infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 7 Projects Releases Packages Wiki Activity Actions

openqa: do not do the nftables switch on these until we have more time for testing

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2025-04-24 13:51:09 -07:00
parent 4d4365cdf5
commit 7c670efbfe
2 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
inventory/group_vars/openqa_tap_workers
View file

@ -5,6 +5,7 @@ nft_custom_rules:
- 'add rule ip filter FORWARD iifname "br0" counter accept'
- 'add rule ip filter FORWARD iifname "{{ openqa_tap_iface }}" oifname "br0" ct state related,established counter accept'
- 'add rule ip filter INPUT iifname "br0" counter accept'
nftables: False
# for iptables rules...maybe other stuff in future? both staging
# and prod workers are in this group
host_group: openqa-tap-workers

1
inventory/group_vars/openqa_workers
View file

@ -7,6 +7,7 @@ ipa_client_sudo_groups:
- sysadmin-qa
ipa_host_group: openqa-workers
ipa_host_group_desc: OpenQA worker hosts
nftables: False
openqa_env: production
openqa_env_prefix:
# this is because openqa staging isn't really a staging host