RedHatTraining/agnosticd.git

parent: 7e6ac07a | patch | commit | ignore whitespace

Merge branch 'development' of sborenst.github.com:sborenst/ansible_agnostic...

jbride

2018-05-20 7a2098aa833fd69498df2d490fef4dbf08bce804

Merge branch 'development' of sborenst.github.com:sborenst/ansible_agnostic_deployer into development

2 files added

11 files modified

	ansible/configs/ocp-clientvm/env_vars.yml	2 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-ha-disconnected-lab/files/hosts_template.3.9.27.j2	311 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-ha-disconnected-lab/files/labs_hosts_template.j2	3 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-ha-lab/files/hosts_template.3.9.27.j2	18 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-ha-lab/files/labs_hosts_template.j2	22 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-workshop/env_vars.yml	8 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-workshop/files/cloud_providers/azure_cloud_template.j2	2 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-workshop/files/hosts_template.3.9.27.j2	390 ●●●●● patch \| view \| raw \| blame \| history
	ansible/configs/ocp-workshop/post_software.yml	42 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/bastion-opentlc-ipa/tasks/main.yml	6 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp-client-vm/tasks/packages.yml	2 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp-client-vm/templates/sysconfig.docker-storage-setup.j2	1 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/openshift-ansible-broker/tasks/main.yml	27 ●●●●● patch \| view \| raw \| blame \| history

 ansible/configs/ocp-clientvm/env_vars.yml

@@ -65,7 +65,7 @@
#### Vars for the OpenShift Ansible hosts file
## TODO: This should be registered as a variable. Awk for os verions (OCP).
## yum info openshift...
osrelease: 3.9.14
osrelease: 3.9.27

###### You can, but you usually wouldn't need to.
ansible_ssh_user: ec2-user

 ansible/configs/ocp-ha-disconnected-lab/files/hosts_template.3.9.27.j2

New file
@@ -0,0 +1,311 @@
[OSEv3:vars]

###########################################################################
### Ansible Vars
###########################################################################
timeout=60
ansible_become=yes
ansible_ssh_user={{ansible_ssh_user}}

###########################################################################
### OpenShift Basic Vars
###########################################################################
deployment_type=openshift-enterprise
containerized=false
openshift_disable_check="disk_availability,memory_availability,docker_image_availability"

# default project node selector
osm_default_node_selector='env=app'
openshift_hosted_infra_selector="env=infra"

# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later.
openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']}

# Configure logrotate scripts
# See: https://github.com/nickhammond/ansible-logrotate
logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}]

###########################################################################
### OpenShift Optional Vars
###########################################################################

# Enable cockpit
osm_use_cockpit=true
osm_cockpit_plugins=['cockpit-kubernetes']

###########################################################################
### OpenShift Master Vars
###########################################################################

openshift_master_api_port={{master_api_port}}
openshift_master_console_port={{master_api_port}}

openshift_master_cluster_method=native
openshift_master_cluster_hostname=loadbalancer1.{{guid}}.internal
openshift_master_cluster_public_hostname={{master_lb_dns}}
openshift_master_default_subdomain={{cloudapps_suffix}}
#openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'}
openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}}

# Set this line to enable NFS
openshift_enable_unsupported_configurations=True

###########################################################################
### OpenShift Network Vars
###########################################################################

osm_cluster_network_cidr=10.1.0.0/16
openshift_portal_net=172.30.0.0/16

#os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
{{multi_tenant_setting}}

##########################################################################
### Disconnected Install Vars
### Requires a docker registry at isolated1.{{guid}}.internal:5000
###########################################################################
# sets the debug level for all OpenShift components.  Default is 2
#debug_level=8

# used for container-based install, not RPM
system_images_registry=isolated1.{{guid}}.internal:5000

# https://bugzilla.redhat.com/show_bug.cgi?id=1461465  target release 3.9
#the enterprise registry will not be added to the docker registries.
#also enables insecure registries, somehow.
openshift_docker_ent_reg=''

# https://bugzilla.redhat.com/show_bug.cgi?id=1516534 target release 3.10
oreg_url=isolated1.{{guid}}.internal:5000/openshift3/ose-${component}:${version}

openshift_examples_modify_imagestreams=true
openshift_docker_additional_registries=isolated1.{{guid}}.internal:5000
openshift_docker_insecure_registries=isolated1.{{guid}}.internal:5000
openshift_docker_blocked_registries=registry.access.redhat.com,docker.io
openshift_metrics_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_metrics_image_version=v3.9.14
openshift_logging_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_logging_image_version=v3.9.14
ansible_service_broker_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
ansible_service_broker_image_tag=v3.9.14
ansible_service_broker_etcd_image_prefix=isolated1.{{guid}}.internal:5000/rhel7/
ansible_service_broker_etcd_image_tag=latest
openshift_service_catalog_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
openshift_service_catalog_image_version=v3.9.14
openshift_cockpit_deployer_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_cockpit_deployer_version=v3.9.14
template_service_broker_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
template_service_broker_version=v3.9.14
openshift_web_console_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
openshift_web_console_version=v3.9.14
# PROMETHEUS SETTINGS
openshift_prometheus_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_prometheus_image_version=v3.9.14
openshift_prometheus_alertmanager_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_prometheus_alertmanager_image_version=v3.9.14
openshift_prometheus_alertbuffer_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_prometheus_alertbuffer_image_version=v3.9.14
openshift_prometheus_oauth_proxy_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_prometheus_oauth_proxy_image_version=v3.9.14
openshift_prometheus_node_exporter_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
openshift_prometheus_node_exporter_image_version=v3.9.14


##########################################################################
## OpenShift Authentication Vars
###########################################################################

{% if install_idm == "ldap" %}
openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com', 'bindPassword': '{{bindPassword}}', 'ca': 'ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid'}]
{{openshift_master_ldap_ca_file}}
{% endif %}

{% if install_idm == "allow_all"  %}
openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
{% endif %}

{% if install_idm == "htpasswd"  %}
# htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
# Defining htpasswd users
#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'}
# or
openshift_master_htpasswd_file=/root/htpasswd.openshift
{% endif %}

###########################################################################
### OpenShift Metrics and Logging Vars
###########################################################################

# Enable cluster metrics
openshift_metrics_install_metrics={{install_metrics}}

openshift_metrics_storage_kind=nfs
openshift_metrics_storage_access_modes=['ReadWriteOnce']
openshift_metrics_storage_nfs_directory=/srv/nfs
openshift_metrics_storage_nfs_options='*(rw,root_squash)'
openshift_metrics_storage_volume_name=metrics
openshift_metrics_storage_volume_size=10Gi
openshift_metrics_storage_labels={'storage': 'metrics'}

openshift_metrics_cassandra_nodeselector={"env":"infra"}
openshift_metrics_hawkular_nodeselector={"env":"infra"}
openshift_metrics_heapster_nodeselector={"env":"infra"}

## Add Prometheus Metrics:
openshift_hosted_prometheus_deploy=true
openshift_prometheus_node_selector={"env":"infra"}
openshift_prometheus_namespace=openshift-metrics

# Prometheus
openshift_prometheus_storage_kind=nfs
openshift_prometheus_storage_access_modes=['ReadWriteOnce']
openshift_prometheus_storage_nfs_directory=/srv/nfs
openshift_prometheus_storage_nfs_options='*(rw,root_squash)'
openshift_prometheus_storage_volume_name=prometheus
openshift_prometheus_storage_volume_size=10Gi
openshift_prometheus_storage_labels={'storage': 'prometheus'}
openshift_prometheus_storage_type='pvc'
# For prometheus-alertmanager
openshift_prometheus_alertmanager_storage_kind=nfs
openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce']
openshift_prometheus_alertmanager_storage_nfs_directory=/srv/nfs
openshift_prometheus_alertmanager_storage_nfs_options='*(rw,root_squash)'
openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager
openshift_prometheus_alertmanager_storage_volume_size=10Gi
openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'}
openshift_prometheus_alertmanager_storage_type='pvc'
# For prometheus-alertbuffer
openshift_prometheus_alertbuffer_storage_kind=nfs
openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce']
openshift_prometheus_alertbuffer_storage_nfs_directory=/srv/nfs
openshift_prometheus_alertbuffer_storage_nfs_options='*(rw,root_squash)'
openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer
openshift_prometheus_alertbuffer_storage_volume_size=10Gi
openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'}
openshift_prometheus_alertbuffer_storage_type='pvc'

# Already set in the disconnected section
# openshift_prometheus_node_exporter_image_version=v3.9

# Enable cluster logging
openshift_logging_install_logging={{install_logging}}

openshift_logging_storage_kind=nfs
openshift_logging_storage_access_modes=['ReadWriteOnce']
openshift_logging_storage_nfs_directory=/srv/nfs
openshift_logging_storage_nfs_options='*(rw,root_squash)'
openshift_logging_storage_volume_name=logging
openshift_logging_storage_volume_size=10Gi
openshift_logging_storage_labels={'storage': 'logging'}

# openshift_logging_kibana_hostname=kibana.{{cloudapps_suffix}}
openshift_logging_es_cluster_size=1

openshift_logging_es_nodeselector={"env":"infra"}
openshift_logging_kibana_nodeselector={"env":"infra"}
openshift_logging_curator_nodeselector={"env":"infra"}

###########################################################################
### OpenShift Project Management Vars
###########################################################################

# Configure additional projects
openshift_additional_projects={'openshift-template-service-broker': {'default_node_selector': ''}}


###########################################################################
### OpenShift Router and Registry Vars
###########################################################################

openshift_hosted_router_replicas={{infranode_instance_count}}
#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"}

openshift_hosted_registry_replicas=1

openshift_hosted_registry_storage_kind=nfs
openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
openshift_hosted_registry_storage_nfs_directory=/srv/nfs
openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'
openshift_hosted_registry_storage_volume_name=registry
openshift_hosted_registry_storage_volume_size=20Gi
openshift_hosted_registry_pullthrough=true
openshift_hosted_registry_acceptschema2=true
openshift_hosted_registry_enforcequota=true


###########################################################################
### OpenShift Service Catalog Vars
###########################################################################

openshift_enable_service_catalog=true

template_service_broker_install=true
openshift_template_service_broker_namespaces=['openshift']

ansible_service_broker_install=true
ansible_service_broker_local_registry_whitelist=['.*-apb$']

openshift_hosted_etcd_storage_kind=nfs
openshift_hosted_etcd_storage_nfs_options="*(rw,root_squash,sync,no_wdelay)"
openshift_hosted_etcd_storage_nfs_directory=/srv/nfs
openshift_hosted_etcd_storage_labels={'storage': 'etcd-asb'}
openshift_hosted_etcd_storage_volume_name=etcd-asb
openshift_hosted_etcd_storage_access_modes=['ReadWriteOnce']
openshift_hosted_etcd_storage_volume_size=10G

###########################################################################
### OpenShift Hosts
###########################################################################
[OSEv3:children]
lb
masters
etcd
nodes
nfs
{% if new_node_instance_count > 0 %}
new_nodes
{% endif %}

[lb]
{% for host in groups['loadbalancers'] %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
{% endfor %}

[masters]
{% for host in groups['masters'] %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
{% endfor %}

[etcd]
{% for host in groups['masters'] %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
{% endfor %}


[nodes]
## These are the masters
{% for host in groups['masters'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
{% endfor %}

## These are infranodes
{% for host in groups['infranodes'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'infra', 'zone': '{{hostvars[host]['placement']}}'}"
{% endfor %}

## These are regular nodes
{% for host in groups['nodes'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'app', 'zone': '{{hostvars[host]['placement']}}'}"
{% endfor %}

{% if new_node_instance_count > 0 %}
# scaleup performed, leave an empty group, see:
# https://docs.openshift.com/container-platform/3.5/install_config/adding_hosts_to_existing_cluster.html
[new_nodes]
{% endif %}

[nfs]
{% for host in groups['support'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}
{% endfor %}

 ansible/configs/ocp-ha-disconnected-lab/files/labs_hosts_template.j2

@@ -11,6 +11,9 @@
# disable memory check, as we are not a production environment
openshift_disable_check="memory_availability"

# Set this line to enable NFS
openshift_enable_unsupported_configurations=True

[OSEv3:children]
lb
masters

 ansible/configs/ocp-ha-lab/files/hosts_template.3.9.27.j2

@@ -32,6 +32,9 @@
#openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'}
openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}}

# Set this line to enable NFS
openshift_enable_unsupported_configurations=True

###########################################################################
### OpenShift Network Vars
###########################################################################
@@ -179,41 +182,42 @@
etcd
nodes
nfs
#glusterfs

[lb]
{% for host in groups['loadbalancers'] %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
{{ hostvars[host].internaldns }}
{% endfor %}

[masters]
{% for host in groups['masters']|sort %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
{{ hostvars[host].internaldns }}
{% endfor %}

[etcd]
{% for host in groups['masters']|sort %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
{{ hostvars[host].internaldns }}
{% endfor %}

[nodes]
## These are the masters
{% for host in groups['masters']|sort %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'master', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'master', 'cluster': '{{guid}}'}"
{% endfor %}

## These are infranodes
{% for host in groups['infranodes']|sort %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}'}"
{% endfor %}

## These are regular nodes
{% for host in groups['nodes']|sort %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'app', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'app', 'cluster': '{{guid}}'}"
{% endfor %}

## These are CNS nodes
{% for host in groups['support']|sort %}
# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}'}"
{% endfor %}

[nfs]

 ansible/configs/ocp-ha-lab/files/labs_hosts_template.j2

@@ -10,47 +10,55 @@
# disable memory check, as we are not a production environment
openshift_disable_check="memory_availability"

# Set this line to enable NFS
openshift_enable_unsupported_configurations=True


###########################################################################
### OpenShift Hosts
###########################################################################
[OSEv3:children]
lb
masters
etcd
nodes
nfs
#glusterfs

[lb]
{% for host in groups['loadbalancers'] %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
{{ hostvars[host].internaldns }}
{% endfor %}

[masters]
{% for host in groups['masters']|sort %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
{{ hostvars[host].internaldns }}
{% endfor %}

[etcd]
{% for host in groups['masters']|sort %}
{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
{{ hostvars[host].internaldns }}
{% endfor %}

[nodes]
## These are the masters
{% for host in groups['masters']|sort %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env': 'master', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env': 'master', 'cluster': '{{guid}}'}"
{% endfor %}

## These are infranodes
{% for host in groups['infranodes']|sort %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}'}"
{% endfor %}

## These are regular nodes
{% for host in groups['nodes']|sort %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'app', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'app', 'cluster': '{{guid}}'}"
{% endfor %}

## These are CNS nodes
{% for host in groups['support']|sort %}
# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}  openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}'}"
{% endfor %}

[nfs]

 ansible/configs/ocp-workshop/env_vars.yml

@@ -114,10 +114,10 @@
## Environment Sizing

bastion_instance_type: "t2.large"
master_instance_type: "c4.4xlarge"
master_instance_type: "m4.4xlarge"
etcd_instance_type: "{{master_instance_type}}"
infranode_instance_type: "c4.4xlarge"
node_instance_type: "c4.4xlarge" # r3.2xlarge
infranode_instance_type: "m4.4xlarge"
node_instance_type: "m4.4xlarge"
support_instance_type: "c4.xlarge"

node_instance_count: 5
@@ -147,7 +147,7 @@
openshift_master_ldap_ca_file: 'openshift_master_ldap_ca_file=/root/ca.crt'
## TODO: This should be registered as a variable. Awk for os verions (OCP).
## yum info openshift...
osrelease: 3.9.14
osrelease: 3.9.27
openshift_master_overwrite_named_certificates: true
timeout: 60


 ansible/configs/ocp-workshop/files/cloud_providers/azure_cloud_template.j2

@@ -101,7 +101,7 @@
            "publisher" : "Redhat",
            "offer" : "RHEL",
            "sku" : "7-RAW",
{% if osrelease is version_compare('3.9', '>=') %}
{% if osrelease is version_compare('3.9.25', '>=') %}
            "version" : "7.5.2018050901"
{% else %}
            "version" : "7.4.2018010506"

 ansible/configs/ocp-workshop/files/hosts_template.3.9.27.j2

New file
@@ -0,0 +1,390 @@
[OSEv3:vars]

#
# /etc/ansible/hosts file for OpenShift Container Platform 3.9.14
#
###########################################################################
### Ansible Vars
###########################################################################
timeout=60
ansible_become=yes
ansible_ssh_user={{ansible_ssh_user}}

###########################################################################
### OpenShift Basic Vars
###########################################################################
deployment_type=openshift-enterprise
containerized=false
openshift_disable_check="disk_availability,memory_availability,docker_image_availability"

{% if container_runtime == "cri-o" %}
openshift_use_crio=True
openshift_crio_enable_docker_gc=True
{% endif %}

# default project node selector
osm_default_node_selector='env=users'
openshift_hosted_infra_selector="env=infra"

# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later.
openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']}

# Configure logrotate scripts
# See: https://github.com/nickhammond/ansible-logrotate
logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true"}}]

{% if install_glusterfs|bool %}
###########################################################################
### OpenShift CNS
###########################################################################
openshift_master_dynamic_provisioning_enabled=True

# Set up GlusterFS Storage
openshift_storage_glusterfs_namespace=glusterfs
openshift_storage_glusterfs_name=storage
openshift_storage_glusterfs_wipe=True
openshift_storage_glusterfs_storageclass_default=false
openshift_storage_glusterfs_storageclass=True
openshift_storageclass_default=false

# Set up Block Storage
# Set as default storage class during installation to force Logging/metrics to use it
# Right now the ASB's ETCD PVC will also land on Block due to this fact
openshift_storage_glusterfs_block_deploy=True
openshift_storage_glusterfs_block_host_vol_size=10
openshift_storage_glusterfs_block_storageclass=True
openshift_storage_glusterfs_block_storageclass_default=True
openshift_storage_glusterfs_block_host_vol_create=True

