Move some more vars around for the bodhi-backend split out.

inventory/group_vars/bodhi-backend

@@ -36,36 +36,9 @@ nrpe_procs_crit: 1000
 
 host_group: releng
 
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
-# This first cert is used by the push-tool.   releng members run it and it fires
-# off a simple fedmsg message that the masher (running as fedmsg-hub) is
-# listening for.  It then does all the worker.
-- service: shell
-  owner: root
-  group: masher
-  can_send:
-  - bodhi.masher.start
-# These are certs for the masher to publish its own messages as it progresses.
-- service: bodhi
-  owner: root
-  group: masher
-  can_send:
-  - bodhi.mashtask.complete
-  - bodhi.mashtask.mashing
-  - bodhi.mashtask.start
-  - bodhi.mashtask.sync.done
-  - bodhi.mashtask.sync.wait
-  - bodhi.errata.publish
-  - bodhi.update.eject
-  - bodhi.update.complete.testing
-  - bodhi.update.complete.stable
-- service: ftpsync
-  owner: root
-  group: ftpsync
-  can_send:
-  - bodhi.updates.epel.sync
-  - bodhi.updates.fedora.sync
+## XXX -- note that the fedmsg_certs declaration does not happen here, but
+# happens instead at the inventory/host_vars/ level since bodhi-backend01 and
+# bodhi-backend02 have different roles and responsibilities.
 
 nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
 

inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org

@@ -9,6 +9,37 @@ eth0_ip: 10.5.125.135
 eth1_ip: 10.5.127.61
 vmhost: bvirthost10.phx2.fedoraproject.org
 
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+# This first cert is used by the push-tool.   releng members run it and it fires
+# off a simple fedmsg message that the masher (running as fedmsg-hub) is
+# listening for.  It then does all the worker.
+- service: shell
+  owner: root
+  group: masher
+  can_send:
+  - bodhi.masher.start
+# These are certs for the masher to publish its own messages as it progresses.
+- service: bodhi
+  owner: root
+  group: masher
+  can_send:
+  - bodhi.mashtask.complete
+  - bodhi.mashtask.mashing
+  - bodhi.mashtask.start
+  - bodhi.mashtask.sync.done
+  - bodhi.mashtask.sync.wait
+  - bodhi.errata.publish
+  - bodhi.update.eject
+  - bodhi.update.complete.testing
+  - bodhi.update.complete.stable
+- service: ftpsync
+  owner: root
+  group: ftpsync
+  can_send:
+  - bodhi.updates.epel.sync
+  - bodhi.updates.fedora.sync
+
 
 # For the MOTD
 csi_security_category: Medium

inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org

@@ -9,6 +9,11 @@ eth0_ip: 10.5.125.136
 eth1_ip: 10.5.127.62
 vmhost: bvirthost06.phx2.fedoraproject.org
 
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
 
 # For the MOTD
 csi_security_category: Low