diff options
Diffstat (limited to 'inventory')
-rw-r--r-- | inventory/byo/hosts.byo.glusterfs.external.example | 56 | ||||
-rw-r--r-- | inventory/byo/hosts.byo.glusterfs.mixed.example | 59 | ||||
-rw-r--r-- | inventory/byo/hosts.byo.glusterfs.native.example | 46 | ||||
-rw-r--r-- | inventory/byo/hosts.byo.glusterfs.registry-only.example | 52 | ||||
-rw-r--r-- | inventory/byo/hosts.byo.glusterfs.storage-and-registry.example | 63 | ||||
-rw-r--r-- | inventory/byo/hosts.origin.example | 162 | ||||
-rw-r--r-- | inventory/byo/hosts.ose.example | 163 |
7 files changed, 566 insertions, 35 deletions
diff --git a/inventory/byo/hosts.byo.glusterfs.external.example b/inventory/byo/hosts.byo.glusterfs.external.example new file mode 100644 index 000000000..5a284ce97 --- /dev/null +++ b/inventory/byo/hosts.byo.glusterfs.external.example @@ -0,0 +1,56 @@ +# This is an example of a bring your own (byo) host inventory for a cluster +# with natively hosted, containerized GlusterFS storage. +# +# This inventory may be used with the byo/config.yml playbook to deploy a new +# cluster with GlusterFS storage, which will use that storage to create a +# volume that will provide backend storage for a hosted Docker registry. +# +# This inventory may also be used with byo/openshift-glusterfs/config.yml to +# deploy GlusterFS storage on an existing cluster. With this playbook, the +# registry backend volume will be created but the administrator must then +# either deploy a hosted registry or change an existing hosted registry to use +# that volume. +# +# There are additional configuration parameters that can be specified to +# control the deployment and state of a GlusterFS cluster. Please see the +# documentation in playbooks/byo/openshift-glusterfs/README.md and +# roles/openshift_storage_glusterfs/README.md for additional details. + +[OSEv3:children] +masters +nodes +# Specify there will be GlusterFS nodes +glusterfs + +[OSEv3:vars] +ansible_ssh_user=root +openshift_deployment_type=origin +# Specify that we want to use an external GlusterFS cluster +openshift_storage_glusterfs_is_native=False +# Specify the IP address or hostname of the external heketi service +openshift_storage_glusterfs_heketi_url=172.0.0.1 + +[masters] +master + +[nodes] +master openshift_schedulable=False +node0 openshift_schedulable=True +node1 openshift_schedulable=True +node2 openshift_schedulable=True + +# Specify the glusterfs group, which contains the nodes of the external +# GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" +# and "glusterfs_devices" variables defined. +# +# The first variable indicates the hostname of the external GLusterFS node, +# and must be reachable by the external heketi service. +# +# The second variable is a list of block devices the node will have access to +# that are intended solely for use as GlusterFS storage. These block devices +# must be bare (e.g. have no data, not be marked as LVM PVs), and will be +# formatted. +[glusterfs] +node0.local glusterfs_ip='172.0.0.10' glusterfs_devices='[ "/dev/vdb" ]' +node1.local glusterfs_ip='172.0.0.11' glusterfs_devices='[ "/dev/vdb", "/dev/vdc" ]' +node2.local glusterfs_ip='172.0.0.11' glusterfs_devices='[ "/dev/vdd" ]' diff --git a/inventory/byo/hosts.byo.glusterfs.mixed.example b/inventory/byo/hosts.byo.glusterfs.mixed.example new file mode 100644 index 000000000..d16df6470 --- /dev/null +++ b/inventory/byo/hosts.byo.glusterfs.mixed.example @@ -0,0 +1,59 @@ +# This is an example of a bring your own (byo) host inventory for a cluster +# with natively hosted, containerized GlusterFS storage. +# +# This inventory may be used with the byo/config.yml playbook to deploy a new +# cluster with GlusterFS storage, which will use that storage to create a +# volume that will provide backend storage for a hosted Docker registry. +# +# This inventory may also be used with byo/openshift-glusterfs/config.yml to +# deploy GlusterFS storage on an existing cluster. With this playbook, the +# registry backend volume will be created but the administrator must then +# either deploy a hosted registry or change an existing hosted registry to use +# that volume. +# +# There are additional configuration parameters that can be specified to +# control the deployment and state of a GlusterFS cluster. Please see the +# documentation in playbooks/byo/openshift-glusterfs/README.md and +# roles/openshift_storage_glusterfs/README.md for additional details. + +[OSEv3:children] +masters +nodes +# Specify there will be GlusterFS nodes +glusterfs + +[OSEv3:vars] +ansible_ssh_user=root +openshift_deployment_type=origin +# Specify that we want to use an external GlusterFS cluster and a native +# heketi service +openshift_storage_glusterfs_is_native=False +openshift_storage_glusterfs_heketi_is_native=True +# Specify that heketi will use SSH to communicate to the GlusterFS nodes and +# the private key file it will use for authentication +openshift_storage_glusterfs_heketi_executor=ssh +openshift_storage_glusterfs_heketi_ssh_keyfile=/root/id_rsa +[masters] +master + +[nodes] +master openshift_schedulable=False +node0 openshift_schedulable=True +node1 openshift_schedulable=True +node2 openshift_schedulable=True + +# Specify the glusterfs group, which contains the nodes of the external +# GlusterFS cluster. At a minimum, each node must have "glusterfs_hostname" +# and "glusterfs_devices" variables defined. +# +# The first variable indicates the hostname of the external GLusterFS node, +# and must be reachable by the external heketi service. +# +# The second variable is a list of block devices the node will have access to +# that are intended solely for use as GlusterFS storage. These block devices +# must be bare (e.g. have no data, not be marked as LVM PVs), and will be +# formatted. +[glusterfs] +node0.local glusterfs_ip='172.0.0.10' glusterfs_devices='[ "/dev/vdb" ]' +node1.local glusterfs_ip='172.0.0.11' glusterfs_devices='[ "/dev/vdb", "/dev/vdc" ]' +node2.local glusterfs_ip='172.0.0.11' glusterfs_devices='[ "/dev/vdd" ]' diff --git a/inventory/byo/hosts.byo.glusterfs.native.example b/inventory/byo/hosts.byo.glusterfs.native.example new file mode 100644 index 000000000..c1a1f6f84 --- /dev/null +++ b/inventory/byo/hosts.byo.glusterfs.native.example @@ -0,0 +1,46 @@ +# This is an example of a bring your own (byo) host inventory for a cluster +# with natively hosted, containerized GlusterFS storage for applications. It +# will also autmatically create a StorageClass for this purpose. +# +# This inventory may be used with the byo/config.yml playbook to deploy a new +# cluster with GlusterFS storage. +# +# This inventory may also be used with byo/openshift-glusterfs/config.yml to +# deploy GlusterFS storage on an existing cluster. +# +# There are additional configuration parameters that can be specified to +# control the deployment and state of a GlusterFS cluster. Please see the +# documentation in playbooks/byo/openshift-glusterfs/README.md and +# roles/openshift_storage_glusterfs/README.md for additional details. + +[OSEv3:children] +masters +nodes +# Specify there will be GlusterFS nodes +glusterfs + +[OSEv3:vars] +ansible_ssh_user=root +openshift_deployment_type=origin + +[masters] +master + +[nodes] +master openshift_schedulable=False +# A hosted registry, by default, will only be deployed on nodes labeled +# "region=infra". +node0 openshift_schedulable=True +node1 openshift_schedulable=True +node2 openshift_schedulable=True + +# Specify the glusterfs group, which contains the nodes that will host +# GlusterFS storage pods. At a minimum, each node must have a +# "glusterfs_devices" variable defined. This variable is a list of block +# devices the node will have access to that is intended solely for use as +# GlusterFS storage. These block devices must be bare (e.g. have no data, not +# be marked as LVM PVs), and will be formatted. +[glusterfs] +node0 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node1 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node2 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' diff --git a/inventory/byo/hosts.byo.glusterfs.registry-only.example b/inventory/byo/hosts.byo.glusterfs.registry-only.example new file mode 100644 index 000000000..31a85ee42 --- /dev/null +++ b/inventory/byo/hosts.byo.glusterfs.registry-only.example @@ -0,0 +1,52 @@ +# This is an example of a bring your own (byo) host inventory for a cluster +# with natively hosted, containerized GlusterFS storage for exclusive use +# as storage for a natively hosted Docker registry. +# +# This inventory may be used with the byo/config.yml playbook to deploy a new +# cluster with GlusterFS storage, which will use that storage to create a +# volume that will provide backend storage for a hosted Docker registry. +# +# This inventory may also be used with byo/openshift-glusterfs/registry.yml to +# deploy GlusterFS storage on an existing cluster. With this playbook, the +# registry backend volume will be created but the administrator must then +# either deploy a hosted registry or change an existing hosted registry to use +# that volume. +# +# There are additional configuration parameters that can be specified to +# control the deployment and state of a GlusterFS cluster. Please see the +# documentation in playbooks/byo/openshift-glusterfs/README.md and +# roles/openshift_storage_glusterfs/README.md for additional details. + +[OSEv3:children] +masters +nodes +# Specify there will be GlusterFS nodes +glusterfs_registry + +[OSEv3:vars] +ansible_ssh_user=root +openshift_deployment_type=origin +# Specify that we want to use GlusterFS storage for a hosted registry +openshift_hosted_registry_storage_kind=glusterfs + +[masters] +master + +[nodes] +master openshift_schedulable=False +# A hosted registry, by default, will only be deployed on nodes labeled +# "region=infra". +node0 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +node1 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +node2 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True + +# Specify the glusterfs group, which contains the nodes that will host +# GlusterFS storage pods. At a minimum, each node must have a +# "glusterfs_devices" variable defined. This variable is a list of block +# devices the node will have access to that is intended solely for use as +# GlusterFS storage. These block devices must be bare (e.g. have no data, not +# be marked as LVM PVs), and will be formatted. +[glusterfs_registry] +node0 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node1 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node2 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' diff --git a/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example new file mode 100644 index 000000000..54bd89ddc --- /dev/null +++ b/inventory/byo/hosts.byo.glusterfs.storage-and-registry.example @@ -0,0 +1,63 @@ +# This is an example of a bring your own (byo) host inventory for a cluster +# with natively hosted, containerized GlusterFS storage for both general +# application use and a natively hosted Docker registry. It will also create a +# StorageClass for the general storage. +# +# This inventory may be used with the byo/config.yml playbook to deploy a new +# cluster with GlusterFS storage. +# +# This inventory may also be used with byo/openshift-glusterfs/config.yml to +# deploy GlusterFS storage on an existing cluster. With