---
# openshift_master_defaults_in_use is a workaround to detect if we are consuming
# the plays from the role or outside of the role.
openshift_master_defaults_in_use: True
openshift_master_debug_level: "{{ debug_level | default(2) }}"

r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"

osm_image_default_dict:
  origin: 'openshift/origin'
  openshift-enterprise: 'openshift3/ose'
osm_image_default: "{{ osm_image_default_dict[openshift_deployment_type] }}"
osm_image: "{{ osm_image_default }}"

system_images_registry_dict:
  openshift-enterprise: "registry.access.redhat.com"
  origin: "docker.io"

system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}"

l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}"

openshift_master_dns_port: 8053
osm_default_node_selector: ''
osm_project_request_template: ''
osm_mcs_allocator_range: 's0:/2'
osm_mcs_labels_per_project: 5
osm_uid_allocator_range: '1000000000-1999999999/10000'
osm_project_request_message: ''

openshift_node_ips: []
r_openshift_master_clean_install: false
r_openshift_master_etcd3_storage: false
r_openshift_master_os_firewall_enable: true
r_openshift_master_os_firewall_deny: []
default_r_openshift_master_os_firewall_allow:
- service: api server https
  port: "{{ openshift.master.api_port }}/tcp"
- service: api controllers https
  port: "{{ openshift.master.controllers_port }}/tcp"
- service: skydns tcp
  port: "{{ openshift_master_dns_port }}/tcp"
- service: skydns udp
  port: "{{ openshift_master_dns_port }}/udp"
- service: etcd embedded
  port: 4001/tcp
  cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"

# oreg_url is defined by user input
oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
oreg_auth_credentials_replace: False
l_bind_docker_reg_auth: False
openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}"

containerized_svc_dir: "/usr/lib/systemd/system"
ha_svc_template_path: "native-cluster"

openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"

openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig"
loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}"
openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"

scheduler_config:
  kind: Policy
  apiVersion: v1
  predicates: "{{ openshift_master_scheduler_predicates
                  | default(openshift_master_scheduler_current_predicates
                            | default(openshift_master_scheduler_default_predicates)) }}"
  priorities: "{{ openshift_master_scheduler_priorities
                  | default(openshift_master_scheduler_current_priorities
                            | default(openshift_master_scheduler_default_priorities)) }}"

openshift_master_valid_grant_methods:
- auto
- prompt
- deny

openshift_master_is_scaleup_host: False

# openshift_master_oauth_template is deprecated.  Should be added to deprecations
# and removed.
openshift_master_oauth_template: False
openshift_master_oauth_templates_default:
  login: "{{ openshift_master_oauth_template }}"
openshift_master_oauth_templates: "{{ openshift_master_oauth_template | ternary(openshift_master_oauth_templates_default, False) }}"
# Here we combine openshift_master_oath_template into 'login' key of openshift_master_oath_templates, if not present.
l_openshift_master_oauth_templates: "{{ openshift_master_oauth_templates | default(openshift_master_oauth_templates_default) }}"

# These defaults assume forcing journald persistence, fsync to disk once
# a second, rate-limiting to 10,000 logs a second, no forwarding to
# syslog or wall, using 8GB of disk space maximum, using 10MB journal
# files, keeping only a days worth of logs per journal file, and
# retaining journal files no longer than a month.
journald_vars_to_replace:
- { var: Storage, val: persistent }
- { var: Compress, val: yes }
- { var: SyncIntervalSec, val: 1s }
- { var: RateLimitInterval, val: 1s }
- { var: RateLimitBurst, val: 10000 }
- { var: SystemMaxUse, val: 8G }
- { var: SystemKeepFree, val: 20% }
- { var: SystemMaxFileSize, val: 10M }
- { var: MaxRetentionSec, val: 1month }
- { var: MaxFileSec, val: 1day }
- { var: ForwardToSyslog, val: no }
- { var: ForwardToWall, val: no }


# NOTE
# r_openshift_master_*_default may be defined external to this role.
# openshift_use_*, if defined, may affect other roles or play behavior.
r_openshift_master_use_openshift_sdn_default: "{{ openshift_use_openshift_sdn | default(True) }}"
r_openshift_master_use_openshift_sdn: "{{ r_openshift_master_use_openshift_sdn_default }}"

r_openshift_master_use_nuage_default: "{{ openshift_use_nuage | default(False) }}"
r_openshift_master_use_nuage: "{{ r_openshift_master_use_nuage_default }}"

r_openshift_master_use_contiv_default: "{{ openshift_use_contiv | default(False) }}"
r_openshift_master_use_contiv: "{{ r_openshift_master_use_contiv_default }}"

r_openshift_master_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}"
r_openshift_master_use_kuryr: "{{ r_openshift_master_use_kuryr_default }}"

r_openshift_master_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}"
r_openshift_master_data_dir: "{{ r_openshift_master_data_dir_default }}"

r_openshift_master_sdn_network_plugin_name_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}"
r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_plugin_name_default }}"

openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}"

openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}"
openshift_master_config_dir: "{{ openshift_master_config_dir_default }}"

openshift_master_bootstrap_enabled: False

openshift_master_csr_sa: node-bootstrapper
openshift_master_csr_namespace: openshift-infra

openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"