Add happinesspackets-stg. Add fedmsg/base to both to get fedmsg certs. Adjust proxies firewall to allow sending.

inventory/cloud

@@ -48,6 +48,7 @@ fedimg-dev.fedorainfracloud.org
 fedora-bootstrap.fedorainfracloud.org
 glittergallery-dev.fedorainfracloud.org
 happinesspackets.fedorainfracloud.org
+happinesspackets-stg.fedorainfracloud.org
 iddev.fedorainfracloud.org
 java-deptools.fedorainfracloud.org
 simple-koji-ci-dev.fedorainfracloud.org

inventory/group_vars/proxies

@@ -47,19 +47,15 @@ custom_rules: [
 
     # Allow copr-be.cloud to talk to the inbound fedmsg relay.
     '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.48 -j ACCEPT',
-    # Also, ppc-hub.qa.fedoraproject.org (secondary arch koji)
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT',
-    # Also, arm-koji01.qa.fedoraproject.org (secondary arch)
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.138 -j ACCEPT',
+
+    # Allow happinesspackets.fedorainfracloud.org to talk to inbound fedmsg relay.
+    '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.58 -j ACCEPT',
 
     # Allow retrace/faf to talk to the inbound fedmsg relay.
     # retrace01.qa.fedoraproject.org
     '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.171 -j ACCEPT',
     # retrace02.qa.fedoraproject.org
     '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.172 -j ACCEPT',
-    # Also, s390-hub01.s390.fedoraproject.org (secondary arch)
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.129.180 -j ACCEPT',
-
     # Allow resultsdb talk to the inbound fedmsg relay.
     '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.124.207 -j ACCEPT',
     # Allow openqa01 to talk to the inbound fedmsg relay.

inventory/group_vars/proxies-stg

@@ -46,12 +46,6 @@ custom_rules: [
 
     # Allow copr-be.cloud to talk to the inbound fedmsg relay.
     '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.131 -j ACCEPT',
-    # Also, ppc-hub.qa.fedoraproject.org (secondary arch koji)
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.21 -j ACCEPT',
-    # Also, s390-hub01.qa.fedoraproject.org (secondary arch)
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.18 -j ACCEPT',
-    # Also, arm-hub01.qa.fedoraproject.org (secondary arch)
-    '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.31 -j ACCEPT',
 
     # Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
     # Contact cydrobolt about the status of this.  It hasn't hit prod status
@@ -69,6 +63,9 @@ custom_rules: [
 
     # Allow openqa to talk to the inbound fedmsg relay.
     '-A INPUT -p tcp -m tcp --dport 9941 -s 10.5.131.72 -j ACCEPT',
+    
+    # Allow happinesspackets-stg.fedorainfracloud.org to talk to the inbound fedmsg relay
+    '-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.181.123 -j ACCEPT',
  ]
 
 fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran

playbooks/hosts/happinesspackets-stg.fedorainfracloud.org.yml

@@ -0,0 +1,41 @@
+- name: check/create instance
+  hosts: happinesspackets-stg.fedorainfracloud.org
+  gather_facts: False
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - /srv/private/ansible/vars.yml
+   - /srv/web/infra/ansible/vars/fedora-cloud.yml
+   - /srv/private/ansible/files/openstack/passwords.yml
+
+  tasks:
+  - import_tasks: "{{ tasks_path }}/persistent_cloud.yml"
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+
+
+- name: setup all the things
+  hosts: happinesspackets-stg.fedorainfracloud.org
+  gather_facts: True
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - /srv/private/ansible/vars.yml
+   - /srv/private/ansible/files/openstack/passwords.yml
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  pre_tasks:
+  - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
+
+  - name: set hostname (required by some services, at least postfix need it)
+    hostname: name="{{inventory_hostname}}"
+
+  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+
+  roles:
+  - basessh
+  - fedmsg/base
+
+  handlers:
+  - import_tasks: "{{ handlers_path }}/restart_services.yml"
+

playbooks/hosts/happinesspackets.fedorainfracloud.org.yml

@@ -34,6 +34,7 @@
 
   roles:
   - basessh
+  - fedmsg/base
 
   handlers:
   - import_tasks: "{{ handlers_path }}/restart_services.yml"