303 lines
10 KiB
YAML
303 lines
10 KiB
YAML
---
|
|
# SYSTEM PROPERTIES
|
|
# =================
|
|
system_mode: simplex
|
|
# configure distributed cloud role, valid values are 'none', 'systemcontroller',
|
|
# and 'subcloud'. However subclouds are automatically provisioned during their
|
|
# creation in dcmanager and are not meant to be configured manually by the user.
|
|
distributed_cloud_role: none
|
|
timezone: UTC
|
|
|
|
# At least one DNS server is required and maximum 3 servers are allowed
|
|
dns_servers:
|
|
- 8.8.8.8
|
|
- 8.8.4.4
|
|
|
|
# NETWORK PROPERTIES
|
|
# ==================
|
|
#
|
|
# Unless specified in the host override file, the start and end addresses of
|
|
# each subnet are derived from the provided CIDR as follows:
|
|
# For pxebook, management, oam, multicast, and cluster host/pod/service subnets:
|
|
# - start address: index 1 of CIDR
|
|
# - end address: index -2 of CIDR
|
|
# e.g. management_subnet (provided/default): 192.168.204.0/28
|
|
# management_start_address (derived): 192.168.204.1
|
|
# management_end_address (derived): 192.168.204.14
|
|
#
|
|
# Unless specified, the external_oam_node_0_address and external_oam_node_1_address
|
|
# are derived from the external_oam_floating address as follows:
|
|
# external_oam_node_0_address: next address after external_oam_floating_address
|
|
# external_oam_node_0_address: next address after external_oam_node_0_address
|
|
# e.g. external_oam_floating_address (provided/default): 10.10.10.2
|
|
# external_oam_node_0_address (derived): 10.10.10.3
|
|
# external_oam_node_1_address (derived): 10.10.10.4
|
|
#
|
|
# These addresses are only applicable to duplex or duplex-direct system mode.
|
|
#
|
|
pxeboot_subnet: 169.254.202.0/24
|
|
# pxeboot_start_address:
|
|
# pxeboot_end_address:
|
|
|
|
management_subnet: 192.168.204.0/24
|
|
# management_start_address:
|
|
# management_end_address:
|
|
|
|
cluster_host_subnet: 192.168.206.0/24
|
|
# cluster_host_start_address:
|
|
# cluster_host_end_address:
|
|
|
|
cluster_pod_subnet: 172.16.0.0/16
|
|
# cluster_pod_start_address:
|
|
# cluster_pod_end_address:
|
|
|
|
cluster_service_subnet: 10.96.0.0/12
|
|
# cluster_service_start_address:
|
|
# cluster_service_end_address:
|
|
|
|
external_oam_subnet: 10.10.10.0/24
|
|
external_oam_gateway_address: 10.10.10.1
|
|
external_oam_floating_address: 10.10.10.2
|
|
# external_oam_start_address:
|
|
# external_oam_end_address:
|
|
# external_oam_node_0_address:
|
|
# external_oam_node_1_address:
|
|
|
|
management_multicast_subnet: 239.1.1.0/28
|
|
# mangement_multicast_start_address:
|
|
# management_multicast_end_address:
|
|
|
|
# Management network address allocation (true = dynamic, false = static)
|
|
management_dynamic_address_allocation: true
|
|
|
|
# Cluster-host network address allocation (true = dynamic, false = static)
|
|
cluster_host_dynamic_address_allocation: true
|
|
|
|
# DOCKER PROXIES
|
|
# ==============
|
|
#
|
|
# If the host OAM network is behind a proxy, Docker must be configured with
|
|
# the same proxy. When an http and/or https proxy is provided, a no-proxy
|
|
# address list can optionally be provided. This list will be added to the
|
|
# default no-proxy list derived from localhost, loopback, management and oam
|
