Started the construction of the test-empty-config

Tok

2019-10-09 fe606eff985bccf88f23493a5bb1d3d491e2211e

Started the construction of the test-empty-config

 ansible/configs/test-empty-config/README.adoc

New file
@@ -0,0 +1,48 @@
== Overview

*Three Tier App* _config_  whilst originally intended for the deployment of a three tier app is perhaps better described as "5 un-configured RHEL machines all exposed to the internet".
It is worth noting, despite its name, that no application is actually deployed.
It makes an ideal base infrastructure to build on and can easily be extended via it's `env_vars.yml` to less or more machines and also to different operating system images.

image::topology.png[width=100%]

== Supported Cloud Providers

* AWS
* Azure

== Review the Env_Type variable file

The link:./env_vars.yml[./env_vars.yml] file contains all the variables you need to define to control the deployment of your environment.

This includes the ability to:

* Change the number of machines deployed
* Changed the operating system image (e.g. Ansible AMI or similar)
* Change the tags carried by any instances
* Change the base packages installed 
* Change/set the `ansible_user` and `remote_user`

These can be over-ridden at `ansible-playbook` runtime via `-e` options or perhaps more compactly by overriding vars in your own var file and invoking via `-e @my_env_vars.yml`

For further information on customizing images consult the link:../../../docs/Creating_a_config.adoc[Creating a Config Guide] 

== Deploying the Three Tier App Config

You can deploy this config by running the following command from the `ansible`
directory. You will have to provide credentials and adjust settings to your own
environment.

`ansible-playbook -e @configs/three-tier-app/sample_vars.yml main.yml`

=== To Delete an environment
----

ansible-playbook -e @configs/three-tier-app/sample_vars.yml \ 
  configs/three-tier-app/destroy_env.yml 

----





 ansible/configs/test-empty-config/destroy_env.yml

New file
@@ -0,0 +1,3 @@
---
- name: Import default destroy playbook
  import_playbook: ../../cloud_providers/{{cloud_provider}}_destroy_env.yml

 ansible/configs/test-empty-config/env_vars.yml

New file
@@ -0,0 +1,253 @@
## TODO: What variables can we strip out of here to build complex variables?
## i.e. what can we add into group_vars as opposed to config_vars?
## Example: We don't really need "subdomain_base_short". If we want to use this,
## should just toss in group_vars/all.
### Also, we should probably just create a variable reference in the README.md
### For now, just tagging comments in line with configuration file.

### Vars that can be removed:
# use_satellite: true
# use_subscription_manager: false
# use_own_repos: false

###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
###### OR PASS as "-e" args to ansible-playbook command


### Common Host settings

repo_method: file # Other Options are: file, satellite and rhn

install_ipa_client: false
# Do you want to run a full yum update
update_packages: false
#If using repo_method: satellite, you must set these values as well.
# satellite_url: satellite.example.com
# satellite_org: Sat_org_name
# satellite_activationkey: "rhel7basic"

## guid is the deployment unique identifier, it will be appended to all tags,
## files and anything that identifies this environment from another "just like it"
guid: defaultguid

# This var is used to identify stack (cloudformation, azure resourcegroup, ...)
project_tag: "{{ env_type }}-{{ guid }}"

# This is where the ssh_config file will be created, this file is used to
# define the communication method to all the hosts in the deployment
deploy_local_ssh_config_location: "{{output_dir}}/"

install_bastion: true
install_common: true
## SB Don't set software_to_deploy from here, always use extra vars (-e) or "none" will be used
#software_to_deploy:: none

repo_version: "3.6"

### If you want a Key Pair name created and injected into the hosts,
# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
# you can use the key used to create the environment or use your own self generated key
# if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}})
use_own_key: true
env_authorized_key: "{{guid}}key"
ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
set_env_authorized_key: true

# Is this running from Red Hat Ansible Tower
tower_run: false
### Azure

# Create a dedicated resourceGroup for this deployment
az_destroy_method: resource_group
az_resource_group: "{{ project_tag }}"

# you can operate differently: if you share on resourceGroup for all you deployments,
# you can specify a different resourceGroup and method:
#az_destroy_method: deployment
#az_resource_group: my-shared-resource-group

### AWS EC2 Environment settings

### Route 53 Zone ID (AWS)
# This is the Route53 HostedZoneId where you will create your Public DNS entries
# This only needs to be defined if your CF template uses route53
HostedZoneId: Z3IHLWJZOU9SRT
# The region to be used, if not specified by -e in the command line
aws_region: ap-southeast-2
# The key that is used to
key_name: "default_key_name"

## Networking (AWS)
subdomain_base_short: "{{ guid }}"
subdomain_base_suffix: ".example.opentlc.com"
subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}"

## Environment Sizing

bastion_instance_type: "t2.medium"

frontend_instance_type: "t2.small"
app_instance_type: "{{frontend_instance_type}}"
appdb_instance_type: "{{frontend_instance_type}}"
support_instance_type: "t2.small"

frontend_instance_count: 1
app_instance_count: 2
appdb_instance_count: 1
support_instance_count: 1
rootfs_size_bastion: 50

instances:
  - name: "bastion"
    count: 1
    unique: true
    public_dns: true
    dns_loadbalancer: true
    image_id: RHELAMI
    flavor:
      ec2: "{{bastion_instance_type}}"
      azure: Standard_A2_V2
    tags:
      - key: "AnsibleGroup"
        value: "bastions"
      - key: "ostype"
        value: "linux"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"
    rootfs_size: "{{ rootfs_size_bastion }}"

  - name: "frontend"
    count: "{{frontend_instance_count}}"
    public_dns: true
    dns_loadbalancer: true
    image_id: RHELAMI
    flavor:
      ec2: "{{frontend_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "frontends"
      - key: "ostype"
        value: "linux"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"

  - name: "app"
    count: "{{app_instance_count}}"
    public_dns: true
    image_id: RHELAMI
    flavor:
      ec2: "{{app_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "apps"
      - key: "ostype"
        value: "rhel"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"
    key_name: "{{key_name}}"

  - name: "appdb"
    count: "{{appdb_instance_count}}"
    public_dns: true
    image_id: RHELAMI
    flavor:
      ec2: "{{appdb_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "appdbs"
      - key: "ostype"
        value: "rhel"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"
    key_name: "{{key_name}}"

  - name: "support"
    count: "{{support_instance_count}}"
    public_dns: true
    image_id: RHELAMI
    flavor:
      ec2: "{{support_instance_type}}"
      azure: "Standard_A2_V2"
    tags:
      - key: "AnsibleGroup"
        value: "support"
      - key: "ostype"
        value: "rhel"
      - key: "instance_filter"
        value: "{{ env_type }}-{{ email }}"
    key_name: "{{key_name}}"

###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT
###### You can, but you usually wouldn't need to.
ansible_user: ec2-user
remote_user: ec2-user

common_packages:
  - python
  - unzip
  - bash-completion
  - tmux
  - bind-utils
  - wget
  - git
  - vim-enhanced
  - at
  - ansible

rhel_repos:
  - rhel-7-server-rpms
  - rhel-7-server-extras-rpms
  - epel-release-latest-7
## Currently there is no NFS created for this Environment - See ocp-workshop for clues.
# ## NFS Server settings
# nfs_vg: nfsvg
# nfs_pvs: /dev/xvdb
# nfs_export_path: /srv/nfs
#
# nfs_shares:
#   - es-storage
#   - user-vols
#   - jenkins
#   - nexus
#   - nexus2


zone_internal_dns: "{{guid}}.internal."
chomped_zone_internal_dns: "{{guid}}.internal"

frontend_public_dns: "frontendlb.{{subdomain_base}}."
#tower_public_dns: "tower.{{subdomain_base}}."
bastion_public_dns: "bastion.{{subdomain_base}}."
bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
vpcid_cidr_block: "192.168.0.0/16"
vpcid_name_tag: "{{subdomain_base}}"

az_1_name: "{{ aws_region }}a"
az_2_name: "{{ aws_region }}b"

subnet_private_1_cidr_block: "192.168.2.0/24"
subnet_private_1_az: "{{ az_2_name }}"
subnet_private_1_name_tag: "{{subdomain_base}}-private"

subnet_private_2_cidr_block: "192.168.1.0/24"
subnet_private_2_az: "{{ az_1_name }}"
subnet_private_2_name_tag: "{{subdomain_base}}-private"

subnet_public_1_cidr_block: "192.168.10.0/24"
subnet_public_1_az: "{{ az_1_name }}"
subnet_public_1_name_tag: "{{subdomain_base}}-public"

subnet_public_2_cidr_block: "192.168.20.0/24"
subnet_public_2_az: "{{ az_2_name }}"
subnet_public_2_name_tag: "{{subdomain_base}}-public"

dopt_domain_name: "{{ aws_region }}.compute.internal"

rtb_public_name_tag: "{{subdomain_base}}-public"
rtb_private_name_tag: "{{subdomain_base}}-private"


cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer "

 ansible/configs/test-empty-config/files/cloud_providers/azure_cloud_template.j2

New file
@@ -0,0 +1,428 @@
{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters" : {
        "guid": {
            "type" : "string",
            "minLength" : 3,
            "metadata" : {
                "description" : "GUID of the environment"
            }
        },
        "DNSZone": {
            "type" : "string",
            "minLength" : 3,
            "metadata" : {
                "description" : "dns zone of the environment, to update or create"
            }
        },
        "adminUsername" : {
            "type" : "string",
            "minLength" : 1,
            "defaultValue" : "azure",
            "metadata" : {
                "description" : "User name for the Virtual Machine."
            }
        },
        "sshKeyData" : {
            "type" : "securestring",
            "metadata" : {
                "description" : "SSH RSA public key file as a string."
            }
        },
        "vmSize" : {
            "type" : "string",
            "defaultValue" : "Basic_A2",
            "allowedValues" : [
                "Basic_A2",
                "Standard_A2",
                "Standard_A3",
                "Standard_A4",
                "Standard_A5",
                "Standard_A6",
                "Standard_A7",
                "Standard_A8",
                "Standard_A9",
                "Standard_A10",
                "Standard_A11",
                "Standard_D2",
                "Standard_D3",
                "Standard_D4",
                "Standard_D11",
                "Standard_D12",
                "Standard_D13",
                "Standard_D14",
                "Standard_D2_v2",
                "Standard_D3_v2",
                "Standard_D4_v2",
                "Standard_D5_v2",
                "Standard_D11_v2",
                "Standard_D12_v2",
                "Standard_D13_v2",
                "Standard_D14_v2",
                "Standard_G1",
                "Standard_G2",
                "Standard_G3",
                "Standard_G4",
                "Standard_G5",
                "Standard_DS2",
                "Standard_DS3",
                "Standard_DS4",
                "Standard_DS11",
                "Standard_DS12",
                "Standard_DS13",
                "Standard_DS14",
                "Standard_DS2_v2",
                "Standard_DS3_v2",
                "Standard_DS4_v2",
                "Standard_DS5_v2",
                "Standard_DS11_v2",
                "Standard_DS12_v2",
                "Standard_DS13_v2",
                "Standard_DS14_v2",
                "Standard_GS1",
                "Standard_GS2",
                "Standard_GS3",
                "Standard_GS4",
                "Standard_GS5"
            ],
            "metadata" : {
                "description" : "The size of the each Node Virtual Machine."
            }
        }
    },
    "variables" : {
        "subzone": "[concat('{{guid}}.',parameters('DNSZone'))]",
        "location" : "[resourceGroup().location]",
        "virtualNetworkName" : "[concat('VNet', parameters('guid'))]",
        "addressPrefix" : "10.0.0.0/16",
        "vnetId" : "[resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName'))]",
        "rhel" : {
            "publisher" : "Redhat",
            "offer" : "RHEL",
            "sku" : "7-RAW",
            "version" : "latest"
        },
        "tenantId" : "[subscription().tenantId]",
        "apiVersion" : "2015-06-15",
        "apiVersionCompute" : "2015-06-15",
        "apiVersionNetwork" : "2016-03-30",
        "tmApiVersion" : "2015-11-01",
        "apiVersionStorage" : "2015-06-15",
        "apiVersionLinkTemplate" : "2015-01-01",
        "nicName" : "OneVmNic",
        "publicIPAddressType" : "Dynamic",
        "subnetRef" : "[concat(variables('vnetID'),'/subnets/',variables('virtualNetworkName'))]",
        "sshKeyPath" : "[concat('/home/',parameters('adminUsername'),'/.ssh/authorized_keys')]",
        "sQuote" : "\"",
        "vmStorageAccountContainerName": "vhds",
        "storageAccountType": "Standard_LRS",
        "vhdStorageType" : "Premium_LRS",
        "storageAccountName": "[concat('vsts8',uniquestring(parameters('guid')))]"
    },
    "resources": [
        {
            "type": "Microsoft.Storage/storageAccounts",
            "name": "[variables('StorageAccountName')]",
            "apiVersion": "2016-01-01",
            "location": "[resourceGroup().location]",
            "sku": {
                "name": "[variables('storageAccountType')]"
            },
            "kind": "Storage",
            "properties": {
            }
        },
{% for instance in instances %}

{% if instance['dns_loadbalancer']|d(false)|bool and not instance['unique']|d(false)|bool %}
        {
            "type": "Microsoft.Network/dnszones/a",
            "name": "[concat(variables('subzone'), '/', '{{instance['name']}}')]",
            "apiVersion": "2016-04-01",
            "dependsOn": [
{% for c in range(1,(instance['count'] |int)+1) %}
  {% if instance['unique']|d(false)|bool %}
    {% set instancename = instance['name'] %}
    {% else %}
    {% set instancename = instance['name'] + (loop.index|string) %}
  {% endif %}
                "[resourceId('Microsoft.Network/publicIPAddresses/', '{{instancename}}-PublicIP')]",
{% endfor %}
                "[resourceId('Microsoft.Network/dnsZones/', variables('subzone'))]",
            ],
            "properties": {
                "TTL": 3600,
                "ARecords": [
                    {
{% for c in range(1,(instance['count'] |int)+1) %}
  {% if instance['unique']|d(false)|bool %}
    {% set instancename = instance['name'] %}
    {% else %}
    {% set instancename = instance['name'] + (loop.index|string) %}
  {% endif %}
                        "ipv4Address": "[reference('{{instancename}}-PublicIP').ipAddress]"
{% endfor %}
                    }
                ]
            }
        },
{% endif %}


{% for c in range(1,(instance['count'] |int)+1) %}

  {% if instance['unique']|d(false)|bool %}
    {% set instancename = instance['name'] %}
    {% else %}
    {% set instancename = instance['name'] + (loop.index|string) %}
  {% endif %}

{% if instance['public_dns']|d(false)|bool %}
        {
            "type": "Microsoft.Network/dnszones/a",
            "name": "[concat(variables('subzone'), '/', '{{instancename}}')]",
            "apiVersion": "2016-04-01",
            "dependsOn": [
                "[resourceId('Microsoft.Network/publicIPAddresses/', '{{instancename}}-PublicIP')]",
                "[resourceId('Microsoft.Network/dnsZones/', variables('subzone'))]",
            ],
            "properties": {
                "TTL": 3600,
                "ARecords": [
                    {
                        "ipv4Address": "[reference('{{instancename}}-PublicIP').ipAddress]"
                    }
                ]
            }
        },
        {
            "apiVersion" : "2017-04-01",
            "type" : "Microsoft.Network/publicIPAddresses",
            "name" : "{{instancename}}-PublicIP",
            "location" : "[resourceGroup().location]",
            "properties" : {
                "publicIPAllocationMethod" : "Static",
                "dnsSettings" : {
                    "domainNameLabel" : "{{instancename}}-{{guid}}"
                }
            }
        },
        {
            "apiVersion" : "2017-04-01",
            "type" : "Microsoft.Network/networkInterfaces",
            "name" : "{{instancename}}-Interface",
            "location" : "[resourceGroup().location]",
            "dependsOn" : [
                "[resourceId('Microsoft.Network/publicIPAddresses/', '{{instancename}}-PublicIP')]",
                "[resourceId('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
            ],
            "properties" : {
                "ipConfigurations" : [
                    {
                        "name" : "ipconfig1",
                        "properties" : {
                            "privateIPAllocationMethod" : "Dynamic",
                            "publicIPAddress" : {
                                "id" : "[resourceId('Microsoft.Network/publicIPAddresses','{{instancename}}-PublicIP')]"
                            },
                            "subnet" : {
                                "id" : "[variables('subnetRef')]"
                            }
                        }
                    }
                ]
            }
        },
{% endif %}
        {
            "apiVersion" : "2017-03-30",
            "type" : "Microsoft.Compute/virtualMachines",
            "name" : "{{instancename}}",
            "location" : "[resourceGroup().location]",
            "dependsOn" : [
                "[resourceId('Microsoft.Network/networkInterfaces/', '{{instancename}}-Interface')]"
            ],
            "tags": {
                "Name": "{{instancename}}",
                "internaldns": "{{instancename}}.{{chomped_zone_internal_dns}}",
                "owner": "{{ email | default('unknownuser') }}",
                "Project": "{{project_tag}}",
{% for tag in instance['tags'] %}
                "{{tag['key']}}": "{{tag['value']}}",
{% endfor %}
                "{{project_tag}}": "{{ instance['name'] }}"
            },
            "properties" : {
                "hardwareProfile" : {
                    "vmSize" : "{{instance['flavor'][cloud_provider]}}"
                },
                "osProfile" : {
                    "computerName" : "{{instancename}}",
                    "adminUsername" : "[parameters('adminUsername')]",
                    "linuxConfiguration" : {
                        "disablePasswordAuthentication" : "true",
                        "ssh" : {
                            "publicKeys" : [
                                {
                                    "path" : "[variables('sshKeyPath')]",
                                    "keyData" : "[parameters('sshKeyData')]"
                                }
                            ]
                        }
                    }
                },
                "storageProfile" : {
                    "imageReference" : "[variables('rhel')]",
                    "osDisk" : {
                        "caching" : "ReadWrite",
                        "name" : "{{instancename}}-osdisk",
                        "createOption" : "FromImage",
                        "diskSizeGB" : "{{instance['rootfs_size']|d('50')}}"
                    },
                    "dataDisks" : [
{% for vol in instance['volumes']|default([]) %}
                        {
                            "caching" : "None",
                            "createOption" : "Empty",
                            "lun" : "{{loop.index}}",
                            "name": "{{instancename}}-{{vol['device_name']}}",
                            "diskSizeGB" : "{{vol['volume_size']}}"
                        },
{% endfor %}
                    ]
                },
                "networkProfile" : {
                    "networkInterfaces" : [
                        {
                            "id" : "[resourceId('Microsoft.Network/networkInterfaces','{{instancename}}-Interface')]"
                        }
                    ]
                },
                "diagnosticsProfile" : {
                    "bootDiagnostics" : {
                        "enabled" : "false",
                        "storageUri" : "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2016-01-01').primaryEndpoints.blob)]"
                    }
                }
            }
        },
{% endfor %}
{% endfor %}
        {
            "name": "[variables('subzone')]",
            "type": "Microsoft.Network/dnsZones",
            "apiVersion": "2017-09-01",
            "location" : "global",
        },
        {
            "apiVersion": "2017-05-10",
            "name": "nestedTemplate",
            "type": "Microsoft.Resources/deployments",
            "resourceGroup": "dns",
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                    "contentVersion": "1.0.0.0",
                    "parameters": {},
                    "variables": {},
                    "resources": [
                    ]
                },
                "parameters": {}
            }
        },
        {
            "apiVersion" : "[variables('apiVersion')]",
            "type" : "Microsoft.Network/virtualNetworks",
            "name" : "[variables('virtualNetworkName')]",
            "location" : "[variables('location')]",
            "tags" : {
                "displayName" : "VirtualNetwork"
            },
            "properties" : {
                "addressSpace" : {
                    "addressPrefixes" : [
                        "[variables('addressPrefix')]"
                    ]
                },
                "subnets" : [
                    {
                        "name" : "[variables('virtualNetworkName')]",
                        "properties" : {
                            "addressPrefix" : "[variables('addressPrefix')]"
                        }
                    }
                ]
            }
        },
        {
            "type" : "Microsoft.Network/networkSecurityGroups",
            "name" : "[concat(resourceGroup().name, 'nsg')]",
            "tags" : {
                "displayName" : "NetworkSecurityGroup"
            },
            "apiVersion" : "[variables('apiVersion')]",
            "location" : "[resourceGroup().location]",
            "properties" : {
                "securityRules" : [
                    {
                        "name" : "default-allow-openshift-router-https",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "443",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2000,
                            "direction" : "Inbound"
                        }
                    },
                    {
                        "name" : "default-allow-openshift-router-http\n",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "80",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2001,
                            "direction" : "Inbound"
                        }
                    },
                    {
                        "name" : "default-allow-openshift-master",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "8443",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2002,
                            "direction" : "Inbound"
                        }
                    },
                    {
                        "name" : "default-allow-ssh",
                        "properties" : {
                            "protocol" : "Tcp",
                            "sourcePortRange" : "*",
                            "destinationPortRange" : "22",
                            "sourceAddressPrefix" : "*",
                            "destinationAddressPrefix" : "*",
                            "access" : "Allow",
                            "priority" : 2003,
                            "direction" : "Inbound"
                        }
                    }
                ]
            }
        }
    ],
    "outputs" : {
    }
}

