| commit | author | age | ||
| 44652b | 1 | ###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
| NS | 2 | ###### OR PASS as "-e" args to ansible-playbook command |
| 3 | ||
| 4 | # This config was written with the expectation of using python3 | |
| 5 | # Several of the roles that it depends on only work with python2, | |
| 6 | # so they had to be modified to handle python3 as well. Use this | |
| 7 | # var so that it is passed along and influences how those roles run. | |
| 8 | all_use_python3: true | |
| 9 | ||
| 10 | # This is an account that must exist in OpenStack. | |
| 11 | # It is used to create projects, access, Heat templates | |
| 12 | admin_user: opentlc-mgr | |
| 13 | ||
| 14 | # Authenication credentials for OpenStack in order to create the things. | |
| 15 | # These should be included with your secrets, but are listed here for reference | |
| 16 | # osp_auth_url: | |
| 17 | # osp_auth_username: | |
| 18 | # osp_auth_password: | |
| 19 | # osp_auth_cloud: | |
| 20 | # osp_auth_project_domain: #usually set to "default" | |
| 21 | # osp_auth_user_domain: #usually set to "default" | |
| 22 | ||
| 23 | # The output_dir holds all of the files generated during the deployment | |
| 24 | # This includes generated Heat templates, SSH config, SSH keys | |
| 25 | # This must be an absolute path and no vars (like $HOME or ~) | |
| 26 | output_dir: /tmp/output_dir | |
| 27 | ||
| 28 | # The name of the agnosticd config to deploy | |
| 29 | env_type: osp-sandbox | |
| 30 | ||
| 31 | # The {{ guid }} is used everywhere and it is what differentiates otherwise | |
| 32 | # identical environments. Make this unique. Usually they are 4 characters, but | |
| 33 | # it can be any reasonablre length. | |
| 34 | guid: mydefault | |
| 35 | ||
| 36 | # The name of the project that will be created in OpenStack for the user | |
| 37 | osp_project_name: "{{ guid }}-project" | |
| 38 | ||
| 39 | # Set this to true if you need to create a new project in OpenStack | |
| 40 | # This should almost always be set to true for OpenShift installations | |
| 41 | # If it is set to false, the {{ osp_project_name }} must already exist and | |
| 42 | # should be able to run whatever you are deploying | |
| 43 | osp_project_create: true | |
| 44 | ||
| 45 | # Used to add metadata (tags) to OpenStack objects created | |
| 46 | project_tag: "{{ env_type }}-{{ guid }}" | |
| 47 | ||
| 48 | # Why is this config being deployed? | |
| 49 | # Some valid: development, ilt, production, event | |
| 50 | purpose: development | |
| 51 | ||
| 52 | # The type of cloud provider this will be deployed to | |
| 53 | cloud_provider: osp | |
| 54 | ||
| 55 | # This should be overwritten based on the user ordering the catalog item | |
| 56 | # It will be used by the bastion-student-user role and created on the bastion | |
| 57 | student_name: lab-user | |
| 58 | ||
| 59 | # Enable this if you want to create a user on the bastion | |
| 60 | # Mutually exclusive with {{ install_ipa_client }} | |
| 61 | install_student_user: true | |
| 62 | ||
| 63 | # Enable this if you want to use IPA for user authentication. | |
| 64 | # Mutually exclusive with {{ install_student_user }} | |
| 65 | install_ipa_client: false | |
| 66 | ||
| 67 | # TODO: What does this really do besides run the role? | |
| 68 | set_env_authorized_key: true | |
| 69 | env_authorized_key: "{{guid}}key" | |
| 70 | key_name: "default_key_name" | |
| 71 | ||
| 72 | # This is the user that Ansible will use to connect to the nodes it is | |
| 73 | # configuring from the admin/control host | |
| 74 | ansible_user: cloud-user | |
| 75 | remote_user: cloud-user | |
| 76 | ||
| 77 | # Run the bastion-lite role | |
| 78 | install_bastion: false | |
| 79 | ||
| 80 | # TODO: Decide on whether to use sat or give access to repos directly with key | |
| 81 | # This will tell Agnosticd to use either: | |
| 82 | # sattelite, rhn, or file for repos | |
| 83 | repo_method: file | |
| 84 | # If using satellite, these are needed: | |
| 85 | # satellite_url: satellite.opentlc.com | |
| 86 | # satellite_activationkey: # This should be stored in secrets | |
| 87 | # satellite_org: # This should be stored in secrets | |
| 88 | # use_content_view: true | |
| 89 | # If using file, these are needed in addition to the repos_template.j2 file: | |
| 90 | osrelease: 4.2.0 | |
| 91 | repo_version: '4.2' | |
| 92 | own_repo_path: # Should be defined in secrets | |
| 93 | ||
| 94 | # Packages to install on all of the hosts deployed as part of the agnosticd config | |
| 95 | # This invokes the "common" role | |
| 96 | install_common: true | |
| 97 | ||
| 98 | # As part of the "common" role, this cause it to do a yum update on the host | |
| 99 | update_packages: true | |
| 100 | ||
| 101 | # The packages that will be installed by the "common" role. Only put things | |
| 102 | # in this list that are needed, stable, and useful on every node. | |
| 103 | common_packages: | |
| 104 | - unzip | |
| 105 | - bash-completion | |
| 106 | - tmux | |
| 107 | - bind-utils | |
| 108 | - wget | |
| 109 | - ansible | |
| 110 | - git | |
| 111 | - vim-enhanced | |
| 112 | - httpd-tools | |
| 113 | - openldap-clients | |
| 114 | - podman | |
| 115 | - tree | |
| 116 | ||
| 117 | # This will run in the post_software phase and run playbooks in the | |
| 118 | # software_playbooks directory | |
| 119 | software_to_deploy: none | |
| 120 | ||
| 121 | # If you want DNS entries to be created automatically, choose one of these. | |
| 122 | # Alternately, they can both be set to false. | |
| 123 | use_dynamic_dns: true | |
| 124 | # This is not fully implemented yet | |
| 125 | # use_route53: false | |
| 126 | ||
| 127 | # The domain that you want to add DNS entries to | |
| 128 | osp_cluster_dns_zone: blue.osp.opentlc.com | |
| 129 | ||
| 130 | # The dynamic DNS server you will add entries to. | |
| 131 | # NOTE: This is only applicable when {{ use_dynamic_dns}} is true | |
| 132 | osp_cluster_dns_server: ddns01.opentlc.com | |
| 133 | ||
| 134 | # Whether to wait for an ack from the DNS servers before continuing | |
| 135 | wait_for_dns: true | |
| 136 | ||
| c369f2 | 137 | student_dns_zone: students.osp.opentlc.com |
| NS | 138 | student_dns_server: ddns01.opentlc.com |
| 139 | ||
| 44652b | 140 | # Set this to true if you want a FIPs provisioned for an OpenShift on OpenStack install |
| NS | 141 | # This will provision an API and Ingress FIP |
| 142 | openshift_fip_provision: False | |
| 143 | ||
| 144 | # Authenticaion for DDNS | |
| 145 | # ddns_key_name: | |
| 2b2dbb | 146 | # ddns_key_algorithm: # default value set to: "hmac-md5" |
| 44652b | 147 | # ddns_secret_name: |
| NS | 148 | |
| 149 | # Quotas to set for new project that is created | |
| 150 | quota_num_instances: 15 | |
| 151 | quota_num_cores: 72 | |
| 152 | quota_memory: 163840 # in MB | |
| 153 | quota_num_volumes: 25 | |
| 154 | quota_volumes_gigs: 500 | |
| 155 | quota_networks: 3 | |
| 156 | quota_subnets: 3 | |
| 157 | quota_routers: 3 | |
| 01b442 | 158 | quota_fip: 10 |
| 44652b | 159 | quota_sg: 20 |
| NS | 160 | quota_sg_rules: 200 |
| 161 | ||
| 162 | # The external network in OpenStack where the floating IPs (FIPs) come from | |
| 163 | provider_network: external | |
| 164 | ||
| 165 | # A list of the private networks and subnets to create in the project | |
| 166 | # You can create as many as you want, but at least one is required. | |
| 167 | # Use the name of the networks where appropriate in the instance list | |
| 168 | networks: | |
| 169 | - name: testnet | |
| 170 | shared: "false" | |
| 171 | subnet_cidr: 192.168.0.0/24 | |
| 172 | gateway_ip: 192.168.0.1 | |
| 173 | allocation_start: 192.168.0.20 | |
| 174 | allocation_end: 192.168.0.254 | |
| 175 | create_router: true | |
| 176 | ||
| 177 | # These will influence the bastion if it is being deployed | |
| 178 | bastion_instance_type: 2c2g30d | |
| 179 | bastion_instance_image: rhel-server-7.7-update-2 | |
| 180 | ||
| 181 | # Instances to be provisioned in new project | |
| 182 | # Provide these as a list. | |
| 183 | # Each instance type can have any number of replicas deployed with the same | |
| 184 | # configuration. | |
| 185 | # Metadata in OpenStack is equivelent to tags in AWS | |
| 186 | # These instances will be created with Cinder persistent volumes | |
| 187 | instances: | |
| 188 | - name: bastion | |
| 189 | count: 1 | |
| 190 | unique: yes | |
| 191 | alt_name: bastion | |
| 192 | image_id: "{{ bastion_instance_image }}" | |
| 193 | floating_ip: yes | |
| 194 | flavor: | |
| 195 | osp: "{{ bastion_instance_type }}" | |
| 196 | metadata: | |
| 197 | - AnsibleGroup: "bastions,clientvms" | |
| 198 | - function: bastion | |
| 199 | - user: "{{ student_name }}" | |
| 200 | - project: "{{ project_tag }}" | |
| 201 | - ostype: linux | |
| 202 | - Purpose: "{{ purpose }}" | |
| 203 | rootfs_size: 30 | |
| 204 | network: testnet | |
| 205 | security_groups: | |
| 206 | - bastion_sg | |
| 207 | ||
| 208 | # Security groups and associated rules. This will be provided | |
| 209 | #when the Heat template is generated separate groups and rules | |
| 210 | security_groups: | |
| 211 | - name: bastion_sg | |
| 212 | description: Bastion security group allows basic icmp and SSH ingress and egress to * | |
| 213 | rules: | |
| 214 | - protocol: icmp | |
| 215 | direction: ingress | |
| 216 | - protocol: tcp | |
| 217 | direction: ingress | |
| 218 | port_range_min: 22 | |
| 219 | port_range_max: 22 | |
| 01b442 | 220 | remote_ip_prefix: 0.0.0.0/0 |
