Red Hat Training - OpenShift Advanced Deployment (v3.7), Lab 1

gistfile1.txt

[OSEv3:vars]
timeout=60
ansible_ssh_user=ec2-user
ansible_become=true

deployment_type=openshift-enterprise
openshift_release=3.7
openshift_clock_enabled=true

openshift_master_cluster_method=native
openshift_master_cluster_hostname=loadbalancer1.54d2.internal
openshift_master_cluster_public_hostname=loadbalancer.54d2.example.opentlc.com
openshift_master_default_subdomain=apps.54d2.example.opentlc.com
openshift_master_htpasswd_users={'admin': '$apr1$pO8HHisJ$8lu/63ISd8gn5SHcaWkls0', 'developer': '$apr1$pO8HHisJ$8lu/63ISd8gn5SHcaWkls0'}
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

openshift_hosted_registry_storage_kind=nfs
openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
openshift_hosted_registry_storage_nfs_directory=/exports
openshift_hosted_registry_storage_nfs_options='*(rw,root_squash)'
openshift_hosted_registry_storage_volume_name=registry
openshift_hosted_registry_storage_volume_size=40Gi

openshift_hosted_metrics_deploy=true
openshift_hosted_metrics_storage_kind=nfs
openshift_hosted_metrics_storage_access_modes=['ReadWriteOnce']
openshift_hosted_metrics_storage_nfs_directory=/exports
openshift_hosted_metrics_storage_nfs_options='*(rw,root_squash)'
openshift_hosted_metrics_storage_volume_name=metrics
openshift_hosted_metrics_storage_volume_size=10Gi
openshift_hosted_metrics_storage_labels={'storage': 'metrics'}

openshift_hosted_logging_deploy=true
openshift_hosted_logging_storage_kind=nfs
openshift_hosted_logging_storage_access_modes=['ReadWriteOnce']
openshift_hosted_logging_storage_nfs_directory=/exports
openshift_hosted_logging_storage_nfs_options='*(rw,root_squash)'
openshift_hosted_logging_storage_volume_name=logging
openshift_hosted_logging_storage_volume_size=10Gi
openshift_hosted_logging_storage_labels={'storage': 'logging'}

openshift_disable_check="disk_availability,memory_availability"

openshift_management_install_management=true

# Enable cockpit
osm_use_cockpit=true
#
# Set cockpit plugins
osm_cockpit_plugins=['cockpit-kubernetes']

osm_default_node_selector='region=primary'

openshift_cfme_install_app=true
openshift_management_install_beta=true

[OSEv3:children]
lb
masters
etcd
nodes
nfs

[lb]
loadbalancer1.54d2.internal openshift_public_hostname=loadbalancer.54d2.example.opentlc.com

[masters]
master1.54d2.internal 
master2.54d2.internal
master3.54d2.internal

[etcd]
master1.54d2.internal
master2.54d2.internal
master3.54d2.internal

[nodes]
master1.54d2.internal openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '54d2', 'region': 'master', 'zone': 'latam-1a'}"
master2.54d2.internal openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '54d2', 'region': 'master', 'zone': 'latam-1b'}"
master3.54d2.internal openshift_node_labels="{'logging':'true','openshift_schedulable':'False','cluster': '54d2', 'region': 'master', 'zone': 'latam-1c'}"

infranode1.54d2.internal openshift_node_labels="{'logging':'true','cluster': '54d2', 'env':'infra', 'region': 'infra', 'zone': 'latam-1a'}"
infranode2.54d2.internal openshift_node_labels="{'logging':'true','cluster': '54d2', 'env':'infra','region': 'infra','zone': 'latam-1b'}"

node1.54d2.internal openshift_node_labels="{'logging':'true','cluster': '54d2', 'env':'app', 'region': 'primary', 'zone': 'latam-1a'}"
node2.54d2.internal openshift_node_labels="{'logging':'true','cluster': '54d2', 'env':'app', 'region': 'primary', 'zone': 'latam-1b'}"
node3.54d2.internal openshift_node_labels="{'logging':'true','cluster': '54d2', 'env':'app', 'region': 'primary', 'zone': 'latam-1c'}"

[nfs]
support1.54d2.internal

Running the playbook: ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml

kind: LDAPSyncConfig
apiVersion: v1
url: "ldap://ipa.shared.example.opentlc.com"
insecure: false
ca: "/etc/origin/master/ipa-ca.crt"
bindDN: "uid=admin,cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com"
bindPassword: "r3dh4t1!"
rfc2307:
groupsQuery:
    baseDN: "cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com"
    scope: sub
    derefAliases: never
    filter: "(&(|(cn=portalapp)(cn=paymentapp)(cn=ocp-production)(cn=ocp-platform))(!(objectClass=mepManagedEntry))(!(cn=trust admins))(!(cn=groups))(!(cn=admins))(!(cn=ipausers))(!(cn=editors))(!(cn=ocp-users))(!(cn=evmgroup*))(!(cn=ipac*)))"
groupUIDAttribute: dn
groupNameAttributes: [ cn ]
groupMembershipAttributes: [ member ]
groupUIDNameMapping:
    "cn=portalapp,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com": portalapp
    "cn=paymentapp,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com": paymentapp
    "cn=ocp-production,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com": ocp-production
    "cn=ocp-platform,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com": ocp-platform
usersQuery:
    baseDN: "cn=users,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com"
    scope: sub
    derefAliases: never
userUIDAttribute: dn
userNameAttributes: [ uid ]

--whitelist.yml--
cn=portalapp,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com
cn=paymentapp,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com
cn=ocp-production,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com
cn=ocp-platform,cn=groups,cn=accounts,dc=shared,dc=example,dc=opentlc,dc=com

oc adm groups sync --sync-config=ldap-sync-config.yml --whitelist=white-list.yml --confirm