59b34958b7
The unbound container group and component group share the same name, so we are hitting the quirk in OSA inventory where containerized services that have component and container groups sharing the same name get both the hosts and containers added to the _all group. This change targets the component group to correctly target only the unbound containers, not the physical hosts for the containers. Change-Id: Id214bbebeee73a6bf48088396e2e450669e00926
30 lines
1.3 KiB
YAML
30 lines
1.3 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Ensure that the package state matches the global setting
|
|
lxc_hosts_package_state: "{{ package_state }}"
|
|
openstack_hosts_package_state: "{{ package_state }}"
|
|
security_package_state: "{{ package_state }}"
|
|
|
|
# Disable /etc/hosts management if unbound DNS resolution containers exist
|
|
openstack_host_manage_hosts_file: "{{ groups['unbound'] is not defined or groups['unbound'] | length < 1 }}"
|
|
|
|
# Use the RHEL 7 STIG content from the openstack-ansible-security role
|
|
stig_version: rhel7
|
|
|
|
# Temporarily avoid putting SELinux into enforcing mode on CentOS 7 until some
|
|
# additional policy is written. See LP Bug 1657517 for more details.
|
|
security_rhel7_enable_linux_security_module: "{{ ansible_os_family == 'RedHat' | ternary(false, true) }}"
|