view | history | commit | commitdiff
Wolfgang Kulhanek
2020-03-03 80abf5668e29af2945586c269344e8fa16bf3cf2
commit | author | age
3dad88 1 #
80abf5 2 # ansible inventory for OpenShift Container Platform  3.11.154
3dad88 3 # AgnosticD ansible-config: ocp-ha-disconnected-lab
WK 4
5 [OSEv3:vars]
6
7 ###########################################################################
8 ### Ansible Vars
9 ###########################################################################
10 timeout=60
11 ansible_user={{ansible_user}}
12 ansible_become=yes
13
14 ###########################################################################
15 ### OpenShift Basic Vars
16 ###########################################################################
17
18 openshift_deployment_type=openshift-enterprise
19
20 openshift_disable_check="disk_availability,memory_availability,docker_image_availability"
21
22 # OpenShift Version:
23 # If you modify the openshift_image_tag or the openshift_pkg_version variables after the cluster is set up, then an upgrade can be triggered, resulting in downtime.
24 # If openshift_image_tag is set, its value is used for all hosts in system container environments, even those that have another version installed. If
25 # Use this variable to specify a container image tag to install or configure.
26 #openshift_pkg_version is set, its value is used for all hosts in RPM-based environments, even those that have another version installed.
27 openshift_image_tag=v{{ osrelease }}
28 # Use this variable to specify an RPM version to install or configure.
29 openshift_pkg_version=-{{ osrelease }}
30 openshift_release="{{ osrelease }}"
31
32 {% if container_runtime == "cri-o" %}
33 openshift_use_crio=True
34 openshift_crio_enable_docker_gc=True
35 openshift_crio_docker_gc_node_selector={'runtime': 'cri-o'}
36 {% endif %}
37
38 # Node Groups
39 openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true','runtime={{container_runtime}}']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true','runtime={{container_runtime}}']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true','runtime={{container_runtime}}'], 'edits': [{ 'key': 'kubeletArguments.pods-per-core','value': ['20']}]}]
40 # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -> These  need to go into the above
41 # openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']}
42
43 # Configure logrotate scripts
44 # See: https://github.com/nickhammond/ansible-logrotate
45 logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}]
46
47 # Deploy Operator Lifecycle Manager Tech Preview
48 #openshift_enable_olm=false
49
50 ###########################################################################
51 ### OpenShift Registries Locations
52 ###########################################################################
53
54 #oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version}
55 oreg_url=isolated1.{{ guid }}.internal:5000/openshift3/ose-${component}:${version}
56 #oreg_auth_user={{ redhat_registry_user }}
57 #oreg_auth_password={{ redhat_registry_password }}
58
59 openshift_docker_insecure_registries=isolated1.{{ guid }}.internal:5000
60 openshift_docker_blocked_registries=registry.redhat.io,registry.access.redhat.com,docker.io
61 # openshift_docker_additional_registries=
62
63 openshift_examples_modify_imagestreams=true
64
65 {% if install_glusterfs|bool %}
66 ###########################################################################
67 ### OpenShift Container Storage
68 ###########################################################################
69
70 openshift_master_dynamic_provisioning_enabled=True
71
72 # CNS storage cluster
73 # From https://github.com/red-hat-storage/openshift-cic
74 openshift_storage_glusterfs_namespace=openshift-storage
75 openshift_storage_glusterfs_storageclass=true
76 openshift_storage_glusterfs_storageclass_default=false
77
78 openshift_storage_glusterfs_block_deploy=true
79 openshift_storage_glusterfs_block_host_vol_create=true
80 openshift_storage_glusterfs_block_host_vol_size=200
81 openshift_storage_glusterfs_block_storageclass=true
82 openshift_storage_glusterfs_block_storageclass_default=true
83
84 # Container image to use for glusterfs pods
