Move nms host roles to adm hosts

2025-07-12 13:18:18 +00:00 · 2025-07-12 13:18:18 +00:00 · fe5444052b
commit fe5444052b
parent 4c32ae71da
6 changed files with 140 additions and 1 deletions
--- a/group_vars/adm.yml
+++ b/group_vars/adm.yml
@ -2,11 +2,43 @@
 datadisks:
  - {size: 10, type: nvme}

+chrony_allow:
+  - 172.20.25.0/24
+
+unbound_zones:
+  - 25.20.172.in-addr.arpa
+  - oob.foo.sh
+dhcpd_template: dhcpd.conf.oob.j2
+dhcpd_ldap_filter: >-
+  (&(objectClass=ieee802Device)(objectClass=ipHost)(cn=*.oob.foo.sh))
+unbound_config: unbound.conf.oob.j2
+
+network_vip_interfaces:
+  - device: eth0
+    vhid: 11
+    ipaddr: 172.20.20.21
+    netmask: 255.255.240.0
+    pass: "{{ vip21_pass }}"
+  - device: eth1
+    vhid: 25
+    ipaddr: 172.20.25.1
+    netmask: 255.255.255.0
+    pass: "{{ vip25_pass }}"
+    priority: "{{ vip25_priority }}"
+
 firewall_in:
  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 25, from: [172.20.25.0/24]}
+  - {proto: tcp, port: 53, from: [172.20.25.0/24]}
+  - {proto: udp, port: 53, from: [172.20.25.0/24]}
  - {proto: tcp, port: 80, from: [172.20.20.0/22]}
-  - {proto: tcp, port: 443, from: [172.20.20.0/22]}
+  - {proto: udp, port: 123, from: [172.20.25.0/24]}
+  - {proto: tcp, port: 443, from: [172.20.20.0/22, 172.20.25.0/24]}
+  - {proto: udp, port: 514, from: [172.20.25.0/24]}
  - {proto: tcp, port: 9100, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 9116, from: [172.20.20.0/22]}
+firewall_raw:
+  - "ip daddr 224.0.0.0/8 accept"

 sssd_allow_groups:
  - sysadm