Created
July 5, 2018 20:42
-
-
Save oatmealraisin/40adb526f0bcb92b91a6e69dbe012851 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [OSEv3:children] | |
| masters | |
| nodes | |
| etcd | |
| lb | |
| [OSEv3:vars] | |
| # General Ansible options | |
| # # # # # # | |
| containerized=false | |
| ansible_ssh_user=centos | |
| ansible_become=true | |
| # OpenShift options | |
| # # # # # # | |
| openshift_master_identity_providers=[{'name': 'github', 'login': 'true', 'challenge': 'false', 'mappingMethod': 'add', 'kind': 'GitHubIdentityProvider', 'clientID': 'redacted', 'clientSecret': 'redacted', 'organizations': ['FooBarLLC']}] | |
| # Installation Details | |
| # # # # # # | |
| openshift_deployment_type=origin | |
| openshift_metrics_install_metrics=true | |
| openshift_logging_install_logging=true | |
| openshift_web_console_install=true | |
| openshift_install_examples=true | |
| openshift_metrics_install_hawkular_agent=true | |
| openshift_release=v3.9 | |
| # Configuring endpoints | |
| # # # # # # | |
| # openshift_logging_master_url | The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster. Defaults to 'https://kubernetes.default.svc.{{openshift.common.dns_domain}}'. | |
| # openshift_logging_master_public_url | The public facing URL for the Kubernetes master, this is used for Authentication redirection. Defaults to 'https://{{openshift.common.public_hostname}}:{{openshift.master.api_port}}'. | |
| # openshift_logging_kibana_hostname | The Kibana hostname. Defaults to 'kibana.example.com'. | |
| # openshift_master_api_port | UNDEF | | | |
| # openshift_master_console_port | UNDEF | | | |
| # openshift_master_api_url | UNDEF | | | |
| # openshift_master_console_url | UNDEF | | | |
| # openshift_master_public_api_url | UNDEF | | | |
| # openshift_master_public_console_url | UNDEF | | | |
| # openshift_grafana_hostname | grafana | Grafana route hostname | | |
| # openshift_logging_es_allow_external | True (default is False) - if this is # True, Elasticsearch will be exposed as a Route | |
| # openshift_logging_es_hostname | The external facing hostname to use for # the route and the TLS server certificate (default is "es." + `openshift_master_default_subdomainx) | |
| # openshift_logging_es_cert | location of the certificate Elasticsearch (default is a generated cert) | |
| # openshift_logging_es_key | location of the key Elasticsearch (default is a generated key) | |
| # openshift_logging_es_ca_ext | location of the CA cert for the cert (default is the internal CA) | |
| # openshift_logging_es_ops_allow_external | True (default is False) - if this is # True, Elasticsearch will be exposed as a Route | |
| # openshift_logging_es_ops_hostname | The external facing hostname to use for the route and the TLS server certificate (default is "es-ops." + openshift_master_default_subdomain`) | |
| # openshift_logging_es_ops_cert | The location of the certificate Elasticsearch # uses for the external TLS server cert (default is a generated cert) | |
| # openshift_logging_es_ops_key | The location of the key Elasticsearch # uses for the external TLS server cert (default is a generated key) | |
| # openshift_logging_es_ops_ca_ext | The location of the CA cert for the cert # Elasticsearch uses for the external TLS server cert (default is the internal # CA) | |
| # openshift_master_cluster_method=native | |
| # openshift_master_cluster_hostname=lb-internal.openshift.com | |
| # openshift_master_cluster_public_hostname=custom.openshift.com | |
| # Native high availability (default cluster method) | |
| # If no lb group is defined, the installer assumes that a load balancer has | |
| # been preconfigured. For installation the value of | |
| # openshift_master_cluster_hostname must resolve to the load balancer | |
| # or to one or all of the masters defined in the inventory if no load | |
| # balancer is present. | |
| #openshift_master_cluster_hostname=openshift-ansible.test.example.com | |
| # If an external load balancer is used public hostname should resolve to | |
| # external load balancer address | |
| # Custom certificates should only be configured for the host name associated | |
| # with the publicMasterURL which can be set using | |
| # openshift_master_cluster_public_hostname. | |
| openshift_master_cluster_public_hostname=infra.foo.com | |
| openshift_master_named_certificates=[ {"certfile": "/etc/letsencrypt/live/infra.foo.com/cert.pem", "keyfile": "/etc/letsencrypt/live/infra.foo.com/privkey.pem", "cafile": "/etc/letsencrypt/live/infra.foo.com/chain.pem", "names": ["infra.foo.com"]} ] | |
