ansible/inventory/group_vars/autosign

---
# Define resources for this group of hosts here. 
lvm_size: 30000
mem_size: 2048
num_cpus: 2

# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file

# Make connections from signing bridges stateless, they break sigul connections
# https://bugzilla.redhat.com/show_bug.cgi?id=1283364
custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org,secondary-bridge01.phx2.fedoraproject.org -j ACCEPT']

ansible_ifcfg_whitelist:
- eth0
- eth1

fas_client_groups: sysadmin-releng
host_group: autosign

fedmsg_error_recipients:
- puiterwijk@fedoraproject.org

nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"

# For the MOTD
csi_security_category: High
csi_primary_contact: Release Engineering - rel-eng@lists.fedoraproject.org
csi_purpose: Automatically sign Rawhide and Branched packages
csi_relationship: |
    This host will run the autosigner.py script which should automatically sign
    new rawhide and branched builds.  It listens to koji over fedmsg for
    notifications of new builds, and then asks sigul, the signing server, to
    sign the rpms and store the new rpm header back in Koji.

    The script[1] currently runs in the foreground from a git checkout.

    [1] https://pagure.io/releng/blob/master/f/scripts/autosigner.py
Add qadevel/qadevel-stg and autosign 2014-05-23 16:48:59 +00:00			`---`
			`# Define resources for this group of hosts here.`
			`lvm_size: 30000`
			`mem_size: 2048`
			`num_cpus: 2`

			`# for systems that do not match the above - specify the same parameter in`
			`# the host_vars/$hostname file`

autosign: make connections from sigul stateless 2015-12-07 19:54:43 +01:00			`# Make connections from signing bridges stateless, they break sigul connections`
			`# https://bugzilla.redhat.com/show_bug.cgi?id=1283364`
move secondary sigul to phx2 forward zone 2016-05-23 17:25:05 +00:00			`custom_rules: ['-A INPUT --proto tcp --sport 44334 --source sign-bridge01.phx2.fedoraproject.org,secondary-bridge01.phx2.fedoraproject.org -j ACCEPT']`
autosign: make connections from sigul stateless 2015-12-07 19:54:43 +01:00
Only use eth0 on autosign boxes Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-09-14 18:07:31 +00:00			`ansible_ifcfg_whitelist:`
			`- eth0`
Also configure eth1 for autosign Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-10-17 10:12:57 +00:00			`- eth1`
Only use eth0 on autosign boxes Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-09-14 18:07:31 +00:00
Add qadevel/qadevel-stg and autosign 2014-05-23 16:48:59 +00:00			`fas_client_groups: sysadmin-releng`
autosign: define host_group var 2014-06-24 23:57:09 +02:00			`host_group: autosign`
Add CSI information for autosigner01. 2015-02-02 15:18:04 +00:00
Send autosign errors to me until we find out what list to target Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-10-17 14:15:57 +00:00			`fedmsg_error_recipients:`
			`- puiterwijk@fedoraproject.org`

for now, lets move back to NFSv3 until storage issue is figured out 2017-09-29 21:53:59 +00:00			`nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"`
Enable rw for autosign nfs Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-10-17 10:22:06 +00:00
Add CSI information for autosigner01. 2015-02-02 15:18:04 +00:00			`# For the MOTD`
			`csi_security_category: High`
			`csi_primary_contact: Release Engineering - rel-eng@lists.fedoraproject.org`
Update autosign purpose 2015-06-05 10:12:53 +02:00			`csi_purpose: Automatically sign Rawhide and Branched packages`
Add CSI information for autosigner01. 2015-02-02 15:18:04 +00:00			`csi_relationship: \|`
Update autosign purpose 2015-06-05 10:12:53 +02:00			`This host will run the autosigner.py script which should automatically sign`
			`new rawhide and branched builds. It listens to koji over fedmsg for`
Add CSI information for autosigner01. 2015-02-02 15:18:04 +00:00			`notifications of new builds, and then asks sigul, the signing server, to`
			`sign the rpms and store the new rpm header back in Koji.`

			`The script[1] currently runs in the foreground from a git checkout.`

It looks like the autosigner script moved. 2016-07-24 19:07:29 +00:00			`[1] https://pagure.io/releng/blob/master/f/scripts/autosigner.py`