1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
### Deployment Type
openshift_deployment_type: origin
openshift_master_cluster_method: "native"
openshift_release: "v3.7.2"
#openshift_image_tag: "v3.7.2"
# Still not available
openshift_metrics_image_version: "v3.7.1"
#containerized: true
containerized: false
os_firewall_use_firewalld: true
#Recommended to avoid: No package matching 'origin-docker-excluder-1.5.0*' found available
#enable_excluders: false
#enable_docker_excluder: false
### Versions
#system packages
#etcd_version="3.1.0"
#docker_version="1.12.1"
#for some package only latest is available
#openshift_pkg_version=-3.7.0
#openshift_cockpit_deployer_version=latest
#openshift_metrics_image_prefix=docker.io/openshift/origin-
#openshift_metrics_image_version=v3.7.1
#openshift_logging_image_prefix=docker.io/openshift/origin-
#openshift_logging_image_version=v3.7.0
#openshift_service_catalog_image_prefix=docker.io/openshift/origin-
openshift_service_catalog_image_version: v3.7
#template_service_broker_version='v3.7'
#ansible_service_broker_image_prefix: ansibleplaybookbundle/
#ansible_service_broker_registry_url: "registry.access.redhat.com"
ansible_service_broker_etcd_image_tag: v3.2
osm_controller_args: {'feature-gates': ['PersistentLocalVolumes=true']}
osm_api_server_args: {'feature-gates': ['PersistentLocalVolumes=true']}
openshift_node_kubelet_args: {'feature-gates': ['PersistentLocalVolumes=true']}
#openshift_node_kubelet_args: {'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['80']}
### Network & DNS configuration
openshift_master_cluster_hostname: "{{ ands_use_inner_lb | ternary(ands_inner_lb_fqdn, ands_openshift_lb) }}"
openshift_master_cluster_public_hostname: "{{ ands_openshift_lb }}"
openshift_master_default_subdomain: "{{ ands_openshift_subdomain | default(ands_openshift_lb) }}"
openshift_master_ingress_ip_network_cidr: "{{ ands_openshift_ingress_network }}"
openshift_master_external_ip_network_cidrs: "{{ ands_openshift_external_network }}"
#openshift_portal_net:
#osm_host_subnet_length:
# we may need to put conditionals here (except _ip). Currently values set to '' if undifined (OpenShift uses None which is equivalent in ansible)
openshift_ip: "{{ ands_openshift_ip }}"
openshift_public_ip: "{{ ands_openshift_public_ip }}"
openshift_hostname: "{{ ands_openshift_set_hostname | ternary(ands_openshift_fqdn, ands_none) }}"
openshift_public_hostname: "{{ ands_openshift_set_public_hostname | ternary(ands_openshift_public_fqdn, ands_none) }}"
#Check configuration to fight dynamic IPs
# We have per node DNS, so it is not necessary to use vips here.
# This overrides default in roles/openshift_node/defaults which sets dns_ip to: ansible_default_ipv4['address']
openshift_dns_ip: "{{ openshift_ip }}"
openshift_set_node_ip: true
### Node configuration
openshift_schedulable: true
openshift_node_labels: "{{ ands_openshift_labels }}"
#openshift_hosted_infra_selector: "region=infra"
# Fine tunning
openshift_master_pod_eviction_timeout: 30s
### Authentication
openshift_master_identity_providers: [{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_master_htpasswd_users: {'pdv': '$apr1$ACvj6uUa$Nm1Vq8hZq3RzTtaYpAHv01', 'csa': '$apr1$IqEwdnzy$UAdd8ZSFnXommBbj29w3c0'}
### Certificates & Security
openshift_ca_cert_expire_days: 3650
openshift_hosted_registry_cert_expire_days: 3650
openshift_node_cert_expire_days: 3650
openshift_master_cert_expire_days: 3650
etcd_ca_default_days: 3650
### Docker
# log_driver is currently ignored for some reason
openshift_docker_log_driver: "json-file"
openshift_docker_log_options: [ max-size=2m, max-file=3 ]
openshift_docker_options: --log-driver json-file
#openshift_docker_options: --log-opt max-size=2m --log-opt max-file=3
### Registry
openshift_hosted_registry_storage_kind: glusterfs
openshift_hosted_registry_storage_class: glusterfs-storage
openshift_hosted_registry_storage_volume_size: "{{ ands_registry_volume_size }}"
# By default dynamic provisioning is not used. The 'openshift_persistent_volumes' role creates pvc/pv pair if the following
# variables set. The volumes are called 'registry-claim' and 'registry-volume'. The 'openshift_storage_glusterfs' creates
# the corresponding volume using heketi (this can't be disabled, so we patched to skip if openshift_hosted_registry_storage_class set).
# Finally, 'openshift_hosted' role creates the corresponding endpoints (this only happens if ..._ips are set).
# Alternative is triggered if 'openshift_hosted_registry_storage_glusterfs_swap' is set. The 'openshift_persistent_volumes' creates
# registry-glusterfs-claim/registry-volume pair. 'openshift_hosted' role, then, tries first to copy data from the current volume, but
# this path is pretty much broken.
# I have introduced 'openshift_hosted_registry_storage_class' and blocked if it set creatin of above-said components which are not
# possible to disable with variable bellow. Furthermore, I added a simple 'pvc' based on dynamic provisioning to 'openshift_persistent_volumes'.
openshift_hosted_registry_storage_create_pv: false
openshift_hosted_registry_storage_create_pvc: false
# This is an alternative to go standard way. All above should be commented, then.
# volume size should be given as plain number (without G) if we go without 'sc'.
#openshift_hosted_registry_storage_glusterfs_path: openshift_registry
#openshift_hosted_registry_storage_glusterfs_ips: "{{ openshift_storage_nodes }}"
### Dynamic Storage
openshift_storage_glusterfs_image: chsa/gluster-centos
openshift_storage_glusterfs_version: "{{ glusterfs_version }}"
#Either 6 corresponds to latest
#openshift_storage_glusterfs_heketi_version: 6
#Only latest
#openshift_storage_glusterfs_block_version: latest
#openshift_storage_glusterfs_storageclass: True
#openshift_storage_glusterfs_storageclass_default: False
#openshift_storage_glusterfs_version: '3.12.6' # Latest 3.10.1
#openshift_storage_glusterfs_is_native: True
#openshift_storage_glusterfs_is_native: False
#openshift_storage_glusterfs_is_missing: False
#openshift_storage_glusterfs_heketi_is_native: True
#openshift_storage_glusterfs_heketi_url:
#openshift_storage_glusterfs_heketi_is_missing: False
#openshift_storage_glusterfs_heketi_executor: 'ssh'
#openshift_storage_glusterfs_heketi_ssh_port: 22
#openshift_storage_glusterfs_heketi_ssh_user: 'root'
#openshift_storage_glusterfs_heketi_ssh_keyfile: "{{ omit }}"
# Block Storage
openshift_storage_glusterfs_block_storageclass: True
openshift_storage_glusterfs_block_storageclass_default: False
openshift_storage_glusterfs_block_host_vol_size: 512
openshift_storage_glusterfs_block_host_vol_max: 8
### Modules & Configuration
openshift_master_dynamic_provisioning_enabled: true
#openshift_metrics_install_metrics: false
openshift_metrics_install_metrics: true
openshift_metrics_storage_kind: dynamic
openshift_metrics_cassanda_pvc_storage_class_name: glusterfs-storage
#openshift_metrics_storage_volume_size:
#openshift_metrics_hawkular_hostname: https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics
#Problematic and resource intensive
#openshift_logging_install_logging: true
#openshift_logging_storage_kind: dynamic
#openshift_logging_es_pvc_storage_class_name: glusterfs-storage # Does not work
#openshift_logging_es_pvc_size: 1Gi
#openshift_master_logging_public_url:
#Catalog services
#openshift_enable_service_catalog: false
#ansible_service_broker_install: false
#openshift_hosted_etcd_storage_kind
#openshift_hosted_etcd_storage_volume_size
openshift_install_examples: true
# Required for IPFailover
openshift_clock_enabled: true
|