summaryrefslogtreecommitdiffstats
path: root/xci/installer/kubespray/playbooks/group_vars/all
blob: d2c36bfc58e7bf883227d716361754c461890e81 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

kube_require_packages:
  - "python-netaddr"
  - "dbus"

keepalived_ubuntu_src: "uca"
keepalived_uca_apt_repo_url: "{{ uca_apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }}"

keepalived_sync_groups:
  haproxy:
    instances:
      - external

haproxy_keepalived_external_interface: "{{ ansible_default_ipv4.interface }}"
haproxy_keepalived_authentication_password: 'keepalived'
keepalived_instances:
  external:
    interface: "{{ haproxy_keepalived_external_interface }}"
    state: "BACKUP"
    virtual_router_id: "{{ haproxy_keepalived_external_virtual_router_id | default ('10') }}"
    priority: "{{ ((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*100)-((ansible_play_hosts|length-ansible_play_hosts.index(inventory_hostname))*50) }}"
    authentication_password: "{{ haproxy_keepalived_authentication_password }}"
    vips:
      - "{{ haproxy_keepalived_external_vip_cidr | default('192.168.122.222/32')  }} dev {{ haproxy_keepalived_external_interface }}"

haproxy_default_services:
  - service:
      haproxy_service_name: proxy-apiserver
      haproxy_backend_nodes: "{{ groups['kube-master'] | default([]) }}"
      haproxy_port: 8383
      haproxy_backend_port: 6443
      haproxy_balance_type: tcp

haproxy_bind_on_non_local: "True"
haproxy_use_keepalived: "True"
keepalived_selinux_compile_rules:
  - keepalived_ping
  - keepalived_haproxy_pid_file

# Ensure that the package state matches the global setting
haproxy_package_state: "latest"

haproxy_whitelist_networks:
  - 192.168.0.0/16
  - 172.16.0.0/12
  - 10.0.0.0/8

haproxy_galera_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_glance_registry_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_keystone_admin_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_nova_metadata_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_rabbitmq_management_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_repo_git_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_repo_cache_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_octavia_whitelist_networks: "{{ haproxy_whitelist_networks }}"
haproxy_ssl: false

internal_lb_vip_address: "192.168.122.222"
external_lb_vip_address: "{{ internal_lb_vip_address }}"