stackhpc · priteau · Feb 23, 2026 · Feb 7, 2026 · Feb 11, 2026 · Feb 12, 2026
@@ -1,6 +1,6 @@
 ---
 - name: Ensure APT is configured
-  hosts: seed-hypervisor:seed:overcloud:infra-vms
+  hosts: seed-hypervisor:seed:overcloud:infra-vms:ansible-control
   max_fail_percentage: >-
     {{ apt_max_fail_percentage |
        default(host_configure_max_fail_percentage) |

@@ -19,7 +19,7 @@
         docker_http_proxy: "{{ kolla_http_proxy }}"
         docker_https_proxy: "{{ kolla_https_proxy }}"
         docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
-      when: container_engine == "docker"
+      when: container_engine_enabled | default(true) | bool and container_engine == "docker"
 
 - name: Ensure podman is configured
   hosts: container-engine
@@ -34,4 +34,4 @@
   tasks:
     - include_role:
         name: openstack.kolla.podman
-      when: container_engine == "podman"
+      when: container_engine_enabled | default(true) | bool and container_engine == "podman"
@@ -0,0 +1,23 @@
+---
+- import_playbook: "ssh-known-host.yml"
+- import_playbook: "kayobe-ansible-user.yml"
+- import_playbook: "logging.yml"
+- import_playbook: "proxy.yml"
+- import_playbook: "apt.yml"
+- import_playbook: "dnf.yml"
+- import_playbook: "pip.yml"
+- import_playbook: "kayobe-target-venv.yml"
+- import_playbook: "wipe-disks.yml"
+- import_playbook: "users.yml"
+- import_playbook: "dev-tools.yml"
+- import_playbook: "selinux.yml"
+- import_playbook: "network.yml"
+- import_playbook: "firewall.yml"
+- import_playbook: "tuned.yml"
+- import_playbook: "sysctl.yml"
+- import_playbook: "time.yml"
+- import_playbook: "mdadm.yml"
+- import_playbook: "luks.yml"
+- import_playbook: "lvm.yml"
+- import_playbook: "swap.yml"
+- import_playbook: "container-engine.yml"
@@ -1,6 +1,6 @@
 ---
 - name: Ensure development tools are installed
-  hosts: seed-hypervisor:seed:overcloud:infra-vms
+  hosts: seed-hypervisor:seed:overcloud:infra-vms:ansible-control
   max_fail_percentage: >-
     {{ dev_tools_max_fail_percentage |
        default(host_configure_max_fail_percentage) |

@@ -1,6 +1,6 @@
 ---
 - name: Ensure DNF repos are configured
-  hosts: seed-hypervisor:seed:overcloud:infra-vms
+  hosts: seed-hypervisor:seed:overcloud:infra-vms:ansible-control
   max_fail_percentage: >-
     {{ dnf_max_fail_percentage |
        default(host_configure_max_fail_percentage) |

@@ -1,6 +1,6 @@
 ---
 - name: Ensure firewall is configured
-  hosts: seed-hypervisor:seed:overcloud:infra-vms
+  hosts: seed-hypervisor:seed:overcloud:infra-vms:ansible-control
   max_fail_percentage: >-
     {{ firewall_max_fail_percentage |
        default(host_configure_max_fail_percentage) |

@@ -1,6 +1,6 @@
 ---
 - name: Run a command
-  hosts: seed-hypervisor:seed:overcloud:infra-vms
+  hosts: seed-hypervisor:seed:overcloud:infra-vms:ansible-control
   gather_facts: False
   max_fail_percentage: >-
     {{ host_command_run_max_fail_percentage |

@@ -1,6 +1,6 @@
 ---
 - name: Update host packages
-  hosts: seed-hypervisor:seed:overcloud:infra-vms
+  hosts: seed-hypervisor:seed:overcloud:infra-vms:ansible-control
   max_fail_percentage: >-
     {{ host_package_update_max_fail_percentage |
        default(kayobe_max_fail_percentage) |

@@ -0,0 +1,139 @@
+---
+###############################################################################
+# Ansible control host configuration.
+
+# User with which to access the Ansible control host via SSH during bootstrap,
+# in order to setup the Kayobe user account. Default is {{ os_distribution }}.
+ansible_control_bootstrap_user: "{{ os_distribution }}"
+
+###############################################################################
+# Ansible control host network interface configuration.
+
+# List of networks to which Ansible control host are attached.
+ansible_control_network_interfaces: >
+  {{ (ansible_control_default_network_interfaces +
+      ansible_control_extra_network_interfaces) | select | unique | list }}
+
+# List of default networks to which Ansible control host are attached.
+ansible_control_default_network_interfaces: >
+  {{ [admin_oc_net_name] | select | unique | list }}
+
+# List of extra networks to which Ansible control host are attached.
+ansible_control_extra_network_interfaces: []
+
+###############################################################################
+# Ansible control host software RAID configuration.
+
+# List of software RAID arrays. See mrlesmithjr.mdadm role for format.
+ansible_control_mdadm_arrays: []
+
+###############################################################################
+# Ansible control host encryption configuration.
+
+# List of block devices to encrypt. See stackhpc.luks role for format.
+ansible_control_luks_devices: []
+
+###############################################################################
+# Ansible control host LVM configuration.
+
+# List of Ansible control host volume groups. See mrlesmithjr.manage_lvm role
+# for format.
+ansible_control_lvm_groups: "{{ ansible_control_lvm_groups_default + ansible_control_lvm_groups_extra }}"
+
+# Default list of Ansible control host volume groups. See
+# mrlesmithjr.manage_lvm role for format.
+ansible_control_lvm_groups_default: "{{ [ansible_control_lvm_group_data] if ansible_control_lvm_group_data_enabled | bool else [] }}"
+
+# Additional list of Ansible control host volume groups. See
+# mrlesmithjr.manage_lvm role for format.
+ansible_control_lvm_groups_extra: []
+
+# Whether a 'data' LVM volume group should exist on the Ansible control host.
+# By default this contains a 'docker-volumes' logical volume for Docker volume
+# storage. Default is false.
+ansible_control_lvm_group_data_enabled: false
+
+# Ansible control host LVM volume group for data. See mrlesmithjr.manage_lvm
+# role for format.
+ansible_control_lvm_group_data:
+  vgname: data
+  disks: "{{ ansible_control_lvm_group_data_disks }}"
+  create: True
+  lvnames: "{{ ansible_control_lvm_group_data_lvs }}"
+
+# List of disks for use by Ansible control host LVM data volume group. Default
+# to an invalid value to require configuration.
+ansible_control_lvm_group_data_disks:
+  - changeme
+
+# List of LVM logical volumes for the data volume group.
+ansible_control_lvm_group_data_lvs:
+  - "{{ ansible_control_lvm_group_data_lv_docker_volumes }}"
+
+# Docker volumes LVM backing volume.
+ansible_control_lvm_group_data_lv_docker_volumes:
+  lvname: docker-volumes
+  size: "{{ ansible_control_lvm_group_data_lv_docker_volumes_size }}"
+  create: True
+  filesystem: "{{ ansible_control_lvm_group_data_lv_docker_volumes_fs }}"
+  mount: True
+  mntp: /var/lib/docker/volumes
+
+# Size of docker volumes LVM backing volume.
+ansible_control_lvm_group_data_lv_docker_volumes_size: 75%VG
+
+# Filesystem for docker volumes LVM backing volume. ext4 allows for shrinking.
+ansible_control_lvm_group_data_lv_docker_volumes_fs: ext4
+
+###############################################################################
+# Ansible control host sysctl configuration.
+
+# Dict of sysctl parameters to set.
+ansible_control_sysctl_parameters: {}
+
+###############################################################################
+# Ansible control host tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role. Default is throughput-performance.
+ansible_control_tuned_active_builtin_profile: "throughput-performance"
+
+###############################################################################
+# Ansible control host user configuration.
+
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+ansible_control_users: "{{ users_default }}"
+
+###############################################################################
+# Ansible control host firewalld configuration.
+
+# Whether to install and enable firewalld.
+ansible_control_firewalld_enabled: false
