2015-12-31 00:11:33 +08:00
|
|
|
---
|
2017-09-27 21:47:47 +08:00
|
|
|
# Set to true to allow pre-checks to fail and continue deployment
|
|
|
|
ignore_assert_errors: false
|
|
|
|
|
2018-02-07 14:53:09 +08:00
|
|
|
epel_enabled: false
|
2022-02-27 02:29:23 +08:00
|
|
|
# Kubespray sets this to true after clusterDNS is running to apply changes to the host resolv.conf
|
2018-11-01 23:08:50 +08:00
|
|
|
dns_late: false
|
2016-10-15 05:46:44 +08:00
|
|
|
|
2015-12-31 21:07:02 +08:00
|
|
|
common_required_pkgs:
|
2018-05-08 16:03:30 +08:00
|
|
|
- "{{ (ansible_distribution == 'openSUSE Tumbleweed') | ternary('openssl-1_1', 'openssl') }}"
|
2015-12-31 21:07:02 +08:00
|
|
|
- curl
|
2016-01-09 17:45:50 +08:00
|
|
|
- rsync
|
2016-09-15 03:27:33 +08:00
|
|
|
- socat
|
2017-02-09 05:41:36 +08:00
|
|
|
- unzip
|
2019-02-05 04:23:33 +08:00
|
|
|
- e2fsprogs
|
|
|
|
- xfsprogs
|
2020-04-08 22:37:44 +08:00
|
|
|
- ebtables
|
2021-04-15 23:33:50 +08:00
|
|
|
- bash-completion
|
2022-08-16 20:17:18 +08:00
|
|
|
- tar
|
2015-12-31 21:07:02 +08:00
|
|
|
|
2016-08-08 18:59:20 +08:00
|
|
|
# Set to true if your network does not support IPv6
|
2024-01-30 09:46:58 +08:00
|
|
|
# This may be necessary for pulling Docker images from
|
2016-08-08 18:59:20 +08:00
|
|
|
# GCE docker repository
|
|
|
|
disable_ipv6_dns: false
|
2016-03-29 20:50:22 +08:00
|
|
|
|
2023-11-01 10:33:57 +08:00
|
|
|
# Remove default cluster search domains (``default.svc.{{ dns_domain }}, svc.{{ dns_domain }}``).
|
|
|
|
remove_default_searchdomains: false
|
|
|
|
|
2022-06-17 16:34:32 +08:00
|
|
|
kube_owner: kube
|
2016-12-27 23:39:00 +08:00
|
|
|
kube_cert_group: kube-cert
|
|
|
|
kube_config_dir: /etc/kubernetes
|
2019-04-19 21:01:54 +08:00
|
|
|
kube_cert_dir: "{{ kube_config_dir }}/ssl"
|
|
|
|
kube_cert_compat_dir: /etc/kubernetes/pki
|
2019-07-31 03:00:10 +08:00
|
|
|
kubelet_flexvolumes_plugins_dir: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
|
2016-03-29 20:50:22 +08:00
|
|
|
|
2020-08-28 17:28:53 +08:00
|
|
|
# Flatcar Container Linux by Kinvolk cloud init config file to define /etc/resolv.conf content
|
2016-12-07 23:57:05 +08:00
|
|
|
# for hostnet pods and infra needs
|
|
|
|
resolveconf_cloud_init_conf: /etc/resolveconf_cloud_init.conf
|
2017-06-30 20:17:03 +08:00
|
|
|
|
|
|
|
# All inventory hostnames will be written into each /etc/hosts file.
|
|
|
|
populate_inventory_to_hosts_file: true
|
2022-10-04 21:26:16 +08:00
|
|
|
# K8S Api FQDN will be written into /etc/hosts file.
|
|
|
|
populate_loadbalancer_apiserver_to_hosts_file: true
|
2023-03-07 08:18:18 +08:00
|
|
|
# etc_hosts_localhost_entries will be written into /etc/hosts file.
|
|
|
|
populate_localhost_entries_to_hosts_file: true
|
2017-10-12 03:40:21 +08:00
|
|
|
|
2018-04-27 23:50:58 +08:00
|
|
|
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
|
2018-08-22 18:10:49 +08:00
|
|
|
|
2018-08-24 20:06:07 +08:00
|
|
|
etc_hosts_localhost_entries:
|
|
|
|
127.0.0.1:
|
|
|
|
expected:
|
|
|
|
- localhost
|
|
|
|
- localhost.localdomain
|
2018-08-22 18:10:49 +08:00
|
|
|
::1:
|
2018-08-24 20:06:07 +08:00
|
|
|
expected:
|
|
|
|
- localhost6
|
|
|
|
- localhost6.localdomain
|
|
|
|
unexpected:
|
|
|
|
- localhost
|
|
|
|
- localhost.localdomain
|
2019-06-11 14:22:15 +08:00
|
|
|
|
|
|
|
# Minimal memory requirement in MB for safety checks
|
|
|
|
minimal_node_memory_mb: 1024
|
|
|
|
minimal_master_memory_mb: 1500
|
2020-02-28 17:56:38 +08:00
|
|
|
|
|
|
|
yum_repo_dir: /etc/yum.repos.d
|
2020-11-23 15:47:35 +08:00
|
|
|
|
|
|
|
# number of times package install task should be retried
|
|
|
|
pkg_install_retries: 4
|
2021-01-11 22:15:08 +08:00
|
|
|
|
|
|
|
# Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
|
|
|
|
ping_access_ip: true
|
2022-06-29 04:15:34 +08:00
|
|
|
|
|
|
|
## NTP Settings
|
|
|
|
# Start the ntpd or chrony service and enable it at system boot.
|
|
|
|
ntp_enabled: false
|
|
|
|
# The package to install which provides NTP functionality.
|
|
|
|
# The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.
|
2023-07-05 11:36:54 +08:00
|
|
|
# The ntp_package can be one of ['ntp', 'chrony']
|
2022-06-29 04:15:34 +08:00
|
|
|
ntp_package: >-
|
|
|
|
{% if ansible_os_family == "RedHat" -%}
|
|
|
|
chrony
|
|
|
|
{%- else -%}
|
|
|
|
ntp
|
|
|
|
{%- endif -%}
|
|
|
|
|
|
|
|
# Manage the NTP configuration file.
|
|
|
|
ntp_manage_config: false
|
|
|
|
# Specify the NTP servers
|
|
|
|
# Only takes effect when ntp_manage_config is true.
|
|
|
|
ntp_servers:
|
|
|
|
- "0.pool.ntp.org iburst"
|
|
|
|
- "1.pool.ntp.org iburst"
|
|
|
|
- "2.pool.ntp.org iburst"
|
|
|
|
- "3.pool.ntp.org iburst"
|
|
|
|
# Restrict NTP access to these hosts.
|
|
|
|
# Only takes effect when ntp_manage_config is true.
|
|
|
|
ntp_restrict:
|
|
|
|
- "127.0.0.1"
|
|
|
|
- "::1"
|
|
|
|
# The NTP driftfile path
|
|
|
|
# Only takes effect when ntp_manage_config is true.
|
|
|
|
ntp_driftfile: /var/lib/ntp/ntp.drift
|
|
|
|
# Enable tinker panic is useful when running NTP in a VM environment.
|
|
|
|
# Only takes effect when ntp_manage_config is true.
|
|
|
|
ntp_tinker_panic: false
|
|
|
|
|
2024-01-30 09:46:58 +08:00
|
|
|
# Force sync time immediately after the ntp installed, which is useful in a newly installed system.
|
2022-06-29 04:15:34 +08:00
|
|
|
ntp_force_sync_immediately: false
|
2022-09-15 12:11:22 +08:00
|
|
|
|
|
|
|
# Set the timezone for your server. eg: "Etc/UTC","Etc/GMT-8". If not set, the timezone will not change.
|
|
|
|
ntp_timezone: ""
|
2023-03-10 14:00:39 +08:00
|
|
|
|
|
|
|
# Currently known os distributions
|
|
|
|
supported_os_distributions:
|
|
|
|
- 'RedHat'
|
|
|
|
- 'CentOS'
|
|
|
|
- 'Fedora'
|
|
|
|
- 'Ubuntu'
|
|
|
|
- 'Debian'
|
|
|
|
- 'Flatcar'
|
|
|
|
- 'Flatcar Container Linux by Kinvolk'
|
|
|
|
- 'Suse'
|
|
|
|
- 'openSUSE Leap'
|
|
|
|
- 'openSUSE Tumbleweed'
|
|
|
|
- 'ClearLinux'
|
|
|
|
- 'OracleLinux'
|
|
|
|
- 'AlmaLinux'
|
|
|
|
- 'Rocky'
|
|
|
|
- 'Amazon'
|
|
|
|
- 'Kylin Linux Advanced Server'
|
|
|
|
- 'UnionTech'
|
|
|
|
- 'UniontechOS'
|
|
|
|
- 'openEuler'
|
|
|
|
|
|
|
|
# Extending some distributions into the redhat os family
|
|
|
|
redhat_os_family_extensions:
|
|
|
|
- "Kylin Linux Advanced Server"
|
|
|
|
- "openEuler"
|
|
|
|
- "UnionTech"
|
|
|
|
- "UniontechOS"
|
2023-03-31 09:53:49 +08:00
|
|
|
|
|
|
|
# Extending some distributions into the debian os family
|
|
|
|
debian_os_family_extensions:
|
|
|
|
- "UnionTech OS Server 20"
|
2023-05-26 01:04:51 +08:00
|
|
|
|
|
|
|
# Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use"
|
|
|
|
systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}"
|
2023-06-21 21:23:40 +08:00
|
|
|
|
2023-06-24 11:49:06 +08:00
|
|
|
# Used to disable File Access Policy Daemon service.
|
|
|
|
# If service is enabled, the CNI plugin installation will fail
|
|
|
|
disable_fapolicyd: true
|
|
|
|
|
2023-06-21 21:23:40 +08:00
|
|
|
# Enable 0120-growpart-azure-centos-7 tasks
|
|
|
|
growpart_azure_enabled: true
|