>\n", |
| | | "$admin = [adsi]('WinNT://./administrator, user')\n", |
| | | "$admin.PSBase.Invoke('SetPassword', '{{ windows_password | default(generated_windows_password) }}')\n", |
| | | "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n", |
| | | "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n", |
| | | "</powershell>" |
| | | ]]}}, |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "windows{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "windowss" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "windows" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}_ostype", |
| | | "Value": "windows" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "windows{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 30 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "Windows{{loop.index}}EIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "windows{{loop.index}}" } |
| | | } |
| | | }, |
| | | "windows{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "windows{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "windows{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | {% for c in range(1,(support_instance_count|int)+1) %} |
| | | "support{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{support_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "support{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "support" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "support" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "support{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 50 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "support{{loop.index}}DNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "support{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "support{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }{% if loop.index < support_instance_count %},{% endif %} |
| | | {% endfor %} |
| | | }, |
| | | "Outputs": { |
| | | "Route53internalzoneOutput": { |
| | | "Description": "The ID of the internal route 53 zone", |
| | | "Value": { |
| | | "Ref": "zoneinternalidns" |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | [all:vars] |
| | | {# ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### #} |
| | | timeout=60 |
| | | ansible_become=yes |
| | | ansible_user={{remote_user}} |
| | | |
| | | [all:children] |
| | | satellite |
| | | |
| | | {# # These are the satellitehosts #} |
| | | |
| | | [satellites] |
| | | {% for host in groups['satellites'] %} |
| | | satellite{{loop.index}}.{{chomped_zone_internal_dns}} ssh_host={{host}} |
| | | {% endfor %} |
| | | |
New file |
| | |
| | | |
| | | [epel] |
| | | name=Extra Packages for Enterprise Linux 7 - $basearch |
| | | baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch |
| | | mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch |
| | | failovermethod=priority |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 |
| | | |
| | | |
| | | ### satellite repos ##### |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl={{own_repo_path}}/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | |
| | | [rhel-server-rhscl-7-rpms] |
| | | name=Red Hat Enterprise Linux 7 RHSCL |
| | | baseurl={{own_repo_path}}/rhel-server-rhscl-7-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | |
New file |
| | |
| | | [GenericExample:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | [all:vars] |
| | | ansible_become=true |
| | | admin_password="{{tower_admin_password}}" |
| | | |
| | | pg_host='support1.{{chomped_zone_internal_dns}}' |
| | | pg_port='5432' |
| | | |
| | | pg_database='awx' |
| | | pg_username='awx' |
| | | pg_password="{{tower_admin_password}}" |
| | | |
| | | rabbitmq_port=5672 |
| | | rabbitmq_vhost=tower |
| | | |
| | | rabbitmq_username=tower |
| | | rabbitmq_password="{{tower_admin_password}}" |
| | | rabbitmq_cookie=cookiemonster |
| | | |
| | | rabbitmq_use_long_name=true |
| | | |
| | | [GenericExample:children] |
| | | # These |
| | | tower |
| | | database |
| | | |
| | | [tower] |
| | | ## These are the towers |
| | | {% for host in groups['towers'] %} |
| | | tower{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=tower{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}} |
| | | {% endfor %} |
| | | |
| | | ## These are the supporthosts |
| | | [database] |
| | | support1.{{chomped_zone_internal_dns}} |
New file |
| | |
| | | - name: Step 002 Post Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | | tasks: |
| | | - name: Job Template to launch a Job Template with update on launch inventory set |
| | | uri: |
| | | url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" |
| | | method: POST |
| | | user: "{{tower_admin}}" |
| | | password: "{{tower_admin_password}}" |
| | | body: |
| | | extra_vars: |
| | | guid: "{{guid}}" |
