I am unfamiliar with how administrators structure their inventories and playbooks with respect to roles that run against multiple hosts as a group.  We have two new system roles - vpn and ha_cluster - that will be used to set up associations among several hosts - that is - hosts will have to know about and use information about some of the other hosts in the inventory.

Here is a proposal which assumes the user wants to set up everything in the inventory, and the playbooks are more or less static.

Note that this does not preclude the ability of users to set up everything by editing playbooks instead of inventory, and passing in parameters in the `roles` or `include_role` using `vars`.

I would really like to get some feedback about how sysadmins will use these roles in a real production environment, using Ansible Tower or Satellite or ???

https://gist.github.com/richm/59d2dd6df7ae6760a7f06550696c9351