openstack/kayobe
Code Issues Proposed changes
f11c73ff03
kayobe/ansible/group_vars/all/controllers
Mark Goddard 7d15aa16f2 Support configuration of firewalld 
Adds support for configuring firewalld for CentOS hosts managed by
Kayobe.

* create zones
* set default zone
* set zone for interfaces
* define rules

Change-Id: Id60e25e129e323f3c07e702bb81a11efc530fb3e
Story: 2008991
Task: 42644
2021-10-04 10:36:13 +01:00

179 lines
6.7 KiB
Plaintext
Raw Blame History

---
###############################################################################
# Controller node configuration.
# User with which to access the controllers via SSH during bootstrap, in order
# to setup the Kayobe user account. Default is {{ os_distribution }}.
controller_bootstrap_user: "{{ os_distribution }}"
###############################################################################
# Controller network interface configuration.
# List of networks to which controller nodes are attached.
controller_network_interfaces: >
{{ (controller_default_network_interfaces +
controller_extra_network_interfaces +
(controller_network_host_network_interfaces
if inventory_hostname in groups['network'] else [])) | select | unique | list }}
# List of default networks to which controller nodes are attached.
controller_default_network_interfaces: >
{{ [admin_oc_net_name,
oob_wl_net_name,
provision_wl_net_name,
inspection_net_name,
internal_net_name,
storage_net_name,
swift_storage_net_name,
cleaning_net_name] | select | unique | list }}
# List of extra networks to which controller nodes are attached.
controller_extra_network_interfaces: []
# List of network interfaces to which network nodes are attached.
controller_network_host_network_interfaces: >
{{ (controller_network_host_default_network_interfaces +
controller_network_host_extra_network_interfaces) | select | unique | list }}
# List of default network interfaces to which network nodes are attached.
controller_network_host_default_network_interfaces: >
{{ ([admin_oc_net_name,
internal_net_name,
storage_net_name,
public_net_name,
tunnel_net_name] +
external_net_names) | select | unique | list }}
# List of extra networks to which network nodes are attached.
controller_network_host_extra_network_interfaces: []
###############################################################################
# Controller node BIOS configuration.
# Dict of controller BIOS options. Format is same as that used by stackhpc.drac
# role.
controller_bios_config: "{{ controller_bios_config_default | combine(controller_bios_config_extra) }}"
# Dict of default controller BIOS options. Format is same as that used by
# stackhpc.drac role.
controller_bios_config_default: {}
# Dict of additional controller BIOS options. Format is same as that used by
# stackhpc.drac role.
controller_bios_config_extra: {}
###############################################################################
# Controller node RAID configuration.
# List of controller RAID volumes. Format is same as that used by stackhpc.drac
# role.
controller_raid_config: "{{ controller_raid_config_default + controller_raid_config_extra }}"
# List of default controller RAID volumes. Format is same as that used by
# stackhpc.drac role.
controller_raid_config_default: []
# List of additional controller RAID volumes. Format is same as that used by
# stackhpc.drac role.
controller_raid_config_extra: []
###############################################################################
# Controller node software RAID configuration.
# List of software RAID arrays. See mrlesmithjr.mdadm role for format.
controller_mdadm_arrays: []
###############################################################################
# Controller node encryption configuration.
# List of block devices to encrypt. See stackhpc.luks role for format.
controller_luks_devices: []
###############################################################################
# Controller node LVM configuration.
# List of controller volume groups. See mrlesmithjr.manage-lvm role for
# format.
controller_lvm_groups: "{{ controller_lvm_groups_default + controller_lvm_groups_extra }}"
# Default list of controller volume groups. See mrlesmithjr.manage-lvm role for
# format.
controller_lvm_groups_default: "{{ [controller_lvm_group_data] if controller_lvm_group_data_enabled | bool else [] }}"
# Additional list of controller volume groups. See mrlesmithjr.manage-lvm role
# for format.
controller_lvm_groups_extra: []
# Whether a 'data' LVM volume group should exist on controller hosts. By
# default this contains a 'docker-volumes' logical volume for Docker volume
# storage. It will also be used for Docker container and image storage if
# 'docker_storage_driver' is set to 'devicemapper'. Default is true if
# 'docker_storage_driver' is set to 'devicemapper', or false otherwise.
controller_lvm_group_data_enabled: "{{ docker_storage_driver == 'devicemapper' }}"
# Controller LVM volume group for data. See mrlesmithjr.manage-lvm role for
# format.
controller_lvm_group_data:
vgname: data
disks: "{{ controller_lvm_group_data_disks }}"
create: True
lvnames: "{{ controller_lvm_group_data_lvs }}"
# List of disks for use by controller LVM data volume group. Default to an
# invalid value to require configuration.
controller_lvm_group_data_disks:
- changeme
# List of LVM logical volumes for the data volume group.
controller_lvm_group_data_lvs:
- "{{ controller_lvm_group_data_lv_docker_volumes }}"
# Docker volumes LVM backing volume.
controller_lvm_group_data_lv_docker_volumes:
lvname: docker-volumes
size: "{{ controller_lvm_group_data_lv_docker_volumes_size }}"
create: True
filesystem: "{{ controller_lvm_group_data_lv_docker_volumes_fs }}"
mount: True
mntp: /var/lib/docker/volumes
# Size of docker volumes LVM backing volume.
controller_lvm_group_data_lv_docker_volumes_size: 75%VG
# Filesystem for docker volumes LVM backing volume. ext4 allows for shrinking.
controller_lvm_group_data_lv_docker_volumes_fs: ext4
###############################################################################
# Controller node sysctl configuration.
# Dict of sysctl parameters to set.
controller_sysctl_parameters: {}
###############################################################################
# Controller node user configuration.
# List of users to create. This should be in a format accepted by the
# singleplatform-eng.users role.
controller_users: "{{ users_default }}"
###############################################################################
# Controller node firewalld configuration.
# Whether to install and enable firewalld.
controller_firewalld_enabled: false
# A list of zones to create. Each item is a dict containing a 'zone' item.
controller_firewalld_zones: []
# A firewalld zone to set as the default. Default is unset, in which case the
# default zone will not be changed.
controller_firewalld_default_zone:
# A list of firewall rules to apply. Each item is a dict containing arguments
# to pass to the firewalld module. Arguments are omitted if not provided, with
# the following exceptions:
# - offline: true
# - permanent: true
# - state: enabled
controller_firewalld_rules: []
View Git Blame Copy Permalink