mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-06-27 23:57:02 +08:00
dbbf94a411
Almost global anyway, i.e. inside the VPN. The ipa/client-based shell access and sudo rules are only effective for staging right now, the respective playbook bits are masked out for prod. - Assign Ansible host groups to IPA host groups, the latter don't care about 'stg' in the name and use dashes rather than underscores. - Distill shell access groups from fas_client_groups in group and host vars. - Let all `sysadmin-*` groups in the previous list run anything via sudo in the host group (except bastion & batcave). - Remove `fas_client_groups` from staging host and group vars. - Remove sudoers from staging host and group vars if only `sysadmin-*` groups have shell access. - Set up `ipa_client_shell_groups` on bastion to be a super set of the same on batcave. Newly created IPA host groups: - autosign - badges - basset - bastion - batcave - blockerbugs - bodhi - bugzilla2fedmsg - busgateway - datagrepper - dbserver - dns - fedimg - github2fedmsg - ipa - kernel-qa - kerneltest - kojibuilder - kojihub - kojipkgs - logging - mailman - memcached - mirrormanager - nagios - notifs - oci-registry - odcs - openqa - openqa-workers - osbs - packages - pdc-web - pkgs - proxies - rabbitmq - releng-compose - resultsdb - secondary - sign-bridge - sundries - value - wiki Signed-off-by: Nils Philippsen <nils@redhat.com>
928 B
928 B
— nm: 255.255.255.0 gw: 10.3.167.254 dns: 10.3.163.33 volgroup: /dev/vg_guests eth0_ip: 10.3.167.65 #mac_address: 52:54:00:71:a6:eb vmhost: bvmhost-x86-01.stg.iad2.fedoraproject.org datacenter: iad2
ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-8-iad2 ks_repo: http://10.3.163.35/repo/rhel/RHEL8-x86_64/
databases:
- koji
lvm_size: 1500000 mem_size: 16384 max_mem_size: "{{ mem_size }}" num_cpus: 8
kernel_shmmax: 68719476736
#
# custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.167.64 –dport 5432 -j ACCEPT', ]
#
# nrpe_procs_warn: 600 nrpe_procs_crit: 700 shared_buffers: "4GB" effective_cache_size: "12GB"