create auth-playground-lab and updated ipa-server role
3 files deleted
15 files added
1 files modified
New file |
| | |
| | | = auth-playground config |
| | | |
| | | == Set up your "Secret" variables |
| | | |
| | | * You need to provide some credentials for deployments to work |
| | | * Create a file called "env_secret_vars.yml" and put it in the |
| | | ./ansible/configs/CONFIGNAME/ directory. |
| | | ** At this point this file *has to be created* even if no vars from it are used. |
| | | * You can choose to provide these values as extra vars (-e "var=value") in the |
| | | command line if you prefer not to keep sensitive information in a file. |
| | | |
| | | .Example contents of "Secret" Vars file |
| | | ---- |
| | | # ## Logon credentials for Red Hat Network |
| | | # ## Required if using the subscription component |
| | | # ## of this playbook. |
| | | rhel_subscription_user: '' |
| | | rhel_subscription_pass: '' |
| | | # |
| | | # ## LDAP Bind Password |
| | | bindPassword: '' |
| | | # |
| | | # ## Desired admin name and password if required |
| | | admin_user: "" |
| | | admin_user_password: "" |
| | | # |
| | | # ## AWS Credentials. This is required. |
| | | aws_access_key_id: "" |
| | | aws_secret_access_key: "" |
| | | #If using repo_method: satellite, you must set these values as well. |
| | | satellite_url: https://satellite.example.com |
| | | satellite_org: Sat_org_name |
| | | satellite_activationkey: "rhel7basic" |
| | | |
| | | ---- |
| | | |
| | | == Review the Env_Type variable file |
| | | |
| | | * This file link:./env_vars.yml[./env_vars.yml] contains all the variables you |
| | | need to define to control the deployment of your environment. |
| | | |
| | | |
| | | == Running Ansible Playbook |
| | | |
| | | You can run the playbook with the following arguments to overwrite the default variable values: |
| | | [source,bash] |
| | | ---- |
| | | REGION=ap-southeast-2 |
| | | KEYNAME=ocpkey |
| | | GUID=authplay1 |
| | | ENVTYPE="auth-playground-lab" |
| | | CLOUDPROVIDER=ec2 |
| | | HOSTZONEID='Z3IHLWJZOU9SRT' |
| | | REPO_PATH='http://admin.example.com/repos/ocp/3.6/' |
| | | |
| | | BASESUFFIX='.example.opentlc.com' |
| | | DEPLOYER_REPO_PATH=`pwd` |
| | | |
| | | ansible-playbook \ |
| | | ${DEPLOYER_REPO_PATH}/main.yml \ |
| | | -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \ |
| | | -e "guid=${GUID}" \ |
| | | -e "env_type=${ENVTYPE}" \ |
| | | -e "key_name=${KEYNAME}" \ |
| | | -e "subdomain_base_suffix=${BASESUFFIX}" \ |
| | | -e "cloud_provider=${CLOUDPROVIDER}" \ |
| | | -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" \ |
| | | -e "email=shacharb@redhat.com" \ |
| | | -e "install_ipa_client=false" \ |
| | | -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \ |
| | | -e "software_to_deploy=none" |
| | | |
| | | |
| | | |
| | | |
| | | ---- |
| | | |
| | | === To Delete an environment |
| | | ---- |
| | | |
| | | REGION=ap-southeast-2 |
| | | KEYNAME=ocpkey |
| | | GUID=devgenericdemo1 |
| | | ENVTYPE="generic-demo-example" |
| | | CLOUDPROVIDER=ec2 |
| | | HOSTZONEID='Z3IHLWJZOU9SRT' |
| | | BASESUFFIX='.example.opentlc.com' |
| | | #To Destroy an Env |
| | | ansible-playbook -i inventory/ ./configs/${ENVTYPE}/destroy_env.yml \ |
| | | -e "guid=${GUID}" -e "env_type=${ENVTYPE}" -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}" \ |
| | | -e "HostedZoneId=${HOSTZONEID}" -e "key_name=${KEYNAME}" -e "subdomain_base_suffix=${BASESUFFIX}" |
| | | |
| | | ---- |
New file |
| | |
| | | - name: Delete Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: False |
| | | become: no |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | |
| | | tasks: |
| | | - name: Destroy cloudformation template |
| | | cloudformation: |
| | | stack_name: "{{project_tag}}" |
| | | state: "absent" |
| | | region: "{{aws_region}}" |
| | | disable_rollback: false |
| | | tags: |
| | | Stack: "project {{env_type}}-{{ guid }}" |
| | | tags: [ destroying, destroy_cf_deployment ] |
| | | register: cloudformation_result |
| | | until: cloudformation_result|succeeded |
| | | retries: 5 |
| | | delay: 60 |
| | | ignore_errors: yes |
| | | |
| | | - name: report Cloudformation error |
| | | fail: |
| | | msg: "FAIL {{ project_tag }} Destroy Cloudformation" |
| | | when: not cloudformation_result|succeeded |
| | | tags: [ destroying, destroy_cf_deployment ] |
New file |
| | |
| | | ## TODO: What variables can we strip out of here to build complex variables? |
| | | ## i.e. what can we add into group_vars as opposed to config_vars? |
| | | ## Example: We don't really need "subdomain_base_short". If we want to use this, |
| | | ## should just toss in group_vars/all. |
| | | ### Also, we should probably just create a variable reference in the README.md |
| | | ### For now, just tagging comments in line with configuration file. |
| | | |
| | | ### Vars that can be removed: |
| | | # use_satellite: true |
| | | # use_subscription_manager: false |
| | | # use_own_repos: false |
| | | ipa_domain: "{{subdomain_base}}" |
| | | ipa_realm: "{{ ipa_domain|upper }}" |
| | | ipa_directory_manager_password: "{{admin_user_password}}" |
| | | ipa_principal_user_password: "{{admin_user_password}}" |
| | | admin_user: 'admin' |
| | | admin_user_password: 'r3dh4t1!' |
| | | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### OR PASS as "-e" args to ansible-playbook command |
| | | |
| | | ### Common Host settings |
| | | install_win_ssh: true |
| | | install_win_ad: true |
| | | repo_method: file # Other Options are: file, satellite and rhn |
| | | windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==' |
| | | |
| | | # Do you want to run a full yum update |
| | | update_packages: false |
| | | #If using repo_method: satellite, you must set these values as well. |
| | | # satellite_url: https://satellite.example.com |
| | | # satellite_org: Sat_org_name |
| | | # satellite_activationkey: "rhel7basic" |
| | | |
| | | ## guid is the deployment unique identifier, it will be appended to all tags, |
| | | ## files and anything that identifies this environment from another "just like it" |
| | | guid: defaultguid |
| | | # This is where the ssh_config file will be created, this file is used to |
| | | # define the communication method to all the hosts in the deployment |
| | | deploy_local_ssh_config_location: "{{ANSIBLE_REPO_PATH}}/workdir" |
| | | |
| | | install_bastion: true |
| | | install_common: true |
| | | software_to_deploy: none |
| | | |
| | | repo_version: "3.5" |
| | | |
| | | ### If you want a Key Pair name created and injected into the hosts, |
| | | # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` |
| | | # you can use the key used to create the environment or use your own self generated key |
| | | # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) |
| | | use_own_key: true |
| | | env_authorized_key: "{{guid}}key" |
| | | ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem |
| | | set_env_authorized_key: true |
| | | |
| | | # Is this running from Red Hat Ansible Tower |
| | | tower_run: false |
| | | |
| | | ### AWS EC2 Environment settings |
| | | |
| | | ### Route 53 Zone ID (AWS) |
| | | # This is the Route53 HostedZoneId where you will create your Public DNS entries |
| | | # This only needs to be defined if your CF template uses route53 |
| | | HostedZoneId: Z3IHLWJZOU9SRT |
| | | # The region to be used, if not specified by -e in the command line |
| | | aws_region: ap-southeast-2 |
| | | # The key that is used to |