| | | ipa_host_password: "{{ipa_host_password}}" |
| | | |
| | | body_format: json |
| | | validate_certs: False |
| | | HEADER_Content-Type: "application/json" |
| | | status_code: 200, 201 |
| | | when: tower_run == 'true' |
New file |
| | |
| | | - name: Step 00xxxxx post software |
| | | hosts: support |
| | | gather_facts: False |
| | | become: yes |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software tasks Started" |
| | | |
| | | |
| | | - name: Step lab post software deployment |
| | | hosts: bastions |
| | | gather_facts: False |
| | | become: yes |
| | | tags: |
| | | - opentlc_bastion_tasks |
| | | tasks: |
| | | - import_role: |
| | | name: bastion-opentlc-ipa |
| | | when: install_ipa_client|bool |
| | | |
| | | |
| | | |
| | | - name: PostSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | |
| | | - debug: |
| | | msg: "Post-Software checks completed successfully" |
| | | |
| | | |
| | | |
New file |
| | |
| | | - name: Step 000 Pre Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | tags: |
| | | - step001 |
| | | - pre_infrastructure |
| | | tasks: |
| | | - name: Pre-Infra |
| | | debug: |
| | | msg: "Pre-Infra work is done" |
| | | |
New file |
| | |
| | | --- |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - step003 |
| | | - generate_env_keys |
| | | tasks: |
| | | - name: Generate SSH keys |
| | | shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N "" |
| | | args: |
| | | creates: "{{output_dir}}/{{env_authorized_key}}" |
| | | when: set_env_authorized_key |
| | | |
| | | |
| | | - name: Configure all hosts with Repositories, Common Files and Set environment key |
| | | hosts: bastion |
| | | become: true |
| | | gather_facts: False |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | roles: |
| | | - { role: "set-repositories", when: 'repo_method is defined' } |
| | | - { role: "common", when: 'install_common' } |
| | | - { role: "bastion", when: 'install_bastion' } |
| | | - { role: "ansible-version-lock" } |
| | | |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: all |
| | | become: true |
| | | roles: |
| | | - { role: "set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | - role: "rhn-subscription-manager" |
| | | when: ( rhn_subscription_manager) and (inventory_hostname in groups['satellites']) |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - flight_check |
| | | tasks: |
| | | |
| | | - debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | # sample configuration file |
| | | # |
| | | # Usage: ansible-playbook main.yml -e @configs/just-some-nodes-example/sample.yml |
| | | # |
| | | # Ideally keep your copy OUTSIDE your repo, especially if using Cloud Credentials |
| | | |
| | | env_type: satellite-vm # Name of config to deploy |
| | | output_dir: /tmp/workdir # Writable working scratch directory |
| | | email: name@example.com # User info for notifications |
| | | |
| | | guid: guid02 # Unique string used in FQDN |
| | | subdomain_base_suffix: .example.opentlc.com # Your domain used in FQDN |
| | | |
| | | # Path to yum repos |
| | | own_repo_path: http://you-own.repo.com/repos |
| | | |
| | | # Cloud specfic settings - example given here for AWS |
| | | |
| | | cloud_provider: ec2 # Which AgnosticD Cloud Provider to use |
| | | aws_region: us-east-1 # AWS Region to deploy in |
| | | HostedZoneId: Z3IHLWJZOU9SRT # You will need to change this |
| | | key_name: ocpkey # Keyname must exist in AWS |
| | | |
| | | # AWS Credentials. These are required (don't sync them to your fork) |
| | | # aws_access_key_id: |
| | | # aws_secret_access_key: |
| | | ... |
New file |
| | |
| | | --- |
| | | - name: Step 00xxxxx software |
| | | hosts: localhost |
| | | gather_facts: False |
| | | become: false |
| | | tasks: |
| | | - debug: |
| | | msg: "Software tasks Started" |
| | | |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: satellites |
| | | become: true |
| | | roles: |
| | | # - { role: "rhn-subscription-manager", when: rhn_subscription_manager } |
| | | - { role: "satellite-installation", when: install_satellite } |
| | | |
| | | - name: Software flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Software checks completed successfully" |
New file |
| | |
| | | --- |
| | | - name: Same as above but subscribe to a specific pool by ID. |
| | | redhat_subscription: |
| | | state: present |
| | | username: "{{ username }}" |
| | | password: "{{ password }}" |
| | | pool_ids: "{{ repo_pool_ids }}" |
| | | tags: |
| | | - subscription |
| | | |
| | | - name: list current repository files |
| | | shell: "ls -1 /etc/yum.repos.d/" |
| | | register: repodircontents |
| | | tags: |
| | | - subscription |
| | | |
| | | - name: remove current repository files |
| | | file: |
| | | path: /etc/yum.repos.d/{{ item }} |
| | | state: absent |
