mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-20 03:57:02 +08:00
991273d7f1
The x86 ones are now in rdu3 and reinstalled with rhel10. All the power9 ones are in rdu3 and reinstalled. So, we should just enable nbde on all of them. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
49 lines
1.3 KiB
Plaintext
49 lines
1.3 KiB
Plaintext
---
|
|
freezes: false
|
|
|
|
host_group: copr_hypervisor
|
|
|
|
vpn: true
|
|
ipa_client_shell_groups:
|
|
- sysadmin-noc
|
|
- sysadmin-copr
|
|
|
|
ipa_client_sudo_groups:
|
|
- sysadmin-copr
|
|
|
|
ipa_host_group: copr-vmhost
|
|
ipa_host_group_desc: Copr hypervisors
|
|
|
|
postfix_group: vpn
|
|
primary_auth_source: ipa
|
|
|
|
nbde: true
|
|
nbde_device: /dev/md2
|
|
nbde_client_bindings:
|
|
- device: "{{ nbde_device }}"
|
|
encryption_password: "{{ nbde_password }}"
|
|
password_temporary: no
|
|
threshold: 1
|
|
servers:
|
|
- http://tang01.rdu3.fedoraproject.org
|
|
- http://tang02.rdu3.fedoraproject.org
|
|
|
|
libvirt_host: "{{ inventory_hostname }}"
|
|
|
|
nft_custom_rules:
|
|
- add rule ip filter INPUT iifname virbr0 udp dport bootps accept
|
|
- add rule ip filter INPUT iifname virbr0 udp dport 53 accept
|
|
- add rule ip filter INPUT iifname virbr0 tcp dport ssh accept
|
|
- add rule ip filter FORWARD iifname "virbr0" oif != "virbr0" counter accept
|
|
- add rule ip filter FORWARD iifname "virbr0" ct state new counter accept
|
|
- add rule ip filter FORWARD ct state established,related counter accept
|
|
- add rule ip filter FORWARD ip protocol icmp counter accept
|
|
|
|
zabbix_macros:
|
|
CPU.UTIL.CRIT: 100
|
|
MEMORY.UTIL.MAX: 100
|
|
NET.IF.IFNAME.NOT_MATCHES: "^(vnet.*|virbr.*)"
|
|
SWAP.PFREE.MIN.WARN: 0
|
|
VFS.DEV.READ.AWAIT.WARN: 40
|
|
VFS.DEV.WRITE.AWAIT.WARN: 80
|