| | | key_name: "default_key_name" |
| | | |
| | | ## Networking (AWS) |
| | | subdomain_base_short: "{{ guid }}" |
| | | subdomain_base_suffix: ".example.opentlc.com" |
| | | subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" |
| | | |
| | | ## Environment Sizing |
| | | |
| | | bastion_instance_type: "t2.medium" |
| | | ipa_instance_type: "t2.large" |
| | | support_instance_type: "t2.medium" |
| | | |
| | | frontend_instance_type: "t2.small" |
| | | app_instance_type: "{{frontend_instance_type}}" |
| | | appdb_instance_type: "{{frontend_instance_type}}" |
| | | |
| | | ipa_instance_count: 1 |
| | | |
| | | windows_instance_type: "t2.large" |
| | | windows_instance_count: 1 |
| | | ipa_public_dns_chomped: "ipa1.{{subdomain_base}}" |
| | | |
| | | |
| | | ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT |
| | | ###### You can, but you usually wouldn't need to. |
| | | ansible_ssh_user: ec2-user |
| | | remote_user: ec2-user |
| | | |
| | | common_packages: |
| | | - python |
| | | - unzip |
| | | - bash-completion |
| | | - tmux |
| | | - bind-utils |
| | | - wget |
| | | - git |
| | | - vim-enhanced |
| | | - at |
| | | - ansible |
| | | |
| | | rhel_repos: |
| | | - rhel-7-server-rpms |
| | | - rhel-7-server-extras-rpms |
| | | - epel-release-latest-7 |
| | | ## Currently there is no NFS created for this Environment - See ocp-workshop for clues. |
| | | # ## NFS Server settings |
| | | # nfs_vg: nfsvg |
| | | # nfs_pvs: /dev/xvdb |
| | | # nfs_export_path: /srv/nfs |
| | | # |
| | | # nfs_shares: |
| | | # - es-storage |
| | | # - user-vols |
| | | # - jenkins |
| | | # - nexus |
| | | # - nexus2 |
| | | |
| | | project_tag: "{{ env_type }}-{{ guid }}" |
| | | create_internal_dns_entries: true |
| | | zone_internal_dns: "{{guid}}.internal." |
| | | chomped_zone_internal_dns: "{{guid}}.internal" |
| | | zone_public_dns: "{{subdomain_base}}." |
| | | cloudapps_dns: '*.apps.{{subdomain_base}}.' |
| | | ipa_public_dns: "ipa1.{{subdomain_base}}." |
| | | |
| | | bastion_public_dns: "bastion.{{subdomain_base}}." |
| | | bastion_public_dns_chomped: "bastion.{{subdomain_base}}" |
| | | |
| | | activedirectory_public_dns: "windows1.{{subdomain_base}}." |
| | | activedirectory_public_dns_chomped: "windows1.{{subdomain_base}}" |
| | | |
| | | vpcid_cidr_block: "192.168.0.0/16" |
| | | vpcid_name_tag: "{{subdomain_base}}" |
| | | |
| | | az_1_name: "{{ aws_region }}a" |
| | | az_2_name: "{{ aws_region }}b" |
| | | |
| | | subnet_private_1_cidr_block: "192.168.2.0/24" |
| | | subnet_private_1_az: "{{ az_2_name }}" |
| | | subnet_private_1_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_private_2_cidr_block: "192.168.1.0/24" |
| | | subnet_private_2_az: "{{ az_1_name }}" |
| | | subnet_private_2_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | subnet_public_1_cidr_block: "192.168.10.0/24" |
| | | subnet_public_1_az: "{{ az_1_name }}" |
| | | subnet_public_1_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | subnet_public_2_cidr_block: "192.168.20.0/24" |
| | | subnet_public_2_az: "{{ az_2_name }}" |
| | | subnet_public_2_name_tag: "{{subdomain_base}}-public" |
| | | |
| | | dopt_domain_name: "{{ aws_region }}.compute.internal" |
| | | |
| | | rtb_public_name_tag: "{{subdomain_base}}-public" |
| | | rtb_private_name_tag: "{{subdomain_base}}-private" |
| | | |
| | | |
| | | cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " |
New file |
| | |
| | | { |
| | | "AWSTemplateFormatVersion": "2010-09-09", |
| | | "Parameters": { }, |
| | | "Mappings": { |
| | | "RegionMapping": { |
| | | "us-east-1": { |
| | | "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd" |
| | | }, |
| | | "us-east-2": { |
| | | "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938" |
| | | }, |
| | | "us-west-1": { |
| | | "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5" |
| | | }, |
| | | "us-west-2": { |
| | | "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944" |
| | | }, |
| | | "eu-west-1": { |
| | | "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214" |
| | | }, |
| | | "eu-central-1": { |
| | | "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925" |
| | | }, |
| | | "sa-east-1": { |
| | | "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c" |
| | | }, |
| | | "ap-south-1": { |
| | | "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed" |
| | | } |
| | | }, |
| | | "DNSMapping": { |
| | | "us-east-1": { |
| | | "domain": "us-east-1.compute.internal" |
| | | }, |
| | | "us-west-1": { |
| | | "domain": "us-west-1.compute.internal" |
| | | }, |
| | | "us-west-2": { |
| | | "domain": "us-west-2.compute.internal" |
| | | }, |
| | | "eu-west-1": { |
| | | "domain": "eu-west-1.compute.internal" |
| | | }, |
| | | "eu-central-1": { |
| | | "domain": "eu-central-1.compute.internal" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "domain": "ap-northeast-1.compute.internal" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "domain": "ap-northeast-2.compute.internal" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "domain": "ap-southeast-1.compute.internal" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "domain": "ap-southeast-2.compute.internal" |
| | | }, |
| | | "sa-east-1": { |
| | | "domain": "sa-east-1.compute.internal" |
| | | }, |
| | | "ap-south-1": { |
| | | "domain": "ap-south-1.compute.internal" |
| | | } |
| | | } |
| | | }, |
| | | "Resources": { |
| | | "Vpc": { |
| | | "Type": "AWS::EC2::VPC", |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/16", |
| | | "EnableDnsSupport": "true", |
| | | "EnableDnsHostnames": "true", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{vpcid_name_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "VpcInternetGateway": { |
| | | "Type": "AWS::EC2::InternetGateway", |
| | | "Properties": {} |
| | | }, |
| | | "VpcGA": { |
| | | "Type": "AWS::EC2::VPCGatewayAttachment", |
| | | "Properties": { |
| | | "InternetGatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VpcRouteTable": { |
| | | "Type": "AWS::EC2::RouteTable", |
| | | "Properties": { |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VPCRouteInternetGateway": { |
| | | "DependsOn" : "VpcGA", |
| | | "Type": "AWS::EC2::Route", |
| | | "Properties": { |
| | | "GatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "DestinationCidrBlock": "0.0.0.0/0", |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnet": { |
| | | "Type": "AWS::EC2::Subnet", |
| | | "DependsOn": [ |
| | | "Vpc" |
| | | ], |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/24", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ], |
| | | "MapPublicIpOnLaunch": "true", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnetRTA": { |
| | | "Type": "AWS::EC2::SubnetRouteTableAssociation", |
| | | "Properties": { |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | }, |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | } |
| | | } |
| | | }, |
| | | "HostSG": { |
| | | "Type": "AWS::EC2::SecurityGroup", |
| | | "Properties": { |
| | | "GroupDescription": "Host", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "host_sg" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "HostUDPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "udp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "HostTCPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "tcp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "zoneinternalidns": { |
| | | "Type": "AWS::Route53::HostedZone", |
| | | "Properties": { |