|
# floating addresses at run time. Each address in the list must neither
|
|
# contain a wildcard nor have subnet format.
|
|
|
|
# docker_http_proxy: http://proxy.com:1234
|
|
# docker_https_proxy: https://proxy.com:1234
|
|
# docker_no_proxy:
|
|
# - 1.2.3.4
|
|
# - 5.6.7.8
|
|
|
|
# DOCKER REGISTRIES
|
|
# =================
|
|
#
|
|
# The docker_registries is a map of known registry keys and their
|
|
# source attributes. Each key is a fully scoped registry name and the
|
|
# same name is used as the default url attribute. Other attributes include
|
|
# username and password for authenticated registries. For instance,
|
|
# k8s.gcr.io registry which hosts Kubernetes related images, has
|
|
# the default registry url value of k8s.gcr.io
|
|
#
|
|
# To overwrite a particular registry url, use the url of the original
|
|
# registry value as the key followed by a custom IP address or domain
|
|
# for the value.
|
|
# If the registry is authenticated, specify username and password. The
|
|
# optional key "type" is only relevant to authenticated registry, it
|
|
# indicates the type of authenticated registry, supported values are
|
|
# "docker" and "aws-ecr". If no type specified, the default type "docker"
|
|
# will be used.
|
|
# The optional key "secure" provides the ability to configure an insecure
|
|
# registry, the default value is "True".
|
|
#
|
|
# e.g.
|
|
# docker_registries:
|
|
# k8s.gcr.io:
|
|
# url: my.k8sregistry.io
|
|
# type: docker
|
|
# username: k8sreguser
|
|
# password: K8sregPass*
|
|
# secure: True
|
|
#
|
|
# The "defaults" is registry key defines common values that to be applied
|
|
# to all override-able public registries. The following example will apply
|
|
# "url", "type", "username" and "password" to docker.io, gcr.io, k8s.gcr.io,
|
|
# quay.io and docker.elastic.co registries.
|
|
# e.g.
|
|
# docker_registries:
|
|
# defaults:
|
|
# url: unified.io
|
|
# type: docker
|
|
# username: adminUser
|
|
# password: adminPass
|
|
#
|
|
# The values under the specific registries, if specified, will take precedence
|
|
# over the values under defaults registry. The following example will apply
|
|
# "type", "username" and "password" from the defaults entry to other public
|
|
# registries while the "url" is different for each public registry.
|
|
# e.g.
|
|
# docker_registries:
|
|
# docker.io:
|
|
# url: my.dockerregistry.io
|
|
# gcr.io:
|
|
# url: my.gcrregistry.io
|
|
# quay.io:
|
|
# url: my.quayregistry.io
|
|
# k8s.gcr.io:
|
|
# url: my.k8sregistry.io
|
|
# docker.elastic.co:
|
|
# url: my.elasticregistry.io
|
|
# defaults:
|
|
# type: docker
|
|
# username: adminUser
|
|
# password: adminPass
|
|
#
|
|
# The docker registries map can be extended with new custom keys in
|
|
# the near future.
|
|
#
|
|
# The valid formats for a registry url value are:
|
|
# - domain (e.g. example.domain)
|
|
# - domain with port (e.g. example.domain:5000)
|
|
# - IPv4 address (e.g. 1.2.3.4)
|
|
# - IPv4 address with port (e.g. 1.2.3.4:5000)
|
|
# - IPv6 address (e.g. FD01::0100)
|
|
# - IPv6 address with port (e.g. [FD01::0100]:5000
|
|
#
|
|
|
|
docker_registries:
|
|
k8s.gcr.io:
|
|
url:
|
|
gcr.io:
|
|
url:
|
|
quay.io:
|
|
url:
|
|
docker.io:
|
|
url:
|
|
docker.elastic.co:
|
|
url:
