diff --git a/inventory/group_vars/mbs-backend b/inventory/group_vars/mbs-backend new file mode 100644 index 0000000000..96be974126 --- /dev/null +++ b/inventory/group_vars/mbs-backend @@ -0,0 +1,42 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# We should set freezes = True for the F27 timeframe. +freezes: false + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +fas_client_groups: sysadmin-noc,sysadmin-releng + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- fivaldi@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: root + group: fedmsg + can_send: + - mbs.module.state.change + - mbs.component.state.change + +# For the MOTD +csi_security_category: High +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons) +csi_purpose: Run the module-build-service fedmsg-hub backend (the scheduler) +csi_relationship: | + The fedmsg-hub process running here is responsible for scheduling all rpm + builds in koji in response to requests submitted to the MBS API on the + mbs-frontend nodes. + + NOTE - this system has a KRB service principal with elevated koji privileges. diff --git a/inventory/group_vars/mbs-backend-stg b/inventory/group_vars/mbs-backend-stg new file mode 100644 index 0000000000..8bb8b455b4 --- /dev/null +++ b/inventory/group_vars/mbs-backend-stg @@ -0,0 +1,42 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# We should set freezes = True for the F27 timeframe. +freezes: false + +# for systems that do not match the above - specify the same parameter in +# the host_vars/$hostname file + +tcp_ports: [ 3000, 3001, 3002, 3003, + 3004, 3005, 3006, 3007 ] + +fas_client_groups: sysadmin-noc,sysadmin-releng + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- ralph@fedoraproject.org +- jkaluza@fedoraproject.org +- fivaldi@fedoraproject.org + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: root + group: fedmsg + can_send: + - mbs.module.state.change + - mbs.component.state.change + +# For the MOTD +csi_security_category: High +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons) +csi_purpose: Run the module-build-service fedmsg-hub backend (the scheduler) +csi_relationship: | + The fedmsg-hub process running here is responsible for scheduling all rpm + builds in koji in response to requests submitted to the MBS API on the + mbs-frontend nodes. + + NOTE - this system has a KRB service principal with elevated koji privileges. diff --git a/inventory/group_vars/mbs-frontend b/inventory/group_vars/mbs-frontend new file mode 100644 index 0000000000..34e3981f0a --- /dev/null +++ b/inventory/group_vars/mbs-frontend @@ -0,0 +1,46 @@ +--- +lvm_size: 20000 +mem_size: 4096 +num_cpus: 2 + +# Set this to True for the F27 release and onwards. +freezes: false + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: mbs +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: root + group: apache + can_send: + - mbs.module.state.change + # Only the backend sends this message.. + #- mbs.component.state.change + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run the module-build-service frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + This host relies on db01 for its database of activity (what module builds + are in flight?) + + It has no special credentials itself. When a module build it submitted, it + makes a note in the DB and publishes a fedmsg message. The mbs backend + nodes do all the work of talking to koji. diff --git a/inventory/group_vars/mbs-frontend-stg b/inventory/group_vars/mbs-frontend-stg new file mode 100644 index 0000000000..1c104763c7 --- /dev/null +++ b/inventory/group_vars/mbs-frontend-stg @@ -0,0 +1,46 @@ +--- +lvm_size: 20000 +mem_size: 2048 +num_cpus: 1 + +# Set this to True for the F27 release and onwards. +freezes: false + +# Definining these vars has a number of effects +# 1) mod_wsgi is configured to use the vars for its own setup +# 2) iptables opens enough ports for all threads for fedmsg +# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads +wsgi_fedmsg_service: mbs +wsgi_procs: 2 +wsgi_threads: 2 + +tcp_ports: [ 80 ] + +# Neeed for rsync from log01 for logs. +custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] + +fas_client_groups: sysadmin-noc,sysadmin-releng + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: mbs + owner: root + group: apache + can_send: + - mbs.module.state.change + # Only the backend sends this message.. + #- mbs.component.state.change + +# For the MOTD +csi_security_category: Moderate +csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org +csi_purpose: Run the module-build-service frontend API. +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + This host relies on db01 for its database of activity (what module builds + are in flight?) + + It has no special credentials itself. When a module build it submitted, it + makes a note in the DB and publishes a fedmsg message. The mbs backend + nodes do all the work of talking to koji.