-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathjumphost.yml
24 lines (24 loc) · 971 Bytes
/
jumphost.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
iptables_allow_icmp_inbound:
- ANY
iptables_allow_https_inbound:
- ANY # Port 443 is used as fallback for SSH on jumphosts. Port 443 outbound is allowed by default.
iptables_allow_ssh_inbound:
- ANY
iptables_allow_ssh_outbound:
- ANY
ssh_host_signer_hostnames: "{{ inventory_hostname }}\
{% for network_id in ip_addresses[inventory_hostname] %}\
{% if ip_addresses[inventory_hostname][network_id]['fqdn'] is defined and
ip_addresses[inventory_hostname][network_id]['fqdn'] | length >= 1 %}\
{% if ip_addresses[inventory_hostname][network_id]['fqdn'] == 'NXDOMAIN' %}\
,{{ ip_addresses[inventory_hostname][network_id]['address'] }}\
{% else %}\
,{{ ip_addresses[inventory_hostname][network_id]['fqdn'] }}\
{% endif %}\
{% endif %}\
{% endfor %}"
# This is enforcing that jumphosts use `yum_repos` for defining repositories,
# since jumphosts cannot use Pulp
repo_manager: 'none'
...