this playbook, the +# registry backend volume will be created but the administrator must then +# either deploy a hosted registry or change an existing hosted registry to use +# that volume. +# +# There are additional configuration parameters that can be specified to +# control the deployment and state of a GlusterFS cluster. Please see the +# documentation in playbooks/byo/openshift-glusterfs/README.md and +# roles/openshift_storage_glusterfs/README.md for additional details. + +[OSEv3:children] +masters +nodes +# Specify there will be GlusterFS nodes +glusterfs +glusterfs_registry + +[OSEv3:vars] +ansible_ssh_user=root +openshift_deployment_type=origin +# Specify that we want to use GlusterFS storage for a hosted registry +openshift_hosted_registry_storage_kind=glusterfs + +[masters] +master + +[nodes] +master openshift_schedulable=False +# It is recommended to not use a single cluster for both general and registry +# storage, so two three-node clusters will be required. +node0 openshift_schedulable=True +node1 openshift_schedulable=True +node2 openshift_schedulable=True +# A hosted registry, by default, will only be deployed on nodes labeled +# "region=infra". +node3 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +node4 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True +node5 openshift_node_labels="{'region': 'infra'}" openshift_schedulable=True + +# Specify the glusterfs group, which contains the nodes that will host +# GlusterFS storage pods. At a minimum, each node must have a +# "glusterfs_devices" variable defined. This variable is a list of block +# devices the node will have access to that is intended solely for use as +# GlusterFS storage. These block devices must be bare (e.g. have no data, not +# be marked as LVM PVs), and will be formatted. +[glusterfs] +node0 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node1 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node2 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' + +[glusterfs_registry] +node3 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node4 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' +node5 glusterfs_devices='[ "/dev/vdb", "/dev/vdc", "/dev/vdd" ]' diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index d61f033f8..de7493f71 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -10,6 +10,10 @@ nfs # Set variables common for all OSEv3 hosts [OSEv3:vars] +# Enable unsupported configurations, things that will yield a partially +# functioning cluster but would not be supported for production use +#openshift_enable_unsupported_configurations=false + # SSH user, this user should allow ssh based auth without requiring a # password. If using ssh key based auth, then the key should be managed by an # ssh agent. @@ -22,7 +26,7 @@ ansible_ssh_user=root # Debug level for all OpenShift components (Defaults to 2) debug_level=2 -# deployment type valid values are origin, online, atomic-enterprise and openshift-enterprise +# Specify the deployment type. Valid values are origin and openshift-enterprise. openshift_deployment_type=origin # Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we @@ -30,17 +34,28 @@ openshift_deployment_type=origin # use this to lookup the latest exact version of the container images, which is the tag actually used to configure # the cluster. For RPM installations we just verify the version detected in your configured repos matches this # release. -openshift_release=v1.5 +openshift_release=v3.6 # Specify an exact container image tag to install or configure. # WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. # This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_image_tag=v1.5.0 +#openshift_image_tag=v3.6.0 # Specify an exact rpm version to install or configure. # WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed. # This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_pkg_version=-1.5.0 +#openshift_pkg_version=-3.6.0 + +# This enables all the system containers except for docker: +#openshift_use_system_containers=False +# +# But you can choose separately each component that must be a +# system container: +# +#openshift_use_openvswitch_system_container=False +#openshift_use_node_system_container=False +#openshift_use_master_system_container=False +#openshift_use_etcd_system_container=False # Install the openshift examples #openshift_install_examples=true @@ -78,6 +93,18 @@ openshift_release=v1.5 #openshift_docker_blocked_registries=registry.hacker.com # Disable pushing to dockerhub #openshift_docker_disable_push_dockerhub=True +# Use Docker inside a System Container. Note that this is a tech preview and should +# not be used to upgrade! +# The following options for docker are ignored: +# - docker_version +# - docker_upgrade +# The following options must not be used +# - openshift_docker_options +#openshift_docker_use_system_container=False +# Force the registry to use for the system container. By default the registry +# will be built off of the deployment type and ansible_distribution. Only +# use this option if you are sure you know what you are doing! +#openshift_docker_systemcontainer_image_registry_override="registry.example.com" # Items added, as is, to end of /etc/sysconfig/docker OPTIONS # Default value: "--log-driver=journald" #openshift_docker_options="-l warn --ipv6=false" @@ -86,6 +113,11 @@ openshift_release=v1.5 # Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. # docker_version="1.12.1" +# Specify whether to run Docker daemon with SELinux enabled in containers. Default is True. +# Uncomment below to disable; for example if your kernel does not support the +# Docker overlay/overlay2 storage drivers with SELinux