| ansible_ssh_user
 | 
This variable sets the SSH user for the installer to use and defaults to
root. This user should allow SSH-based authentication
without requiring a password. If
using SSH key-based authentication, then the key should be managed by an SSH
agent. | 
| ansible_become
 | 
If ansible_ssh_useris notroot, this variable must be set totrueand
the user must be configured for passwordlesssudo. | 
| debug_level
 | 
This variable sets which INFO messages are logged to the systemd-journald.service. Set one of the following: 
0to log errors and warnings only
2to log normal information (This is the default level.)
4to log debugging-level information
6to log API-level debugging information (request / response)
8to log body-level API debugging information
 | 
| containerized
 | 
If set to true, containerized OKD services are run on all target master
and node hosts in the cluster instead of installed using RPM packages. If set tofalseor unset, the default RPM method is used. RHEL Atomic Host requires the
containerized method, and is automatically selected for you based on the
detection of the /run/ostree-booted file. See
Installing on
Containerized Hosts for more details. | 
| openshift_clock_enabled
 | 
Whether to enable Network Time Protocol (NTP) on cluster nodes. trueby default. 
|  | 
To prevent masters and nodes in the
cluster from going out of sync, do not change the default value of this parameter. |  | 
| openshift_master_admission_plugin_config
 | 
This variable sets the parameter and arbitrary JSON values as per the requirement in your inventory hosts file. For example: 
openshift_master_admission_plugin_config={"ClusterResourceOverride":{"configuration":{"apiVersion":"v1","kind":"ClusterResourceOverrideConfig","memoryRequestToLimitPercent":"25","cpuRequestToLimitPercent":"25","limitCPUToMemoryPercent":"200"}}} | 
| openshift_master_audit_config
 |  | 
| openshift_master_cluster_hostname
 | 
This variable overrides the host name for the cluster, which defaults to the
host name of the master. | 
| openshift_master_cluster_public_hostname
 | 
This variable overrides the public host name for the cluster, which defaults to
the host name of the master. If you use an external load balancer, specify the address of the external load balancer. 
openshift_master_cluster_public_hostname=openshift-ansible.public.example.com | 
| openshift_master_cluster_method
 | 
Optional. This variable defines the HA method when deploying multiple masters.
Supports the nativemethod. See Multiple Masters for
more information. | 
| openshift_rolling_restart_mode
 | 
This variable enables rolling restarts of HA masters (i.e., masters are taken
down one at a time) when
running
the upgrade playbook directly. It defaults to services, which allows rolling
restarts of services on the masters. It can instead be set tosystem, which
enables rolling, full system restarts and also works for single master clusters. | 
| openshift_master_identity_providers
 | 
This variable sets the
identity provider.
The default value is
Deny
All. If you use a supported identity provider, configure OKD to
use it. | 
| openshift_master_named_certificates
 |  | 
| openshift_master_overwrite_named_certificates
 | 
| openshift_hosted_router_certificate
 |  | 
| openshift_hosted_registry_cert_expire_days
 | 
Validity of the auto-generated registry certificate in days. Defaults to 730(2 years). | 
| openshift_ca_cert_expire_days
 | 
Validity of the auto-generated CA certificate in days. Defaults to 1825(5 years). | 
| openshift_node_cert_expire_days
 | 
Validity of the auto-generated node certificate in days. Defaults to 730(2 years). | 
| openshift_master_cert_expire_days
 | 
Validity of the auto-generated master certificate in days. Defaults to 730(2 years). | 
| etcd_ca_default_days
 | 
Validity of the auto-generated external etcd certificates in days. Controls
validity for etcd CA, peer, server and client certificates. Defaults to 1825(5 years). | 
| os_firewall_use_firewalld
 | 
Set to trueto use firewalld instead of the default iptables. Not available on RHEL Atomic Host. See the Configuring the Firewall section for more information. | 
| openshift_master_session_name
 |  | 
| openshift_master_session_max_seconds
 | 
| openshift_master_session_auth_secrets
 | 
| openshift_master_session_encryption_secrets
 | 
| openshift_set_node_ip
 | 
This variable configures nodeIPin the node configuration. This variable is needed in cases where it is desired for node traffic to go over an interface other than the default network interface. The host variableopenshift_ipcan also be configured on each node to set a specific IP that might not be the IP of the default route. | 
| openshift_master_image_policy_config
 |  | 
| openshift_router_selector
 |  | 
| openshift_registry_selector
 |  | 
| openshift_template_service_broker_namespaces
 | 
This variable enables the template service broker by specifying one or more
namespaces whose templates will be served by the broker. | 
| ansible_service_broker_node_selector
 | 
Default node selector for automatically deploying Ansible service broker pods,
defaults {"region": "infra"}. See
Configuring Node Host Labels for details. | 
| template_service_broker_selector
 | 
Default node selector for automatically deploying template service broker pods,
defaults {"region": "infra"}. See
Configuring Node Host Labels for details. | 
| osm_default_node_selector
 | 
This variable overrides the node selector that projects will use by default when
placing pods, which is defined by the projectConfig.defaultNodeSelectorfield
in the master configuration file. Starting in OKD 3.9, this defaults
tonode-role.kubernetes.io/compute=trueif undefined. | 
| openshift_docker_additional_registries
 | 
OKD adds the specified additional registry or registries to the
docker configuration. These are the registries to search. If the registry requires access to a port other than 80, include the port number required in the form of<address>:<port>. 
openshift_docker_additional_registries=example.com:443 | 
| openshift_docker_insecure_registries
 | 
OKD adds the specified additional insecure registry or registries to
the docker configuration. For any of these registries, secure sockets layer
(SSL) is not verified. Also, add these registries to openshift_docker_additional_registries. | 
| openshift_docker_blocked_registries
 | 
OKD adds the specified blocked registry or registries to the
docker configuration. Block the listed registries. Setting this to allblocks everything not in the other variables. | 
| openshift_metrics_hawkular_hostname
 | 
This variable sets the host name for integration with the metrics console by
overriding metricsPublicURLin the master configuration for cluster metrics.
If you alter this variable, ensure the host name is accessible via your router. | 
| openshift_clusterid
 | 
This variable is a cluster identifier unique to the AWS Availability Zone. Using this avoids potential issues in Amazon Web Service
(AWS) with multiple zones or multiple clusters. See Labeling Clusters for AWS for details. | 
| openshift_image_tag
 | 
Use this variable to specify a container image tag to install or configure. | 
| openshift_pkg_version
 | 
Use this variable to specify an RPM version to install or configure. |