From 10dac19ac8425acb6828a97fb8a02c357129fdd7 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 2 Sep 2015 17:06:48 +0000 Subject: [PATCH] Move some more vars around for the bodhi-backend split out. --- inventory/group_vars/bodhi-backend | 33 ++----------------- .../bodhi-backend01.phx2.fedoraproject.org | 31 +++++++++++++++++ .../bodhi-backend02.phx2.fedoraproject.org | 5 +++ 3 files changed, 39 insertions(+), 30 deletions(-) diff --git a/inventory/group_vars/bodhi-backend b/inventory/group_vars/bodhi-backend index 5403669129..55ac1e8791 100644 --- a/inventory/group_vars/bodhi-backend +++ b/inventory/group_vars/bodhi-backend @@ -36,36 +36,9 @@ nrpe_procs_crit: 1000 host_group: releng -# These are consumed by a task in roles/fedmsg/base/main.yml -fedmsg_certs: -# This first cert is used by the push-tool. releng members run it and it fires -# off a simple fedmsg message that the masher (running as fedmsg-hub) is -# listening for. It then does all the worker. -- service: shell - owner: root - group: masher - can_send: - - bodhi.masher.start -# These are certs for the masher to publish its own messages as it progresses. -- service: bodhi - owner: root - group: masher - can_send: - - bodhi.mashtask.complete - - bodhi.mashtask.mashing - - bodhi.mashtask.start - - bodhi.mashtask.sync.done - - bodhi.mashtask.sync.wait - - bodhi.errata.publish - - bodhi.update.eject - - bodhi.update.complete.testing - - bodhi.update.complete.stable -- service: ftpsync - owner: root - group: ftpsync - can_send: - - bodhi.updates.epel.sync - - bodhi.updates.fedora.sync +## XXX -- note that the fedmsg_certs declaration does not happen here, but +# happens instead at the inventory/host_vars/ level since bodhi-backend01 and +# bodhi-backend02 have different roles and responsibilities. nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" diff --git a/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org b/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org index 197cc49fae..d533ab6071 100644 --- a/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org +++ b/inventory/host_vars/bodhi-backend01.phx2.fedoraproject.org @@ -9,6 +9,37 @@ eth0_ip: 10.5.125.135 eth1_ip: 10.5.127.61 vmhost: bvirthost10.phx2.fedoraproject.org +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +# This first cert is used by the push-tool. releng members run it and it fires +# off a simple fedmsg message that the masher (running as fedmsg-hub) is +# listening for. It then does all the worker. +- service: shell + owner: root + group: masher + can_send: + - bodhi.masher.start +# These are certs for the masher to publish its own messages as it progresses. +- service: bodhi + owner: root + group: masher + can_send: + - bodhi.mashtask.complete + - bodhi.mashtask.mashing + - bodhi.mashtask.start + - bodhi.mashtask.sync.done + - bodhi.mashtask.sync.wait + - bodhi.errata.publish + - bodhi.update.eject + - bodhi.update.complete.testing + - bodhi.update.complete.stable +- service: ftpsync + owner: root + group: ftpsync + can_send: + - bodhi.updates.epel.sync + - bodhi.updates.fedora.sync + # For the MOTD csi_security_category: Medium diff --git a/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org b/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org index c731eb6a1c..1de63837a2 100644 --- a/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org +++ b/inventory/host_vars/bodhi-backend02.phx2.fedoraproject.org @@ -9,6 +9,11 @@ eth0_ip: 10.5.125.136 eth1_ip: 10.5.127.62 vmhost: bvirthost06.phx2.fedoraproject.org +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: sysadmin # For the MOTD csi_security_category: Low