b5f0a17acf
Change-Id: Ic8c212111301d6b144e3aa0fe124b022b0296ec6
156 lines
4.2 KiB
Django/Jinja
156 lines
4.2 KiB
Django/Jinja
---
|
|
# The following configuration aims to test some of the 'host configure'
|
|
# command.
|
|
|
|
# Additional users.
|
|
controller_users:
|
|
- username: kayobe-test-user
|
|
name: Kayobe test user
|
|
password: kayobe-test-user-password
|
|
groups:
|
|
- stack
|
|
|
|
# Additional network interfaces, testing a variety of interface configurations.
|
|
controller_extra_network_interfaces:
|
|
- test_net_eth
|
|
- test_net_eth_vlan
|
|
- test_net_bridge
|
|
- test_net_bridge_vlan
|
|
- test_net_bond
|
|
- test_net_bond_vlan
|
|
|
|
# Custom IP routing tables.
|
|
network_route_tables:
|
|
- id: 2
|
|
name: kayobe-test-route-table
|
|
|
|
# dummy2: Ethernet interface.
|
|
test_net_eth_cidr: 192.168.34.0/24
|
|
test_net_eth_routes:
|
|
- cidr: 192.168.40.0/24
|
|
gateway: 192.168.34.254
|
|
test_net_eth_interface: dummy2
|
|
|
|
# dummy2.42: VLAN subinterface of dummy2.
|
|
test_net_eth_vlan_cidr: 192.168.35.0/24
|
|
test_net_eth_vlan_interface: "{% raw %}{{ test_net_eth_interface }}.{{ test_net_eth_vlan_vlan }}{% endraw %}"
|
|
test_net_eth_vlan_vlan: 42
|
|
test_net_eth_vlan_routes:
|
|
- cidr: 192.168.40.0/24
|
|
gateway: 192.168.35.254
|
|
table: kayobe-test-route-table
|
|
test_net_eth_vlan_rules:
|
|
{% if ansible_os_family == 'RedHat' %}
|
|
- from 192.168.35.0/24 table kayobe-test-route-table
|
|
{% else %}
|
|
- from: 192.168.35.0/24
|
|
table: kayobe-test-route-table
|
|
{% endif %}
|
|
test_net_eth_vlan_zone: test-zone1
|
|
|
|
# br0: bridge with ports dummy3, dummy4.
|
|
test_net_bridge_cidr: 192.168.36.0/24
|
|
test_net_bridge_interface: br0
|
|
test_net_bridge_bridge_ports: [dummy3, dummy4]
|
|
test_net_bridge_zone: test-zone2
|
|
|
|
# br0.43: VLAN subinterface of br0.
|
|
test_net_bridge_vlan_cidr: 192.168.37.0/24
|
|
test_net_bridge_vlan_interface: "{% raw %}{{ test_net_bridge_interface }}.{{ test_net_bridge_vlan_vlan }}{% endraw %}"
|
|
test_net_bridge_vlan_vlan: 43
|
|
test_net_bridge_vlan_zone: test-zone3
|
|
|
|
# bond0: bond with slaves dummy5, dummy6.
|
|
test_net_bond_cidr: 192.168.38.0/24
|
|
test_net_bond_interface: bond0
|
|
test_net_bond_bond_slaves: [dummy5, dummy6]
|
|
test_net_bond_zone: test-zone3
|
|
|
|
# bond0.44: VLAN subinterface of bond0.
|
|
test_net_bond_vlan_cidr: 192.168.39.0/24
|
|
test_net_bond_vlan_interface: "{% raw %}{{ test_net_bond_interface }}.{{ test_net_bond_vlan_vlan }}{% endraw %}"
|
|
test_net_bond_vlan_vlan: 44
|
|
test_net_bond_vlan_zone: public
|
|
|
|
# Define a software RAID device consisting of two loopback devices.
|
|
controller_mdadm_arrays:
|
|
- name: md0
|
|
devices:
|
|
- /dev/loop0
|
|
- /dev/loop1
|
|
level: '1'
|
|
state: present
|
|
|
|
# Layer LUKS encryption on top of the software RAID
|
|
controller_luks_devices:
|
|
- name: loopback-crypt
|
|
device: /dev/md0
|
|
|
|
# Create an LVM volume group for Docker volumes and devicemapper.
|
|
controller_lvm_groups:
|
|
- "{% raw %}{{ controller_lvm_group_data }}{% endraw %}"
|
|
|
|
# Provide a disk for use by LVM. Uses the LUKS encrypted device created above.
|
|
controller_lvm_group_data_disks:
|
|
- /dev/mapper/loopback-crypt
|
|
|
|
# Set a sysctl.
|
|
controller_sysctl_parameters:
|
|
fs.mount-max: 99999
|
|
|
|
# Disable cloud-init.
|
|
disable_cloud_init: true
|
|
|
|
# Use devicemapper storage driver.
|
|
docker_storage_driver: devicemapper
|
|
|
|
# Set Honolulu time.
|
|
timezone: Pacific/Honolulu
|
|
|
|
{% if ansible_os_family == 'RedHat' %}
|
|
# Use a local DNF mirror.
|
|
dnf_use_local_mirror: true
|
|
# Mirror FQDN for DNF repos.
|
|
dnf_centos_mirror_host: "{{ zuul_site_mirror_fqdn }}"
|
|
# Mirror directory for DNF CentOS repos.
|
|
dnf_centos_mirror_directory: 'centos'
|
|
# Mirror FQDN for DNF EPEL repos.
|
|
dnf_epel_mirror_host: "{{ zuul_site_mirror_fqdn }}"
|
|
# Mirror directory for DNF EPEL repos.
|
|
dnf_epel_mirror_directory: 'epel'
|
|
# Configure a custom DNF repository.
|
|
dnf_custom_repos:
|
|
td-agent:
|
|
baseurl: http://packages.treasuredata.com/4/redhat/$releasever/$basearch
|
|
gpgkey: https://packages.treasuredata.com/GPG-KEY-td-agent
|
|
gpgcheck: yes
|
|
# Enable DNF Automatic.
|
|
dnf_automatic_enabled: true
|
|
{% endif %}
|
|
|
|
# Override the default NTP pool
|
|
chrony_ntp_servers:
|
|
- server: time.cloudflare.com
|
|
type: pool
|
|
options:
|
|
- option: maxsources
|
|
val: 2
|
|
|
|
# Enable firewalld (CentOS only).
|
|
controller_firewalld_enabled: true
|
|
controller_firewalld_zones:
|
|
- zone: test-zone1
|
|
- zone: test-zone2
|
|
- zone: test-zone3
|
|
controller_firewalld_default_zone:
|
|
controller_firewalld_rules:
|
|
- port: 8080/tcp
|
|
zone: test-zone1
|
|
- service: http
|
|
zone: test-zone2
|
|
- icmp_block: echo-request
|
|
zone: test-zone3
|
|
- service: cockpit
|
|
state: disabled
|
|
zone: public
|