85 openshift_storage_glusterfs_image="registry.access.redhat.com/rhgs3/rhgs-server-rhel7:{{ glusterfs_image_tag }}"
86
87 # Container image to use for glusterblock-provisioner pod
88 openshift_storage_glusterfs_block_image="registry.access.redhat.com/rhgs3/rhgs-gluster-block-prov-rhel7:{{ glusterfs_image_tag }}"
89
90 # Container image to use for heketi pods
91 openshift_storage_glusterfs_heketi_image="registry.access.redhat.com/rhgs3/rhgs-volmanager-rhel7:{{ glusterfs_image_tag }}"
92
93 # GlusterFS version
94 #  Knowledgebase
95 #   https://access.redhat.com/solutions/3617551
96 #  Bugzilla
97 #   https://bugzilla.redhat.com/show_bug.cgi?id=163.1057
98 #  Complete OpenShift GlusterFS Configuration README
99 #   https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_storage_glusterfs
100 openshift_storage_glusterfs_version=v3.10
101 openshift_storage_glusterfs_block_version=v3.10
102 openshift_storage_glusterfs_s3_version=v3.10
103 openshift_storage_glusterfs_heketi_version=v3.10
104 # openshift_storage_glusterfs_registry_version=v3.10
105 # openshift_storage_glusterfs_registry_block_version=v3.10
106 # openshift_storage_glusterfs_registry_s3_version=v3.10
107 # openshift_storage_glusterfs_registry_heketi_version=v3.10
108 {% endif %}
109
110 {% if install_nfs|bool %}
111 # Set this line to enable NFS
112 openshift_enable_unsupported_configurations=True
113 {% endif %}
114
115 ###########################################################################
116 ### OpenShift Master Vars
117 ###########################################################################
118
119 openshift_master_api_port={{master_api_port}}
120 openshift_master_console_port={{master_api_port}}
121
122 # ensure oauth secrets regenerated properly when re-running playbooks
123 # delete the webconsole pods if login OK returns user to login screen
124 openshift_console_install=true
125 openshift_console_hostname={{master_lb_dns}}
126
127 #Default:  openshift_master_cluster_method=native
128 openshift_master_cluster_hostname=loadbalancer.{{guid}}.internal
129 openshift_master_cluster_public_hostname={{master_lb_dns}}
130 openshift_master_default_subdomain={{cloudapps_suffix}}
131 #openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'}
132 openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}}
133
134 # Audit log
135 # openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5}
136
137 # ocp-ha-lab
138 # AWS Autoscaler
139 #openshift_master_bootstrap_auto_approve=false
140 # This variable is a cluster identifier unique to the AWS Availability Zone. Using this avoids potential issues in Amazon Web Services (AWS) with multiple zones or multiple clusters.
141 #openshift_clusterid
142
143 ###########################################################################
144 ### OpenShift Network Vars
145 ###########################################################################
146
147 osm_cluster_network_cidr=10.1.0.0/16
148 openshift_portal_net=172.30.0.0/16
149
150 os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy'
151
152 ###########################################################################
153 ### OpenShift Authentication Vars
154 ###########################################################################
155
156 # LDAP AND HTPASSWD Authentication (download ipa-ca.crt first)
157 #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'},{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
158
159 # Just LDAP
160 #openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com', 'bindPassword': 'r3dh4t1!', 'ca': '/etc/origin/master/ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa.shared.example.opentlc.com:636/cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com?uid?sub?(memberOf=cn=ocp-users,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com)'}]
161
162 # Just HTPASSWD
163 openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
164
165 # LDAP and HTPASSWD dependencies
166
167 openshift_master_htpasswd_file=/root/htpasswd.openshift
168 #openshift_master_ldap_ca_file=/root/ipa-ca.crt
169
170 {% if admission_plugin_config is defined %}
171 ###########################################################################
172 ### OpenShift admission plugin config
173 ###########################################################################