# Run these commands after installation on one of the masters:
# oc patch storageclass glusterfs-storage -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "true"}}}'
# oc patch storageclass glusterfs-block -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "false"}}}'

{% else %}
# Set this line to enable NFS
openshift_enable_unsupported_configurations=True
{% endif %}

###########################################################################
### OpenShift Cockpit Vars
###########################################################################

# Enable cockpit
osm_use_cockpit=true
osm_cockpit_plugins=['cockpit-kubernetes']

###########################################################################
### OpenShift Master Vars
###########################################################################

openshift_master_api_port={{master_api_port}}
openshift_master_console_port={{master_api_port}}

openshift_master_cluster_method=native
openshift_master_cluster_hostname={{master_lb_dns}}
openshift_master_cluster_public_hostname={{master_lb_dns}}
openshift_master_default_subdomain={{cloudapps_suffix}}
openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}}

{% if install_lets_encrypt_certificates|bool %}
openshift_master_named_certificates=[{"certfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.cer", "keyfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.key", "cafile": "/root/lets-encrypt-x3-cross-signed.pem"}]
{% endif %}

openshift_set_hostname=True

###########################################################################
### OpenShift Network Vars
###########################################################################

osm_cluster_network_cidr=10.1.0.0/16
openshift_portal_net=172.30.0.0/16

#os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy'
{{multi_tenant_setting}}

# This should be turned on once all dependent scripts use firewalld rather than iptables
# os_firewall_use_firewalld=True

###########################################################################
### OpenShift admission plugin config
###########################################################################

{% if install_openwhisk|bool %} 
openshift_master_admission_plugin_config={"openshift.io/ImagePolicy":{"configuration":{"apiVersion":"v1","kind":"ImagePolicyConfig","resolveImages": "AttemptRewrite"}}}
{% else %}
openshift_master_admission_plugin_config={}
{% endif %}


###########################################################################
### OpenShift Authentication Vars
###########################################################################

{% if install_idm == "ldap" %}
openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com', 'bindPassword': '{{bindPassword}}', 'ca': 'ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid'}]
{{openshift_master_ldap_ca_file}}
{% endif %}

{% if install_idm == "allow_all"  %}
openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
{% endif %}

{% if install_idm == "htpasswd"  %}
# htpasswd auth
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
# Defining htpasswd users
#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'}
# or
openshift_master_htpasswd_file=/root/htpasswd.openshift
{% endif %}

###########################################################################
### OpenShift Metrics and Logging Vars
###########################################################################

# Enable cluster metrics
########################
openshift_metrics_install_metrics={{install_metrics}}

{% if install_nfs|bool and not install_glusterfs|bool %}
openshift_metrics_storage_kind=nfs
openshift_metrics_storage_access_modes=['ReadWriteOnce']
openshift_metrics_storage_nfs_directory=/srv/nfs
openshift_metrics_storage_nfs_options='*(rw,root_squash)'
openshift_metrics_storage_volume_name=metrics
openshift_metrics_storage_volume_size=10Gi
openshift_metrics_storage_labels={'storage': 'metrics'}
openshift_metrics_cassanda_pvc_storage_class_name=''
{% endif %}
{% if install_glusterfs|bool %}
openshift_metrics_cassandra_storage_type=dynamic
# Volume size needs to be equal or smaller to the GlusterBlock volume size
openshift_metrics_storage_volume_size=10Gi
{% endif %}

openshift_metrics_cassandra_nodeselector={"env":"infra"}
openshift_metrics_hawkular_nodeselector={"env":"infra"}
openshift_metrics_heapster_nodeselector={"env":"infra"}

# Add Prometheus Metrics:
#########################
openshift_hosted_prometheus_deploy=true
openshift_prometheus_node_selector={"env":"infra"}
openshift_prometheus_namespace=openshift-metrics

# Prometheus
{% if install_glusterfs|bool %}
openshift_prometheus_storage_kind=dynamic
openshift_prometheus_storage_volume_size=20Gi
openshift_prometheus_storage_class=glusterfs-storage
{% elif install_nfs|bool %}
openshift_prometheus_storage_kind=nfs
openshift_prometheus_storage_nfs_directory=/srv/nfs
openshift_prometheus_storage_nfs_options='*(rw,root_squash)'
openshift_prometheus_storage_volume_size=10Gi
openshift_prometheus_storage_labels={'storage': 'prometheus'}
{% endif %}
openshift_prometheus_storage_access_modes=['ReadWriteOnce']
openshift_prometheus_storage_volume_name=prometheus
openshift_prometheus_storage_type='pvc'

# For prometheus-alertmanager
{% if install_glusterfs|bool %}
openshift_prometheus_alertmanager_storage_kind=dynamic
openshift_prometheus_alertmanager_storage_class=glusterfs-storage
{% elif install_nfs|bool %}
openshift_prometheus_alertmanager_storage_kind=nfs
openshift_prometheus_alertmanager_storage_nfs_directory=/srv/nfs
openshift_prometheus_alertmanager_storage_nfs_options='*(rw,root_squash)'
openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'}
{% endif %}
openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce']
openshift_prometheus_alertmanager_storage_volume_size=10Gi
openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager
openshift_prometheus_alertmanager_storage_type='pvc'

# For prometheus-alertbuffer
{% if install_glusterfs|bool %}
openshift_prometheus_alertbuffer_storage_kind=dynamic
openshift_prometheus_alertbuffer_storage_class=glusterfs-storage
{% elif install_nfs|bool %}
openshift_prometheus_alertbuffer_storage_kind=nfs
openshift_prometheus_alertbuffer_storage_nfs_directory=/srv/nfs
openshift_prometheus_alertbuffer_storage_nfs_options='*(rw,root_squash)'
openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'}
{% endif %}
openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce']
openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer
openshift_prometheus_alertbuffer_storage_volume_size=10Gi
openshift_prometheus_alertbuffer_storage_type='pvc'

# Necessary for 3.9.25
openshift_prometheus_node_exporter_image_version=v3.9

# Enable cluster logging
########################
openshift_logging_install_logging={{install_logging}}

{% if install_nfs|bool and not install_glusterfs|bool %}
openshift_logging_storage_kind=nfs
openshift_logging_storage_access_modes=['ReadWriteOnce']
openshift_logging_storage_nfs_directory=/srv/nfs
openshift_logging_storage_nfs_options='*(rw,root_squash)'
openshift_logging_storage_volume_name=logging
openshift_logging_storage_volume_size=10Gi
openshift_logging_storage_labels={'storage': 'logging'}
openshift_logging_es_pvc_storage_class_name=''
{% endif %}
{% if install_glusterfs|bool %}
openshift_logging_es_pvc_dynamic=true
# Volume size needs to be equal or smaller to the GlusterBlock volume size
openshift_metrics_storage_volume_size=10Gi
{% endif %}

openshift_logging_es_cluster_size=1
openshift_logging_es_nodeselector={"env":"infra"}
openshift_logging_kibana_nodeselector={"env":"infra"}
openshift_logging_curator_nodeselector={"env":"infra"}

###########################################################################
### OpenShift Project Management Vars
###########################################################################

# Configure additional projects
# openshift_additional_projects={'my-infra-project-test': {'default_node_selector': 'env=infra'}}

###########################################################################
### OpenShift Router and Registry Vars
###########################################################################

openshift_hosted_router_replicas={{infranode_instance_count}}

{% if install_lets_encrypt_certificates|bool %}
openshift_hosted_router_certificate={"certfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.cer", "keyfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.key", "cafile": "/root/lets-encrypt-x3-cross-signed.pem"}
{% endif %}

openshift_hosted_registry_replicas=1
openshift_hosted_registry_pullthrough=true
openshift_hosted_registry_acceptschema2=true
openshift_hosted_registry_enforcequota=true

{% if s3user_access_key is defined %}
# Registry AWS S3
# S3 bucket must already exist.
openshift_hosted_registry_storage_kind=object
openshift_hosted_registry_storage_provider=s3
openshift_hosted_registry_storage_s3_accesskey={{ s3user_access_key }}
openshift_hosted_registry_storage_s3_secretkey={{ s3user_secret_access_key }}
openshift_hosted_registry_storage_s3_bucket={{ project_tag }}
openshift_hosted_registry_storage_s3_region={{ aws_region }}
openshift_hosted_registry_storage_s3_chunksize=26214400
openshift_hosted_registry_storage_s3_rootdirectory=/registry
{% endif %}


###########################################################################
### OpenShift Service Catalog Vars
###########################################################################

openshift_enable_service_catalog=true

template_service_broker_install=true
openshift_template_service_broker_namespaces=['openshift']

ansible_service_broker_install=true
ansible_service_broker_local_registry_whitelist=['.*-apb$']

