shixiong
/
okd


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
							---
# openshift_master_defaults_in_use is a workaround to detect if we are consuming
# the plays from the role or outside of the role.
openshift_master_defaults_in_use: True
openshift_master_debug_level: "{{ debug_level | default(2) }}"

r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"

l_openshift_images_dict:
  origin: 'docker.io/openshift/origin-${component}:${version}'
  openshift-enterprise: 'registry.access.redhat.com/openshift3/ose-${component}:${version}'
l_osm_registry_url_default: "{{ l_openshift_images_dict[openshift_deployment_type] }}"
l_os_registry_url: "{{ oreg_url_master | default(oreg_url) | default(l_osm_registry_url_default) | regex_replace('${version}' | regex_escape, openshift_image_tag | default('${version}')) }}"

l_openshift_prefix_dict:
  origin: 'origin-${component}'
  openshift-enterprise: 'ose-${component}'
l_os_prefix: "{{ l_openshift_prefix_dict[openshift_deployment_type] }}"
l_os_prefix_base: "{{ l_openshift_prefix_dict[openshift_deployment_type] | regex_replace('-${component}' | regex_escape, '') }}"
# TODO: we should publish oreg_url component=master
osm_image: "{{ l_os_registry_url | regex_replace(l_os_prefix | regex_escape, l_os_prefix_base) }}"

system_images_registry_dict:
  openshift-enterprise: "registry.access.redhat.com"
  origin: "docker.io"

system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}"

l_osm_id_providers_dict:
  openshift-enterprise:
  - name: 'deny_all'
    challenge: True
    login: True
    kind: 'DenyAllPasswordIdentityProvider'
  origin:
  - name: 'allow_all'
    challenge: True
    login: True
    kind: 'AllowAllPasswordIdentityProvider'

openshift_master_identity_providers: "{{ l_osm_id_providers_dict[openshift_deployment_type] }}"

l_osm_disabled_features: "{{ openshift_deployment_subtype == 'registry' | bool }}"
l_osm_disabled_features_list:
- Builder
- S2IBuilder
- WebConsole


openshift_master_dns_port: 8053
osm_project_request_template: ''
osm_mcs_allocator_range: 's0:/2'
osm_mcs_labels_per_project: 5
osm_uid_allocator_range: '1000000000-1999999999/10000'
osm_project_request_message: ''

openshift_node_ips: []
r_openshift_master_clean_install: false
r_openshift_master_os_firewall_enable: true
r_openshift_master_os_firewall_deny: []
default_r_openshift_master_os_firewall_allow:
- service: api server https
  port: "{{ openshift.master.api_port }}/tcp"
- service: api controllers https
  port: "{{ openshift.master.controllers_port }}/tcp"
- service: skydns tcp
  port: "{{ openshift_master_dns_port }}/tcp"
- service: skydns udp
  port: "{{ openshift_master_dns_port }}/udp"
r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"

# oreg_url is defined by user input
oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
oreg_auth_credentials_replace: False
l_bind_docker_reg_auth: False
openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}"

containerized_svc_dir: "/usr/lib/systemd/system"
ha_svc_template_path: "native-cluster"

openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"

openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig"
loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}"
openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"

scheduler_config:
  kind: Policy
  apiVersion: v1
  predicates: "{{ openshift_master_scheduler_predicates
                  | default(openshift_master_scheduler_current_predicates
                            | default(openshift_master_scheduler_default_predicates)) }}"
  priorities: "{{ openshift_master_scheduler_priorities
                  | default(openshift_master_scheduler_current_priorities
                            | default(openshift_master_scheduler_default_priorities)) }}"

openshift_master_valid_grant_methods:
- auto
- prompt
- deny

openshift_master_is_scaleup_host: False

# openshift_master_oauth_template is deprecated.  Should be added to deprecations
# and removed.
openshift_master_oauth_template: False
openshift_master_oauth_templates_default:
  login: "{{ openshift_master_oauth_template }}"
openshift_master_oauth_templates: "{{ openshift_master_oauth_template | ternary(openshift_master_oauth_templates_default, False) }}"
# Here we combine openshift_master_oath_template into 'login' key of openshift_master_oath_templates, if not present.
l_openshift_master_oauth_templates: "{{ openshift_master_oauth_templates | default(openshift_master_oauth_templates_default) }}"

# NOTE
# r_openshift_master_*_default may be defined external to this role.
# openshift_use_*, if defined, may affect other roles or play behavior.
r_openshift_master_use_openshift_sdn_default: "{{ openshift_use_openshift_sdn | default(True) }}"
r_openshift_master_use_openshift_sdn: "{{ r_openshift_master_use_openshift_sdn_default }}"

r_openshift_master_use_nuage_default: "{{ openshift_use_nuage | default(False) }}"
r_openshift_master_use_nuage: "{{ r_openshift_master_use_nuage_default }}"

r_openshift_master_use_contiv_default: "{{ openshift_use_contiv | default(False) }}"
r_openshift_master_use_contiv: "{{ r_openshift_master_use_contiv_default }}"

r_openshift_master_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}"
r_openshift_master_use_kuryr: "{{ r_openshift_master_use_kuryr_default }}"

r_openshift_master_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}"
r_openshift_master_data_dir: "{{ r_openshift_master_data_dir_default }}"

r_openshift_master_sdn_network_plugin_name_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}"
r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_plugin_name_default }}"

openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}"

openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}"
openshift_master_config_dir: "{{ openshift_master_config_dir_default }}"

openshift_master_csr_sa: node-bootstrapper
openshift_master_csr_namespace: openshift-infra

openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"