# The type of cloud provider this will be deployed to
|
cloud_provider: osp
|
|
# Authenication credentials for OpenStack in order to create the things.
|
# These should be included with your secrets, but are listed here for reference
|
# osp_auth_url:
|
# osp_auth_username:
|
# osp_auth_password:
|
# osp_auth_cloud:
|
# osp_auth_project_domain: #usually set to "default"
|
# osp_auth_user_domain: #usually set to "default"
|
|
# This is an account that must exist in OpenStack.
|
# It is used to create projects, access, Heat templates
|
admin_user: opentlc-mgr
|
|
# The name of the project that will be created in OpenStack for the user
|
osp_project_name: "{{ guid }}-project"
|
|
# The name of the cloud where ocp-cluster will be created
|
osp_cloud_name: "{{ osp_project_name }}"
|
|
# Set this to true if you need to create a new project in OpenStack
|
# This should almost always be set to true for OpenShift installations
|
# If it is set to false, the {{ osp_project_name }} must already exist and
|
# should be able to run whatever you are deploying
|
osp_project_create: true
|
|
# This is the user that Ansible will use to connect to the nodes it is
|
# configuring from the admin/control host
|
ansible_user: cloud-user
|
remote_user: cloud-user
|
|
# The domain that you want to add DNS entries to
|
osp_cluster_dns_zone: blue.osp.opentlc.com
|
|
# The base domain
|
ocp4_base_domain: "{{ osp_cluster_dns_zone }}"
|
|
# The dynamic DNS server you will add entries to.
|
# NOTE: This is only applicable when {{ use_dynamic_dns}} is true
|
osp_cluster_dns_server: ddns01.opentlc.com
|
|
# Whether to wait for an ack from the DNS servers before continuing
|
wait_for_dns: true
|
|
# Authenticaion for DDNS, Must be set in secrets
|
# ddns_key_name:
|
# ddns_secret_name:
|
|
# Set this to true if you want a FIPs provisioned for an OpenShift on OpenStack install
|
# This will provision an API and Ingress FIP
|
openshift_fip_provision: True
|
|
# This requires DDNS or other DNS solution configured
|
# If enabled, it will add DNS entries for the API and Ingress FIPs
|
openshift_fip_dns: True
|
|
# The external network in OpenStack where the floating IPs (FIPs) come from
|
provider_network: external
|
|
# If you are deploying OpenShift, this should be set to the network that you
|
# want to use and will be used to create security groups.
|
# It will pull the subnet CIDR from the defined network below, based on the
|
# name you define for {{ ocp_network }}
|
ocp_network: "ocp"
|
ocp_network_subnet_cidr: "{{ networks | json_query(query_subnet_cidr) | first }}"
|
query_subnet_cidr: "[?name=='{{ ocp_network }}'].subnet_cidr"
|
|
# A list of the private networks and subnets to create in the project
|
# You can create as many as you want, but at least one is required.
|
# Use the name of the networks where appropriate in the instance list
|
networks:
|
- name: ocp
|
shared: "false"
|
subnet_cidr: 192.168.47.0/24
|
gateway_ip: 192.168.47.1
|
allocation_start: 192.168.47.10
|
allocation_end: 192.168.47.254
|
dns_nameservers: []
|
create_router: true
|
|
# Quotas to set for new project that is created
|
quota_num_instances: 15
|
quota_num_cores: 72
|
quota_memory: 163840 # in MB
|
quota_num_volumes: 25
|
quota_volumes_gigs: 1000
|
#quota_loadbalancers: #when Octavia is available
|
#quota_pool: #when Octavia is available
|
quota_networks: 3
|
quota_subnets: 3
|
quota_routers: 3
|
quota_fip: 5
|
quota_sg: 10
|
quota_sg_rules: 100
|
|
# Instances to be provisioned in new project
|
# Provide these as a list.
|
# Each instance type can have any number of replicas deployed with the same
|
# configuration.
|
# Metadata in OpenStack is equivelent to tags in AWS
|
# These instances will be created with Cinder persistent volumes
|
instances:
|
- name: bastion
|
count: 1
|
unique: yes
|
alt_name: bastion
|
image_id: "{{ bastion_instance_image }}"
|
floating_ip: yes
|
flavor:
|
osp: "{{ bastion_instance_type }}"
|
metadata:
|
- AnsibleGroup: "bastions,clientvms"
|
- function: bastion
|
- user: "{{ student_name }}"
|
- project: "{{ project_tag }}"
|
- ostype: linux
|
- Purpose: "{{ purpose }}"
|
rootfs_size: 30
|
network: ocp
|
security_groups:
|
- bastion_sg
|
|
# Uncomment to create a UtilityVM that can host an NFS server
|
# - name: utilityvm
|
# count: 1
|
# image_id: "{{ utilityvm_instance_image }}"
|
# floating_ip: no
|
# flavor:
|
# osp: "{{ utilityvm_instance_type }}"
|
# metadata:
|
# - AnsibleGroup: "utility"
|
# - function: bastion
|
# - user: "{{ student_name }}"
|
# - project: "{{ project_tag }}"
|
# - ostype: linux
|
# - Purpose: "{{ purpose }}"
|
# rootfs_size: 500
|
# network: ocp
|
# security_groups:
|
# - utility_sg
|
|
# Security groups and associated rules. This will be provided
|
#when the Heat template is generated separate groups and rules
|
security_groups:
|
- name: bastion_sg
|
description: Bastion security group allows basic icmp and SSH ingress and egress to *
|
rules:
|
- protocol: icmp
|
direction: ingress
|
- protocol: tcp
|
direction: ingress
|
port_range_min: 22
|
port_range_max: 22
|
remote_ip_prefix: 0.0.0.0/0
|
|
# Uncomment for a UtilityVM
|
# - name: utility_sg
|
# description: Utility security group allows SSH from bastion, NFS traffic and egress to *
|
# rules:
|
# - protocol: icmp
|
# direction: ingress
|
# remote_group: "bastion_sg"
|
# - protocol: tcp
|
# direction: ingress
|
# port_range_min: 22
|
# port_range_max: 22
|
# remote_group: "bastion_sg"
|
# - protocol: tcp
|
# direction: ingress
|
# port_range_min: 2049
|
# port_range_max: 2049
|
# remote_ip_prefix: "{{ ocp_network_subnet_cidr }}"
|
# description: "NFS traffic"
|
|
# These will influence the bastion if it is being deployed
|
bastion_instance_type: 2c2g30d
|
bastion_instance_image: rhel-server-7.7-update-2
|
|
# These will influence the utility VM, which is primarily used for disconnected
|
# install, but can be used for anything really.
|
# utilityvm_instance_type: 2c2g30d
|
# utilityvm_instance_image: rhel-server-7.7-update-2
|
|
# Master Instance Type
|
master_instance_type: 4c16g30d
|
|
# Worker Instance Type
|
worker_instance_type: 4c16g30d
|