enabled. +#openshift_docker_selinux_enabled=False + # Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone. # docker_upgrade=False @@ -115,13 +147,18 @@ openshift_release=v1.5 # Alternate image format string, useful if you've got your own registry mirror +# Configure this setting just on node or master +#oreg_url_master=example.com/openshift3/ose-${component}:${version} +#oreg_url_node=example.com/openshift3/ose-${component}:${version} +# For setting the configuration globally #oreg_url=example.com/openshift3/ose-${component}:${version} # If oreg_url points to a registry other than registry.access.redhat.com we can # modify image streams to point at that registry by setting the following to true #openshift_examples_modify_imagestreams=true -# Origin copr repo +# OpenShift repository configuration #openshift_additional_repos=[{'id': 'openshift-origin-copr', 'name': 'OpenShift Origin COPR', 'baseurl': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/epel-7-$basearch/', 'enabled': 1, 'gpgcheck': 1, 'gpgkey': 'https://copr-be.cloud.fedoraproject.org/results/maxamillion/origin-next/pubkey.gpg'}] +#openshift_repos_enable_testing=false # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] @@ -175,6 +212,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # or #openshift_master_request_header_ca_file=<path to local ca file to use> +# CloudForms Management Engine (ManageIQ) App Install +# +# Enables installation of MIQ server. Recommended for dedicated +# clusters only. See roles/openshift_cfme/README.md for instructions +# and requirements. +#openshift_cfme_install_app=False + # Cloud Provider Configuration # # Note: You may make use of environment variables rather than store @@ -313,8 +357,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # router's default certificate. #openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} # -# Disable management of the OpenShift Router -#openshift_hosted_manage_router=false +# Manage the OpenShift Router +#openshift_hosted_manage_router=true # # Router sharding support has been added and can be achieved by supplying the correct # data to the inventory. The variable to house the data is openshift_hosted_routers @@ -333,7 +377,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # selector: type=router1 # images: "openshift3/ose-${component}:${version}" # edits: [] -# certificates: +# certificate: # certfile: /path/to/certificate/abc.crt # keyfile: /path/to/certificate/abc.key # cafile: /path/to/certificate/ca.crt @@ -347,7 +391,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # serviceaccount: router # selector: type=router2 # images: "openshift3/ose-${component}:${version}" -# certificates: +# certificate: # certfile: /path/to/certificate/xyz.crt # keyfile: /path/to/certificate/xyz.key # cafile: /path/to/certificate/ca.crt @@ -391,8 +435,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Validity of the auto-generated certificate in days (optional) #openshift_hosted_registry_cert_expire_days=730 # -# Disable management of the OpenShift Registry -#openshift_hosted_manage_registry=false +# Manage the OpenShift Registry +#openshift_hosted_manage_registry=true # Registry Storage Options # @@ -430,6 +474,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # S3 bucket must already exist. #openshift_hosted_registry_storage_kind=object #openshift_hosted_registry_storage_provider=s3 +#openshift_hosted_registry_storage_s3_encrypt=false +#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id #openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id #openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key #openshift_hosted_registry_storage_s3_bucket=bucket_name @@ -485,6 +531,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' #openshift_hosted_metrics_storage_volume_name=metrics #openshift_hosted_metrics_storage_volume_size=10Gi +#openshift_hosted_metrics_storage_labels={'storage': 'metrics'} # # Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on @@ -496,6 +543,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_metrics_storage_nfs_directory=/exports #openshift_hosted_metrics_storage_volume_name=metrics #openshift_hosted_metrics_storage_volume_size=10Gi +#openshift_hosted_metrics_storage_labels={'storage': 'metrics'} # # Option C - Dynamic -- If openshift supports dynamic volume provisioning for # your cloud platform use this. @@ -509,6 +557,14 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Currently, you may only alter the hostname portion of the url, alterting the # `/hawkular/metrics` path will break installation of metrics. #openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics +# Configure the prefix and version for the component images +#openshift_hosted_metrics_deployer_prefix=docker.io/openshift/origin- +#openshift_hosted_metrics_deployer_version=3.6.0 +# +# StorageClass +# openshift_storageclass_name=gp2 +# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': false} +# # Logging deployment # @@ -526,6 +582,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)' #openshift_hosted_logging_storage_volume_name=logging #openshift_hosted_logging_storage_volume_size=10Gi +#openshift_hosted_logging_storage_labels={'storage': 'logging'} # # Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on @@ -537,6 +594,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_logging_storage_nfs_directory=/exports #openshift_hosted_logging_storage_volume_name=logging #openshift_hosted_logging_storage_volume_size=10Gi +#openshift_hosted_logging_storage_labels={'storage': 'logging'} # # Option C - Dynamic -- If openshift supports dynamic volume provisioning for # your cloud platform use this. @@ -556,7 +614,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_logging_elasticsearch_cluster_size=1 # Configure the prefix and version for the component images #openshift_hosted_logging_deployer_prefix=docker.io/openshift/origin- -#openshift_hosted_logging_deployer_version=1.5.0 +#openshift_hosted_logging_deployer_version=3.6.0 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' @@ -568,10 +626,17 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # network blocks should be private and should not conflict with network blocks # in your infrastructure that pods may require access to. Can not be changed # after deployment. +# +# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of +# 172.17.0.0/16. Your installation will fail and/or your configuration change will +# cause the Pod SDN or Cluster SDN to fail. +# +# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting +# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS +# environment variable located in /etc/sysconfig/docker-network. #osm_cluster_network_cidr=10.128.0.0/14 #openshift_portal_net=172.30.0.0/16 - # ExternalIPNetworkCIDRs controls what values are acceptable for the # service external IP field. If empty, no externalIP may be set. It # may contain a list of CIDRs which are checked for access. If a CIDR @@ -662,7 +727,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_dns_ip=172.30.0.1 # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -688,6 +753,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Global Proxy Configuration # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment # variables for docker and master services. +# +# Hosts in the openshift_no_proxy list will NOT use any globally +# configured HTTP(S)_PROXYs. openshift_no_proxy accepts domains +# (.example.com), and hosts (example.com), and IP addresses. #openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT #openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT #openshift_no_proxy='.hosts.example.com,some-host.com' @@ -695,7 +764,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. # If all of your hosts share a common domain you may wish to disable this and -# specify that domain above. +# specify that domain above instead. +# +# For example, having hosts with FQDNs: m1.ex.com, n1.ex.com, and +# n2.ex.com, one would simply add '.ex.com' to the openshift_no_proxy +# variable (above) and set this value to False #openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects @@ -732,6 +805,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Or you may optionally define your own build overrides configuration serialized as json #openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}' +# Enable template service broker by specifying one of more namespaces whose +# templates will be served by the broker +#openshift_template_service_broker_namespaces=['openshift'] + # masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default #openshift_master_dynamic_provisioning_enabled=False @@ -751,19 +828,70 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_node_env_vars={"ENABLE_HTTP2": "true"} # Enable API service auditing, available as of 1.3 -#openshift_master_audit_config={"basicAuditEnabled": true} +#openshift_master_audit_config={"enabled": true} +# +# In case you want more advanced setup for the auditlog you can +# use this line. +# The directory in "auditFilePath" will be created if it's not +# exist +#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} # Enable origin repos that point at Centos PAAS SIG, defaults to true, only used # by deployment_type=origin #openshift_enable_origin_repo=false -# Validity of the auto-generated certificates in days. +# Validity of the auto-generated OpenShift certificates in days. # See also openshift_hosted_registry_cert_expire_days above. # #openshift_ca_cert_expire_days=1825 #openshift_node_cert_expire_days=730 #openshift_master_cert_expire_days=730 +# Validity of the auto-generated external etcd certificates in days. +# Controls validity for etcd CA, peer, server and client certificates. +# +#etcd_ca_default_days=1825 +# +# ServiceAccountConfig:LimitSecretRefences rejects pods that reference secrets their service accounts do not reference +# openshift_master_saconfig_limitsecretreferences=false + +# Upgrade Control +# +# By default nodes are upgraded in a serial manner one at a time and all failures +# are fatal, one set of variables for normal nodes, one set of variables for +# nodes that are part of control plane as the number of hosts may be different +# in those two groups. +#openshift_upgrade_nodes_serial=1 +#openshift_upgrade_nodes_max_fail_percentage=0 +#openshift_upgrade_control_plane_nodes_serial=1 +#openshift_upgrade_control_plane_nodes_max_fail_percentage=0 +# +# You can specify the number of nodes to upgrade at once. We do not currently +# attempt to verify that you have capacity to drain this many nodes at once +# so please be careful when specifying these values. You should also verify that +# the expected number of nodes are all schedulable and ready before starting an +# upgrade. If it's not possible to drain the requested nodes the upgrade will +# stall indefinitely until the drain is successful. +# +# If you're upgrading more than one node at a time you can specify the maximum +# percentage of failure within the batch before the upgrade is aborted. Any +# nodes that do fail are ignored for the rest of the playbook run and you should +# take care to investigate the failure and return the node to service so that +# your cluster. +# +# The percentage must exceed the value, this would fail on two failures +# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=49 +# where as this would not +# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=50 +# +# Multiple data migrations take place and if they fail they will fail the upgrade +# You may wish to disable these or make them non fatal +# +# openshift_upgrade_pre_storage_migration_enabled=true +# openshift_upgrade_pre_storage_migration_fatal==true +# openshift_upgrade_post_storage_migration_enabled=true +# openshift_upgrade_post_storage_migration_fatal==false + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 823d6f58f..62a364e0d 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -10,6 +10,10 @@ nfs # Set variables common for all OSEv3 hosts [OSEv3:vars] +# Enable unsupported configurations, things that will yield a partially +# functioning cluster but would not be supported for production use +#openshift_enable_unsupported_configurations=false + # SSH user, this user should allow ssh based auth without requiring a # password. If using ssh key based auth, then the key should be managed by an # ssh agent. @@ -22,7 +26,7 @@ ansible_ssh_user=root # Debug level for all OpenShift components (Defaults to 2) debug_level=2 -# deployment type valid values are origin, online, atomic-enterprise, and openshift-enterprise +# Specify the deployment type. Valid values are origin and openshift-enterprise. openshift_deployment_type=openshift-enterprise # Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we @@ -30,17 +34,28 @@ openshift_deployment_type=openshift-enterprise # use this to lookup the latest exact version of the container images, which is the tag actually used to configure # the cluster. For RPM installations we just verify the version detected in your configured repos matches this # release. -openshift_release=v3.5 +openshift_release=v3.6 # Specify an exact container image tag to install or configure. # WARNING: This value will be used for all hosts in containerized environments, even those that have another version installed. # This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_image_tag=v3.5.0 +#openshift_image_tag=v3.6.0 # Specify an exact rpm version to install or configure. # WARNING: This value will be used for all hosts in RPM based environments, even those that have another version installed. # This could potentially trigger an upgrade and downtime, so be careful with modifying this value after the cluster is set up. -#openshift_pkg_version=-3.5.0 +#openshift_pkg_version=-3.6.0 + +# This enables all the system containers except for docker: +#openshift_use_system_containers=False +# +# But you can choose separately each component that must be a +# system container: +# +#openshift_use_openvswitch_system_container=False +#openshift_use_node_system_container=False +#openshift_use_master_system_container=False +#openshift_use_etcd_system_container=False # Install the openshift examples #openshift_install_examples=true @@ -78,10 +93,27 @@ openshift_release=v3.5 #openshift_docker_blocked_registries=registry.hacker.com # Disable pushing to dockerhub #openshift_docker_disable_push_dockerhub=True +# Use Docker inside a System Container. Note that this is a tech preview and should +# not be used to upgrade! +# The following options for docker are ignored: +# - docker_version +# - docker_upgrade +# The following options must not be used +# - openshift_docker_options +#openshift_docker_use_system_container=False +# Force the registry to use for the system container. By default the registry +# will be built off of the deployment type and ansible_distribution. Only +# use this option if you are sure you know what you are doing! +#openshift_docker_systemcontainer_image_registry_override="registry.example.com" # Items added, as is, to end of /etc/sysconfig/docker OPTIONS # Default value: "--log-driver=journald" #openshift_docker_options="-l warn --ipv6=false" +# Specify whether to run Docker daemon with SELinux enabled in containers. Default is True. +# Uncomment below to disable; for example if your kernel does not support the +# Docker overlay/overlay2 storage drivers with SELinux enabled. +#openshift_docker_selinux_enabled=False + # Specify exact version of Docker to configure or upgrade to. # Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10. # docker_version="1.12.1" @@ -113,15 +145,19 @@ openshift_release=v3.5 # Tasks to run after each master is upgraded and system/services have been restarted. # openshift_master_upgrade_post_hook=/usr/share/custom/post_master.yml - # Alternate image format string, useful if you've got your own registry mirror +# Configure this setting just on node or master +#oreg_url_master=example.com/openshift3/ose-${component}:${version} +#oreg_url_node=example.com/openshift3/ose-${component}:${version} +# For setting the configuration globally #oreg_url=example.com/openshift3/ose-${component}:${version} # If oreg_url points to a registry other than registry.access.redhat.com we can # modify image streams to point at that registry by setting the following to true #openshift_examples_modify_imagestreams=true -# Additional yum repos to install +# OpenShift repository configuration #openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] +#openshift_repos_enable_testing=false # htpasswd auth openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] @@ -175,6 +211,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # or #openshift_master_request_header_ca_file=<path to local ca file to use> +# CloudForms Management Engine (ManageIQ) App Install +# +# Enables installation of MIQ server. Recommended for dedicated +# clusters only. See roles/openshift_cfme/README.md for instructions +# and requirements. +#openshift_cfme_install_app=False + # Cloud Provider Configuration # # Note: You may make use of