ansible/inventory/group_vars/all

---
freezes: true
# most of our systems are in phx2
datacenter: phx2

# usually we do not want to enable nested virt, only on some virthosts
nested: false

# most of our systems are 64bit. 
# Used to install various nagios scripts and the like.
libdir: /usr/lib64

# Most EL systems need default EPEL repos.
# Some systems (notably fed-cloud*) need to get their own
# EPEL files because EPEL overrides packages in their core repos.
use_default_epel: true

# example of ports for default iptables
# tcp_ports: [ 22, 80, 443 ]
# udp_ports: [ 110, 1024, 2049 ]
# multiple lines can be handled as below
# custom_rules: [ '-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT',
#                  '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ]
# We default these to empty
udp_ports: []
tcp_ports: []
custom_rules: []
custom6_rules: []

# defaults for virt installs
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
mem_size: 2048
num_cpus: 2
lvm_size: 20000

# Default netmask. Almost all our phx2 nets are /24's with the 
# exception of 10.5.124.128/25. Almost all of our non phx2 sites are 
# less than a /24.
eth0_nm: 255.255.255.0
eth1_nm: 255.255.255.0
br0_nm: 255.255.255.0
br1_nm: 255.255.255.0
# Default to managing the network, we want to not do this on select hosts (like cloud nodes)
ansible_ifcfg_blacklist: false
#
# The default virt-install works for rhel7 or fedora with 1 nic
#
virt_install_command: "{{ virt_install_command_one_nic }}"

main_bridge: br0
nfs_bridge: br1

virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} 
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }}  -l {{ ks_repo }} -x
                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio
                 --autostart --noautoconsole --watchdog default

virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} 
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }}  -l {{ ks_repo }} -x
                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
                  ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none'
                 --network bridge={{ main_bridge }},model=virtio --network=bridge={{ nfs_bridge }},model=virtio
                 --autostart --noautoconsole --watchdog default

virt_install_command_rhel6: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }}
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }}  -l {{ ks_repo }} -x 
                 "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} 
                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }}" 
                 --network=bridge=br0 --autostart --noautoconsole --watchdog default

max_mem_size: "{{ mem_size * 5 }}"
max_cpu: "{{ num_cpus * 5 }}"

# This is the wildcard certname for our proxies.  It has a different name for
# the staging group and is used in the proxies.yml playbook.
wildcard_cert_name: wildcard-2014.fedoraproject.org

# By default, nodes get no fedmsg certs.  They need to declare them explicitly.
fedmsg_certs: []

# By default, fedmsg should not log debug info.  Groups can override this.
fedmsg_loglevel: INFO

# By default, fedmsg sends error logs to sysadmin-datanommer-members@fp.o.
fedmsg_error_recipients:
- sysadmin-datanommer-members@fedoraproject.org

# By default, fedmsg hosts are in passive mode.  External hosts are typically
# active.
fedmsg_active: False

# Other defaults for fedmsg environments
fedmsg_prefix: org.fedoraproject
fedmsg_env: prod

# A special flag that, when set to true, will disconnect the host from the
# global fedmsg-relay instance and set it up with its own local one.  You can
# temporarily set this to true for a specific host to do some debugging -- so
# you can *replay real messages from the datagrepper history without having
# those broadcast to the rest of the bus*.
fedmsg_debug_loopback: False

# These are used to:
#  1) configure mod_wsgi
#  2) open iptables rules for fedmsg (per wsgi thread)
#  3) declare enough fedmsg endpoints for the service
#wsgi_fedmsg_service:  bodhi
#wsgi_procs: 4
#wsgi_threads: 4

# By default, nodes don't backup any dbs on them unless they declare it.
dbs_to_backup: []

# by default the number of procs we allow before we whine
nrpe_procs_warn: 250
nrpe_procs_crit: 300

# by default, the number of emails in queue before we whine
nrpe_check_postfix_queue_warn: 2
nrpe_check_postfix_queue_crit: 5

# env is staging or production, we default it to production here. 
env: production
env_suffix:

# nfs mount options, override at the group/host level
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4"

# by default set become to false here We can override it as needed. 
# Note that if become is true, you need to unset requiretty for 
# ssh controlpersist to work. 
become: false

# default the root_auth_users to nothing. 
# This should be set for cloud instances in their host or group vars.
root_auth_users: ''

# This vars get shoved into /etc/system_identification by the base role.
# Groups and individual hosts should override them with specific info.
# See http://infrastructure.fedoraproject.org/csi/security-policy/
csi_security_category: Unspecified
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
csi_purpose: Unspecified
csi_relationship: |
    Unspecified.
    * What hosts/services does this rely on?
    * What hosts/services rely on this?

    To update this text, add the csi_* vars to group_vars/ in ansible.