Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Remove fedmsg and github2fedmsg from staging

Browse source 
The messaging bridges openshift project and github2fedmsg VM were
already removed in staging. This is to clean the ansible playbooks.

I will create a separate one for production after this one is merged.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This commit is contained in:
Michal Konecny 2025-02-03 14:39:13 +01:00
parent 3b211105c9
commit 7b58dfdce8
40 changed files with 24 additions and 491 deletions
Download patch file Download diff file Expand all files Collapse all files

5
inventory/group_vars/bodhi_backend_stg
View file

@ -31,16 +31,13 @@ testing: True
notes: |
Run the Bodhi masher.
The mashing of repos here happens as part of the 'fedmsg-hub' daemon.
Check logs with 'journalctl -u fedmsg-hub'.
Check the bodhi masher docs/code for more detail on what it does:
https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py
* This host relies on:
* db01 for its database, which is shares with the bodhi2 frontend nodes.
* An NFS mount of koji data in /mnt/koji/
* The fedmsg bus for triggering mashes.
* The fedora messaging for triggering mashes.
* XMLRPC calls to koji for tagging and untagging updates.
* bugzilla for posting comments about status changes
* the wiki for getting information about QA "Test Cases"

2
inventory/group_vars/buildvm_aarch64_stg
View file

@ -33,6 +33,6 @@ volgroup: /dev/vg_guests
notes: |
Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging).
* VMs built on top of buildvmhost
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new

2
inventory/group_vars/buildvm_ppc64le_stg
View file

@ -32,6 +32,6 @@ volgroup: /dev/vg_guests
notes: |
Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging).
* VMs built on top of buildvmhost
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new

2
inventory/group_vars/buildvm_s390x_stg
View file

@ -12,6 +12,6 @@ virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}"
notes: |
Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders.
* VMs built on top of a s390x LPAR
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new

2
inventory/group_vars/buildvm_stg
View file

@ -32,6 +32,6 @@ volgroup: /dev/vg_guests
notes: |
Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging).
* VMs built on top of buildvmhost
* Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
* Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
* Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
* Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new

27
inventory/group_vars/busgateway_stg
View file

@ -1,27 +0,0 @@
---
# Define resources for this group of hosts here.
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
ipa_client_shell_groups:
- sysadmin-datanommer
- sysadmin-noc
- sysadmin-veteran
ipa_client_sudo_groups:
- sysadmin-datanommer
ipa_host_group: busgateway
ipa_host_group_desc: Bridge between fedmsg and fedora-messaging
lvm_size: 20000
mem_size: 4096
num_cpus: 1
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [3999, # The fedmsg-relay republishes here. Listeners need to connect.
9941, # The fedmsg-relay listens here. Ephemeral producers connect.
9940, # The fedmsg-gateway republishes here. Proxies need to connect.
9919, # The websocket server publishes here. Proxies need to connect.
]

73
inventory/group_vars/github2fedmsg_stg
View file

@ -1,73 +0,0 @@
---
# Define resources for this group of hosts here.
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
nft_custom_rules:
- 'add rule ip filter INPUT ip saddr 10.3.163.39 tcp dport 873 counter accept'
- 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'
deployment_type: stg
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- github.commit_comment
- github.create
- github.delete
- github.fork
- github.gollum
- github.issue.assigned
- github.issue.closed
- github.issue.comment
- github.issue.edited
- github.issue.labeled
- github.issue.milestone
- github.issue.opened
- github.issue.reopened
- github.issue.unassigned
- github.issue.unlabeled
- github.label
- github.member
- github.page_build
- github.pull_request.assigned
- github.pull_request.closed
- github.pull_request.edited
- github.pull_request.labeled
- github.pull_request.opened
- github.pull_request_review
- github.pull_request_review_comment
- github.pull_request.review_requested
- github.pull_request.synchronize
- github.pull_request.unlabeled
- github.push
- github.release
- github.repository_vulnerability_alert
- github.star
- github.status
- github.team_add
- github.webhook
group: apache
owner: root
service: github2fedmsg
ipa_client_shell_groups:
- sysadmin-noc
- sysadmin-veteran
ipa_host_group: github2fedmsg
ipa_host_group_desc: Bridge select GitHub repo events into bus messages
lvm_size: 20000
mem_size: 4096
num_cpus: 1
tcp_ports: [80]
# for fedora-messaging
username: "github2fedmsg{{ env_suffix }}"
user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.github\..*
# Definining these vars has a number of effects
# 1) mod_wsgi is configured to use the vars for its own setup
# 2) iptables opens enough ports for all threads for fedmsg
# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
wsgi_fedmsg_service: github2fedmsg
wsgi_procs: 2
wsgi_threads: 2

10
inventory/group_vars/greenwave_stg
View file

@ -1,10 +0,0 @@
---
# XXX - this is not really a group of real hosts.
# Instead, it represents an application in openshift.
# See playbooks/openshift-apps/greenwave.yml
fedmsg_certs:
- can_send:
- logger.log
- greenwave.decision.update
service: greenwave
fedmsg_env: stg

23
inventory/group_vars/koji_stg
View file

@ -1,25 +1,6 @@
---
# Define resources for this group of hosts here.
docker_registry: "candidate-registry.stg.fedoraproject.org"
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- buildsys.build.state.change
- buildsys.package.list.change
- buildsys.repo.done
- buildsys.repo.init
- buildsys.rpm.sign
- buildsys.tag
- buildsys.task.state.change
- buildsys.untag
group: apache
owner: root
service: koji
ipa_client_shell_groups:
- fi-apprentice
- sysadmin-noc
@ -42,7 +23,5 @@ num_cpus: 8
source_registry: "registry.stg.fedoraproject.org"
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [80, 443, 111, 2049,
# These 8 ports are used by fedmsg. One for each wsgi thread.
3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007]
tcp_ports: [80, 443, 111, 2049]
udp_ports: [111, 2049]

16
inventory/group_vars/mailman_stg
View file

@ -1,18 +1,6 @@
---
# common items for the releng-* boxes
deployment_type: prod
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- mailman.receive
group: mailman
owner: mailman
service: mailman
ipa_client_shell_groups:
- sysadmin-tools
ipa_client_sudo_groups:
@ -59,9 +47,7 @@ num_cpus: 4
# Postfix main.cf
postfix_group: mailman-stg
tcp_ports: [25, 80, 443,
# For outbound fedmsg
3000, 3001, 3002, 3003]
tcp_ports: [25, 80, 443]
# mailman role variables
mailman_log_level: debug

21
inventory/group_vars/notifs_backend_stg
View file

@ -1,27 +1,6 @@
---
# Define resources for this group of hosts here.
deployment_type: stg
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- # The shell cert needs to be allowed to send these too so it can do alembic
# upgrades that trigger messages.
can_send:
- fmn.filter.update
- fmn.preference.update
- fmn.rule.update
- fmn.confirmation.update
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- fmn.filter.update
- fmn.preference.update
- fmn.rule.update
- fmn.confirmation.update
group: fedmsg
owner: root
service: fmn
ipa_client_shell_groups:
- fi-apprentice
- sysadmin-noc

15
inventory/group_vars/notifs_web_stg
View file

@ -1,21 +1,6 @@
---
# Define resources for this group of hosts here.
deployment_type: stg
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- fmn.filter.update
- fmn.preference.update
- fmn.rule.update
- fmn.confirmation.update
group: apache
owner: root
service: fmn
lvm_size: 20000
mem_size: 1024
num_cpus: 2