{% if install_glusterfs|bool %}
openshift_hosted_etcd_storage_kind=dynamic
# Next one doesn't work at the moment - it's still block
openshift_hosted_etcd_storage_class=glusterfs-storage
{% elif install_nfs|bool %}
openshift_hosted_etcd_storage_kind=nfs
openshift_hosted_etcd_storage_nfs_options="*(rw,root_squash,sync,no_wdelay)"
openshift_hosted_etcd_storage_nfs_directory=/srv/nfs
openshift_hosted_etcd_storage_labels={'storage': 'etcd-asb'}
{% endif %}
openshift_hosted_etcd_storage_volume_name=etcd-asb
openshift_hosted_etcd_storage_access_modes=['ReadWriteOnce']
openshift_hosted_etcd_storage_volume_size=10G

###########################################################################
### OpenShift Hosts
###########################################################################
[OSEv3:children]
masters
etcd
nodes
{% if install_nfs|bool %}
nfs
{% endif %}
{% if install_glusterfs|bool %}
glusterfs
{% endif %}
{% if groups['newnodes']|d([])|length > 0 %}
new_nodes
{% endif %}

[masters]
{% for host in groups['masters'] %}
{{ hostvars[host].internaldns }}
{% endfor %}

[etcd]
{% for host in groups['masters'] %}
{{ hostvars[host].internaldns }}
{% endfor %}

[nodes]
## These are the masters
{% for host in groups['masters'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '{{guid}}', 'runtime': '{{container_runtime}}'}"
{% endfor %}

## These are infranodes
{% for host in groups['infranodes'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'infra', 'runtime': '{{container_runtime}}'}"
{% endfor %}

## These are regular nodes
{% for host in groups['nodes']
  if host not in groups['newnodes']|d([])
  and host not in groups['glusterfs']|d([])
  %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'users', 'runtime': '{{container_runtime}}'}"
{% endfor %}

{% if groups['glusterfs']|d([])|length > 0 %}
## These are glusterfs nodes
{% for host in groups['glusterfs'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'glusterfs', 'runtime': '{{container_runtime}}'}"
{% endfor %}
{% endif %}

{% if groups['newnodes']|d([])|length > 0 %}
# scaleup performed, leave an empty group, see:
# https://docs.openshift.com/container-platform/3.7/install_config/adding_hosts_to_existing_cluster.html
[new_nodes]
{% for host in groups['newnodes'] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'users', 'runtime': '{{container_runtime}}'}"
{% endfor %}
{% endif %}

{% if install_nfs|bool %}
[nfs]
{% for host in [groups['support']|sort|first] %}
{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}
{% endfor %}
{% endif %}

{% if install_glusterfs|bool %}
{% set query = "[?name=='support']|[0].volumes[?purpose=='glusterfs'].device_name" %}
[glusterfs]
{% for host in groups['glusterfs'] %}
{% if cloud_provider == 'ec2' %}
{{ hostvars[host].internaldns }} glusterfs_ip={{hostvars[host].private_ip_address}} glusterfs_devices='{{instances|json_query(query)|to_json}}'
{% elif cloud_provider == 'azure' %}
{{ hostvars[host].internaldns }} glusterfs_ip={{hostvars[host].private_ip_address}} glusterfs_devices='{{ [ hostvars[host].glusterfs_device_name ] |to_json}}'
{% endif %}
{% endfor %}
{% endif %}

 ansible/configs/ocp-workshop/post_software.yml

@@ -60,6 +60,42 @@
      tags:
        - create_user_pv

- name: For CNS change default storage class to glusterfs-storage
  hosts: masters
  run_once: true
  become: yes
  gather_facts: False
  vars_files:
    - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
  tags:
    - env-specific
    - env-specific_infra
    - storage-class
  tasks:
    - when:
        - osrelease is version_compare('3.9.27', '>=')
        - install_glusterfs|bool
      block:
      - name: Set glusterfs-storage class to default
        command: >
          oc patch storageclass glusterfs-storage
          -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "true"}}}'
        register: changesc_r
        failed_when:
          - changesc_r.stdout.find('storageclass "glusterfs-storage" not patched') == -1 
          - changesc_r.rc != 0
        changed_when: changesc_r.stdout.find('storageclass "glusterfs-storage" patched') != -1

      - name: Remove default from glusterfs-storage-block class
        register: changesc_r
        changed_when: changesc_r.stdout.find('storageclass "glusterfs-storage-block" patched') != -1
        failed_when:
          - changesc_r.stdout.find('storageclass "glusterfs-storage-block" not patched') == -1 
          - changesc_r.rc != 0
        command: >
          oc patch storageclass glusterfs-storage-block
          -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "false"}}}'

- name: Configure Bastion for CF integration
  hosts: bastions
  become: yes
@@ -298,12 +334,14 @@
      shell: "oc patch daemonset dockergc --patch='\"spec\": { \"template\": { \"spec\": { \"containers\": [ { \"command\": [ \"/usr/bin/oc\" ], \"name\": \"dockergc\" } ] } } }' -n default"
      ignore_errors: true
      when:
        - osrelease | version_compare('3.9', '>=')
        - osrelease | version_compare('3.9.0', '>=')
        - osrelease | version_compare('3.9.25', '<=')
        - container_runtime == "cri-o"
    - name: Redeploy dockergc DaemonSet pods
      shell: "oc delete pod $(oc get pods -n default|grep dockergc|awk -c '{print $1}') -n default"
      when:
        - osrelease | version_compare('3.9', '>=')
        - osrelease | version_compare('3.9.0', '>=')
        - osrelease | version_compare('3.9.25', '<=')
        - container_runtime == "cri-o"

# Install OpenWhisk

 ansible/roles/bastion-opentlc-ipa/tasks/main.yml

@@ -12,6 +12,9 @@
- name: Register bastion with IPA
  shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w '{{ipa_host_password}}' -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}} {{ipa_additional_options|d('')}}"
  when: ipa_host_password is defined
  register: ipa_r
  until: ipa_r is succeeded
  retries: 5

- name: Register bastion with IPA
  shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -p {{ipa_kerberos_user}} -w '{{ipa_kerberos_password}}' -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}} {{ipa_additional_options|d('')}}"
@@ -19,6 +22,9 @@
    - ipa_host_password is not defined
    - ipa_kerberos_user is defined
    - ipa_kerberos_password is defined
  register: ipa_r
  until: ipa_r is succeeded
  retries: 5

- name: copy over ipa_optimize.sh script
  copy:

 ansible/roles/ocp-client-vm/tasks/packages.yml

@@ -28,7 +28,7 @@

- name: Get S2I Executable
  get_url:
    url: https://github.com/openshift/source-to-image/releases/download/v1.1.9a/source-to-image-v1.1.9a-40ad911d-linux-amd64.tar.gz
    url: https://github.com/openshift/source-to-image/releases/download/v1.1.10/source-to-image-v1.1.10-27f0729d-linux-amd64.tar.gz
    dest: /root/s2i.tar.gz
  tags:
    - install_openshift_client_vm_packages

 ansible/roles/ocp-client-vm/templates/sysconfig.docker-storage-setup.j2

@@ -1,2 +1,3 @@
DEVS={{ docker_device }}
VG=docker-vg
STORAGE_DRIVER=overlay2

 ansible/roles/openshift-ansible-broker/tasks/main.yml

@@ -9,7 +9,18 @@
  register: check_project_r
  tags: broker

- when: check_project_r is succeeded
- name: Ensure broker-config configMap exist
  command: >
    {{ openshift_cli }} get configmap broker-config
    -n openshift-ansible-service-broker
  changed_when: false
  ignore_errors: true
  register: check_cm_r
  tags: broker

- when:
    - check_project_r is succeeded
    - check_cm_r is succeeded
  tags: broker
  block:
    # until this BZ is fixed, we have to delete and recreate the broker-config ConfigMap:
@@ -33,9 +44,17 @@
    - name: Cancel ansible service broker rollout in case it is still running
      command: "{{ openshift_cli }} rollout cancel dc/asb -n openshift-ansible-service-broker"
      ignore_errors: true
      register: rcancel

    - name: Wait before rollout
      command: >
        timeout 60
        {{ openshift_cli }} rollout status -w dc/asb
        -n openshift-ansible-service-broker
      when: rcancel.stdout.find('No rollout is in progress') == -1
      changed_when: false
      ignore_errors: true

    - name: Restart ansible service broker
      command: "{{ openshift_cli }} rollout latest dc/asb -n openshift-ansible-service-broker"

    - name: Restart webconsole pod
      command: "{{ openshift_cli }} delete pod -l webconsole=true -n openshift-web-console"
      ignore_errors: true

			@@ -65,7 +65,7 @@
			#### Vars for the OpenShift Ansible hosts file
			## TODO: This should be registered as a variable. Awk for os verions (OCP).
			## yum info openshift...
			osrelease: 3.9.14
			osrelease: 3.9.27

			###### You can, but you usually wouldn't need to.
			ansible_ssh_user: ec2-user

New file
			@@ -0,0 +1,311 @@
			[OSEv3:vars]

			###########################################################################
			### Ansible Vars
			###########################################################################
			timeout=60
			ansible_become=yes
			ansible_ssh_user={{ansible_ssh_user}}

			###########################################################################
			### OpenShift Basic Vars
			###########################################################################
			deployment_type=openshift-enterprise
			containerized=false
			openshift_disable_check="disk_availability,memory_availability,docker_image_availability"

			# default project node selector
			osm_default_node_selector='env=app'
			openshift_hosted_infra_selector="env=infra"

			# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later.
			openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']}

			# Configure logrotate scripts
			# See: https://github.com/nickhammond/ansible-logrotate
			logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null \|\| true"}}]

			###########################################################################
			### OpenShift Optional Vars
			###########################################################################

			# Enable cockpit
			osm_use_cockpit=true
			osm_cockpit_plugins=['cockpit-kubernetes']

			###########################################################################
			### OpenShift Master Vars
			###########################################################################

			openshift_master_api_port={{master_api_port}}
			openshift_master_console_port={{master_api_port}}

			openshift_master_cluster_method=native
			openshift_master_cluster_hostname=loadbalancer1.{{guid}}.internal
			openshift_master_cluster_public_hostname={{master_lb_dns}}
			openshift_master_default_subdomain={{cloudapps_suffix}}
			#openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'}
			openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}}

			# Set this line to enable NFS
			openshift_enable_unsupported_configurations=True

			###########################################################################
			### OpenShift Network Vars
			###########################################################################

			osm_cluster_network_cidr=10.1.0.0/16
			openshift_portal_net=172.30.0.0/16

			#os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'
			{{multi_tenant_setting}}

			##########################################################################
			### Disconnected Install Vars
			### Requires a docker registry at isolated1.{{guid}}.internal:5000
			###########################################################################
			# sets the debug level for all OpenShift components. Default is 2
			#debug_level=8

			# used for container-based install, not RPM
			system_images_registry=isolated1.{{guid}}.internal:5000

			# https://bugzilla.redhat.com/show_bug.cgi?id=1461465 target release 3.9
			#the enterprise registry will not be added to the docker registries.
			#also enables insecure registries, somehow.
			openshift_docker_ent_reg=''

			# https://bugzilla.redhat.com/show_bug.cgi?id=1516534 target release 3.10
			oreg_url=isolated1.{{guid}}.internal:5000/openshift3/ose-${component}:${version}

			openshift_examples_modify_imagestreams=true
			openshift_docker_additional_registries=isolated1.{{guid}}.internal:5000
			openshift_docker_insecure_registries=isolated1.{{guid}}.internal:5000
			openshift_docker_blocked_registries=registry.access.redhat.com,docker.io
			openshift_metrics_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_metrics_image_version=v3.9.14
			openshift_logging_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_logging_image_version=v3.9.14
			ansible_service_broker_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
			ansible_service_broker_image_tag=v3.9.14
			ansible_service_broker_etcd_image_prefix=isolated1.{{guid}}.internal:5000/rhel7/
			ansible_service_broker_etcd_image_tag=latest
			openshift_service_catalog_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
			openshift_service_catalog_image_version=v3.9.14
			openshift_cockpit_deployer_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_cockpit_deployer_version=v3.9.14
			template_service_broker_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
			template_service_broker_version=v3.9.14
			openshift_web_console_prefix=isolated1.{{guid}}.internal:5000/openshift3/ose-
			openshift_web_console_version=v3.9.14
			# PROMETHEUS SETTINGS
			openshift_prometheus_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_prometheus_image_version=v3.9.14
			openshift_prometheus_alertmanager_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_prometheus_alertmanager_image_version=v3.9.14
			openshift_prometheus_alertbuffer_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_prometheus_alertbuffer_image_version=v3.9.14
			openshift_prometheus_oauth_proxy_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_prometheus_oauth_proxy_image_version=v3.9.14
			openshift_prometheus_node_exporter_image_prefix=isolated1.{{guid}}.internal:5000/openshift3/
			openshift_prometheus_node_exporter_image_version=v3.9.14


			##########################################################################
			## OpenShift Authentication Vars
			###########################################################################

			{% if install_idm == "ldap" %}
			openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com', 'bindPassword': '{{bindPassword}}', 'ca': 'ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid'}]
			{{openshift_master_ldap_ca_file}}
			{% endif %}

			{% if install_idm == "allow_all" %}
			openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
			{% endif %}

			{% if install_idm == "htpasswd" %}
			# htpasswd auth
			openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
			# Defining htpasswd users
			#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'}
			# or
			openshift_master_htpasswd_file=/root/htpasswd.openshift
			{% endif %}

			###########################################################################
			### OpenShift Metrics and Logging Vars
			###########################################################################

			# Enable cluster metrics
			openshift_metrics_install_metrics={{install_metrics}}

			openshift_metrics_storage_kind=nfs
			openshift_metrics_storage_access_modes=['ReadWriteOnce']
			openshift_metrics_storage_nfs_directory=/srv/nfs
			openshift_metrics_storage_nfs_options='*(rw,root_squash)'
			openshift_metrics_storage_volume_name=metrics
			openshift_metrics_storage_volume_size=10Gi
			openshift_metrics_storage_labels={'storage': 'metrics'}

			openshift_metrics_cassandra_nodeselector={"env":"infra"}
			openshift_metrics_hawkular_nodeselector={"env":"infra"}
			openshift_metrics_heapster_nodeselector={"env":"infra"}

			## Add Prometheus Metrics:
			openshift_hosted_prometheus_deploy=true
			openshift_prometheus_node_selector={"env":"infra"}
			openshift_prometheus_namespace=openshift-metrics

			# Prometheus
			openshift_prometheus_storage_kind=nfs
			openshift_prometheus_storage_access_modes=['ReadWriteOnce']
			openshift_prometheus_storage_nfs_directory=/srv/nfs
			openshift_prometheus_storage_nfs_options='*(rw,root_squash)'
			openshift_prometheus_storage_volume_name=prometheus
			openshift_prometheus_storage_volume_size=10Gi
			openshift_prometheus_storage_labels={'storage': 'prometheus'}
			openshift_prometheus_storage_type='pvc'
			# For prometheus-alertmanager
			openshift_prometheus_alertmanager_storage_kind=nfs
			openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce']
			openshift_prometheus_alertmanager_storage_nfs_directory=/srv/nfs
			openshift_prometheus_alertmanager_storage_nfs_options='*(rw,root_squash)'
			openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager
			openshift_prometheus_alertmanager_storage_volume_size=10Gi
			openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'}
			openshift_prometheus_alertmanager_storage_type='pvc'
			# For prometheus-alertbuffer
			openshift_prometheus_alertbuffer_storage_kind=nfs
			openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce']
			openshift_prometheus_alertbuffer_storage_nfs_directory=/srv/nfs
			openshift_prometheus_alertbuffer_storage_nfs_options='*(rw,root_squash)'
			openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer
			openshift_prometheus_alertbuffer_storage_volume_size=10Gi
			openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'}
			openshift_prometheus_alertbuffer_storage_type='pvc'

			# Already set in the disconnected section
			# openshift_prometheus_node_exporter_image_version=v3.9

			# Enable cluster logging
			openshift_logging_install_logging={{install_logging}}

			openshift_logging_storage_kind=nfs
			openshift_logging_storage_access_modes=['ReadWriteOnce']
			openshift_logging_storage_nfs_directory=/srv/nfs
			openshift_logging_storage_nfs_options='*(rw,root_squash)'
			openshift_logging_storage_volume_name=logging
			openshift_logging_storage_volume_size=10Gi
			openshift_logging_storage_labels={'storage': 'logging'}

			# openshift_logging_kibana_hostname=kibana.{{cloudapps_suffix}}
			openshift_logging_es_cluster_size=1

			openshift_logging_es_nodeselector={"env":"infra"}
			openshift_logging_kibana_nodeselector={"env":"infra"}
			openshift_logging_curator_nodeselector={"env":"infra"}

			###########################################################################
			### OpenShift Project Management Vars
			###########################################################################

			# Configure additional projects
			openshift_additional_projects={'openshift-template-service-broker': {'default_node_selector': ''}}


			###########################################################################
			### OpenShift Router and Registry Vars
			###########################################################################

			openshift_hosted_router_replicas={{infranode_instance_count}}
			#openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"}

			openshift_hosted_registry_replicas=1

			openshift_hosted_registry_storage_kind=nfs
			openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
			openshift_hosted_registry_storage_nfs_directory=/srv/nfs
			openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'
			openshift_hosted_registry_storage_volume_name=registry
			openshift_hosted_registry_storage_volume_size=20Gi
			openshift_hosted_registry_pullthrough=true
			openshift_hosted_registry_acceptschema2=true
			openshift_hosted_registry_enforcequota=true


			###########################################################################
			### OpenShift Service Catalog Vars
			###########################################################################

			openshift_enable_service_catalog=true

			template_service_broker_install=true
			openshift_template_service_broker_namespaces=['openshift']

			ansible_service_broker_install=true
			ansible_service_broker_local_registry_whitelist=['.*-apb$']

			openshift_hosted_etcd_storage_kind=nfs
			openshift_hosted_etcd_storage_nfs_options="*(rw,root_squash,sync,no_wdelay)"
			openshift_hosted_etcd_storage_nfs_directory=/srv/nfs
			openshift_hosted_etcd_storage_labels={'storage': 'etcd-asb'}
			openshift_hosted_etcd_storage_volume_name=etcd-asb
			openshift_hosted_etcd_storage_access_modes=['ReadWriteOnce']
			openshift_hosted_etcd_storage_volume_size=10G

