2012-10-08 19:35:54 +00:00
|
|
|
---
|
2016-10-18 20:26:46 +00:00
|
|
|
#######
|
|
|
|
|
# BEGIN: Ansible roles_path variables
|
|
|
|
|
#
|
|
|
|
|
# Background/reference about external repos pulled in:
|
|
|
|
|
# https://pagure.io/fedora-infrastructure/issue/5476
|
|
|
|
|
#
|
|
|
|
|
ansible_base: /srv/web/infra
|
|
|
|
|
|
|
|
|
|
# Path to the openshift-ansible checkout as external git repo brought into
|
|
|
|
|
# Fedora Infra
|
|
|
|
|
openshift_ansible: /srv/web/infra/openshift-ansible/
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# END: Ansible roles_path variables
|
|
|
|
|
#######
|
|
|
|
|
|
2013-05-24 15:02:08 +00:00
|
|
|
freezes: true
|
2013-06-03 18:47:05 +00:00
|
|
|
# most of our systems are in phx2
|
|
|
|
|
datacenter: phx2
|
2017-08-04 18:56:32 +00:00
|
|
|
postfix_group: "none"
|
2013-06-03 18:47:05 +00:00
|
|
|
|
2015-12-10 22:36:13 +00:00
|
|
|
# usually we do not want to enable nested virt, only on some virthosts
|
|
|
|
|
nested: false
|
|
|
|
|
|
2016-06-25 02:23:46 +00:00
|
|
|
# most of our systems are 64bit.
|
2013-08-23 22:02:20 +00:00
|
|
|
# Used to install various nagios scripts and the like.
|
|
|
|
|
libdir: /usr/lib64
|
|
|
|
|
|
2015-12-20 01:38:45 +00:00
|
|
|
# Most EL systems need default EPEL repos.
|
|
|
|
|
# Some systems (notably fed-cloud*) need to get their own
|
|
|
|
|
# EPEL files because EPEL overrides packages in their core repos.
|
2015-12-20 01:57:27 +00:00
|
|
|
use_default_epel: true
|
2015-12-20 01:38:45 +00:00
|
|
|
|
2013-05-24 15:02:08 +00:00
|
|
|
# example of ports for default iptables
|
|
|
|
|
# tcp_ports: [ 22, 80, 443 ]
|
|
|
|
|
# udp_ports: [ 110, 1024, 2049 ]
|
2013-05-24 15:05:56 +00:00
|
|
|
# multiple lines can be handled as below
|
2013-05-24 15:02:08 +00:00
|
|
|
# custom_rules: [ '-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT',
|
2013-05-24 15:03:21 +00:00
|
|
|
# '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ]
|
2013-09-25 19:57:35 +00:00
|
|
|
# We default these to empty
|
|
|
|
|
udp_ports: []
|
|
|
|
|
tcp_ports: []
|
2013-09-25 19:58:45 +00:00
|
|
|
custom_rules: []
|
2018-02-08 15:35:49 +00:00
|
|
|
nat_rules: []
|
2015-02-06 21:29:14 +00:00
|
|
|
custom6_rules: []
|
2013-05-24 15:02:08 +00:00
|
|
|
|
2018-08-20 21:01:17 +00:00
|
|
|
# defaults for hw installs
|
|
|
|
|
install_noc: none
|
|
|
|
|
|
2013-06-12 17:01:31 +00:00
|
|
|
# defaults for virt installs
|
2014-09-29 20:45:35 +00:00
|
|
|
ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
|
2014-09-29 20:25:35 +00:00
|
|
|
ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
|
2013-06-12 17:01:31 +00:00
|
|
|
mem_size: 2048
|
|
|
|
|
num_cpus: 2
|
|
|
|
|
lvm_size: 20000
|
|
|
|
|
|
Handle systems where the main if is not eth0 a bit better
ifcfg.j2 has a pretty awkward assumption that the interface
connected to the infra network will be eth0 (or enc900) - it
only includes the GATEWAY, DOMAIN and DNS1/DNS2 lines if the
interface is one of those two. It seems we were trying quite
hard to make eth0 always be "the interface", but now that's
been broken in a few systems. enc900 was added as apparently
that's what the main interface is called on some s390 boxes;
on openqa-ppc64le-01 the if that's connected is eth2 (eth0 is
present, but not connected), and on the new qa01 and qa02, it's
em3 (according to smooge, we have to use 'predictable' interface
names on those boxes as the old names really *do* get assigned
to different interfaces on each boot).
So since we now have several different cases where the 'eth0'
assumption doesn't hold, let's build a slightly better system
for handling it. This replaces ifcfg.j2's hard-coded list with
a variable, and sets the default value of the variable to the
two names ifcfg.j2 handled before: [ 'eth0', 'enc900' ]. This
allows the systems where the main interface is *not* one of
these to set the variable accordingly, and hopefully that'll
give them correct ifcfg files.
This *should* solve the problem of openqa-ppc64le-01.qa and qa01
and qa02 constantly dropping out of network connectivity any
time they got rebooted or the network plays got run.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-12-15 11:09:49 -08:00
|
|
|
# on MOST infra systems, the interface connected to the infra network
|
|
|
|
|
# is eth0. but not on quite ALL systems. e.g. on s390 boxes it's enc900,
|
|
|
|
|
# on openqa-ppc64le-01.qa it's eth2 for some reason, and on qa01.qa and
|
|
|
|
|
# qa02.qa it's em3. currently this only affects whether GATEWAY, DOMAIN
|
|
|
|
|
# and DNS1/DNS2 lines are put into ifcfg-(device).
|
|
|
|
|
ansible_ifcfg_infra_net_devices: [ 'eth0', 'enc900' ]
|
|
|
|
|
|
2016-06-25 02:23:46 +00:00
|
|
|
# Default netmask. Almost all our phx2 nets are /24's with the
|
|
|
|
|
# exception of 10.5.124.128/25. Almost all of our non phx2 sites are
|
2016-02-02 20:11:24 +00:00
|
|
|
# less than a /24.
|
|
|
|
|
eth0_nm: 255.255.255.0
|
|
|
|
|
eth1_nm: 255.255.255.0
|
|
|
|
|
br0_nm: 255.255.255.0
|
|
|
|
|
br1_nm: 255.255.255.0
|
2016-02-05 20:27:31 +00:00
|
|
|
# Default to managing the network, we want to not do this on select hosts (like cloud nodes)
|
|
|
|
|
ansible_ifcfg_blacklist: false
|
2017-12-22 02:15:04 +01:00
|
|
|
# List of interfaces to explicitly disable
|
|
|
|
|
ansible_ifcfg_disabled: []
|
2016-02-02 17:15:52 +00:00
|
|
|
#
|
|
|
|
|
# The default virt-install works for rhel7 or fedora with 1 nic
|
|
|
|
|
#
|
|
|
|
|
virt_install_command: "{{ virt_install_command_one_nic }}"
|
2014-07-27 22:22:20 +00:00
|
|
|
|
2016-02-02 17:15:52 +00:00
|
|
|
main_bridge: br0
|
|
|
|
|
nfs_bridge: br1
|
2018-07-02 00:51:16 +00:00
|
|
|
mac_address: RANDOM
|
2018-10-31 19:40:24 +00:00
|
|
|
mac_address1: RANDOM
|
2016-02-02 17:15:52 +00:00
|
|
|
|
2016-06-25 02:23:46 +00:00
|
|
|
virt_install_command_one_nic: virt-install -n {{ inventory_hostname }}
|
2016-02-10 00:42:19 +00:00
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
2014-07-27 22:22:20 +00:00
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
|
2017-04-13 17:58:50 +00:00
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
2016-09-03 11:15:17 +00:00
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
|
|
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
2018-07-02 00:49:17 +00:00
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
2018-05-07 16:50:45 +00:00
|
|
|
--autostart --noautoconsole --watchdog default --rng /dev/random --cpu host
|
2016-09-03 11:15:17 +00:00
|
|
|
|
2017-01-23 05:09:47 +00:00
|
|
|
virt_install_command_two_nic: virt-install -n {{ inventory_hostname }}
|
2016-09-03 11:15:17 +00:00
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
|
2017-04-13 17:58:50 +00:00
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
2017-01-23 05:09:47 +00:00
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
|
2014-07-27 22:22:20 +00:00
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
2016-09-05 13:28:45 +00:00
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
|
|
|
|
|
ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none'
|
2018-07-09 22:47:19 +00:00
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
2018-10-31 19:40:24 +00:00
|
|
|
--network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }}
|
2018-05-07 16:50:45 +00:00
|
|
|
--autostart --noautoconsole --watchdog default --rng /dev/random
|
2019-11-01 20:16:39 +00:00
|
|
|
|
|
|
|
|
virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }}
|
|
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
|
|
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
|
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
|
|
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
|
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
|
|
|
|
--autostart --noautoconsole --watchdog default --rng /dev/random --cpu host
|
|
|
|
|
|
2019-11-16 22:55:57 +00:00
|
|
|
virt_install_command_two_nic_unsafe: virt-install --machine pseries-4.0 -n {{ inventory_hostname }}
|
2019-11-01 20:16:39 +00:00
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
|
|
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
|
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
|
|
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
|
|
|
|
|
ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none'
|
|
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
|
|
|
|
--network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }}
|
|
|
|
|
--autostart --noautoconsole --watchdog default --rng /dev/random
|
2017-01-23 05:09:47 +00:00
|
|
|
|
