From be1b1503d64a2be5a1dfd32ebdda931679d1ebdb Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 9 Aug 2025 15:24:14 -0700 Subject: [PATCH] group_vars/all: default nbdr to false for non rdu3 hardware Non rdu3 hardware doesn't have access to tang. There's some slight exceptions on some hosts that use tpm, but we can override that in hosts vars. Also drop the rdu3 datacenter check, we can just use the nbde boolean to determine if we run it or not. Signed-off-by: Kevin Fenzi --- inventory/group_vars/all | 5 +++++ playbooks/groups/virthost.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/inventory/group_vars/all b/inventory/group_vars/all index c7948b3d4f..e95f432dda 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -302,3 +302,8 @@ notes: | Unspecified. * What hosts/services does this rely on? * What hosts/services rely on this? + +# network block device encryption default to false, +# only set on hardware hosts that are encrypted installs where +# there is a local tang server or tpm +nbde: false diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index c6573be937..143a68f070 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -48,7 +48,7 @@ - role: collectd/base - sudo - virthost - - {role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: (datacenter == 'rdu3' and nbde|bool) or ( datacenter == 'rdu3' and nbde|bool) } + - {role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: (nbde|bool) } - {role: serial-console, when: datacenter == 'rdu3' and ansible_architecture != 's390x'} - {role: iscsi_client, when: datacenter == 'rdu3' and inventory_hostname.startswith('bvmhost-p10-01') }