blob: bd96965ac699c3d3157b73f28d4253c57eaa9689 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
---
docker_cli_auth_config_path: '/root/.docker'
openshift_docker_signature_verification: False
repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}"
openshift_docker_alternative_creds: False
# oreg_url is defined by user input.
oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
oreg_auth_credentials_replace: False
openshift_docker_use_system_container: False
openshift_docker_disable_push_dockerhub: False # bool
openshift_docker_selinux_enabled: True
openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False)) else 'docker' }}"
openshift_docker_hosted_registry_insecure: False # bool
openshift_docker_hosted_registry_network_default: "{{ openshift_portal_net | default(False) }}"
openshift_docker_hosted_registry_network: "{{ openshift_docker_hosted_registry_network_default }}"
openshift_docker_additional_registries: []
openshift_docker_blocked_registries: []
openshift_docker_insecure_registries: []
openshift_docker_ent_reg: 'registry.access.redhat.com'
openshift_docker_options: False # str
openshift_docker_log_driver: False # str
openshift_docker_log_options: []
# The l2_docker_* variables convert csv strings to lists, if
# necessary. These variables should be used in place of their respective
# openshift_docker_* counterparts to ensure the properly formatted lists are
# utilized.
l2_docker_additional_registries: "{% if openshift_docker_additional_registries is string %}{% if openshift_docker_additional_registries == '' %}[]{% elif ',' in openshift_docker_additional_registries %}{{ openshift_docker_additional_registries.split(',') | list }}{% else %}{{ [ openshift_docker_additional_registries ] }}{% endif %}{% else %}{{ openshift_docker_additional_registries }}{% endif %}"
l2_docker_blocked_registries: "{% if openshift_docker_blocked_registries is string %}{% if openshift_docker_blocked_registries == '' %}[]{% elif ',' in openshift_docker_blocked_registries %}{{ openshift_docker_blocked_registries.split(',') | list }}{% else %}{{ [ openshift_docker_blocked_registries ] }}{% endif %}{% else %}{{ openshift_docker_blocked_registries }}{% endif %}"
l2_docker_insecure_registries: "{% if openshift_docker_insecure_registries is string %}{% if openshift_docker_insecure_registries == '' %}[]{% elif ',' in openshift_docker_insecure_registries %}{{ openshift_docker_insecure_registries.split(',') | list }}{% else %}{{ [ openshift_docker_insecure_registries ] }}{% endif %}{% else %}{{ openshift_docker_insecure_registries }}{% endif %}"
l2_docker_log_options: "{% if openshift_docker_log_options is string %}{% if ',' in openshift_docker_log_options %}{{ openshift_docker_log_options.split(',') | list }}{% else %}{{ [ openshift_docker_log_options ] }}{% endif %}{% else %}{{ openshift_docker_log_options }}{% endif %}"
openshift_docker_use_etc_containers: False
containers_registries_conf_path: /etc/containers/registries.conf
r_crio_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_crio_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
r_crio_os_firewall_deny: []
r_crio_os_firewall_allow:
- service: crio
port: 10010/tcp
openshift_docker_is_node_or_master: "{{ True if inventory_hostname in (groups['oo_masters_to_config']|default([])) or inventory_hostname in (groups['oo_nodes_to_config']|default([])) else False | bool }}"
docker_alt_storage_path: /var/lib/containers/docker
docker_default_storage_path: /var/lib/docker
# Set local versions of facts that must be in json format for container-daemon.json
# NOTE: When jinja2.9+ is used the container-daemon.json file can move to using tojson
l_docker_log_options: "{{ l2_docker_log_options | to_json }}"
l_docker_additional_registries: "{{ l2_docker_additional_registries | to_json }}"
l_docker_blocked_registries: "{{ l2_docker_blocked_registries | to_json }}"
l_docker_insecure_registries: "{{ l2_docker_insecure_registries | to_json }}"
l_docker_selinux_enabled: "{{ openshift_docker_selinux_enabled | to_json }}"
docker_http_proxy: "{{ openshift_http_proxy | default('') }}"
docker_https_proxy: "{{ openshift.common.https_proxy | default('') }}"
docker_no_proxy: "{{ openshift.common.no_proxy | default('') }}"
openshift_use_crio: False
openshift_use_crio_only: False
l_openshift_image_tag_default: "{{ openshift_release | default('latest') }}"
l_openshift_image_tag: "{{ openshift_image_tag | default(l_openshift_image_tag_default) | string}}"
# --------------------- #
# systemcontainers_crio #
# --------------------- #
l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}"
l_crio_registries: "{{ l2_docker_additional_registries + ['docker.io'] }}"
l_additional_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l_crio_registries)) }}"
openshift_crio_image_tag_default: "latest"
l_crt_crio_image_tag_dict:
openshift-enterprise: "{{ l_openshift_image_tag }}"
origin: "{{ openshift_crio_image_tag | default(openshift_crio_image_tag_default) }}"
l_crt_crio_image_prepend_dict:
openshift-enterprise: "registry.access.redhat.com/openshift3"
origin: "docker.io/gscrivano"
l_crt_crio_image_dict:
Fedora:
crio_image_name: "cri-o-fedora"
crio_image_tag: "latest"
CentOS:
crio_image_name: "cri-o-centos"
crio_image_tag: "latest"
RedHat:
crio_image_name: "cri-o"
crio_image_tag: "{{ openshift_crio_image_tag | default(l_crt_crio_image_tag_dict[openshift_deployment_type]) }}"
l_crio_image_prepend: "{{ l_crt_crio_image_prepend_dict[openshift_deployment_type] }}"
l_crio_image_name: "{{ l_crt_crio_image_dict[ansible_distribution]['crio_image_name'] }}"
l_crio_image_tag: "{{ l_crt_crio_image_dict[ansible_distribution] }}"
l_crio_image_default: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:{{ l_crio_image_tag }}"
l_crio_image: "{{ openshift_crio_systemcontainer_image_override | default(l_crio_image_default) }}"
# ----------------------- #
# systemcontainers_docker #
# ----------------------- #
l_crt_docker_image_prepend_dict:
Fedora: "registry.fedoraproject.org/f25"
Centos: "docker.io/gscrivano"
RedHat: "registry.access.redhat.com/openshift3"
openshift_docker_image_tag_default: "latest"
l_crt_docker_image_tag_dict:
openshift-enterprise: "{{ l_openshift_image_tag }}"
origin: "{{ openshift_docker_image_tag | default(openshift_docker_image_tag_default) }}"
l_docker_image_prepend: "{{ l_crt_docker_image_prepend_dict[ansible_distribution] }}"
l_docker_image_tag: "{{ l_crt_docker_image_tag_dict[openshift_deployment_type] }}"
l_docker_image_default: "{{ l_docker_image_prepend }}/{{ openshift_docker_service_name }}:{{ l_docker_image_tag }}"
l_docker_image: "{{ openshift_docker_systemcontainer_image_override | default(l_docker_image_default) }}"
|