| | | "Name": "{{ zone_internal_dns }}", |
| | | "VPCs" : [{ |
| | | "VPCId": { "Ref" : "Vpc" }, |
| | | "VPCRegion": { "Ref": "AWS::Region" } } ], |
| | | "HostedZoneConfig": { |
| | | "Comment": "Created By ansible agnostic deployer" |
| | | } |
| | | } |
| | | }, |
| | | "BastionDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "BastionEIP" ], |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "bastion.{{subdomain_base}}.", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "Bastion": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{bastion_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "bastions" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "bastion.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "BastionEIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "Bastion" } |
| | | } |
| | | }, |
| | | "BastionInternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "bastion.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | {% for c in range(1,(ipa_instance_count|int)+1) %} |
| | | "ipa{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{ipa_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "ipa{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "ipas" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "ipa" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "ipa{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 20 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "ipa{{loop.index}}EIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "ipa{{loop.index}}" } |
| | | } |
| | | }, |
| | | "ipa{{loop.index}}InternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "ipa{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "ipa{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "ipa{{loop.index}}PubliclDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "ipa{{loop.index}}EIP" ], |
| | | "Properties": { |
| | | "HostedZoneId" : "{{HostedZoneId}}", |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "ipa{{loop.index}}.{{subdomain_base}}.", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "ipa{{loop.index}}", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | {% for c in range(1,(windows_instance_count|int)+1) %} |
| | | "windows{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "WIN2012R2AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{windows_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ |
| | | "<powershell>\n", |
| | | "$admin = [adsi]('WinNT://./administrator, user')\n", |
| | | "$admin.PSBase.Invoke('SetPassword', '{{ windows_password | default(generated_windows_password) }}')\n", |
| | | "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n", |
| | | "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n", |
| | | "</powershell>" |
| | | ]]}}, |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "windows{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "windowss" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "windows" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}_ostype", |
| | | "Value": "windows" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "windows{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 30 |
| | | } |
| | | } |
| | | ] |
| | | }}, |
| | | "windows{{loop.index}}EIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "windows{{loop.index}}" } |
| | | } |
| | | }, |
| | | "windows{{loop.index}}InternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "windows{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "windows{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "windows{{loop.index}}PubliclDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "windows{{loop.index}}EIP" ], |
| | | "Properties": { |
| | | "HostedZoneId" : "{{HostedZoneId}}", |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "windows{{loop.index}}.{{subdomain_base}}.", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "windows{{loop.index}}", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | } |
| | | {% endfor %} |
| | | |
| | | }, |
| | | "Outputs": { |
| | | "Route53internalzoneOutput": { |
| | | "Description": "The ID of the internal route 53 zone", |
| | | "Value": { |
| | | "Ref": "zoneinternalidns" |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | { |
| | | "AWSTemplateFormatVersion": "2010-09-09", |
| | | "Parameters": { }, |
| | | "Mappings": { |
| | | "RegionMapping": { |
| | | "us-east-1": { |
| | | "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd" |
| | | }, |
| | | "us-east-2": { |
| | | "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938" |
| | | }, |
| | | "us-west-1": { |
| | | "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5" |
| | | }, |
| | | "us-west-2": { |
| | | "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944" |
| | | }, |
| | | "eu-west-1": { |
| | | "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214" |
| | | }, |
| | | "eu-central-1": { |
| | | "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925" |
| | | }, |
| | | "sa-east-1": { |
| | | "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c" |
| | | }, |
| | | "ap-south-1": { |
| | | "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed" |
| | | } |
| | | }, |
| | | "DNSMapping": { |
| | | "us-east-1": { |
| | | "domain": "us-east-1.compute.internal" |
| | | }, |
| | | "us-west-1": { |
| | | "domain": "us-west-1.compute.internal" |
| | | }, |
| | | "us-west-2": { |
| | | "domain": "us-west-2.compute.internal" |
| | | }, |
| | | "eu-west-1": { |
| | | "domain": "eu-west-1.compute.internal" |
| | | }, |
| | | "eu-central-1": { |
| | | "domain": "eu-central-1.compute.internal" |
| | | }, |
| | | "ap-northeast-1": { |
| | | "domain": "ap-northeast-1.compute.internal" |
| | | }, |
| | | "ap-northeast-2": { |
| | | "domain": "ap-northeast-2.compute.internal" |
| | | }, |
| | | "ap-southeast-1": { |
| | | "domain": "ap-southeast-1.compute.internal" |
| | | }, |
| | | "ap-southeast-2": { |
| | | "domain": "ap-southeast-2.compute.internal" |
| | | }, |
| | | "sa-east-1": { |
| | | "domain": "sa-east-1.compute.internal" |
| | | }, |
| | | "ap-south-1": { |
| | | "domain": "ap-south-1.compute.internal" |
| | | } |
| | | } |
| | | }, |
| | | "Resources": { |
| | | "Vpc": { |
| | | "Type": "AWS::EC2::VPC", |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/16", |
| | | "EnableDnsSupport": "true", |
| | | "EnableDnsHostnames": "true", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{vpcid_name_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ] |
| | | }}, |
| | | "VpcInternetGateway": { |
| | | "Type": "AWS::EC2::InternetGateway", |
| | | "Properties": {} |
| | | }, |
| | | "VpcGA": { |
| | | "Type": "AWS::EC2::VPCGatewayAttachment", |
| | | "Properties": { |
| | | "InternetGatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VpcRouteTable": { |
| | | "Type": "AWS::EC2::RouteTable", |
| | | "Properties": { |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "VPCRouteInternetGateway": { |
| | | "DependsOn" : "VpcGA", |
| | | "Type": "AWS::EC2::Route", |
| | | "Properties": { |
| | | "GatewayId": { |
| | | "Ref": "VpcInternetGateway" |
| | | }, |
| | | "DestinationCidrBlock": "0.0.0.0/0", |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnet": { |
| | | "Type": "AWS::EC2::Subnet", |
| | | "DependsOn": [ |
| | | "Vpc" |
| | | ], |
| | | "Properties": { |
| | | "CidrBlock": "192.199.0.0/24", |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "Hostlication", |
| | | "Value": { |
| | | "Ref": "AWS::StackId" |