			###########################################################################
			### OpenShift Hosts
			###########################################################################
			[OSEv3:children]
			lb
			masters
			etcd
			nodes
			nfs
			{% if new_node_instance_count > 0 %}
			new_nodes
			{% endif %}

			[lb]
			{% for host in groups['loadbalancers'] %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
			{% endfor %}

			[masters]
			{% for host in groups['masters'] %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
			{% endfor %}

			[etcd]
			{% for host in groups['masters'] %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
			{% endfor %}


			[nodes]
			## These are the masters
			{% for host in groups['masters'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			{% endfor %}

			## These are infranodes
			{% for host in groups['infranodes'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'infra', 'zone': '{{hostvars[host]['placement']}}'}"
			{% endfor %}

			## These are regular nodes
			{% for host in groups['nodes'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'app', 'zone': '{{hostvars[host]['placement']}}'}"
			{% endfor %}

			{% if new_node_instance_count > 0 %}
			# scaleup performed, leave an empty group, see:
			# https://docs.openshift.com/container-platform/3.5/install_config/adding_hosts_to_existing_cluster.html
			[new_nodes]
			{% endif %}

			[nfs]
			{% for host in groups['support'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}
			{% endfor %}

			@@ -11,6 +11,9 @@
			# disable memory check, as we are not a production environment
			openshift_disable_check="memory_availability"

			# Set this line to enable NFS
			openshift_enable_unsupported_configurations=True

			[OSEv3:children]
			lb
			masters

			@@ -32,6 +32,9 @@
			#openshift_master_ca_certificate={'certfile': '/root/intermediate_ca.crt', 'keyfile': '/root/intermediate_ca.key'}
			openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}}

			# Set this line to enable NFS
			openshift_enable_unsupported_configurations=True

			###########################################################################
			### OpenShift Network Vars
			###########################################################################
			@@ -179,41 +182,42 @@
			etcd
			nodes
			nfs
			#glusterfs

			[lb]
			{% for host in groups['loadbalancers'] %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[masters]
			{% for host in groups['masters']\|sort %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[etcd]
			{% for host in groups['masters']\|sort %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host]['placement']}}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[nodes]
			## These are the masters
			{% for host in groups['masters']\|sort %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'master', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'master', 'cluster': '{{guid}}'}"
			{% endfor %}

			## These are infranodes
			{% for host in groups['infranodes']\|sort %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}'}"
			{% endfor %}

			## These are regular nodes
			{% for host in groups['nodes']\|sort %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'app', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'app', 'cluster': '{{guid}}'}"
			{% endfor %}

			## These are CNS nodes
			{% for host in groups['support']\|sort %}
			# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}'}"
			{% endfor %}

			[nfs]

			@@ -10,47 +10,55 @@
			# disable memory check, as we are not a production environment
			openshift_disable_check="memory_availability"

			# Set this line to enable NFS
			openshift_enable_unsupported_configurations=True


			###########################################################################
			### OpenShift Hosts
			###########################################################################
			[OSEv3:children]
			lb
			masters
			etcd
			nodes
			nfs
			#glusterfs

			[lb]
			{% for host in groups['loadbalancers'] %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[masters]
			{% for host in groups['masters']\|sort %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[etcd]
			{% for host in groups['masters']\|sort %}
			{{ hostvars[host].internaldns }} host_zone={{hostvars[host].placement}}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[nodes]
			## These are the masters
			{% for host in groups['masters']\|sort %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env': 'master', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env': 'master', 'cluster': '{{guid}}'}"
			{% endfor %}

			## These are infranodes
			{% for host in groups['infranodes']\|sort %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'infra', 'cluster': '{{guid}}'}"
			{% endfor %}

			## These are regular nodes
			{% for host in groups['nodes']\|sort %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'app', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'app', 'cluster': '{{guid}}'}"
			{% endfor %}

			## These are CNS nodes
			{% for host in groups['support']\|sort %}
			# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}', 'zone': '{{hostvars[host]['placement']}}'}"
			# {{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'env':'glusterfs', 'cluster': '{{guid}}'}"
			{% endfor %}

			[nfs]

			@@ -114,10 +114,10 @@
			## Environment Sizing

			bastion_instance_type: "t2.large"
			master_instance_type: "c4.4xlarge"
			master_instance_type: "m4.4xlarge"
			etcd_instance_type: "{{master_instance_type}}"
			infranode_instance_type: "c4.4xlarge"
			node_instance_type: "c4.4xlarge" # r3.2xlarge
			infranode_instance_type: "m4.4xlarge"
			node_instance_type: "m4.4xlarge"
			support_instance_type: "c4.xlarge"

			node_instance_count: 5
			@@ -147,7 +147,7 @@
			openshift_master_ldap_ca_file: 'openshift_master_ldap_ca_file=/root/ca.crt'
			## TODO: This should be registered as a variable. Awk for os verions (OCP).
			## yum info openshift...
			osrelease: 3.9.14
			osrelease: 3.9.27
			openshift_master_overwrite_named_certificates: true
			timeout: 60

			@@ -101,7 +101,7 @@
			"publisher" : "Redhat",
			"offer" : "RHEL",
			"sku" : "7-RAW",
			{% if osrelease is version_compare('3.9', '>=') %}
			{% if osrelease is version_compare('3.9.25', '>=') %}
			"version" : "7.5.2018050901"
			{% else %}
			"version" : "7.4.2018010506"

New file
			@@ -0,0 +1,390 @@
			[OSEv3:vars]

			#
			# /etc/ansible/hosts file for OpenShift Container Platform 3.9.14
			#
			###########################################################################
			### Ansible Vars
			###########################################################################
			timeout=60
			ansible_become=yes
			ansible_ssh_user={{ansible_ssh_user}}

			###########################################################################
			### OpenShift Basic Vars
			###########################################################################
			deployment_type=openshift-enterprise
			containerized=false
			openshift_disable_check="disk_availability,memory_availability,docker_image_availability"

			{% if container_runtime == "cri-o" %}
			openshift_use_crio=True
			openshift_crio_enable_docker_gc=True
			{% endif %}

			# default project node selector
			osm_default_node_selector='env=users'
			openshift_hosted_infra_selector="env=infra"

			# Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later.
			openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['75']}

			# Configure logrotate scripts
			# See: https://github.com/nickhammond/ansible-logrotate
			logrotate_scripts=[{"name": "syslog", "path": "/var/log/cron\n/var/log/maillog\n/var/log/messages\n/var/log/secure\n/var/log/spooler\n", "options": ["daily", "rotate 7","size 500M", "compress", "sharedscripts", "missingok"], "scripts": {"postrotate": "/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null \|\| true"}}]

			{% if install_glusterfs\|bool %}
			###########################################################################
			### OpenShift CNS
			###########################################################################
			openshift_master_dynamic_provisioning_enabled=True

			# Set up GlusterFS Storage
			openshift_storage_glusterfs_namespace=glusterfs
			openshift_storage_glusterfs_name=storage
			openshift_storage_glusterfs_wipe=True
			openshift_storage_glusterfs_storageclass_default=false
			openshift_storage_glusterfs_storageclass=True
			openshift_storageclass_default=false

			# Set up Block Storage
			# Set as default storage class during installation to force Logging/metrics to use it
			# Right now the ASB's ETCD PVC will also land on Block due to this fact
			openshift_storage_glusterfs_block_deploy=True
			openshift_storage_glusterfs_block_host_vol_size=10
			openshift_storage_glusterfs_block_storageclass=True
			openshift_storage_glusterfs_block_storageclass_default=True
			openshift_storage_glusterfs_block_host_vol_create=True

			# Run these commands after installation on one of the masters:
			# oc patch storageclass glusterfs-storage -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "true"}}}'
			# oc patch storageclass glusterfs-block -p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "false"}}}'

			{% else %}
			# Set this line to enable NFS
			openshift_enable_unsupported_configurations=True
			{% endif %}

			###########################################################################
			### OpenShift Cockpit Vars
			###########################################################################

			# Enable cockpit
			osm_use_cockpit=true
			osm_cockpit_plugins=['cockpit-kubernetes']

			###########################################################################
			### OpenShift Master Vars
			###########################################################################

			openshift_master_api_port={{master_api_port}}
			openshift_master_console_port={{master_api_port}}

			openshift_master_cluster_method=native
			openshift_master_cluster_hostname={{master_lb_dns}}
			openshift_master_cluster_public_hostname={{master_lb_dns}}
			openshift_master_default_subdomain={{cloudapps_suffix}}
			openshift_master_overwrite_named_certificates={{openshift_master_overwrite_named_certificates}}

			{% if install_lets_encrypt_certificates\|bool %}
			openshift_master_named_certificates=[{"certfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.cer", "keyfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.key", "cafile": "/root/lets-encrypt-x3-cross-signed.pem"}]
			{% endif %}

			openshift_set_hostname=True

			###########################################################################
			### OpenShift Network Vars
			###########################################################################

			osm_cluster_network_cidr=10.1.0.0/16
			openshift_portal_net=172.30.0.0/16

			#os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy'
			{{multi_tenant_setting}}

			# This should be turned on once all dependent scripts use firewalld rather than iptables
			# os_firewall_use_firewalld=True

			###########################################################################
			### OpenShift admission plugin config
			###########################################################################

			{% if install_openwhisk\|bool %}
			openshift_master_admission_plugin_config={"openshift.io/ImagePolicy":{"configuration":{"apiVersion":"v1","kind":"ImagePolicyConfig","resolveImages": "AttemptRewrite"}}}
			{% else %}
			openshift_master_admission_plugin_config={}
			{% endif %}


			###########################################################################
			### OpenShift Authentication Vars
			###########################################################################

			{% if install_idm == "ldap" %}
			openshift_master_identity_providers=[{'name': 'ldap', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'bindDN': 'uid=ose-mwl-auth,cn=users,cn=accounts,dc=opentlc,dc=com', 'bindPassword': '{{bindPassword}}', 'ca': 'ipa-ca.crt','insecure': 'false', 'url': 'ldaps://ipa1.opentlc.com:636/cn=users,cn=accounts,dc=opentlc,dc=com?uid'}]
			{{openshift_master_ldap_ca_file}}
			{% endif %}

			{% if install_idm == "allow_all" %}
			openshift_master_identity_providers=[{'name': 'allow_all', 'login': 'true', 'challenge': 'true', 'kind': 'AllowAllPasswordIdentityProvider'}]
			{% endif %}

			{% if install_idm == "htpasswd" %}
			# htpasswd auth
			openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
			# Defining htpasswd users
			#openshift_master_htpasswd_users={'user1': '<pre-hashed password>', 'user2': '<pre-hashed password>'}
			# or
			openshift_master_htpasswd_file=/root/htpasswd.openshift
			{% endif %}

			###########################################################################
			### OpenShift Metrics and Logging Vars
			###########################################################################

			# Enable cluster metrics
			########################
			openshift_metrics_install_metrics={{install_metrics}}

			{% if install_nfs\|bool and not install_glusterfs\|bool %}
			openshift_metrics_storage_kind=nfs
			openshift_metrics_storage_access_modes=['ReadWriteOnce']
			openshift_metrics_storage_nfs_directory=/srv/nfs
			openshift_metrics_storage_nfs_options='*(rw,root_squash)'
			openshift_metrics_storage_volume_name=metrics
			openshift_metrics_storage_volume_size=10Gi
			openshift_metrics_storage_labels={'storage': 'metrics'}
			openshift_metrics_cassanda_pvc_storage_class_name=''
			{% endif %}
			{% if install_glusterfs\|bool %}
			openshift_metrics_cassandra_storage_type=dynamic
			# Volume size needs to be equal or smaller to the GlusterBlock volume size
			openshift_metrics_storage_volume_size=10Gi
			{% endif %}

			openshift_metrics_cassandra_nodeselector={"env":"infra"}
			openshift_metrics_hawkular_nodeselector={"env":"infra"}
			openshift_metrics_heapster_nodeselector={"env":"infra"}

			# Add Prometheus Metrics:
			#########################
			openshift_hosted_prometheus_deploy=true
			openshift_prometheus_node_selector={"env":"infra"}
			openshift_prometheus_namespace=openshift-metrics

			# Prometheus
			{% if install_glusterfs\|bool %}
			openshift_prometheus_storage_kind=dynamic
			openshift_prometheus_storage_volume_size=20Gi
			openshift_prometheus_storage_class=glusterfs-storage
			{% elif install_nfs\|bool %}
			openshift_prometheus_storage_kind=nfs
			openshift_prometheus_storage_nfs_directory=/srv/nfs
			openshift_prometheus_storage_nfs_options='*(rw,root_squash)'
			openshift_prometheus_storage_volume_size=10Gi
			openshift_prometheus_storage_labels={'storage': 'prometheus'}
			{% endif %}
			openshift_prometheus_storage_access_modes=['ReadWriteOnce']
			openshift_prometheus_storage_volume_name=prometheus
			openshift_prometheus_storage_type='pvc'

			# For prometheus-alertmanager
			{% if install_glusterfs\|bool %}
			openshift_prometheus_alertmanager_storage_kind=dynamic
			openshift_prometheus_alertmanager_storage_class=glusterfs-storage
			{% elif install_nfs\|bool %}
			openshift_prometheus_alertmanager_storage_kind=nfs
			openshift_prometheus_alertmanager_storage_nfs_directory=/srv/nfs
			openshift_prometheus_alertmanager_storage_nfs_options='*(rw,root_squash)'
			openshift_prometheus_alertmanager_storage_labels={'storage': 'prometheus-alertmanager'}
			{% endif %}
			openshift_prometheus_alertmanager_storage_access_modes=['ReadWriteOnce']
			openshift_prometheus_alertmanager_storage_volume_size=10Gi
			openshift_prometheus_alertmanager_storage_volume_name=prometheus-alertmanager
			openshift_prometheus_alertmanager_storage_type='pvc'

			# For prometheus-alertbuffer
			{% if install_glusterfs\|bool %}
			openshift_prometheus_alertbuffer_storage_kind=dynamic
			openshift_prometheus_alertbuffer_storage_class=glusterfs-storage
			{% elif install_nfs\|bool %}
			openshift_prometheus_alertbuffer_storage_kind=nfs
			openshift_prometheus_alertbuffer_storage_nfs_directory=/srv/nfs
			openshift_prometheus_alertbuffer_storage_nfs_options='*(rw,root_squash)'
			openshift_prometheus_alertbuffer_storage_labels={'storage': 'prometheus-alertbuffer'}
			{% endif %}
			openshift_prometheus_alertbuffer_storage_access_modes=['ReadWriteOnce']
			openshift_prometheus_alertbuffer_storage_volume_name=prometheus-alertbuffer
			openshift_prometheus_alertbuffer_storage_volume_size=10Gi
			openshift_prometheus_alertbuffer_storage_type='pvc'

			# Necessary for 3.9.25
			openshift_prometheus_node_exporter_image_version=v3.9

			# Enable cluster logging
			########################
			openshift_logging_install_logging={{install_logging}}

			{% if install_nfs\|bool and not install_glusterfs\|bool %}
			openshift_logging_storage_kind=nfs
			openshift_logging_storage_access_modes=['ReadWriteOnce']
			openshift_logging_storage_nfs_directory=/srv/nfs
			openshift_logging_storage_nfs_options='*(rw,root_squash)'
			openshift_logging_storage_volume_name=logging
			openshift_logging_storage_volume_size=10Gi
			openshift_logging_storage_labels={'storage': 'logging'}
			openshift_logging_es_pvc_storage_class_name=''
			{% endif %}
			{% if install_glusterfs\|bool %}
			openshift_logging_es_pvc_dynamic=true
			# Volume size needs to be equal or smaller to the GlusterBlock volume size
			openshift_metrics_storage_volume_size=10Gi
			{% endif %}

			openshift_logging_es_cluster_size=1
			openshift_logging_es_nodeselector={"env":"infra"}
			openshift_logging_kibana_nodeselector={"env":"infra"}
			openshift_logging_curator_nodeselector={"env":"infra"}

			###########################################################################
			### OpenShift Project Management Vars
			###########################################################################

			# Configure additional projects
			# openshift_additional_projects={'my-infra-project-test': {'default_node_selector': 'env=infra'}}

			###########################################################################
			### OpenShift Router and Registry Vars
			###########################################################################

			openshift_hosted_router_replicas={{infranode_instance_count}}

			{% if install_lets_encrypt_certificates\|bool %}
			openshift_hosted_router_certificate={"certfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.cer", "keyfile": "/root/.acme.sh/{{ master_lb_dns }}/{{ master_lb_dns }}.key", "cafile": "/root/lets-encrypt-x3-cross-signed.pem"}
			{% endif %}

			openshift_hosted_registry_replicas=1
			openshift_hosted_registry_pullthrough=true
			openshift_hosted_registry_acceptschema2=true
			openshift_hosted_registry_enforcequota=true

			{% if s3user_access_key is defined %}
			# Registry AWS S3
			# S3 bucket must already exist.
			openshift_hosted_registry_storage_kind=object
			openshift_hosted_registry_storage_provider=s3
			openshift_hosted_registry_storage_s3_accesskey={{ s3user_access_key }}
			openshift_hosted_registry_storage_s3_secretkey={{ s3user_secret_access_key }}
			openshift_hosted_registry_storage_s3_bucket={{ project_tag }}
			openshift_hosted_registry_storage_s3_region={{ aws_region }}
			openshift_hosted_registry_storage_s3_chunksize=26214400
			openshift_hosted_registry_storage_s3_rootdirectory=/registry
			{% endif %}


			###########################################################################
			### OpenShift Service Catalog Vars
			###########################################################################

			openshift_enable_service_catalog=true

			template_service_broker_install=true
			openshift_template_service_broker_namespaces=['openshift']

			ansible_service_broker_install=true
			ansible_service_broker_local_registry_whitelist=['.*-apb$']

			{% if install_glusterfs\|bool %}
			openshift_hosted_etcd_storage_kind=dynamic
			# Next one doesn't work at the moment - it's still block
			openshift_hosted_etcd_storage_class=glusterfs-storage
			{% elif install_nfs\|bool %}
			openshift_hosted_etcd_storage_kind=nfs
			openshift_hosted_etcd_storage_nfs_options="*(rw,root_squash,sync,no_wdelay)"
			openshift_hosted_etcd_storage_nfs_directory=/srv/nfs
			openshift_hosted_etcd_storage_labels={'storage': 'etcd-asb'}
			{% endif %}
			openshift_hosted_etcd_storage_volume_name=etcd-asb
			openshift_hosted_etcd_storage_access_modes=['ReadWriteOnce']
			openshift_hosted_etcd_storage_volume_size=10G

			###########################################################################
			### OpenShift Hosts
			###########################################################################
			[OSEv3:children]
			masters
			etcd
			nodes
			{% if install_nfs\|bool %}
			nfs
			{% endif %}
			{% if install_glusterfs\|bool %}
			glusterfs
			{% endif %}
			{% if groups['newnodes']\|d([])\|length > 0 %}
			new_nodes
			{% endif %}

			[masters]
			{% for host in groups['masters'] %}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[etcd]
			{% for host in groups['masters'] %}
			{{ hostvars[host].internaldns }}
			{% endfor %}

			[nodes]
			## These are the masters
			{% for host in groups['masters'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '{{guid}}', 'runtime': '{{container_runtime}}'}"
			{% endfor %}

			## These are infranodes
			{% for host in groups['infranodes'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'infra', 'runtime': '{{container_runtime}}'}"
			{% endfor %}

			## These are regular nodes
			{% for host in groups['nodes']
			if host not in groups['newnodes']\|d([])
			and host not in groups['glusterfs']\|d([])
			%}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'users', 'runtime': '{{container_runtime}}'}"
			{% endfor %}

			{% if groups['glusterfs']\|d([])\|length > 0 %}
			## These are glusterfs nodes
			{% for host in groups['glusterfs'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'glusterfs', 'runtime': '{{container_runtime}}'}"
			{% endfor %}
			{% endif %}

			{% if groups['newnodes']\|d([])\|length > 0 %}
			# scaleup performed, leave an empty group, see:
			# https://docs.openshift.com/container-platform/3.7/install_config/adding_hosts_to_existing_cluster.html
			[new_nodes]
			{% for host in groups['newnodes'] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }} ansible_ssh_user={{remote_user}} ansible_ssh_private_key_file=~/.ssh/{{key_name}}.pem openshift_node_labels="{'logging':'true','cluster': '{{guid}}', 'env':'users', 'runtime': '{{container_runtime}}'}"
			{% endfor %}
			{% endif %}

			{% if install_nfs\|bool %}
			[nfs]
			{% for host in [groups['support']\|sort\|first] %}
			{{ hostvars[host].internaldns }} openshift_hostname={{ hostvars[host].internaldns }}
			{% endfor %}
			{% endif %}

			{% if install_glusterfs\|bool %}
			{% set query = "[?name=='support']\|[0].volumes[?purpose=='glusterfs'].device_name" %}
			[glusterfs]
			{% for host in groups['glusterfs'] %}
			{% if cloud_provider == 'ec2' %}
			{{ hostvars[host].internaldns }} glusterfs_ip={{hostvars[host].private_ip_address}} glusterfs_devices='{{instances\|json_query(query)\|to_json}}'
			{% elif cloud_provider == 'azure' %}
			{{ hostvars[host].internaldns }} glusterfs_ip={{hostvars[host].private_ip_address}} glusterfs_devices='{{ [ hostvars[host].glusterfs_device_name ] \|to_json}}'
			{% endif %}
			{% endfor %}
			{% endif %}

			@@ -60,6 +60,42 @@
			tags:
			- create_user_pv

			- name: For CNS change default storage class to glusterfs-storage
			hosts: masters
			run_once: true
			become: yes
			gather_facts: False
			vars_files:
			- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml"
			tags:
			- env-specific
			- env-specific_infra
			- storage-class
			tasks:
			- when:
			- osrelease is version_compare('3.9.27', '>=')
			- install_glusterfs\|bool
			block:
			- name: Set glusterfs-storage class to default
			command: >
			oc patch storageclass glusterfs-storage
			-p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "true"}}}'
			register: changesc_r
			failed_when:
			- changesc_r.stdout.find('storageclass "glusterfs-storage" not patched') == -1
			- changesc_r.rc != 0
			changed_when: changesc_r.stdout.find('storageclass "glusterfs-storage" patched') != -1

			- name: Remove default from glusterfs-storage-block class
			register: changesc_r
			changed_when: changesc_r.stdout.find('storageclass "glusterfs-storage-block" patched') != -1
			failed_when:
			- changesc_r.stdout.find('storageclass "glusterfs-storage-block" not patched') == -1
			- changesc_r.rc != 0
			command: >
			oc patch storageclass glusterfs-storage-block
			-p '{"metadata": {"annotations": {"storageclass.kubernetes.io/is-default-class": "false"}}}'

			- name: Configure Bastion for CF integration
			hosts: bastions
			become: yes
			@@ -298,12 +334,14 @@
			shell: "oc patch daemonset dockergc --patch='\"spec\": { \"template\": { \"spec\": { \"containers\": [ { \"command\": [ \"/usr/bin/oc\" ], \"name\": \"dockergc\" } ] } } }' -n default"
			ignore_errors: true
			when:
			- osrelease \| version_compare('3.9', '>=')
			- osrelease \| version_compare('3.9.0', '>=')
			- osrelease \| version_compare('3.9.25', '<=')
			- container_runtime == "cri-o"
			- name: Redeploy dockergc DaemonSet pods
			shell: "oc delete pod $(oc get pods -n default\|grep dockergc\|awk -c '{print $1}') -n default"
			when:
			- osrelease \| version_compare('3.9', '>=')
			- osrelease \| version_compare('3.9.0', '>=')
			- osrelease \| version_compare('3.9.25', '<=')
			- container_runtime == "cri-o"

			# Install OpenWhisk

			@@ -12,6 +12,9 @@
			- name: Register bastion with IPA
			shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w '{{ipa_host_password}}' -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}} {{ipa_additional_options\|d('')}}"
			when: ipa_host_password is defined
			register: ipa_r
			until: ipa_r is succeeded
			retries: 5

			- name: Register bastion with IPA
			shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -p {{ipa_kerberos_user}} -w '{{ipa_kerberos_password}}' -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}} {{ipa_additional_options\|d('')}}"
			@@ -19,6 +22,9 @@
			- ipa_host_password is not defined
			- ipa_kerberos_user is defined
			- ipa_kerberos_password is defined
			register: ipa_r
			until: ipa_r is succeeded
			retries: 5

			- name: copy over ipa_optimize.sh script
			copy:

			@@ -28,7 +28,7 @@

			- name: Get S2I Executable
			get_url:
			url: https://github.com/openshift/source-to-image/releases/download/v1.1.9a/source-to-image-v1.1.9a-40ad911d-linux-amd64.tar.gz
			url: https://github.com/openshift/source-to-image/releases/download/v1.1.10/source-to-image-v1.1.10-27f0729d-linux-amd64.tar.gz
			dest: /root/s2i.tar.gz
			tags:
			- install_openshift_client_vm_packages

			@@ -1,2 +1,3 @@
			DEVS={{ docker_device }}
			VG=docker-vg
			STORAGE_DRIVER=overlay2

			@@ -9,7 +9,18 @@
			register: check_project_r
			tags: broker

			- when: check_project_r is succeeded
			- name: Ensure broker-config configMap exist
			command: >
			{{ openshift_cli }} get configmap broker-config
			-n openshift-ansible-service-broker
			changed_when: false
			ignore_errors: true
			register: check_cm_r
			tags: broker

			- when:
			- check_project_r is succeeded
			- check_cm_r is succeeded
			tags: broker
			block:
			# until this BZ is fixed, we have to delete and recreate the broker-config ConfigMap:
			@@ -33,9 +44,17 @@
			- name: Cancel ansible service broker rollout in case it is still running
			command: "{{ openshift_cli }} rollout cancel dc/asb -n openshift-ansible-service-broker"
			ignore_errors: true
			register: rcancel

			- name: Wait before rollout
			command: >
			timeout 60
			{{ openshift_cli }} rollout status -w dc/asb
			-n openshift-ansible-service-broker
			when: rcancel.stdout.find('No rollout is in progress') == -1
			changed_when: false
			ignore_errors: true

			- name: Restart ansible service broker
			command: "{{ openshift_cli }} rollout latest dc/asb -n openshift-ansible-service-broker"

			- name: Restart webconsole pod
			command: "{{ openshift_cli }} delete pod -l webconsole=true -n openshift-web-console"
			ignore_errors: true