| | | with_items: "{{ repodircontents.stdout_lines }}" |
| | | ignore_errors: true |
| | | tags: |
| | | - subscription |
| | | |
| | | |
| | | - name: Disable all repos by default |
| | | command: subscription-manager repos --disable "*" |
| | | tags: |
| | | - subscription |
| | | |
| | | - name: Enable the requisite rhel7 repos |
| | | shell: subscription-manager repos --enable "{{ item }}" |
| | | loop: "{{ subscription_enable_repos }}" |
| | | tags: |
| | | - subscription |
| | | |
| | | - name: Import keys |
| | | rpm_key: |
| | | state: present |
| | | key: /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta |
| | | tags: |
| | | - subscription |
| | | |
| | | - name: Unset and release repos |
| | | shell: subscription-manager release --unset |
| | | tags: |
| | | - subscription |
| | | |
| | | - name: Clean yum cache |
| | | shell: yum clean all |
| | | tags: |
| | | - subscription |
| | | |
| | | |
| | | |
New file |
| | |
| | | --- |
| | | - name: firewall | Install Firewalld |
| | | yum: |
| | | name: firewalld |
| | | state: present |
| | | tags: |
| | | - firewalld |
| | | |
| | | - name: firewall | Enable and Start Firewalld |
| | | service: |
| | | name: firewalld |
| | | enabled: yes |
| | | state: started |
| | | tags: |
| | | - firewalld |
| | | |
| | | |
| | | - name: firewall | Enable ports in firewall |
| | | firewalld: |
| | | port: "{{ item }}" |
| | | permanent: yes |
| | | state: enabled |
| | | with_items: |
| | | - "{{ firewall_ports }}" |
| | | |
| | | - name: firewall | Enable service in firewall |
| | | firewalld: |
| | | service: "{{ item }}" |
| | | permanent: yes |
| | | state: enabled |
| | | with_items: |
| | | - "{{ firewall_services }}" |
New file |
| | |
| | | --- |
| | | - include: satellite_installation.yml |
| | | - include: firewalld.yml |
New file |
| | |
| | | --- |
| | | - name: Colleting host name |
| | | shell: hostname |
| | | register: hostname_output |
| | | |
| | | - shell: /sbin/ip address show eth0 | grep "\<inet\>" | awk '{print $2}' | awk -F / '{print $1}' |
| | | register: ip_output |
| | | |
| | | - name: Add internal dns name in hosts file |
| | | lineinfile: |
| | | dest: /etc/hosts |
| | | state: present |
| | | insertafter: EOF |
| | | line: '{{ip_output.stdout}} {{ hostname_output.stdout }}' |
| | | tags: |
| | | - satellite |
| | | - name: Update system |
| | | package: |
| | | name: '*' |
| | | state: latest |
| | | tags: |
| | | - satellite |
| | | |
| | | - name: Install Satellite Package |
| | | package: |
| | | name: satellite |
| | | state: latest |
| | | tags: |
| | | - satellite |
| | | |
| | | - name: configure satellite |
| | | shell: satellite-installer --scenario satellite |
| | | --foreman-admin-username {{ satellite_admin }} |
| | | --foreman-admin-password {{ satellite_admin_password }} |
| | | tags: |
| | | - satellite |
| | | |
| | | - name: Copy manifest |
| | | copy: |
| | | src: ./files/manifest_satellite-vm.zip |
| | | dest: /tmp |
| | | tags: |
| | | - satellite |
| | | - manifest |
| | | |
| | | - name: Uploading manifest |
| | | shell: hammer subscription upload |
| | | --file /tmp/manifest_satellite-vm.zip |
| | | --organization "Default Organization" |
| | | tags: |
| | | - satellite |
| | | - manifest |
| | | |
| | | |
| | | - name: Setting up satellite repository |
| | | shell: hammer repository-set enable |
| | | --organization "Default Organization" |
| | | --product 'Red Hat Enterprise Linux Server' |
| | | --basearch='x86_64' |
| | | --name 'Red Hat Satellite Tools 6.4 (for RHEL 7 Server) (RPMs)' |
| | | tags: |
| | | - satellite |
| | | - manifest |
| | | |
| | | |
| | | - name: Sync repo |
| | | shell: hammer repository synchronize |
| | | --organization "Default Organization" |
| | | --product 'Red Hat Enterprise Linux Server' |
| | | --name 'Red Hat Satellite Tools 6.4 for RHEL 7 Server RPMs x86_64' |
| | | --async |
| | | tags: |
| | | - satellite |
| | | - manifest |
| | | |
New file |
| | |
| | | --- |
| | | firewall_services: |
| | | - ssh |
| | | - RH-Satellite-6 |
| | | # - dns |
| | | # - dhcp |
| | | # - dhcpv6 |
| | | # - tftp |
| | | # - libvirt-tls |
| | | # - ldap |
| | | # - ldaps |
| | | # - docker-registry |
| | | # - vnc-server |
| | | |
| | | # List of ports to add into the firewall via Firewalld |
| | | # See README.md for an explanation. |
| | | firewall_ports: |
| | | # - 22/tcp |
| | | # - 53/udp |
| | | # - 53/tcp |
| | | # - 67/udp |
| | | # - 68/udp |
| | | # - 69/udp |
| | | # - 80/tcp |
| | | # - 389/tcp |
| | | # - 443/tcp |
| | | # - 639/tcp |
| | | # - 5000/tcp |
| | | # - 5646/tcp |
| | | # - 5647/tcp |
| | | # - 5671/tcp |
| | | # - 5674/tcp |
| | | - 7911/tcp |
| | | - 8000/tcp |
| | | # - 8140/tcp |
| | | - 8443/tcp |
| | | # - 9090/tcp |
| | | # - 16514/tcp |