commit | author | age
|
909bee
|
1 |
###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT |
WK |
2 |
###### OR PASS as "-e" args to ansible-playbook command |
b704b2
|
3 |
# |
WK |
4 |
# The domain that you want to add DNS entries to should come from |
|
5 |
# the deployment secrets |
|
6 |
# cluster_dns_zone: pick-a-color.osp.opentlc.com |
|
7 |
# |
909bee
|
8 |
|
WK |
9 |
# The name of the agnosticd config to deploy |
|
10 |
env_type: ocp4-cluster |
|
11 |
|
|
12 |
# The output_dir holds all of the files generated during the deployment |
|
13 |
# This includes generated Heat templates, SSH config, SSH keys |
|
14 |
# This must be an absolute path and no vars (like $HOME or ~) |
|
15 |
output_dir: /tmp/output_dir |
|
16 |
|
|
17 |
# The {{ guid }} is used everywhere and it is what differentiates otherwise |
|
18 |
# identical environments. Make this unique. Usually they are 4 characters, but |
|
19 |
# it can be any reasonable length. |
|
20 |
guid: notset |
|
21 |
|
|
22 |
# The name of the OpenShift cluster that will be deployed. |
|
23 |
# This is primarily used if you want to automate the OpenShift deployment. |
|
24 |
cluster_name: cluster-{{ guid }} |
|
25 |
|
|
26 |
# Used to add metadata (tags) to OpenStack objects created |
|
27 |
project_tag: "{{ env_type }}-{{ guid }}" |
|
28 |
|
|
29 |
# Why is this config being deployed? Override for specific environments |
|
30 |
# Some valid: development, ilt, production, event |
|
31 |
purpose: development |
|
32 |
|
|
33 |
# Enable this if you want to create a user on the bastion |
|
34 |
# Mutually exclusive with {{ install_ipa_client }} |
|
35 |
install_student_user: true |
|
36 |
|
|
37 |
# This should be overwritten based on the user ordering the catalog item |
|
38 |
# It will be used by the bastion-student-user role and created on the bastion |
|
39 |
student_name: lab-user |
|
40 |
|
|
41 |
# Enable this if you want to use IPA for user authentication. |
|
42 |
# Mutually exclusive with {{ install_student_user }} |
|
43 |
install_ipa_client: false |
|
44 |
|
|
45 |
# TODO: What does this really do besides run the role? |
|
46 |
set_env_authorized_key: true |
|
47 |
env_authorized_key: "{{guid}}key" |
|
48 |
key_name: "default_key_name" |
|
49 |
|
|
50 |
# Run the bastion-lite role |
|
51 |
install_bastion: true |
|
52 |
|
|
53 |
# This config was written with the expectation of using python3 |
|
54 |
# Several of the roles that it depends on only work with python2, |
|
55 |
# so they had to be modified to handle python3 as well. Use this |
|
56 |
# var so that it is passed along and influences how those roles run. |
|
57 |
all_use_python3: true |
|
58 |
|
|
59 |
# FTL is used for grading and solving. It will pull in the external ftl-injector role. |
|
60 |
# This might be enabled when we have solvers to run or graders for ILT |
|
61 |
install_ftl: false |
|
62 |
|
|
63 |
# TODO: Decide on whether to use sat or give access to repos directly with key |
|
64 |
# This will tell Agnosticd to use either: |
|
65 |
# sattelite, rhn, or file for repos |
|
66 |
repo_method: file |
|
67 |
# If using satellite, these are needed: |
|
68 |
# satellite_url: satellite.opentlc.com |
|
69 |
# satellite_activationkey: # This should be stored in secrets |
|
70 |
# satellite_org: # This should be stored in secrets |
|
71 |
# use_content_view: true |
|
72 |
# If using file, these are needed in addition to the repos_template.j2 file: |
|
73 |
osrelease: '4.3.0' |
|
74 |
repo_version: '4.3' |
|
75 |
|
|
76 |
# own_repo_path: points to a repo mirror. Must defined in secrets |
2949f9
|
77 |
#own_repo_path: |
909bee
|
78 |
|
WK |
79 |
# Packages to install on all of the hosts deployed as part of the agnosticd config |
|
80 |
# This invokes the "common" role |
|
81 |
install_common: true |
|
82 |
|
|
83 |
# As part of the "common" role, this cause it to do a yum update on the host |
|
84 |
update_packages: true |
|
85 |
|
|
86 |
# The packages that will be installed by the "common" role. Only put things |
|
87 |
# in this list that are needed, stable, and useful on every node. |
|
88 |
common_packages: |
|
89 |
- unzip |
|
90 |
- bash-completion |
|
91 |
- tmux |
|
92 |
- bind-utils |
|
93 |
- wget |
|
94 |
- ansible |
|
95 |
- git |
|
96 |
- vim-enhanced |
|
97 |
- httpd-tools |
|
98 |
- openldap-clients |
|
99 |
- podman |
|
100 |
- tree |
|
101 |
|
|
102 |
# NFS |
|
103 |
# ------------- |
|
104 |
# NFS Server settings (NFS Server doesn't work at the moment for IPI installs) |
|
105 |
# (IPI creates a private network that can't reach the utility VM) |
|
106 |
# nfs_install_server: false |
|
107 |
# nfs_export_path: /srv/nfs |
|
108 |
# nfs_server_address: "utilityvm.example.com" |
|
109 |
# nfs_exports_config: "*(rw,sync,no_wdelay,no_root_squash,insecure,fsid=0)" |
|
110 |
|
|
111 |
# When the config is setting up NFS on the utility VM, |
|
112 |
# this will define how many exports to create on the NFS server. These still have to |
|
113 |
# be created as PVs by the user once OpenShift is installed. PV files are created |
|
114 |
# and placed on the bastion to use for this. |
|
115 |
# nfs_user_vols_count: 20 |
|
116 |
|
|
117 |
# This will be used when creating the Kube PV definitions |
|
118 |
# nfs_user_vols_size: 20G |
|
119 |
|
|
120 |
# Number of Nodes |
|
121 |
master_instance_count: 3 |
|
122 |
worker_instance_count: 2 |
|
123 |
|
|
124 |
# This will run in the post_software phase and run playbooks in the |
|
125 |
# software_playbooks directory |
|
126 |
software_to_deploy: openshift4 |
|
127 |
|
|
128 |
# Install OpenShift 4 - and which version |
|
129 |
install_ocp4: true |
|
130 |
ocp4_installer_version: "4.3.0" |
8c3473
|
131 |
# Run logic to enable cluster shutdown before 24h initial certificate rotation (default is true) |
WK |
132 |
ocp4_enable_cluster_shutdown: true |
|
133 |
|
909bee
|
134 |
subdomain_base_suffix: ".example.opentlc.com" |
WK |
135 |
|
|
136 |
# Run smoketests after installation |
|
137 |
run_smoke_tests: false |
|
138 |
|
|
139 |
# YAML List of Infrastructure Workloads. |
|
140 |
# REQUIRES Ansible 2.7+ on the deployer host |
|
141 |
# Empty by default - to be set by specific configurations |
|
142 |
infra_workloads: [] |
|
143 |
|
|
144 |
# Suggested workloads for a base Workshop Cluster: |
|
145 |
# - ocp4-workload-authentication |
|
146 |
# - ocp4-workload-infra-nodes |
|
147 |
# - ocp4-workload-project-request-template |
|
148 |
# - ocp4-workload-logging |
|
149 |
# - ocp4-workload-opentlc-production |
|
150 |
# - ocp4-workload-enable-lets-encrypt-certificates |
|
151 |
|
|
152 |
# YAML List of Student Workloads. |
|
153 |
# REQUIRES Ansible 2.7+ on the deployer host |
|
154 |
# Empty by default - to be set by specific configurations |
|
155 |
# Can only be used with htpasswd authentication |
|
156 |
student_workloads: [] |
|
157 |
|
|
158 |
# Some workloads create infrastructure that needs to be removed |
|
159 |
# when deleting the software or infrastructure |
|
160 |
remove_workloads: [] |
|
161 |
|
|
162 |
# Example configuration variables for default workloads. |
|
163 |
# Set in the configuration that requests workloads |
d15b2f
|
164 |
# instance types need to be set in default_vars_{{ cloudprovider }} |
909bee
|
165 |
# _infra_node_replicas: 1 |
d15b2f
|
166 |
# _infra_node_elasticsearch_nodes: true |
WK |
167 |
# _infra_node_elasticsearch_replicas: 1 |
|
168 |
# _logging_use_dedicated_nodes: "elasticsearch" |
|
169 |
# _logging_elasticsearch_replicas: "{{ _infra_node_elasticsearch_replicas }}" |
909bee
|
170 |
|
WK |
171 |
# --------------------------------------------------------------- |
|
172 |
# Authentication Variables (if workload ocp4-workload-authentication is run) |
|
173 |
# ocp4_idm_install can be one of none, htpasswd, ldap |
|
174 |
#ocp4_idm_install: none |
|
175 |
|
|
176 |
# Set up a user from the Authentication Provider with cluster-admin permissions |
|
177 |
#ocp4_idm_admin_user: opentlc-mgr |
|
178 |
|
|
179 |
# LDAP settings |
|
180 |
#ocp4_idm_ldap_url: ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid |
|
181 |
#ocp4_idm_ldap_ca_url: http://ipa.opentlc.com/ipa/config/ca.crt |
|
182 |
#ocp4_idm_ldap_bind_dn: "uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com" |
|
183 |
#ocp4_idm_ldap_bindPassword: <must be set in secrets> |
|
184 |
|
|
185 |
# htpasswd settings |
|
186 |
# ----------------- |
|
187 |
# Base of the users for htpasswd |
|
188 |
#ocp4_idm_htpasswd_user_base: user |
2bcea0
|
189 |
#ocp4_idm_htpasswd_user_count: 100 |
909bee
|
190 |
|
WK |
191 |
# Set a password for the Admin User |
2bcea0
|
192 |
# If no password is set a 16 character random password is generated |
909bee
|
193 |
# ocp4_idm_htpasswd_admin_password: |
WK |
194 |
|
|
195 |
# Set a password for all htpasswd users |
2bcea0
|
196 |
# If no password is set a 16 character random password is generated |
909bee
|
197 |
# ocp4_idm_htpasswd_user_password: |
WK |
198 |
|
|
199 |
# Remove Kubeadmin user upon successful installation of Authentication |
|
200 |
#ocp4_idm_remove_kubeadmin: true |
|
201 |
# --------------------------------------------------------------- |
b704b2
|
202 |
|
WK |
203 |
# pull secret needs to be defined in secrets |
|
204 |
#ocp4_pull_secret: '' |
|
205 |
|
db6af5
|
206 |
# admin keys |
VP |
207 |
opentlc_admin_pub_keys: |
|
208 |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Avw03Dmh1R2QWQ4CV7JgEsXnHQjNhfppD5aZmh0q/64p6lW+2oNKTT7fVQcrsdmlJwrMd5apkUGrOcq0hHXQMEVZEKUmEjko2BqD5A9/zNX7apObW88bFFfgxc91lOT+e+wfCFsrr3b2SJ3+KL6nTBJV7Lf46i6z86vhiDPjqL7U9kTS+bK9ldU20vpn8h+ZAIaiafVWfjihUjhNpcUY46klixV1YcAkBGCbE+YR6RAAc6vWy0zB3YJnTUl9OFt213ofi1qjuWKVMmOxORxPKB4/JQ+hfAsCMysoVFnFYs10dWxaySK63OgY9uLNyaIwkEaVVIfcViRVm0DZfoNH gucore |
|
209 |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvZvn+GL0wTOsAdh1ikIQoqj2Fw/RA6F14O347rgKdpkgOQpGQk1k2gM8wcla2Y1o0bPIzwlNy1oh5o9uNjZDMeDcEXWuXbu0cRBy4pVRhh8a8zAZfssnqoXHHLyPyHWpdTmgIhr0UIGYrzHrnySAnUcDp3gJuE46UEBtrlyv94cVvZf+EZUTaZ+2KjTRLoNryCn7vKoGHQBooYg1DeHLcLSRWEADUo+bP0y64+X/XTMZOAXbf8kTXocqAgfl/usbYdfLOgwU6zWuj8vxzAKuMEXS1AJSp5aeqRKlbbw40IkTmLoQIgJdb2Zt98BH/xHDe9xxhscUCfWeS37XLp75J backdoor_opentlc_key |
|
210 |
|