kayobe/playbooks/kayobe-overcloud-host-configure-base/overrides.yml.j2

---
# The following configuration aims to test some of the 'host configure'
# command.

# Additional users.
controller_users:
  - username: kayobe-test-user
    name: Kayobe test user
    password: kayobe-test-user-password
    groups:
      - stack

# Additional network interfaces, testing a variety of interface configurations.
controller_extra_network_interfaces:
  - test_net_eth
  - test_net_eth_vlan
  - test_net_bridge
  - test_net_bridge_vlan
  - test_net_bond
  - test_net_bond_vlan
  - test_net_bridge_noip
{% if ansible_os_family == "Debian" %}
  - test_net_systemd_vlan
{% endif %}

# Custom IP routing tables.
network_route_tables:
  - id: 2
    name: kayobe-test-route-table

# dummy2: Ethernet interface.
test_net_eth_cidr: 192.168.34.0/24
test_net_eth_routes:
  - cidr: 192.168.40.0/24
    gateway: 192.168.34.254
test_net_eth_interface: dummy2

# dummy2.42: VLAN subinterface of dummy2.
test_net_eth_vlan_cidr: 192.168.35.0/24
test_net_eth_vlan_interface: "{% raw %}{{ test_net_eth_interface }}.{{ test_net_eth_vlan_vlan }}{% endraw %}"
test_net_eth_vlan_vlan: 42
test_net_eth_vlan_routes:
  - cidr: 192.168.40.0/24
    gateway: 192.168.35.254
    table: kayobe-test-route-table
test_net_eth_vlan_rules:
{% if ansible_facts.os_family == 'RedHat' %}
  - from 192.168.35.0/24 table kayobe-test-route-table
{% else %}
  - from: 192.168.35.0/24
    table: kayobe-test-route-table
{% endif %}
test_net_eth_vlan_zone: test-zone1

# br0: bridge with ports dummy3, dummy4.
test_net_bridge_cidr: 192.168.36.0/24
test_net_bridge_interface: br0
test_net_bridge_bridge_ports: [dummy3, dummy4]
test_net_bridge_bridge_stp: false
test_net_bridge_zone: test-zone2

# br0.43: VLAN subinterface of br0.
test_net_bridge_vlan_cidr: 192.168.37.0/24
test_net_bridge_vlan_interface: "{% raw %}{{ test_net_bridge_interface }}.{{ test_net_bridge_vlan_vlan }}{% endraw %}"
test_net_bridge_vlan_vlan: 43
test_net_bridge_vlan_zone: test-zone3

# bond0: bond with slaves dummy5, dummy6.
test_net_bond_cidr: 192.168.38.0/24
test_net_bond_interface: bond0
test_net_bond_bond_slaves: [dummy5, dummy6]
test_net_bond_zone: test-zone3

# bond0.44: VLAN subinterface of bond0.
test_net_bond_vlan_cidr: 192.168.39.0/24
test_net_bond_vlan_interface: "{% raw %}{{ test_net_bond_interface }}.{{ test_net_bond_vlan_vlan }}{% endraw %}"
test_net_bond_vlan_vlan: 44
test_net_bond_vlan_zone: public

# br1: Bridge interface without IP address.
test_net_bridge_noip_cidr: 192.168.40.0/24
test_net_bridge_noip_interface: br1
test_net_bridge_noip_bridge_ports: [dummy7]
test_net_bridge_noip_bridge_stp: true
test_net_bridge_noip_no_ip: true

{% if ansible_os_family == "Debian" %}
# vlan45: VLAN interface of bond0 using systemd-networkd style
test_net_systemd_vlan_cidr: 192.168.41.0/24
test_net_systemd_vlan_interface: "vlan{% raw %}{{ test_net_systemd_vlan_vlan }}{% endraw %}"
test_net_systemd_vlan_parent: "{% raw %}{{ test_net_bond_interface }}{% endraw %}"
test_net_systemd_vlan_vlan: 45
test_net_systemd_vlan_zone: public
{% endif %}