environment variables rather than store @@ -313,8 +356,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # router's default certificate. #openshift_hosted_router_certificate={"certfile": "/path/to/router.crt", "keyfile": "/path/to/router.key", "cafile": "/path/to/router-ca.crt"} # -# Disable management of the OpenShift Router -#openshift_hosted_manage_router=false +# Manage the OpenShift Router (optional) +#openshift_hosted_manage_router=true # # Router sharding support has been added and can be achieved by supplying the correct # data to the inventory. The variable to house the data is openshift_hosted_routers @@ -333,7 +376,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # selector: type=router1 # images: "openshift3/ose-${component}:${version}" # edits: [] -# certificates: +# certificate: # certfile: /path/to/certificate/abc.crt # keyfile: /path/to/certificate/abc.key # cafile: /path/to/certificate/ca.crt @@ -347,7 +390,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # serviceaccount: router # selector: type=router2 # images: "openshift3/ose-${component}:${version}" -# certificates: +# certificate: # certfile: /path/to/certificate/xyz.crt # keyfile: /path/to/certificate/xyz.key # cafile: /path/to/certificate/ca.crt @@ -391,8 +434,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Validity of the auto-generated certificate in days (optional) #openshift_hosted_registry_cert_expire_days=730 # -# Disable management of the OpenShift Registry -#openshift_hosted_manage_registry=false +# Manage the OpenShift Registry (optional) +#openshift_hosted_manage_registry=true # Registry Storage Options # @@ -431,6 +474,8 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # S3 bucket must already exist. #openshift_hosted_registry_storage_kind=object #openshift_hosted_registry_storage_provider=s3 +#openshift_hosted_registry_storage_s3_encrypt=false +#openshift_hosted_registry_storage_s3_kmskeyid=aws_kms_key_id #openshift_hosted_registry_storage_s3_accesskey=aws_access_key_id #openshift_hosted_registry_storage_s3_secretkey=aws_secret_access_key #openshift_hosted_registry_storage_s3_bucket=bucket_name @@ -486,6 +531,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)' #openshift_hosted_metrics_storage_volume_name=metrics #openshift_hosted_metrics_storage_volume_size=10Gi +#openshift_hosted_metrics_storage_labels={'storage': 'metrics'} # # Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on @@ -497,6 +543,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_metrics_storage_nfs_directory=/exports #openshift_hosted_metrics_storage_volume_name=metrics #openshift_hosted_metrics_storage_volume_size=10Gi +#openshift_hosted_metrics_storage_labels={'storage': 'metrics'} # # Option C - Dynamic -- If openshift supports dynamic volume provisioning for # your cloud platform use this. @@ -510,6 +557,14 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Currently, you may only alter the hostname portion of the url, alterting the # `/hawkular/metrics` path will break installation of metrics. #openshift_hosted_metrics_public_url=https://hawkular-metrics.example.com/hawkular/metrics +# Configure the prefix and version for the component images +#openshift_hosted_metrics_deployer_prefix=registry.example.com:8888/openshift3/ +#openshift_hosted_metrics_deployer_version=3.6.0 +# +# StorageClass +# openshift_storageclass_name=gp2 +# openshift_storageclass_parameters={'type': 'gp2', 'encrypted': false} +# # Logging deployment # @@ -527,6 +582,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)' #openshift_hosted_logging_storage_volume_name=logging #openshift_hosted_logging_storage_volume_size=10Gi +#openshift_hosted_logging_storage_labels={'storage': 'logging'} # # Option B - External NFS Host # NFS volume must already exist with path "nfs_directory/_volume_name" on @@ -538,6 +594,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_logging_storage_nfs_directory=/exports #openshift_hosted_logging_storage_volume_name=logging #openshift_hosted_logging_storage_volume_size=10Gi +#openshift_hosted_logging_storage_labels={'storage': 'logging'} # # Option C - Dynamic -- If openshift supports dynamic volume provisioning for # your cloud platform use this. @@ -557,7 +614,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_logging_elasticsearch_cluster_size=1 # Configure the prefix and version for the component images #openshift_hosted_logging_deployer_prefix=registry.example.com:8888/openshift3/ -#openshift_hosted_logging_deployer_version=3.5.0 +#openshift_hosted_logging_deployer_version=3.6.0 # Configure the multi-tenant SDN plugin (default is 'redhat/openshift-ovs-subnet') # os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant' @@ -569,10 +626,17 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # network blocks should be private and should not conflict with network blocks # in your infrastructure that pods may require access to. Can not be changed # after deployment. +# +# WARNING : Do not pick subnets that overlap with the default Docker bridge subnet of +# 172.17.0.0/16. Your installation will fail and/or your configuration change will +# cause the Pod SDN or Cluster SDN to fail. +# +# WORKAROUND : If you must use an overlapping subnet, you can configure a non conflicting +# docker0 CIDR range by adding '--bip=192.168.2.1/24' to DOCKER_NETWORK_OPTIONS +# environment variable located in /etc/sysconfig/docker-network. #osm_cluster_network_cidr=10.128.0.0/14 #openshift_portal_net=172.30.0.0/16 - # ExternalIPNetworkCIDRs controls what values are acceptable for the # service external IP field. If empty, no externalIP may be set. It # may contain a list of CIDRs which are checked for access. If a