| openshift_master_overwrite_named_certificates=true | |
| # Using a custom serving certificate for the host name associated with the | |
| # masterURL (openshift_master_cluster_hostname) will result in TLS errors as | |
| # infrastructure components will attempt to contact the master API using the | |
| # internal masterURL host. | |
| openshift_master_cluster_hostname=foo-internal.us-east-1.elb.amazonaws.com | |
| # Native high availability (default cluster method) | |
| # If no lb group is defined, the installer assumes that a load balancer has | |
| # been preconfigured. For installation the value of | |
| # openshift_master_cluster_hostname must resolve to the load balancer | |
| # or to one or all of the masters defined in the inventory if no load | |
| # balancer is present. | |
| openshift_master_cluster_method=native | |
| # Sets the port number to access the OpenShift Origin API. | |
| # NOTE: The web console port must match the API server port | |
| openshift_master_api_port=443 | |
| openshift_master_console_port=443 | |
| openshift_master_console_url=infra.foo.com | |
| openshift_master_public_console_url=infra.foo.com | |
| openshift_master_public_api_url=https://foo-external.us-east-1.elb.amazonaws.com | |
| openshift_public_hostname=infra.foo.com | |
| #openshift_hostname=infra.foo.com | |
| # Should be the same as public hostname | |
| openshift_logging_master_public_url=infra.foo.com | |
| # Defaults to https://hawkular-metrics.{{openshift_master_default_subdomain}}/hawkular/metrics | |
| openshift_metrics_hawkular_hostname=hawkular.foo.com | |
| openshift_master_metrics_public_url=metrics.foo.com | |
| openshift_grafana_hostname=metrics.foo.com | |
| openshift_logging_kibana_hostname=kibana.foo.com | |
| #- `openshift_metrics_image_version`: Specify version for metrics components; e.g. for | |
| # "openshift/origin-metrics-deployer:v1.1", set version "v1.1". | |
| openshift_metrics_image_version=v3.9 | |
| #- `openshift_metrics_hawkular_cert:` The certificate used for re-encrypting the route | |
| # to Hawkular metrics. The certificate must contain the hostname used by the route. | |
| # The default router certificate will be used if unspecified | |
| # | |
| #- `openshift_metrics_hawkular_key:` The key used with the Hawkular certificate | |
| # | |
| #- `openshift_metrics_hawkular_ca:` An optional certificate used to sign the Hawkular certificate. | |
| # TODO: What does this do? | |
| openshift_master_bootstrap_enabled=True | |
| #openshift_use_openshift_sdn=true | |
| openshift_hosted_router_wait=False | |
| openshift_hosted_registry_wait=False | |
| system_images_registry="docker.io" | |
| openshift_web_console_inactivity_timeout_minutes=30 | |
| openshift_hosted_router_selector='region=infra' | |
| # Router replicas (optional) | |
| # Unless specified, openshift-ansible will calculate the replica count | |
| # based on the number of nodes matching the openshift router selector. | |
| #openshift_hosted_router_replicas=2 | |
| # Manage the OpenShift Router (optional) | |
| openshift_hosted_manage_router=true | |
| openshift_master_external_ratelimit_qps=200 | |
| openshift_master_external_ratelimit_burst=400 | |
| openshift_master_loopback_ratelimit_qps=300 | |
| openshift_master_loopback_ratelimit_burst=600 | |
| # Cloud Provider Configuration | |
| # # # # # # | |
| openshift_clusterid=foo | |
| openshift_cloudprovider_kind=aws | |
| openshift_cloudprovider_aws_access_key=redacted | |
| openshift_cloudprovider_aws_secret_key=redacted | |
| # Docker Registry Configuration | |
| # # # # # # | |
| openshift_hosted_registry_selector='region=infra' | |
| # Manage the OpenShift Registry (optional) | |
| openshift_hosted_manage_registry=true | |
| openshift_hosted_manage_registry_console=true | |
| # AWS S3 | |
| # S3 bucket must already exist. | |
| openshift_hosted_registry_storage_kind=object | |
| openshift_hosted_registry_storage_provider=s3 | |
| openshift_hosted_registry_storage_s3_encrypt=false | |
| #openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id | |
| openshift_hosted_registry_storage_s3_accesskey=redacted | |
| openshift_hosted_registry_storage_s3_secretkey=redacted | |
| openshift_hosted_registry_storage_s3_bucket=foo-docker-registry | |
| openshift_hosted_registry_storage_s3_region=us-east-1 | |
| #openshift_hosted_registry_storage_s3_chunksize=26214400 | |
| openshift_hosted_registry_storage_s3_rootdirectory=/registry | |
| #openshift_hosted_registry_pullthrough=true | |
| #openshift_hosted_registry_acceptschema2=true | |
