1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
---
# openshift_master_defaults_in_use is a workaround to detect if we are consuming
# the plays from the role or outside of the role.
openshift_master_defaults_in_use: True
openshift_master_debug_level: "{{ debug_level | default(2) }}"
r_openshift_master_firewall_enabled: "{{ os_firewall_enabled | default(True) }}"
r_openshift_master_use_firewalld: "{{ os_firewall_use_firewalld | default(False) }}"
osm_image_default_dict:
origin: 'openshift/origin'
openshift-enterprise: 'openshift3/ose'
osm_image_default: "{{ osm_image_default_dict[openshift_deployment_type] }}"
osm_image: "{{ osm_image_default }}"
system_images_registry_dict:
openshift-enterprise: "registry.access.redhat.com"
origin: "docker.io"
system_images_registry: "{{ system_images_registry_dict[openshift_deployment_type | default('origin')] }}"
l_is_master_system_container: "{{ (openshift_use_master_system_container | default(openshift_use_system_containers | default(false)) | bool) }}"
openshift_master_dns_port: 8053
osm_default_node_selector: ''
osm_project_request_template: ''
osm_mcs_allocator_range: 's0:/2'
osm_mcs_labels_per_project: 5
osm_uid_allocator_range: '1000000000-1999999999/10000'
osm_project_request_message: ''
openshift_node_ips: []
r_openshift_master_clean_install: false
r_openshift_master_etcd3_storage: false
r_openshift_master_os_firewall_enable: true
r_openshift_master_os_firewall_deny: []
default_r_openshift_master_os_firewall_allow:
- service: api server https
port: "{{ openshift.master.api_port }}/tcp"
- service: api controllers https
port: "{{ openshift.master.controllers_port }}/tcp"
- service: skydns tcp
port: "{{ openshift_master_dns_port }}/tcp"
- service: skydns udp
port: "{{ openshift_master_dns_port }}/udp"
- service: etcd embedded
port: 4001/tcp
cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
r_openshift_master_os_firewall_allow: "{{ default_r_openshift_master_os_firewall_allow | union(openshift_master_open_ports | default([])) }}"
# oreg_url is defined by user input
oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_url.split('/')[0]) else '' }}"
oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker"
oreg_auth_credentials_replace: False
l_bind_docker_reg_auth: False
openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False) | bool) or (openshift_use_crio_only | default(False)) }}"
containerized_svc_dir: "/usr/lib/systemd/system"
ha_svc_template_path: "native-cluster"
openshift_docker_service_name: "{{ 'container-engine' if (openshift_docker_use_system_container | default(False) | bool) else 'docker' }}"
openshift_master_loopback_config: "{{ openshift_master_config_dir }}/openshift-master.kubeconfig"
loopback_context_string: "current-context: {{ openshift.master.loopback_context_name }}"
openshift_master_session_secrets_file: "{{ openshift_master_config_dir }}/session-secrets.yaml"
openshift_master_policy: "{{ openshift_master_config_dir }}/policy.json"
scheduler_config:
kind: Policy
apiVersion: v1
predicates: "{{ openshift_master_scheduler_predicates
| default(openshift_master_scheduler_current_predicates
| default(openshift_master_scheduler_default_predicates)) }}"
priorities: "{{ openshift_master_scheduler_priorities
| default(openshift_master_scheduler_current_priorities
| default(openshift_master_scheduler_default_priorities)) }}"
openshift_master_valid_grant_methods:
- auto
- prompt
- deny
openshift_master_is_scaleup_host: False
# openshift_master_oauth_template is deprecated. Should be added to deprecations
# and removed.
openshift_master_oauth_template: False
openshift_master_oauth_templates_default:
login: "{{ openshift_master_oauth_template }}"
openshift_master_oauth_templates: "{{ openshift_master_oauth_template | ternary(openshift_master_oauth_templates_default, False) }}"
# Here we combine openshift_master_oath_template into 'login' key of openshift_master_oath_templates, if not present.
l_openshift_master_oauth_templates: "{{ openshift_master_oauth_templates | default(openshift_master_oauth_templates_default) }}"
# These defaults assume forcing journald persistence, fsync to disk once
# a second, rate-limiting to 10,000 logs a second, no forwarding to
# syslog or wall, using 8GB of disk space maximum, using 10MB journal
# files, keeping only a days worth of logs per journal file, and
# retaining journal files no longer than a month.
journald_vars_to_replace:
- { var: Storage, val: persistent }
- { var: Compress, val: yes }
- { var: SyncIntervalSec, val: 1s }
- { var: RateLimitInterval, val: 1s }
- { var: RateLimitBurst, val: 10000 }
- { var: SystemMaxUse, val: 8G }
- { var: SystemKeepFree, val: 20% }
- { var: SystemMaxFileSize, val: 10M }
- { var: MaxRetentionSec, val: 1month }
- { var: MaxFileSec, val: 1day }
- { var: ForwardToSyslog, val: no }
- { var: ForwardToWall, val: no }
# NOTE
# r_openshift_master_*_default may be defined external to this role.
# openshift_use_*, if defined, may affect other roles or play behavior.
r_openshift_master_use_openshift_sdn_default: "{{ openshift_use_openshift_sdn | default(True) }}"
r_openshift_master_use_openshift_sdn: "{{ r_openshift_master_use_openshift_sdn_default }}"
r_openshift_master_use_nuage_default: "{{ openshift_use_nuage | default(False) }}"
r_openshift_master_use_nuage: "{{ r_openshift_master_use_nuage_default }}"
r_openshift_master_use_contiv_default: "{{ openshift_use_contiv | default(False) }}"
r_openshift_master_use_contiv: "{{ r_openshift_master_use_contiv_default }}"
r_openshift_master_use_kuryr_default: "{{ openshift_use_kuryr | default(False) }}"
r_openshift_master_use_kuryr: "{{ r_openshift_master_use_kuryr_default }}"
r_openshift_master_data_dir_default: "{{ openshift_data_dir | default('/var/lib/origin') }}"
r_openshift_master_data_dir: "{{ r_openshift_master_data_dir_default }}"
r_openshift_master_sdn_network_plugin_name_default: "{{ os_sdn_network_plugin_name | default('redhat/openshift-ovs-subnet') }}"
r_openshift_master_sdn_network_plugin_name: "{{ r_openshift_master_sdn_network_plugin_name_default }}"
openshift_master_image_config_latest_default: "{{ openshift_image_config_latest | default(False) }}"
openshift_master_image_config_latest: "{{ openshift_master_image_config_latest_default }}"
openshift_master_config_dir_default: "{{ openshift.common.config_base ~ '/master' if openshift is defined and 'common' in openshift else '/etc/origin/master' }}"
openshift_master_config_dir: "{{ openshift_master_config_dir_default }}"
openshift_master_bootstrap_enabled: False
openshift_master_csr_sa: node-bootstrapper
openshift_master_csr_namespace: openshift-infra
openshift_master_config_file: "{{ openshift_master_config_dir }}/master-config.yaml"
openshift_master_scheduler_conf: "{{ openshift_master_config_dir }}/scheduler.json"
|