|
|
|
|
virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }}
|
|
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
|
2017-04-13 17:58:50 +00:00
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
2018-09-14 21:28:54 +00:00
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
|
2017-01-23 05:09:47 +00:00
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
2017-01-23 05:13:11 +00:00
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
2018-09-11 22:35:01 +00:00
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
2018-09-14 21:28:54 +00:00
|
|
|
--autostart --noautoconsole
|
2016-02-02 17:15:52 +00:00
|
|
|
|
2019-11-05 19:52:00 +00:00
|
|
|
virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostname }}
|
2016-02-10 00:42:19 +00:00
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
2019-10-31 21:10:25 +00:00
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
|
2017-04-13 17:58:50 +00:00
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
2019-11-05 19:52:00 +00:00
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
|
|
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
|
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
|
|
|
|
--autostart --noautoconsole
|
|
|
|
|
|
|
|
|
|
virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }}
|
|
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
|
|
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
2018-09-14 21:59:41 +00:00
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
|
2016-02-02 17:15:52 +00:00
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
|
2016-02-17 19:13:09 +00:00
|
|
|
ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname }}-nfs:eth1:none'
|
2018-10-31 19:40:24 +00:00
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
|
|
|
|
--network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }}
|
2018-05-07 16:50:45 +00:00
|
|
|
--autostart --noautoconsole --rng /dev/random
|
2013-06-12 17:01:31 +00:00
|
|
|
|
2017-04-13 17:58:50 +00:00
|
|
|
virt_install_command_armv7_one_nic: virt-install -n {{ inventory_hostname }} --arch armv7l
|
2019-11-05 19:52:00 +00:00
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
|
|
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
|
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0
|
|
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
|
|
|
|
--network bridge={{ main_bridge }}
|
|
|
|
|
--autostart --noautoconsole --rng /dev/random
|
|
|
|
|
|
|
|
|
|
virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --arch armv7l
|
2017-04-13 17:58:50 +00:00
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
2019-10-07 20:01:17 +00:00
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
|
2017-04-13 17:58:50 +00:00
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
|
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0
|
|
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
2019-10-04 22:40:57 +00:00
|
|
|
--network bridge={{ main_bridge }}
|
2019-10-31 15:26:45 +00:00
|
|
|
--autostart --noautoconsole --rng /dev/random
|
2017-04-13 17:58:50 +00:00
|
|
|
|
2019-07-01 21:14:11 +00:00
|
|
|
virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }}
|
|
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
|
|
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
2019-07-08 21:37:00 +00:00
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
|
2019-07-01 21:14:11 +00:00
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
|
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
|
|
|
|
--autostart --noautoconsole --rng /dev/random --cpu host
|
|
|
|
|
|
2019-11-05 19:52:00 +00:00
|
|
|
virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname }}
|
|
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
|
|
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
|
|
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
|
|
|
|
'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
|
|
|
|
|
hostname={{ inventory_hostname }} nameserver={{ dns }}
|
|
|
|
|
ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
|
|
|
|
|
--network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
|
|
|
|
|
--autostart --noautoconsole --rng /dev/random --cpu host
|
|
|
|
|
|
2016-03-03 19:17:45 +00:00
|
|
|
virt_install_command_rhel6: virt-install -n {{ inventory_hostname }}
|
2016-02-10 00:42:19 +00:00
|
|
|
--memory={{ mem_size }},maxmemory={{ max_mem_size }}
|
2016-02-02 17:28:44 +00:00
|
|
|
--disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
|
2017-04-13 17:58:50 +00:00
|
|
|
--vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
|
2016-06-25 02:23:46 +00:00
|
|
|
"ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }}
|
2016-02-02 17:28:44 +00:00
|
|
|
gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
|
2018-01-10 14:43:25 +00:00
|
|
|
hostname={{ inventory_hostname }}"
|
2016-02-02 17:28:44 +00:00
|
|
|
--network=bridge=br0 --autostart --noautoconsole --watchdog default
|
|
|
|
|
|
2016-02-10 00:47:04 +00:00
|
|
|
max_mem_size: "{{ mem_size * 5 }}"
|
|
|
|
|
max_cpu: "{{ num_cpus * 5 }}"