174
175 openshift_master_admission_plugin_config={{admission_plugin_config|to_json}}
176 {% endif %}
177
178 ###########################################################################
179 ### OpenShift Metrics and Logging Vars
180 ###########################################################################
181
182 #########################
183 # Prometheus Metrics
184 #########################
185
186 openshift_cluster_monitoring_operator_install=true
187
188 {% if install_glusterfs|bool %}
189 openshift_cluster_monitoring_operator_prometheus_storage_capacity=20Gi
190 openshift_cluster_monitoring_operator_alertmanager_storage_capacity=2Gi
191 openshift_cluster_monitoring_operator_prometheus_storage_enabled=True
192 openshift_cluster_monitoring_operator_alertmanager_storage_enabled=True
193
194 # The next two will be enabled in 3.11.z
195 # will use deafult storage class until then
196 # so set the block storage class as default
197
198 # openshift_cluster_monitoring_operator_prometheus_storage_class_name='glusterfs-storage-block'
199 # openshift_cluster_monitoring_operator_alertmanager_storage_class_name='glusterfs-storage-block'
200 {% endif %}
201
202 ########################
203 # Cluster Metrics
204 ########################
205
206 openshift_metrics_install_metrics={{install_metrics}}
207
208 {% if install_nfs|bool and not install_glusterfs|bool %}
209 openshift_metrics_storage_kind=nfs
210 openshift_metrics_storage_access_modes=['ReadWriteOnce']
211 openshift_metrics_storage_nfs_directory=/srv/nfs
212 openshift_metrics_storage_nfs_options='*(rw,root_squash)'
213 openshift_metrics_storage_volume_name=metrics
214 openshift_metrics_storage_volume_size=10Gi
215 openshift_metrics_storage_labels={'storage': 'metrics'}
216 openshift_metrics_cassandra_pvc_storage_class_name=''
217 {% endif %}
218
219 {% if install_glusterfs|bool %}
220 openshift_metrics_cassandra_storage_type=dynamic
221 openshift_metrics_cassandra_pvc_storage_class_name='glusterfs-storage-block'
222 {% endif %}
223
224 openshift_metrics_hawkular_nodeselector={"node-role.kubernetes.io/infra": "true"}
225 openshift_metrics_cassandra_nodeselector={"node-role.kubernetes.io/infra": "true"}
226 openshift_metrics_heapster_nodeselector={"node-role.kubernetes.io/infra": "true"}
227
228 # Store Metrics for 2 days
229 openshift_metrics_duration=2
230
231 # Suggested Quotas and limits for Prometheus components:
232 openshift_prometheus_memory_requests=2Gi
233 openshift_prometheus_cpu_requests=750m
234 openshift_prometheus_memory_limit=2Gi
235 openshift_prometheus_cpu_limit=750m
236 openshift_prometheus_alertmanager_memory_requests=300Mi
237 openshift_prometheus_alertmanager_cpu_requests=200m
238 openshift_prometheus_alertmanager_memory_limit=300Mi
239 openshift_prometheus_alertmanager_cpu_limit=200m
240 openshift_prometheus_alertbuffer_memory_requests=300Mi
241 openshift_prometheus_alertbuffer_cpu_requests=200m
242 openshift_prometheus_alertbuffer_memory_limit=300Mi
243 openshift_prometheus_alertbuffer_cpu_limit=200m
244
245 {# The following file will need to be copied over to the bastion before deployment
246 # There is an example in ocp-workshop/files
247 # openshift_prometheus_additional_rules_file=/root/prometheus_alerts_rules.yml #}
248
249 ########################
250 # Cluster Logging
251 ########################
252
253 openshift_logging_install_logging={{install_logging}}
254 openshift_logging_install_eventrouter={{install_logging}}
255
256 {% if install_nfs|bool and not install_glusterfs|bool %}
257 openshift_logging_storage_kind=nfs
258 openshift_logging_storage_access_modes=['ReadWriteOnce']
259 openshift_logging_storage_nfs_directory=/srv/nfs
260 openshift_logging_storage_nfs_options='*(rw,root_squash)'
261 openshift_logging_storage_volume_name=logging
262 openshift_logging_storage_volume_size=10Gi
263 openshift_logging_storage_labels={'storage': 'logging'}
264 openshift_logging_es_pvc_storage_class_name=''
0aebed 265 openshift_logging_es_pvc_dynamic=false
3dad88 266 {% endif %}
WK 267 {% if install_glusterfs|bool %}
268 openshift_logging_es_pvc_dynamic=true
269 openshift_logging_es_pvc_size=20Gi
270 openshift_logging_es_pvc_storage_class_name='glusterfs-storage-block'
271 {% endif %}
272 openshift_logging_es_memory_limit=8Gi
