infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 7 Projects Releases Packages Wiki Activity Actions
ansible/inventory/group_vars/autosign
Kevin Fenzi 580cd252c5 Inventory group/host variables: Sort yaml 
This was done using yq (
https://mikefarah.gitbook.io/yq/operators/sort-keys )

Doing things this way makes it much easier to see if a variable is set
in a file or if two hosts differ in what variables they set. Hopefully
we can keep things sorted moving forward.

Basically this means just sort a-z anything you add to any host or group
vaiable and it will be in the right place.

Additionally, this enforces 'normal' intent rules for all the variable
files which we should also try and obey. 2 spaces for first level, 3 for
next, etc. When in doubt you can run yq on it.

This should cause NO actual vairable changes, it's all just readability
fixing for humans, ansible parses it exactly the same.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-11-16 13:27:57 -08:00

32 lines
1.2 KiB
Text
Raw Blame History

---
# Define resources for this group of hosts here.
ansible_ifcfg_allowlist:
- eth0
- eth1
csi_primary_contact: Release Engineering - rel-eng@lists.fedoraproject.org
csi_purpose: Automatically sign Rawhide and Branched packages
csi_relationship: |
This host will run the robosignatory application which should automatically sign
builds. It listens to koji over fedora-messaging for notifications of new builds,
and then asks sigul, the signing server, to sign the rpms and store the new rpm
header back in Koji.
# For the MOTD
csi_security_category: High
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
# Make connections from signing bridges stateless, they break sigul connections
# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.3.169.120 -j ACCEPT']
fedmsg_error_recipients: []
host_group: autosign
ipa_client_shell_groups:
- sysadmin-releng
ipa_client_sudo_groups:
- sysadmin-releng
ipa_host_group: autosign
ipa_host_group_desc: Hosts signing content automatically
lvm_size: 30000
mem_size: 2048
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
num_cpus: 2
Reference in a new issue View git blame Copy permalink