blob: 571b6a62c45b26cea2bd86f6062aa1e3f85d039e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
openqa_tap: true
# for iptables rules...maybe other stuff in future? both staging
# and prod workers are in this group
host_group: openqa-tap-workers
# firewall rules to allow openQA openvswitch guests to communicate
# eth0 for x86_64 worker hosts, eth2 for ppc64 worker host
custom_rules: [
'-A FORWARD -i br0 -j ACCEPT',
'-A FORWARD -m state -i eth0 -o br0 --state RELATED,ESTABLISHED -j ACCEPT',
'-A FORWARD -m state -i eth2 -o br0 --state RELATED,ESTABLISHED -j ACCEPT',
'-A INPUT -i br0 -j ACCEPT'
]
# we do stuff with ifcfg that base doesn't understand. terrible, terrible
# stuff. seriously - it doesn't handle the openvswitch config well. so
# let's tell it to just configure eth0 (and eth2, for ppc64) for us and
# leave everything else alone.
ansible_ifcfg_whitelist: ['eth0', 'eth2']
|
