eafcece0cf
We hadn't done this in the past because virt-install couldn't do https urls, but thats long since no longer the case. So, move all the ks_url and ks_repo calls to use https and since they are using https, they need to use the valid infrastructure.fedoraproject.org name so they can verify the cert. Set batcave to redirect http to https now since that was the thing holding this back. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
323 lines
19 KiB
Text
323 lines
19 KiB
Text
---
|
|
#######
|
|
# BEGIN: Ansible roles_path variables
|
|
#
|
|
# Background/reference about external repos pulled in:
|
|
# https://pagure.io/fedora-infrastructure/issue/5476
|
|
#
|
|
# IPA settings
|
|
additional_host_keytabs: []
|
|
ansible_base: /srv/web/infra
|
|
# Default to managing the network, we want to not do this on select
|
|
# hosts (like cloud nodes)
|
|
# List of interfaces to explicitly disable
|
|
ansible_ifcfg_disabled: []
|
|
# on MOST infra systems, the interface connected to the infra network
|
|
# is eth0. but not on quite ALL systems. e.g. on s390 boxes it's enc900,
|
|
# on openqa-ppc64le-01.qa it's eth2 for some reason, and on qa01.qa and
|
|
# qa02.qa it's em3. currently this only affects whether GATEWAY, DOMAIN
|
|
# and DNS1/DNS2 lines are put into ifcfg-(device).
|
|
ansible_ifcfg_infra_net_devices: ['eth0', 'enc900']
|
|
#
|
|
# Autodetect python version
|
|
#
|
|
ansible_python_interpreter: auto
|
|
# Set variable if we want to use our global iptables defaults
|
|
# Some things need to set their own.
|
|
baseiptables: True
|
|
# by default set become to false here We can override it as needed.
|
|
# Note that if become is true, you need to unset requiretty for
|
|
# ssh controlpersist to work.
|
|
become: false
|
|
br0_nm: 255.255.255.0
|
|
br1_nm: 255.255.255.0
|
|
# assume collectd apache
|
|
collectd_apache: true
|
|
# communishift project resource overrides
|
|
communishift_projects:
|
|
communishift-admins:
|
|
do_not_delete: true # Marked do not delete 2024-11-25
|
|
communishift-eventbot:
|
|
name: communishift-eventbot
|
|
communishift-fedora-review-service:
|
|
name: communishift-fedora-review-service
|
|
do_not_delete: true # Marked do not delete 2024-10-21
|
|
communishift-lightspeed-build:
|
|
name: communishift-lightspeed-build
|
|
communishift-log-detective:
|
|
name: communishift-log-detective
|
|
do_not_delete: true # Marked do not delete 2024-10-21
|
|
memory_requests: 4Gi
|
|
memory_limits: 6Gi
|
|
storage_requests: 10Gi
|
|
communishift-mattdm:
|
|
name: communishift-mattdm
|
|
communishift-metrics:
|
|
name: communishift-metrics
|
|
communishift-openscanhub:
|
|
name: communishift-openscanhub
|
|
cpu_requests: 2
|
|
memory_requests: 2Gi
|
|
cpu_limits: 2
|
|
memory_limits: 4Gi
|
|
pods: 16
|
|
communishift-planet:
|
|
name: communishift-planet
|
|
communishift-forgejo:
|
|
name: communishift-forgejo
|
|
communishift-gitlabce:
|
|
name: communishift-gitlabce
|
|
communishift-ocm:
|
|
name: communishift-ocm
|
|
communishift-weekly-bootc:
|
|
name: communishift-weekly-bootc
|
|
do_not_delete: true # Marked do not delete 2024-11-26. Needed until end of bootc initative.
|
|
communishift-fossology:
|
|
name: communishift-fossology
|
|
communishift-commops-analytics:
|
|
name: communishift-commops-analytics
|
|
communishift-commops-datanom:
|
|
name: communishift-commops-datanom
|
|
# true or false if we are or are not a copr build virthost.
|
|
# Default to false
|
|
copr_build_virthost: false
|
|
# assume createrepo is true and this builder has the koji nfs mount to do that
|
|
createrepo: True
|
|
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
|
|
csi_purpose: Unspecified
|
|
csi_relationship: |
|
|
Unspecified.
