forked from redhat-cop/agnosticd
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdefault_vars_osp.yml
210 lines (177 loc) · 7.05 KB
/
default_vars_osp.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
---
# -------------------------------------------------------------------
# Default Variables for OpenStack
# -------------------------------------------------------------------
# The type of cloud provider this will be deployed to
cloud_provider: osp
# Authenication credentials for OpenStack in order to create the things.
# These should be included with your secrets, but are listed here for reference
# osp_auth_url:
# osp_auth_username:
# osp_auth_password:
# osp_auth_cloud:
# osp_auth_project_domain: #usually set to "default"
# osp_auth_user_domain: #usually set to "default"
# This is an account that must exist in OpenStack.
# It is used to create projects, access, Heat templates
admin_user: opentlc-mgr
# This is the user that Ansible will use to connect to the nodes it is
# configuring from the admin/control host
ansible_user: cloud-user
# -------------------------------------------------------------------
# OpenStack Infrastructure
# -------------------------------------------------------------------
# See cloud_providers/osp_default_vars.yml
# See roles-infra/infra-osp-project-create/defaults/main.yml
# openshift-install will try to pull in a copy of RHCOS for every cluster
# and store it in Glance. These vars will let you override that behaviour
# and use an existing image.
# rhcos_image_name: rhcos-ocp43
# -------------------------------------------------------------------
# OpenStack Project
# -------------------------------------------------------------------
# The name of the project that will be created in OpenStack for the user
osp_project_name: "{{ guid }}-project"
# The name of the cloud where ocp-cluster will be created
osp_cloud_name: "{{ osp_project_name }}"
# Set this to true if you need to create a new project in OpenStack
# This should almost always be set to true for OpenShift installations
# If it is set to false, the {{ osp_project_name }} must already exist and
# should be able to run whatever you are deploying
osp_project_create: true
# Quotas to set for new project that is created
quota_num_instances: 15
quota_num_cores: 72
quota_memory: 163840 # in MB
quota_num_volumes: 25
quota_volumes_gigs: 1000
#quota_loadbalancers: #when Octavia is available
#quota_pool: #when Octavia is available
quota_networks: 3
quota_subnets: 3
quota_routers: 3
quota_fip: 5
quota_sg: 10
quota_sg_rules: 100
# -------------------------------------------------------------------
# OpenStack SWIFT
# -------------------------------------------------------------------
# For OpenShift 4.4 and later the default should be false
# Set to true if you want to use SWIFT for the Registry
osp_use_swift: false
# -------------------------------------------------------------------
# OpenStack Networking
# -------------------------------------------------------------------
# The domain that you want to add DNS entries to
# Should come from the account settings
# osp_cluster_dns_zone: FROMSECRET
# Use Dynamic DNS. Always true
use_dynamic_dns: true
# The dynamic DNS server you will add entries to.
# NOTE: This is only applicable when {{ use_dynamic_dns}} is true
# Should come from the account settings
# osp_cluster_dns_server: FROMSECRET
# Whether to wait for an ack from the DNS servers before continuing
wait_for_dns: true
# Authenticaion for DDNS, Must be set in secrets
# ddns_key_name:
# ddns_key_algorithm: # default value set to: "hmac-md5"
# ddns_secret_name:
# The base domain
# osp_cluster_dns_zone needs to come from secrets
# subdomain_base_suffix: "{{ osp_cluster_dns_zone }}"
ocp4_base_domain: "{{ osp_cluster_dns_zone }}"
# If you are deploying OpenShift, this should be set to the network that you
# want to use and will be used to create security groups.
# It will pull the subnet CIDR from the defined network below, based on the
# name you define for {{ ocp_network }}
ocp_network: "ocp"
ocp_network_subnet_cidr: "{{ networks | json_query(query_subnet_cidr) | first }}"
query_subnet_cidr: "[?name=='{{ ocp_network }}'].subnet_cidr"
# Set this to true if you want a Floating IPs provisioned for
# an OpenShift on OpenStack install
# This will provision an API and Ingress FIP
openshift_fip_provision: true
# This requires DDNS or other DNS solution configured
# If enabled, it will add DNS entries for the API and Ingress FIPs
openshift_fip_dns: true
# The external network in OpenStack where the floating IPs (FIPs) come from
provider_network: external
# Provision Floating IPs for API and Ingress
additional_fips:
ocp_api_fip:
description: "API {{ cluster_name }}.{{ ocp4_base_domain }}"
network: "{{ provider_network }}"
ocp_ingress_fip:
description: "Ingress {{ cluster_name }}.{{ ocp4_base_domain }}"
network: "{{ provider_network }}"
# A list of the private networks and subnets to create in the project
# You can create as many as you want, but at least one is required.
# Use the name of the networks where appropriate in the instance list
networks:
- name: ocp
shared: "false"
subnet_cidr: 192.168.47.0/24
gateway_ip: 192.168.47.1
allocation_start: 192.168.47.10
allocation_end: 192.168.47.254
dns_nameservers: []
create_router: true
# Security groups and associated rules. This will be provided
#when the Heat template is generated separate groups and rules
security_groups:
- name: bastion_sg
description: Bastion security group allows basic icmp and SSH ingress and egress to *
rules:
- protocol: icmp
direction: ingress
- protocol: tcp
direction: ingress
port_range_min: 22
port_range_max: 22
remote_ip_prefix: 0.0.0.0/0
# -------------------------------------------------------------------
# OpenStack Instances
# -------------------------------------------------------------------
# Bastion Configuration
bastion_instance_type: "2c2g30d"
bastion_instance_image: rhel-8.2
# Root Filesystem Size
bastion_rootfs_size: 30
# Instance Types to be passed to OpenShift Installer
master_instance_type: 4c16g30d
worker_instance_type: 4c16g30d
# -------------------------------------------------------------------
# OpenStack Glance Image
# -------------------------------------------------------------------
# If this variable is set then platform.openstack.clusterOSImage will be set
# to the value of the variable. The image will need to exist in Glance
# If this variable is not set then the IPI installer will download the
# correct image (in QCOW2 format) and upload to glance.
#rhcos_image_name: rhcos-ocp45
# Instances to be provisioned in new project
# Provide these as a list.
# Each instance type can have any number of replicas deployed with the same
# configuration.
# Metadata in OpenStack is equivelent to tags in AWS
# These instances will be created with Cinder persistent volumes
instances:
- name: bastion
count: 1
unique: true
alt_name: bastion
image_id: "{{ bastion_instance_image }}"
floating_ip: true
flavor:
osp: "{{ bastion_instance_type }}"
metadata:
- AnsibleGroup: "bastions"
- function: bastion
- user: "{{ student_name }}"
- project: "{{ project_tag }}"
- ostype: linux
- Purpose: "{{ purpose }}"
rootfs_size: "{{ bastion_rootfs_size }}"
network: ocp
security_groups:
- bastion_sg