| | | } |
| | | } |
| | | ], |
| | | "MapPublicIpOnLaunch": "true", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | } |
| | | } |
| | | }, |
| | | "PublicSubnetRTA": { |
| | | "Type": "AWS::EC2::SubnetRouteTableAssociation", |
| | | "Properties": { |
| | | "RouteTableId": { |
| | | "Ref": "VpcRouteTable" |
| | | }, |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | } |
| | | } |
| | | }, |
| | | "HostSG": { |
| | | "Type": "AWS::EC2::SecurityGroup", |
| | | "Properties": { |
| | | "GroupDescription": "Host", |
| | | "VpcId": { |
| | | "Ref": "Vpc" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "host_sg" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "HostUDPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "udp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "HostTCPPorts": { |
| | | "Type": "AWS::EC2::SecurityGroupIngress", |
| | | "Properties": { |
| | | "GroupId": { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | }, |
| | | "IpProtocol": "tcp", |
| | | "FromPort": "0", |
| | | "ToPort": "65535", |
| | | "CidrIp": "0.0.0.0/0" |
| | | } |
| | | }, |
| | | "zoneinternalidns": { |
| | | "Type": "AWS::Route53::HostedZone", |
| | | "Properties": { |
| | | "Name": "{{ zone_internal_dns }}", |
| | | "VPCs" : [{ |
| | | "VPCId": { "Ref" : "Vpc" }, |
| | | "VPCRegion": { "Ref": "AWS::Region" } } ], |
| | | "HostedZoneConfig": { |
| | | "Comment": "Created By ansible agnostic deployer" |
| | | } |
| | | } |
| | | }, |
| | | "BastionDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "BastionEIP" ], |
| | | "Properties": { |
| | | "HostedZoneId": "{{HostedZoneId}}", |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "bastion.{{subdomain_base}}.", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "Bastion": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{bastion_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "bastions" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "bastion" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "bastion.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "BastionEIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "Bastion" } |
| | | } |
| | | }, |
| | | "BastionInternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "bastion.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "Bastion", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | |
| | | {% for c in range(1,(ipa_instance_count|int)+1) %} |
| | | "ipa{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "RHELAMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{ipa_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "ipa{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "ipas" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "ipa" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "ipa{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 20 |
| | | } |
| | | } |
| | | ] |
| | | } |
| | | |
| | | }, |
| | | "ipa{{loop.index}}EIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "ipa{{loop.index}}" } |
| | | } |
| | | }, |
| | | "ipa{{loop.index}}InternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "ipa{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "ipa{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "ipa{{loop.index}}PubliclDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "ipa{{loop.index}}EIP" ], |
| | | "Properties": { |
| | | "HostedZoneId" : "{{HostedZoneId}}", |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "ipa{{loop.index}}.{{subdomain_base}}.", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "ipa{{loop.index}}", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | {% endfor %} |
| | | {% for c in range(1,(windows_instance_count|int)+1) %} |
| | | "windows{{loop.index}}": { |
| | | "Type": "AWS::EC2::Instance", |
| | | "Properties": { |
| | | "ImageId": { |
| | | "Fn::FindInMap": [ |
| | | "RegionMapping", |
| | | { |
| | | "Ref": "AWS::Region" |
| | | }, |
| | | "WIN2012R2AMI" |
| | | ] |
| | | }, |
| | | "InstanceType": "{{windows_instance_type}}", |
| | | "KeyName": "{{key_name}}", |
| | | "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ |
| | | "<powershell>\n", |
| | | "$admin = [adsi]('WinNT://./administrator, user')\n", |
| | | "$admin.PSBase.Invoke('SetPassword', '{{ windows_password | default(generated_windows_password) }}')\n", |
| | | "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n", |
| | | "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n", |
| | | "</powershell>" |
| | | ]]}}, |
| | | "SecurityGroupIds": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "HostSG", |
| | | "GroupId" |
| | | ] |
| | | } |
| | | ], |
| | | "SubnetId": { |
| | | "Ref": "PublicSubnet" |
| | | }, |
| | | "Tags": [ |
| | | { |
| | | "Key": "Name", |
| | | "Value": "windows{{loop.index}}" |
| | | }, |
| | | { |
| | | "Key": "AnsibleGroup", |
| | | "Value": "windowss" |
| | | }, |
| | | { |
| | | "Key": "Project", |
| | | "Value": "{{project_tag}}" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}", |
| | | "Value": "windows" |
| | | }, |
| | | { |
| | | "Key": "{{ project_tag }}_ostype", |
| | | "Value": "windows" |
| | | }, |
| | | { |
| | | "Key": "internaldns", |
| | | "Value": "windows{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | }, |
| | | { |
| | | "Key": "owner", |
| | | "Value": "{{ email | default('unknown')}}" |
| | | } |
| | | ], |
| | | "BlockDeviceMappings": [ |
| | | { |
| | | "DeviceName": "/dev/sda1", |
| | | "Ebs": { |
| | | "VolumeSize": 50 |
| | | } |
| | | }, |
| | | { |
| | | "DeviceName": "/dev/xvdb", |
| | | "Ebs": { |
| | | "VolumeType": "gp2", |
| | | "VolumeSize": 30 |
| | | } |
| | | } |
| | | ] |
| | | }}, |
| | | "windows{{loop.index}}EIP" : { |
| | | "Type" : "AWS::EC2::EIP", |
| | | "DependsOn": [ "VpcGA" ], |
| | | "Properties" : { |
| | | "InstanceId" : { "Ref" : "windows{{loop.index}}" } |
| | | } |
| | | }, |
| | | "windows{{loop.index}}InternalDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "Properties": { |
| | | "HostedZoneId" : { "Ref" : "zoneinternalidns" }, |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "windows{{loop.index}}.{{zone_internal_dns}}", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "windows{{loop.index}}", |
| | | "PrivateIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | }, |
| | | "windows{{loop.index}}PubliclDNS": { |
| | | "Type": "AWS::Route53::RecordSetGroup", |
| | | "DependsOn": [ "windows{{loop.index}}EIP" ], |
| | | "Properties": { |
| | | "HostedZoneId" : "{{HostedZoneId}}", |
| | | |
| | | "RecordSets": [ |
| | | { |
| | | "Name": "windows{{loop.index}}.{{subdomain_base}}.", |
| | | "Type": "A", |
| | | "TTL": "10", |
| | | "ResourceRecords": [ |
| | | { |
| | | "Fn::GetAtt": [ |
| | | "windows{{loop.index}}", |
| | | "PublicIp" |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | ] |
| | | } |
| | | } |
| | | {% endfor %} |
| | | |
| | | }, |
| | | "Outputs": { |
| | | "Route53internalzoneOutput": { |
| | | "Description": "The ID of the internal route 53 zone", |
| | | "Value": { |
| | | "Ref": "zoneinternalidns" |
| | | } |
| | | } |
| | | } |
| | | } |
New file |
| | |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Mappings: |
| | | RegionMapping: |
| | | "us-east-1": |
| | | RHELAMI: "ami-b63769a1" |
| | | WIN2012R2AMI: "ami-c6e9d9bd" |
| | | "us-east-2": |
| | | RHELAMI: "ami-0932686c" |
| | | WIN2012R2AMI: "ami-5d99b938" |
| | | "us-west-1": |
| | | RHELAMI: "ami-2cade64c" |
| | | WIN2012R2AMI: "ami-c52d07a5" |
| | | "us-west-2": |
