Last active
December 11, 2015 13:52
-
-
Save FlorianOtel/5e1290cedf7cea386868 to your computer and use it in GitHub Desktop.
OSEv3 Ansible -- advanced install with redhat/openshift-ovs-multitenant plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create an OSEv3 group that contains the masters, nodes, and etcd groups | |
| [OSEv3:children] | |
| masters | |
| nodes | |
| etcd | |
| # Set variables common for all OSEv3 hosts | |
| [OSEv3:vars] | |
| ansible_ssh_user=root | |
| deployment_type=openshift-enterprise | |
| os_sdn_network_plugin_name=redhat/openshift-ovs-multitenant | |
| # uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider | |
| #openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/htpasswd'}] | |
| # host group for masters | |
| [masters] | |
| osev31-master1.mydomain.internal openshift_public_ip=MM.MM.MM.MM | |
| # host group for etcd | |
| [etcd] | |
| osev31-etcd1.mydomain.internal openshift_public_ip=E1.E1.E1.E1 | |
| osev31-etcd2.mydomain.internal openshift_public_ip=E2.E2.E2.E2 | |
| osev31-etcd3.mydomain.internal openshift_public_ip=E3.E3.E3.E3 | |
| # host group for nodes, includes region info | |
| [nodes] | |
| osev31-master1.mydomain.internal openshift_public_ip=MM.MM.MM.MM openshift_node_labels="{'region': 'infra', 'zone': 'default'}" | |
| osev31-node1.mydomain.internal openshift_public_ip=N1.N1.N1.N1 openshift_node_labels="{'region': 'primary', 'zone': 'east'}" | |
| osev31-node2.mydomain.internal openshift_public_ip=N2.N2.N2.N2 openshift_node_labels="{'region': 'primary', 'zone': 'west'}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiLevels: | |
| - v1 | |
| apiVersion: v1 | |
| assetConfig: | |
| logoutURL: "" | |
| masterPublicURL: https://MM.MM.MM.MM:8443 | |
| publicURL: https://MM.MM.MM.MM:8443/console/ | |
| servingInfo: | |
| bindAddress: 0.0.0.0:8443 | |
| bindNetwork: tcp4 | |
| certFile: master.server.crt | |
| clientCA: "" | |
| keyFile: master.server.key | |
| maxRequestsInFlight: 0 | |
| requestTimeoutSeconds: 0 | |
| controllers: '*' | |
| corsAllowedOrigins: | |
| - 127.0.0.1 | |
| - localhost | |
| - 172.16.254.5 | |
| - MM.MM.MM.MM | |
| - kubernetes.default | |
| - kubernetes.default.svc.cluster.local | |
| - kubernetes | |
| - openshift.default | |
| - openshift.default.svc | |
| - 172.30.0.1 | |
| - osev31-master1.mydomain.internal | |
| - openshift.default.svc.cluster.local | |
| - kubernetes.default.svc | |
| - openshift | |
| dnsConfig: | |
| bindAddress: 0.0.0.0:53 | |
| bindNetwork: tcp4 | |
| etcdClientInfo: | |
| ca: master.etcd-ca.crt | |
| certFile: master.etcd-client.crt | |
| keyFile: master.etcd-client.key | |
| urls: | |
| - https://osev31-etcd1.mydomain.internal:2379 | |
| - https://osev31-etcd2.mydomain.internal:2379 | |
| - https://osev31-etcd3.mydomain.internal:2379 | |
| etcdStorageConfig: | |
| kubernetesStoragePrefix: kubernetes.io | |
| kubernetesStorageVersion: v1 | |
| openShiftStoragePrefix: openshift.io | |
| openShiftStorageVersion: v1 | |
| imageConfig: | |
| format: openshift3/ose-${component}:${version} | |
| latest: false | |
| kind: MasterConfig | |
| kubeletClientInfo: | |
| ca: ca.crt | |
| certFile: master.kubelet-client.crt | |
| keyFile: master.kubelet-client.key | |
| port: 10250 | |
| kubernetesMasterConfig: | |
| apiServerArguments: null | |
| controllerArguments: null | |
| masterCount: 1 | |
| masterIP: 172.16.254.5 | |
| podEvictionTimeout: "" | |
| proxyClientInfo: | |
| certFile: master.proxy-client.crt | |
| keyFile: master.proxy-client.key | |
| schedulerConfigFile: /etc/origin/master/scheduler.json | |
| servicesNodePortRange: "" | |
| servicesSubnet: 172.30.0.0/16 | |
| staticNodeNames: [] | |
| masterClients: | |
| externalKubernetesKubeConfig: "" | |
| openshiftLoopbackKubeConfig: openshift-master.kubeconfig | |
| masterPublicURL: https://MM.MM.MM.MM:8443 | |
| networkConfig: | |
| clusterNetworkCIDR: 10.1.0.0/16 | |
| hostSubnetLength: 8 | |
| # serviceNetworkCIDR must match kubernetesMasterConfig.servicesSubnet | |
| serviceNetworkCIDR: 172.30.0.0/16 | |
| oauthConfig: | |
| assetPublicURL: https://MM.MM.MM.MM:8443/console/ | |
| grantConfig: | |
| method: auto | |
| identityProviders: | |
| - name: deny_all | |
| challenge: True | |
| login: True | |
| provider: | |
| apiVersion: v1 | |
| kind: DenyAllPasswordIdentityProvider | |
| masterCA: ca.crt | |
| masterPublicURL: https://MM.MM.MM.MM:8443 | |
| masterURL: https://osev31-master1.mydomain.internal:8443 | |
| sessionConfig: | |
| sessionMaxAgeSeconds: 3600 | |
| sessionName: ssn | |
| sessionSecretsFile: /etc/origin/master/session-secrets.yaml | |
| tokenConfig: | |
| accessTokenMaxAgeSeconds: 86400 | |
| authorizeTokenMaxAgeSeconds: 500 | |
| pauseControllers: false | |
| policyConfig: | |
| bootstrapPolicyFile: /etc/origin/master/policy.json | |
| openshiftInfrastructureNamespace: openshift-infra | |
| openshiftSharedResourcesNamespace: openshift | |
| projectConfig: | |
| defaultNodeSelector: "" | |
| projectRequestMessage: "" | |
| projectRequestTemplate: "" | |
| securityAllocator: | |
| mcsAllocatorRange: "s0:/2" | |
| mcsLabelsPerProject: 5 | |
| uidAllocatorRange: "1000000000-1999999999/10000" | |
| routingConfig: | |
| subdomain: "" | |
| serviceAccountConfig: | |
| limitSecretReferences: false | |
| managedNames: | |
| - default | |
| - builder | |
| - deployer | |
| masterCA: ca.crt | |
| privateKeyFile: serviceaccounts.private.key | |
| publicKeyFiles: | |
| - serviceaccounts.public.key | |
| servingInfo: | |
| bindAddress: 0.0.0.0:8443 | |
| bindNetwork: tcp4 | |
| certFile: master.server.crt | |
| clientCA: ca.crt | |
| keyFile: master.server.key | |
| maxRequestsInFlight: 500 | |
| requestTimeoutSeconds: 3600 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| allowDisabledDocker: false | |
| apiVersion: v1 | |
| dnsDomain: cluster.local | |
| dnsIP: 172.30.0.1 | |
| dockerConfig: | |
| execHandlerName: "" | |
| iptablesSyncPeriod: "5s" | |
| imageConfig: | |
| format: openshift3/ose-${component}:${version} | |
| latest: false | |
| kind: NodeConfig | |
| masterKubeConfig: system:node:osev31-node1.mydomain.internal.kubeconfig | |
| # networkConfig struct introduced in origin 1.0.6 and OSE 3.0.2 which | |
| # deprecates networkPluginName above. The two should match. | |
| networkConfig: | |
| mtu: 1410 | |
| nodeIP: 172.16.254.8 | |
| nodeName: osev31-node1.mydomain.internal | |
| podManifestConfig: | |
| servingInfo: | |
| bindAddress: 0.0.0.0:10250 | |
| certFile: server.crt | |
| clientCA: ca.crt | |
| keyFile: server.key | |
| volumeDirectory: /var/lib/origin/openshift.local.volumes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment