From 5bfdd920429bd7ae3d95decbebde5d6dfef8b63f Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 3 Mar 2016 20:30:14 +0000
Subject: [PATCH] inventory definitions for zanata2fedmsg and noc01.stg.

---
 inventory/group_vars/nagios-stg               | 28 +++++++++++++++
 inventory/group_vars/zanata2fedmsg            | 36 +++++++++++++++++++
 inventory/group_vars/zanata2fedmsg-stg        | 36 +++++++++++++++++++
 .../host_vars/noc01.phx2.fedoraproject.org    |  6 +++-
 .../noc01.stg.phx2.fedoraproject.org          | 33 +++++++++++++++++
 .../zanata2fedmsg01.phx2.fedoraproject.org    | 21 +++++++++++
 ...zanata2fedmsg01.stg.phx2.fedoraproject.org | 21 +++++++++++
 inventory/inventory                           | 11 ++++++
 8 files changed, 191 insertions(+), 1 deletion(-)
 create mode 100644 inventory/group_vars/nagios-stg
 create mode 100644 inventory/group_vars/zanata2fedmsg
 create mode 100644 inventory/group_vars/zanata2fedmsg-stg
 create mode 100644 inventory/host_vars/noc01.stg.phx2.fedoraproject.org
 create mode 100644 inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org
 create mode 100644 inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org

diff --git a/inventory/group_vars/nagios-stg b/inventory/group_vars/nagios-stg
new file mode 100644
index 0000000000..2959824359
--- /dev/null
+++ b/inventory/group_vars/nagios-stg
@@ -0,0 +1,28 @@
+---
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443 ]
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+  can_send:
+  - logger.log
+- service: nagios
+  owner: root
+  group: nagios
+  can_send:
+  - nagios.host.state.change
+  - nagios.service.state.change
+
+fas_client_groups: sysadmin-noc
+csi_security_category: High
+csi_primary_contact: Fedora Admins - admin@fedoraproject.org
+csi_purpose: Monitoring system
diff --git a/inventory/group_vars/zanata2fedmsg b/inventory/group_vars/zanata2fedmsg
new file mode 100644
index 0000000000..5cef655720
--- /dev/null
+++ b/inventory/group_vars/zanata2fedmsg
@@ -0,0 +1,36 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 2
+
+# Definining these vars has a number of effects
+# 1) mod_wsgi is configured to use the vars for its own setup
+# 2) iptables opens enough ports for all threads for fedmsg
+# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
+wsgi_fedmsg_service: zanata2fedmsg
+wsgi_procs: 2
+wsgi_threads: 2
+
+tcp_ports: [ 80 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+  can_send:
+  - logger.log
+- service: zanata2fedmsg
+  owner: root
+  group: apache
+  can_send:
+  - zanata.milestone.complete
diff --git a/inventory/group_vars/zanata2fedmsg-stg b/inventory/group_vars/zanata2fedmsg-stg
new file mode 100644
index 0000000000..e548cc1d94
--- /dev/null
+++ b/inventory/group_vars/zanata2fedmsg-stg
@@ -0,0 +1,36 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 1
+
+# Definining these vars has a number of effects
+# 1) mod_wsgi is configured to use the vars for its own setup
+# 2) iptables opens enough ports for all threads for fedmsg
+# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
+wsgi_fedmsg_service: zanata2fedmsg
+wsgi_procs: 2
+wsgi_threads: 2
+
+tcp_ports: [ 80 ]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+  can_send:
+  - logger.log
+- service: zanata2fedmsg
+  owner: root
+  group: apache
+  can_send:
+  - zanata.milestone.complete
diff --git a/inventory/host_vars/noc01.phx2.fedoraproject.org b/inventory/host_vars/noc01.phx2.fedoraproject.org
index e84bffac13..3cdff9d271 100644
--- a/inventory/host_vars/noc01.phx2.fedoraproject.org
+++ b/inventory/host_vars/noc01.phx2.fedoraproject.org
@@ -11,7 +11,11 @@ datacenter: phx2
 
 tcp_ports: ['22', '80', '443', '67', '68']
 udp_ports: ['67','68','69']
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]
 