|
2016-02-10 00:42:19 +00:00
|
|
|
|
2014-12-07 23:39:44 +00:00
|
|
|
# This is the wildcard certname for our proxies. It has a different name for
|
|
|
|
|
# the staging group and is used in the proxies.yml playbook.
|
2017-02-02 00:14:24 +00:00
|
|
|
wildcard_cert_name: wildcard-2017.fedoraproject.org
|
2017-02-02 17:16:11 +00:00
|
|
|
wildcard_crt_file: wildcard-2017.fedoraproject.org.cert
|
|
|
|
|
wildcard_key_file: wildcard-2017.fedoraproject.org.key
|
|
|
|
|
wildcard_int_file: wildcard-2017.fedoraproject.org.intermediate.cert
|
2014-12-07 23:39:44 +00:00
|
|
|
|
2017-06-12 18:55:49 +00:00
|
|
|
# This is the openshift wildcard cert. Until it exists set it equal to wildcard
|
2017-07-19 17:46:53 +00:00
|
|
|
os_wildcard_cert_name: wildcard-2017.app.os.fedoraproject.org
|
|
|
|
|
os_wildcard_crt_file: wildcard-2017.app.os.fedoraproject.org.cert
|
|
|
|
|
os_wildcard_key_file: wildcard-2017.app.os.fedoraproject.org.key
|
|
|
|
|
os_wildcard_int_file: wildcard-2017.app.os.fedoraproject.org.intermediate.cert
|
2017-06-12 18:55:49 +00:00
|
|
|
|
2016-07-13 13:16:56 +00:00
|
|
|
# Everywhere, always, we should sign messages and validate signatures.
|
|
|
|
|
# However, we allow individual hosts and groups to override this. Use this very
|
|
|
|
|
# carefully.. and never in production (good for testing stuff in staging).
|
|
|
|
|
fedmsg_sign_messages: True
|
|
|
|
|
fedmsg_validate_signatures: True
|
|
|
|
|
|
2013-06-18 04:10:40 +00:00
|
|
|
# By default, nodes get no fedmsg certs. They need to declare them explicitly.
|
|
|
|
|
fedmsg_certs: []
|
2013-06-20 20:47:00 +00:00
|
|
|
|
2015-02-12 15:12:58 +00:00
|
|
|
# By default, fedmsg should not log debug info. Groups can override this.
|
|
|
|
|
fedmsg_loglevel: INFO
|
|
|
|
|
|
2016-03-01 20:31:57 +00:00
|
|
|
# By default, fedmsg sends error logs to sysadmin-datanommer-members@fp.o.
|
|
|
|
|
fedmsg_error_recipients:
|
|
|
|
|
- sysadmin-datanommer-members@fedoraproject.org
|
|
|
|
|
|
2015-04-28 13:19:38 +00:00
|
|
|
# By default, fedmsg hosts are in passive mode. External hosts are typically
|
|
|
|
|
# active.
|
|
|
|
|
fedmsg_active: False
|
|
|
|
|
|
2015-06-12 16:27:31 +00:00
|
|
|
# Other defaults for fedmsg environments
|
|
|
|
|
fedmsg_prefix: org.fedoraproject
|
|
|
|
|
fedmsg_env: prod
|
|
|
|
|
|
2017-03-14 18:23:00 +00:00
|
|
|
# Amount of time to wait for connections after a socket is first established.
|
|
|
|
|
fedmsg_post_init_sleep: 1.0
|
|
|
|
|
|
2015-09-30 18:23:41 +00:00
|
|
|
# A special flag that, when set to true, will disconnect the host from the
|
|
|
|
|
# global fedmsg-relay instance and set it up with its own local one. You can
|
|
|
|
|
# temporarily set this to true for a specific host to do some debugging -- so
|
|
|
|
|
# you can *replay real messages from the datagrepper history without having
|
|
|
|
|
# those broadcast to the rest of the bus*.
|
|
|
|
|
fedmsg_debug_loopback: False
|
|
|
|
|
|
2015-06-16 19:21:50 +00:00
|
|
|
# These are used to:
|
|
|
|
|
# 1) configure mod_wsgi
|
|
|
|
|
# 2) open iptables rules for fedmsg (per wsgi thread)
|
|
|
|
|
# 3) declare enough fedmsg endpoints for the service
|
|
|
|
|
#wsgi_fedmsg_service: bodhi
|
|
|
|
|
#wsgi_procs: 4
|
|
|
|
|
#wsgi_threads: 4
|
|
|
|
|
|
2014-01-10 21:29:20 +00:00
|
|
|
# By default, nodes don't backup any dbs on them unless they declare it.
|
|
|
|
|
dbs_to_backup: []
|
|
|
|
|
|
2013-06-20 20:47:00 +00:00
|
|
|
# by default the number of procs we allow before we whine
|
2014-07-04 15:15:25 +00:00
|
|
|
nrpe_procs_warn: 250
|
|
|
|
|
nrpe_procs_crit: 300
|
2013-09-25 20:55:47 +00:00
|
|
|
|
2014-10-09 20:18:10 +00:00
|
|
|
# by default, the number of emails in queue before we whine
|
|
|
|
|
nrpe_check_postfix_queue_warn: 2
|
|
|
|
|
nrpe_check_postfix_queue_crit: 5
|
|
|
|
|
|
2016-06-25 02:23:46 +00:00
|
|
|
# env is staging or production, we default it to production here.
|
2013-09-25 20:55:47 +00:00
|
|
|
env: production
|
2019-09-23 20:23:52 +02:00
|
|
|
env_prefix: ""
|
|
|
|
|
env_suffix: ""
|
2019-04-16 19:16:01 +02:00
|
|
|
env_short: prod
|
2014-04-24 19:21:59 +00:00
|
|
|
|
|
|
|
|
# nfs mount options, override at the group/host level
|
2017-09-29 21:53:59 +00:00
|
|
|
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
|
2014-06-14 20:30:13 +00:00
|
|
|
|
2016-06-25 02:23:46 +00:00
|
|
|
# by default set become to false here We can override it as needed.
|
|
|
|
|
# Note that if become is true, you need to unset requiretty for
|
|
|
|
|
# ssh controlpersist to work.
|
2016-02-02 21:24:45 +00:00
|
|
|
become: false
|
2014-12-17 20:03:34 +00:00
|
|
|
|
2016-06-25 02:23:46 +00:00
|
|
|
# default the root_auth_users to nothing.
|
2015-03-17 22:20:17 +00:00
|
|
|
# This should be set for cloud instances in their host or group vars.
|
2015-03-17 22:17:46 +00:00
|
|
|
root_auth_users: ''
|
2014-12-17 20:03:34 +00:00
|
|
|
|
|
|
|
|
# This vars get shoved into /etc/system_identification by the base role.
|
|
|
|
|
# Groups and individual hosts should override them with specific info.
|
|
|
|
|
# See http://infrastructure.fedoraproject.org/csi/security-policy/
|
|
|
|
|
csi_security_category: Unspecified
|
|
|
|
|
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
|
|
|
|
|
csi_purpose: Unspecified
|
2014-12-17 20:07:09 +00:00
|
|
|
csi_relationship: |
|
2014-12-17 20:03:34 +00:00
|
|
|
Unspecified.
|
|
|
|
|
* What hosts/services does this rely on?
|
|
|
|
|
* What hosts/services rely on this?
|
2014-12-17 20:26:06 +00:00
|
|
|
|
|
|
|
|
To update this text, add the csi_* vars to group_vars/ in ansible.