273 openshift_logging_es_cluster_size=1
274 openshift_logging_curator_default_days=2
275
276 openshift_logging_kibana_nodeselector={"node-role.kubernetes.io/infra": "true"}
277 openshift_logging_curator_nodeselector={"node-role.kubernetes.io/infra": "true"}
278 openshift_logging_es_nodeselector={"node-role.kubernetes.io/infra": "true"}
279 openshift_logging_eventrouter_nodeselector={"node-role.kubernetes.io/infra": "true"}
280
281 ###########################################################################
282 ### OpenShift Router and Registry Vars
283 ###########################################################################
284
285 # default selectors for router and registry services
286 # openshift_router_selector='node-role.kubernetes.io/infra=true'
287 # openshift_registry_selector='node-role.kubernetes.io/infra=true'
288
289 openshift_hosted_router_replicas={{infranode_instance_count}}
290
291 # openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"}
292
293 openshift_hosted_registry_replicas=1
294 openshift_hosted_registry_pullthrough=true
295 openshift_hosted_registry_acceptschema2=true
296 openshift_hosted_registry_enforcequota=true
297
298 {% if install_glusterfs|bool %}
299 openshift_hosted_registry_storage_kind=glusterfs
300 openshift_hosted_registry_storage_volume_size=10Gi
301 openshift_hosted_registry_selector="node-role.kubernetes.io/infra=true"
302 {% endif %}
303
304 {% if install_nfs|bool %}
305 openshift_hosted_registry_storage_kind=nfs
306 openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
307 openshift_hosted_registry_storage_nfs_directory=/srv/nfs
308 openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'
309 openshift_hosted_registry_storage_volume_name=registry
310 openshift_hosted_registry_storage_volume_size=20Gi
311 {% endif %}
312
313 ###########################################################################
314 ### OpenShift Service Catalog Vars
315 ###########################################################################
316
317 # default=true
318 openshift_enable_service_catalog=true
319
320 # default=true
321 template_service_broker_install=true
322 openshift_template_service_broker_namespaces=['openshift']
323
324 # default=true
325 ansible_service_broker_install=true
326 ansible_service_broker_local_registry_whitelist=['.*-apb$']
327
328 ###########################################################################
329 ### OpenShift Hosts
330 ###########################################################################
331 # openshift_node_labels DEPRECATED
332 # openshift_node_problem_detector_install
333
334 [OSEv3:children]
335 lb
336 masters
337 etcd
338 nodes
339 {% if install_nfs|bool %}
340 nfs
341 {% endif %}
342 {% if install_glusterfs|bool %}
343 glusterfs
344 {% endif %}
345
346 [lb]
347 {% for host in groups['loadbalancers'] %}
348 {{ hostvars[host].internaldns }}
349 {% endfor %}
350
351 [masters]
352 {% for host in groups['masters']|sort %}
353 {{ hostvars[host].internaldns }}
354 {% endfor %}
355
356 [etcd]
357 {% for host in groups['masters']|sort %}
358 {{ hostvars[host].internaldns }}
359 {% endfor %}
360
361 [nodes]
362 ## These are the masters
363 {% for host in groups['masters']|sort %}
364 {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-master'
365 {% endfor %}
366
367 ## These are infranodes
368 {% for host in groups['infranodes']|sort %}
369 {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-infra'
370 {% endfor %}
371
372 ## These are regular nodes
373 {% for host in groups['nodes']|sort %}
374 {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute'
375 {% endfor %}
376
377 {% if install_glusterfs|bool %}
378 ## These are OCS nodes
379 {% for host in groups['support']|sort %}
380 {{ hostvars[host].internaldns }} openshift_node_group_name='node-config-compute'
381 {% endfor %}
382 {% endif %}
383
384 {% if install_nfs|bool %}
385 [nfs]
386 {% for host in [groups['support']|sort|first] %}
387 {{ hostvars[host].internaldns }}
388 {% endfor %}
389 {% endif %}
390
391 {% if install_glusterfs|bool %}
392 [glusterfs]
393 {% for host in groups['support']|sort %}
394 {{ hostvars[host].internaldns }} glusterfs_devices='[ "{{ glusterfs_app_device_name }}" ]'
395 {% endfor %}
396 {% endif %}