### Deployment Type openshift_deployment_type: origin openshift_master_cluster_method: "native" openshift_release: "v3.7.2" #openshift_image_tag: "v3.7.2" # Still not available openshift_metrics_image_version: "v3.7.1" #containerized: true containerized: false os_firewall_use_firewalld: true #Recommended to avoid: No package matching 'origin-docker-excluder-1.5.0*' found available #enable_excluders: false #enable_docker_excluder: false ### Versions #system packages #etcd_version="3.1.0" #docker_version="1.12.1" #for some package only latest is available #openshift_pkg_version=-3.7.0 #openshift_cockpit_deployer_version=latest #openshift_metrics_image_prefix=docker.io/openshift/origin- #openshift_metrics_image_version=v3.7.1 #openshift_logging_image_prefix=docker.io/openshift/origin- #openshift_logging_image_version=v3.7.0 #openshift_service_catalog_image_prefix=docker.io/openshift/origin- openshift_service_catalog_image_version: v3.7 #template_service_broker_version='v3.7' #ansible_service_broker_image_prefix: ansibleplaybookbundle/ #ansible_service_broker_registry_url: "registry.access.redhat.com" ansible_service_broker_etcd_image_tag: v3.2 osm_controller_args: {'feature-gates': ['PersistentLocalVolumes=true']} osm_api_server_args: {'feature-gates': ['PersistentLocalVolumes=true']} openshift_node_kubelet_args: {'feature-gates': ['PersistentLocalVolumes=true']} #openshift_node_kubelet_args: {'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['80']} ### Network & DNS configuration openshift_master_cluster_hostname: "{{ ands_use_inner_lb | ternary(ands_inner_lb_fqdn, ands_openshift_lb) }}" openshift_master_cluster_public_hostname: "{{ ands_openshift_lb }}" openshift_master_default_subdomain: "{{ ands_openshift_subdomain | default(ands_openshift_lb) }}" openshift_master_ingress_ip_network_cidr: "{{ ands_openshift_ingress_network }}" openshift_master_external_ip_network_cidrs: "{{ ands_openshift_external_network }}" #openshift_portal_net: #osm_host_subnet_length: # we may need to put conditionals here (except _ip). Currently values set to '' if undifined (OpenShift uses None which is equivalent in ansible) openshift_ip: "{{ ands_openshift_ip }}" openshift_public_ip: "{{ ands_openshift_public_ip }}" openshift_hostname: "{{ ands_openshift_set_hostname | ternary(ands_openshift_fqdn, ands_none) }}" openshift_public_hostname: "{{ ands_openshift_set_public_hostname | ternary(ands_openshift_public_fqdn, ands_none) }}" #Check configuration to fight dynamic IPs # We have per node DNS, so it is not necessary to use vips here. # This overrides default in roles/openshift_node/defaults which sets dns_ip to: ansible_default_ipv4['address'] openshift_dns_ip: "{{ openshift_ip }}" openshift_set_node_ip: true ### Node configuration openshift_schedulable: true openshift_node_labels: "{{ ands_openshift_labels }}" #openshift_hosted_infra_selector: "region=infra" # Fine tunning openshift_master_pod_eviction_timeout: 30s ### Authentication openshift_master_identity_providers: [{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] openshift_master_htpasswd_users: {'pdv': '$apr1$ACvj6uUa$Nm1Vq8hZq3RzTtaYpAHv01', 'csa': '$apr1$IqEwdnzy$UAdd8ZSFnXommBbj29w3c0'} ### Certificates & Security openshift_ca_cert_expire_days: 3650 openshift_hosted_registry_cert_expire_days: 3650 openshift_node_cert_expire_days: 3650 openshift_master_cert_expire_days: 3650 etcd_ca_default_days: 3650 ### Docker # log_driver is currently ignored for some reason openshift_docker_log_driver: "json-file" openshift_docker_log_options: [ max-size=2m, max-file=3 ] openshift_docker_options: --log-driver json-file #openshift_docker_options: --log-opt max-size=2m --log-opt max-file=3 ### Registry openshift_hosted_registry_storage_kind: glusterfs