-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathonlyActiveinventory.yaml
143 lines (143 loc) · 6.44 KB
/
onlyActiveinventory.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
all:
vars:
cluster_name: omar-cluster
base_dns_domain: pool5.redhat.lab
openshift_full_version: 4.9.0
api_vip: 10.1.198.140 # the IP address to be used for api.clustername.example.lab and api-int.clustername.example.lab
ingress_vip: 10.1.198.141 # the IP address to be used for *.apps.clustername.example.lab
vip_dhcp_allocation: false
machine_network_cidr: 10.1.198.128/28
service_network_cidr: 172.30.0.0/16
cluster_network_cidr: 10.128.0.0/14 # The subnet, internal to the cluster, on which pods will be assigned IPs
cluster_network_host_prefix: 23 # The subnet prefix length to assign to each individual node.
network_type: OVNKubernetes
setup_ntp_service: true
setup_dns_service: true
setup_pxe_service: false
setup_registry_service: false # Only required for a Restricted Network installation
setup_http_store_service: true
setup_assisted_installer: true # default is true you may wish to turn it off if multiple users are using the same instance.
ntp_server: 10.1.198.131
ntp_server_allow: 10.1.198.128/28 # not required if setup_ntp_service is false
use_local_mirror_registry: false
discovery_iso_name: "discovery/{{ cluster_name }}/discovery-image.iso"
discovery_iso_server: "http://{{ hostvars['http_store']['ansible_host'] }}"
repo_root_path: /home/mano/crucible/ # path to repository root
fetched_dest: "{{ repo_root_path }}/fetched"
pull_secret_lookup_paths:
- "{{ fetched_dest }}/pull-secret.txt"
- "{{ repo_root_path }}/pull-secret.txt"
ssh_public_key_lookup_paths:
- "{{ fetched_dest }}/ssh_keys/{{ cluster_name }}.pub"
- "{{ repo_root_path }}/ssh_public_key.pub"
- ~/.ssh/id_rsa.pub
ssh_key_dest_base_dir: /home/mano
kubeconfig_dest_dir: /home/mano/
kubeconfig_dest_filename: "{{ cluster_name }}-kubeconfig"
kubeadmin_dest_filename: "{{ cluster_name }}-kubeadmin.vault.yml"
local_pull_secret_path: "{{ lookup('first_found', pull_secret_lookup_paths) }}"
pull_secret: "{{ lookup('file', local_pull_secret_path) }}"
local_ssh_public_key_path: "{{ lookup('first_found', ssh_public_key_lookup_paths) }}"
ssh_public_key: "{{ lookup('file', local_ssh_public_key_path) }}"
local_mirror_certificate_path: "{{ (setup_registry_service == true) | ternary(
fetched_dest + '/' + (hostvars['registry_host']['cert_file_prefix'] | default('registry')) + '.crt',
repo_root_path + '/mirror_certificate.txt')
}}"
mirror_certificate: "{{ lookup('file', local_mirror_certificate_path) }}"
openshift_version: "{{ openshift_full_version.split('.')[:2] | join('.') }}"
is_valid_single_node_openshift_config: "{{ (groups['nodes'] | length == 1) and (groups['masters'] | length == 1) }}"
children:
bastions: # n.b. Currently only a single bastion is supported
hosts:
bastion:
ansible_host: 10.1.198.131 # Must be reachable from the Ansible control node
ansible_connection: local # if your are not running crucible from the bastion then remove this line
services:
hosts:
assisted_installer:
ansible_host: 10.1.198.131
host: 10.1.198.131
port: 8090 # Do not change
registry_host:
ansible_host: 10.1.198.131
registry_port: 5000
registry_fqdn: registry.example.lab # use in case of different FQDN for the cert
cert_common_name: "{{ registry_fqdn }}"
cert_country: US
cert_locality: Raleigh
cert_organization: Red Hat, Inc.
cert_organizational_unit: Lab
cert_state: NC
REGISTRY_HTTP_SECRET: "{{ VAULT_REGISTRY_HOST_REGISTRY_HTTP_SECRET | mandatory }}"
disconnected_registry_user: "{{ VAULT_REGISTRY_HOST_DISCONNECTED_REGISTRY_USER | mandatory }}"
disconnected_registry_password: "{{ VAULT_REGISTRY_HOST_DISCONNECTED_REGISTRY_PASSWORD | mandatory }}"
dns_host:
ansible_host: 10.1.198.131
upstream_dns: 8.8.8.8 # an optional upstream dns server
listen_addresses:
- 10.1.198.131
http_store:
ansible_host: 10.1.198.131
tftp_host:
ansible_host: 10.1.198.131
tftp_directory: /var/lib/tftpboot/
ntp_host:
ansible_host: 10.1.198.131
vm_hosts:
hosts:
vm_host1: # Required for using "KVM" nodes, ignored if not.
destroy_vms: true
ansible_user: root
ansible_host: 10.1.196.56
host_ip_keyword: ansible_host # the varname in the KVM node hostvars which contains the *IP* of the VM
images_dir: /home/images # directory where qcow images will be placed.
vm_bridge_ip: 10.1.198.129 # IP for the bridge between VMs and machine network
vm_bridge_interface: if-vlan308 # Interface to be connected to the bridge. DO NOT use your primary interface.
dns: 10.1.198.131 # DNS used by the bridge
vm_bridge_name: if-br308
network_name: br308
cert_vars_host_var_key: registry_host # Look up cert values from another host by name (excluding cert_common_name)
nodes:
vars:
bmc_user: "{{ VAULT_NODES_BMC_USER | mandatory }}"
bmc_password: "{{ VAULT_NODES_BMC_PASSWORD | mandatory }}"
dns1: 10.1.198.131
gateway: 10.1.198.142
mask: 28
network_config:
interfaces:
- name: enp1s0
type: ethernet
mac: "{{ mac }}"
state: up
addresses:
ipv4:
- ip: "{{ ansible_host }}"
prefix: "{{ mask }}"
dns_server_ips:
- "{{ dns1 }}"
routes:
- destinations: 0.0.0.0/0
address: "{{ gateway }}"
interface: enp1s0
children:
masters:
vars:
role: master
vendor: KVM # this example is a virtual control plane
bmc_address: "10.1.196.56:8082" # port can be changed using sushy_tools_port on the vm_host
vm_host: vm_host1
vm_spec:
cpu_cores: 4
ram_mib: 16384
disk_size_gb: 100
hosts:
master1:
ansible_host: 10.1.198.132
mac: "DE:AD:BE:EF:C0:2C"
master2:
ansible_host: 10.1.198.133
mac: "DE:AD:BE:EF:C0:2D"
master3:
ansible_host: 10.1.198.134
mac: "DE:AD:BE:EF:C0:2E"