|
|
* What hosts/services does this rely on?
|
|
* What hosts/services rely on this?
|
|
|
|
To update this text, add the csi_* vars to group_vars/ in ansible.
|
|
# This vars get shoved into /etc/system_identification by the base role.
|
|
# Groups and individual hosts should override them with specific info.
|
|
# See http://infrastructure.fedoraproject.org/csi/security-policy/
|
|
csi_security_category: Unspecified
|
|
custom6_rules: []
|
|
custom_rules: []
|
|
# most of our systems are in IAD2
|
|
datacenter: iad2
|
|
# These are used to:
|
|
# 1) configure mod_wsgi
|
|
# 2) open iptables rules for fedmsg (per wsgi thread)
|
|
# 3) declare enough fedmsg endpoints for the service
|
|
#wsgi_fedmsg_service: bodhi
|
|
#wsgi_procs: 4
|
|
#wsgi_threads: 4
|
|
|
|
# Datanommer
|
|
datanommer_db_hostname: db-datanommer02
|
|
# By default, nodes don't backup any dbs on them unless they declare it.
|
|
dbs_to_backup: []
|
|
# dnf-automatic-install.service mode default: security-only
|
|
dnf_automatic_type: security
|
|
dns: "10.3.163.33"
|
|
dns1: "10.3.163.33"
|
|
dns2: "10.3.163.34"
|
|
dns_search1: "iad2.fedoraproject.org"
|
|
dns_search2: "fedoraproject.org"
|
|
# env is staging or production, we default it to production here.
|
|
env: production
|
|
env_prefix: ""
|
|
env_short: prod
|
|
env_suffix: ""
|
|
# Default netmask. All of our iad2 nets are /24's. Almost all of our
|
|
# non-iad2 sites are less than a /24.
|
|
eth0_ipv4_nm: 24
|
|
eth1_ip: 10.0.0.10
|
|
eth1_nm: 255.255.255.0
|
|
# By default, fedmsg hosts are in passive mode. External hosts are typically
|
|
# active.
|
|
fedmsg_active: False
|
|
# By default, nodes get no fedmsg certs. They need to declare them explicitly.
|
|
fedmsg_certs: []
|
|
# A special flag that, when set to true, will disconnect the host from the
|
|
# global fedmsg-relay instance and set it up with its own local one. You can
|
|
# temporarily set this to true for a specific host to do some debugging -- so
|
|
# you can *replay real messages from the datagrepper history without having
|
|
# those broadcast to the rest of the bus*.
|
|
fedmsg_debug_loopback: False
|
|
fedmsg_env: prod
|
|
# By default, fedmsg sends error logs to sysadmin-datanommer-members@fp.o.
|
|
fedmsg_error_recipients:
|
|
- sysadmin-datanommer-members@fedoraproject.org
|
|
# By default, fedmsg should not log debug info. Groups can override this.
|
|
fedmsg_loglevel: INFO
|
|
# Amount of time to wait for connections after a socket is first established.
|
|
fedmsg_post_init_sleep: 1.0
|
|
# Other defaults for fedmsg environments
|
|
fedmsg_prefix: org.fedoraproject
|
|
# Everywhere, always, we should sign messages and validate signatures.
|
|
# However, we allow individual hosts and groups to override this. Use this very
|
|
# carefully.. and never in production (good for testing stuff in staging).
|
|
fedmsg_sign_messages: True
|
|
fedmsg_validate_signatures: True
|
|
#
|
|
# END: Ansible roles_path variables
|
|
#######
|
|
freezes: true
|
|
# defaults for hw installs
|
|
install_noc: none
|
|
ipa_admin_password: "{{ ipa_prod_admin_password }}"
|
|
ipa_realm: FEDORAPROJECT.ORG
|
|
ipa_server: ipa01.iad2.fedoraproject.org
|
|
ipa_server_nodes:
|
|
- ipa01.iad2.fedoraproject.org
|
|
- ipa02.iad2.fedoraproject.org
|
|
- ipa03.iad2.fedoraproject.org
|
|
ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL9-x86_64/
|
|
# defaults for virt installs
|
|
ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel
|
|
# most of our systems are 64bit.
|
|
# Used to install various nagios scripts and the like.
|
|
libdir: /usr/lib64
|
|
lvm_size: 20000
|
|
mac_address: RANDOM
|
|
mac_address1: RANDOM
|
|
main_bridge: br0
|
|
max_cpu: "{{ num_cpus * 5 }}"
|
|
max_mem_size: "{{ mem_size * 5 }}"
|
|
mem_size: 4096
|
|
nagios_Can_Connect: true
|
|
# Nagios global variables
|
|
nagios_Check_Services:
|
|
dhcpd: false
|
|
httpd: false
|
|
mail: true
|
|
named: false
|
|
nrpe: true
|
|
ping: true
|
|
raid: false
|
|
sshd: true
|
|
swap: true
|
|
nat_rules: []
|
|
# default network block device encryption settings for linux-system-roles/nbde_client
|
|
nbde: true
|
|
nbde_device: /dev/md2
|
|
nbde_client_bindings:
|
|
- device: "{{ nbde_device }}"
|
|
encryption_password: "{{ nbde_password }}"
|
|
password_temporary: no
|
|
threshold: 1
|
|
servers:
|
|
- http://tang01.iad2.fedoraproject.org
|
|
- http://tang02.iad2.fedoraproject.org
|
|
# usually we do not want to enable nested virt, only on some virthosts
|
|
nested: false
|
|
network_allow_restart: yes
|
|
network_connections:
|
|
- autoconnect: yes
|
|
ip:
|
|
address:
|
|
- "{{ eth0_ipv4_ip }}/{{ eth0_ipv4_nm }}"
|
|
dhcp4: no
|
|
dns:
|
|
- "{{ dns1 }}"
|
|
- "{{ dns2 }}"
|
|
dns_search:
|
|
- "{{ dns_search1 }}"
|
|
- "{{ dns_search2 }}"
|
|
gateway4: "{{ eth0_ipv4_gw }}"
|
|
mac: "{{ ansible_default_ipv4.macaddress }}"
|
|
name: eth0
|
|
type: ethernet
|
|
state: up
|
|
nfs_bridge: br1
|
|
# nfs mount options, override at the group/host level
|
|
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
|
|
nm: 255.255.255.0
|
|
# Most of our machines have manual resolv.conf files
|
|
# These settings are for machines where NM is supposed to control resolv.conf.
|
|
nrpe_check_postfix_queue_crit: 5
|
|
# by default, the number of emails in queue before we whine
|
|
nrpe_check_postfix_queue_warn: 2
|
|
nrpe_procs_crit: 300
|
|
# by default the number of procs we allow before we whine
|
|
nrpe_procs_warn: 250
|
|
num_cpus: 2
|
|
# ocp4 is default now in some proxy roles
|
|
ocp4: true
|
|
# All the ocp production workers.
|
|
# This is used by the openvpn openshift app to make sure there's a vpn pod on each node.
|
|
ocp_nodes:
|
|
- worker01.ocp.iad2.fedoraproject.org
|
|
- worker02.ocp.iad2.fedoraproject.org
|
|
- worker03.ocp.iad2.fedoraproject.org
|
|
- worker04.ocp.iad2.fedoraproject.org
|
|
- worker05.ocp.iad2.fedoraproject.org
|
|
- worker06.ocp.iad2.fedoraproject.org
|
|
ocp_wildcard_cert_file: wildcard-2024.apps.ocp.fedoraproject.org.cert
|
|
# This is the openshift wildcard cert for ocp
|
|
ocp_wildcard_cert_name: wildcard-2024.apps.ocp.fedoraproject.org
|
|
ocp_wildcard_int_file: wildcard-2024.apps.ocp.fedoraproject.org.intermediate.cert
|
|
ocp_wildcard_key_file: wildcard-2024.apps.ocp.fedoraproject.org.key
|
|
# Path to the openshift-ansible checkout as external git repo brought into
|
|
# Fedora Infra
|
|
openshift_ansible: /srv/web/infra/openshift-ansible/
|
|
postfix_group: "none"
|
|
# This is a list of services that need to wait for VPN to be up before getting started.
|
|
postvpnservices: []
|
|
preferred_dc: iad2
|
|
primary_auth_source: ipa
|
|
#
|
|
# Set a redirectmatch variable we can use to disable some redirectmatches
|
|
# like the prerelease to final ones.
|
|
#
|
|
redirectmatch_enabled: True
|
|
# default the root_auth_users to nothing.
|
|
# This should be set for cloud instances in their host or group vars.
|
|
root_auth_users: ''
|
|
# List of names under which the host is available
|
|
ssh_hostnames: []
|
|
# This enables/disables the SSH "keyhelper" used by Pagure for verifying users'
|
|
# SSH keys from the Pagure database
|
|
sshd_keyhelper: false
|
|
# Normal default sshd port is 22
|
|
sshd_port: 22
|
|
tcp_ports: []
|
|
# example of ports for default iptables
|
|
# tcp_ports: [ 22, 80, 443 ]
|
|
# udp_ports: [ 110, 1024, 2049 ]
|
|
# multiple lines can be handled as below
|
|
# custom_rules: [ '-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT',
|
|
# '-A INPUT -p tcp -m tcp --dport 8889 -j ACCEPT' ]
|
|
# We default these to empty
|
|
udp_ports: []
|
|
# Most EL systems need default EPEL repos.
|
|
# Some systems (notably fed-cloud*) need to get their own
|
|
# EPEL files because EPEL overrides packages in their core repos.
|
|
use_default_epel: true
|
|
#
|
|
# The default virt-install works for rhel9 or fedora with 1 nic
|
|
#
|
|
virt_install_command: "{{ virt_install_command_one_nic }}"
|
|
virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole
|
|
virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole
|
|
virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --rng /dev/random
|
|
virt_install_command_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} nameserver=8.8.8.8 ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host
|
|
virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns1 }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random --cpu host
|
|
virt_install_command_ppc64le_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ eth0_ipv4_nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --watchdog default --rng /dev/random
|
|
virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random
|
|
virt_install_command_pxe_rhcos: virt-install -n {{ inventory_hostname }} --vcpus {{ num_cpus }},maxvcpus={{ num_cpus }} --cpu host --memory {{ mem_size }} --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --nographics --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --hvm --accelerate --autostart --wait=-1 --extra-args "ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:ens2:none hostname={{ inventory_hostname }} nameserver={{ dns }} console=ttyS0 nomodeset rd.neednet=1 coreos.inst=yes coreos.inst.install_dev=vda coreos.live.rootfs_url={{ rhcos_install_rootfs_url }} coreos.inst.ignition_url={{ rhcos_ignition_file_url }}" --os-variant rhel9 --location {{ rhcos_install_url }}
|
|
virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host
|
|
virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --autostart --noautoconsole --rng /dev/random --cpu host
|
|
virt_install_command_two_nic: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }} --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network=bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random
|
|
virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }} --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads,discard=unmap --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0 hostname={{ inventory_hostname }} nameserver={{ dns }} ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none ip={{ eth0_ipv4_ip }}::{{ eth0_ipv4_gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none' --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }} --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address1 }} --autostart --noautoconsole --watchdog default --rng /dev/random
|
|
# assume vpn is false
|
|
vpn: False
|
|
# This is the wildcard certname for our proxies. It has a different name for
|
|
# the staging group and is used in the proxies.yml playbook.
|
|
wildcard_cert_name: wildcard-2024.fedoraproject.org
|
|
wildcard_crt_file: wildcard-2024.fedoraproject.org.cert
|
|
wildcard_int_file: wildcard-2024.fedoraproject.org.intermediate.cert
|
|
wildcard_key_file: wildcard-2024.fedoraproject.org.key
|
|
#
|
|
# say if we want the apache role dependency for mod_wsgi or not
|
|
# In some cases we want mod_wsgi and no apache (for python3 httpaio stuff)
|
|
#
|
|
wsgi_wants_apache: true
|
|
# set no x-forward header by default
|
|
x_forward: false
|
|
#
|