|
2016-06-25 02:23:46 +00:00
|
|
|
|
2016-10-02 17:11:14 +00:00
|
|
|
#
|
|
|
|
|
# say if we want the apache role dependency for mod_wsgi or not
|
|
|
|
|
# In some cases we want mod_wsgi and no apache (for python3 httpaio stuff)
|
|
|
|
|
#
|
|
|
|
|
wsgi_wants_apache: true
|
2016-10-27 08:42:14 +00:00
|
|
|
|
2016-10-27 08:54:42 +00:00
|
|
|
# IPA settings
|
2016-10-27 15:23:31 +00:00
|
|
|
additional_host_keytabs: []
|
2016-10-27 09:43:05 +00:00
|
|
|
ipa_server: ipa01.phx2.fedoraproject.org
|
2016-10-27 08:54:42 +00:00
|
|
|
ipa_realm: FEDORAPROJECT.ORG
|
|
|
|
|
ipa_admin_password: "{{ ipa_prod_admin_password }}"
|
2016-11-03 20:30:14 +00:00
|
|
|
|
2016-11-30 17:14:53 +00:00
|
|
|
# Normal default sshd port is 22
|
|
|
|
|
sshd_port: 22
|
2019-04-08 19:40:58 +02:00
|
|
|
# This enables/disables the SSH "keyhelper" used by Pagure for verifying users'
|
|
|
|
|
# SSH keys from the Pagure database
|
2019-04-08 18:56:01 +02:00
|
|
|
sshd_keyhelper: false
|
2016-12-01 03:27:16 +00:00
|
|
|
|
2017-04-09 23:15:16 +00:00
|
|
|
# List of names under which the host is available
|
|
|
|
|
ssh_hostnames: []
|
|
|
|
|
|
2016-12-01 03:27:16 +00:00
|
|
|
# assume collectd apache
|
|
|
|
|
collectd_apache: true
|
2017-01-08 23:19:25 +00:00
|
|
|
|
|
|
|
|
# assume vpn is false
|
2017-01-08 23:30:14 +00:00
|
|
|
vpn: False
|
2017-03-08 22:12:14 +00:00
|
|
|
|
|
|
|
|
# assume createrepo is true and this builder has the koji nfs mount to do that
|
|
|
|
|
createrepo: True
|
2017-04-29 22:30:16 +00:00
|
|
|
|
|
|
|
|
# Nagios global variables
|
2017-07-12 16:14:20 -05:00
|
|
|
nagios_Check_Services:
|
2018-08-27 22:44:54 +00:00
|
|
|
mail: true
|
2017-05-01 19:02:55 +00:00
|
|
|
nrpe: true
|
|
|
|
|
sshd: true
|
|
|
|
|
named: false
|
|
|
|
|
dhcpd: false
|
|
|
|
|
httpd: false
|
2017-09-09 19:11:06 +00:00
|
|
|
swap: true
|
2017-12-01 01:29:27 +00:00
|
|
|
ping: true
|
2019-07-18 19:31:04 +00:00
|
|
|
raid: false
|
2017-05-01 18:22:23 +00:00
|
|
|
|
2017-05-15 17:33:51 +00:00
|
|
|
# Set variable if we want to use our global iptables defaults
|
|
|
|
|
# Some things need to set their own.
|
|
|
|
|
baseiptables: True
|
2017-08-21 20:58:50 +00:00
|
|
|
|
|
|
|
|
# Most of our machines have manual resolv.conf files
|
2017-08-21 21:01:08 +00:00
|
|
|
# These settings are for machines where NM is supposed to control resolv.conf.
|
2017-08-21 20:58:50 +00:00
|
|
|
nm_controlled_resolv: False
|
2017-08-21 21:01:08 +00:00
|
|
|
dns1: "10.5.126.21"
|
|
|
|
|
dns2: "10.5.126.22"
|
2018-01-02 02:11:43 +00:00
|
|
|
|
|
|
|
|
# This is a list of services that need to wait for VPN to be up before getting started.
|
|
|
|
|
postvpnservices: []
|
2019-03-15 20:48:23 +00:00
|
|
|
|
|
|
|
|
# true or false if we are or are not a copr build virthost.
|
|
|
|
|
# Default to false
|
|
|
|
|
copr_build_virthost: false
|
2019-04-01 18:47:07 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Set a redirectmatch variable we can use to disable some redirectmatches
|
|
|
|
|
# like the prerelease to final ones.
|
|
|
|
|
#
|
|
|
|
|
redirectmatch_enabled: True
|
2019-04-13 21:56:57 +00:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# sshd can run a internal sftp server, we need this on some hosts, but
|
|
|
|
|
# not on most of them, so default to false
|
2019-05-30 23:23:35 +00:00
|
|
|
sshd_sftp: false
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Autodetect python version
|
|
|
|
|
#
|
2019-11-14 22:21:22 +00:00
|
|
|
ansible_python_interpreter: auto
|