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+ansible_control_firewalld_zones: []
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+ansible_control_firewalld_default_zone:
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+ansible_control_firewalld_rules: []
+
+###############################################################################
+# Ansible control host swap configuration.
+
+# List of swap devices. Each item is a dict containing a 'device' item.
+ansible_control_swap: []
+
+###############################################################################
+# Ansible control host container engine configuration.
+
+# Whether a container engine should be configured. Default is false.
+ansible_control_container_engine_enabled: false
@@ -0,0 +1,3 @@
+---
+# Host/IP with which to access the Ansible control host via SSH.
+ansible_host: "{{ admin_oc_net_name | net_ip }}"
@@ -0,0 +1,7 @@
+---
+# User with which to access the Ansible control host via SSH.
+ansible_user: "{{ kayobe_ansible_user }}"
+
+# User with which to access the Ansible control host before the
+# kayobe_ansible_user account has been created.
+bootstrap_user: "{{ ansible_control_bootstrap_user }}"
@@ -0,0 +1,5 @@
+---
+###############################################################################
+# Ansible control host container engine configuration.
+
+container_engine_enabled: "{{ ansible_control_container_engine_enabled }}"
@@ -0,0 +1,21 @@
+---
+###############################################################################
+# Ansible control host firewalld configuration.
+
+# Whether to install and enable firewalld.
+firewalld_enabled: "{{ ansible_control_firewalld_enabled }}"
+
+# A list of zones to create. Each item is a dict containing a 'zone' item.
+firewalld_zones: "{{ ansible_control_firewalld_zones }}"
+
+# A firewalld zone to set as the default. Default is unset, in which case the
+# default zone will not be changed.
+firewalld_default_zone: "{{ ansible_control_firewalld_default_zone }}"
+
+# A list of firewall rules to apply. Each item is a dict containing arguments
+# to pass to the firewalld module. Arguments are omitted if not provided, with
+# the following exceptions:
+# - offline: true
+# - permanent: true
+# - state: enabled
+firewalld_rules: "{{ ansible_control_firewalld_rules }}"
@@ -0,0 +1,6 @@
+---
+###############################################################################
+# Ansible control host encryption configuration.
+
+# List of block devices to encrypt. See stackhpc.luks role for format.
+luks_devices: "{{ ansible_control_luks_devices }}"
@@ -0,0 +1,6 @@
+---
+###############################################################################
+# Ansible control host LVM configuration.
+
+# List of LVM volume groups.
+lvm_groups: "{{ ansible_control_lvm_groups }}"
@@ -0,0 +1,6 @@
+---
+###############################################################################
+# Ansible control host software RAID configuration.
+
+# List of software RAID arrays. See mrlesmithjr.mdadm role for format.
+mdadm_arrays: "{{ ansible_control_mdadm_arrays }}"
@@ -0,0 +1,6 @@
+---
+###############################################################################
+# Network interface attachments.
+
+# List of networks to which these nodes are attached.
+network_interfaces: "{{ ansible_control_network_interfaces | unique | list }}"
@@ -0,0 +1,6 @@
+---
+###############################################################################
+# Ansible control host swap configuration.
+
+# List of swap devices. Each item is a dict containing a 'device' item.
+swap: "{{ ansible_control_swap }}"
@@ -0,0 +1,3 @@
+---
+# Dict of sysctl parameters to set.
+sysctl_parameters: "{{ ansible_control_sysctl_parameters }}"
@@ -0,0 +1,7 @@
+---
+###############################################################################
+# Ansible control host tuned configuration.
+
+# Builtin tuned profile to use. Format is same as that used by giovtorres.tuned
+# role.
+tuned_active_builtin_profile: "{{ ansible_control_tuned_active_builtin_profile }}"
@@ -0,0 +1,4 @@
+---
+# List of users to create. This should be in a format accepted by the
+# singleplatform-eng.users role.
+users: "{{ ansible_control_users }}"
@@ -1,6 +1,6 @@
 ---
 - name: Ensure IP addresses are allocated
-  hosts: seed-hypervisor:seed:overcloud:infra-vms
+  hosts: seed-hypervisor:seed:overcloud:infra-vms:ansible-control
   max_fail_percentage: >-
     {{ ip_allocation_max_fail_percentage |
        default(host_configure_max_fail_percentage) |