summaryrefslogtreecommitdiffstats
path: root/roles/container_runtime/defaults/main.yml
blob: 77cf86b0a8ad37a09f3f4b3f71576711265aa655 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
---
docker_cli_auth_config_path: '/root/.docker'
openshift_docker_signature_verification: False

openshift_docker_alternative_creds: False

# oreg_url is defined by user input.
oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
oreg_auth_credentials_replace: False

openshift_docker_use_system_container: False
openshift_docker_disable_push_dockerhub: False  # bool
openshift_docker_selinux_enabled: True
openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"

openshift_docker_hosted_registry_insecure: False  # bool

openshift_docker_hosted_registry_network_default: "{{ openshift_portal_net | default(False) }}"
openshift_docker_hosted_registry_network: "{{ openshift_docker_hosted_registry_network_default }}"

openshift_docker_additional_registries: []
openshift_docker_blocked_registries: []
openshift_docker_insecure_registries: []

openshift_docker_ent_reg: 'registry.access.redhat.com'

openshift_docker_options: False  # str
openshift_docker_log_driver: False  # str
openshift_docker_log_options: []

# The l2_docker_* variables convert csv strings to lists, if
# necessary.  These variables should be used in place of their respective
# openshift_docker_* counterparts to ensure the properly formatted lists are
# utilized.
l2_docker_additional_registries: "{% if openshift_docker_additional_registries is string %}{% if openshift_docker_additional_registries == '' %}[]{% elif ',' in openshift_docker_additional_registries %}{{ openshift_docker_additional_registries.split(',') | list }}{% else %}{{ [ openshift_docker_additional_registries ] }}{% endif %}{% else %}{{ openshift_docker_additional_registries }}{% endif %}"
l2_docker_blocked_registries: "{% if openshift_docker_blocked_registries is string %}{% if openshift_docker_blocked_registries == '' %}[]{% elif ',' in openshift_docker_blocked_registries %}{{ openshift_docker_blocked_registries.split(',') | list }}{% else %}{{ [ openshift_docker_blocked_registries ] }}{% endif %}{% else %}{{ openshift_docker_blocked_registries }}{% endif %}"
l2_docker_insecure_registries: "{% if openshift_docker_insecure_registries is string %}{% if openshift_docker_insecure_registries == '' %}[]{% elif ',' in openshift_docker_insecure_registries %}{{ openshift_docker_insecure_registries.split(',') | list }}{% else %}{{ [ openshift_docker_insecure_registries ] }}{% endif %}{% else %}{{ openshift_docker_insecure_registries }}{% endif %}"
l2_docker_log_options: "{% if openshift_docker_log_options is string %}{% if ',' in openshift_docker_log_options %}{{ openshift_docker_log_options.split(',') | list }}{% else %}{{ [ openshift_docker_log_options ] }}{% endif %}{% else %}{{ openshift_docker_log_options }}{% endif %}"

openshift_docker_use_etc_containers: False
containers_registries_conf_path: /etc/containers/registries.conf

r_crio_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_crio_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"

r_crio_os_firewall_deny: []
r_crio_os_firewall_allow:
- service: crio
  port: 10010/tcp


openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['oo_masters_to_config']|default([])) or inventory_hostname in (groups['oo_nodes_to_config']|default([])) else False | bool }}"

docker_alt_storage_path: /var/lib/containers/docker
docker_default_storage_path: /var/lib/docker
docker_storage_path: "{{ docker_default_storage_path }}"
docker_storage_size: 40G
docker_storage_setup_options:
  vg: docker_vg
  data_size: 99%VG
  storage_driver: overlay2
  root_lv_name: docker-root-lv
  root_lv_size: 100%FREE
  root_lv_mount_path: "{{ docker_storage_path }}"
docker_storage_extra_options:
- "--storage-opt overlay2.override_kernel_check=true"
- "{{ '--storage-opt overlay2.size=' ~ docker_storage_size if container_runtime_docker_storage_setup_device is defined and container_runtime_docker_storage_setup_device != '' else '' }}"
- "--graph={{ docker_storage_path}}"


# Set local versions of facts that must be in json format for container-daemon.json
# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson
l_docker_log_options: "{{ l2_docker_log_options | to_json }}"
l_docker_log_options_dict: "{{ l2_docker_log_options | lib_utils_oo_list_to_dict | to_json }}"
l_docker_additional_registries: "{{ l2_docker_additional_registries | to_json }}"
l_docker_blocked_registries: "{{ l2_docker_blocked_registries | to_json }}"
l_docker_insecure_registries: "{{ l2_docker_insecure_registries | to_json }}"
l_docker_selinux_enabled: "{{ openshift_docker_selinux_enabled | to_json }}"

docker_http_proxy: "{{ openshift_http_proxy | default('') }}"
docker_https_proxy: "{{ openshift.common.https_proxy | default('') }}"
docker_no_proxy: "{{ openshift.common.no_proxy | default('') }}"

openshift_use_crio: False
openshift_use_crio_only: False

l_openshift_image_tag_default: "{{ openshift_release | default('latest') }}"
l_openshift_image_tag: "{{ openshift_image_tag | default(l_openshift_image_tag_default) | string}}"

l_required_docker_version: '1.12'

# --------------------- #
# systemcontainers_crio #
# --------------------- #
l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}"
l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}"
l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}"

# this is a list of dictionaries of mounts
# container_runtime_crio_additional_mounts:
# - destination: /test
#   source: /var/test
#   options:
#   - rw
#   - mode=755
#   type: bind
container_runtime_crio_additional_mounts: []

l_crio_additional_mounts: "{{ ',' + (container_runtime_crio_additional_mounts | lib_utils_oo_l_of_d_to_csv) if container_runtime_crio_additional_mounts != [] else '' }}"

openshift_crio_image_tag_default: "latest"

l_crt_crio_image_tag_dict:
  openshift-enterprise: "{{ l_openshift_image_tag }}"
  origin: "{{ openshift_crio_image_tag | default(openshift_crio_image_tag_default) }}"

l_crt_crio_image_dict:
  Fedora: "registry.fedoraproject.org/latest/cri-o"
  CentOS: "registry.centos.org/projectatomic/cri-o"
  RedHat: "registry.access.redhat.com/openshift3/cri-o"

l_crio_image_name: "{{ l_crt_crio_image_dict[ansible_distribution] }}"
l_crio_image_tag: "{{ l_crt_crio_image_tag_dict[openshift_deployment_type] }}"

l_crio_image_default: "{{ l_crio_image_name }}:{{ l_crio_image_tag }}"
l_crio_image: "{{ openshift_crio_systemcontainer_image_override | default(l_crio_image_default) }}"

# ----------------------- #
# systemcontainers_docker #
# ----------------------- #
l_crt_docker_image_dict:
  Fedora: "registry.fedoraproject.org/latest/docker"
  CentOS: "registry.centos.org/projectatomic/docker"
  RedHat: "registry.access.redhat.com/openshift3/container-engine"

openshift_docker_image_tag_default: "latest"
l_crt_docker_image_tag_dict:
  openshift-enterprise: "{{ l_openshift_image_tag }}"
  origin: "{{ openshift_docker_image_tag | default(openshift_docker_image_tag_default) }}"

l_docker_image_prepend: "{{ l_crt_docker_image_dict[ansible_distribution] }}"
l_docker_image_tag: "{{ l_crt_docker_image_tag_dict[openshift_deployment_type] }}"

l_docker_image_default: "{{ l_docker_image_prepend }}:{{ l_docker_image_tag }}"
l_docker_image: "{{ openshift_docker_systemcontainer_image_override | default(l_docker_image_default) }}"

l_is_node_system_container: "{{ (openshift_use_node_system_container | default(openshift_use_system_containers | default(false)) | bool) }}"