###### VARIABLES YOU SHOULD CONFIGURE FOR YOUR DEPLOYEMNT ###### OR PASS as "-e" args to ansible-playbook command ### Common Host settings # Repo Method. One of file, satellite and rhn repo_method: file #If using repo_method: satellite, you must set these values as well. # satellite_url: satellite.example.com # satellite_org: Sat_org_name # satellite_activationkey: "rhel7basic" # Do you want to run a full yum update update_packages: false ## guid is the deployment unique identifier, it will be appended to all tags, ## files and anything that identifies this environment from another "just like it" #guid: defaultguid # The next flag is 1 by default. If it is set to more than 1 then instead of creating # clientvm.guid.baseurl it will create clientvm{1..num_users}.guid.baseurl num_users: 1 install_bastion: true install_common: true install_opentlc_integration: true install_ipa_client: false install_student_user: false # install openshift python modules on bastion install_k8s_modules: true ## Automatically deploy ocp4 cluster using the installer install_ocp4: true ocp4_installer_version: "v0.16.1" oc_client_version: "4.0.22" cluster_name: "cluster-{{ guid }}" # Smoke tests # if set to true, the playbook will fail if the smoke tests failed. # if set to false, the smoke tests are just informative. smoke_tests: false ## Install Authentication. ## Valid options are none, htpasswd, ldap (and maybe in the future sso) ## For LDAP a bindPassword needs to be passed via the command line install_idm: "none" idm_ca_url: http://ipa.opentlc.com/ipa/config/ca.crt ### If you want a Key Pair name created and injected into the hosts, # set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` # you can use the key used to create the environment or use your own self generated key # if you set "use_own_key" to false your PRIVATE key will be copied to the bastion. (This is {{key_name}}) use_own_key: true env_authorized_key: "{{guid}}key" ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem set_env_authorized_key: true # Is this running from Red Hat Ansible Tower #tower_run: false ### AWS EC2 Environment settings ### Route 53 Zone ID (AWS) # This is the Route53 HostedZoneId where you will create your Public DNS entries # This only needs to be defined if your CF template uses route53 HostedZoneId: Z3IHLWJZOU9SRT # The region to be used, if not specified by -e in the command line aws_region: us-east-1 # The key that is used to key_name: "default_key_name" ## Networking (AWS) subdomain_base_short: "{{ guid }}" subdomain_base_suffix: ".example.opentlc.com" subdomain_base: "{{subdomain_base_short}}{{subdomain_base_suffix}}" ## OCP 4 Environment Sizing clientvm_instance_type: "t2.medium" master_instance_type: "m4.xlarge" master_instance_count: 3 worker_instance_type: "m4.2xlarge" worker_instance_count: 3 # Enable Default Workloads. REQUIRES Ansible 2.7+ on the deployer host default_workloads: - ocp4-workload-infra-nodes # - ocp4-workload-project-request-template - ocp4-workload-enable-service-broker - ocp4-workload-template-service-broker - ocp-workload-terminal - ocp4-workload-automation-broker - ocp4-workload-logging #- ocp4-workload-enable-lets-encrypt-certificates #- ocp4-workload-userquota-operator ###### VARIABLES YOU SHOULD ***NOT*** CONFIGURE FOR YOUR DEPLOYEMNT ansible_user: ec2-user remote_user: ec2-user common_packages: - python - unzip - bash-completion - tmux - bind-utils - wget - ansible - git - vim-enhanced - iptables-services - httpd-tools rhel_repos: - rhel-7-server-rpms - rhel-7-server-extras-rpms - rhel-7-server-ansible-2.6-rpms - rhel-7-server-optional-rpms # use_subscription_manager: false # use_own_repos: true # rhn_pool_id_string: OpenShift Container Platform ### CLOUDFORMATIONS vars project_tag: "{{ env_type }}-{{ guid }}" zone_internal_dns: "{{guid}}.internal." chomped_zone_internal_dns: "{{guid}}.internal" bastion_public_dns: "bastion.{{subdomain_base}}." bastion_public_dns_chomped: "bastion.{{subdomain_base}}" vpcid_name_tag: "{{subdomain_base}}" az_1_name: "{{ aws_region }}a" az_2_name: "{{ aws_region }}b" # subnet_private_1_cidr_block: "192.168.2.0/24" # subnet_private_1_az: "{{ az_2_name }}" # subnet_private_1_name_tag: "{{subdomain_base}}-private" # # subnet_private_2_cidr_block: "192.168.1.0/24" # subnet_private_2_az: "{{ az_1_name }}" # subnet_private_2_name_tag: "{{subdomain_base}}-private" # # subnet_public_1_cidr_block: "192.168.10.0/24" # subnet_public_1_az: "{{ az_1_name }}" # subnet_public_1_name_tag: "{{subdomain_base}}-public" # # subnet_public_2_cidr_block: "192.168.20.0/24" # subnet_public_2_az: "{{ az_2_name }}" # subnet_public_2_name_tag: "{{subdomain_base}}-public" # # dopt_domain_name: "{{ aws_region }}.compute.internal" # # rtb_public_name_tag: "{{subdomain_base}}-public" # rtb_private_name_tag: "{{subdomain_base}}-private" # # cf_template_description: "{{ env_type }}-{{ guid }} template " # cloudformation_retries: 2 # ocp_report: false instances: - name: "clientvm" count: "{{num_users}}" unique: yes public_dns: true alt_name: bastion flavor: "ec2": "{{clientvm_instance_type}}" tags: - key: "AnsibleGroup" value: "bastions,clientvms" - key: "ostype" value: "linux" rootfs_size: 30 security_groups: - BastionSG