commit | author | age
|
44652b
|
1 |
###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
NS |
2 |
###### OR PASS as "-e" args to ansible-playbook command |
|
3 |
|
|
4 |
# This config was written with the expectation of using python3 |
|
5 |
# Several of the roles that it depends on only work with python2, |
|
6 |
# so they had to be modified to handle python3 as well. Use this |
|
7 |
# var so that it is passed along and influences how those roles run. |
|
8 |
all_use_python3: true |
|
9 |
|
|
10 |
# This is an account that must exist in OpenStack. |
|
11 |
# It is used to create projects, access, Heat templates |
|
12 |
admin_user: opentlc-mgr |
|
13 |
|
|
14 |
# Authenication credentials for OpenStack in order to create the things. |
|
15 |
# These should be included with your secrets, but are listed here for reference |
|
16 |
# osp_auth_url: |
|
17 |
# osp_auth_username: |
|
18 |
# osp_auth_password: |
|
19 |
# osp_auth_cloud: |
|
20 |
# osp_auth_project_domain: #usually set to "default" |
|
21 |
# osp_auth_user_domain: #usually set to "default" |
|
22 |
|
|
23 |
# The output_dir holds all of the files generated during the deployment |
|
24 |
# This includes generated Heat templates, SSH config, SSH keys |
|
25 |
# This must be an absolute path and no vars (like $HOME or ~) |
|
26 |
output_dir: /tmp/output_dir |
|
27 |
|
|
28 |
# The name of the agnosticd config to deploy |
|
29 |
env_type: osp-sandbox |
|
30 |
|
|
31 |
# The {{ guid }} is used everywhere and it is what differentiates otherwise |
|
32 |
# identical environments. Make this unique. Usually they are 4 characters, but |
|
33 |
# it can be any reasonablre length. |
|
34 |
guid: mydefault |
|
35 |
|
|
36 |
# The name of the project that will be created in OpenStack for the user |
|
37 |
osp_project_name: "{{ guid }}-project" |
|
38 |
|
|
39 |
# Set this to true if you need to create a new project in OpenStack |
|
40 |
# This should almost always be set to true for OpenShift installations |
|
41 |
# If it is set to false, the {{ osp_project_name }} must already exist and |
|
42 |
# should be able to run whatever you are deploying |
|
43 |
osp_project_create: true |
|
44 |
|
|
45 |
# Used to add metadata (tags) to OpenStack objects created |
|
46 |
project_tag: "{{ env_type }}-{{ guid }}" |
|
47 |
|
|
48 |
# Why is this config being deployed? |
|
49 |
# Some valid: development, ilt, production, event |
|
50 |
purpose: development |
|
51 |
|
|
52 |
# The type of cloud provider this will be deployed to |
|
53 |
cloud_provider: osp |
|
54 |
|
|
55 |
# This should be overwritten based on the user ordering the catalog item |
|
56 |
# It will be used by the bastion-student-user role and created on the bastion |
|
57 |
student_name: lab-user |
|
58 |
|
|
59 |
# Enable this if you want to create a user on the bastion |
|
60 |
# Mutually exclusive with {{ install_ipa_client }} |
|
61 |
install_student_user: true |
|
62 |
|
|
63 |
# Enable this if you want to use IPA for user authentication. |
|
64 |
# Mutually exclusive with {{ install_student_user }} |
|
65 |
install_ipa_client: false |
|
66 |
|
|
67 |
# TODO: What does this really do besides run the role? |
|
68 |
set_env_authorized_key: true |
|
69 |
env_authorized_key: "{{guid}}key" |
|
70 |
key_name: "default_key_name" |
|
71 |
|
|
72 |
# This is the user that Ansible will use to connect to the nodes it is |
|
73 |
# configuring from the admin/control host |
|
74 |
ansible_user: cloud-user |
|
75 |
remote_user: cloud-user |
|
76 |
|
|
77 |
# Run the bastion-lite role |
|
78 |
install_bastion: false |
|
79 |
|
|
80 |
# TODO: Decide on whether to use sat or give access to repos directly with key |
|
81 |
# This will tell Agnosticd to use either: |
|
82 |
# sattelite, rhn, or file for repos |
|
83 |
repo_method: file |
|
84 |
# If using satellite, these are needed: |
|
85 |
# satellite_url: satellite.opentlc.com |
|
86 |
# satellite_activationkey: # This should be stored in secrets |
|
87 |
# satellite_org: # This should be stored in secrets |
|
88 |
# use_content_view: true |
|
89 |
# If using file, these are needed in addition to the repos_template.j2 file: |
|
90 |
osrelease: 4.2.0 |
|
91 |
repo_version: '4.2' |
|
92 |
own_repo_path: # Should be defined in secrets |
|
93 |
|
|
94 |
# Packages to install on all of the hosts deployed as part of the agnosticd config |
|
95 |
# This invokes the "common" role |
|
96 |
install_common: true |
|
97 |
|
|
98 |
# As part of the "common" role, this cause it to do a yum update on the host |
|
99 |
update_packages: true |
|
100 |
|
|
101 |
# The packages that will be installed by the "common" role. Only put things |
|
102 |
# in this list that are needed, stable, and useful on every node. |
|
103 |
common_packages: |
|
104 |
- unzip |
|
105 |
- bash-completion |
|
106 |
- tmux |
|
107 |
- bind-utils |
|
108 |
- wget |
|
109 |
- ansible |
|
110 |
- git |
|
111 |
- vim-enhanced |
|
112 |
- httpd-tools |
|
113 |
- openldap-clients |
|
114 |
- podman |
|
115 |
- tree |
|
116 |
|
|
117 |
# This will run in the post_software phase and run playbooks in the |
|
118 |
# software_playbooks directory |
|
119 |
software_to_deploy: none |
|
120 |
|
|
121 |
# If you want DNS entries to be created automatically, choose one of these. |
|
122 |
# Alternately, they can both be set to false. |
|
123 |
use_dynamic_dns: true |
|
124 |
# This is not fully implemented yet |
|
125 |
# use_route53: false |
|
126 |
|
|
127 |
# The domain that you want to add DNS entries to |
|
128 |
osp_cluster_dns_zone: blue.osp.opentlc.com |
|
129 |
|
|
130 |
# The dynamic DNS server you will add entries to. |
|
131 |
# NOTE: This is only applicable when {{ use_dynamic_dns}} is true |
|
132 |
osp_cluster_dns_server: ddns01.opentlc.com |
|
133 |
|
|
134 |
# Whether to wait for an ack from the DNS servers before continuing |
|
135 |
wait_for_dns: true |
|
136 |
|
c369f2
|
137 |
student_dns_zone: students.osp.opentlc.com |
NS |
138 |
student_dns_server: ddns01.opentlc.com |
|
139 |
|
44652b
|
140 |
# Set this to true if you want a FIPs provisioned for an OpenShift on OpenStack install |
NS |
141 |
# This will provision an API and Ingress FIP |
|
142 |
openshift_fip_provision: False |
|
143 |
|
|
144 |
# Authenticaion for DDNS |
|
145 |
# ddns_key_name: |
2b2dbb
|
146 |
# ddns_key_algorithm: # default value set to: "hmac-md5" |
44652b
|
147 |
# ddns_secret_name: |
NS |
148 |
|
|
149 |
# Quotas to set for new project that is created |
|
150 |
quota_num_instances: 15 |
|
151 |
quota_num_cores: 72 |
|
152 |
quota_memory: 163840 # in MB |
|
153 |
quota_num_volumes: 25 |
|
154 |
quota_volumes_gigs: 500 |
|
155 |
quota_networks: 3 |
|
156 |
quota_subnets: 3 |
|
157 |
quota_routers: 3 |
01b442
|
158 |
quota_fip: 10 |
44652b
|
159 |
quota_sg: 20 |
NS |
160 |
quota_sg_rules: 200 |
|
161 |
|
|
162 |
# The external network in OpenStack where the floating IPs (FIPs) come from |
|
163 |
provider_network: external |
|
164 |
|
|
165 |
# A list of the private networks and subnets to create in the project |
|
166 |
# You can create as many as you want, but at least one is required. |
|
167 |
# Use the name of the networks where appropriate in the instance list |
|
168 |
networks: |
|
169 |
- name: testnet |
|
170 |
shared: "false" |
|
171 |
subnet_cidr: 192.168.0.0/24 |
|
172 |
gateway_ip: 192.168.0.1 |
|
173 |
allocation_start: 192.168.0.20 |
|
174 |
allocation_end: 192.168.0.254 |
|
175 |
create_router: true |
|
176 |
|
|
177 |
# These will influence the bastion if it is being deployed |
|
178 |
bastion_instance_type: 2c2g30d |
|
179 |
bastion_instance_image: rhel-server-7.7-update-2 |
|
180 |
|
|
181 |
# Instances to be provisioned in new project |
|
182 |
# Provide these as a list. |
|
183 |
# Each instance type can have any number of replicas deployed with the same |
|
184 |
# configuration. |
|
185 |
# Metadata in OpenStack is equivelent to tags in AWS |
|
186 |
# These instances will be created with Cinder persistent volumes |
|
187 |
instances: |
|
188 |
- name: bastion |
|
189 |
count: 1 |
|
190 |
unique: yes |
|
191 |
alt_name: bastion |
|
192 |
image_id: "{{ bastion_instance_image }}" |
|
193 |
floating_ip: yes |
|
194 |
flavor: |
|
195 |
osp: "{{ bastion_instance_type }}" |
|
196 |
metadata: |
|
197 |
- AnsibleGroup: "bastions,clientvms" |
|
198 |
- function: bastion |
|
199 |
- user: "{{ student_name }}" |
|
200 |
- project: "{{ project_tag }}" |
|
201 |
- ostype: linux |
|
202 |
- Purpose: "{{ purpose }}" |
|
203 |
rootfs_size: 30 |
|
204 |
network: testnet |
|
205 |
security_groups: |
|
206 |
- bastion_sg |
|
207 |
|
|
208 |
# Security groups and associated rules. This will be provided |
|
209 |
#when the Heat template is generated separate groups and rules |
|
210 |
security_groups: |
|
211 |
- name: bastion_sg |
|
212 |
description: Bastion security group allows basic icmp and SSH ingress and egress to * |
|
213 |
rules: |
|
214 |
- protocol: icmp |
|
215 |
direction: ingress |
|
216 |
- protocol: tcp |
|
217 |
direction: ingress |
|
218 |
port_range_min: 22 |
|
219 |
port_range_max: 22 |
01b442
|
220 |
remote_ip_prefix: 0.0.0.0/0 |