-
Notifications
You must be signed in to change notification settings - Fork 497
/
default_vars_ec2.yml
140 lines (128 loc) · 3.39 KB
/
default_vars_ec2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
---
### AWS EC2 Environment settings
### Route 53 Zone ID (AWS)
aws_region: us-east-1
# The key that is used to
## Networking (AWS)
subdomain_base_short: "{{ guid }}"
subdomain_base_suffix: ".example.opentlc.com"
subdomain_base: "{{ subdomain_base_short }}{{ subdomain_base_suffix }}"
zone_internal_dns: "{{ guid }}.internal."
chomped_zone_internal_dns: "{{ guid }}.internal"
## Environment Sizing
# Instance Type
__instance_type: "t2.medium"
#bastion_instance_type: "t2.medium"
# Image ID
# __image: RHELAMI
__image: RHEL8-default
security_groups:
- name: FrontendSG
rules:
- name: FrontHTTPPorts
description: "HTTP Public"
from_port: 80
to_port: 80
protocol: tcp
cidr: "0.0.0.0/0"
rule_type: Ingress
- name: WebSG
rules:
- name: HTTPPorts
description: "HTTP Public"
from_port: 80
to_port: 80
protocol: tcp
cidr: "0.0.0.0/0"
rule_type: Ingress
- name: HTTPSPorts
description: "HTTP Public"
from_port: 443
to_port: 443
protocol: tcp
cidr: "0.0.0.0/0"
rule_type: Ingress
- name: HostSG
rules:
- name: FromHostSG
description: "Allow everything from HostSG nodes"
from_port: 0
to_port: 65535
protocol: -1
from_group: HostSG
rule_type: Ingress
instances:
- name: bastion
count: 1
unique: true
public_dns: true
dns_loadbalancer: true
floating_ip: true
image: "{{ bastion_instance_image | default(__image) }}"
flavor:
ec2: "{{ bastion_instance_type | default(__instance_type) }}"
tags:
- key: "AnsibleGroup"
value: "bastions"
- key: "ostype"
value: "linux"
- key: "instance_filter"
value: "{{ env_type }}-{{ email }}"
rootfs_size: "{{ rootfs_size_bastion | default(50) }}"
security_groups:
- BastionSG
- WebSG # For code server
- name: "frontend"
count: "{{ frontend_instance_count | default(1) }}"
public_dns: true
dns_loadbalancer: false
image: "{{ frontend_instance_image | default(__image) }}"
flavor:
ec2: "{{ frontend_instance_type | default(__instance_type) }}"
tags:
- key: "AnsibleGroup"
value: "frontends"
- key: "ostype"
value: "linux"
- key: "instance_filter"
value: "{{ env_type }}-{{ email }}"
security_groups:
- DefaultSG
- FrontendSG
- HostSG
- BastionSG
- name: "app"
count: "{{ app_instance_count | default(2) }}"
public_dns: true
image: "{{ app_instance_image | default(__image) }}"
flavor:
ec2: "{{ app_instance_type | default(__instance_type) }}"
tags:
- key: "AnsibleGroup"
value: "apps"
- key: "ostype"
value: "rhel"
- key: "instance_filter"
value: "{{ env_type }}-{{ email }}"
security_groups:
- DefaultSG
- HostSG
- BastionSG
- name: "appdb"
count: "{{ appdb_instance_count | default(1) }}"
public_dns: true
image: "{{ appdb_instance_image | default(__image) }}"
flavor:
ec2: "{{ appdb_instance_type | default(__instance_type) }}"
tags:
- key: "AnsibleGroup"
value: "appdbs"
- key: "ostype"
value: "rhel"
- key: "instance_filter"
value: "{{ env_type }}-{{ email }}"
security_groups:
- DefaultSG
- HostSG
- BastionSG
...