openshift_hosted_registry_storage_class: glusterfs-storage openshift_hosted_registry_storage_volume_size: "{{ ands_registry_volume_size }}" # By default dynamic provisioning is not used. The 'openshift_persistent_volumes' role creates pvc/pv pair if the following # variables set. The volumes are called 'registry-claim' and 'registry-volume'. The 'openshift_storage_glusterfs' creates # the corresponding volume using heketi (this can't be disabled, so we patched to skip if openshift_hosted_registry_storage_class set). # Finally, 'openshift_hosted' role creates the corresponding endpoints (this only happens if ..._ips are set). # Alternative is triggered if 'openshift_hosted_registry_storage_glusterfs_swap' is set. The 'openshift_persistent_volumes' creates # registry-glusterfs-claim/registry-volume pair. 'openshift_hosted' role, then, tries first to copy data from the current volume, but # this path is pretty much broken. # I have introduced 'openshift_hosted_registry_storage_class' and blocked if it set creatin of above-said components which are not # possible to disable with variable bellow. Furthermore, I added a simple 'pvc' based on dynamic provisioning to 'openshift_persistent_volumes'. openshift_hosted_registry_storage_create_pv: false openshift_hosted_registry_storage_create_pvc: false # This is an alternative to go standard way. All above should be commented, then. # volume size should be given as plain number (without G) if we go without 'sc'. #openshift_hosted_registry_storage_glusterfs_path: openshift_registry #openshift_hosted_registry_storage_glusterfs_ips: "{{ openshift_storage_nodes }}" ### Dynamic Storage openshift_storage_glusterfs_image: chsa/gluster-centos openshift_storage_glusterfs_version: "{{ glusterfs_version }}" #Either 6 corresponds to latest #openshift_storage_glusterfs_heketi_version: 6 #Only latest #openshift_storage_glusterfs_block_version: latest #openshift_storage_glusterfs_storageclass: True #openshift_storage_glusterfs_storageclass_default: False #openshift_storage_glusterfs_version: '3.12.6' # Latest 3.10.1 #openshift_storage_glusterfs_is_native: True #openshift_storage_glusterfs_is_native: False #openshift_storage_glusterfs_is_missing: False #openshift_storage_glusterfs_heketi_is_native: True #openshift_storage_glusterfs_heketi_url: #openshift_storage_glusterfs_heketi_is_missing: False #openshift_storage_glusterfs_heketi_executor: 'ssh' #openshift_storage_glusterfs_heketi_ssh_port: 22 #openshift_storage_glusterfs_heketi_ssh_user: 'root' #openshift_storage_glusterfs_heketi_ssh_keyfile: "{{ omit }}" # Block Storage openshift_storage_glusterfs_block_storageclass: True openshift_storage_glusterfs_block_storageclass_default: False openshift_storage_glusterfs_block_host_vol_size: 512 openshift_storage_glusterfs_block_host_vol_max: 8 ### Modules & Configuration openshift_master_dynamic_provisioning_enabled: true #openshift_metrics_install_metrics: false openshift_metrics_install_metrics: true openshift_metrics_storage_kind: dynamic openshift_metrics_cassanda_pvc_storage_class_name: glusterfs-storage #openshift_metrics_storage_volume_size: #openshift_metrics_hawkular_hostname: https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics #Problematic and resource intensive #openshift_logging_install_logging: true #openshift_logging_storage_kind: dynamic #openshift_logging_es_pvc_storage_class_name: glusterfs-storage # Does not work #openshift_logging_es_pvc_size: 1Gi #openshift_master_logging_public_url: #Catalog services #openshift_enable_service_catalog: false #ansible_service_broker_install: false #openshift_hosted_etcd_storage_kind #openshift_hosted_etcd_storage_volume_size openshift_install_examples: true # Required for IPFailover openshift_clock_enabled: true