openstack/kayobe
Code Issues Proposed changes
Files
f11c73ff03ede87e4a3b8945f836edfe6bd0539d
kayobe/ansible/group_vars/all/monitoring
Mark Goddard 7d15aa16f2 Support configuration of firewalld 
Adds support for configuring firewalld for CentOS hosts managed by
Kayobe.

* create zones
* set default zone
* set zone for interfaces
* define rules

Change-Id: Id60e25e129e323f3c07e702bb81a11efc530fb3e
Story: 2008991
Task: 42644
2021-10-04 10:36:13 +01:00

118 lines
4.7 KiB
Plaintext
Raw Blame History

---
###############################################################################
# Monitoring node configuration.
# User with which to access the monitoring nodes via SSH during bootstrap, in
# order to setup the Kayobe user account.
monitoring_bootstrap_user: "{{ controller_bootstrap_user }}"
###############################################################################
# Monitoring node network interface configuration.
# List of networks to which monitoring nodes are attached.
monitoring_network_interfaces: >
{{ controller_network_interfaces | unique | list
if inventory_hostname in groups['controllers'] else
(monitoring_default_network_interfaces +
monitoring_extra_network_interfaces) | select | unique | list }}
# List of default networks to which monitoring nodes are attached.
monitoring_default_network_interfaces: >
{{ [admin_oc_net_name,
internal_net_name,
public_net_name] | select | unique | list }}
# List of extra networks to which monitoring nodes are attached.
monitoring_extra_network_interfaces: []
###############################################################################
# Monitoring node BIOS configuration.
# Dict of monitoring node BIOS options. Format is same as that used by
# stackhpc.drac role.
monitoring_bios_config: "{{ monitoring_bios_config_default | combine(monitoring_bios_config_extra) }}"
# Dict of default monitoring node BIOS options. Format is same as that used by
# stackhpc.drac role.
monitoring_bios_config_default: "{{ controller_bios_config_default }}"
# Dict of additional monitoring node BIOS options. Format is same as that used
# by stackhpc.drac role.
monitoring_bios_config_extra: "{{ controller_bios_config_extra }}"
###############################################################################
# Monitoring node RAID configuration.
# List of monitoring node RAID volumes. Format is same as that used by
# stackhpc.drac role.
monitoring_raid_config: "{{ monitoring_raid_config_default + monitoring_raid_config_extra }}"
# List of default monitoring node RAID volumes. Format is same as that used by
# stackhpc.drac role.
monitoring_raid_config_default: "{{ controller_raid_config_default }}"
# List of additional monitoring node RAID volumes. Format is same as that used
# by stackhpc.drac role.
monitoring_raid_config_extra: "{{ controller_raid_config_extra }}"
###############################################################################
# Monitoring node software RAID configuration.
# List of software RAID arrays. See mrlesmithjr.mdadm role for format.
monitoring_mdadm_arrays: []
###############################################################################
# Monitoring node encryption configuration.
# List of block devices to encrypt. See stackhpc.luks role for format.
monitoring_luks_devices: []
###############################################################################
# Monitoring node LVM configuration.
# List of monitoring node volume groups. See mrlesmithjr.manage-lvm role for
# format.
monitoring_lvm_groups: "{{ monitoring_lvm_groups_default + monitoring_lvm_groups_extra }}"
# Default list of monitoring node volume groups. See mrlesmithjr.manage-lvm
# role for format.
monitoring_lvm_groups_default: "{{ controller_lvm_groups_default }}"
# Additional list of monitoring node volume groups. See mrlesmithjr.manage-lvm
# role for format.
monitoring_lvm_groups_extra: "{{ controller_lvm_groups_extra }}"
###############################################################################
# Monitoring node sysctl configuration.
# Dict of sysctl parameters to set.
monitoring_sysctl_parameters: "{{ controller_sysctl_parameters }}"
###############################################################################
# Monitoring node user configuration.
# List of users to create. This should be in a format accepted by the
# singleplatform-eng.users role.
monitoring_users: "{{ controller_users }}"
###############################################################################
# Monitoring node firewalld configuration.
# Whether to install and enable firewalld.
monitoring_firewalld_enabled: "{{ controller_firewalld_enabled }}"
# A list of zones to create. Each item is a dict containing a 'zone' item.
monitoring_firewalld_zones: "{{ controller_firewalld_zones }}"
# A firewalld zone to set as the default. Default is unset, in which case the
# default zone will not be changed.
monitoring_firewalld_default_zone: "{{ controller_firewalld_default_zone }}"
# A list of firewall rules to apply. Each item is a dict containing arguments
# to pass to the firewalld module. Arguments are omitted if not provided, with
# the following exceptions:
# - offline: true
# - permanent: true
# - state: enabled
monitoring_firewalld_rules: "{{ controller_firewalld_rules }}"
View Git Blame Copy Permalink