| commit | author | age | ||
| 1874b6 | 1 | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| GC | 2 | ###### OR PASS as "-e" args to ansible-playbook command |
| 3 | ||
| 4 | ### Common Host settings | |
| 5 | # Repo Method. One of file, satellite and rhn | |
| 6 | repo_method: file | |
| 7 | ||
| 8 | #If using repo_method: satellite, you must set these values as well. | |
| 9 | # satellite_url: satellite.example.com | |
| 10 | # satellite_org: Sat_org_name | |
| 11 | # satellite_activationkey: "rhel7basic" | |
| 12 | ||
| 13 | # Do you want to run a full yum update | |
| 14 | update_packages: false | |
| 15 | ||
| 16 | ## guid is the deployment unique identifier, it will be appended to all tags, | |
| 17 | ## files and anything that identifies this environment from another "just like it" | |
| 18 | #guid: defaultguid | |
| 19 | ||
| 20 | # The next flag is 1 by default. If it is set to more than 1 then instead of creating | |
| 21 | # clientvm.guid.baseurl it will create clientvm{1..num_users}.guid.baseurl | |
| 22 | num_users: 1 | |
| 23 | install_bastion: true | |
| 24 | install_common: true | |
| 25 | install_opentlc_integration: true | |
| 26 | install_ipa_client: false | |
| 27 | install_student_user: false | |
| 28 | ||
| cdff19 | 29 | # install openshift python modules on bastion |
| GC | 30 | install_k8s_modules: true |
| 31 | ||
| 1874b6 | 32 | ## Automatically deploy ocp4 cluster using the installer |
| cdff19 | 33 | install_ocp4: true |
| 397be9 | 34 | ocp4_installer_version: "v0.16.1" |
| 1874b6 | 35 | oc_client_version: "4.0.22" |
| GC | 36 | cluster_name: "cluster-{{ guid }}" |
| 37 | ||
| 38 | # Smoke tests | |
| 39 | # if set to true, the playbook will fail if the smoke tests failed. | |
| 40 | # if set to false, the smoke tests are just informative. | |
| 41 | smoke_tests: false | |
| 42 | ||
| 43 | ## Install Authentication. | |
| 44 | ## Valid options are none, htpasswd, ldap (and maybe in the future sso) | |
| 45 | ## For LDAP a bindPassword needs to be passed via the command line | |
| 46 | install_idm: "none" | |
| 47 | idm_ca_url: http://ipa.opentlc.com/ipa/config/ca.crt | |
| 48 | ||
| 49 | ### If you want a Key Pair name created and injected into the hosts, | |
| 50 | # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` | |
| 51 | # you can use the key used to create the environment or use your own self generated key | |
| 52 | # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) | |
| 53 | ||
| 54 | use_own_key: true | |
| 55 | env_authorized_key: "{{guid}}key" | |
| 56 | ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem | |
| 57 | set_env_authorized_key: true | |
| 58 | ||
| 59 | # Is this running from Red Hat Ansible Tower | |
| 60 | #tower_run: false | |
| 61 | ||
| 62 | ### AWS EC2 Environment settings | |
| 63 | ||
| 64 | ### Route 53 Zone ID (AWS) | |
| 65 | # This is the Route53 HostedZoneId where you will create your Public DNS entries | |
| 66 | # This only needs to be defined if your CF template uses route53 | |
| 67 | HostedZoneId: Z3IHLWJZOU9SRT | |
| 68 | # The region to be used, if not specified by -e in the command line | |
| 69 | aws_region: us-east-1 | |
| 70 | # The key that is used to | |
| 71 | key_name: "default_key_name" | |
| 72 | ||
| 73 | ## Networking (AWS) | |
| 74 | subdomain_base_short: "{{ guid }}" | |
| 75 | subdomain_base_suffix: ".example.opentlc.com" | |
| 76 | subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" | |
| 77 | ||
| 78 | ## OCP 4 Environment Sizing | |
| 79 | ||
| 80 | clientvm_instance_type: "t2.medium" | |
| 81 | ||
| 932f68 | 82 | master_instance_type: "m4.xlarge" |
| 1874b6 | 83 | master_instance_count: 3 |
| 801d55 | 84 | master_storage_type: "gp2" |
| 8d2476 | 85 | worker_instance_type: "m4.4xlarge" |
| 1874b6 | 86 | worker_instance_count: 3 |
| 801d55 | 87 | worker_storage_type: "gp2" |
| 1874b6 | 88 | |
| GC | 89 | # Enable Default Workloads. REQUIRES Ansible 2.7+ on the deployer host |
| 43f335 | 90 | default_workloads: |
| 1b376e | 91 | - ocp4-workload-infra-nodes |
| 606d8f | 92 | - ocp4-workload-project-request-template |
| 43f335 | 93 | - ocp4-workload-enable-service-broker |
| WK | 94 | - ocp4-workload-template-service-broker |
| 95 | - ocp-workload-terminal | |
| 1b376e | 96 | - ocp4-workload-automation-broker |
| WK | 97 | - ocp4-workload-logging |
| 43f335 | 98 | #- ocp4-workload-userquota-operator |
| b874c6 | 99 | # Let's Encrypt Certificates don't work in shared accounts (Acme writes verfication TXT entry into |
| WK | 100 | # ocp4.opentlc.com rather than GUID.ocp4.opentlc.com). Certs do work on Sandboxed accounts. |
| 101 | #- ocp4-workload-enable-lets-encrypt-certificates | |
| 1874b6 | 102 | |
| 606d8f | 103 | # Variables for default workloads. Ultimately these will be parameters to the workloads but for now they are global |
| WK | 104 | _infra_node_replicas: 1 |
| 8d2476 | 105 | _infra_node_instance_type: "m4.4xlarge" |
| 606d8f | 106 | _logging_use_infra_nodes: True |
| WK | 107 | _logging_elasticsearch_replicas: "{{ _infra_node_replicas }}" |
| 108 | _logging_wait_for_deployment: False | |
| 109 | ||
| 1874b6 | 110 | ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT |
| GC | 111 | |
| 112 | ansible_user: ec2-user | |
| 113 | remote_user: ec2-user | |
| 114 | ||
| 115 | common_packages: | |
| 116 | - python | |
| 117 | - unzip | |
| 118 | - bash-completion | |
| 119 | - tmux | |
| 120 | - bind-utils | |
| 121 | - wget | |
| 122 | - ansible | |
| 123 | - git | |
| 124 | - vim-enhanced | |
| 125 | - iptables-services | |
| 126 | - httpd-tools | |
| 127 | ||
| 128 | rhel_repos: | |
| 129 | - rhel-7-server-rpms | |
| 130 | - rhel-7-server-extras-rpms | |
| 190660 | 131 | - rhel-7-server-ansible-2.7-rpms |
| 1874b6 | 132 | - rhel-7-server-optional-rpms |
| GC | 133 | |
| 134 | # use_subscription_manager: false | |
| 135 | # use_own_repos: true | |
| 136 | # | |
| 137 | rhn_pool_id_string: OpenShift Container Platform | |
| 138 | ||
| 139 | ### CLOUDFORMATIONS vars | |
| 140 | ||
| 141 | project_tag: "{{ env_type }}-{{ guid }}" | |
| 142 | ||
| 143 | zone_internal_dns: "{{guid}}.internal." | |
| 144 | chomped_zone_internal_dns: "{{guid}}.internal" | |
| 145 | ||
| 146 | bastion_public_dns: "bastion.{{subdomain_base}}." | |
| 147 | bastion_public_dns_chomped: "bastion.{{subdomain_base}}" | |
| 148 | vpcid_name_tag: "{{subdomain_base}}" | |
| 149 | ||
| 150 | az_1_name: "{{ aws_region }}a" | |
| 151 | az_2_name: "{{ aws_region }}b" | |
| 152 | ||
| 153 | # subnet_private_1_cidr_block: "192.168.2.0/24" | |
| 154 | # subnet_private_1_az: "{{ az_2_name }}" | |
| 155 | # subnet_private_1_name_tag: "{{subdomain_base}}-private" | |
| 156 | # | |
| 157 | # subnet_private_2_cidr_block: "192.168.1.0/24" | |
| 158 | # subnet_private_2_az: "{{ az_1_name }}" | |
| 159 | # subnet_private_2_name_tag: "{{subdomain_base}}-private" | |
| 160 | # | |
| 161 | # subnet_public_1_cidr_block: "192.168.10.0/24" | |
| 162 | # subnet_public_1_az: "{{ az_1_name }}" | |
| 163 | # subnet_public_1_name_tag: "{{subdomain_base}}-public" | |
| 164 | # | |
| 165 | # subnet_public_2_cidr_block: "192.168.20.0/24" | |
| 166 | # subnet_public_2_az: "{{ az_2_name }}" | |
| 167 | # subnet_public_2_name_tag: "{{subdomain_base}}-public" | |
| 168 | # | |
| 169 | # dopt_domain_name: "{{ aws_region }}.compute.internal" | |
| 170 | # | |
| 171 | # rtb_public_name_tag: "{{subdomain_base}}-public" | |
| 172 | # rtb_private_name_tag: "{{subdomain_base}}-private" | |
| 173 | # | |
| 174 | # cf_template_description: "{{ env_type }}-{{ guid }} template " | |
| 175 | ||
| 176 | # cloudformation_retries: 2 | |
| 177 | # ocp_report: false | |
| 178 | ||
| 179 | instances: | |
| 180 | - name: "clientvm" | |
| 181 | count: "{{num_users}}" | |
| 182 | unique: yes | |
| 183 | public_dns: true | |
| 184 | alt_name: bastion | |
| 185 | flavor: | |
| 186 | "ec2": "{{clientvm_instance_type}}" | |
| 187 | tags: | |
| 188 | - key: "AnsibleGroup" | |
| 189 | value: "bastions,clientvms" | |
| 190 | - key: "ostype" | |
| 191 | value: "linux" | |
| 192 | rootfs_size: 30 | |
| 193 | security_groups: | |
| 194 | - BastionSG | |
