Add default deployment values

Add default values (in defaults/deployment.yaml) for:
 - disconnected: true
 - diskEncryption: false
 - ocMirrorLogLevel: info
 - pullSecretPath: "{{ workingDir }}/config/pull-secret.json"

The variables have been removed from config/global.example.yaml
but the defaults values can be overridden in config/global.yaml.

Author: eurijon

config/global.example.yaml

@@ -77,31 +77,31 @@ blockStorageBackend: lvms
 #     "kind": "ConfigMap", "data": ..}]'
 
 # ============================================================================
-# OpenShift Configuration
+# OpenShift Deployment Configuration (optional)
+# All settings below have defaults. Uncomment only to override.
 # ============================================================================
-# Disconnected mode
-disconnected: true
+# Disconnected mode (default: true, set to false for connected deployments)
+# disconnected: false
 
-# Encrypt installation partition with TPM v2
-diskEncryption: false
+# Encrypt installation partition with TPM v2 (default: false, set to true to enable)
+# diskEncryption: true
 
-# SSH public key path for cluster nodes
-sshPubPath: "YOUR_SSH_PUB_KEY_PATH"
-
-# Variables for oc-mirror
-ocMirrorLogLevel: debug
+# Log level for oc-mirror (default: info, options: trace, debug, info, error)
+# ocMirrorLogLevel: debug
 
-# Additional NTP sources for cluster nodes (optional)
+# Additional NTP sources for cluster nodes (no additional servers by default)
 # defaultNtpServers:
 #  - YOUR_NTP_SERVER_1
 #  - YOUR_NTP_SERVER_2
 
 # ============================================================================
-# Pull Secret Configuration
+# Pull Secret and SSH Public Key Configuration
 # ============================================================================
 # Obtain from: https://console.redhat.com/openshift/install/pull-secret
 pullSecret: '{"auths":{"YOUR_PULL_SECRET"}}'
-pullSecretPath: "{{ workingDir }}/config/pull-secret.json"
+
+# SSH public key path for cluster nodes
+sshPubPath: "YOUR_SSH_PUB_KEY_PATH"
 
 # ============================================================================
 # Cluster Hosts Configuration (Agent Hosts)

defaults/deployment.yaml

@@ -0,0 +1,12 @@
+---
+# Default deployment mode. Override in config/global.yaml to deploy in connected mode.
+disconnected: true
+
+# Default disk encryption setting. Override in config/global.yaml to enable TPM v2 encryption.
+diskEncryption: false
+
+# Default oc-mirror log level. Override in config/global.yaml for more verbosity.
+ocMirrorLogLevel: info
+
+# Default pull secret path. Override in config/global.yaml if stored elsewhere.
+pullSecretPath: "{{ workingDir }}/config/pull-secret.json"

docs/CONFIGURATION_REFERENCE.md

@@ -748,13 +748,15 @@ pullSecret: |
 
 #### `pullSecretPath`
 
-**Description**: Path to pull secret file (alternative to inline `pullSecret`).
+**Description**: Path to pull secret JSON file. Defaults to `{{ workingDir }}/config/pull-secret.json`. Override in `config/global.yaml` if your pull secret is stored elsewhere.
 
 **Type**: String (file path)
 
+**Default**: `{{ workingDir }}/config/pull-secret.json`
+
 **Example**:
 ```yaml
-pullSecretPath: "{{ workingDir }}/config/pull-secret.json"
+pullSecretPath: "{{ workingDir }}/.config/pull-secret.json"
 ```
 
 ## Storage Configuration
@@ -1144,11 +1146,18 @@ defaultPrefix: 24
 rendezvousIP: 192.168.2.24
 lzBmcIP: 100.64.1.10
 
-# OpenShift Configuration
-disconnected: true
-diskEncryption: false
+# OpenShift Deployment Configuration (optional — uncomment only to override defaults)
+# disconnected: false  # Default: true (set to false for connected deployments)
+# diskEncryption: true  # Default: false (set to true to enable TPM v2 encryption)
+# ocMirrorLogLevel: debug  # Default: info
+# defaultNtpServers:  # No additional servers by default
+#  - YOUR_NTP_SERVER_1
+#  - YOUR_NTP_SERVER_2
+
+# Pull Secret and SSH Public Key
+pullSecret: '{"auths":{"cloud.openshift.com":{...},"quay.io":{...}}}'
+# pullSecretPath: "{{ workingDir }}/config/pull-secret.json"  # Default
 sshPubPath: "{{ workingDir }}/.ssh/id_rsa.pub"
-ocMirrorLogLevel: debug
 
