From 3665a3e10a716cba319ed225f96128e8abac2cec Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 20 Nov 2015 20:19:56 +0000
Subject: [PATCH] Add CSI vars from Juan Jimenez-Anca. Thanks!

---
 inventory/group_vars/bastion        | 15 ++++++++++++++-
 inventory/group_vars/copr-back      | 11 +++++++++++
 inventory/group_vars/copr-back-stg  |  9 +++++++++
 inventory/group_vars/copr-front     | 11 +++++++++++
 inventory/group_vars/copr-front-stg |  5 +++++
 5 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion
index 87a0e33e91..40733b4fea 100644
--- a/inventory/group_vars/bastion
+++ b/inventory/group_vars/bastion
@@ -1,5 +1,5 @@
 ---
-# Define resources for this group of hosts here. 
+# Define resources for this group of hosts here.
 lvm_size: 20000
 mem_size: 8192
 num_cpus: 4
@@ -37,3 +37,16 @@ fas_aliases: true
 #
 nrpe_procs_warn: 1100
 nrpe_procs_crit: 1200
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: High
+csi_primary_contact: sysadmin-main admin@fedoraproject.org
+csi_purpose: SSH proxy to access infrastructure not exposed to the web
+csi_relationship:
+  * Provides ssh access to all phx2/vpn connected servers.
+  * Bastion is the hub for all infrastructure's VPN connections.
+  * All incoming SMTP from phx2 and VPN, as well as outgoing SMTP, pass or are filtered here.
+  * Bastion does not accept any mail outside phx2/vpn.
diff --git a/inventory/group_vars/copr-back b/inventory/group_vars/copr-back
index 6d598e4b33..c2a279fa39 100644
--- a/inventory/group_vars/copr-back
+++ b/inventory/group_vars/copr-back
@@ -20,3 +20,14 @@ do_sign: "true"
 
 spawn_in_advance: "true"
 frontend_base_url: "https://copr-fe.cloud.fedoraproject.org"
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: High
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide the backend for copr (3rd party packages)
+csi_relationship:
+  * Backend: Management of copr cloud infrastructure (OpenStack).
+  * Small frontend with copr's public stats
diff --git a/inventory/group_vars/copr-back-stg b/inventory/group_vars/copr-back-stg
index 7c0fb6addf..42ac9fa271 100644
--- a/inventory/group_vars/copr-back-stg
+++ b/inventory/group_vars/copr-back-stg
@@ -18,3 +18,12 @@ do_sign: "true"
 
 spawn_in_advance: "false"
 frontend_base_url: "http://copr-fe-dev.cloud.fedoraproject.org"
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: Moderate
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide the testing environment of copr's backend
+csi_relationship: This host is the testing environment for the cloud infrastructure of copr's backend
diff --git a/inventory/group_vars/copr-front b/inventory/group_vars/copr-front
index 7dcfcd7661..628ab7868a 100644
--- a/inventory/group_vars/copr-front
+++ b/inventory/group_vars/copr-front
@@ -1,3 +1,14 @@
 ---
 copr_hostname: "copr-fe.cloud.fedoraproject.org"
 copr_frontend_public_hostname: "copr.fedoraproject.org"
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: Moderate
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr)
+csi_relationship:
+  * This host provides the frontend part of copr only.
+  * It's the point of contact between end users and the copr build system (backend, package singer)
diff --git a/inventory/group_vars/copr-front-stg b/inventory/group_vars/copr-front-stg
index 835a21a409..e12e6e20d7 100644
--- a/inventory/group_vars/copr-front-stg
+++ b/inventory/group_vars/copr-front-stg
@@ -1,2 +1,7 @@
 ---
 copr_frontend_public_hostname: "copr-fe-dev.cloud.fedoraproject.org"
+
+csi_security_category: Low
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide the testing environment of copr's frontend
+csi_relationship: This host is the testing environment for copr's web interface