inventory definitions for zanata2fedmsg and noc01.stg.

2016-03-03 20:30:14 +00:00 · 2016-03-03 20:30:14 +00:00 · 5bfdd92042
commit 5bfdd92042
parent 3d53824019
8 changed files with 191 additions and 1 deletions
--- a/inventory/group_vars/nagios-stg
+++ b/inventory/group_vars/nagios-stg
@ -0,0 +1,28 @@
+---
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443 ]
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+  can_send:
+  - logger.log
+- service: nagios
+  owner: root
+  group: nagios
+  can_send:
+  - nagios.host.state.change
+  - nagios.service.state.change
+
+fas_client_groups: sysadmin-noc
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin@fedoraproject.org
+csi_purpose: Monitoring system
--- a/inventory/group_vars/zanata2fedmsg
+++ b/inventory/group_vars/zanata2fedmsg
@ -0,0 +1,36 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 2
+
+# Definining these vars has a number of effects
+# 1) mod_wsgi is configured to use the vars for its own setup
+# 2) iptables opens enough ports for all threads for fedmsg
+# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
+wsgi_fedmsg_service: zanata2fedmsg
+wsgi_procs: 2
+wsgi_threads: 2
+
+tcp_ports: [ 80 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+  can_send:
+  - logger.log
+- service: zanata2fedmsg
+  owner: root
+  group: apache
+  can_send:
+  - zanata.milestone.complete
--- a/inventory/group_vars/zanata2fedmsg-stg
+++ b/inventory/group_vars/zanata2fedmsg-stg
@ -0,0 +1,36 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 1
+
+# Definining these vars has a number of effects
+# 1) mod_wsgi is configured to use the vars for its own setup
+# 2) iptables opens enough ports for all threads for fedmsg
+# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
+wsgi_fedmsg_service: zanata2fedmsg
+wsgi_procs: 2
+wsgi_threads: 2
+
+tcp_ports: [ 80 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+  can_send:
+  - logger.log
+- service: zanata2fedmsg
+  owner: root
+  group: apache
+  can_send:
+  - zanata.milestone.complete
--- a/inventory/host_vars/noc01.phx2.fedoraproject.org
+++ b/inventory/host_vars/noc01.phx2.fedoraproject.org
@ -11,7 +11,11 @@ datacenter: phx2

 tcp_ports: ['22', '80', '443', '67', '68']
 udp_ports: ['67','68','69']
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]

 eth0_ip: 10.5.126.41
 csi_relationship: |
--- a/inventory/host_vars/noc01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/noc01.stg.phx2.fedoraproject.org
@ -0,0 +1,33 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_virthost16
+vmhost: virthost16.phx2.fedoraproject.org
+datacenter: phx2
+
+tcp_ports: ['22', '80', '443', '67', '68']
+udp_ports: ['67','68','69']
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]
+
+eth0_ip: 10.5.126.2
+csi_relationship: |
+    noc01 is the internal monitoring nagios instance to the phx datacenter.
+    it is also the dhcp server serving all computing nodes
+    
+    * This host relies on:
+    - the virthost it's hosted on (virthost17.phx2.fedoraproject.org)
+    - FAS to authenticate users
+    - VPN connectivity
+
+    * Things that rely on this host:
+    - Infrastructure team to be awair of the infra status. operations control process will fail
+    - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support
+    - if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well
--- a/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org
+++ b/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org
@ -0,0 +1,21 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+vmhost: virthost22.phx2.fedoraproject.org
+datacenter: phx2
+
+tcp_ports: ['80']
+
+eth0_ip: 10.5.126.196
+csi_relationship: |
+    zanata2fedmsg is a tiny webapp that receives a webhook POST from
+    fedora.zanata.org and then republishes that data to our fedmsg bus.
+    
+    It also has a cronjob that periodically wakes up, logs into
+    fedora.zanata.org and adds our webhook URL to all projects where it is
+    absent.
--- a/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org
+++ b/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org
@ -0,0 +1,21 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_virthost16
+vmhost: virthost16.phx2.fedoraproject.org
+datacenter: phx2
+
+tcp_ports: ['80']
+
+eth0_ip: 10.5.126.197
+csi_relationship: |
+    zanata2fedmsg is a tiny webapp that receives a webhook POST from
+    fedora.zanata.org and then republishes that data to our fedmsg bus.
+    
+    It also has a cronjob that periodically wakes up, logs into
+    fedora.zanata.org and adds our webhook URL to all projects where it is
+    absent.
--- a/inventory/inventory
+++ b/inventory/inventory
@ -396,6 +396,9 @@ dhcp01.phx2.fedoraproject.org
 noc01.phx2.fedoraproject.org
 noc02.fedoraproject.org

+[nagios-stg]
+noc01.stg.phx2.fedoraproject.org
+
 [notifs-backend]
 notifs-backend01.phx2.fedoraproject.org

@ -611,6 +614,7 @@ mailman01.stg.phx2.fedoraproject.org
 mdapi01.stg.phx2.fedoraproject.org
 ipsilon01.stg.phx2.fedoraproject.org
 memcached01.stg.phx2.fedoraproject.org
+noc01.stg.phx2.fedoraproject.org
 notifs-backend01.stg.phx2.fedoraproject.org
 notifs-web01.stg.phx2.fedoraproject.org
 notifs-web02.stg.phx2.fedoraproject.org
@ -639,6 +643,7 @@ mm-frontend01.stg.phx2.fedoraproject.org
 mm-backend01.stg.phx2.fedoraproject.org
 mm-crawler01.stg.phx2.fedoraproject.org
 beaker-stg01.qa.fedoraproject.org
+zanata2fedmsg01.stg.phx2.fedoraproject.org

 # This is a list of hosts that are a little "friendly" with staging.
 # They are exempted from the iptables wall between staging and prod.
@ -777,6 +782,12 @@ wiki01.stg.phx2.fedoraproject.org
 wiki01.phx2.fedoraproject.org
 wiki02.phx2.fedoraproject.org

+[zanata2fedmsg-stg]
+zanata2fedmsg01.stg.phx2.fedoraproject.org
+
+[zanata2fedmsg]
+zanata2fedmsg01.phx2.fedoraproject.org
+

 # This is a convenience group listing the hosts that live on the QA network that
 # are allowed to send inbound fedmsg messages to our production fedmsg bus.