Group vars files for MBS nodes.

inventory/group_vars/mbs-backend

@@ -0,0 +1,42 @@
+---
+lvm_size: 20000
+mem_size: 4096
+num_cpus: 2
+
+# We should set freezes = True for the F27 timeframe.
+freezes: false
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 3000, 3001, 3002, 3003,
+             3004, 3005, 3006, 3007 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-releng
+
+# These people get told when something goes wrong.
+fedmsg_error_recipients:
+- ralph@fedoraproject.org
+- jkaluza@fedoraproject.org
+- fivaldi@fedoraproject.org
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: mbs
+  owner: root
+  group: fedmsg
+  can_send:
+  - mbs.module.state.change
+  - mbs.component.state.change
+
+# For the MOTD
+csi_security_category: High
+csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org
+csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons)
+csi_purpose: Run the module-build-service fedmsg-hub backend (the scheduler)
+csi_relationship: |
+    The fedmsg-hub process running here is responsible for scheduling all rpm
+    builds in koji in response to requests submitted to the MBS API on the
+    mbs-frontend nodes.
+
+    NOTE - this system has a KRB service principal with elevated koji privileges.

inventory/group_vars/mbs-backend-stg

@@ -0,0 +1,42 @@
+---
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 1
+
+# We should set freezes = True for the F27 timeframe.
+freezes: false
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 3000, 3001, 3002, 3003,
+             3004, 3005, 3006, 3007 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-releng
+
+# These people get told when something goes wrong.
+fedmsg_error_recipients:
+- ralph@fedoraproject.org
+- jkaluza@fedoraproject.org
+- fivaldi@fedoraproject.org
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: mbs
+  owner: root
+  group: fedmsg
+  can_send:
+  - mbs.module.state.change
+  - mbs.component.state.change
+
+# For the MOTD
+csi_security_category: High
+csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org
+csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons)
+csi_purpose: Run the module-build-service fedmsg-hub backend (the scheduler)
+csi_relationship: |
+    The fedmsg-hub process running here is responsible for scheduling all rpm
+    builds in koji in response to requests submitted to the MBS API on the
+    mbs-frontend nodes.
+
+    NOTE - this system has a KRB service principal with elevated koji privileges.

inventory/group_vars/mbs-frontend

@@ -0,0 +1,46 @@
+---
+lvm_size: 20000
+mem_size: 4096
+num_cpus: 2
+
+# Set this to True for the F27 release and onwards.
+freezes: false
+
+# Definining these vars has a number of effects
+# 1) mod_wsgi is configured to use the vars for its own setup
+# 2) iptables opens enough ports for all threads for fedmsg
+# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
+wsgi_fedmsg_service: mbs
+wsgi_procs: 2
+wsgi_threads: 2
+
+tcp_ports: [ 80 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc,sysadmin-releng
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: mbs
+  owner: root
+  group: apache 
+  can_send:
+  - mbs.module.state.change
+  # Only the backend sends this message..
+  #- mbs.component.state.change
+
+# For the MOTD
+csi_security_category: Moderate 
+csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org
+csi_purpose: Run the module-build-service frontend API.
+csi_relationship: |
+    The apache/mod_wsgi app is the only thing really running here
+
+    This host relies on db01 for its database of activity (what module builds
+    are in flight?)
+
+    It has no special credentials itself.  When a module build it submitted, it
+    makes a note in the DB and publishes a fedmsg message.  The mbs backend
+    nodes do all the work of talking to koji.

inventory/group_vars/mbs-frontend-stg

@@ -0,0 +1,46 @@
+---
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 1
+
+# Set this to True for the F27 release and onwards.
+freezes: false
+
+# Definining these vars has a number of effects
+# 1) mod_wsgi is configured to use the vars for its own setup
+# 2) iptables opens enough ports for all threads for fedmsg
+# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
+wsgi_fedmsg_service: mbs
+wsgi_procs: 2
+wsgi_threads: 2
+
+tcp_ports: [ 80 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc,sysadmin-releng
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: mbs
+  owner: root
+  group: apache 
+  can_send:
+  - mbs.module.state.change
+  # Only the backend sends this message..
+  #- mbs.component.state.change
+
+# For the MOTD
+csi_security_category: Moderate 
+csi_primary_contact: Modularity WG - modularity-wg-members@fedoraproject.org
+csi_purpose: Run the module-build-service frontend API.
+csi_relationship: |
+    The apache/mod_wsgi app is the only thing really running here
+
+    This host relies on db01 for its database of activity (what module builds
+    are in flight?)
+
+    It has no special credentials itself.  When a module build it submitted, it
+    makes a note in the DB and publishes a fedmsg message.  The mbs backend
+    nodes do all the work of talking to koji.