ansible/vars/global.yml

---
basedir: /srv/web/infra/ansible
private: /srv/private/ansible
bigfiles: /srv/web/infra/bigfiles
files: /srv/web/infra/ansible/files
roles_path: /srv/web/infra/ansible/roles
handlers_path: /srv/web/infra/ansible/handlers
tasks_path: /srv/web/infra/ansible/tasks
vars_path: "/srv/web/infra/ansible/vars"
dist_tag: unknown
auth_keys_from_fas: '/srv/web/infra/ansible/scripts/auth-keys-from-fas'

# Note: we do "+all -some" rather than "+some" to make sure we can use this
# same list on both EL7 and Fedora and get new ciphers: on Fedora, at time of writing,
# this includes TLSv1.3, which EL7 does not have.
ssl_protocols: "+all -SSLv3 -TLSv1 -TLSv1.1"
ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"

httpd_maxrequestworkers: 2500

# Set a default hostname base to transient. Override in host vars or command line.
hostbase: transient
global_pkgs_inst: ['bind-utils', 'nc', 'openssh-clients',
                   'patch', 'postfix', 'rsync', 'strace',
                   'tmpwatch', 'traceroute', 'vim-enhanced', 'xz', 'zsh',
                   'bash-completion',
                   'atop', 'htop', 'rsyslog']
# Set up variables for various files to make sure we don't forget to use.
repoSpanner_rpms_http: 8445
repoSpanner_ansible_http: 8443