CIDR @@ -663,7 +727,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_dns_ip=172.30.0.1 # Configure node kubelet arguments. pods-per-core is valid in OpenShift Origin 1.3 or OpenShift Container Platform 3.3 and later. -#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['90'], 'image-gc-low-threshold': ['80']} +#openshift_node_kubelet_args={'pods-per-core': ['10'], 'max-pods': ['250'], 'image-gc-high-threshold': ['85'], 'image-gc-low-threshold': ['80']} # Configure logrotate scripts # See: https://github.com/nickhammond/ansible-logrotate @@ -689,6 +753,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Global Proxy Configuration # These options configure HTTP_PROXY, HTTPS_PROXY, and NOPROXY environment # variables for docker and master services. +# +# Hosts in the openshift_no_proxy list will NOT use any globally +# configured HTTP(S)_PROXYs. openshift_no_proxy accepts domains +# (.example.com), hosts (example.com), and IP addresses. #openshift_http_proxy=http://USER:PASSWORD@IPADDR:PORT #openshift_https_proxy=https://USER:PASSWORD@IPADDR:PORT #openshift_no_proxy='.hosts.example.com,some-host.com' @@ -696,7 +764,11 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Most environments don't require a proxy between openshift masters, nodes, and # etcd hosts. So automatically add those hostnames to the openshift_no_proxy list. # If all of your hosts share a common domain you may wish to disable this and -# specify that domain above. +# specify that domain above instead. +# +# For example, having hosts with FQDNs: m1.ex.com, n1.ex.com, and +# n2.ex.com, one would simply add '.ex.com' to the openshift_no_proxy +# variable (above) and set this value to False #openshift_generate_no_proxy_hosts=True # # These options configure the BuildDefaults admission controller which injects @@ -733,6 +805,10 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Or you may optionally define your own build overrides configuration serialized as json #openshift_buildoverrides_json='{"BuildOverrides":{"configuration":{"apiVersion":"v1","kind":"BuildDefaultsConfig","forcePull":"true"}}}' +# Enable template service broker by specifying one of more namespaces whose +# templates will be served by the broker +#openshift_template_service_broker_namespaces=['openshift'] + # masterConfig.volumeConfig.dynamicProvisioningEnabled, configurable as of 1.2/3.2, enabled by default #openshift_master_dynamic_provisioning_enabled=False @@ -752,15 +828,66 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_node_env_vars={"ENABLE_HTTP2": "true"} # Enable API service auditing, available as of 3.2 -#openshift_master_audit_config={"basicAuditEnabled": true} +#openshift_master_audit_config={"enabled": true} +# +# In case you want more advanced setup for the auditlog you can +# use this line. +# The directory in "auditFilePath" will be created if it's not +# exist +#openshift_master_audit_config={"enabled": true, "auditFilePath": "/var/log/openpaas-oscp-audit/openpaas-oscp-audit.log", "maximumFileRetentionDays": 14, "maximumFileSizeMegabytes": 500, "maximumRetainedFiles": 5} -# Validity of the auto-generated certificates in days. +# Validity of the auto-generated OpenShift certificates in days. # See also openshift_hosted_registry_cert_expire_days above. # #openshift_ca_cert_expire_days=1825 #openshift_node_cert_expire_days=730 #openshift_master_cert_expire_days=730 +# Validity of the auto-generated external etcd certificates in days. +# Controls validity for etcd CA, peer, server and client certificates. +# +#etcd_ca_default_days=1825 +# +# ServiceAccountConfig:LimitSecretRefences rejects pods that reference secrets their service accounts do not reference +# openshift_master_saconfig_limitsecretreferences=false + +# Upgrade Control +# +# By default nodes are upgraded in a serial manner one at a time and all failures +# are fatal, one set of variables for normal nodes, one set of variables for +# nodes that are part of control plane as the number of hosts may be different +# in those two groups. +#openshift_upgrade_nodes_serial=1 +#openshift_upgrade_nodes_max_fail_percentage=0 +#openshift_upgrade_control_plane_nodes_serial=1 +#openshift_upgrade_control_plane_nodes_max_fail_percentage=0 +# +# You can specify the number of nodes to upgrade at once. We do not currently +# attempt to verify that you have capacity to drain this many nodes at once +# so please be careful when specifying these values. You should also verify that +# the expected number of nodes are all schedulable and ready before starting an +# upgrade. If it's not possible to drain the requested nodes the upgrade will +# stall indefinitely until the drain is successful. +# +# If you're upgrading more than one node at a time you can specify the maximum +# percentage of failure within the batch before the upgrade is aborted. Any +# nodes that do fail are ignored for the rest of the playbook run and you should +# take care to investigate the failure and return the node to service so that +# your cluster. +# +# The percentage must exceed the value, this would fail on two failures +# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=49 +# where as this would not +# openshift_upgrade_nodes_serial=4 openshift_upgrade_nodes_max_fail_percentage=50 +# +# Multiple data migrations take place and if they fail they will fail the upgrade +# You may wish to disable these or make them non fatal +# +# openshift_upgrade_pre_storage_migration_enabled=true +# openshift_upgrade_pre_storage_migration_fatal==true +# openshift_upgrade_post_storage_migration_enabled=true +# openshift_upgrade_post_storage_migration_fatal==false + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com |