Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
ansible/inventory/group_vars/all
Kevin Fenzi 580cd252c5 Inventory group/host variables: Sort yaml 
This was done using yq (
https://mikefarah.gitbook.io/yq/operators/sort-keys )

Doing things this way makes it much easier to see if a variable is set
in a file or if two hosts differ in what variables they set. Hopefully
we can keep things sorted moving forward.

Basically this means just sort a-z anything you add to any host or group
vaiable and it will be in the right place.

Additionally, this enforces 'normal' intent rules for all the variable
files which we should also try and obey. 2 spaces for first level, 3 for
next, etc. When in doubt you can run yq on it.

This should cause NO actual vairable changes, it's all just readability
fixing for humans, ansible parses it exactly the same.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-11-16 13:27:57 -08:00

251 lines
19 KiB
Text
Raw Blame History

---
#######
# BEGIN: Ansible roles_path variables
#
# Background/reference about external repos pulled in:
# https://pagure.io/fedora-infrastructure/issue/5476
#
# IPA settings
additional_host_keytabs: []
ansible_base: /srv/web/infra
# Default to managing the network, we want to not do this on select
# hosts (like cloud nodes)
ansible_ifcfg_blocklist: false
# List of interfaces to explicitly disable
ansible_ifcfg_disabled: []
# on MOST infra systems, the interface connected to the infra network
# is eth0. but not on quite ALL systems. e.g. on s390 boxes it's enc900,
# on openqa-ppc64le-01.qa it's eth2 for some reason, and on qa01.qa and
# qa02.qa it's em3. currently this only affects whether GATEWAY, DOMAIN
# and DNS1/DNS2 lines are put into ifcfg-(device).
ansible_ifcfg_infra_net_devices: ['eth0', 'enc900']
#
# Autodetect python version
#
ansible_python_interpreter: auto
# Set variable if we want to use our global iptables defaults
# Some things need to set their own.
baseiptables: True
# by default set become to false here We can override it as needed.
# Note that if become is true, you need to unset requiretty for
# ssh controlpersist to work.
become: false
br0_nm: 255.255.255.0
br1_nm: 255.255.255.0
# assume collectd apache
collectd_apache: true
# true or false if we are or are not a copr build virthost.
# Default to false
copr_build_virthost: false
# assume createrepo is true and this builder has the koji nfs mount to do that
createrepo: True
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
csi_purpose: Unspecified
csi_relationship: |
Unspecified.
* What hosts/services does this rely on?
* What hosts/services rely on this?
To update this text, add the csi_* vars to group_vars/ in ansible.
# This vars get shoved into /etc/system_identification by the base role.
# Groups and individual hosts should override them with specific info.
# See http://infrastructure.fedoraproject.org/csi/security-policy/
csi_security_category: Unspecified
custom6_rules: []
custom_rules: []
# most of our systems are in IAD2
datacenter: iad2
# These are used to:
# 1) configure mod_wsgi
# 2) open iptables rules for fedmsg (per wsgi thread)
# 3) declare enough fedmsg endpoints for the service
#wsgi_fedmsg_service: bodhi
#wsgi_procs: 4
#wsgi_threads: 4
# By default, nodes don't backup any dbs on them unless they declare it.
dbs_to_backup: []
dns1: "10.3.163.33"
dns2: "10.3.163.34"
# env is staging or production, we default it to production here.
env: production
env_prefix: ""
env_short: prod
env_suffix: ""
# Default netmask. All of our iad2 nets are /24's. Almost all of our
# non-iad2 sites are less than a /24.
eth0_nm: 255.255.255.0
eth1_ip: 10.0.0.10
eth1_nm: 255.255.255.0
# By default, fedmsg hosts are in passive mode. External hosts are typically
# active.
fedmsg_active: False
# By default, nodes get no fedmsg certs. They need to declare them explicitly.
fedmsg_certs: []
# A special flag that, when set to true, will disconnect the host from the
# global fedmsg-relay instance and set it up with its own local one. You can
# temporarily set this to true for a specific host to do some debugging -- so
# you can *replay real messages from the datagrepper history without having
# those broadcast to the rest of the bus*.
fedmsg_debug_loopback: False
fedmsg_env: prod
# By default, fedmsg sends error logs to sysadmin-datanommer-members@fp.o.
fedmsg_error_recipients:
- sysadmin-datanommer-members@fedoraproject.org
# By default, fedmsg should not log debug info. Groups can override this.
fedmsg_loglevel: INFO
# Amount of time to wait for connections after a socket is first established.
fedmsg_post_init_sleep: 1.0
# Other defaults for fedmsg environments
fedmsg_prefix: org.fedoraproject
# Everywhere, always, we should sign messages and validate signatures.
# However, we allow individual hosts and groups to override this. Use this very
# carefully.. and never in production (good for testing stuff in staging).
fedmsg_sign_messages: True
fedmsg_validate_signatures: True
#
# END: Ansible roles_path variables
#######
freezes: true
# defaults for hw installs
install_noc: none
ipa_admin_password: "{{ ipa_prod_admin_password }}"
ipa_realm: FEDORAPROJECT.ORG
ipa_server: ipa01.iad2.fedoraproject.org
ipa_server_nodes:
- ipa01.iad2.fedoraproject.org
- ipa02.iad2.fedoraproject.org
#- ipa03.iad2.fedoraproject.org
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
# defaults for virt installs
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
# most of our systems are 64bit.
# Used to install various nagios scripts and the like.
libdir: /usr/lib64
lvm_size: 20000
mac_address: RANDOM
mac_address1: RANDOM
main_bridge: br0
max_cpu: "{{ num_cpus * 5 }}"
max_mem_size: "{{ mem_size * 5 }}"
mem_size: 4096
mirrors_centos_org_cert_file: mirrors.centos.org.cert
# This is the mirrors.centos.org certs
mirrors_centos_org_cert_name: mirrors.centos.org
mirrors_centos_org_key_file: mirrors.centos.org.key
nagios_Can_Connect: true
# Nagios global variables
nagios_Check_Services:
dhcpd: false
httpd: false
mail: true
named: false
nrpe: true
ping: true
raid: false
sshd: true
swap: true
nat_rules: []
# usually we do not want to enable nested virt, only on some virthosts
nested: false
nfs_bridge: br1
# nfs mount options, override at the group/host level
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
nm: 255.255.255.0
# Most of our machines have manual resolv.conf files
# These settings are for machines where NM is supposed to control resolv.conf.
nm_controlled_resolv: False
nrpe_check_postfix_queue_crit: 5
# by default, the number of emails in queue before we whine
nrpe_check_postfix_queue_warn: 2
nrpe_procs_crit: 300
# by default the number of procs we allow before we whine
nrpe_procs_warn: 250
num_cpus: 2
# ocp4 is only set true in some proxy roles
ocp4: false
ocp_wildcard_cert_file: wildcard-2021.apps.ocp.fedoraproject.org.cert
# This is the openshift wildcard cert for ocp
ocp_wildcard_cert_name: wildcard-2021.apps.ocp.fedoraproject.org
ocp_wildcard_int_file: wildcard-2021.apps.ocp.fedoraproject.org.intermediate.cert
ocp_wildcard_key_file: wildcard-2021.apps.ocp.fedoraproject.org.key
# Path to the openshift-ansible checkout as external git repo brought into
# Fedora Infra
openshift_ansible: /srv/web/infra/openshift-ansible/
# This is the openshift wildcard cert. Until it exists set it equal to wildcard
os_wildcard_cert_name: wildcard-2021.app.os.fedoraproject.org
os_wildcard_crt_file: wildcard-2021.app.os.fedoraproject.org.cert
os_wildcard_int_file: wildcard-2021.app.os.fedoraproject.org.intermediate.cert
os_wildcard_key_file: wildcard-2021.app.os.fedoraproject.org.key
postfix_group: "none"
# This is a list of services that need to wait for VPN to be up before getting started.
postvpnservices: []
preferred_dc: iad2
primary_auth_source: ipa
#
# Set a redirectmatch variable we can use to disable some redirectmatches
# like the prerelease to final ones.
#
redirectmatch_enabled: True
# default the root_auth_users to nothing.
# This should be set for cloud instances in their host or group vars.
root_auth_users: ''
# List of names under which the host is available
ssh_hostnames: []
# This enables/disables the SSH "keyhelper" used by Pagure for verifying users'
# SSH keys from the Pagure database
sshd_keyhelper: false
# Normal default sshd port is 22
sshd_port: 22
#
# sshd can run a internal sftp server, we need this on some hosts, but
# not on most of them, so default to false
sshd_sftp: false
tcp_ports: []
# example of ports for default iptables
# tcp_ports: [ 22, 80, 443 ]
# udp_ports: [ 110, 1024, 2049 ]
# multiple lines can be handled as below
# custom_rules: [ '-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT',
# '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ]
# We default these to empty
udp_ports: []
# Most EL systems need default EPEL repos.
# Some systems (notably fed-cloud*) need to get their own
# EPEL files because EPEL overrides packages in their core repos.
use_default_epel: true
#
# The default virt-install works for rhel7 or fedora with 1 nic
#
virt_install_command: "{{ virt_install_command_one_nic }}"
virt_install_command_aarch64_2nd_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole
virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole
virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole
virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --rng /dev/random
virt_install_command_armv7_one_nic: virt-install -n {{ inventory_hostname }} --arch armv7l --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }} --autostart --noautoconsole --rng /dev/random
virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --arch armv7l --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }} --autostart --noautoconsole --rng /dev/random --qemu-commandline="-machine highmem=off"
virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4 }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host
virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4 }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host
virt_install_command_ppc64le_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random
virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random
virt_install_command_pxe_rhcos: virt-install -n {{ inventory_hostname }} --vcpus {{ num_cpus }},maxvcpus={{ num_cpus }} --cpu host --memory {{ mem_size }} --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --nographics --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --hvm --accelerate --autostart --wait=-1 --extra-args "ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:ens2:none hostname={{ inventory_hostname }} nameserver={{ dns }} console=ttyS0 nomodeset rd.neednet=1 coreos.inst=yes coreos.inst.install_dev=vda coreos.live.rootfs_url={{ rhcos_install_rootfs_url }} coreos.inst.ignition_url={{ rhcos_ignition_file_url }}" --os-variant rhel7 --location {{ rhcos_install_url }}
virt_install_command_rhel6: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x "inst.ksdevice=eth0 inst.ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }}" --network=bridge=br0 --autostart --noautoconsole --watchdog default
virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host
virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4 }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host
virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random
virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random
# assume vpn is false
vpn: False
# This is the wildcard certname for our proxies. It has a different name for
# the staging group and is used in the proxies.yml playbook.
wildcard_cert_name: wildcard-2020.fedoraproject.org
wildcard_crt_file: wildcard-2020.fedoraproject.org.cert
wildcard_int_file: wildcard-2020.fedoraproject.org.intermediate.cert
wildcard_key_file: wildcard-2020.fedoraproject.org.key
#
# say if we want the apache role dependency for mod_wsgi or not
# In some cases we want mod_wsgi and no apache (for python3 httpaio stuff)
#
wsgi_wants_apache: true
# set no x-forward header by default
x_forward: false
Reference in a new issue View git blame Copy permalink