shixiong
/
okd


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283
							---
openshift_openstack_stack_state: 'present'

openshift_openstack_ssh_ingress_cidr: 0.0.0.0/0
openshift_openstack_node_ingress_cidr: 0.0.0.0/0
openshift_openstack_lb_ingress_cidr: 0.0.0.0/0
openshift_openstack_num_etcd: 0
openshift_openstack_num_masters: 1
openshift_openstack_num_nodes: 1
openshift_openstack_num_infra: 1
openshift_openstack_num_cns: 0
openshift_openstack_dns_nameservers: []
openshift_openstack_nodes_to_remove: []

openshift_openstack_use_lbaas_load_balancer: false
openshift_openstack_use_vm_load_balancer: false

openshift_openstack_cluster_node_labels:
  app:
    region: primary
  infra:
    region: infra

openshift_openstack_install_debug_packages: false
openshift_openstack_required_packages:
  - NetworkManager
openshift_openstack_debug_packages:
  - bash-completion
  - bind-utils
  - bridge-utils
  - git
  - net-tools
  - vim-enhanced
  - wget

# container-storage-setup
openshift_openstack_container_storage_setup:
  docker_dev: "/dev/sdb"
  docker_vg: "docker-vol"
  docker_data_size: "95%VG"
  docker_dm_basesize: "3G"
  container_root_lv_name: "dockerlv"
  container_root_lv_mount_path: "/var/lib/docker"


# populate-dns
openshift_openstack_dns_records_add: []

openshift_openstack_public_hostname_suffix: ""
openshift_openstack_private_hostname_suffix: ""
openshift_openstack_public_dns_domain: "example.com"
openshift_openstack_full_dns_domain: "{{ (openshift_openstack_clusterid|trim == '') | ternary(openshift_openstack_public_dns_domain, openshift_openstack_clusterid + '.' + openshift_openstack_public_dns_domain) }}"
openshift_openstack_app_subdomain: "apps"


# heat vars
openshift_openstack_clusterid: openshift
openshift_openstack_stack_name: "openshift-cluster"
openshift_openstack_subnet_cidr: "192.168.99.0/24"
openshift_openstack_pool_start: "192.168.99.3"
openshift_openstack_pool_end: "192.168.99.254"
openshift_openstack_kuryr_service_subnet_cidr: "172.30.0.0/16"
openshift_openstack_kuryr_service_pool_start: "172.30.128.1"
openshift_openstack_kuryr_service_pool_end: "172.30.255.253"
openshift_openstack_kuryr_pod_subnet_cidr: "10.11.0.0/16"
openshift_openstack_master_hostname: master
openshift_openstack_infra_hostname: infra-node
openshift_openstack_cns_hostname: cns
openshift_openstack_node_hostname: app-node
openshift_openstack_lb_hostname: lb
openshift_openstack_etcd_hostname: etcd
openshift_openstack_keypair_name: openshift
openshift_openstack_lb_flavor: "{{ openshift_openstack_default_flavor }}"
openshift_openstack_etcd_flavor: "{{ openshift_openstack_default_flavor }}"
openshift_openstack_master_flavor: "{{ openshift_openstack_default_flavor }}"
openshift_openstack_node_flavor: "{{ openshift_openstack_default_flavor }}"
openshift_openstack_infra_flavor: "{{ openshift_openstack_default_flavor }}"
openshift_openstack_cns_flavor: "{{ openshift_openstack_default_flavor }}"
openshift_openstack_master_image: "{{ openshift_openstack_default_image_name }}"
openshift_openstack_infra_image: "{{ openshift_openstack_default_image_name }}"
openshift_openstack_cns_image: "{{ openshift_openstack_default_image_name }}"
openshift_openstack_node_image: "{{ openshift_openstack_default_image_name }}"
openshift_openstack_lb_image: "{{ openshift_openstack_default_image_name }}"
openshift_openstack_etcd_image: "{{ openshift_openstack_default_image_name }}"
openshift_openstack_provider_network_name: null
openshift_openstack_external_network_name: null
openshift_openstack_private_network: >-
  {% if openshift_openstack_provider_network_name | default(None) -%}
  {{ openshift_openstack_provider_network_name }}
  {%- else -%}
  {{ openshift_openstack_private_network_name | default ('openshift-ansible-' + openshift_openstack_stack_name + '-net') }}
  {%- endif -%}
openshift_openstack_master_server_group_policies: []
openshift_openstack_infra_server_group_policies: []
openshift_openstack_docker_volume_size: 15
openshift_openstack_master_volume_size: "{{ openshift_openstack_docker_volume_size }}"
openshift_openstack_infra_volume_size: "{{ openshift_openstack_docker_volume_size }}"
openshift_openstack_cns_volume_size: "{{ openshift_openstack_docker_volume_size }}"
openshift_openstack_node_volume_size: "{{ openshift_openstack_docker_volume_size }}"
openshift_openstack_etcd_volume_size: 2
openshift_openstack_lb_volume_size: 5
openshift_openstack_ephemeral_volumes: false

# User commands for cloud-init executed on all Nova servers provisioned
openshift_openstack_provision_user_commands: []

# cloud-config
openshift_openstack_disable_root: true
openshift_openstack_user: openshift

# security groups
openshift_openstack_common_secgroup_rules:
  - direction: ingress
    protocol: tcp
    port_range_min: 22
    port_range_max: 22
    remote_ip_prefix: "{{ openshift_openstack_ssh_ingress_cidr }}"
  - direction: ingress
    protocol: icmp
    remote_ip_prefix: "{{ openshift_openstack_ssh_ingress_cidr }}"
openshift_openstack_master_secgroup_rules:
  - direction: ingress
    protocol: tcp
    port_range_min: 4001
    port_range_max: 4001
  - direction: ingress
    protocol: tcp
    port_range_min: "{{ openshift_master_api_port|default(8443) }}"
    port_range_max: "{{ openshift_master_api_port|default(8443) }}"
  - direction: ingress
    protocol: tcp
    port_range_min: "{{ openshift_master_console_port|default(8443) }}"
    port_range_max: "{{ openshift_master_console_port|default(8443) }}"
  - direction: ingress
    protocol: tcp
    port_range_min: 8053
    port_range_max: 8053
  - direction: ingress
    protocol: udp
    port_range_min: 8053
    port_range_max: 8053
  - direction: ingress
    protocol: tcp
    port_range_min: 24224
    port_range_max: 24224
  - direction: ingress
    protocol: udp
    port_range_min: 24224
    port_range_max: 24224
  - direction: ingress
    protocol: tcp
    port_range_min: 2224
    port_range_max: 2224
  - direction: ingress
    protocol: udp
    port_range_min: 5404
    port_range_max: 5405
  - direction: ingress
    protocol: tcp
    port_range_min: 9090
    port_range_max: 9090
openshift_openstack_etcd_secgroup_rules:
  - direction: ingress
    protocol: tcp
    port_range_min: 2379
    port_range_max: 2380
    remote_mode: remote_group_id
openshift_openstack_node_secgroup_rules:
  # NOTE(shadower): the 53 rules are needed for Kuryr
  - direction: ingress
    protocol: tcp
    port_range_min: 53
    port_range_max: 53
  - direction: ingress
    protocol: udp
    port_range_min: 53
    port_range_max: 53
  - direction: ingress
    protocol: tcp
    port_range_min: 10250
    port_range_max: 10250
    remote_mode: remote_group_id
  - direction: ingress
    protocol: udp
    port_range_min: 10250
    port_range_max: 10250
    remote_mode: remote_group_id
  - direction: ingress
    protocol: tcp
    port_range_min: 10255
    port_range_max: 10255
    remote_mode: remote_group_id
  - direction: ingress
    protocol: udp
    port_range_min: 10255
    port_range_max: 10255
    remote_mode: remote_group_id
  - direction: ingress
    protocol: udp
    port_range_min: 4789
    port_range_max: 4789
    remote_mode: remote_group_id
  - direction: ingress
    protocol: tcp
    port_range_min: 30000
    port_range_max: 32767
    remote_ip_prefix: "{{ openshift_openstack_node_ingress_cidr }}"
  - direction: ingress
    protocol: tcp
    port_range_min: 30000
    port_range_max: 32767
    remote_ip_prefix: "{{ openshift_openstack_subnet_cidr }}"
openshift_openstack_infra_secgroup_rules:
  - direction: ingress
    protocol: tcp
    port_range_min: 80
    port_range_max: 80
  - direction: ingress
    protocol: tcp
    port_range_min: 443
    port_range_max: 443
  - direction: ingress
    protocol: tcp
    port_range_min: 1936
    port_range_max: 1936
openshift_openstack_cns_secgroup_rules:
  # rpcbind
  - direction: ingress
    protocol: tcp
    port_range_min: 111
    port_range_max: 111
  # glusterfs_sshd
  - direction: ingress
    protocol: tcp
    port_range_min: 2222
    port_range_max: 2222
  # iscsi-targets
  - direction: ingress
    protocol: tcp
    port_range_min: 3260
    port_range_max: 3260
  # heketi dialing backends
  - direction: ingress
    protocol: tcp
    port_range_min: 10250
    port_range_max: 10250
  # glusterfs_management
  - direction: ingress
    protocol: tcp
    port_range_min: 24007
    port_range_max: 24007
  # glusterfs_rdma
  - direction: ingress
    protocol: tcp
    port_range_min: 24008
    port_range_max: 24008
  # glusterblockd
  - direction: ingress
    protocol: tcp
    port_range_min: 24010
    port_range_max: 24010
  # glusterfs_bricks
  - direction: ingress
    protocol: tcp
    port_range_min: 49152
    port_range_max: 49251
openshift_openstack_lb_base_secgroup_rules:
  - direction: ingress
    protocol: tcp
    port_range_min: 443
    port_range_max: 443
    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"
  - direction: ingress
    protocol: tcp
    port_range_min: "{{ openshift_master_api_port | default(8443) }}"
    port_range_max: "{{ openshift_master_api_port | default(8443) }}"
    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"
openshift_openstack_lb_console_secgroup_rules:
  - direction: ingress
    protocol: tcp
    port_range_min: "{{ openshift_master_console_port | default(8443) }}"
    port_range_max: "{{ openshift_master_console_port | default(8443) }}"
    remote_ip_prefix: "{{ openshift_openstack_lb_ingress_cidr }}"