# Define a software RAID device consisting of two loopback devices.
controller_mdadm_arrays:
  - name: md0
    devices:
      - /dev/loop0
      - /dev/loop1
    level: '1'
    state: present

# Layer LUKS encryption on top of the software RAID
controller_luks_devices:
  - name: loopback-crypt
    device: /dev/md0

# Create an LVM volume group for Docker volumes and devicemapper.
controller_lvm_groups:
  - "{% raw %}{{ controller_lvm_group_data }}{% endraw %}"

# Provide a disk for use by LVM. Uses the LUKS encrypted device created above.
controller_lvm_group_data_disks:
  - /dev/mapper/loopback-crypt

# Set a sysctl.
controller_sysctl_parameters:
  fs.mount-max: 99999

# Disable cloud-init.
disable_cloud_init: true

# Use devicemapper storage driver.
docker_storage_driver: devicemapper

# Set Honolulu time.
timezone: Pacific/Honolulu

{% if ansible_facts.os_family == "Debian" %}
apt_config:
  - content: |
      Acquire::Retries 1;
    filename: 99retries
apt_keys:
  - url: https://packages.treasuredata.com/GPG-KEY-td-agent
    filename: td-agent.asc
apt_repositories:
  # Ubuntu jammy repositories.
  - url: "http://{{ zuul_site_mirror_fqdn }}/ubuntu/"
    suites: jammy jammy-updates
    components: main restricted universe multiverse
  - url: "http://{{ zuul_site_mirror_fqdn }}/ubuntu/"
    suites: jammy-security
    components: main restricted universe multiverse
  # Treasuredata repository.
  - url:  http://packages.treasuredata.com/4/ubuntu/jammy/
    components: contrib
    signed_by: td-agent.asc
apt_disable_sources_list: true
{% endif %}

{% if ansible_facts.os_family == 'RedHat' %}
# Use a local DNF mirror.
dnf_use_local_mirror: true
{% if ansible_facts.distribution == 'CentOS' %}
# Mirror FQDN for DNF repos.
dnf_centos_mirror_host: "{{ zuul_site_mirror_fqdn }}"
# Mirror directory for DNF CentOS repos.
dnf_centos_mirror_directory: 'centos-stream'
{% endif %}
# Mirror FQDN for DNF EPEL repos.
dnf_epel_mirror_host: "{{ zuul_site_mirror_fqdn }}"
# Mirror directory for DNF EPEL repos.
dnf_epel_mirror_directory: 'epel'
# Configure a custom DNF repository.
dnf_custom_repos:
  td-agent:
    baseurl: http://packages.treasuredata.com/4/redhat/$releasever/$basearch
    gpgkey: https://packages.treasuredata.com/GPG-KEY-td-agent
    gpgcheck: yes
# Install EPEL local mirror.
dnf_install_epel: true
# Enable DNF Automatic.
dnf_automatic_enabled: true
{% endif %}

# Override the default NTP pool
chrony_ntp_servers:
  - server: time.cloudflare.com
    type: pool
    options:
      - option: maxsources
        val: 2

# Enable firewalld
controller_firewalld_enabled: true
controller_firewalld_zones:
  - zone: test-zone1
  - zone: test-zone2
  - zone: test-zone3
controller_firewalld_default_zone:
controller_firewalld_rules:
  - port: 8080/tcp
    zone: test-zone1
  - service: http
    zone: test-zone2
  - icmp_block: echo-request
    zone: test-zone3
  - service: cockpit
    state: disabled
    zone: public

# Configure a swap file.
controller_swap:
  - path: /swapfile
    size_mb: 256

# Generate a password for libvirt SASL authentication.
compute_libvirt_sasl_password: "{% raw %}{{ lookup('password', '/tmp/libvirt-sasl-password') }}{% endraw %}"