 # Storage Backend
 blockStorageBackend: lvms
@@ -1187,9 +1196,6 @@ quayBackendRGWConfiguration:
   bucket_name: quay-bucket-name
   hostname: ocs-storagecluster-cephobjectstore-openshift-storage.apps.store.enclave-test.nodns.in
 
-# Pull Secret
-pullSecret: '{"auths":{"cloud.openshift.com":{...},"quay.io":{...}}}'
-pullSecretPath: "{{ workingDir }}/config/pull-secret.json"
 ```
 
 ### `config/certificates.yaml`

playbooks/common/load-vars.yaml

@@ -1,5 +1,8 @@
 ---
 
+- name: Include deployment defaults
+  ansible.builtin.include_vars: ../../defaults/deployment.yaml
+
 - name: Include global deployment vars
   ansible.builtin.include_vars: "{{ vars_file | default('../../config/global.yaml') }}"
 

playbooks/tasks/schema_validation.yaml

@@ -1,3 +1,9 @@
+- name: validate defaults/deployment.yaml schema
+  ansible.utils.validate:
+    data: "{{ lookup('ansible.builtin.file', '../../defaults/deployment.yaml') | from_yaml | to_json }}"
+    criteria: "{{ lookup('ansible.builtin.file', '../../schemas/deployment.yaml') | from_yaml | to_json }}"
+    engine: ansible.utils.jsonschema
+
 - name: validate defaults/catalogs.yaml schema
   ansible.utils.validate:
     data: "{{ lookup('ansible.builtin.file', '../../defaults/catalogs.yaml') | from_yaml | to_json }}"

schemas/deployment.yaml

@@ -0,0 +1,32 @@
+---
+"$schema": "http://json-schema.org/draft-07/schema"
+version: "1.0"
+type: object
+
+additionalProperties: false
+properties:
+  disconnected:
+    type: boolean
+    description: >-
+      Whether the deployment is disconnected (air-gapped). Default: true.
+      Set to false for connected deployments.
+  diskEncryption:
+    type: boolean
+    description: >-
+      Whether to enable disk encryption using TPM v2. Default: false.
+      Set to true to encrypt the installation partition on all nodes.
+  ocMirrorLogLevel:
+    type: string
+    enum: [trace, debug, info, error]
+    description: >-
+      Log level for oc-mirror. Default: info.
+  pullSecretPath:
+    type: string
+    description: >-
+      Path to the pull secret JSON file. Default: {{ workingDir }}/config/pull-secret.json.
+
+required:
+  - disconnected
+  - diskEncryption
+  - ocMirrorLogLevel
+  - pullSecretPath

scripts/generate_enclave_vars.sh

@@ -178,33 +178,25 @@ blockStorageBackend: lvms
 lvmsConfig: {}
 
 # ============================================================================
-# OpenShift Configuration
+# OpenShift Deployment Configuration (optional)
 # ============================================================================
-# Disconnected mode
-disconnected: true
-
-# Encrypt installation partition with TPM v2
-diskEncryption: false
-
-# SSH public key path for cluster nodes
-sshPubPath: "{{ workingDir }}/.ssh/id_rsa.pub"
-
-# Variables for oc-mirror
-ocMirrorLogLevel: info
-
-# Additional NTP sources for cluster nodes (optional)
-defaultNtpServers: []
+# Leaving default values
 
 # ============================================================================
-# Pull Secret Configuration
+# Pull Secret and SSH Public Key Configuration
 # ============================================================================
 # Obtain from: https://console.redhat.com/openshift/install/pull-secret
 # Pull secret will be read from pullSecretPath
 pullSecret:
   auths: {}
 pullSecretPath: "{{ workingDir }}/.config/pull-secret.json"
 
-# Discovery hosts for hardware discovery (optional)
+# SSH public key path for cluster nodes
+sshPubPath: "{{ workingDir }}/.ssh/id_rsa.pub"
+
+# ============================================================================
+# Discovery Hosts Configuration
+# ============================================================================
 # Add hosts here if you want to use the discovery feature
 discovery_hosts: []
 

templates/agent-config.yaml.j2

@@ -10,7 +10,7 @@ rendezvousIP:  {{ rendezvousIP }}
 # If defaultNtpServers are defined, add it to the configuration
 {% if defaultNtpServers | default("") | length > 0  %}
 additionalNTPSources:
-{{ defaultNtpServers | to_nice_yaml }}  
+{{ defaultNtpServers | to_nice_yaml }}
 {% endif %}
 
 # And we add the network configuration of each host, in nmstate format