# The type of cloud provider this will be deployed to cloud_provider: osp # Authenication credentials for OpenStack in order to create the things. # These should be included with your secrets, but are listed here for reference # osp_auth_url: # osp_auth_username: # osp_auth_password: # osp_auth_cloud: # osp_auth_project_domain: #usually set to "default" # osp_auth_user_domain: #usually set to "default" # This is an account that must exist in OpenStack. # It is used to create projects, access, Heat templates admin_user: opentlc-mgr # The name of the project that will be created in OpenStack for the user osp_project_name: "{{ guid }}-project" # The name of the cloud where ocp-cluster will be created osp_cloud_name: "{{ osp_project_name }}" # Set this to true if you need to create a new project in OpenStack # This should almost always be set to true for OpenShift installations # If it is set to false, the {{ osp_project_name }} must already exist and # should be able to run whatever you are deploying osp_project_create: true # This is the user that Ansible will use to connect to the nodes it is # configuring from the admin/control host ansible_user: cloud-user remote_user: cloud-user # The domain that you want to add DNS entries to osp_cluster_dns_zone: blue.osp.opentlc.com # The base domain ocp4_base_domain: "{{ osp_cluster_dns_zone }}" # The dynamic DNS server you will add entries to. # NOTE: This is only applicable when {{ use_dynamic_dns}} is true osp_cluster_dns_server: ddns01.opentlc.com # Whether to wait for an ack from the DNS servers before continuing wait_for_dns: true # Authenticaion for DDNS, Must be set in secrets # ddns_key_name: # ddns_secret_name: # Set this to true if you want a FIPs provisioned for an OpenShift on OpenStack install # This will provision an API and Ingress FIP openshift_fip_provision: True # This requires DDNS or other DNS solution configured # If enabled, it will add DNS entries for the API and Ingress FIPs openshift_fip_dns: True # The external network in OpenStack where the floating IPs (FIPs) come from provider_network: external # If you are deploying OpenShift, this should be set to the network that you # want to use and will be used to create security groups. # It will pull the subnet CIDR from the defined network below, based on the # name you define for {{ ocp_network }} ocp_network: "ocp" ocp_network_subnet_cidr: "{{ networks | json_query(query_subnet_cidr) | first }}" query_subnet_cidr: "[?name=='{{ ocp_network }}'].subnet_cidr" # A list of the private networks and subnets to create in the project # You can create as many as you want, but at least one is required. # Use the name of the networks where appropriate in the instance list networks: - name: ocp shared: "false" subnet_cidr: 192.168.47.0/24 gateway_ip: 192.168.47.1 allocation_start: 192.168.47.10 allocation_end: 192.168.47.254 dns_nameservers: [] create_router: true # Quotas to set for new project that is created quota_num_instances: 15 quota_num_cores: 72 quota_memory: 163840 # in MB quota_num_volumes: 25 quota_volumes_gigs: 1000 #quota_loadbalancers: #when Octavia is available #quota_pool: #when Octavia is available quota_networks: 3 quota_subnets: 3 quota_routers: 3 quota_fip: 5 quota_sg: 10 quota_sg_rules: 100 # Instances to be provisioned in new project # Provide these as a list. # Each instance type can have any number of replicas deployed with the same # configuration. # Metadata in OpenStack is equivelent to tags in AWS # These instances will be created with Cinder persistent volumes instances: - name: bastion count: 1 unique: yes alt_name: bastion image_id: "{{ bastion_instance_image }}" floating_ip: yes flavor: osp: "{{ bastion_instance_type }}" metadata: - AnsibleGroup: "bastions,clientvms" - function: bastion - user: "{{ student_name }}" - project: "{{ project_tag }}" - ostype: linux - Purpose: "{{ purpose }}" rootfs_size: 30 network: ocp security_groups: - bastion_sg # Uncomment to create a UtilityVM that can host an NFS server # - name: utilityvm # count: 1 # image_id: "{{ utilityvm_instance_image }}" # floating_ip: no # flavor: # osp: "{{ utilityvm_instance_type }}" # metadata: # - AnsibleGroup: "utility" # - function: bastion # - user: "{{ student_name }}" # - project: "{{ project_tag }}" # - ostype: linux # - Purpose: "{{ purpose }}" # rootfs_size: 500 # network: ocp # security_groups: # - utility_sg # Security groups and associated rules. This will be provided #when the Heat template is generated separate groups and rules security_groups: - name: bastion_sg description: Bastion security group allows basic icmp and SSH ingress and egress to * rules: - protocol: icmp direction: ingress - protocol: tcp direction: ingress port_range_min: 22 port_range_max: 22 remote_ip_prefix: 0.0.0.0/0 # Uncomment for a UtilityVM # - name: utility_sg # description: Utility security group allows SSH from bastion, NFS traffic and egress to * # rules: # - protocol: icmp # direction: ingress # remote_group: "bastion_sg" # - protocol: tcp # direction: ingress # port_range_min: 22 # port_range_max: 22 # remote_group: "bastion_sg" # - protocol: tcp # direction: ingress # port_range_min: 2049 # port_range_max: 2049 # remote_ip_prefix: "{{ ocp_network_subnet_cidr }}" # description: "NFS traffic" # These will influence the bastion if it is being deployed bastion_instance_type: 2c2g30d bastion_instance_image: rhel-server-7.7-update-2 # These will influence the utility VM, which is primarily used for disconnected # install, but can be used for anything really. # utilityvm_instance_type: 2c2g30d # utilityvm_instance_image: rhel-server-7.7-update-2 # Master Instance Type master_instance_type: 4c16g30d # Worker Instance Type worker_instance_type: 4c16g30d