| | | RHELAMI: "ami-6f68cf0f" |
| | | WIN2012R2AMI: "ami-3c4ba944" |
| | | "eu-west-1": |
| | | RHELAMI: "ami-02ace471" |
| | | WIN2012R2AMI: "ami-6dd02214" |
| | | "eu-central-1": |
| | | RHELAMI: "ami-e4c63e8b" |
| | | WIN2012R2AMI: "ami-8306afec" |
| | | "ap-northeast-1": |
| | | RHELAMI: "ami-5de0433c" |
| | | WIN2012R2AMI: "ami-c229dfa4" |
| | | "ap-northeast-2": |
| | | RHELAMI: "ami-44db152a" |
| | | WIN2012R2AMI: "ami-098a5267" |
| | | "ap-southeast-1": |
| | | RHELAMI: "ami-2c95344f" |
| | | WIN2012R2AMI: "ami-c87c19ab" |
| | | "ap-southeast-2": |
| | | RHELAMI: "ami-39ac915a" |
| | | WIN2012R2AMI: "ami-46f1e925" |
| | | "sa-east-1": |
| | | RHELAMI: "ami-7de77b11" |
| | | WIN2012R2AMI: "ami-f0b4c59c" |
| | | "ap-south-1": |
| | | RHELAMI: "ami-cdbdd7a2" |
| | | WIN2012R2AMI: "ami-82fe84ed" |
| | | DNSMapping: |
| | | "us-east-1": |
| | | domain: "us-east-1.compute.internal" |
| | | "us-west-1": |
| | | domain: "us-west-1.compute.internal" |
| | | "us-west-2": |
| | | domain: "us-west-2.compute.internal" |
| | | "eu-west-1": |
| | | domain: "eu-west-1.compute.internal" |
| | | "eu-central-1": |
| | | domain: "eu-central-1.compute.internal" |
| | | "ap-northeast-1": |
| | | domain: "ap-northeast-1.compute.internal" |
| | | "ap-northeast-2": |
| | | domain: "ap-northeast-2.compute.internal" |
| | | "ap-southeast-1": |
| | | domain: "ap-southeast-1.compute.internal" |
| | | "ap-southeast-2": |
| | | domain: "ap-southeast-2.compute.internal" |
| | | "sa-east-1": |
| | | domain: "sa-east-1.compute.internal" |
| | | "ap-south-1": |
| | | domain: "ap-south-1.compute.internal" |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "192.199.0.0/16" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | PublicSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | CidrBlock: "192.199.0.0/24" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{project_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | HostSG: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: host_sg |
| | | HostUDPPorts: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: udp |
| | | FromPort: 0 |
| | | ToPort: 65535 |
| | | CidrIp: "0.0.0.0/0" |
| | | HostTCPPorts: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: tcp |
| | | FromPort: 0 |
| | | ToPort: 65535 |
| | | CidrIp: "0.0.0.0/0" |
| | | zoneinternalidns: |
| | | Type: "AWS::Route53::HostedZone" |
| | | Properties: |
| | | Name: "{{ zone_internal_dns }}" |
| | | VPCs: |
| | | - VPCId: |
| | | Ref: Vpc |
| | | VPCRegion: |
| | | Ref: "AWS::Region" |
| | | HostedZoneConfig: |
| | | Comment: "Created By ansible agnostic deployer" |
| | | BastionDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - BastionEIP |
| | | Properties: |
| | | HostedZoneId: "{{HostedZoneId}}" |
| | | RecordSets: |
| | | - Name: "bastion.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - Bastion |
| | | - PublicIp |
| | | Bastion: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - RHELAMI |
| | | InstanceType: "{{bastion_instance_type}}" |
| | | KeyName: "{{key_name}}" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: bastion |
| | | - Key: AnsibleGroup |
| | | Value: bastions |
| | | - Key: Project |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: bastion |
| | | - Key: internaldns |
| | | Value: "bastion.{{chomped_zone_internal_dns}}" |
| | | - Key: owner |
| | | Value: "{{ email | default('unknown')}}" |
| | | BastionEIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: Bastion |
| | | BastionInternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "bastion.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - Bastion |
| | | - PrivateIp |
| | | |
| | | {% for c in range(1,(ipa_instance_count|int)+1) %} |
| | | ipa{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - RHELAMI |
| | | InstanceType: "{{ipa_instance_type}}" |
| | | KeyName: "{{key_name}}" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: ipa{{loop.index}} |
| | | - Key: AnsibleGroup |
| | | Value: ipas |
| | | - Key: Project |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: ipa |
| | | - Key: internaldns |
| | | Value: "ipa{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | - Key: owner |
| | | Value: "{{ email | default('unknown')}}" |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: 50 |
| | | - DeviceName: "/dev/xvdb" |
| | | Ebs: |
| | | VolumeType: gp2 |
| | | VolumeSize: 20 |
| | | ipa{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: ipa{{loop.index}} |
| | | ipa{{loop.index}}InternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "ipa{{loop.index}}.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - ipa{{loop.index}} |
| | | - PrivateIp |
| | | ipa{{loop.index}}PubliclDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - ipa{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "ipa{{loop.index}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - ipa{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | {% for c in range(1,(windows_instance_count|int)+1) %} |
| | | windows{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - WIN2012R2AMI |
| | | InstanceType: "{{windows_instance_type}}" |
| | | KeyName: "{{key_name}}" |
| | | UserData: |
| | | "Fn::Base64": |
| | | "Fn::Join": |
| | | - "" |
| | | - - "<powershell>\n" |
| | | - "$admin = [adsi]('WinNT://./administrator, user')\n" |
| | | - "$admin.PSBase.Invoke('SetPassword', 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==')\n" |
| | | - "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n" |
| | | - "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n" |
| | | - "</powershell>" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: windows{{loop.index}} |
| | | - Key: AnsibleGroup |
| | | Value: windowss |
| | | - Key: Project |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: windows |
| | | - Key: "{{project_tag}}_ostype" |
| | | Value: windows |
| | | - Key: internaldns |
| | | Value: "windows{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | - Key: owner |
| | | Value: "{{ email | default('unknown')}}" |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: 50 |
| | | - DeviceName: "/dev/xvdb" |
| | | Ebs: |
| | | VolumeType: gp2 |
| | | VolumeSize: 30 |
| | | windows{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: windows{{loop.index}} |
| | | windows{{loop.index}}InternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "windows{{loop.index}}.{{chomped_zone_internal_dns}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - windows{{loop.index}} |
| | | - PrivateIp |
| | | windows{{loop.index}}PubliclDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - windows{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "windows{{loop.index}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - windows{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | Outputs: |
| | | Route53internalzoneOutput: |
| | | Description: "The ID of the internal route 53 zone" |
| | | Value: |
| | | Ref: zoneinternalidns |
New file |
| | |
| | | AWSTemplateFormatVersion: "2010-09-09" |
| | | Parameters: |
| | | Mappings: |
| | | RegionMapping: |
| | | "us-east-1": |
| | | RHELAMI: "ami-b63769a1" |
| | | WIN2012R2AMI: "ami-c6e9d9bd" |
| | | "us-east-2": |
| | | RHELAMI: "ami-0932686c" |
| | | WIN2012R2AMI: "ami-5d99b938" |
| | | "us-west-1": |
| | | RHELAMI: "ami-2cade64c" |
| | | WIN2012R2AMI: "ami-c52d07a5" |
| | | "us-west-2": |
| | | RHELAMI: "ami-6f68cf0f" |
| | | WIN2012R2AMI: "ami-3c4ba944" |
| | | "eu-west-1": |
| | | RHELAMI: "ami-02ace471" |