| #openshift_hosted_registry_enforcequota=true | |
| # Additional CloudFront Options. When using CloudFront all three | |
| # of the followingg variables must be defined. | |
| #openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/ | |
| #openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem | |
| #openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid | |
| # Logging + Web Console | |
| # # # # # # | |
| # openshift_logging_namespace | The namespace that Aggregated Logging will be installed in. Defaults to 'logging'. | |
| openshift_logging_es_pvc_dynamic=emptyDir | |
| openshift_logging_storage_kind=dynamic | |
| openshift_logging_storage_access_modes=['ReadWriteOnce'] | |
| openshift_logging_storage_volume_name=logging | |
| openshift_logging_storage_volume_size=10Gi | |
| #openshift_logging_namespace=openshift-metrics | |
| etcd_debug=true | |
| debug_level=2 | |
| # Metrics | |
| # # # # # # | |
| # openshift_prometheus_namespace | project (i.e. namespace) where the components will be deployed. | |
| # openshift_prometheus_node_selector | Selector for the nodes prometheus will be deployed on. | |
| # openshift_prometheus_args | Modify or add arguments for prometheus application | |
| # openshift_prometheus_hostname | prometheus-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}} | |
| # openshift_prometheus_alerts_hostname | prometheus_alerts-{{openshift_prometheus_namespace}}.{{openshift_master_default_subdomain}} | |
| openshift_metrics_storage_kind=dynamic | |
| #openshift_metrics_project=openshift-metrics | |
| #openshift_prometheus_namespace=openshift-metrics | |
| openshift_hosted_prometheus_deploy=true | |
| openshift_prometheus_storage_type=pvc | |
| openshift_prometheus_alertmanager_storage_type=pvc | |
| openshift_prometheus_alertbuffer_storage_type=pvc | |
| openshift_metrics_start_cluster=true | |
| # Monitoring | |
| # # # # # # | |
| # openshift_grafana_namespace | openshift-grafana | Default grafana namespace | | |
| # openshift_grafana_timeout | 300 | Default pod wait timeout | | |
| # openshift_grafana_prometheus_namespace | openshift-metrics | Default prometheus namespace | | |
| # openshift_grafana_prometheus_serviceaccount | promethus | Prometheus service account | | |
| # openshift_grafana_serviceaccount_name | grafana | Grafana service account name | | |
| # openshift_grafana_datasource_name | prometheus | Default datasource name | | |
| # openshift_grafana_node_exporter | false | Do we want to deploy node exported dashboard | | |
| # openshift_grafana_graph_granularity | 2m | Default dashboard granularity | | |
| # openshift_grafana_node_selector | {"region":"infra"}| Default node selector | | |
| # openshift_grafana_serviceaccount_annotations | empty | Additional service account annotation list | | |
| # openshift_grafana_dashboards | (check defaults) | Additional list of dashboards to deploy | | |
| # openshift_grafana_hostname | grafana | Grafana route hostname | | |
| #openshift_grafana_namespace=openshift-metrics | |
| openshift_grafana_user=grafana | |
| openshift_grafana_hostname=grafana.foo.com | |
| openshift_grafana_node_selector={"region": "infra"} | |
| openshift_grafana_password=grafana | |
| openshift_grafana_datasource_name=prometheus | |
| openshift_grafana_node_exporter=false | |
| openshift_grafana_graph_granularity="2m" | |
| #openshift_grafana_prometheus_namespace="openshift-metrics" | |
| openshift_grafana_prometheus_serviceaccount=prometheus | |
| openshift_grafana_serviceaccount_name=grafana | |
| osm_use_cockpit=true | |
| osm_cockpit_plugins=['cockpit-kubernetes'] | |
| [masters] | |
| master-1.compute-1.amazonaws.com | |
| master-2.compute-1.amazonaws.com | |
| master-3.compute-1.amazonaws.com | |
| [etcd] | |
| master-1.compute-1.amazonaws.com | |
| master-2.compute-1.amazonaws.com | |
| master-3.compute-1.amazonaws.com | |
| [nodes] | |
| master-1.compute-1.amazonaws.com | |
| master-2.compute-1.amazonaws.com | |
| master-3.compute-1.amazonaws.com | |
| compute-1.compute-1.amazonaws.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}" | |
| compute-2.compute-1.amazonaws.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}" | |
| compute-3.compute-1.amazonaws.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}" | |
| infra-1.compute-1.amazonaws.com openshift_node_labels="{'region': 'infra', 'zone': 'east'}" | |
| infra-2.compute-1.amazonaws.com openshift_node_labels="{'region': 'infra', 'zone': 'east'}" | |
| [lb] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment