· 6 years ago · Feb 28, 2020, 06:16 PM
1[OSEv3:children]
2masters
3etcd
4nodes
5
6[OSEv3:vars]
7ansible_ssh_user=ec2-user
8ansible_become=true
9openshift_deployment_type=openshift-enterprise
10
11# AWS
12openshift_cloudprovider_kind=aws
13openshift_clusterid=ddcocp311
14
15# StorageClass
16openshift_storageclass_name=gp2
17openshift_storageclass_parameters={'type': 'gp2', 'encrypted': 'false'}
18openshift_storageclass_reclaim_policy="Delete"
19
20openshift_release=3.11
21openshift_pkg_version=-3.11.88
22
23openshift_disable_check=docker_image_availability,docker_storage,disk_availability
24
25#Node group definitions
26openshift_node_groups=[{'name': 'node-config-master', 'labels': ['node-role.kubernetes.io/master=true']}, {'name': 'node-config-infra', 'labels': ['node-role.kubernetes.io/infra=true']}, {'name': 'node-config-compute', 'labels': ['node-role.kubernetes.io/compute=true']}, {'name': 'node-config-logging', 'labels': ['node-role.kubernetes.io/logging=true']}]
27
28# use htpasswd authentication
29openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
30openshift_master_htpasswd_users={'system': '$apr1$PrUs53Ft$iBF8egdazlAw9uhv.8W4l0', 'developer': '$apr1$w7b7sZ2g$ZrTlJOiPb7WHo5FKvWi.C.'}
31
32# registry auth
33#registry.access.redhat.com still provides anonymous access for the moment but will be deprecated within the next year.
34#oreg_url=registry.access.redhat.com/openshift3/ose-${component}:${version}
35#use a service account where possible (generated token from https://access.redhat.com/terms-based-registry/)
36#oreg_auth_user=xxxxxxxxxxxxxx
37#oreg_auth_password=xxxxxxxxxxxx
38oreg_url=registry.redhat.io/openshift3/ose-${component}:${version}
39oreg_auth_user='<redacted>'
40oreg_auth_password='<redacted>'
41
42# Install examples
43openshift_install_examples=true
44
45# Metrics
46openshift_metrics_install_metrics=true
47openshift_metrics_cassandra_storage_type=dynamic
48openshift_metrics_cassandra_pvc_size=10Gi
49openshift_metrics_heapster_nodeselector={'node-role.kubernetes.io/infra':'true'}
50openshift_metrics_hawkular_nodeselector={'node-role.kubernetes.io/infra':'true'}
51openshift_metrics_cassandra_nodeselector={'node-role.kubernetes.io/infra':'true'}
52
53# Prometheus
54openshift_cluster_monitoring_operator_install=true
55openshift_cluster_monitoring_operator_prometheus_storage_enabled=true
56openshift_cluster_monitoring_operator_alertmanager_storage_enabled=true
57openshift_cluster_monitoring_operator_prometheus_storage_class_name=gp2
58openshift_cluster_monitoring_operator_alertmanager_storage_class_name=gp2
59#openshift_cluster_monitoring_operator_prometheus_storage_capacity (default: 50Gi)
60#openshift_cluster_monitoring_operator_alertmanager_storage_capacity (default: 2Gi)
61
62# Logging
63openshift_logging_install_logging=true
64#openshift_logging_purge_logging=true
65openshift_logging_es_memory_limit=8Gi
66openshift_logging_es_pvc_dynamic=true
67openshift_logging_es_pvc_size=60Gi
68openshift_logging_es_cluster_size=3
69openshift_logging_es_nodeselector={"node-role.kubernetes.io/logging":"true"}
70openshift_logging_kibana_nodeselector={"node-role.kubernetes.io/logging":"true"}
71openshift_logging_curator_nodeselector={"node-role.kubernetes.io/logging":"true"}
72openshift_logging_es_number_of_replicas=2
73
74# SDN
75os_sdn_network_plugin_name='redhat/openshift-ovs-networkpolicy'
76
77# Certs
78openshift_hosted_registry_cert_expire_days=9999
79openshift_ca_cert_expire_days=9999
80openshift_node_cert_expire_days=9999
81openshift_master_cert_expire_days=9999
82etcd_ca_default_days=9999
83openshift_master_overwrite_named_certificates=true
84openshift_master_named_certificates=[{"certfile": "/home/ec2-user/.acme.sh/master.ddcocp311.ddelcian.rhcee.support/master.ddcocp311.ddelcian.rhcee.support.cer", "key
85file": "/home/ec2-user/.acme.sh/master.ddcocp311.ddelcian.rhcee.support/master.ddcocp311.ddelcian.rhcee.support.key", "names": ["master.ddcocp311.ddelcian.rhcee.supp
86ort"], "cafile": "/home/ec2-user/.acme.sh/master.ddcocp311.ddelcian.rhcee.support/ca.cer"}]
87openshift_hosted_router_certificate={"certfile": "/home/ec2-user/.acme.sh/*.apps.ddcocp311.ddelcian.rhcee.support/*.apps.ddcocp311.ddelcian.rhcee.support.cer", "keyf
88ile": "/home/ec2-user/.acme.sh/*.apps.ddcocp311.ddelcian.rhcee.support/*.apps.ddcocp311.ddelcian.rhcee.support.key", "cafile": "/home/ec2-user/.acme.sh/*.apps.ddcocp
89311.ddelcian.rhcee.support/ca.cer"}
90
91# Configure master API and console ports.
92openshift_master_api_port=443
93openshift_master_console_port=443
94
95# HA cluster
96openshift_master_cluster_method=native
97openshift_master_cluster_hostname=master-internal.ddcocp311.ddelcian.rhcee.support
98openshift_master_cluster_public_hostname=master.ddcocp311.ddelcian.rhcee.support
99
100# Default subdomain to use for exposed routes
101openshift_master_default_subdomain=apps.ddcocp311.ddelcian.rhcee.support
102
103# Put the router on dedicated infra node
104#openshift_hosted_router_selector='region=infra'
105
106# Put the image registry on dedicated infra node
107#openshift_hosted_registry_selector='region=infra'
108
109# Project pods should be placed on primary nodes
110#osm_default_node_selector='region=primary'
111
112[masters]
113ip-10-0-0-238.ec2.internal
114ip-10-0-1-62.ec2.internal
115ip-10-0-2-153.ec2.internal
116
117[etcd]
118ip-10-0-0-238.ec2.internal
119ip-10-0-1-62.ec2.internal
120ip-10-0-2-153.ec2.internal
121
122[nodes]
123ip-10-0-0-238.ec2.internal openshift_node_group_name="node-config-master"
124ip-10-0-1-62.ec2.internal openshift_node_group_name="node-config-master"
125ip-10-0-2-153.ec2.internal openshift_node_group_name="node-config-master"
126
127ip-10-0-0-221.ec2.internal openshift_node_group_name="node-config-infra"
128ip-10-0-1-220.ec2.internal openshift_node_group_name="node-config-infra"
129ip-10-0-2-202.ec2.internal openshift_node_group_name="node-config-infra"
130
131ip-10-0-0-16.ec2.internal openshift_node_group_name="node-config-compute"
132ip-10-0-1-9.ec2.internal openshift_node_group_name="node-config-compute"
133ip-10-0-2-4.ec2.internal openshift_node_group_name="node-config-compute"
134
135ip-10-0-0-61.ec2.internal openshift_node_group_name="node-config-logging"
136ip-10-0-1-217.ec2.internal openshift_node_group_name="node-config-logging"
137ip-10-0-2-133.ec2.internal openshift_node_group_name="node-config-logging"