| | | WIN2012R2AMI: "ami-6dd02214" |
| | | "eu-central-1": |
| | | RHELAMI: "ami-e4c63e8b" |
| | | WIN2012R2AMI: "ami-8306afec" |
| | | "ap-northeast-1": |
| | | RHELAMI: "ami-5de0433c" |
| | | WIN2012R2AMI: "ami-c229dfa4" |
| | | "ap-northeast-2": |
| | | RHELAMI: "ami-44db152a" |
| | | WIN2012R2AMI: "ami-098a5267" |
| | | "ap-southeast-1": |
| | | RHELAMI: "ami-2c95344f" |
| | | WIN2012R2AMI: "ami-c87c19ab" |
| | | "ap-southeast-2": |
| | | RHELAMI: "ami-39ac915a" |
| | | WIN2012R2AMI: "ami-46f1e925" |
| | | "sa-east-1": |
| | | RHELAMI: "ami-7de77b11" |
| | | WIN2012R2AMI: "ami-f0b4c59c" |
| | | "ap-south-1": |
| | | RHELAMI: "ami-cdbdd7a2" |
| | | WIN2012R2AMI: "ami-82fe84ed" |
| | | DNSMapping: |
| | | "us-east-1": |
| | | domain: "us-east-1.compute.internal" |
| | | "us-west-1": |
| | | domain: "us-west-1.compute.internal" |
| | | "us-west-2": |
| | | domain: "us-west-2.compute.internal" |
| | | "eu-west-1": |
| | | domain: "eu-west-1.compute.internal" |
| | | "eu-central-1": |
| | | domain: "eu-central-1.compute.internal" |
| | | "ap-northeast-1": |
| | | domain: "ap-northeast-1.compute.internal" |
| | | "ap-northeast-2": |
| | | domain: "ap-northeast-2.compute.internal" |
| | | "ap-southeast-1": |
| | | domain: "ap-southeast-1.compute.internal" |
| | | "ap-southeast-2": |
| | | domain: "ap-southeast-2.compute.internal" |
| | | "sa-east-1": |
| | | domain: "sa-east-1.compute.internal" |
| | | "ap-south-1": |
| | | domain: "ap-south-1.compute.internal" |
| | | Resources: |
| | | Vpc: |
| | | Type: "AWS::EC2::VPC" |
| | | Properties: |
| | | CidrBlock: "192.199.0.0/16" |
| | | EnableDnsSupport: true |
| | | EnableDnsHostnames: true |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{vpcid_name_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | VpcInternetGateway: |
| | | Type: "AWS::EC2::InternetGateway" |
| | | Properties: |
| | | VpcGA: |
| | | Type: "AWS::EC2::VPCGatewayAttachment" |
| | | Properties: |
| | | InternetGatewayId: |
| | | Ref: VpcInternetGateway |
| | | VpcId: |
| | | Ref: Vpc |
| | | VpcRouteTable: |
| | | Type: "AWS::EC2::RouteTable" |
| | | Properties: |
| | | VpcId: |
| | | Ref: Vpc |
| | | VPCRouteInternetGateway: |
| | | DependsOn: VpcGA |
| | | Type: "AWS::EC2::Route" |
| | | Properties: |
| | | GatewayId: |
| | | Ref: VpcInternetGateway |
| | | DestinationCidrBlock: "0.0.0.0/0" |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | PublicSubnet: |
| | | Type: "AWS::EC2::Subnet" |
| | | DependsOn: |
| | | - Vpc |
| | | Properties: |
| | | CidrBlock: "192.199.0.0/24" |
| | | Tags: |
| | | - Key: Name |
| | | Value: "{{project_tag}}" |
| | | - Key: Hostlication |
| | | Value: |
| | | Ref: "AWS::StackId" |
| | | MapPublicIpOnLaunch: true |
| | | VpcId: |
| | | Ref: Vpc |
| | | PublicSubnetRTA: |
| | | Type: "AWS::EC2::SubnetRouteTableAssociation" |
| | | Properties: |
| | | RouteTableId: |
| | | Ref: VpcRouteTable |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | HostSG: |
| | | Type: "AWS::EC2::SecurityGroup" |
| | | Properties: |
| | | GroupDescription: Host |
| | | VpcId: |
| | | Ref: Vpc |
| | | Tags: |
| | | - Key: Name |
| | | Value: host_sg |
| | | HostUDPPorts: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: udp |
| | | FromPort: 0 |
| | | ToPort: 65535 |
| | | CidrIp: "0.0.0.0/0" |
| | | HostTCPPorts: |
| | | Type: "AWS::EC2::SecurityGroupIngress" |
| | | Properties: |
| | | GroupId: |
| | | "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | IpProtocol: tcp |
| | | FromPort: 0 |
| | | ToPort: 65535 |
| | | CidrIp: "0.0.0.0/0" |
| | | zoneinternalidns: |
| | | Type: "AWS::Route53::HostedZone" |
| | | Properties: |
| | | Name: "{{ zone_internal_dns }}" |
| | | VPCs: |
| | | - VPCId: |
| | | Ref: Vpc |
| | | VPCRegion: |
| | | Ref: "AWS::Region" |
| | | HostedZoneConfig: |
| | | Comment: "Created By ansible agnostic deployer" |
| | | BastionDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - BastionEIP |
| | | Properties: |
| | | HostedZoneId: "{{HostedZoneId}}" |
| | | RecordSets: |
| | | - Name: "bastion.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - Bastion |
| | | - PublicIp |
| | | Bastion: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - RHELAMI |
| | | InstanceType: "{{bastion_instance_type}}" |
| | | KeyName: "{{key_name}}" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: bastion |
| | | - Key: AnsibleGroup |
| | | Value: bastions |
| | | - Key: Project |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: bastion |
| | | - Key: internaldns |
| | | Value: "bastion.{{chomped_zone_internal_dns}}" |
| | | - Key: owner |
| | | Value: "{{ email | default('unknown')}}" |
| | | BastionEIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: Bastion |
| | | BastionInternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "bastion.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - Bastion |
| | | - PrivateIp |
| | | |
| | | {% for c in range(1,(ipa_instance_count|int)+1) %} |
| | | ipa{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - RHELAMI |
| | | InstanceType: "{{ipa_instance_type}}" |
| | | KeyName: "{{key_name}}" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: ipa{{loop.index}} |
| | | - Key: AnsibleGroup |
| | | Value: ipas |
| | | - Key: Project |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: ipa |
| | | - Key: internaldns |
| | | Value: "ipa{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | - Key: owner |
| | | Value: "{{ email | default('unknown')}}" |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: 50 |
| | | - DeviceName: "/dev/xvdb" |
| | | Ebs: |
| | | VolumeType: gp2 |
| | | VolumeSize: 20 |
| | | ipa{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: ipa{{loop.index}} |
| | | ipa{{loop.index}}InternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "ipa{{loop.index}}.{{zone_internal_dns}}" |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - ipa{{loop.index}} |
| | | - PrivateIp |
| | | ipa{{loop.index}}PubliclDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - ipa{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "ipa{{loop.index}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - ipa{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | {% for c in range(1,(windows_instance_count|int)+1) %} |
| | | windows{{loop.index}}: |
| | | Type: "AWS::EC2::Instance" |
| | | Properties: |
| | | ImageId: |
| | | "Fn::FindInMap": |
| | | - RegionMapping |
| | | - Ref: "AWS::Region" |
| | | - WIN2012R2AMI |
| | | InstanceType: "{{windows_instance_type}}" |
| | | KeyName: "{{key_name}}" |
| | | UserData: |
| | | "Fn::Base64": |
| | | "Fn::Join": |
| | | - "" |
| | | - "<powershell>\n" |
| | | - "$admin = [adsi]('WinNT://./administrator, user')\n" |
| | | - "$admin.PSBase.Invoke('SetPassword', 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==')\n" |
| | | - "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n" |
| | | - "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n" |
| | | - "</powershell>" |
| | | SecurityGroupIds: |
| | | - "Fn::GetAtt": |
| | | - HostSG |
| | | - GroupId |
| | | SubnetId: |
| | | Ref: PublicSubnet |
| | | Tags: |
| | | - Key: Name |
| | | Value: windows{{loop.index}} |
| | | - Key: AnsibleGroup |
| | | Value: windowss |
| | | - Key: Project |
| | | Value: "{{project_tag}}" |
| | | - Key: "{{project_tag}}" |
| | | Value: windows |
| | | - Key: "{{project_tag}}_ostype" |
| | | Value: windows |
| | | - Key: internaldns |
| | | Value: "windows{{loop.index}}.{{chomped_zone_internal_dns}}" |