44
inventory/group_vars/pagure_stg
View file

@ -2,46 +2,6 @@
# Define resources for this group of hosts here.
# For the MOTD
env: pagure-staging
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- pagure.git.receive
- pagure.issue.assigned.added
- pagure.issue.assigned.reset
- pagure.issue.comment.added
- pagure.issue.comment.edited
- pagure.issue.dependency.added
- pagure.issue.dependency.removed
- pagure.issue.drop
- pagure.issue.edit
- pagure.issue.new
- pagure.issue.tag.added
- pagure.issue.tag.removed
- pagure.project.deleted
- pagure.project.edit
- pagure.project.forked
- pagure.project.group.added
- pagure.project.new
- pagure.project.tag.edited
- pagure.project.tag.removed
- pagure.project.user.access.updated
- pagure.project.user.added
- pagure.pull-request.closed
- pagure.pull-request.comment.added
- pagure.pull-request.flag.added
- pagure.pull-request.flag.updated
- pagure.pull-request.new
- pagure.request.assigned.added
group: apache
owner: git
service: pagure
fedmsg_env: stg
fedmsg_prefix: io.pagure
freezes: false
git_basepath: /srv/git/repositories
git_daemon_user: git
@ -71,9 +31,7 @@ stunnel_source_port: :::8088
# the host_vars/$hostname file
tcp_ports: [22, 25, 80, 443, 9418,
# Used for the eventsource server
8088,
# This is for the pagure public fedmsg relay
9940]
8088]
vpn: true
notes: |

55
inventory/group_vars/pkgs_stg
View file

@ -20,61 +20,6 @@ clamscan_paths:
# This host is externally reachable
#
external: true
fedmsg_active: True
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
- git.branch
- git.mass_branch.complete
- git.mass_branch.start
- pagure.git.receive
group: sysadmin
owner: root
service: shell
- can_send:
- git.branch
- git.mass_branch.complete
- git.mass_branch.start
- git.receive
- pagure.git.receive
group: packager
owner: root
service: scm
- can_send:
- git.lookaside.new
group: apache
owner: root
service: lookaside
- can_send:
- pagure.git.receive
- pagure.issue.assigned.added
- pagure.issue.assigned.reset
- pagure.issue.comment.added
- pagure.issue.dependency.added
- pagure.issue.dependency.removed
- pagure.issue.edit
- pagure.issue.new
- pagure.issue.tag.added
- pagure.issue.tag.removed
- pagure.project.edit
- pagure.project.forked
- pagure.project.group.added
- pagure.project.new
- pagure.project.tag.edited
- pagure.project.tag.removed
- pagure.project.user.added
- pagure.project.user.removed
- pagure.pull-request.closed
- pagure.pull-request.comment.added
- pagure.pull-request.comment.edited
- pagure.pull-request.flag.added
- pagure.pull-request.flag.updated
- pagure.pull-request.new
- pagure.request.assigned.added
group: apache
owner: pagure
service: pagure
ipa_client_shell_groups:
- packager
- sysadmin-cvs

15
inventory/group_vars/proxies_stg
View file

@ -9,10 +9,6 @@ custom_rules: [
'-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT',
# also allow varnish from internal for purge requests
'-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT',
# Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
# Contact cydrobolt about the status of this. It hasn't hit prod status
# yet as of 2015-04-27 (threebean).
'-A INPUT -p tcp -m tcp --dport 9941 -s 104.207.133.220 -j ACCEPT',
'-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.115 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.116 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.117 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.118 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.119 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.123 -j ACCEPT']
nft_custom_rules:
# Need for rsync from log01 for logs.
@ -24,11 +20,6 @@ nft_custom_rules:
# also allow varnish from internal for purge requests
- 'add rule ip filter INPUT ip saddr 192.168.1.0/24 tcp dport 6081 counter accept'
- 'add rule ip filter INPUT ip saddr 10.3.163.0/24 tcp dport 6081 counter accept'
# Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
# Contact cydrobolt about the status of this. It hasn't hit prod status
# yet as of 2015-04-27 (threebean).
#!# FIXME: Keep??
- 'add rule ip filter INPUT ip saddr 104.207.133.220 tcp dport 9941 counter accept'
- 'add rule ip filter INPUT ip saddr 10.3.166.115 tcp dport 22623 counter accept'
- 'add rule ip filter INPUT ip saddr 10.3.166.116 tcp dport 22623 counter accept'
- 'add rule ip filter INPUT ip saddr 10.3.166.117 tcp dport 22623 counter accept'
@ -80,12 +71,6 @@ tcp_ports: [
15671,
# This is for TOTP
8443,
# For fedmsg websocket server over stunnel
9939,
# For fedmsg raw zeromq socket (outbound)
9940,
# 9941 is closed generally, is for the inbound fedmsg and is covered in
# custom_rules
]
varnish_group: proxies
zabbix_templates: "{{ [] }}" # For the moment we have no proxies external to IAD2, if this changes, put in the changes in the production group.

