--- ## TODO: What variables can we strip out of here to build complex variables? ## i.e. what can we add into group_vars as opposed to config_vars? ## Example: We don't really need "subdomain_base_short". If we want to use this, ## should just toss in group_vars/all. ### Also, we should probably just create a variable reference in the README.md ### For now, just tagging comments in line with configuration file. ### Vars that can be removed use_own_repos: false ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT ###### OR PASS as "-e" args to ansible-playbook command ### Common Host settings repo_method: rhn # Other Options are: file, satellite and rhn repo_version: "3.5" # Do you want to run a full yum update update_packages: true ## guid is the deployment unique identifier, it will be appended to all tags, ## files and anything that identifies this environment from another "just like it" guid: defaultguid install_bastion: true install_common: true install_ipa_client: false ############# vars needed for satellite config ############# install_satellite: True configure_satellite: True #rhel_subscription_user: "{{ rhn_username }}" #rhel_subscription_pass: "{{ rhn_password }}" satellite_admin: admin satellite_admin_password: r3dh4t1! # repo_pool_ids: # - 8a85f98460bfb0470160c2ff22f13e47 rhn_pool_id_string: "Employee SKU" ## SB Don't set software_to_deploy from here, always use extra vars (-e) or "none" will be used #software_to_deploy: none repo_version: "3.6" # osrelease: 3.6 ### If you want a Key Pair name created and injected into the hosts, # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` # you can use the key used to create the environment or use your own self generated key # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) use_own_key: true env_authorized_key: "{{guid}}key" ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem set_env_authorized_key: true # Is this running from Red Hat Ansible Tower tower_run: false ### AWS EC2 Environment settings ### Route 53 Zone ID (AWS) # This is the Route53 HostedZoneId where you will create your Public DNS entries # This only needs to be defined if your CF template uses route53 HostedZoneId: Z3IHLWJZOU9SRT # The region to be used, if not specified by -e in the command line aws_region: ap-southeast-2 # The key that is used to key_name: "default_key_name" ## Networking (AWS) subdomain_base_short: "{{ guid }}" subdomain_base_suffix: ".example.opentlc.com" subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" ## Environment Sizing bastion_instance_type: "t2.medium" satellite_instance_count: 1 satellite_instance_type: "t2.large" subnets: - name: PublicSubnet cidr: "192.168.1.0/24" routing_table: true security_groups: - name: BastionSG rules: - name: BasSSHPublic description: "SSH public" from_port: 22 to_port: 22 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatelliteSG rules: - name: BastionUDPPorts description: "Only from bastion" from_port: 0 to_port: 65535 protocol: udp group: BastionSG rule_type: Ingress - name: BastionTCPPorts description: "Only from bastion" from_port: 0 to_port: 65535 protocol: tcp group: BastionSG rule_type: Ingress - name: SatSSHPublic description: "SSH public" from_port: 22 to_port: 22 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatHTTPPorts description: "HTTP Public" from_port: 80 to_port: 80 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatHTTPSPorts description: "HTTPS Public" from_port: 443 to_port: 443 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatKatello5646Ports description: "Katello/qpid Public" from_port: 5646 to_port: 5646 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatKatello5647Ports description: "Katello/qpid Public" from_port: 5647 to_port: 5647 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatamqpPorts description: "amqp Public" from_port: 5671 to_port: 5671 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatPuppetPorts description: "Puppet Public" from_port: 8140 to_port: 8140 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatForemanPorts description: "Foreman Smart Proxy Public" from_port: 9090 to_port: 9090 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatDNSTCPPorts description: "DNS Public" from_port: 53 to_port: 53 protocol: tcp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatDNSUDPPorts description: "DNS Public" from_port: 53 to_port: 53 protocol: udp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatDHCP67Ports description: "DHCP Public" from_port: 67 to_port: 67 protocol: udp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatDHCP68Ports description: "DHCP Public" from_port: 68 to_port: 68 protocol: udp cidr: "0.0.0.0/0" rule_type: Ingress - name: SatTFTPPorts description: "TFTP Public" from_port: 69 to_port: 69 protocol: udp cidr: "0.0.0.0/0" rule_type: Ingress instances: - name: "bastion" count: 1 unique: true public_dns: true dns_loadbalancer: true security_groups: - BastionSG flavor: ec2: "{{bastion_instance_type}}" tags: - key: "AnsibleGroup" value: "bastions" - key: "ostype" value: "linux" subnet: PublicSubnet - name: "satellite" count: "{{satellite_instance_count}}" public_dns: true security_groups: - SatelliteSG flavor: "ec2": "{{satellite_instance_type}}" tags: - key: "AnsibleGroup" value: "satellites" - key: "ostype" value: "rhel" key_name: "{{key_name}}" ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT ###### You can, but you usually wouldn't need to. ansible_user: ec2-user remote_user: ec2-user common_packages: - python - unzip - bash-completion - tmux - wget - git - vim-enhanced - at - python27-python-pip - bind-utils # Install_bastion role will install mosh #- mosh rhel_repos: - rhel-7-server-rpms - rhel-server-rhscl-7-rpms - rhel-7-server-satellite-6.4-rpms - rhel-7-server-satellite-maintenance-6-rpms - rhel-7-server-ansible-2.6-rpms - rhel-7-server-extras-rpms project_tag: "{{ env_type }}-{{ guid }}" zone_internal_dns: "{{guid}}.internal." chomped_zone_internal_dns: "{{guid}}.internal" bastion_public_dns: "bastion.{{subdomain_base}}." bastion_public_dns_chomped: "bastion.{{subdomain_base}}" vpcid_cidr_block: "192.168.0.0/16" vpcid_name_tag: "{{subdomain_base}}" az_1_name: "{{ aws_region }}a" az_2_name: "{{ aws_region }}b" subnet_private_1_cidr_block: "192.168.2.0/24" subnet_private_1_az: "{{ az_2_name }}" subnet_private_1_name_tag: "{{subdomain_base}}-private" subnet_private_2_cidr_block: "192.168.1.0/24" subnet_private_2_az: "{{ az_1_name }}" subnet_private_2_name_tag: "{{subdomain_base}}-private" subnet_public_1_cidr_block: "192.168.10.0/24" subnet_public_1_az: "{{ az_1_name }}" subnet_public_1_name_tag: "{{subdomain_base}}-public" subnet_public_2_cidr_block: "192.168.20.0/24" subnet_public_2_az: "{{ az_2_name }}" subnet_public_2_name_tag: "{{subdomain_base}}-public" dopt_domain_name: "{{ aws_region }}.compute.internal" rtb_public_name_tag: "{{subdomain_base}}-public" rtb_private_name_tag: "{{subdomain_base}}-private" cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " # Cloudformation template selection stack_file: default secret_dir: "~/secrets"