mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-28 20:42:20 +08:00
b0b7dc9b47
OK, this GRE crap ain't working. Let's give up! Instead let's have one tap-capable host per openQA deployment, so all the tap jobs will go to it. This...should achieve that. Let's see what blows up.
19 lines
645 B
Plaintext
19 lines
645 B
Plaintext
openqa_tap: true
|
|
|
|
# for iptables rules...maybe other stuff in future? both staging
|
|
# and prod workers are in this group
|
|
host_group: openqa-tap-workers
|
|
|
|
# firewall rules to allow openQA openvswitch guests to communicate
|
|
custom_rules: [
|
|
'-A FORWARD -i br0 -j ACCEPT',
|
|
'-A FORWARD -m state -i eth0 -o br0 --state RELATED,ESTABLISHED -j ACCEPT',
|
|
'-A INPUT -i br0 -j ACCEPT'
|
|
]
|
|
|
|
# we do stuff with ifcfg that base doesn't understand. terrible, terrible
|
|
# stuff. seriously - it doesn't handle the openvswitch config well. so
|
|
# let's tell it to just configure eth0 for us and leave everything else
|
|
# alone.
|
|
ansible_ifcfg_whitelist: ['eth0']
|