First, launchcluster exports region variables, keypair name, mgmt ip, bastion_id, and 3 zones, then launches stage 1
stage one does pre_tasks, creating region config and eip if needed, then updating vpn ip.
then stage 1 runs 1 role:
launch cloudformation which changes the id of each dmz and private instance to a custom ip, to make it easier to work with. It does this with the fact attrtibute. As a sibling, these tasks have a json that describes zones, sshlocation, owner, CIDR, and our 6 servers in VPC, and mappings...?etc...
stage 2 declares some vars, runs include_vars as a pre_task, then runs 2 roles:
ec2-provision groups:
ec2-provision-bastion:
then stage2 configures the natvpn, then includes vars again, then runs 4 roles:
webmin:
iptables:
makevpn:
vpnusers:
stage 3 declares some vars, and does pre-tasks: include vars, assign elastic ip, NAT Oregon private networks.
then stage 3 runs 1 role:
ec2-provision-ecs:
DestroyCluster uses teardown.yml which runs these tasks:
ec2.py is huge...is it boilerplate? ditto ec2.ini
apparently unused roles (did I miss them or are they glimpses of the future?): snap-ami, users