 ansible/configs/test-empty-config/files/cloud_providers/ec2_cloud_template.j2

New file
@@ -0,0 +1,287 @@
AWSTemplateFormatVersion: "2010-09-09"
Mappings:
  RegionMapping:
    us-east-1:
      RHELAMI: ami-c998b6b2
      WIN2012R2AMI: ami-0dcdd073eeabb0101
    us-east-2:
      RHELAMI: ami-cfdafaaa
      WIN2012R2AMI: ami-72745d17
    us-west-1:
      RHELAMI: ami-66eec506
      WIN2012R2AMI: ami-ef95ae8f
    us-west-2:
      RHELAMI: ami-9fa343e7
      WIN2012R2AMI: ami-af5980d7
    eu-west-1:
      RHELAMI: ami-bb9a6bc2
      WIN2012R2AMI: ami-24f04d5d
    eu-west-2:
      WIN2012R2AMI: ami-6a746a0e
    ca-central-1:
      WIN2012R2AMI: ami-4e4cf72a
    eu-central-1:
      RHELAMI: ami-d74be5b8
      WIN2012R2AMI: ami-88c14ee7
    ap-northeast-1:
      RHELAMI: ami-30ef0556
      WIN2012R2AMI: ami-dcdd66ba
    ap-northeast-2:
      RHELAMI: ami-0f5a8361
      WIN2012R2AMI: ami-681cbb06
    ap-southeast-1:
      RHELAMI: ami-10bb2373
      WIN2012R2AMI: ami-f887d59b
    ap-southeast-2:
      RHELAMI: ami-ccecf5af
      WIN2012R2AMI: ami-f601f494
    sa-east-1:
      RHELAMI: ami-a789ffcb
      WIN2012R2AMI: ami-42a5e12e
    ap-south-1:
      RHELAMI: ami-cdbdd7a2
      WIN2012R2AMI: ami-b9e8a6d6
  DNSMapping:
    "us-east-1":
      domain: "us-east-1.compute.internal"
    "us-west-1":
      domain: "us-west-1.compute.internal"
    "us-west-2":
      domain: "us-west-2.compute.internal"
    "eu-west-1":
      domain: "eu-west-1.compute.internal"
    "eu-central-1":
      domain: "eu-central-1.compute.internal"
    "ap-northeast-1":
      domain: "ap-northeast-1.compute.internal"
    "ap-northeast-2":
      domain: "ap-northeast-2.compute.internal"
    "ap-southeast-1":
      domain: "ap-southeast-1.compute.internal"
    "ap-southeast-2":
      domain: "ap-southeast-2.compute.internal"
    "sa-east-1":
      domain: "sa-east-1.compute.internal"
    "ap-south-1":
      domain: "ap-south-1.compute.internal"
Resources:
   Vpc:
    Type: "AWS::EC2::VPC"
    Properties:
     CidrBlock: "192.168.0.0/16"
     EnableDnsSupport: true
     EnableDnsHostnames: true
     Tags:
      - Key: Name
        Value: "{{vpcid_name_tag}}"
      - Key: Hostlication
        Value:
          Ref: "AWS::StackId"
   VpcInternetGateway:
    Type: "AWS::EC2::InternetGateway"
   VpcGA:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
     InternetGatewayId:
      Ref: VpcInternetGateway
     VpcId:
      Ref: Vpc
   VpcRouteTable:
    Type: "AWS::EC2::RouteTable"
    Properties:
     VpcId:
      Ref: Vpc
   VPCRouteInternetGateway:
    DependsOn: VpcGA
    Type: "AWS::EC2::Route"
    Properties:
     GatewayId:
      Ref: VpcInternetGateway
     DestinationCidrBlock: "0.0.0.0/0"
     RouteTableId:
      Ref: VpcRouteTable
   PublicSubnet:
    Type: "AWS::EC2::Subnet"
    DependsOn:
     - Vpc
    Properties:
     CidrBlock: "192.168.0.0/24"
     Tags:
      - Key: Name
        Value: "{{project_tag}}"
      - Key: Hostlication
        Value:
          Ref: "AWS::StackId"
     MapPublicIpOnLaunch: true
     VpcId:
      Ref: Vpc
   PublicSubnetRTA:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
     RouteTableId:
      Ref: VpcRouteTable
     SubnetId:
      Ref: PublicSubnet
   HostSG:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
     GroupDescription: Host
     VpcId:
      Ref: Vpc
     Tags:
      - Key: Name
        Value: host_sg
   HostUDPPorts:
    Type: "AWS::EC2::SecurityGroupIngress"
    Properties:
     GroupId:
      "Fn::GetAtt":
       - HostSG
       - GroupId
     IpProtocol: udp
     FromPort: 0
     ToPort: 65535
     CidrIp: "0.0.0.0/0"
   HostTCPPorts:
    Type: "AWS::EC2::SecurityGroupIngress"
    Properties:
     GroupId:
      "Fn::GetAtt":
       - HostSG
       - GroupId
     IpProtocol: tcp
     FromPort: 0
     ToPort: 65535
     CidrIp: "0.0.0.0/0"
   zoneinternalidns:
    Type: "AWS::Route53::HostedZone"
    Properties:
     Name: "{{ zone_internal_dns }}"
     VPCs:
      - VPCId:
          Ref: Vpc
        VPCRegion:
          Ref: "AWS::Region"
     HostedZoneConfig:
      Comment: "Created By ansible agnostic deployer"

{% for instance in instances %}
{% if instance['dns_loadbalancer']|d(false)|bool and not instance['unique']|d(false)|bool %}
   {{instance['name']}}DNSLoadBalancer:
    Type: "AWS::Route53::RecordSetGroup"
    DependsOn:
{% for c in range(1,(instance['count'] |int)+1) %}
    - {{instance['name']}}{{c}}EIP
{% endfor %}
    Properties:
     HostedZoneId: {{HostedZoneId}}
     RecordSets:
      - Name: "{{instance['name']}}.{{subdomain_base}}."
        Type: A
        TTL: 900
        ResourceRecords:
{% for c in range(1,(instance['count'] |int)+1) %}
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PublicIp
{% endfor %}
{% endif %}

{% for c in range(1,(instance['count'] |int)+1) %}
   {{instance['name']}}{{loop.index}}:
    Type: "AWS::EC2::Instance"
    Properties:
     ImageId:
      "Fn::FindInMap":
       - RegionMapping
       - Ref: "AWS::Region"
       - {{ instance['image_id'] | default('RHELAMI') }}

     InstanceType: "{{instance['flavor'][cloud_provider]}}"
     KeyName: "{{instance['key_name'] | default(key_name)}}"
{% if instance['UserData'] is defined %}
     {{instance['UserData']}}
{% endif %}
     SecurityGroupIds:
        - "Fn::GetAtt":
          - HostSG
          - GroupId
     SubnetId:
      Ref: PublicSubnet
     Tags:
{% if instance['unique'] | d(false) | bool %}
      - Key: Name
        Value: {{instance['name']}}
      - Key: internaldns
        Value: {{instance['name']}}.{{chomped_zone_internal_dns}}
{% else %}
      - Key: Name
        Value: {{instance['name']}}{{loop.index}}
      - Key: internaldns
        Value: {{instance['name']}}{{loop.index}}.{{chomped_zone_internal_dns}}
{% endif %}
      - Key: "owner"
        Value: "{{ email | default('unknownuser') }}"
      - Key: "Project"
        Value: "{{project_tag}}"
      - Key: "{{project_tag}}"
        Value: "{{ instance['name'] }}"
{% for tag in instance['tags'] %}
      - Key: {{tag['key']}}
        Value: {{tag['value']}}
{% endfor %}
     BlockDeviceMappings:
        - DeviceName: "/dev/sda1"
          Ebs:
            VolumeSize: 50
        - DeviceName: "/dev/xvdb"
          Ebs:
            VolumeType: gp2
            VolumeSize: 20
   {{instance['name']}}{{loop.index}}InternalDNS:
    Type: "AWS::Route53::RecordSetGroup"
    Properties:
     HostedZoneId:
      Ref: zoneinternalidns
     RecordSets:
{% if instance['unique'] | d(false) | bool %}
      - Name: "{{instance['name']}}.{{zone_internal_dns}}"
{% else %}
      - Name: "{{instance['name']}}{{loop.index}}.{{zone_internal_dns}}"
{% endif %}
        Type: A
        TTL: 10
        ResourceRecords:
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PrivateIp
{% if instance['public_dns'] %}
   {{instance['name']}}{{loop.index}}EIP:
     Type: "AWS::EC2::EIP"
     DependsOn:
      - VpcGA
     Properties:
      InstanceId:
       Ref: {{instance['name']}}{{loop.index}}
   {{instance['name']}}{{loop.index}}PubliclDNS:
     Type: "AWS::Route53::RecordSetGroup"
     DependsOn:
        - {{instance['name']}}{{loop.index}}EIP
     Properties:
      HostedZoneId: {{HostedZoneId}}
      RecordSets:
{% if instance['unique'] | d(false) | bool %}
        - Name: "{{instance['name']}}.{{subdomain_base}}."
{% else %}
        - Name: "{{instance['name']}}{{loop.index}}.{{subdomain_base}}."
{% endif %}
          Type: A
          TTL: 10
          ResourceRecords:
          - "Fn::GetAtt":
            - {{instance['name']}}{{loop.index}}
            - PublicIp
{% endif %}

{% endfor %}
{% endfor %}

 ansible/configs/test-empty-config/files/cloud_providers/ec2_cloud_template_json.j2

New file
@@ -0,0 +1,792 @@
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": { },
  "Mappings": {
    "RegionMapping": {
      "us-east-1": {
        "RHELAMI": "ami-b63769a1", "WIN2012R2AMI": "ami-7da4ab6b"
      },
      "us-east-2": {
        "RHELAMI": "ami-0932686c", "WIN2012R2AMI": "ami-ffae8f9a"
      },
      "us-west-1": {
        "RHELAMI": "ami-2cade64c", "WIN2012R2AMI": "ami-a11836c1"
      },
      "us-west-2": {
        "RHELAMI": "ami-6f68cf0f", "WIN2012R2AMI": "ami-a1c1ddd8"
      },
      "eu-west-1": {
        "RHELAMI": "ami-02ace471", "WIN2012R2AMI": "ami-cc8e98a8"
      },
      "eu-central-1": {
        "RHELAMI": "ami-e4c63e8b", "WIN2012R2AMI": "ami-da1ebdb5"
      },
      "ap-northeast-1": {
        "RHELAMI": "ami-5de0433c", "WIN2012R2AMI": "ami-4312cc2d"
      },
      "ap-northeast-2": {
        "RHELAMI": "ami-44db152a", "WIN2012R2AMI": "ami-68756f0f"
      },
      "ap-southeast-1": {
        "RHELAMI": "ami-2c95344f", "WIN2012R2AMI": "ami-7644d315"
      },
      "ap-southeast-2": {
        "RHELAMI": "ami-39ac915a", "WIN2012R2AMI": "ami-468f9225"
      },
      "sa-east-1": {
        "RHELAMI": "ami-7de77b11", "WIN2012R2AMI": "ami-c8285ca4"
      },
      "ap-south-1": {
        "RHELAMI": "ami-cdbdd7a2", "WIN2012R2AMI": "ami-8eafd6e1"
      }
    },
    "DNSMapping": {
      "us-east-1": {
        "domain": "us-east-1.compute.internal"
      },
      "us-west-1": {
        "domain": "us-west-1.compute.internal"
      },
      "us-west-2": {
        "domain": "us-west-2.compute.internal"
      },
      "eu-west-1": {
        "domain": "eu-west-1.compute.internal"
      },
      "eu-central-1": {
        "domain": "eu-central-1.compute.internal"
      },
      "ap-northeast-1": {
        "domain": "ap-northeast-1.compute.internal"
      },
      "ap-northeast-2": {
        "domain": "ap-northeast-2.compute.internal"
      },
      "ap-southeast-1": {
        "domain": "ap-southeast-1.compute.internal"
      },
      "ap-southeast-2": {
        "domain": "ap-southeast-2.compute.internal"
      },
      "sa-east-1": {
        "domain": "sa-east-1.compute.internal"
      },
      "ap-south-1": {
        "domain": "ap-south-1.compute.internal"
      }
    }
  },
  "Resources": {
    "Vpc": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "192.168.0.0/16",
        "EnableDnsSupport": "true",
        "EnableDnsHostnames": "true",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{vpcid_name_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ]
      }
    },
    "VpcInternetGateway": {
      "Type": "AWS::EC2::InternetGateway",
      "Properties": {}
    },
    "VpcGA": {
      "Type": "AWS::EC2::VPCGatewayAttachment",
      "Properties": {
        "InternetGatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VpcRouteTable": {
      "Type": "AWS::EC2::RouteTable",
      "Properties": {
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "VPCRouteInternetGateway": {
      "DependsOn" : "VpcGA",
  "Type": "AWS::EC2::Route",
      "Properties": {
        "GatewayId": {
          "Ref": "VpcInternetGateway"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        }
      }
    },
    "PublicSubnet": {
      "Type": "AWS::EC2::Subnet",
      "DependsOn": [
        "Vpc"
      ],
      "Properties": {
        "CidrBlock": "192.168.0.0/24",
        "Tags": [
          {
            "Key": "Name",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "Hostlication",
            "Value": {
              "Ref": "AWS::StackId"
            }
          }
        ],
        "MapPublicIpOnLaunch": "true",
        "VpcId": {
          "Ref": "Vpc"
        }
      }
    },
    "PublicSubnetRTA": {
      "Type": "AWS::EC2::SubnetRouteTableAssociation",
      "Properties": {
        "RouteTableId": {
          "Ref": "VpcRouteTable"
        },
        "SubnetId": {
          "Ref": "PublicSubnet"
        }
      }
    },
    "HostSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Host",
        "VpcId": {
          "Ref": "Vpc"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "host_sg"
          }
        ]
      }
    },
    "HostUDPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "udp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "HostTCPPorts": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Fn::GetAtt": [
            "HostSG",
            "GroupId"
          ]
        },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "CidrIp": "0.0.0.0/0"
      }
    },
    "zoneinternalidns": {
      "Type": "AWS::Route53::HostedZone",
      "Properties": {
        "Name": "{{ zone_internal_dns }}",
        "VPCs" :  [{
      "VPCId": { "Ref" : "Vpc" },
      "VPCRegion": { "Ref": "AWS::Region" } } ],
        "HostedZoneConfig": {
          "Comment": "Created By ansible agnostic deployer"
        }
      }
    },
    "BastionDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{bastion_public_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "CloudDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": [ "BastionEIP" ],
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
          {
            "Name": "{{cloudapps_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PublicIp"
                ]
              }
            ]
          }
        ]
      }
    },
    "FrontendDNSLoadBalancer": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": "frontend{{frontend_instance_count}}EIP",
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
        {
          "Name" : "{{frontend_public_dns}}",
          "Type" : "A",
          "TTL" : "900",
          "ResourceRecords" : [
{% for c in range(1,(frontend_instance_count|int)+1) %}

{ "Fn::GetAtt": [ "frontend{{loop.index}}", "PublicIp" ] }{% if loop.index < frontend_instance_count   %},{% endif %}

{% endfor %}
          ]}]
    }},
    {% for c in range(1,(frontend_instance_count|int)+1) %}

    "PublicHostDNS{{loop.index}}": {
      "Type": "AWS::Route53::RecordSetGroup",
      "DependsOn": "frontend{{frontend_instance_count}}EIP",
      "Properties": {
        "HostedZoneId": "{{HostedZoneId}}",
        "RecordSets": [
        {
          "Name" : "frontend{{loop.index}}.{{subdomain_base}}.",
          "Type" : "A",
          "TTL" : "900",
          "ResourceRecords" : [

{ "Fn::GetAtt": [ "frontend{{loop.index}}", "PublicIp" ] }

          ]}]
    }},
{% endfor %}

    "Bastion": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{bastion_instance_type}}",
        "KeyName": "{{key_name}}",
        "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
          "#!/bin/bash -xe\n",
          "sed -i '2i ldap_group_nesting_level=0' /etc/sssd/sssd.conf \n",
          "systemctl restart sssd \n",
          "echo 'PermitRootLogin without-password' >> /etc/ssh/sshd_config \n",
          "sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config \n",
          "sed -i 's/^ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config \n",
          "systemctl restart sshd \n"
          ]]}},
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "bastion"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "bastions"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "bastion"
          },
          {
            "Key": "internaldns",
            "Value": "bastion.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ]
      }
    },
      "BastionEIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "Bastion" }
          }
      },
    "BastionInternalDNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "bastion.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "Bastion",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    {% for c in range(1,(frontend_instance_count|int)+1) %}
        "frontend{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{frontend_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "frontend{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "frontends"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "frontend"
              },
              {
                "Key": "internaldns",
                "Value": "frontend{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 30
                }
              }
            ]
          }

        },
      "frontend{{loop.index}}EIP" : {
          "Type" : "AWS::EC2::EIP",
          "DependsOn": [ "VpcGA" ],
          "Properties" : {
              "InstanceId" : { "Ref" : "frontend{{loop.index}}" }
          }
      },
        "frontend{{loop.index}}DNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "frontend{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "frontend{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
        {% for c in range(1,(app_instance_count|int)+1) %}
        "app{{loop.index}}": {
          "Type": "AWS::EC2::Instance",
          "Properties": {
            "ImageId": {
              "Fn::FindInMap": [
                "RegionMapping",
                {
                  "Ref": "AWS::Region"
                },
                "RHELAMI"
              ]
            },
            "InstanceType": "{{app_instance_type}}",
            "KeyName": "{{key_name}}",
            "SecurityGroupIds": [
              {
                "Fn::GetAtt": [
                  "HostSG",
                  "GroupId"
                ]
              }
            ],
            "SubnetId": {
              "Ref": "PublicSubnet"
            },
            "Tags": [
              {
                "Key": "Name",
                "Value": "app{{loop.index}}"
              },
              {
                "Key": "AnsibleGroup",
                "Value": "apps"
              },
              {
                "Key": "Project",
                "Value": "{{project_tag}}"
              },
              {
                "Key": "{{ project_tag }}",
                "Value": "app"
              },
              {
                "Key": "internaldns",
                "Value": "app{{loop.index}}.{{chomped_zone_internal_dns}}"
              },
              {
                "Key": "owner",
                "Value": "{{ email | default('unknown')}}"
              }
            ],
            "BlockDeviceMappings": [
              {
                "DeviceName": "/dev/sda1",
                "Ebs": {
                  "VolumeSize": 50
                }
              },
              {
                "DeviceName": "/dev/xvdb",
                "Ebs": {
                  "VolumeType": "gp2",
                  "VolumeSize": 30
                }
              }
            ]
          }

        },

        "app{{loop.index}}DNS": {
          "Type": "AWS::Route53::RecordSetGroup",
          "Properties": {
          "HostedZoneId" : { "Ref" : "zoneinternalidns" },

            "RecordSets": [
              {
                "Name": "app{{loop.index}}.{{zone_internal_dns}}",
                "Type": "A",
                "TTL": "10",
                "ResourceRecords": [
                  {
                    "Fn::GetAtt": [
                      "app{{loop.index}}",
                      "PrivateIp"
                    ]
                  }
                ]
              }
            ]
          }
        },
        {% endfor %}
    {% for c in range(1,(appdb_instance_count|int)+1) %}
    "appdb{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{appdb_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "appdb{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "appdbs"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "appdb"
          },
          {
            "Key": "internaldns",
            "Value": "appdb{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 30
            }
          }
        ]
      }

    },

    "appdb{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "appdb{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "appdb{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    },
    {% endfor %}
    {% for c in range(1,(support_instance_count|int)+1) %}
    "support{{loop.index}}": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": {
          "Fn::FindInMap": [
            "RegionMapping",
            {
              "Ref": "AWS::Region"
            },
            "RHELAMI"
          ]
        },
        "InstanceType": "{{support_instance_type}}",
        "KeyName": "{{key_name}}",
        "SecurityGroupIds": [
          {
            "Fn::GetAtt": [
              "HostSG",
              "GroupId"
            ]
          }
        ],
        "SubnetId": {
          "Ref": "PublicSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "support{{loop.index}}"
          },
          {
            "Key": "AnsibleGroup",
            "Value": "support"
          },
          {
            "Key": "Project",
            "Value": "{{project_tag}}"
          },
          {
            "Key": "{{ project_tag }}",
            "Value": "support"
          },
          {
            "Key": "internaldns",
            "Value": "support{{loop.index}}.{{chomped_zone_internal_dns}}"
          },
          {
            "Key": "owner",
            "Value": "{{ email | default('unknown')}}"
          }
        ],
        "BlockDeviceMappings": [
          {
            "DeviceName": "/dev/sda1",
            "Ebs": {
              "VolumeSize": 50
            }
          },
          {
            "DeviceName": "/dev/xvdb",
            "Ebs": {
              "VolumeType": "gp2",
              "VolumeSize": 50
            }
          }
        ]
      }

    },
    "support{{loop.index}}DNS": {
      "Type": "AWS::Route53::RecordSetGroup",
      "Properties": {
      "HostedZoneId" : { "Ref" : "zoneinternalidns" },

        "RecordSets": [
          {
            "Name": "support{{loop.index}}.{{zone_internal_dns}}",
            "Type": "A",
            "TTL": "10",
            "ResourceRecords": [
              {
                "Fn::GetAtt": [
                  "support{{loop.index}}",
                  "PrivateIp"
                ]
              }
            ]
          }
        ]
      }
    }{% if loop.index < support_instance_count %},{% endif %}
  {% endfor %}
  },
  "Outputs": {
    "Route53internalzoneOutput": {
      "Description": "The ID of the internal route 53 zone",
      "Value": {
        "Ref": "zoneinternalidns"
      }
    }
  }
}

 ansible/configs/test-empty-config/files/cloud_providers/terraform_ec2_cloud_template.tf.j2

New file
@@ -0,0 +1,164 @@
#----------------------------------------------
# Terraform ec2 variables
#----------------------------------------------
variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "security_group" { default = "{{ env_type }}-host_sg" }
variable "keypair" { default = "{{ env_type }}-{{ key_name }}" }
variable "aws_region" { default = "us-east-1" }

variable "aws_amis" {
    type = "map"
    default = {
        RHELAMI.ap-northeast-1 = "ami-5de0433c"
        RHELAMI.ap-northeast-2 = "ami-44db152a"
        RHELAMI.ap-southeast-1 = "ami-2c95344f"
        RHELAMI.ap-southeast-2 = "ami-39ac915a"
        RHELAMI.ap-south-1     = "ami-cdbdd7a2"
        RHELAMI.eu-central-1   = "ami-e4c63e8b"
        RHELAMI.eu-west-1      = "ami-02ace471"
        RHELAMI.sa-east-1      = "ami-7de77b11"
        RHELAMI.us-east-1      = "ami-b63769a1"
        RHELAMI.us-east-2      = "ami-0932686c"
        RHELAMI.us-gov-west-1  = "ami-91cfafb2"
        RHELAMI.us-west-1      = "ami-2cade64c"
        RHELAMI.us-west-2      = "ami-6f68cf0f"
        WIN2012R2AMI.us-east-1       = "ami-7da4ab6b"
        WIN2012R2AMI.us-east-2       = "ami-ffae8f9a"
        WIN2012R2AMI.us-west-1       = "ami-a11836c1"
        WIN2012R2AMI.us-west-2       = "ami-a1c1ddd8"
        WIN2012R2AMI.eu-west-1       = "ami-cc8e98a8"
        WIN2012R2AMI.eu-central-1    = "ami-da1ebdb5"
        WIN2012R2AMI.ap-northeast-1  = "ami-4312cc2d"
        WIN2012R2AMI.ap-northeast-2  = "ami-68756f0f"
        WIN2012R2AMI.ap-southeast-1  = "ami-7644d315"
        WIN2012R2AMI.ap-southeast-2  = "ami-468f9225"
        WIN2012R2AMI.sa-east-1       = "ami-c8285ca4"
        WIN2012R2AMI.ap-south-1      = "ami-8eafd6e1"
    }
}

variable "ebs_root_block_size" { default = "{{ rootfs_size_bastion }}" }

#----------------------------------------------
# Access credentials
#----------------------------------------------
provider "aws" {
    access_key = "${var.aws_access_key}"
    secret_key = "${var.aws_secret_key}"
    region     = "${var.aws_region}"
}

#----------------------------------------------
# VPC
#----------------------------------------------
# Main VPC that will contain everything.
resource "aws_vpc" "main" {
  cidr_block           = "192.168.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
 
  tags { 
    Name = "{{vpcid_name_tag}}" 
  }
}

# The public subnet is where resources connected to the internet will go
resource "aws_subnet" "public" {
    vpc_id                  = "${aws_vpc.main.id}"
    cidr_block              = "192.168.0.0/24"
    map_public_ip_on_launch = true
    tags { Name = "{{project_tag}}-public-subnet" }
}

# Internet accessible route table + gateway for the public subnet
resource "aws_internet_gateway" "public" {
  vpc_id = "${aws_vpc.main.id}"
  tags { Name = "{{vpcid_name_tag}}-igw" }
}

resource "aws_route_table" "public" {
  vpc_id = "${aws_vpc.main.id}"
  route {
      cidr_block = "0.0.0.0/0"
      gateway_id = "${aws_internet_gateway.public.id}"
  }
  tags { Name = "{{vpcid_name_tag}}-public-rt" }
}

resource "aws_route_table_association" "public" {
  subnet_id      = "${aws_subnet.public.id}"
  route_table_id = "${aws_route_table.public.id}"
}

#----------------------------------------------
# Security Group
#----------------------------------------------
resource "aws_security_group" "host_sg" {
  name   = "{{ env_type }}-host_sg"
  vpc_id = "${aws_vpc.main.id}"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
  }

}


{% for instance in instances %}
variable "{{instance['name']}}_os_version" { default = "{{instance['image_id']}}" }
variable "{{instance['name']}}_instance_type" { default = "{{ instance['name'] + '_instance_type' }}" }  # c4.large
variable "{{instance['name']}}_instance_count" { default = "{{ instance['name'] + '_instance_count' }}" }  # c4.large

#----------------------------------------------
# Instance : {{instance['name']}}
#----------------------------------------------
resource "aws_instance" "{{instance['name']}}_host" {
  count             = "{{instance['count']}}"
  ami               = "${lookup(var.aws_amis, "${var.{{instance['name']}}_os_version}.${var.aws_region}")}"
  instance_type     = "${var.{{instance['name']}}_instance_type}"
  subnet_id         = "${aws_subnet.public.id}"
  key_name          = "${var.keypair}"
  security_groups   = [ "${aws_security_group.host_sg.id}" ]

  root_block_device = {
    volume_type     = "gp2"
    volume_size     = "${var.ebs_root_block_size}"
  }
  tags {
    Name              = "{{ env_type }}-{{instance['name']}}-${count.index}"
    Role              = "{{ env_type }}-{{instance['name']}}"
    Workshop          = "{{ env_type }}"
    sshUser           = "ec2-user"
    Index             = "${count.index}"
{% for tag in instance['tags'] %}
    {{tag['key']}}      = "{{tag['value']}}"
{% endfor %}
  }
}

#----------------------------------------------
# DNS
#----------------------------------------------
resource "aws_route53_record" "{{instance['name']}}_dns" {
  # same number of records as instances
  count = "{{instance['count']}}"
  zone_id = "{{ HostedZoneId }}"
  name = "{{instance['name']}}.{{subdomain_base}}."
  type = "A"
  ttl = "900"
  # matches up record N to instance N
  records = ["${element(aws_instance.{{instance['name']}}_host.*.public_ip, count.index)}"]
}

{% endfor %}

 ansible/configs/test-empty-config/files/cloud_providers/terraform_ec2_cloud_template.tfvars.j2

New file
@@ -0,0 +1,2 @@
aws_access_key = "{{ aws_access_key_id }}"
aws_secret_key = "{{ aws_secret_access_key }}"

 ansible/configs/test-empty-config/files/hosts_template.j2

New file
@@ -0,0 +1,32 @@
[frontends]
{% for host in groups['frontends'] %}
frontend{{ loop.index }} ansible_host=app{{ loop.index }}.{{ chomped_zone_internal_dns }}
{% endfor %}

[apps]
{% for host in groups['apps']  %}
app{{ loop.index }} ansible_host=app{{ loop.index }}.{{ chomped_zone_internal_dns }}
{% endfor %}

[appdbs]
{% for host in groups['appdbs'] %}
appdb{{ loop.index }} ansible_host=app{{ loop.index }}.{{ chomped_zone_internal_dns }}
{% endfor %}

[support]
{% for host in groups['support'] %}
support{{ loop.index }} ansible_host=app{{ loop.index }}.{{ chomped_zone_internal_dns }}
{% endfor %}

[threetierapp:children]
frontends
apps
appdbs
support

[threetierapp:vars]
timeout=60
ansible_become=yes
ansible_user={{remote_user}}
ansible_ssh_private_key_file="~/.ssh/{{guid}}key.pem"
ansible_ssh_common_args="-o StrictHostKeyChecking=no"

 ansible/configs/test-empty-config/files/repos_template.j2

New file
@@ -0,0 +1,32 @@
[rhel-7-server-rpms]
name=Red Hat Enterprise Linux 7
baseurl={{own_repo_path}}/rhel-7-server-rpms
enabled=1
gpgcheck=0

[rhel-7-server-rh-common-rpms]
name=Red Hat Enterprise Linux 7 Common
baseurl={{own_repo_path}}/rhel-7-server-rh-common-rpms
enabled=1
gpgcheck=0

[rhel-7-server-extras-rpms]
name=Red Hat Enterprise Linux 7 Extras
baseurl={{own_repo_path}}/rhel-7-server-extras-rpms
enabled=1
gpgcheck=0

[rhel-7-server-optional-rpms]
name=Red Hat Enterprise Linux 7 Optional
baseurl={{own_repo_path}}/rhel-7-server-optional-rpms
enabled=1
gpgcheck=0

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
#gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

 ansible/configs/test-empty-config/post_infra.yml

New file
@@ -0,0 +1,25 @@
- name: Step 002 Post Infrastructure
  hosts: localhost
  connection: local
  become: false
  tags:
    - step002
    - post_infrastructure
  tasks:

    - name: Job Template to launch a Job Template with update on launch inventory set
      uri:
        url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/"
        method: POST
        user: "{{tower_admin}}"
        password: "{{tower_admin_password}}"
        body:
          extra_vars:
            guid: "{{guid}}"
            ipa_host_password: "{{ipa_host_password}}"

        body_format: json
        validate_certs: False
        HEADER_Content-Type: "application/json"
        status_code: 200, 201
      when: tower_run == 'true'

 ansible/configs/test-empty-config/post_software.yml

New file
@@ -0,0 +1,36 @@
- name: Step 00xxxxx post software
  hosts: support
  gather_facts: False
  become: yes
  tasks:
    - debug:
        msg: "Post-Software tasks Started"

- name: Step lab post software deployment
  hosts: bastions
  gather_facts: False
  become: yes
  tags:
    - opentlc_bastion_tasks
  tasks:
    - import_role:
        name: "bastion-opentlc-ipa"
      when: install_ipa_client|bool

    # sssd bug, fixed by restart
    - name: restart sssd
      service:
        name: sssd
        state: restarted
      when: install_ipa_client

- name: PostSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - post_flight_check
  tasks:
    - debug:
        msg: "Post-Software checks completed successfully"

 ansible/configs/test-empty-config/pre_infra.yml

New file
@@ -0,0 +1,23 @@
---
- name: Step 000 Pre Infrastructure
  hosts:        localhost
  connection:   local
  become:       false
  gather_facts: false

  tags:
    - step001
    - pre_infrastructure

  tasks:

    - name: Entering the test-empty-config pre_infra.yml
      debug:
        msg: 
          - Entering the test-empty-config pre_infra.yml

    - name: Exiting the test-empty-config pre_infra.yml
      debug:
        msg: 
          - Exiting the test-empty-config pre_infra.yml
...      

 ansible/configs/test-empty-config/pre_software.yml

New file
@@ -0,0 +1,45 @@
# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }}

- name: Configure all hosts with Repositories, Common Files and Set environment key
  hosts:
    - all:!windows
  become: true
  gather_facts: False
  roles:
    - { role: "set-repositories", when: 'repo_method is defined' }
    - { role: "common", when: 'install_common' }
    - { role: "set_env_authorized_key", when: 'set_env_authorized_key' }
  tags:
    - step004
    - common_tasks

- name: Configuring Bastion Hosts
  hosts: bastions
  become: true
  roles:
    -  { role: "bastion", when: 'install_bastion' }
  tags:
    - step004
    - bastion_tasks

- name: Inject and configure FTL on bastion as grader host
  hosts: bastions
  become: true
  tasks:
    - name: Setup FTL
      include_role:
        name: ftl-injector
  tags:
    - step004
    - ftl-injector  

- name: PreSoftware flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - flight_check
  tasks:
    - debug:
        msg: "Pre-Software checks completed successfully"

 ansible/configs/test-empty-config/requirements.yml

New file
@@ -0,0 +1,6 @@
---
# External role to setup grader host virtualenv and FTL grading infra

- src: https://github.com/redhat-gpte-devopsautomation/ftl-injector
  name: ftl-injector
  version: v0.11

 ansible/configs/test-empty-config/sample_vars.yml

New file
@@ -0,0 +1,39 @@
---
# sample vars configuration file 
#
# This file is passed to ansible-playbook to set key vars which need to be set
# and typically customized for a sucessful deployment.
#
# Usage: ansible-playbook main.yml -e @configs/three-tier-app/sample_vars.yml
#
# Ideally make and keep a copy OUTSIDE your repo, especially if using Cloud Credentials
# Credentials can also be set seperately i.e. ~/secrets.yml and passed in with
# a 2nd `-e` argument i.e. -e ~/secrets.yml

env_type: three-tier-app                # Name of config to deploy
output_dir: /tmp/workdir                # Writable working scratch directory
email: name@example.com                 # User info for notifications

guid: guid01                            # Your Global UNIQUE Identifier
subdomain_base_suffix: .example.opentlc.com   # Your domain used with guid in FQDN

# Path to your yum repos

own_repo_path: http://admin.example.com/repos/version

# Cloud specfic settings - example given here for AWS

cloud_provider: ec2                     # Which AgnosticD Cloud Provider to use
aws_region: us-east-1                   # AWS Region to deploy in
HostedZoneId: Z3IHLWJZOU9SRT            # You will need to change this
key_name: ocpkey                        # Keyname must exist in AWS

# AWS Credentials. These are required (don't sync them to your fork)
#
# Alternatively consider keeping these in an external file and including:
# $ ansible-playbook main.yml -e @configs/three-tier-app/sample.yml -e @~/secret.yml
#
# aws_access_key_id: 
# aws_secret_access_key: 
# ...


 ansible/configs/test-empty-config/software.yml

New file
@@ -0,0 +1,19 @@
---
- name: Step 00xxxxx software
  hosts: localhost
  gather_facts: False
  become: false
  tasks:
    - debug:
        msg: "Software tasks Started"

- name: Software flight-check
  hosts: localhost
  connection: local
  gather_facts: false
  become: false
  tags:
    - post_flight_check
  tasks:
    - debug:
        msg: "Software checks completed successfully"

 ansible/configs/test-empty-config/topology.png