| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
 | ---
debug_level: 2
deployment_rhel7_ent_base:
  # rhel-7.1, requires cloud access subscription
  image: "{{ lookup('oo_option', 'ec2_image') | default('ami-10251c7a', True) }}"
  image_name: "{{ lookup('oo_option', 'ec2_image_name') | default(None, True) }}"
  region: "{{ lookup('oo_option', 'ec2_region') | default('us-east-1', True) }}"
  ssh_user: ec2-user
  become: yes
  keypair: "{{ lookup('oo_option', 'ec2_keypair') | default('libra', True) }}"
  type: "{{ lookup('oo_option', 'ec2_instance_type') | default('m4.large', True) }}"
  security_groups: "{{ lookup('oo_option', 'ec2_security_groups') | default([ 'public' ], True) }}"
  vpc_subnet: "{{ lookup('oo_option', 'ec2_vpc_subnet') | default(omit, True) }}"
  assign_public_ip: "{{ lookup('oo_option', 'ec2_assign_public_ip') | default(omit, True) }}"
deployment_vars:
  origin:
    # centos-7, requires marketplace
    image: "{{ lookup('oo_option', 'ec2_image') | default('ami-6d1c2007', True) }}"
    image_name: "{{ lookup('oo_option', 'ec2_image_name') | default(None, True) }}"
    region: "{{ lookup('oo_option', 'ec2_region') | default('us-east-1', True) }}"
    ssh_user: centos
    become: yes
    keypair: "{{ lookup('oo_option', 'ec2_keypair') | default('libra', True) }}"
    type: "{{ lookup('oo_option', 'ec2_instance_type') | default('m4.large', True) }}"
    security_groups: "{{ lookup('oo_option', 'ec2_security_groups') | default([ 'public' ], True) }}"
    vpc_subnet: "{{ lookup('oo_option', 'ec2_vpc_subnet') | default(omit, True) }}"
    assign_public_ip: "{{ lookup('oo_option', 'ec2_assign_public_ip') | default(omit, True) }}"
  enterprise: "{{ deployment_rhel7_ent_base }}"
  openshift-enterprise: "{{ deployment_rhel7_ent_base }}"
  atomic-enterprise: "{{ deployment_rhel7_ent_base }}"
clusterid: mycluster
region: us-east-1
provision:
  clusterid: "{{ clusterid }}"
  region: "{{ region }}"
  build:  # build specific variables here
    ami_name: "openshift-gi-"
    base_image: ami-bdd5d6ab  # base image for AMI to build from
    yum_repositories:  # this is an example repository but it requires sslclient info
    - name: openshift-repo
      file: openshift-repo
      description: OpenShift Builds
      baseurl: https://mirror.openshift.com/enterprise/online-int/latest/x86_64/os/
      enabled: yes
      gpgcheck: no
      sslverify: no
      sslclientcert: "/var/lib/yum/client-cert.pem"
      sslclientkey: "/var/lib/yum/client-key.pem"
      gpgkey: "https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-release https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-beta https://mirror.ops.rhcloud.com/libra/keys/RPM-GPG-KEY-redhat-openshifthosted"
    # when creating an encrypted AMI please specify use_encryption
    use_encryption: False
    openshift_ami_tags:
      bootstrap: "true"
      openshift-created: "true"
      clusterid: "{{ clusterid }}"
  # Use s3 backed registry storage
  openshift_registry_s3: True
  # if using custom certificates these are required for the ELB
  iam_cert_ca:
    name: "{{ clusterid }}_openshift"
    cert_path: '/path/to/wildcard.<clusterid>.example.com.crt'
    key_path: '/path/to/wildcard.<clusterid>.example.com.key'
    chain_path: '/path/to/cert.ca.crt'
  instance_users:
  - key_name: myuser_key
    username: myuser
    pub_key: |
           ssh-rsa AAAA== myuser@system
  node_group_config:
    tags:
      clusterid: "{{ clusterid }}"
      environment: stg
    ssh_key_name: myuser_key
    # master specific cluster node settings
    master:
      instance_type: m4.xlarge
      ami: ami-cdeec8b6  # if using an encrypted AMI this will be replaced
      volumes:
      - device_name: /dev/sdb
        volume_size: 100
        device_type: gp2
        delete_on_termination: False
      health_check:
        period: 60
        type: EC2
      min_size: 3
      max_size: 3
      desired_size: 3
      tags:
        host-type: master
        sub-host-type: default
      wait_for_instances: True
    # compute specific cluster node settings
    compute:
      instance_type: m4.xlarge
      ami: ami-cdeec8b6
      volumes:
      - device_name: /dev/sdb
        volume_size: 100
        device_type: gp2
        delete_on_termination: True
      health_check:
        period: 60
        type: EC2
      min_size: 3
      max_size: 100
      desired_size: 3
      tags:
        host-type: node
        sub-host-type: compute
    # infra specific cluster node settings
    infra:
      instance_type: m4.xlarge
      ami: ami-cdeec8b6
      volumes:
      - device_name: /dev/sdb
        volume_size: 100
        device_type: gp2
        delete_on_termination: True
      health_check:
        period: 60
        type: EC2
      min_size: 2
      max_size: 20
      desired_size: 2
      tags:
        host-type: node
        sub-host-type: infra
  # vpc settings
  vpc:
    cidr: 172.31.0.0/16
    subnets:
      us-east-1:  # These are us-east-1 region defaults. Ensure this matches your region
      - cidr: 172.31.48.0/20
        az: "us-east-1c"
      - cidr: 172.31.32.0/20
        az: "us-east-1e"
      - cidr: 172.31.16.0/20
        az: "us-east-1a"
 |