212 lines
8.8 KiB
YAML
212 lines
8.8 KiB
YAML
---
|
|
# Copyright 2018, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# === systemd-nspawn defaults ==================================================
|
|
# Default networks that will be applied ONLY to nspwan deployments.
|
|
nspawn_networks:
|
|
nspawn_address:
|
|
# The name of the interface, by default this is a dummy device on a private
|
|
# network however it could be a bridge or any other interface.
|
|
bridge: "nspawn0"
|
|
# Optional | Set bool to enable a private device. This will create a bridge
|
|
# not connecting to the underlying L2.
|
|
private_device: true
|
|
# Optional | Enable or disable dhcp on this network
|
|
enable_dhcp: true
|
|
# Optional | When dhcp is enabled set the IP address range
|
|
dhcp_range: 10.0.4.2,10.0.4.129
|
|
# Optional | Set the address for the macvlan network
|
|
address: 10.0.4.1
|
|
# Optional | Set the netmask for the macvlan network
|
|
netmask: 255.255.255.0
|
|
# Optional | Set the macvlan mode
|
|
macvlan_mode: bridge
|
|
|
|
# Primary interface used for host to container communications. In the event that
|
|
# the underlying system is running a condensed network stack a route will be
|
|
# created for all networks that have a defined `cidr` using the primary
|
|
# interface. In the event that an address is defined for a given network Ansible
|
|
# facts will be used to determine if an address needs to be assigned to the
|
|
# macvlan interface.
|
|
#
|
|
# + simple example:
|
|
# management_cidr: "172.29.236.0/24"
|
|
# container_networks:
|
|
# management_address:
|
|
# bridge: eth0
|
|
#
|
|
# In this example the `managemen_cidr` corresponds to the `management_address`
|
|
# network and because there's no IP address within the address block a route is
|
|
# used allowing the host to communicate with the containers. For the route to be
|
|
# added using any network, the network must have a corresponding CIDR with no
|
|
# defined address.
|
|
#
|
|
# Multiple macvlans can be spawned from a single host interface.
|
|
# + simple example:
|
|
# management_cidr: "172.29.236.0/24"
|
|
# storage_cidr: "10.0.0.0/24"
|
|
# container_networks:
|
|
# management_address:
|
|
# bridge: eth0
|
|
# storage_address:
|
|
# bridge: eth0
|
|
# address: 10.0.0.100
|
|
# netmask: 255.255.255.0
|
|
# tunnel_address:
|
|
# bridge: eth0.10
|
|
#
|
|
# In this example management storage and tunnel networks will be created and
|
|
# attached to the containers.
|
|
# + The management network will have a route created for its corresponding CIDR
|
|
# + The storage network will have the defined address added to the macvlan
|
|
# interface with `scope` set to `host`, assuming the address is not already
|
|
# assigned to the underlying interface, "eth0".
|
|
# + The tunnel network will be attached to the container and isolated from the
|
|
# host with no access to without first attaching to the container.
|
|
#
|
|
nspawn_primary_interface: "{{ nspawn_networks['nspawn_address']['bridge'] }}"
|
|
|
|
# Used to define the default macvlan mode when not specifically defined within
|
|
# container_networks or nspawn_networks. See all available options here:
|
|
# https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BMACVLAN%5D%20Section%20Options
|
|
nspawn_macvlan_mode: bridge
|
|
|
|
# Set the default volume size. This is used when creating a loopback filesystem
|
|
# when "/var/lib/machines" is not already a mount point.
|
|
nspawn_host_machine_volume_size: 64G
|
|
|
|
# Enable or Disable the BTRFS quota system for the "/var/lib/machines" mount
|
|
# point. More information on the BTRFS quota system can be found here:
|
|
# * https://btrfs.wiki.kernel.org/index.php/Quota_support
|
|
nspawn_host_machine_quota_disabled: false
|
|
|
|
# Set the default qgroup limits used for file system quotas. The default is
|
|
# "none". See the following documentation for more information:
|
|
# * https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs-qgroup
|
|
nspawn_host_qgroup_space_limit: none
|
|
nspawn_host_qgroup_compression_limit: none
|
|
|
|
# Boolean option to validate the certificates when fetching images. If using a
|
|
# self-signed certificate this should be se to "false".
|
|
nspawn_hosts_validate_certs: true
|
|
|
|
# Set the installation package state. Options are [latest, present, absent].
|
|
nspawn_hosts_package_state: "latest"
|
|
|
|
# Default base image to build containers from. This setting, by default, is
|
|
# derived from the host machine OS. If a custome name is desirable this can be
|
|
# changed.
|
|
# nspawn_container_base_name: "aio1_utility_container-67440f99"
|
|
nspawn_container_base_name: "{{ nspawn_cache_map.distro }}-{{ nspawn_cache_map.release }}-{{ nspawn_cache_map.arch }}"
|
|
|
|
# URL to image tarball
|
|
nspawn_hosts_container_image_url: "{{ _nspawn_hosts_container_image_url | default(null) }}"
|
|
|
|
# Enable or disable the legacy image download system.
|
|
nspawn_hosts_container_image_download_legacy: "{{ _nspawn_hosts_container_image_download_legacy | default(false) }}"
|
|
|
|
# Set the legacy image download variant
|
|
nspawn_cache_default_variant: "default"
|
|
|
|
# When preparing the image cache a deployer may want to run specific commands
|
|
# at the beginning of the cache prep or the end. These options provide for that
|
|
# capability. The commands are string formatted and will be interpreted
|
|
# literally.
|
|
|
|
# nspawn_cache_prep_pre_commands: |
|
|
# echo "Run Special command 1"
|
|
# echo "Run Special command 2"
|
|
nspawn_cache_prep_pre_commands: ""
|
|
nspawn_cache_prep_post_commands: ""
|
|
|
|
# If the image cache is stale or is in general need of replacement set this to
|
|
# True. The role, by default, will only update the image cache when required.
|
|
nspawn_image_cache_refresh: false
|
|
|
|
# The cache prep DNS may need to be changed based on the conditions within the
|
|
# deployment. Set this list to whatever is required to get access to the
|
|
# inter(intra)net within the deployment. The default is to use OpenDNS and fall
|
|
# back to google.
|
|
nspawn_cache_prep_dns:
|
|
- "208.67.222.222"
|
|
- "8.8.8.8"
|
|
|
|
# Set the cache map used when creating the container.
|
|
# nspawn_cache_map:
|
|
# distro: "$DISTRO_NAME"
|
|
# arch: "{{ nspawn_architecture_mapping.get(ansible_architecture) }}"
|
|
# release: "{{ hostvars[physical_host]['ansible_distribution_version'] }}"
|
|
nspawn_cache_map: "{{ _nspawn_cache_map | default({}) }}"
|
|
|
|
# Default list of files to copy from the host into the container when the
|
|
# default cache is created. This list is merged to create the list of files
|
|
# to copy into the container base image which is captured under the
|
|
# `nspawn_copy_from_host` option.
|
|
|
|
# NOTICE: With all of the copy options it should be noted that it's using rsync
|
|
# within the task. If the target being copied is a "directory" the path
|
|
# should end with a tailing slash.
|
|
nspawn_default_copy_from_host:
|
|
- /etc/default/locale
|
|
- /etc/environment
|
|
- /etc/localtime
|
|
- /etc/locale.conf
|
|
- /etc/protocols
|
|
|
|
# nspawn_copy_from_host:
|
|
# - /etc/resolve.conf
|
|
# - /etc/apt/sources.list
|
|
nspawn_copy_from_host: "{{ nspawn_default_copy_from_host | union(_nspawn_copy_from_host | default([])) }}"
|
|
|
|
# Default list of files to copy from the host into the container when the
|
|
# default cache is created. This list will be merged with the option
|
|
# "nspawn_copy_from_host". which allows a deployer to set additional files to
|
|
# be copied into the container on top of the system managed ones.
|
|
# nspawn_container_cache_files_from_host:
|
|
# - /etc/apt/apt.conf.d/
|
|
# - /etc/apt/preferences.d/
|
|
nspawn_container_cache_files_from_host: []
|
|
|
|
# Default list of packages to install within the build container cache. These
|
|
# packages are installed first, before running anything else within the image.
|
|
# nspawn_container_distro_required_packages:
|
|
# - gnupg
|
|
nspawn_container_distro_required_packages: "{{ _nspawn_container_distro_required_packages | default([]) }}"
|
|
|
|
# Default list of packages to install within the build container cache.
|
|
# nspawn_container_distro_packages:
|
|
# - curl
|
|
# - tcpdump
|
|
nspawn_container_distro_packages: "{{ _nspawn_container_distro_packages | default([]) }}"
|
|
|
|
# Default list of packages to install on the physical host machine.
|
|
# nspawn_hosts_distro_packages:
|
|
# - bridge-utils
|
|
# - btrfs-tools
|
|
nspawn_hosts_distro_packages: "{{ _nspawn_hosts_distro_packages | default([]) }}"
|
|
|
|
|
|
# === General container defaults ===============================================
|
|
# Default networks that will be applied ALL containerized deployments.
|
|
# container_networks:
|
|
# management_address:
|
|
# address: "{{ ansible_host | default('localhost') }}"
|
|
# netmask: "255.255.255.0"
|
|
# bridge: "br-mgmt"
|
|
# static_routes:
|
|
# - cidr: 172.29.100.0/24
|
|
# gateway: 172.29.100.100
|
|
container_networks: {}
|