Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Remove obsolete Ansible group var files

Browse source 
- buildaarch74, buildarm, buildarm_stg
- copr_front, copr_front_dev, copr_front_stg
- dhcp
- faf_stg
- fas, fas_stg
- fedocal, fedocal_stg
- lockbox
- mirrorlist2, mirrorlist2_stg
- nuancier, nuancier_stg
- postgresql_server
- resultsdb_iad_prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen 2021-01-25 12:38:13 +01:00 committed by kevin
parent d6cdeb7aea
commit 54b72eba2c
20 changed files with 3 additions and 623 deletions
Download patch file Download diff file Expand all files Collapse all files

7
inventory/group_vars/buildaarch64
View file

@ -1,7 +0,0 @@
---
sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
koji_hub_nfs: "fedora_arm"
koji_server_url: "https://arm.koji.fedoraproject.org/kojihub"
koji_weburl: "https://arm.koji.fedoraproject.org/koji"
koji_topurl: "https://armpkgs.fedoraproject.org/"

28
inventory/group_vars/buildarm
View file

@ -1,28 +0,0 @@
---
host_group: kojibuilder
fas_client_groups: sysadmin-releng
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
ansible_ifcfg_blocklist: true
koji_server_url: "https://koji.fedoraproject.org/kojihub"
koji_weburl: "https:/koji.fedoraproject.org/koji"
koji_topurl: "https://kojipkgs.fedoraproject.org/"
# These variables are pushed into /etc/system_identification by the base role.
# Groups and individual hosts should ovveride them with specific info.
# See http://infrastructure.fedoraproject.org/csi/security-policy/
csi_security_category: High
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This group builds packages for arm architecture.
csi_relationship: |
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
# These variables are for koji-containerbuild/osbs
osbs_url: "osbs.fedoraproject.org"
docker_registry: "candidate-registry.fedoraproject.org"
source_registry: "registry.fedoraproject.org"
koji_root: "koji.fedoraproject.org/koji"
koji_hub: "koji.fedoraproject.org/kojihub"

28
inventory/group_vars/buildarm_stg
View file

@ -1,28 +0,0 @@
---
host_group: kojibuilder
fas_client_groups: sysadmin-releng
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
ansible_ifcfg_blocklist: true
koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"
koji_weburl: "https:/koji.stg.fedoraproject.org/koji"
koji_topurl: "https://kojipkgs.stg.fedoraproject.org/"
# These variables are pushed into /etc/system_identification by the base role.
# Groups and individual hosts should ovveride them with specific info.
# See http://infrastructure.fedoraproject.org/csi/security-policy/
csi_security_category: High
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This group builds packages for arm architecture.
csi_relationship: |
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
# These variables are for koji-containerbuild/osbs
osbs_url: "osbs.stg.fedoraproject.org"
docker_registry: "candidate-registry.stg.fedoraproject.org"
source_registry: "registry.fedoraproject.org"
koji_root: "koji.stg.fedoraproject.org/koji"
koji_hub: "koji.stg.fedoraproject.org/kojihub"

20
inventory/group_vars/copr_front
View file

@ -1,20 +0,0 @@
---
copr_hostname: "copr-fe.cloud.fedoraproject.org"
copr_frontend_public_hostname: "copr.fedorainfracloud.org"
# These variables are pushed into /etc/system_identification by the base role.
# Groups and individual hosts should override them with specific info.
# See http://infrastructure.fedoraproject.org/csi/security-policy/
csi_security_category: Moderate
csi_primary_contact: "msuchy (mirek), frostyx, praiskup IRC #fedora-admin, #fedora-buildsys"
csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr)
csi_relationship: |
- This host provides the frontend part of copr only.
- It's the point of contact between end users and the copr build system (backend, package singer)
copr_pagure_events:
io.pagure.prod.pagure: "https://pagure.io/"
org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/"
copr_messaging_queue: "a9b74258-21c6-4e79-ba65-9e858dc84a2b"

33
inventory/group_vars/copr_front_dev
View file

@ -1,33 +0,0 @@
---
copr_frontend_public_hostname: "copr-fe-dev.cloud.fedoraproject.org"
fas_client_groups: sysadmin-copr,fi-apprentice,sysadmin-noc,sysadmin-veteran
csi_security_category: Low
csi_primary_contact: "msuchy (mirek), frostyx, praiskup IRC #fedora-admin, #fedora-buildsys"
csi_purpose: Provide the testing environment of copr's frontend
csi_relationship: This host is the testing environment for copr's web interface
copr_mbs_cli_login: Y29wcg==##vtvvikhcjncwkfkdcssv
# consumed by roles/copr/certbot
letsencrypt:
predefined_deploy_script: httpd
certificates:
copr-fe-dev.cloud.fedoraproject.org:
domains:
- copr-fe-dev.cloud.fedoraproject.org
challenge_dir: /var/www/html
mail: copr-devel@lists.fedorahosted.org
whitelist_emails:
- msuchy@redhat.com
- praiskup@redhat.com
- jkadlcik@redhat.com
- schlupov@redhat.com
copr_pagure_events:
io.pagure.prod.pagure: "https://pagure.io/"
org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/"
io.pagure.stg.pagure: "https://stg.pagure.io"
copr_messaging_queue: "c8e11df7-e863-4ca4-99b9-d37c6663c7f7"

33
inventory/group_vars/copr_front_stg
View file

@ -1,33 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 10000
mem_size: 2048
num_cpus: 1
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
copr_frontend_public_hostname: "copr.stg.fedoraproject.org"
copruser_db_password: "{{ copruser_db_password_stg }}"
tcp_ports: [ 80 ]
custom_rules: [
# Need for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
]
fas_client_groups: sysadmin-copr,fi-apprentice,sysadmin-noc,sysadmin-veteran
freezes: false
# For the MOTD
csi_security_category: Low
csi_primary_contact: Fedora admins - admin@fedoraproject.org
csi_purpose: Copr community build service
csi_relationship: |
This machine depends on:
- PostgreSQL DB server
- bastion (for mail relay)

13
inventory/group_vars/dhcp
View file

@ -1,13 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 10000
mem_size: 1024
num_cpus: 1
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 68 ]
udp_ports: [ 69 ]
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-veteran

17
inventory/group_vars/faf_stg
View file

@ -1,17 +0,0 @@
---
fas_client_groups: retrace
tcp_ports: [ 80, 443 ]
sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers"
nagios_Check_Services:
mail: false
nrpe: false
swap: false
# kernel SHMMAX value
kernel_shmmax: 687194767
shared_buffers: "1GB"
effective_cache_size: "3GB"

53
inventory/group_vars/fas
View file

@ -1,53 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 30000
mem_size: 16384
num_cpus: 8
virt_install_command: "{{ virt_install_command_rhel6 }}"
base_pkgs_inst: ['iptables']
base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail','firewalld']
service_disabled: []
service_enabled: []
is_rhel: True
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
wsgi_fedmsg_service: fas
wsgi_procs: 40
wsgi_threads: 1
tcp_ports: [ 80, 873, 8443, 8444 ]
fas_client_groups: sysadmin-main,sysadmin-accounts
master_fas_node: False
gen_cert: False
# A host group for rsync config
rsync_group: fas
nrpe_procs_warn: 300
nrpe_procs_crit: 500
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: fas
owner: root
group: fas
can_send:
- fas.group.create
- fas.group.member.apply
- fas.group.member.remove
- fas.group.member.sponsor
- fas.group.update
- fas.role.update
- fas.user.create
- fas.user.update

53
inventory/group_vars/fas_stg
View file

@ -1,53 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 30000
mem_size: 8192
num_cpus: 2
virt_install_command: "{{ virt_install_command_rhel6 }}"
base_pkgs_inst: ['iptables']
base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail','firewalld']
service_disabled: []
service_enabled: []
is_rhel: True
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
wsgi_fedmsg_service: fas
wsgi_procs: 40
wsgi_threads: 1
tcp_ports: [ 80, 873, 8443, 8444 ]
fas_client_groups: sysadmin-main,sysadmin-accounts
master_fas_node: False
gen_cert: False
# A host group for rsync config
rsync_group: fas
nrpe_procs_warn: 300
nrpe_procs_crit: 500
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: fas
owner: root
group: fas
can_send:
- fas.group.create
- fas.group.member.apply
- fas.group.member.remove
- fas.group.member.sponsor
- fas.group.update
- fas.role.update
- fas.user.create
- fas.user.update

41
inventory/group_vars/fedocal
View file

@ -1,41 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 4096
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 80, 443,
# These 16 ports are used by fedmsg. One for each wsgi thread.
3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
freezes: false
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: fedocal
owner: root
group: apache
can_send:
- fedocal.calendar.clear
- fedocal.calendar.delete
- fedocal.calendar.new
- fedocal.calendar.update
- fedocal.calendar.upload
- fedocal.meeting.delete
- fedocal.meeting.new
- fedocal.meeting.reminder
- fedocal.meeting.update

41
inventory/group_vars/fedocal_stg
View file

@ -1,41 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 1024
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [ 80, 443,
# These 16 ports are used by fedmsg. One for each wsgi thread.
3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
freezes: false
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: fedocal
owner: root
group: apache
can_send:
- fedocal.calendar.clear
- fedocal.calendar.delete
- fedocal.calendar.new
- fedocal.calendar.update
- fedocal.calendar.upload
- fedocal.meeting.delete
- fedocal.meeting.new
- fedocal.meeting.reminder
- fedocal.meeting.update

33
inventory/group_vars/lockbox
View file

@ -1,33 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 2048
num_cpus: 2
tcp_ports: [ 443 ]
fas_client_groups: sysadmin-noc,sysadmin-qa,fi-apprentice,sysadmin-veteran
# These are consumed by a task in roles/fedmsg/base/main.yml
# We don't really use the announce cert.. but it was supposed to be a way for
# the FPL and other powers that be to broadcast announcements, like the FCC's
# emergency broadcast system. The cert are group are here.. but no tools on the
# client side are configured to do anything with this yet.
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- ansible.playbook.complete
- ansible.playbook.start
- logger.log
- service: announce
owner: root
group: fedmsg-announce
can_send:
- announce.announcement
- service: scm
owner: root
group: sysadmin
can_send:
- infragit.receive

29
inventory/group_vars/mirrorlist2
View file

@ -1,29 +0,0 @@
---
lvm_size: 20000
mem_size: 8192
num_cpus: 4
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 443 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 80 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 443 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 67.219.144.68/32 --dport 443 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 5.175.150.50/32 --dport 443 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 152.19.134.142/32 --dport 443 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 140.211.169.196/32 --dport 443 -j ACCEPT', ]
custom6_rules: [ '-A INPUT -p tcp -m tcp -s 2610:28:3090:3001:dead:beef:cafe:fed3 --dport 443 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 2604:1580:fe00:0:dead:beef:cafe:fed1 --dport 443 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 2a00:d1a0:1::131 --dport 443 -j ACCEPT', ]
collectd_apache: true
fas_client_groups: sysadmin-web,sysadmin-noc,fi-apprentice,sysadmin-veteran
nrpe_procs_warn: 1200
nrpe_procs_crit: 1400
# By default run 45 wsgi procs
mirrorlist_procs: 60
# Set this to get the vpn postfix setup
postfix_group: vpn

20
inventory/group_vars/mirrorlist2_stg
View file

@ -1,20 +0,0 @@
---
lvm_size: 20000
mem_size: 8192
num_cpus: 4
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 80 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 80 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.0/24 --dport 443 -j ACCEPT' ]
collectd_apache: true
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran
nrpe_procs_warn: 500
nrpe_procs_crit: 600
# By default run 45 wsgi procs
mirrorlist_procs: 60
# Set this to get the vpn postfix setup
postfix_group: vpn

39
inventory/group_vars/nuancier
View file

@ -1,39 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 4096
num_cpus: 2
# Definining these vars has a number of effects
# 1) mod_wsgi is configured to use the vars for its own setup
# 2) iptables opens enough ports for all threads for fedmsg
# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
wsgi_fedmsg_service: nuancier
wsgi_procs: 2
wsgi_threads: 2
tcp_ports: [ 80,
# This port is required by gluster
6996,
]
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
freezes: false
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: nuancier
owner: root
group: apache
can_send:
- nuancier.candidate.approved
- nuancier.candidate.denied
- nuancier.candidate.new
- nuancier.election.new
- nuancier.election.update

39
inventory/group_vars/nuancier_stg
View file

@ -1,39 +0,0 @@
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 4096
num_cpus: 2
# Definining these vars has a number of effects
# 1) mod_wsgi is configured to use the vars for its own setup
# 2) iptables opens enough ports for all threads for fedmsg
# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
wsgi_fedmsg_service: nuancier
wsgi_procs: 2
wsgi_threads: 2
tcp_ports: [ 80,
# This port is required by gluster
6996,
]
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
freezes: false
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: nuancier
owner: root
group: apache
can_send:
- nuancier.candidate.approved
- nuancier.candidate.denied
- nuancier.candidate.new
- nuancier.election.new
- nuancier.election.update

9
inventory/group_vars/postgresql_server
View file

@ -1,9 +0,0 @@
---
# common items for the releng-* boxes
lvm_size: 50000
mem_size: 8192
num_cpus: 4
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
fas_client_groups: sysadmin-noc,sysadmin-veteran

81
inventory/group_vars/resultsdb_iad_prod
View file

@ -1,81 +0,0 @@
---
############################################################
# general information
############################################################
deployment_type: prod
external_hostname: taskotron.fedoraproject.org
tcp_ports: [ 80, 443, "{{ resultsdb_db_port }}" ]
# common items for the releng-* boxes
lvm_size: 50000
mem_size: 4096
num_cpus: 4
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
fas_client_groups: sysadmin-qa
nrpe_procs_warn: 250
nrpe_procs_crit: 300
############################################################
# resultsdb details
############################################################
# the db_host_machine bits are so that delegation continues to work, even if
# that db is localhost relative to resultsdb
resultsdb_db_host_machine: db01.iad2.fedoraproject.org
resultsdb_db_host: "{{ resultsdb_db_host_machine }}"
resultsdb_db_port: 5432
resultsdb_endpoint: 'resultsdb_api'
resultsdb_db_name: resultsdb
resultsdb_db_user: "{{ prod_resultsdb_db_user }}"
resultsdb_db_password: "{{ prod_resultsdb_db_password }}"
resultsdb_secret_key: "{{ prod_resultsdb_secret_key }}"
allowed_hosts:
- 10.3.160.0/19
############################################################
# resultsdb-frontend details
############################################################
resultsdb_fe_endpoint: "resultsdb"
resultsdb_frontend_secret_key: "{{ prod_resultsdb_frontend_secret_key }}"
############################################################
# execdb details
############################################################
execdb_db_host_machine: db01.iad2.fedoraproject.org
execdb_db_host: "{{ execdb_db_host_machine }}"
execdb_db_port: 5432
execdb_endpoint: 'execdb'
execdb_db_name: execdb
execdb_db_user: "{{ prod_execdb_db_user }}"
execdb_db_password: "{{ prod_execdb_db_password }}"
execdb_secret_key: "{{ prod_execdb_secret_key }}"
############################################################
# fedmsg details
############################################################
fedmsg_active: True
fedmsg_cert_prefix: resultsdb
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: resultsdb
owner: root
group: apache
can_send:
- taskotron.result.new
- resultsdb.result.new

9
playbooks/groups/copr-frontend-cloud.yml
View file

@ -1,6 +1,5 @@
- name: check/create instance
hosts: copr_front_dev:copr_front:copr_front_dev_aws:copr_front_aws
# hosts: copr_front
hosts: copr_front_dev_aws:copr_front_aws
user: root
gather_facts: False
@ -23,8 +22,7 @@
- swap_file_size_mb is defined
- name: cloud basic setup
hosts: copr_front_dev:copr_front:copr_front_dev_aws:copr_front_aws
# hosts: copr_front
hosts: copr_front_dev_aws:copr_front_aws
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
@ -40,8 +38,7 @@
when: datacenter != "aws"
- name: provision instance
hosts: copr_front:copr_front_dev:copr_front_dev_aws:copr_front_aws
# hosts: copr_front
hosts: copr_front_dev_aws:copr_front_aws
gather_facts: True
vars_files: