create auth-playground-lab and updated ipa-server role

sborenst

2017-10-29 bd3d3513415e69d858d5480b84e8ab56027cd64f

create auth-playground-lab and updated ipa-server role

 ansible/configs/auth-playground-lab/README.adoc

New file
@@ -0,0 +1,94 @@
= auth-playground config

== Set up your "Secret" variables

* You need to provide some credentials for deployments to work
* Create a file called "env_secret_vars.yml" and put it in the
 ./ansible/configs/CONFIGNAME/ directory.
** At this point this file *has to be created* even if no vars from it are used.
* You can choose to provide these values as extra vars (-e "var=value") in the
 command line if you prefer not to keep sensitive information in a file.

.Example contents of "Secret" Vars file
----
# ## Logon credentials for Red Hat Network
# ## Required if using the subscription component
# ## of this playbook.
rhel_subscription_user: ''
rhel_subscription_pass: ''
#
# ## LDAP Bind Password
bindPassword: ''
#
# ## Desired admin name and password if required
admin_user: ""
admin_user_password: ""
#
# ## AWS Credentials. This is required.
aws_access_key_id: ""
aws_secret_access_key: ""
#If using repo_method: satellite, you must set these values as well.
satellite_url: https://satellite.example.com
satellite_org: Sat_org_name
satellite_activationkey: "rhel7basic"

----

== Review the Env_Type variable file

* This file link:./env_vars.yml[./env_vars.yml] contains all the variables you
 need to define to control the deployment of your environment.


== Running Ansible Playbook

You can run the playbook with the following arguments to overwrite the default variable values:
[source,bash]
----
REGION=ap-southeast-2
KEYNAME=ocpkey
GUID=authplay1
ENVTYPE="auth-playground-lab"
CLOUDPROVIDER=ec2
HOSTZONEID='Z3IHLWJZOU9SRT'
REPO_PATH='http://admin.example.com/repos/ocp/3.6/'

BASESUFFIX='.example.opentlc.com'
DEPLOYER_REPO_PATH=`pwd`

ansible-playbook \
   ${DEPLOYER_REPO_PATH}/main.yml  \
    -e "ANSIBLE_REPO_PATH=${DEPLOYER_REPO_PATH}" \
      -e "guid=${GUID}" \
      -e "env_type=${ENVTYPE}" \
      -e "key_name=${KEYNAME}" \
      -e "subdomain_base_suffix=${BASESUFFIX}" \
        -e "cloud_provider=${CLOUDPROVIDER}" \
        -e "aws_region=${REGION}" \
        -e "HostedZoneId=${HOSTZONEID}" \
        -e "email=shacharb@redhat.com" \
      -e "install_ipa_client=false" \
      -e "repo_method=file" -e "own_repo_path=${REPO_PATH}" -e "repo_version=${REPO_VERSION}" \
      -e "software_to_deploy=none"




----

=== To Delete an environment
----

REGION=ap-southeast-2
KEYNAME=ocpkey
GUID=devgenericdemo1
ENVTYPE="generic-demo-example"
CLOUDPROVIDER=ec2
HOSTZONEID='Z3IHLWJZOU9SRT'
BASESUFFIX='.example.opentlc.com'
#To Destroy an Env
ansible-playbook -i inventory/ ./configs/${ENVTYPE}/destroy_env.yml \
 -e "guid=${GUID}" -e "env_type=${ENVTYPE}"  -e "cloud_provider=${CLOUDPROVIDER}" -e "aws_region=${REGION}"  \
 -e "HostedZoneId=${HOSTZONEID}"  -e "key_name=${KEYNAME}"  -e "subdomain_base_suffix=${BASESUFFIX}"

----

 ansible/configs/auth-playground-lab/destroy_env.yml

New file
@@ -0,0 +1,30 @@
- name: Delete Infrastructure
  hosts: localhost
  connection: local
  gather_facts: False
  become: no
  vars_files:
    - "./env_vars.yml"
    - "./env_secret_vars.yml"

  tasks:
    - name: Destroy cloudformation template
      cloudformation:
        stack_name: "{{project_tag}}"
        state: "absent"
        region: "{{aws_region}}"
        disable_rollback: false
        tags:
          Stack: "project {{env_type}}-{{ guid }}"
      tags: [ destroying, destroy_cf_deployment ]
      register: cloudformation_result
      until: cloudformation_result|succeeded
      retries: 5
      delay: 60
      ignore_errors: yes

    - name: report Cloudformation error
      fail:
        msg: "FAIL {{ project_tag }} Destroy Cloudformation"
      when: not cloudformation_result|succeeded
      tags: [ destroying, destroy_cf_deployment ]

 ansible/configs/auth-playground-lab/env_vars.yml

New file
@@ -0,0 +1,168 @@
## TODO: What variables can we strip out of here to build complex variables?
## i.e. what can we add into group_vars as opposed to config_vars?
## Example: We don't really need "subdomain_base_short". If we want to use this,
## should just toss in group_vars/all.
### Also, we should probably just create a variable reference in the README.md
### For now, just tagging comments in line with configuration file.

### Vars that can be removed:
# use_satellite: true
# use_subscription_manager: false
# use_own_repos: false
ipa_domain: "{{subdomain_base}}"
ipa_realm: "{{ ipa_domain|upper }}"
ipa_directory_manager_password: "{{admin_user_password}}"
ipa_principal_user_password: "{{admin_user_password}}"
admin_user: 'admin'
admin_user_password: 'r3dh4t1!'
###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
###### OR PASS as "-e" args to ansible-playbook command

### Common Host settings
install_win_ssh: true
install_win_ad: true
repo_method: file # Other Options are: file, satellite and rhn
windows_password: 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg=='

# Do you want to run a full yum update
update_packages: false
#If using repo_method: satellite, you must set these values as well.
# satellite_url: https://satellite.example.com
# satellite_org: Sat_org_name
# satellite_activationkey: "rhel7basic"

## guid is the deployment unique identifier, it will be appended to all tags,
## files and anything that identifies this environment from another "just like it"
guid: defaultguid
# This is where the ssh_config file will be created, this file is used to
# define the communication method to all the hosts in the deployment
deploy_local_ssh_config_location: "{{ANSIBLE_REPO_PATH}}/workdir"

install_bastion: true
install_common: true
software_to_deploy: none

repo_version: "3.5"

### If you want a Key Pair name created and injected into the hosts,
# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
# you can use the key used to create the environment or use your own self generated key
# if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}})
use_own_key: true
env_authorized_key: "{{guid}}key"
ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
set_env_authorized_key: true

# Is this running from Red Hat Ansible Tower
tower_run: false

### AWS EC2 Environment settings

### Route 53 Zone ID (AWS)
# This is the Route53 HostedZoneId where you will create your Public DNS entries
# This only needs to be defined if your CF template uses route53
HostedZoneId: Z3IHLWJZOU9SRT
# The region to be used, if not specified by -e in the command line
aws_region: ap-southeast-2
# The key that is used to
key_name: "default_key_name"

## Networking (AWS)
subdomain_base_short: "{{ guid }}"
subdomain_base_suffix: ".example.opentlc.com"
subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}"

## Environment Sizing

bastion_instance_type: "t2.medium"
ipa_instance_type: "t2.large"
support_instance_type: "t2.medium"

frontend_instance_type: "t2.small"
app_instance_type: "{{frontend_instance_type}}"
appdb_instance_type: "{{frontend_instance_type}}"

ipa_instance_count: 1

windows_instance_type: "t2.large"
windows_instance_count: 1
ipa_public_dns_chomped: "ipa1.{{subdomain_base}}"


###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT
###### You can, but you usually wouldn't need to.
ansible_ssh_user: ec2-user
remote_user: ec2-user

common_packages:
  - python
  - unzip
  - bash-completion
  - tmux
  - bind-utils
  - wget
  - git
  - vim-enhanced
  - at
  - ansible

rhel_repos:
  - rhel-7-server-rpms
  - rhel-7-server-extras-rpms
  - epel-release-latest-7
## Currently there is no NFS created for this Environment - See ocp-workshop for clues.
# ## NFS Server settings
# nfs_vg: nfsvg
# nfs_pvs: /dev/xvdb
# nfs_export_path: /srv/nfs
#
# nfs_shares:
#   - es-storage
#   - user-vols
#   - jenkins
#   - nexus
#   - nexus2

project_tag: "{{ env_type }}-{{ guid }}"
create_internal_dns_entries: true
zone_internal_dns: "{{guid}}.internal."
chomped_zone_internal_dns: "{{guid}}.internal"
zone_public_dns: "{{subdomain_base}}."
cloudapps_dns: '*.apps.{{subdomain_base}}.'
ipa_public_dns: "ipa1.{{subdomain_base}}."

bastion_public_dns: "bastion.{{subdomain_base}}."
bastion_public_dns_chomped: "bastion.{{subdomain_base}}"

activedirectory_public_dns: "windows1.{{subdomain_base}}."
activedirectory_public_dns_chomped: "windows1.{{subdomain_base}}"

vpcid_cidr_block: "192.168.0.0/16"
vpcid_name_tag: "{{subdomain_base}}"

az_1_name: "{{ aws_region }}a"
az_2_name: "{{ aws_region }}b"

subnet_private_1_cidr_block: "192.168.2.0/24"
subnet_private_1_az: "{{ az_2_name }}"
subnet_private_1_name_tag: "{{subdomain_base}}-private"

subnet_private_2_cidr_block: "192.168.1.0/24"
subnet_private_2_az: "{{ az_1_name }}"
subnet_private_2_name_tag: "{{subdomain_base}}-private"

subnet_public_1_cidr_block: "192.168.10.0/24"
subnet_public_1_az: "{{ az_1_name }}"
subnet_public_1_name_tag: "{{subdomain_base}}-public"

subnet_public_2_cidr_block: "192.168.20.0/24"
subnet_public_2_az: "{{ az_2_name }}"
subnet_public_2_name_tag: "{{subdomain_base}}-public"

dopt_domain_name: "{{ aws_region }}.compute.internal"

rtb_public_name_tag: "{{subdomain_base}}-public"
rtb_private_name_tag: "{{subdomain_base}}-private"


cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer "

 ansible/configs/auth-playground-lab/files/cloud_providers/ec2_cloud_template.archive.j2.json

New file
@@ -0,0 +1,600 @@
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": { },
  "Mappings": {
    "RegionMapping": {
      "us-east-1": {
        "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd"
      },
      "us-east-2": {
        "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938"
      },
      "us-west-1": {
        "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5"
      },
      "us-west-2": {
        "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944"
      },
      "eu-west-1": {
        "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214"
      },
      "eu-central-1": {
        "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec"
      },
      "ap-northeast-1": {
        "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4"
      },
      "ap-northeast-2": {
        "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267"
      },
      "ap-southeast-1": {
        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab"
      },
      "ap-southeast-2": {
        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925"
      },
      "sa-east-1": {
        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c"
      },
      "ap-south-1": {
        "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed"
      }
    },
    "DNSMapping": {
      "us-east-1": {
        "domain": "us-east-1.compute.internal"
      },
      "us-west-1": {
        "domain": "us-west-1.compute.internal"
      },
      "us-west-2": {
        "domain": "us-west-2.compute.internal"
      },
      "eu-west-1": {
        "domain": "eu-west-1.compute.internal"
      },
      "eu-central-1": {
        "domain": "eu-central-1.compute.internal"
      },
      "ap-northeast-1": {
        "domain": "ap-northeast-1.compute.internal"
      },
      "ap-northeast-2": {
        "domain": "ap-northeast-2.compute.internal"
      },
      "ap-southeast-1": {
        "domain": "ap-southeast-1.compute.internal"
      },
      "ap-southeast-2": {
        "domain": "ap-southeast-2.compute.internal"
      },
      "sa-east-1": {
        "domain": "sa-east-1.compute.internal"
      },
      "ap-south-1": {
        "domain": "ap-south-1.compute.internal"
      }
    }
  },
  "Resources": {
    "Vpc": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "192.199.0.0/16",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "true",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{vpcid_name_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ]
      }
    },
    "VpcInternetGateway": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {}
    },
    "VpcGA": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "InternetGatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VpcRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VPCRouteInternetGateway": {
      "DependsOn" : "VpcGA",
  "Type": "AWS::EC2::Route",
      "Properties": {
        "GatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        }
      }
    },
    "PublicSubnet": {
      "Type": "AWS::EC2::Subnet",
      "DependsOn": [
        "Vpc"
      ],
      "Properties": {
        "CidrBlock": "192.199.0.0/24",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ],
        "MapPublicIpOnLaunch": "true",
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "PublicSubnetRTA": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        },
        "SubnetId": {
          "Ref": "PublicSubnet"
        }
      }
    },
    "HostSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Host",
        "VpcId": {
          "Ref": "Vpc"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "host_sg"
          }
        ]
      }
    },
    "HostUDPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "udp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "HostTCPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "zoneinternalidns": {
      "Type": "AWS::Route53::HostedZone",
      "Properties": {
        "Name": "{{ zone_internal_dns }}",
        "VPCs" :  [{
      "VPCId": { "Ref" : "Vpc" },
      "VPCRegion": { "Ref": "AWS::Region" } } ],
        "HostedZoneConfig": {
          "Comment": "Created By ansible agnostic deployer"
        }
      }
    },
    "BastionDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "bastion.{{subdomain_base}}.",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "Bastion": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{bastion_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "bastion"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "bastions"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "bastion"
          },
          {
            "Key": "internaldns",
            "Value": "bastion.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ]
      }
    },
      "BastionEIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "Bastion" }
          }
      },
    "BastionInternalDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "bastion.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },

  {% for c in range(1,(ipa_instance_count|int)+1) %}
        "ipa{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{ipa_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "ipa{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "ipas"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "ipa"
              },
              {
                "Key": "internaldns",
                "Value": "ipa{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 20
                }
              }
            ]
          }

        },
      "ipa{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "ipa{{loop.index}}" }
          }
      },
        "ipa{{loop.index}}InternalDNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "ipa{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "ipa{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        "ipa{{loop.index}}PubliclDNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "DependsOn": [ "ipa{{loop.index}}EIP" ],
          "Properties": {
          "HostedZoneId" : "{{HostedZoneId}}",

            "RecordSets": [
              {
                "Name": "ipa{{loop.index}}.{{subdomain_base}}.",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "ipa{{loop.index}}",
                      "PublicIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
    {% for c in range(1,(windows_instance_count|int)+1) %}
    "windows{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "WIN2012R2AMI"
          ]
        },
        "InstanceType": "{{windows_instance_type}}",
        "KeyName": "{{key_name}}",
        "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
          "<powershell>\n",
          "$admin = [adsi]('WinNT://./administrator, user')\n",
          "$admin.PSBase.Invoke('SetPassword', '{{ windows_password | default(generated_windows_password) }}')\n",
          "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n",
          "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n",
          "</powershell>"
          ]]}},
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "windows{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "windowss"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "windows"
          },
          {
            "Key": "{{ project_tag }}_ostype",
            "Value": "windows"
          },
          {
            "Key": "internaldns",
            "Value": "windows{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 30
            }
          }
        ]
      }},
      "windows{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "windows{{loop.index}}" }
          }
      },
    "windows{{loop.index}}InternalDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "windows{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "windows{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "windows{{loop.index}}PubliclDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "windows{{loop.index}}EIP" ],
      "Properties": {
      "HostedZoneId" : "{{HostedZoneId}}",

        "RecordSets": [
          {
            "Name": "windows{{loop.index}}.{{subdomain_base}}.",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "windows{{loop.index}}",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    }
    {% endfor %}

  },
  "Outputs": {
    "Route53internalzoneOutput": {
      "Description": "The ID of the internal route 53 zone",
      "Value": {
        "Ref": "zoneinternalidns"
      }
    }
  }
}

 ansible/configs/auth-playground-lab/files/cloud_providers/ec2_cloud_template.archive.j2.json.json

New file
@@ -0,0 +1,599 @@
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": { },
  "Mappings": {
    "RegionMapping": {
      "us-east-1": {
        "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-c6e9d9bd"
      },
      "us-east-2": {
        "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-5d99b938"
      },
      "us-west-1": {
        "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-c52d07a5"
      },
      "us-west-2": {
        "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-3c4ba944"
      },
      "eu-west-1": {
        "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-6dd02214"
      },
      "eu-central-1": {
        "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-8306afec"
      },
      "ap-northeast-1": {
        "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-c229dfa4"
      },
      "ap-northeast-2": {
        "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-098a5267"
      },
      "ap-southeast-1": {
        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-c87c19ab"
      },
      "ap-southeast-2": {
        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-46f1e925"
      },
      "sa-east-1": {
        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-f0b4c59c"
      },
      "ap-south-1": {
        "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-82fe84ed"
      }
    },
    "DNSMapping": {
      "us-east-1": {
        "domain": "us-east-1.compute.internal"
      },
      "us-west-1": {
        "domain": "us-west-1.compute.internal"
      },
      "us-west-2": {
        "domain": "us-west-2.compute.internal"
      },
      "eu-west-1": {
        "domain": "eu-west-1.compute.internal"
      },
      "eu-central-1": {
        "domain": "eu-central-1.compute.internal"
      },
      "ap-northeast-1": {
        "domain": "ap-northeast-1.compute.internal"
      },
      "ap-northeast-2": {
        "domain": "ap-northeast-2.compute.internal"
      },
      "ap-southeast-1": {
        "domain": "ap-southeast-1.compute.internal"
      },
      "ap-southeast-2": {
        "domain": "ap-southeast-2.compute.internal"
      },
      "sa-east-1": {
        "domain": "sa-east-1.compute.internal"
      },
      "ap-south-1": {
        "domain": "ap-south-1.compute.internal"
      }
    }
  },
  "Resources": {
    "Vpc": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "192.199.0.0/16",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "true",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{vpcid_name_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ]
      }},
    "VpcInternetGateway": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {}
    },
    "VpcGA": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "InternetGatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VpcRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VPCRouteInternetGateway": {
      "DependsOn" : "VpcGA",
      "Type": "AWS::EC2::Route",
      "Properties": {
        "GatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        }
      }
    },
    "PublicSubnet": {
      "Type": "AWS::EC2::Subnet",
      "DependsOn": [
        "Vpc"
      ],
      "Properties": {
        "CidrBlock": "192.199.0.0/24",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ],
        "MapPublicIpOnLaunch": "true",
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "PublicSubnetRTA": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        },
        "SubnetId": {
          "Ref": "PublicSubnet"
        }
      }
    },
    "HostSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Host",
        "VpcId": {
          "Ref": "Vpc"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "host_sg"
          }
        ]
      }
    },
    "HostUDPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "udp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "HostTCPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "zoneinternalidns": {
      "Type": "AWS::Route53::HostedZone",
      "Properties": {
        "Name": "{{ zone_internal_dns }}",
        "VPCs" :  [{
      "VPCId": { "Ref" : "Vpc" },
      "VPCRegion": { "Ref": "AWS::Region" } } ],
        "HostedZoneConfig": {
          "Comment": "Created By ansible agnostic deployer"
        }
      }
    },
    "BastionDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "bastion.{{subdomain_base}}.",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "Bastion": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{bastion_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "bastion"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "bastions"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "bastion"
          },
          {
            "Key": "internaldns",
            "Value": "bastion.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ]
      }
    },
      "BastionEIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "Bastion" }
          }
      },
    "BastionInternalDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "bastion.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },

  {% for c in range(1,(ipa_instance_count|int)+1) %}
        "ipa{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{ipa_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "ipa{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "ipas"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "ipa"
              },
              {
                "Key": "internaldns",
                "Value": "ipa{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 20
                }
              }
            ]
          }

        },
      "ipa{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "ipa{{loop.index}}" }
          }
      },
        "ipa{{loop.index}}InternalDNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "ipa{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "ipa{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        "ipa{{loop.index}}PubliclDNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "DependsOn": [ "ipa{{loop.index}}EIP" ],
          "Properties": {
          "HostedZoneId" : "{{HostedZoneId}}",

            "RecordSets": [
              {
                "Name": "ipa{{loop.index}}.{{subdomain_base}}.",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "ipa{{loop.index}}",
                      "PublicIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
    {% for c in range(1,(windows_instance_count|int)+1) %}
    "windows{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "WIN2012R2AMI"
          ]
        },
        "InstanceType": "{{windows_instance_type}}",
        "KeyName": "{{key_name}}",
        "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
          "<powershell>\n",
          "$admin = [adsi]('WinNT://./administrator, user')\n",
          "$admin.PSBase.Invoke('SetPassword', '{{ windows_password | default(generated_windows_password) }}')\n",
          "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n",
          "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n",
          "</powershell>"
          ]]}},
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "windows{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "windowss"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "windows"
          },
          {
            "Key": "{{ project_tag }}_ostype",
            "Value": "windows"
          },
          {
            "Key": "internaldns",
            "Value": "windows{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 30
            }
          }
        ]
      }},
      "windows{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "windows{{loop.index}}" }
          }
      },
    "windows{{loop.index}}InternalDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "windows{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "windows{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "windows{{loop.index}}PubliclDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "windows{{loop.index}}EIP" ],
      "Properties": {
      "HostedZoneId" : "{{HostedZoneId}}",

        "RecordSets": [
          {
            "Name": "windows{{loop.index}}.{{subdomain_base}}.",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "windows{{loop.index}}",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    }
    {% endfor %}

  },
  "Outputs": {
    "Route53internalzoneOutput": {
      "Description": "The ID of the internal route 53 zone",
      "Value": {
        "Ref": "zoneinternalidns"
      }
    }
  }
}

 ansible/configs/auth-playground-lab/files/cloud_providers/ec2_cloud_template.j2

New file
@@ -0,0 +1,389 @@
AWSTemplateFormatVersion: "2010-09-09"
Mappings:
 RegionMapping:
  "us-east-1":
   RHELAMI: "ami-b63769a1"
   WIN2012R2AMI: "ami-c6e9d9bd"
  "us-east-2":
   RHELAMI: "ami-0932686c"
   WIN2012R2AMI: "ami-5d99b938"
  "us-west-1":
   RHELAMI: "ami-2cade64c"
   WIN2012R2AMI: "ami-c52d07a5"
  "us-west-2":
   RHELAMI: "ami-6f68cf0f"
   WIN2012R2AMI: "ami-3c4ba944"
  "eu-west-1":
   RHELAMI: "ami-02ace471"
   WIN2012R2AMI: "ami-6dd02214"
  "eu-central-1":
   RHELAMI: "ami-e4c63e8b"
   WIN2012R2AMI: "ami-8306afec"
  "ap-northeast-1":
   RHELAMI: "ami-5de0433c"
   WIN2012R2AMI: "ami-c229dfa4"
  "ap-northeast-2":
   RHELAMI: "ami-44db152a"
   WIN2012R2AMI: "ami-098a5267"
  "ap-southeast-1":
   RHELAMI: "ami-2c95344f"
   WIN2012R2AMI: "ami-c87c19ab"
  "ap-southeast-2":
   RHELAMI: "ami-39ac915a"
   WIN2012R2AMI: "ami-46f1e925"
  "sa-east-1":
   RHELAMI: "ami-7de77b11"
   WIN2012R2AMI: "ami-f0b4c59c"
  "ap-south-1":
   RHELAMI: "ami-cdbdd7a2"
   WIN2012R2AMI: "ami-82fe84ed"
 DNSMapping:
  "us-east-1":
   domain: "us-east-1.compute.internal"
  "us-west-1":
   domain: "us-west-1.compute.internal"
  "us-west-2":
   domain: "us-west-2.compute.internal"
  "eu-west-1":
   domain: "eu-west-1.compute.internal"
  "eu-central-1":
   domain: "eu-central-1.compute.internal"
  "ap-northeast-1":
   domain: "ap-northeast-1.compute.internal"
  "ap-northeast-2":
   domain: "ap-northeast-2.compute.internal"
  "ap-southeast-1":
   domain: "ap-southeast-1.compute.internal"
  "ap-southeast-2":
   domain: "ap-southeast-2.compute.internal"
  "sa-east-1":
   domain: "sa-east-1.compute.internal"
  "ap-south-1":
   domain: "ap-south-1.compute.internal"
Resources:
 Vpc:
  Type: "AWS::EC2::VPC"
  Properties:
   CidrBlock: "192.199.0.0/16"
   EnableDnsSupport: true
   EnableDnsHostnames: true
   Tags:
    - Key: Name
      Value: "{{vpcid_name_tag}}"
    - Key: Hostlication
      Value:
        Ref: "AWS::StackId"
 VpcInternetGateway:
  Type: "AWS::EC2::InternetGateway"
 VpcGA:
  Type: "AWS::EC2::VPCGatewayAttachment"
  Properties:
   InternetGatewayId:
    Ref: VpcInternetGateway
   VpcId:
    Ref: Vpc
 VpcRouteTable:
  Type: "AWS::EC2::RouteTable"
  Properties:
   VpcId:
    Ref: Vpc
 VPCRouteInternetGateway:
  DependsOn: VpcGA
  Type: "AWS::EC2::Route"
  Properties:
   GatewayId:
    Ref: VpcInternetGateway
   DestinationCidrBlock: "0.0.0.0/0"
   RouteTableId:
    Ref: VpcRouteTable
 PublicSubnet:
  Type: "AWS::EC2::Subnet"
  DependsOn:
   - Vpc
  Properties:
   CidrBlock: "192.199.0.0/24"
   Tags:
    - Key: Name
      Value: "{{project_tag}}"
    - Key: Hostlication
      Value:
        Ref: "AWS::StackId"
   MapPublicIpOnLaunch: true
   VpcId:
    Ref: Vpc
 PublicSubnetRTA:
  Type: "AWS::EC2::SubnetRouteTableAssociation"
  Properties:
   RouteTableId:
    Ref: VpcRouteTable
   SubnetId:
    Ref: PublicSubnet
 HostSG:
  Type: "AWS::EC2::SecurityGroup"
  Properties:
   GroupDescription: Host
   VpcId:
    Ref: Vpc
   Tags:
    - Key: Name
      Value: host_sg
 HostUDPPorts:
  Type: "AWS::EC2::SecurityGroupIngress"
  Properties:
   GroupId:
    "Fn::GetAtt":
     - HostSG
     - GroupId
   IpProtocol: udp
   FromPort: 0
   ToPort: 65535
   CidrIp: "0.0.0.0/0"
 HostTCPPorts:
  Type: "AWS::EC2::SecurityGroupIngress"
  Properties:
   GroupId:
    "Fn::GetAtt":
     - HostSG
     - GroupId
   IpProtocol: tcp
   FromPort: 0
   ToPort: 65535
   CidrIp: "0.0.0.0/0"
 zoneinternalidns:
  Type: "AWS::Route53::HostedZone"
  Properties:
   Name: "{{ zone_internal_dns }}"
   VPCs:
    - VPCId:
        Ref: Vpc
      VPCRegion:
        Ref: "AWS::Region"
   HostedZoneConfig:
    Comment: "Created By ansible agnostic deployer"
 BastionDNS:
  Type: "AWS::Route53::RecordSetGroup"
  DependsOn:
   - BastionEIP
  Properties:
   HostedZoneId: "{{HostedZoneId}}"
   RecordSets:
    - Name: "bastion.{{subdomain_base}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - Bastion
        - PublicIp
 Bastion:
  Type: "AWS::EC2::Instance"
  Properties:
   ImageId:
    "Fn::FindInMap":
     - RegionMapping
     - Ref: "AWS::Region"
     - RHELAMI
   InstanceType: "{{bastion_instance_type}}"
   KeyName: "{{key_name}}"
   SecurityGroupIds:
    - "Fn::GetAtt":
      - HostSG
      - GroupId
   SubnetId:
    Ref: PublicSubnet
   Tags:
    - Key: Name
      Value: bastion
    - Key: AnsibleGroup
      Value: bastions
    - Key: Project
      Value: "{{project_tag}}"
    - Key: "{{project_tag}}"
      Value: bastion
    - Key: internaldns
      Value: "bastion.{{chomped_zone_internal_dns}}"
    - Key: owner
      Value: "{{ email | default('unknown')}}"
 BastionEIP:
  Type: "AWS::EC2::EIP"
  DependsOn:
   - VpcGA
  Properties:
   InstanceId:
    Ref: Bastion
 BastionInternalDNS:
  Type: "AWS::Route53::RecordSetGroup"
  Properties:
   HostedZoneId:
    Ref: zoneinternalidns
   RecordSets:
    - Name: "bastion.{{zone_internal_dns}}"
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - Bastion
        - PrivateIp

{% for c in range(1,(ipa_instance_count|int)+1) %}
 ipa{{loop.index}}:
  Type: "AWS::EC2::Instance"
  Properties:
   ImageId:
    "Fn::FindInMap":
     - RegionMapping
     - Ref: "AWS::Region"
     - RHELAMI
   InstanceType: "{{ipa_instance_type}}"
   KeyName: "{{key_name}}"
   SecurityGroupIds:
    - "Fn::GetAtt":
      - HostSG
      - GroupId
   SubnetId:
    Ref: PublicSubnet
   Tags:
    - Key: Name
      Value: ipa{{loop.index}}
    - Key: AnsibleGroup
      Value: ipas
    - Key: Project
      Value: "{{project_tag}}"
    - Key: "{{project_tag}}"
      Value: ipa
    - Key: internaldns
      Value: "ipa{{loop.index}}.{{chomped_zone_internal_dns}}"
    - Key: owner
      Value: "{{ email | default('unknown')}}"
   BlockDeviceMappings:
    - DeviceName: "/dev/sda1"
      Ebs:
        VolumeSize: 50
    - DeviceName: "/dev/xvdb"
      Ebs:
        VolumeType: gp2
        VolumeSize: 20
 ipa{{loop.index}}EIP:
  Type: "AWS::EC2::EIP"
  DependsOn:
   - VpcGA
  Properties:
   InstanceId:
    Ref: ipa{{loop.index}}
 ipa{{loop.index}}InternalDNS:
  Type: "AWS::Route53::RecordSetGroup"
  Properties:
   HostedZoneId:
    Ref: zoneinternalidns
   RecordSets:
    - Name: "ipa{{loop.index}}.{{zone_internal_dns}}"
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - ipa{{loop.index}}
        - PrivateIp
 ipa{{loop.index}}PubliclDNS:
  Type: "AWS::Route53::RecordSetGroup"
  DependsOn:
   - ipa{{loop.index}}EIP
  Properties:
   HostedZoneId: {{HostedZoneId}}
   RecordSets:
    - Name: "ipa{{loop.index}}.{{subdomain_base}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - ipa{{loop.index}}
        - PublicIp
{% endfor %}
{% for c in range(1,(windows_instance_count|int)+1) %}
 windows{{loop.index}}:
  Type: "AWS::EC2::Instance"
  Properties:
   ImageId:
    "Fn::FindInMap":
     - RegionMapping
     - Ref: "AWS::Region"
     - WIN2012R2AMI
   InstanceType: "{{windows_instance_type}}"
   KeyName: "{{key_name}}"
   UserData:
    "Fn::Base64":
     "Fn::Join":
       - ""
       - - "<powershell>\n"
         - "$admin = [adsi]('WinNT://./administrator, user')\n"
         - "$admin.PSBase.Invoke('SetPassword', 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==')\n"
         - "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n"
         - "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n"
         - "</powershell>"
   SecurityGroupIds:
    - "Fn::GetAtt":
      - HostSG
      - GroupId
   SubnetId:
    Ref: PublicSubnet
   Tags:
    - Key: Name
      Value: windows{{loop.index}}
    - Key: AnsibleGroup
      Value: windowss
    - Key: Project
      Value: "{{project_tag}}"
    - Key: "{{project_tag}}"
      Value: windows
    - Key: "{{project_tag}}_ostype"
      Value: windows
    - Key: internaldns
      Value: "windows{{loop.index}}.{{chomped_zone_internal_dns}}"
    - Key: owner
      Value: "{{ email | default('unknown')}}"
   BlockDeviceMappings:
    - DeviceName: "/dev/sda1"
      Ebs:
        VolumeSize: 50
    - DeviceName: "/dev/xvdb"
      Ebs:
        VolumeType: gp2
        VolumeSize: 30
 windows{{loop.index}}EIP:
  Type: "AWS::EC2::EIP"
  DependsOn:
   - VpcGA
  Properties:
   InstanceId:
    Ref: windows{{loop.index}}
 windows{{loop.index}}InternalDNS:
  Type: "AWS::Route53::RecordSetGroup"
  Properties:
   HostedZoneId:
    Ref: zoneinternalidns
   RecordSets:
    - Name: "windows{{loop.index}}.{{chomped_zone_internal_dns}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - windows{{loop.index}}
        - PrivateIp
 windows{{loop.index}}PubliclDNS:
  Type: "AWS::Route53::RecordSetGroup"
  DependsOn:
   - windows{{loop.index}}EIP
  Properties:
   HostedZoneId: {{HostedZoneId}}
   RecordSets:
    - Name: "windows{{loop.index}}.{{subdomain_base}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - windows{{loop.index}}
        - PublicIp
{% endfor %}
Outputs:
 Route53internalzoneOutput:
  Description: "The ID of the internal route 53 zone"
  Value:
   Ref: zoneinternalidns

 ansible/configs/auth-playground-lab/files/cloud_providers/ec2_cloud_template.new.j2.yaml

New file
@@ -0,0 +1,391 @@
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
Mappings:
 RegionMapping:
  "us-east-1":
   RHELAMI: "ami-b63769a1"
   WIN2012R2AMI: "ami-c6e9d9bd"
  "us-east-2":
   RHELAMI: "ami-0932686c"
   WIN2012R2AMI: "ami-5d99b938"
  "us-west-1":
   RHELAMI: "ami-2cade64c"
   WIN2012R2AMI: "ami-c52d07a5"
  "us-west-2":
   RHELAMI: "ami-6f68cf0f"
   WIN2012R2AMI: "ami-3c4ba944"
  "eu-west-1":
   RHELAMI: "ami-02ace471"
   WIN2012R2AMI: "ami-6dd02214"
  "eu-central-1":
   RHELAMI: "ami-e4c63e8b"
   WIN2012R2AMI: "ami-8306afec"
  "ap-northeast-1":
   RHELAMI: "ami-5de0433c"
   WIN2012R2AMI: "ami-c229dfa4"
  "ap-northeast-2":
   RHELAMI: "ami-44db152a"
   WIN2012R2AMI: "ami-098a5267"
  "ap-southeast-1":
   RHELAMI: "ami-2c95344f"
   WIN2012R2AMI: "ami-c87c19ab"
  "ap-southeast-2":
   RHELAMI: "ami-39ac915a"
   WIN2012R2AMI: "ami-46f1e925"
  "sa-east-1":
   RHELAMI: "ami-7de77b11"
   WIN2012R2AMI: "ami-f0b4c59c"
  "ap-south-1":
   RHELAMI: "ami-cdbdd7a2"
   WIN2012R2AMI: "ami-82fe84ed"
 DNSMapping:
  "us-east-1":
   domain: "us-east-1.compute.internal"
  "us-west-1":
   domain: "us-west-1.compute.internal"
  "us-west-2":
   domain: "us-west-2.compute.internal"
  "eu-west-1":
   domain: "eu-west-1.compute.internal"
  "eu-central-1":
   domain: "eu-central-1.compute.internal"
  "ap-northeast-1":
   domain: "ap-northeast-1.compute.internal"
  "ap-northeast-2":
   domain: "ap-northeast-2.compute.internal"
  "ap-southeast-1":
   domain: "ap-southeast-1.compute.internal"
  "ap-southeast-2":
   domain: "ap-southeast-2.compute.internal"
  "sa-east-1":
   domain: "sa-east-1.compute.internal"
  "ap-south-1":
   domain: "ap-south-1.compute.internal"
Resources:
 Vpc:
  Type: "AWS::EC2::VPC"
  Properties:
   CidrBlock: "192.199.0.0/16"
   EnableDnsSupport: true
   EnableDnsHostnames: true
   Tags:
    - Key: Name
      Value: "{{vpcid_name_tag}}"
    - Key: Hostlication
      Value:
        Ref: "AWS::StackId"
 VpcInternetGateway:
  Type: "AWS::EC2::InternetGateway"
  Properties:
 VpcGA:
  Type: "AWS::EC2::VPCGatewayAttachment"
  Properties:
   InternetGatewayId:
    Ref: VpcInternetGateway
   VpcId:
    Ref: Vpc
 VpcRouteTable:
  Type: "AWS::EC2::RouteTable"
  Properties:
   VpcId:
    Ref: Vpc
 VPCRouteInternetGateway:
  DependsOn: VpcGA
  Type: "AWS::EC2::Route"
  Properties:
   GatewayId:
    Ref: VpcInternetGateway
   DestinationCidrBlock: "0.0.0.0/0"
   RouteTableId:
    Ref: VpcRouteTable
 PublicSubnet:
  Type: "AWS::EC2::Subnet"
  DependsOn:
   - Vpc
  Properties:
   CidrBlock: "192.199.0.0/24"
   Tags:
    - Key: Name
      Value: "{{project_tag}}"
    - Key: Hostlication
      Value:
        Ref: "AWS::StackId"
   MapPublicIpOnLaunch: true
   VpcId:
    Ref: Vpc
 PublicSubnetRTA:
  Type: "AWS::EC2::SubnetRouteTableAssociation"
  Properties:
   RouteTableId:
    Ref: VpcRouteTable
   SubnetId:
    Ref: PublicSubnet
 HostSG:
  Type: "AWS::EC2::SecurityGroup"
  Properties:
   GroupDescription: Host
   VpcId:
    Ref: Vpc
   Tags:
    - Key: Name
      Value: host_sg
 HostUDPPorts:
  Type: "AWS::EC2::SecurityGroupIngress"
  Properties:
   GroupId:
    "Fn::GetAtt":
     - HostSG
     - GroupId
   IpProtocol: udp
   FromPort: 0
   ToPort: 65535
   CidrIp: "0.0.0.0/0"
 HostTCPPorts:
  Type: "AWS::EC2::SecurityGroupIngress"
  Properties:
   GroupId:
    "Fn::GetAtt":
     - HostSG
     - GroupId
   IpProtocol: tcp
   FromPort: 0
   ToPort: 65535
   CidrIp: "0.0.0.0/0"
 zoneinternalidns:
  Type: "AWS::Route53::HostedZone"
  Properties:
   Name: "{{ zone_internal_dns }}"
   VPCs:
    - VPCId:
        Ref: Vpc
      VPCRegion:
        Ref: "AWS::Region"
   HostedZoneConfig:
    Comment: "Created By ansible agnostic deployer"
 BastionDNS:
  Type: "AWS::Route53::RecordSetGroup"
  DependsOn:
   - BastionEIP
  Properties:
   HostedZoneId: "{{HostedZoneId}}"
   RecordSets:
    - Name: "bastion.{{subdomain_base}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - Bastion
        - PublicIp
 Bastion:
  Type: "AWS::EC2::Instance"
  Properties:
   ImageId:
    "Fn::FindInMap":
     - RegionMapping
     - Ref: "AWS::Region"
     - RHELAMI
   InstanceType: "{{bastion_instance_type}}"
   KeyName: "{{key_name}}"
   SecurityGroupIds:
    - "Fn::GetAtt":
      - HostSG
      - GroupId
   SubnetId:
    Ref: PublicSubnet
   Tags:
    - Key: Name
      Value: bastion
    - Key: AnsibleGroup
      Value: bastions
    - Key: Project
      Value: "{{project_tag}}"
    - Key: "{{project_tag}}"
      Value: bastion
    - Key: internaldns
      Value: "bastion.{{chomped_zone_internal_dns}}"
    - Key: owner
      Value: "{{ email | default('unknown')}}"
 BastionEIP:
  Type: "AWS::EC2::EIP"
  DependsOn:
   - VpcGA
  Properties:
   InstanceId:
    Ref: Bastion
 BastionInternalDNS:
  Type: "AWS::Route53::RecordSetGroup"
  Properties:
   HostedZoneId:
    Ref: zoneinternalidns
   RecordSets:
    - Name: "bastion.{{zone_internal_dns}}"
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - Bastion
        - PrivateIp

{% for c in range(1,(ipa_instance_count|int)+1) %}
 ipa{{loop.index}}:
  Type: "AWS::EC2::Instance"
  Properties:
   ImageId:
    "Fn::FindInMap":
     - RegionMapping
     - Ref: "AWS::Region"
     - RHELAMI
   InstanceType: "{{ipa_instance_type}}"
   KeyName: "{{key_name}}"
   SecurityGroupIds:
    - "Fn::GetAtt":
      - HostSG
      - GroupId
   SubnetId:
    Ref: PublicSubnet
   Tags:
    - Key: Name
      Value: ipa{{loop.index}}
    - Key: AnsibleGroup
      Value: ipas
    - Key: Project
      Value: "{{project_tag}}"
    - Key: "{{project_tag}}"
      Value: ipa
    - Key: internaldns
      Value: "ipa{{loop.index}}.{{chomped_zone_internal_dns}}"
    - Key: owner
      Value: "{{ email | default('unknown')}}"
   BlockDeviceMappings:
    - DeviceName: "/dev/sda1"
      Ebs:
        VolumeSize: 50
    - DeviceName: "/dev/xvdb"
      Ebs:
        VolumeType: gp2
        VolumeSize: 20
 ipa{{loop.index}}EIP:
  Type: "AWS::EC2::EIP"
  DependsOn:
   - VpcGA
  Properties:
   InstanceId:
    Ref: ipa{{loop.index}}
 ipa{{loop.index}}InternalDNS:
  Type: "AWS::Route53::RecordSetGroup"
  Properties:
   HostedZoneId:
    Ref: zoneinternalidns
   RecordSets:
    - Name: "ipa{{loop.index}}.{{zone_internal_dns}}"
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - ipa{{loop.index}}
        - PrivateIp
 ipa{{loop.index}}PubliclDNS:
  Type: "AWS::Route53::RecordSetGroup"
  DependsOn:
   - ipa{{loop.index}}EIP
  Properties:
   HostedZoneId: {{HostedZoneId}}
   RecordSets:
    - Name: "ipa{{loop.index}}.{{subdomain_base}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - ipa{{loop.index}}
        - PublicIp
{% endfor %}
{% for c in range(1,(windows_instance_count|int)+1) %}
 windows{{loop.index}}:
  Type: "AWS::EC2::Instance"
  Properties:
   ImageId:
    "Fn::FindInMap":
     - RegionMapping
     - Ref: "AWS::Region"
     - WIN2012R2AMI
   InstanceType: "{{windows_instance_type}}"
   KeyName: "{{key_name}}"
   UserData:
    "Fn::Base64":
     "Fn::Join":
       - ""
       - "<powershell>\n"
       - "$admin = [adsi]('WinNT://./administrator, user')\n"
       - "$admin.PSBase.Invoke('SetPassword', 'jVMijRwLbI02gFCo2xkjlZ9lxEA7bm7zgg==')\n"
       - "$scriptPath=((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))\n"
       - "Invoke-Command -ScriptBlock ([scriptblock]::Create($scriptPath)) -ArgumentList '-skipNetworkProfileCheck'\n"
       - "</powershell>"
   SecurityGroupIds:
    - "Fn::GetAtt":
      - HostSG
      - GroupId
   SubnetId:
    Ref: PublicSubnet
   Tags:
    - Key: Name
      Value: windows{{loop.index}}
    - Key: AnsibleGroup
      Value: windowss
    - Key: Project
      Value: "{{project_tag}}"
    - Key: "{{project_tag}}"
      Value: windows
    - Key: "{{project_tag}}_ostype"
      Value: windows
    - Key: internaldns
      Value: "windows{{loop.index}}.{{chomped_zone_internal_dns}}"
    - Key: owner
      Value: "{{ email | default('unknown')}}"
   BlockDeviceMappings:
    - DeviceName: "/dev/sda1"
      Ebs:
        VolumeSize: 50
    - DeviceName: "/dev/xvdb"
      Ebs:
        VolumeType: gp2
        VolumeSize: 30
 windows{{loop.index}}EIP:
  Type: "AWS::EC2::EIP"
  DependsOn:
   - VpcGA
  Properties:
   InstanceId:
    Ref: windows{{loop.index}}
 windows{{loop.index}}InternalDNS:
  Type: "AWS::Route53::RecordSetGroup"
  Properties:
   HostedZoneId:
    Ref: zoneinternalidns
   RecordSets:
    - Name: "windows{{loop.index}}.{{chomped_zone_internal_dns}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - windows{{loop.index}}
        - PrivateIp
 windows{{loop.index}}PubliclDNS:
  Type: "AWS::Route53::RecordSetGroup"
  DependsOn:
   - windows{{loop.index}}EIP
  Properties:
   HostedZoneId: {{HostedZoneId}}
   RecordSets:
    - Name: "windows{{loop.index}}.{{subdomain_base}}."
      Type: A
      TTL: 10
      ResourceRecords:
      - "Fn::GetAtt":
        - windows{{loop.index}}
        - PublicIp
{% endfor %}
Outputs:
 Route53internalzoneOutput:
  Description: "The ID of the internal route 53 zone"
  Value:
   Ref: zoneinternalidns

 ansible/configs/auth-playground-lab/files/hosts_template.j2

New file
@@ -0,0 +1,38 @@
[GenericExample:vars]

###########################################################################
### Ansible Vars
###########################################################################
timeout=60
ansible_become=yes
ansible_ssh_user={{remote_user}}


[GenericExample:children]
ipas
windows



[ipas]
## These are the ipas
{% for host in groups['ipas'] %}
ipa{{loop.index}}.{{chomped_zone_internal_dns}} public_host_name=ipa{{loop.index}}.{{ guid }}{{subdomain_base_suffix}} ssh_host={{host}}
{% endfor %}

[windows]
## These are the windows servers
{% for host in groups['windows'] %}
windows{{loop.index}}.{{chomped_zone_internal_dns}} ssh_host={{host}} ansible_password={{hostvars[host]['ansible_password']}}
{% endfor %}


[windows:vars]
ansible_connection=winrm
ansible_port=5986
ansible_ssh_port=5986
ansible_user=Administrator
ansible_ssh_user=Administrator
ansible_winrm_server_cert_validation=ignore
ansible_winrm_transport=basic
ansible_become=false

 ansible/configs/auth-playground-lab/files/opentlc-sample-config.sh.j2

New file
@@ -0,0 +1,93 @@
#!/bin/bash

DOMAIN="{{ipa_domain}}"
REALM=$(echo $DOMAIN | tr [a-z] [A-Z])
IPADDR=`curl  www.opentlc.com/getip`

ipa pwpolicy-mod global_policy --maxlife=20000

echo -e "Creating user groups...\n"
echo -e r3dh4t1! | kinit admin
ipa group-add ocp-users --desc="Users with OpenShift access"
ipa group-add portalapp --desc="Developers in the Portal App Project"
ipa group-add paymentapp --desc="Developers in the Payment App Project"
ipa group-add ocp-production --desc="Administrators and Operations team, have access to modify projects in production"
ipa group-add ocp-platform --desc="Users with full cluster administration control"


yum install -y expect
echo -e "Creating users...\n"
for user in andrew marina karla david portal1 portal2 payment1 payment2 prod1 prod2 platform1 platform2 admin1 admin2
do
  kdestroy
  echo -e r3dh4t1! | kinit admin
  userpw=$(ipa user-add --first=$user --last=OCPUser \
  --displayname="OpenShift User $user" --random $user | grep \
  -i password | awk ' {print $3}')
  newpw='r3dh4t1!'
  # add user to ocp group
  ipa group-add-member ocp-users --users=$user
  kdestroy
  expect -c '
    spawn kinit '"$user"'
    expect {
      -re ".*COM:" {
        send "'"$userpw"'\r"
        exp_continue
      }
      -re ".*password:" {
        send "'"$newpw"'\r"
        exp_continue
      }
      -re ".*again:" {
        send "'"$newpw"'\r"
      }
    }
  expect eof '
done

kdestroy
echo -e r3dh4t1! | kinit admin
echo -e "Putting users in their appropriate group(s)...\n"
ipa group-add-member portalapp --users andrew
ipa group-add-member portalapp --users portal1
ipa group-add-member portalapp --users portal2
ipa group-add-member paymentapp --users marina
ipa group-add-member paymentapp --users payment1
ipa group-add-member paymentapp --users payment2
ipa group-add-member ocp-production --users karla
ipa group-add-member ocp-production --users prod1
ipa group-add-member ocp-production --users prod2
ipa group-add-member ocp-production --users karla
ipa group-add-member ocp-platform --users david
ipa group-add-member ocp-platform --users admin1
ipa group-add-member ocp-platform --users admin2



#.LDAP groups
#* "ocp-users" group - All users who have access to OpenShift
#* "portalapp" group - Developers in the "Portal App" Project
#* "paymentapp" group - Developers in the "Payment App" Project
#* "ocp-production" group - Administrators and Operations team, have access to modify projects in production
#* "ocp-platform" group - users with full cluster administration control
#+
#NOTE: Users and Groups are already created in our IPA (idm.example.com) host.
#
#.LDAP users
#* *Andrew*, portal1 and portal2 are Developers in the "Portal App" team.
#* *Marina*, payment1 and payment2 are Developers in the "Payment App" team.
#* *Karla*, prod1 and prod2 are Operations administrators in the "Portal App" and "Payment App" teams.
#* *David*, admin1 and admin2 are members of the "ocp-platform" group with full cluster administration control.
#+
#NOTE: All user passwords are "r3dh4t1!"
#
#.Projects
#* The "Portal App" Application uses the following projects:
#- "portalapp-dev" - Access granted to "portalapp" group
#- "portalapp-test" - Access granted to "portalapp" group
#- "portalapp-prod" - Access granted to "ocp-production" group
#* The "Payment App" Application uses the following projects:
#- "paymentapp-dev" - Access granted to "portalapp" group
#- "paymentapp-test" - Access granted to "portalapp" group
#- "paymentapp-prod" - Access granted to "ocp-production" group

 ansible/configs/auth-playground-lab/files/repos_template.j2

New file
@@ -0,0 +1,32 @@
[rhel-7-server-rpms]
name=Red Hat Enterprise Linux 7
baseurl={{own_repo_path}}/rhel-7-server-rpms
enabled=1
gpgcheck=0

[rhel-7-server-rh-common-rpms]
name=Red Hat Enterprise Linux 7 Common
baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms
enabled=1
gpgcheck=0

[rhel-7-server-extras-rpms]
name=Red Hat Enterprise Linux 7 Extras
baseurl={{own_repo_path}}/rhel-7-server-extras-rpms
enabled=1
gpgcheck=0

[rhel-7-server-optional-rpms]
name=Red Hat Enterprise Linux 7 Optional
baseurl={{own_repo_path}}/rhel-7-server-optional-rpms
enabled=1
gpgcheck=0

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

 ansible/configs/auth-playground-lab/post_infra.yml

New file
@@ -0,0 +1,28 @@
- name: Step 002 Post Infrastructure
  hosts: localhost
  connection: local
  become: false
  vars_files:
    - "./env_vars.yml"
    - "./env_secret_vars.yml"
  tags:
    - step002
    - post_infrastructure
  tasks:

    - name: Job Template to launch a Job Template with update on launch inventory set
      uri:
        url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/"
        method: POST
        user: "{{tower_admin}}"
        password: "{{tower_admin_password}}"
        body:
          extra_vars:
            guid: "{{guid}}"
            ipa_host_password: "{{ipa_host_password}}"

        body_format: json
        validate_certs: False
        HEADER_Content-Type: "application/json"
        status_code: 200, 201
      when: tower_run == 'true'

 ansible/configs/auth-playground-lab/post_software.yml

New file
@@ -0,0 +1,77 @@
- name: Step 00xxxxx post software
  hosts: support
  gather_facts: False
  become: yes
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
  tasks:
    - debug:
        msg: "Post-Software tasks Started"


- name: Install IPA role on server
  hosts: ipas
  gather_facts: False
  become: yes
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  run_once: true
  roles:
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/ipa-server", configure_firewalld: "false" }
  tags:
    - ipa_server_tasks
    - install_ipa


- name: Step005 sample opentlc users
  hosts: ipas
  gather_facts: False
  become: yes
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
  tasks:
    - name: generate ipa sample user script
      template:
        src: "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/files/opentlc-sample-config.sh.j2"
        dest: "/root/opentlc-sample-config.sh"
    - name: Create opentlc sample users
      shell: "bash /root/opentlc-sample-config.sh"

- name: Configure windows AD on first windows machine
  hosts:
    - windows[0]
  gather_facts: False
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  tags:
    - step004
    - common_tasks
    - windows_tasks
  roles:
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/windows-ad", when: install_win_ad | bool }
  tasks:
    - name: Reboot upon promotion
      win_reboot:
      when: install_win_ad | bool

    - name: Wait for connection
      wait_for_connection:
      when: install_win_ad | bool

- name: PostSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - post_flight_check
  tasks:
    - debug:
        msg: "Post-Software checks completed successfully"

 ansible/configs/auth-playground-lab/pre_infra.yml

New file
@@ -0,0 +1,47 @@
- name: Step 000 Pre Infrastructure
  hosts: localhost
  connection: local
  become: false
  vars_files:
    - "./env_vars.yml"
    - "./env_secret_vars.yml"
  tags:
    - step001
    - pre_infrastructure
  tasks:
    - name: if windows_password is not defined, generate one
      when: windows_password is not defined
      block:
      - name: Stat workdir/[...]_windows_password.txt file
        stat:
          path: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{guid}}_windows_password.txt"
        register: passwordfile
# This task needs to be "ansibled", we cannot assume tr exists
# This also doesn't work on MAC, that does have tr.
      - name: Generate windows Administrator password if not already defined
        command: openssl rand -base64 25
        register: password_gen_r
        when: not passwordfile.stat.exists

      - name: Read windows password from workdir/[...]_windows_password.txt file
        command: "cat '{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{guid}}_windows_password.txt'"
        register: password_get_r
        changed_when: false
        when: passwordfile.stat.exists

      - name: set_fact windows_password (just generated)
        set_fact:
          generated_windows_password: "{{ password_gen_r.stdout }}"
          windows_password: "{{ password_gen_r.stdout }}"
        when: not passwordfile.stat.exists

      - name: set_fact windows_password (previously generated)
        set_fact:
          generated_windows_password: "{{ password_get_r.stdout }}"
        when: passwordfile.stat.exists

    - name: Save windows_password or generated_windows_password into workdir/
      copy:
        content: "{{ windows_password | default(generated_windows_password) }}"
        dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{guid}}_windows_password.txt"
        mode: 0600

 ansible/configs/auth-playground-lab/pre_software.yml

New file
@@ -0,0 +1,82 @@

- name: Step 003 - Create env key
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - step003
    - generate_env_keys
  tasks:
    - name: Generate SSH keys
      shell: ssh-keygen -b 2048 -t rsa -f "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}" -q -N ""
      args:
        creates: "{{ ANSIBLE_REPO_PATH }}/workdir/{{env_authorized_key}}"
      when: set_env_authorized_key

# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }}

- name: Configure all hosts with Repositories, Common Files and Set environment key
  hosts:
    - all:!windows
  become: true
  gather_facts: False
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  tags:
    - step004
    - common_tasks
  roles:
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set-repositories", when: 'repo_method is defined' }
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/common", when: 'install_common' }
    - { role: "{{ ANSIBLE_REPO_PATH }}/roles/set_env_authorized_key", when: 'set_env_authorized_key' }

- name: Configuring Bastion Hosts
  hosts: bastions
  become: true
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  roles:
    -  { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' }
    -  { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion-opentlc-ipa", when: 'install_ipa_client' }
  tags:
    - step004
    - bastion_tasks

- name: Configure windows machines
  hosts:
    - windows
  gather_facts: False
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/ssh_vars.yml"
  tags:
    - step004
    - common_tasks
    - windows_tasks
  roles:
    - role: "{{ ANSIBLE_REPO_PATH }}/roles/windows-common"
      when: install_win_ssh


- name: PreSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml"
  tags:
    - flight_check
  tasks:
    - debug:
        msg: "Pre-Software checks completed successfully"

 ansible/configs/auth-playground-lab/ssh_vars.yml

New file
@@ -0,0 +1 @@
ansible_ssh_extra_args: "-F {{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf -o StrictHostKeyChecking=no"

 ansible/roles/ipa-server/tasks/main.yml

@@ -38,14 +38,18 @@
- name: set host name
  hostname:
    name: "{{ipa_public_dns_chomped}}"
- name: set hostname in /etc/hosts
  shell: "echo 127.0.0.1 {{ ipa_public_dns_chomped }} > /etc/hosts"

- name: get local ip
  shell: "ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1"
  register: local_ip
- debug:
    var: local_ip
- debug:
    var: hostvars['private_ip']
- name: set hostname in /etc/hosts
  shell: "echo {{local_ip.stdout}} `hostname` > /etc/hosts"


- name: Run the ipa-server-install command
  shell: ipa-server-install -U --setup-dns --ip-address={{local_ip.stdout}} --hostname={{ ipa_public_dns_chomped }} --domain={{ ipa_domain }} --realm={{ ipa_realm }} --ds-password={{ ipa_directory_manager_password }} --admin-password={{ ipa_principal_user_password }}  --no-forwarders
  ignore_errors: true

 ansible/roles/ipa-server/tasks/packages.yml

File was deleted

 ansible/roles/ipa-server/tasks/subscription_manager_repos.yml

File was deleted

 ansible/roles/ipa-server/tasks/use_own_repos.yml

File was deleted