|
|
# defaults:
|
|
# url: example.domain
|
|
|
|
# ADDITIONAL IMAGES
|
|
# =================
|
|
#
|
|
# This parameter provides a means to pre-pull additional images to local
|
|
# docker registry.
|
|
#
|
|
# The additional_local_registry_images is a list of image references that
|
|
# will be downloaded from public/private registry and pushed to local registry.
|
|
# This value must be a list and each image reference in the list must be
|
|
# fully specified.
|
|
#
|
|
# additional_local_registry_images:
|
|
# - <registry-url>/image1:v1.0
|
|
# - <registry-url>/image2:v2.0
|
|
# ...
|
|
|
|
# CERTIFICATES
|
|
# ============
|
|
#
|
|
# These values provide a means to install certificates onto the system.
|
|
# For example the ssl_ca_cert parameter may be used to install a trusted CA to
|
|
# the system. A trusted CA certificate will be required if the end user
|
|
# configures a private docker registry that is signed by an unknown Certificate
|
|
# Authority.
|
|
#
|
|
# The certificate value is the absolute path of the certificate file.
|
|
# The certificate must be in PEM format.
|
|
# The supported certificates are:
|
|
# - ssl_ca_cert
|
|
# - k8s_root_ca_cert
|
|
# - k8s_root_ca_key
|
|
#
|
|
# ssl_ca_cert: /path/to/ssl_ca_cert_file
|
|
|
|
|
|
# KUBERNETES PARAMETERS
|
|
# =====================
|
|
#
|
|
# These values provide a means to specify different configuration parameters
|
|
# for kubernetes
|
|
#
|
|
# The apiserver_cert_sans is a list of Subject Alternative Names that will be
|
|
# applied to apiserver certificate. This value must be a list and each entry
|
|
# in the list must be a domain name or IP address.
|
|
|
|
# apiserver_cert_sans:
|
|
# - hostname.domain
|
|
# - 198.51.100.75
|
|
|
|
# These values are used to configure the Kubernetes cluster for authentication
|
|
# with OpenID Connect. By default, apiserver_oidc is disabled. When the
|
|
# required three fields of the apiserver_oidc parameter are defined, the
|
|
# feature is considered active. Their values will be used to configure the
|
|
# Kubernetes cluster for authentication with OpenID Connect.
|
|
#
|
|
# apiserver_oidc:
|
|
# client_id:
|
|
# issuer_url:
|
|
# username_claim:
|
|
|
|
# ADMIN CREDENTIALS
|
|
# =================
|
|
#
|
|
# WARNING: It is strongly recommended to store these settings in Ansible vault
|
|
# file named "secret" under override files directory. Configuration parameters
|
|
# stored in vault must start with vault_ prefix (i.e. vault_admin_username,
|
|
# vault_admin_password).
|
|
#
|
|
admin_username: admin
|
|
admin_password: St8rlingX*
|
|
|
|
# INITIAL PASSWORD CHANGE RESPONSE SEQUENCE
|
|
# =========================================
|
|
#
|
|
# The following two parameters are only relevant when the target host is bootstrapped
|
|
# remotely and the user wishes to change the initial sysadmin password as part of the
|
|
# bootstrap.
|
|
#
|
|
# WARNING: It is strongly recommended to store this setting in Ansible vault
|
|
# file named "secret" under override files directory. Configuration parameters
|
|
# stored in vault must start with vault_ prefix (i.e. vault_password_change_responses)
|
|
#
|
|
password_change: false
|
|
|
|
password_change_responses:
|
|
yes/no: 'yes'
|
|
sysadmin*: 'sysadmin'
|
|
\(current\) UNIX password: 'sysadmin'
|
|
(?i)New password: 'St8rlingX*'
|
|
(?i)Retype new password: 'St8rlingX*'
|
|
|
|
# OVERRIDE FILES DIRECTORY
|
|
# ========================
|
|
#
|
|
# Default directory where user override file(s) can be found
|
|
#
|
|
override_files_dir: "{{ lookup('env', 'HOME') }}"
|
|
|
|
# WIPING CEPH OSDs
|
|
# ================
|
|
# The setting of the following parameter is only relevant when the controller
|
|
# is bootstrapped for the purpose of restoring the system from backup data.
|
|
# When set to false, disk partitions that were previously used for Ceph data are
|
|
# not wiped. Otherwise, all disks are wiped as part of the bootstrap.
|
|
wipe_ceph_osds: false
|
|
|
|
# K8S_PLUGINS
|
|
# ===========
|
|
#
|
|
# The following parameters are used for enabling Kubernetes device
|
|
# plugins implemented by hardware/software vendors. By default,
|
|
# plugins are disabled.
|
|
#
|
|
# "k8s_plugins" is a list of selected vendor device plugins to be
|
|
# enabled as part of the bootstrap. When a device plugin is enabled,
|
|
# its pods will be deployed when the plugin label (e.g. intelgpu=enabled)
|
|
# is assigned to the hosts in the cluster as part of system bring-up.
|
|
|
|
k8s_plugins:
|
|
# intel-gpu-plugin: intelgpu=enabled
|
|
# intel-qat-plugin: intelqat=enabled
|
|
# intel-fpga-plugin: intelfpga=enabled
|