###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
|
###### OR PASS as "-e" args to ansible-playbook command
|
|
# The name of the agnosticd config to deploy
|
env_type: ocp4-cluster
|
|
# The output_dir holds all of the files generated during the deployment
|
# This includes generated Heat templates, SSH config, SSH keys
|
# This must be an absolute path and no vars (like $HOME or ~)
|
output_dir: /tmp/output_dir
|
|
# The {{ guid }} is used everywhere and it is what differentiates otherwise
|
# identical environments. Make this unique. Usually they are 4 characters, but
|
# it can be any reasonable length.
|
guid: notset
|
|
# The name of the OpenShift cluster that will be deployed.
|
# This is primarily used if you want to automate the OpenShift deployment.
|
cluster_name: cluster-{{ guid }}
|
|
# Used to add metadata (tags) to OpenStack objects created
|
project_tag: "{{ env_type }}-{{ guid }}"
|
|
# Why is this config being deployed? Override for specific environments
|
# Some valid: development, ilt, production, event
|
purpose: development
|
|
# Enable this if you want to create a user on the bastion
|
# Mutually exclusive with {{ install_ipa_client }}
|
install_student_user: true
|
|
# This should be overwritten based on the user ordering the catalog item
|
# It will be used by the bastion-student-user role and created on the bastion
|
student_name: lab-user
|
|
# Enable this if you want to use IPA for user authentication.
|
# Mutually exclusive with {{ install_student_user }}
|
install_ipa_client: false
|
|
# TODO: What does this really do besides run the role?
|
set_env_authorized_key: true
|
env_authorized_key: "{{guid}}key"
|
key_name: "default_key_name"
|
|
# Run the bastion-lite role
|
install_bastion: true
|
|
# This config was written with the expectation of using python3
|
# Several of the roles that it depends on only work with python2,
|
# so they had to be modified to handle python3 as well. Use this
|
# var so that it is passed along and influences how those roles run.
|
all_use_python3: true
|
|
# FTL is used for grading and solving. It will pull in the external ftl-injector role.
|
# This might be enabled when we have solvers to run or graders for ILT
|
install_ftl: false
|
|
# TODO: Decide on whether to use sat or give access to repos directly with key
|
# This will tell Agnosticd to use either:
|
# sattelite, rhn, or file for repos
|
repo_method: file
|
# If using satellite, these are needed:
|
# satellite_url: satellite.opentlc.com
|
# satellite_activationkey: # This should be stored in secrets
|
# satellite_org: # This should be stored in secrets
|
# use_content_view: true
|
# If using file, these are needed in addition to the repos_template.j2 file:
|
osrelease: '4.3.0'
|
repo_version: '4.3'
|
|
# own_repo_path: points to a repo mirror. Must defined in secrets
|
#own_repo_path:
|
|
# Packages to install on all of the hosts deployed as part of the agnosticd config
|
# This invokes the "common" role
|
install_common: true
|
|
# As part of the "common" role, this cause it to do a yum update on the host
|
update_packages: true
|
|
# The packages that will be installed by the "common" role. Only put things
|
# in this list that are needed, stable, and useful on every node.
|
common_packages:
|
- unzip
|
- bash-completion
|
- tmux
|
- bind-utils
|
- wget
|
- ansible
|
- git
|
- vim-enhanced
|
- httpd-tools
|
- openldap-clients
|
- podman
|
- tree
|
|
# NFS
|
# -------------
|
# NFS Server settings (NFS Server doesn't work at the moment for IPI installs)
|
# (IPI creates a private network that can't reach the utility VM)
|
# nfs_install_server: false
|
# nfs_export_path: /srv/nfs
|
# nfs_server_address: "utilityvm.example.com"
|
# nfs_exports_config: "*(rw,sync,no_wdelay,no_root_squash,insecure,fsid=0)"
|
|
# When the config is setting up NFS on the utility VM,
|
# this will define how many exports to create on the NFS server. These still have to
|
# be created as PVs by the user once OpenShift is installed. PV files are created
|
# and placed on the bastion to use for this.
|
# nfs_user_vols_count: 20
|
|
# This will be used when creating the Kube PV definitions
|
# nfs_user_vols_size: 20G
|
|
# Number of Nodes
|
master_instance_count: 3
|
worker_instance_count: 2
|
|
# This will run in the post_software phase and run playbooks in the
|
# software_playbooks directory
|
software_to_deploy: openshift4
|
|
# Install OpenShift 4 - and which version
|
install_ocp4: true
|
ocp4_installer_version: "4.3.0"
|
# Run logic to enable cluster shutdown before 24h initial certificate rotation (default is true)
|
ocp4_enable_cluster_shutdown: true
|
|
subdomain_base_suffix: ".example.opentlc.com"
|
|
# Run smoketests after installation
|
run_smoke_tests: false
|
|
# YAML List of Infrastructure Workloads.
|
# REQUIRES Ansible 2.7+ on the deployer host
|
# Empty by default - to be set by specific configurations
|
infra_workloads: []
|
|
# Suggested workloads for a base Workshop Cluster:
|
# - ocp4-workload-authentication
|
# - ocp4-workload-infra-nodes
|
# - ocp4-workload-project-request-template
|
# - ocp4-workload-logging
|
# - ocp4-workload-opentlc-production
|
# - ocp4-workload-enable-lets-encrypt-certificates
|
|
# YAML List of Student Workloads.
|
# REQUIRES Ansible 2.7+ on the deployer host
|
# Empty by default - to be set by specific configurations
|
# Can only be used with htpasswd authentication
|
student_workloads: []
|
|
# Some workloads create infrastructure that needs to be removed
|
# when deleting the software or infrastructure
|
remove_workloads: []
|
|
# Example configuration variables for default workloads.
|
# Set in the configuration that requests workloads
|
# _infra_node_replicas: 1
|
# _infra_node_instance_type: "4c16g30d"
|
# _logging_use_infra_nodes: True
|
# _logging_elasticsearch_replicas: "{{ _infra_node_replicas }}"
|
# _logging_wait_for_deployment: False
|
# _opentlc_production_remove_self_provisioner: False
|
|
# ---------------------------------------------------------------
|
# Authentication Variables (if workload ocp4-workload-authentication is run)
|
# ocp4_idm_install can be one of none, htpasswd, ldap
|
#ocp4_idm_install: none
|
|
# Set up a user from the Authentication Provider with cluster-admin permissions
|
#ocp4_idm_admin_user: opentlc-mgr
|
|
# LDAP settings
|
#ocp4_idm_ldap_url: ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid
|
#ocp4_idm_ldap_ca_url: http://ipa.opentlc.com/ipa/config/ca.crt
|
#ocp4_idm_ldap_bind_dn: "uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com"
|
#ocp4_idm_ldap_bindPassword: <must be set in secrets>
|
|
# htpasswd settings
|
# -----------------
|
# Base of the users for htpasswd
|
#ocp4_idm_htpasswd_user_base: user
|
#ocp4_idm_htpasswd_user_count: 200
|
|
# Set a password for the Admin User
|
# ocp4_idm_htpasswd_admin_password:
|
# Alternatively set a password Hash for all htpasswd users
|
# ocp4_idm_htpasswd_admin_password_hash
|
|
# Set a password for all htpasswd users
|
# ocp4_idm_htpasswd_user_password:
|
# Alternatively set a password Hash for all htpasswd users
|
# ocp4_idm_htpasswd_user_password_hash
|
|
# Remove Kubeadmin user upon successful installation of Authentication
|
#ocp4_idm_remove_kubeadmin: true
|
# ---------------------------------------------------------------
|