###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT
|
###### OR PASS as "-e" args to ansible-playbook command
|
|
### Common Host settings
|
# Repo Method. One of file, satellite and rhn
|
repo_method: file
|
|
#If using repo_method: satellite, you must set these values as well.
|
# satellite_url: satellite.example.com
|
# satellite_org: Sat_org_name
|
# satellite_activationkey: "rhel7basic"
|
|
# Do you want to run a full yum update
|
update_packages: false
|
|
## guid is the deployment unique identifier, it will be appended to all tags,
|
## files and anything that identifies this environment from another "just like it"
|
#guid: defaultguid
|
|
# The next flag is 1 by default. If it is set to more than 1 then instead of creating
|
# clientvm.guid.baseurl it will create clientvm{1..num_users}.guid.baseurl
|
num_users: 1
|
install_bastion: true
|
install_common: true
|
install_opentlc_integration: true
|
install_ipa_client: false
|
install_student_user: false
|
|
# install openshift python modules on bastion
|
install_k8s_modules: true
|
|
## Automatically deploy ocp4 cluster using the installer
|
install_ocp4: true
|
ocp4_installer_version: "v0.16.1"
|
oc_client_version: "4.0.22"
|
cluster_name: "cluster-{{ guid }}"
|
|
# Smoke tests
|
# if set to true, the playbook will fail if the smoke tests failed.
|
# if set to false, the smoke tests are just informative.
|
smoke_tests: false
|
|
## Install Authentication.
|
## Valid options are none, htpasswd, ldap (and maybe in the future sso)
|
## For LDAP a bindPassword needs to be passed via the command line
|
install_idm: "none"
|
idm_ca_url: http://ipa.opentlc.com/ipa/config/ca.crt
|
|
### If you want a Key Pair name created and injected into the hosts,
|
# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key`
|
# you can use the key used to create the environment or use your own self generated key
|
# if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}})
|
|
use_own_key: true
|
env_authorized_key: "{{guid}}key"
|
ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem
|
set_env_authorized_key: true
|
|
# Is this running from Red Hat Ansible Tower
|
#tower_run: false
|
|
### AWS EC2 Environment settings
|
|
### Route 53 Zone ID (AWS)
|
# This is the Route53 HostedZoneId where you will create your Public DNS entries
|
# This only needs to be defined if your CF template uses route53
|
HostedZoneId: Z3IHLWJZOU9SRT
|
# The region to be used, if not specified by -e in the command line
|
aws_region: us-east-1
|
# The key that is used to
|
key_name: "default_key_name"
|
|
## Networking (AWS)
|
subdomain_base_short: "{{ guid }}"
|
subdomain_base_suffix: ".example.opentlc.com"
|
subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}"
|
|
## OCP 4 Environment Sizing
|
|
clientvm_instance_type: "t2.medium"
|
|
master_instance_type: "m4.xlarge"
|
master_instance_count: 3
|
worker_instance_type: "m4.2xlarge"
|
worker_instance_count: 3
|
|
# Enable Default Workloads. REQUIRES Ansible 2.7+ on the deployer host
|
default_workloads:
|
- ocp4-workload-infra-nodes
|
# - ocp4-workload-project-request-template
|
- ocp4-workload-enable-service-broker
|
- ocp4-workload-template-service-broker
|
- ocp-workload-terminal
|
- ocp4-workload-automation-broker
|
- ocp4-workload-logging
|
#- ocp4-workload-enable-lets-encrypt-certificates
|
#- ocp4-workload-userquota-operator
|
|
###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT
|
|
ansible_user: ec2-user
|
remote_user: ec2-user
|
|
common_packages:
|
- python
|
- unzip
|
- bash-completion
|
- tmux
|
- bind-utils
|
- wget
|
- ansible
|
- git
|
- vim-enhanced
|
- iptables-services
|
- httpd-tools
|
|
rhel_repos:
|
- rhel-7-server-rpms
|
- rhel-7-server-extras-rpms
|
- rhel-7-server-ansible-2.6-rpms
|
- rhel-7-server-optional-rpms
|
|
# use_subscription_manager: false
|
# use_own_repos: true
|
#
|
rhn_pool_id_string: OpenShift Container Platform
|
|
### CLOUDFORMATIONS vars
|
|
project_tag: "{{ env_type }}-{{ guid }}"
|
|
zone_internal_dns: "{{guid}}.internal."
|
chomped_zone_internal_dns: "{{guid}}.internal"
|
|
bastion_public_dns: "bastion.{{subdomain_base}}."
|
bastion_public_dns_chomped: "bastion.{{subdomain_base}}"
|
vpcid_name_tag: "{{subdomain_base}}"
|
|
az_1_name: "{{ aws_region }}a"
|
az_2_name: "{{ aws_region }}b"
|
|
# subnet_private_1_cidr_block: "192.168.2.0/24"
|
# subnet_private_1_az: "{{ az_2_name }}"
|
# subnet_private_1_name_tag: "{{subdomain_base}}-private"
|
#
|
# subnet_private_2_cidr_block: "192.168.1.0/24"
|
# subnet_private_2_az: "{{ az_1_name }}"
|
# subnet_private_2_name_tag: "{{subdomain_base}}-private"
|
#
|
# subnet_public_1_cidr_block: "192.168.10.0/24"
|
# subnet_public_1_az: "{{ az_1_name }}"
|
# subnet_public_1_name_tag: "{{subdomain_base}}-public"
|
#
|
# subnet_public_2_cidr_block: "192.168.20.0/24"
|
# subnet_public_2_az: "{{ az_2_name }}"
|
# subnet_public_2_name_tag: "{{subdomain_base}}-public"
|
#
|
# dopt_domain_name: "{{ aws_region }}.compute.internal"
|
#
|
# rtb_public_name_tag: "{{subdomain_base}}-public"
|
# rtb_private_name_tag: "{{subdomain_base}}-private"
|
#
|
# cf_template_description: "{{ env_type }}-{{ guid }} template "
|
|
# cloudformation_retries: 2
|
# ocp_report: false
|
|
instances:
|
- name: "clientvm"
|
count: "{{num_users}}"
|
unique: yes
|
public_dns: true
|
alt_name: bastion
|
flavor:
|
"ec2": "{{clientvm_instance_type}}"
|
tags:
|
- key: "AnsibleGroup"
|
value: "bastions,clientvms"
|
- key: "ostype"
|
value: "linux"
|
rootfs_size: 30
|
security_groups:
|
- BastionSG
|