 eth0_ip: 10.5.126.41
 csi_relationship: |
diff --git a/inventory/host_vars/noc01.stg.phx2.fedoraproject.org b/inventory/host_vars/noc01.stg.phx2.fedoraproject.org
new file mode 100644
index 0000000000..afa6b70fec
--- /dev/null
+++ b/inventory/host_vars/noc01.stg.phx2.fedoraproject.org
@@ -0,0 +1,33 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_virthost16
+vmhost: virthost16.phx2.fedoraproject.org
+datacenter: phx2
+
+tcp_ports: ['22', '80', '443', '67', '68']
+udp_ports: ['67','68','69']
+custom_rules: [
+    '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5666 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
+    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
+]
+
+eth0_ip: 10.5.126.2
+csi_relationship: |
+    noc01 is the internal monitoring nagios instance to the phx datacenter.
+    it is also the dhcp server serving all computing nodes
+    
+    * This host relies on:
+    - the virthost it's hosted on (virthost17.phx2.fedoraproject.org)
+    - FAS to authenticate users
+    - VPN connectivity
+
+    * Things that rely on this host:
+    - Infrastructure team to be awair of the infra status. operations control process will fail
+    - if this host is down, it will be difficult to know the status of infra and provide reactive/proactive support
+    - if this host is down, dhcp/bootp leases/renew will fail. pxe booting will fail as well
diff --git a/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org b/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org
new file mode 100644
index 0000000000..5b67978206
--- /dev/null
+++ b/inventory/host_vars/zanata2fedmsg01.phx2.fedoraproject.org
@@ -0,0 +1,21 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_guests
+vmhost: virthost22.phx2.fedoraproject.org
+datacenter: phx2
+
+tcp_ports: ['80']
+
+eth0_ip: 10.5.126.196
+csi_relationship: |
+    zanata2fedmsg is a tiny webapp that receives a webhook POST from
+    fedora.zanata.org and then republishes that data to our fedmsg bus.
+    
+    It also has a cronjob that periodically wakes up, logs into
+    fedora.zanata.org and adds our webhook URL to all projects where it is
+    absent.
diff --git a/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org b/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org
new file mode 100644
index 0000000000..8bdbd5d2e1
--- /dev/null
+++ b/inventory/host_vars/zanata2fedmsg01.stg.phx2.fedoraproject.org
@@ -0,0 +1,21 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
+volgroup: /dev/vg_virthost16
+vmhost: virthost16.phx2.fedoraproject.org
+datacenter: phx2
+
+tcp_ports: ['80']
+
+eth0_ip: 10.5.126.197
+csi_relationship: |
+    zanata2fedmsg is a tiny webapp that receives a webhook POST from
+    fedora.zanata.org and then republishes that data to our fedmsg bus.
+    
+    It also has a cronjob that periodically wakes up, logs into
+    fedora.zanata.org and adds our webhook URL to all projects where it is
+    absent.
diff --git a/inventory/inventory b/inventory/inventory
index 8714398ef0..1809d086d0 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -396,6 +396,9 @@ dhcp01.phx2.fedoraproject.org
 noc01.phx2.fedoraproject.org
 noc02.fedoraproject.org
 
+[nagios-stg]
+noc01.stg.phx2.fedoraproject.org
+
 [notifs-backend]
 notifs-backend01.phx2.fedoraproject.org
 
@@ -611,6 +614,7 @@ mailman01.stg.phx2.fedoraproject.org
 mdapi01.stg.phx2.fedoraproject.org
 ipsilon01.stg.phx2.fedoraproject.org
 memcached01.stg.phx2.fedoraproject.org
+noc01.stg.phx2.fedoraproject.org
 notifs-backend01.stg.phx2.fedoraproject.org
 notifs-web01.stg.phx2.fedoraproject.org
 notifs-web02.stg.phx2.fedoraproject.org
@@ -639,6 +643,7 @@ mm-frontend01.stg.phx2.fedoraproject.org
 mm-backend01.stg.phx2.fedoraproject.org
 mm-crawler01.stg.phx2.fedoraproject.org
 beaker-stg01.qa.fedoraproject.org
+zanata2fedmsg01.stg.phx2.fedoraproject.org
 
 # This is a list of hosts that are a little "friendly" with staging.
 # They are exempted from the iptables wall between staging and prod.
@@ -777,6 +782,12 @@ wiki01.stg.phx2.fedoraproject.org
 wiki01.phx2.fedoraproject.org
 wiki02.phx2.fedoraproject.org
 
+[zanata2fedmsg-stg]
+zanata2fedmsg01.stg.phx2.fedoraproject.org
+
+[zanata2fedmsg]
+zanata2fedmsg01.phx2.fedoraproject.org
+
 
 # This is a convenience group listing the hosts that live on the QA network that
 # are allowed to send inbound fedmsg messages to our production fedmsg bus.