commit | author | age
|
909bee
|
1 |
# The type of cloud provider this will be deployed to |
WK |
2 |
cloud_provider: osp |
|
3 |
|
|
4 |
# Authenication credentials for OpenStack in order to create the things. |
|
5 |
# These should be included with your secrets, but are listed here for reference |
|
6 |
# osp_auth_url: |
|
7 |
# osp_auth_username: |
|
8 |
# osp_auth_password: |
|
9 |
# osp_auth_cloud: |
|
10 |
# osp_auth_project_domain: #usually set to "default" |
|
11 |
# osp_auth_user_domain: #usually set to "default" |
|
12 |
|
|
13 |
# This is an account that must exist in OpenStack. |
|
14 |
# It is used to create projects, access, Heat templates |
|
15 |
admin_user: opentlc-mgr |
|
16 |
|
|
17 |
# The name of the project that will be created in OpenStack for the user |
|
18 |
osp_project_name: "{{ guid }}-project" |
|
19 |
|
6bd9e1
|
20 |
# The name of the cloud where ocp-cluster will be created |
T |
21 |
osp_cloud_name: "{{ osp_project_name }}" |
|
22 |
|
909bee
|
23 |
# Set this to true if you need to create a new project in OpenStack |
WK |
24 |
# This should almost always be set to true for OpenShift installations |
|
25 |
# If it is set to false, the {{ osp_project_name }} must already exist and |
|
26 |
# should be able to run whatever you are deploying |
|
27 |
osp_project_create: true |
|
28 |
|
|
29 |
# This is the user that Ansible will use to connect to the nodes it is |
|
30 |
# configuring from the admin/control host |
|
31 |
ansible_user: cloud-user |
|
32 |
remote_user: cloud-user |
|
33 |
|
|
34 |
# The domain that you want to add DNS entries to |
|
35 |
osp_cluster_dns_zone: blue.osp.opentlc.com |
|
36 |
|
2949f9
|
37 |
# The base domain |
GC |
38 |
ocp4_base_domain: "{{ osp_cluster_dns_zone }}" |
|
39 |
|
909bee
|
40 |
# The dynamic DNS server you will add entries to. |
WK |
41 |
# NOTE: This is only applicable when {{ use_dynamic_dns}} is true |
|
42 |
osp_cluster_dns_server: ddns01.opentlc.com |
|
43 |
|
|
44 |
# Whether to wait for an ack from the DNS servers before continuing |
|
45 |
wait_for_dns: true |
|
46 |
|
|
47 |
# Authenticaion for DDNS, Must be set in secrets |
|
48 |
# ddns_key_name: |
|
49 |
# ddns_secret_name: |
|
50 |
|
|
51 |
# Set this to true if you want a FIPs provisioned for an OpenShift on OpenStack install |
|
52 |
# This will provision an API and Ingress FIP |
|
53 |
openshift_fip_provision: True |
|
54 |
|
|
55 |
# This requires DDNS or other DNS solution configured |
|
56 |
# If enabled, it will add DNS entries for the API and Ingress FIPs |
|
57 |
openshift_fip_dns: True |
|
58 |
|
|
59 |
# The external network in OpenStack where the floating IPs (FIPs) come from |
|
60 |
provider_network: external |
|
61 |
|
|
62 |
# If you are deploying OpenShift, this should be set to the network that you |
|
63 |
# want to use and will be used to create security groups. |
|
64 |
# It will pull the subnet CIDR from the defined network below, based on the |
|
65 |
# name you define for {{ ocp_network }} |
|
66 |
ocp_network: "ocp" |
|
67 |
ocp_network_subnet_cidr: "{{ networks | json_query(query_subnet_cidr) | first }}" |
|
68 |
query_subnet_cidr: "[?name=='{{ ocp_network }}'].subnet_cidr" |
|
69 |
|
|
70 |
# A list of the private networks and subnets to create in the project |
|
71 |
# You can create as many as you want, but at least one is required. |
|
72 |
# Use the name of the networks where appropriate in the instance list |
|
73 |
networks: |
|
74 |
- name: ocp |
|
75 |
shared: "false" |
|
76 |
subnet_cidr: 192.168.47.0/24 |
|
77 |
gateway_ip: 192.168.47.1 |
|
78 |
allocation_start: 192.168.47.10 |
|
79 |
allocation_end: 192.168.47.254 |
|
80 |
dns_nameservers: [] |
|
81 |
create_router: true |
|
82 |
|
|
83 |
# Quotas to set for new project that is created |
|
84 |
quota_num_instances: 15 |
|
85 |
quota_num_cores: 72 |
|
86 |
quota_memory: 163840 # in MB |
|
87 |
quota_num_volumes: 25 |
|
88 |
quota_volumes_gigs: 1000 |
|
89 |
#quota_loadbalancers: #when Octavia is available |
|
90 |
#quota_pool: #when Octavia is available |
|
91 |
quota_networks: 3 |
|
92 |
quota_subnets: 3 |
|
93 |
quota_routers: 3 |
|
94 |
quota_fip: 5 |
|
95 |
quota_sg: 10 |
|
96 |
quota_sg_rules: 100 |
|
97 |
|
|
98 |
# Instances to be provisioned in new project |
|
99 |
# Provide these as a list. |
|
100 |
# Each instance type can have any number of replicas deployed with the same |
|
101 |
# configuration. |
|
102 |
# Metadata in OpenStack is equivelent to tags in AWS |
|
103 |
# These instances will be created with Cinder persistent volumes |
|
104 |
instances: |
|
105 |
- name: bastion |
|
106 |
count: 1 |
|
107 |
unique: yes |
|
108 |
alt_name: bastion |
|
109 |
image_id: "{{ bastion_instance_image }}" |
|
110 |
floating_ip: yes |
|
111 |
flavor: |
|
112 |
osp: "{{ bastion_instance_type }}" |
|
113 |
metadata: |
|
114 |
- AnsibleGroup: "bastions,clientvms" |
|
115 |
- function: bastion |
|
116 |
- user: "{{ student_name }}" |
|
117 |
- project: "{{ project_tag }}" |
|
118 |
- ostype: linux |
|
119 |
- Purpose: "{{ purpose }}" |
|
120 |
rootfs_size: 30 |
|
121 |
network: ocp |
|
122 |
security_groups: |
|
123 |
- bastion_sg |
|
124 |
|
|
125 |
# Uncomment to create a UtilityVM that can host an NFS server |
|
126 |
# - name: utilityvm |
|
127 |
# count: 1 |
|
128 |
# image_id: "{{ utilityvm_instance_image }}" |
|
129 |
# floating_ip: no |
|
130 |
# flavor: |
|
131 |
# osp: "{{ utilityvm_instance_type }}" |
|
132 |
# metadata: |
|
133 |
# - AnsibleGroup: "utility" |
|
134 |
# - function: bastion |
|
135 |
# - user: "{{ student_name }}" |
|
136 |
# - project: "{{ project_tag }}" |
|
137 |
# - ostype: linux |
|
138 |
# - Purpose: "{{ purpose }}" |
|
139 |
# rootfs_size: 500 |
|
140 |
# network: ocp |
|
141 |
# security_groups: |
|
142 |
# - utility_sg |
|
143 |
|
|
144 |
# Security groups and associated rules. This will be provided |
|
145 |
#when the Heat template is generated separate groups and rules |
|
146 |
security_groups: |
|
147 |
- name: bastion_sg |
|
148 |
description: Bastion security group allows basic icmp and SSH ingress and egress to * |
|
149 |
rules: |
|
150 |
- protocol: icmp |
|
151 |
direction: ingress |
|
152 |
- protocol: tcp |
|
153 |
direction: ingress |
|
154 |
port_range_min: 22 |
|
155 |
port_range_max: 22 |
|
156 |
remote_ip_prefix: 0.0.0.0/0 |
|
157 |
|
|
158 |
# Uncomment for a UtilityVM |
|
159 |
# - name: utility_sg |
|
160 |
# description: Utility security group allows SSH from bastion, NFS traffic and egress to * |
|
161 |
# rules: |
|
162 |
# - protocol: icmp |
|
163 |
# direction: ingress |
|
164 |
# remote_group: "bastion_sg" |
|
165 |
# - protocol: tcp |
|
166 |
# direction: ingress |
|
167 |
# port_range_min: 22 |
|
168 |
# port_range_max: 22 |
|
169 |
# remote_group: "bastion_sg" |
|
170 |
# - protocol: tcp |
|
171 |
# direction: ingress |
|
172 |
# port_range_min: 2049 |
|
173 |
# port_range_max: 2049 |
|
174 |
# remote_ip_prefix: "{{ ocp_network_subnet_cidr }}" |
|
175 |
# description: "NFS traffic" |
|
176 |
|
|
177 |
# These will influence the bastion if it is being deployed |
|
178 |
bastion_instance_type: 2c2g30d |
|
179 |
bastion_instance_image: rhel-server-7.7-update-2 |
|
180 |
|
|
181 |
# These will influence the utility VM, which is primarily used for disconnected |
|
182 |
# install, but can be used for anything really. |
|
183 |
# utilityvm_instance_type: 2c2g30d |
|
184 |
# utilityvm_instance_image: rhel-server-7.7-update-2 |
|
185 |
|
|
186 |
# Master Instance Type |
|
187 |
master_instance_type: 4c16g30d |
|
188 |
|
|
189 |
# Worker Instance Type |
|
190 |
worker_instance_type: 4c16g30d |