| | | - Key: owner |
| | | Value: "{{ email | default('unknown')}}" |
| | | BlockDeviceMappings: |
| | | - DeviceName: "/dev/sda1" |
| | | Ebs: |
| | | VolumeSize: 50 |
| | | - DeviceName: "/dev/xvdb" |
| | | Ebs: |
| | | VolumeType: gp2 |
| | | VolumeSize: 30 |
| | | windows{{loop.index}}EIP: |
| | | Type: "AWS::EC2::EIP" |
| | | DependsOn: |
| | | - VpcGA |
| | | Properties: |
| | | InstanceId: |
| | | Ref: windows{{loop.index}} |
| | | windows{{loop.index}}InternalDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | Properties: |
| | | HostedZoneId: |
| | | Ref: zoneinternalidns |
| | | RecordSets: |
| | | - Name: "windows{{loop.index}}.{{chomped_zone_internal_dns}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - windows{{loop.index}} |
| | | - PrivateIp |
| | | windows{{loop.index}}PubliclDNS: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - windows{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneId: {{HostedZoneId}} |
| | | RecordSets: |
| | | - Name: "windows{{loop.index}}.{{subdomain_base}}." |
| | | Type: A |
| | | TTL: 10 |
| | | ResourceRecords: |
| | | - "Fn::GetAtt": |
| | | - windows{{loop.index}} |
| | | - PublicIp |
| | | {% endfor %} |
| | | Outputs: |
| | | Route53internalzoneOutput: |
| | | Description: "The ID of the internal route 53 zone" |
| | | Value: |
| | | Ref: zoneinternalidns |
New file |
| | |
| | | [GenericExample:vars] |
| | | |
| | | ########################################################################### |
| | | ### Ansible Vars |
| | | ########################################################################### |
| | | timeout=60 |
| | | ansible_become=yes |
| | | ansible_ssh_user={{remote_user}} |
| | | |
| | | |
| | | [GenericExample:children] |
| | | ipas |
| | | windows |
| | | |
| | | |
| | | |
| | | [ipas] |
| | | ## These are the ipas |
| | | {% for host in groups['ipas'] %} |
| | | ipa{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=ipa{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}} |
| | | {% endfor %} |
| | | |
| | | [windows] |
| | | ## These are the windows servers |
| | | {% for host in groups['windows'] %} |
| | | windows{{loop.index}}.{{chomped_zone_internal_dns}} ssh_host={{host}} ansible_password={{hostvars[host]['ansible_password']}} |
| | | {% endfor %} |
| | | |
| | | |
| | | [windows:vars] |
| | | ansible_connection=winrm |
| | | ansible_port=5986 |
| | | ansible_ssh_port=5986 |
| | | ansible_user=Administrator |
| | | ansible_ssh_user=Administrator |
| | | ansible_winrm_server_cert_validation=ignore |
| | | ansible_winrm_transport=basic |
| | | ansible_become=false |
New file |
| | |
| | | #!/bin/bash |
| | | |
| | | DOMAIN="{{ipa_domain}}" |
| | | REALM=$(echo $DOMAIN | tr [a-z] [A-Z]) |
| | | IPADDR=`curl www.opentlc.com/getip` |
| | | |
| | | ipa pwpolicy-mod global_policy --maxlife=20000 |
| | | |
| | | echo -e "Creating user groups...\n" |
| | | echo -e r3dh4t1! | kinit admin |
| | | ipa group-add ocp-users --desc="Users with OpenShift access" |
| | | ipa group-add portalapp --desc="Developers in the Portal App Project" |
| | | ipa group-add paymentapp --desc="Developers in the Payment App Project" |
| | | ipa group-add ocp-production --desc="Administrators and Operations team, have access to modify projects in production" |
| | | ipa group-add ocp-platform --desc="Users with full cluster administration control" |
| | | |
| | | |
| | | yum install -y expect |
| | | echo -e "Creating users...\n" |
| | | for user in andrew marina karla david portal1 portal2 payment1 payment2 prod1 prod2 platform1 platform2 admin1 admin2 |
| | | do |
| | | kdestroy |
| | | echo -e r3dh4t1! | kinit admin |
| | | userpw=$(ipa user-add --first=$user --last=OCPUser \ |
| | | --displayname="OpenShift User $user" --random $user | grep \ |
| | | -i password | awk ' {print $3}') |
| | | newpw='r3dh4t1!' |
| | | # add user to ocp group |
| | | ipa group-add-member ocp-users --users=$user |
| | | kdestroy |
| | | expect -c ' |
| | | spawn kinit '"$user"' |
| | | expect { |
| | | -re ".*COM:" { |
| | | send "'"$userpw"'\r" |
| | | exp_continue |
| | | } |
| | | -re ".*password:" { |
| | | send "'"$newpw"'\r" |
| | | exp_continue |
| | | } |
| | | -re ".*again:" { |
| | | send "'"$newpw"'\r" |
| | | } |
| | | } |
| | | expect eof ' |
| | | done |
| | | |
| | | kdestroy |
| | | echo -e r3dh4t1! | kinit admin |
| | | echo -e "Putting users in their appropriate group(s)...\n" |
| | | ipa group-add-member portalapp --users andrew |
| | | ipa group-add-member portalapp --users portal1 |
| | | ipa group-add-member portalapp --users portal2 |
| | | ipa group-add-member paymentapp --users marina |
| | | ipa group-add-member paymentapp --users payment1 |
| | | ipa group-add-member paymentapp --users payment2 |
| | | ipa group-add-member ocp-production --users karla |
| | | ipa group-add-member ocp-production --users prod1 |
| | | ipa group-add-member ocp-production --users prod2 |
| | | ipa group-add-member ocp-production --users karla |
| | | ipa group-add-member ocp-platform --users david |
| | | ipa group-add-member ocp-platform --users admin1 |
| | | ipa group-add-member ocp-platform --users admin2 |
| | | |
| | | |
| | | |
| | | #.LDAP groups |
| | | #* "ocp-users" group - All users who have access to OpenShift |
| | | #* "portalapp" group - Developers in the "Portal App" Project |
| | | #* "paymentapp" group - Developers in the "Payment App" Project |
| | | #* "ocp-production" group - Administrators and Operations team, have access to modify projects in production |
| | | #* "ocp-platform" group - users with full cluster administration control |
| | | #+ |
| | | #NOTE: Users and Groups are already created in our IPA (idm.example.com) host. |
| | | # |
| | | #.LDAP users |
| | | #* *Andrew*, portal1 and portal2 are Developers in the "Portal App" team. |
| | | #* *Marina*, payment1 and payment2 are Developers in the "Payment App" team. |
| | | #* *Karla*, prod1 and prod2 are Operations administrators in the "Portal App" and "Payment App" teams. |
| | | #* *David*, admin1 and admin2 are members of the "ocp-platform" group with full cluster administration control. |
| | | #+ |
| | | #NOTE: All user passwords are "r3dh4t1!" |
| | | # |
| | | #.Projects |
| | | #* The "Portal App" Application uses the following projects: |
| | | #- "portalapp-dev" - Access granted to "portalapp" group |
| | | #- "portalapp-test" - Access granted to "portalapp" group |
| | | #- "portalapp-prod" - Access granted to "ocp-production" group |
| | | #* The "Payment App" Application uses the following projects: |
| | | #- "paymentapp-dev" - Access granted to "portalapp" group |
| | | #- "paymentapp-test" - Access granted to "portalapp" group |
| | | #- "paymentapp-prod" - Access granted to "ocp-production" group |
New file |
| | |
| | | [rhel-7-server-rpms] |
| | | name=Red Hat Enterprise Linux 7 |
| | | baseurl={{own_repo_path}}/rhel-7-server-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-rh-common-rpms] |
| | | name=Red Hat Enterprise Linux 7 Common |
| | | baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-extras-rpms] |
| | | name=Red Hat Enterprise Linux 7 Extras |
| | | baseurl={{own_repo_path}}/rhel-7-server-extras-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [rhel-7-server-optional-rpms] |
| | | name=Red Hat Enterprise Linux 7 Optional |
| | | baseurl={{own_repo_path}}/rhel-7-server-optional-rpms |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | |
| | | [epel] |
| | | name=Extra Packages for Enterprise Linux 7 - $basearch |
| | | baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch |
| | | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch |
| | | failovermethod=priority |
| | | enabled=1 |
| | | gpgcheck=0 |
| | | #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 |
New file |
| | |
| | | - name: Step 002 Post Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step002 |
| | | - post_infrastructure |
| | | tasks: |
| | | |
| | | - name: Job Template to launch a Job Template with update on launch inventory set |
| | | uri: |
| | | url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" |
| | | method: POST |
| | | user: "{{tower_admin}}" |
| | | password: "{{tower_admin_password}}" |
| | | body: |
| | | extra_vars: |
| | | guid: "{{guid}}" |
| | | ipa_host_password: "{{ipa_host_password}}" |
| | | |
| | | body_format: json |
| | | validate_certs: False |
| | | HEADER_Content-Type: "application/json" |
| | | status_code: 200, 201 |
| | | when: tower_run == 'true' |
New file |
| | |
| | | - name: Step 00xxxxx post software |
| | | hosts: support |
| | | gather_facts: False |
| | | become: yes |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software tasks Started" |
| | | |
| | | |
| | | - name: Install IPA role on server |
| | | hosts: ipas |
| | | gather_facts: False |
| | | become: yes |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml" |
| | | run_once: true |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/ipa-server", configure_firewalld: "false" } |
| | | tags: |
| | | - ipa_server_tasks |
| | | - install_ipa |
| | | |
| | | |
| | | - name: Step005 sample opentlc users |
| | | hosts: ipas |
| | | gather_facts: False |
| | | become: yes |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: generate ipa sample user script |
| | | template: |
| | | src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/opentlc-sample-config.sh.j2" |
| | | dest: "/root/opentlc-sample-config.sh" |
| | | - name: Create opentlc sample users |
| | | shell: "bash /root/opentlc-sample-config.sh" |
| | | |
| | | - name: Configure windows AD on first windows machine |
| | | hosts: |
| | | - windows[0] |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml" |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | - windows_tasks |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/windows-ad", when: install_win_ad | bool } |
| | | tasks: |
| | | - name: Reboot upon promotion |
| | | win_reboot: |
| | | when: install_win_ad | bool |
| | | |
| | | - name: Wait for connection |
| | | wait_for_connection: |
| | | when: install_win_ad | bool |
| | | |
| | | - name: PostSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - post_flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Post-Software checks completed successfully" |
New file |
| | |
| | | - name: Step 000 Pre Infrastructure |
| | | hosts: localhost |
| | | connection: local |
| | | become: false |
| | | vars_files: |
| | | - "./env_vars.yml" |
| | | - "./env_secret_vars.yml" |
| | | tags: |
| | | - step001 |
| | | - pre_infrastructure |
| | | tasks: |
| | | - name: if windows_password is not defined, generate one |
| | | when: windows_password is not defined |
| | | block: |
| | | - name: Stat workdir/[...]_windows_password.txt file |
| | | stat: |
| | | path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{guid}}_windows_password.txt" |
| | | register: passwordfile |
| | | # This task needs to be "ansibled", we cannot assume tr exists |
| | | # This also doesn't work on MAC, that does have tr. |
| | | - name: Generate windows Administrator password if not already defined |
| | | command: openssl rand -base64 25 |
| | | register: password_gen_r |
| | | when: not passwordfile.stat.exists |
| | | |
| | | - name: Read windows password from workdir/[...]_windows_password.txt file |
| | | command: "cat '{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{guid}}_windows_password.txt'" |
| | | register: password_get_r |
| | | changed_when: false |
| | | when: passwordfile.stat.exists |
| | | |
| | | - name: set_fact windows_password (just generated) |
| | | set_fact: |
| | | generated_windows_password: "{{ password_gen_r.stdout }}" |
| | | windows_password: "{{ password_gen_r.stdout }}" |
| | | when: not passwordfile.stat.exists |
| | | |
| | | - name: set_fact windows_password (previously generated) |
| | | set_fact: |
| | | generated_windows_password: "{{ password_get_r.stdout }}" |
| | | when: passwordfile.stat.exists |
| | | |
| | | - name: Save windows_password or generated_windows_password into workdir/ |
| | | copy: |
| | | content: "{{ windows_password | default(generated_windows_password) }}" |
| | | dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{guid}}_windows_password.txt" |
| | | mode: 0600 |
New file |
| | |
| | | |
| | | - name: Step 003 - Create env key |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - step003 |
| | | - generate_env_keys |
| | | tasks: |
| | | - name: Generate SSH keys |
| | | shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N "" |
| | | args: |
| | | creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" |
| | | when: set_env_authorized_key |
| | | |
| | | # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} |
| | | |
| | | - name: Configure all hosts with Repositories, Common Files and Set environment key |
| | | hosts: |
| | | - all:!windows |
| | | become: true |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml" |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' } |
| | | |
| | | - name: Configuring Bastion Hosts |
| | | hosts: bastions |
| | | become: true |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' } |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | - name: Configure windows machines |
| | | hosts: |
| | | - windows |
| | | gather_facts: False |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml" |
| | | tags: |
| | | - step004 |
| | | - common_tasks |
| | | - windows_tasks |
| | | roles: |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/windows-common" |
| | | when: install_win_ssh |
| | | |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |
| | | connection: local |
| | | gather_facts: false |
| | | become: false |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | tags: |
| | | - flight_check |
| | | tasks: |
| | | - debug: |
| | | msg: "Pre-Software checks completed successfully" |
New file |
| | |
| | | ansible_ssh_extra_args: "-F {{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf -o StrictHostKeyChecking=no" |
| | |
| | | - name: set host name |
| | | hostname: |
| | | name: "{{ipa_public_dns_chomped}}" |
| | | - name: set hostname in /etc/hosts |
| | | shell: "echo 127.0.0.1 {{ ipa_public_dns_chomped }} > /etc/hosts" |
| | | |
| | | - name: get local ip |
| | | shell: "ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1" |
| | | register: local_ip |
| | | - debug: |
| | | var: local_ip |
| | | - debug: |
| | | var: hostvars['private_ip'] |
| | | - name: set hostname in /etc/hosts |
| | | shell: "echo {{local_ip.stdout}} `hostname` > /etc/hosts" |
| | | |
| | | |
| | | - name: Run the ipa-server-install command |
| | | shell: ipa-server-install -U --setup-dns --ip-address={{local_ip.stdout}} --hostname={{ ipa_public_dns_chomped }} --domain={{ ipa_domain }} --realm={{ ipa_realm }} --ds-password={{ ipa_directory_manager_password }} --admin-password={{ ipa_principal_user_password }} --no-forwarders |
| | | ignore_errors: true |