2
inventory/group_vars/staging
View file

@ -9,8 +9,6 @@ env_prefix: stg.
env_short: stg
env_suffix: .stg
external: false
fedmsg_env: stg
fedmsg_prefix: org.fedoraproject
freezes: false
host_group: staging
ipa_admin_password: "{{ ipa_stg_admin_password }}"

30
inventory/group_vars/value_stg
View file

@ -19,32 +19,6 @@ nft_custom_rules:
# batcave01 also needs access to announce commits.
- 'add rule ip filter INPUT ip saddr 10.3.163.35 tcp dport 5050 counter accept'
deployment_type: stg
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
# cookies!
- irc.karma
# standard meetbot stuff
- meetbot.meeting.complete
- meetbot.meeting.start
- meetbot.meeting.topic.update
# meetbot line items
- meetbot.meeting.item.agreed
- meetbot.meeting.item.accepted
- meetbot.meeting.item.rejected
- meetbot.meeting.item.action
- meetbot.meeting.item.info
- meetbot.meeting.item.idea
- meetbot.meeting.item.help
- meetbot.meeting.item.link
group: daemon
owner: root
service: supybot
ipa_client_shell_groups:
- fi-apprentice
- sysadmin-mote
@ -61,9 +35,7 @@ mem_size: 6144
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [80, 443,
# These 16 ports are used by fedmsg. One for each wsgi thread.
3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
tcp_ports: [80, 443]
notes: |
Hosts staging services which help facilitate communication over IRC and related mediums.

10
inventory/group_vars/waiverdb_stg
View file

@ -1,10 +0,0 @@
---
# XXX - this is not really a group of real hosts.
# Instead, it represents an application in openshift.
# See playbooks/openshift-apps/waiverdb.yml
fedmsg_certs:
- can_send:
- logger.log
- waiverdb.waiver.new
service: waiverdb
fedmsg_env: stg

13
inventory/group_vars/wiki_stg
View file

@ -1,19 +1,6 @@
---
# Define resources for this group of hosts here.
deployment_type: stg
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- wiki.article.edit
- wiki.upload.complete
group: apache
owner: root
service: mediawiki
ipa_client_shell_groups:
- fi-apprentice
- sysadmin-noc

16
inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org
View file

@ -2,22 +2,6 @@
# These are consumed by a task in roles/fedmsg/base/main.yml
eth0_ipv4_gw: 10.3.167.254
eth0_ipv4_ip: 10.3.167.32
fedmsg_certs:
# This first cert is used by the push-tool. releng members run it and it fires
# off a simple fedmsg message that the masher (running as fedmsg-hub) is
# listening for. It then does all the worker.
# These are certs for pungi
- can_send:
# new school pungi-koji stuff (ask dgilmore)
- pungi.compose.phase.start
- pungi.compose.phase.stop
- pungi.compose.status.change
- pungi.compose.createiso.targets
- releng.atomic.twoweek.begin
- releng.atomic.twoweek.complete
group: sysadmin-releng
owner: apache
service: releng
ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/40/Server/x86_64/os/
ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora
vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org

8
inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org
View file

@ -1,14 +1,6 @@
datacenter: staging
eth0_ipv4_gw: 10.3.167.254
eth0_ipv4_ip: 10.3.167.33
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- group: root
owner: root
service: shell
- group: root
owner: root
service: bodhi
koji_hub_nfs: "fedora_koji"
kojihub_scheme: http
kojihub_url: koji.stg.fedoraproject.org/kojihub

8
inventory/host_vars/github2fedmsg01.stg.iad2.fedoraproject.org
View file

@ -1,8 +0,0 @@
---
datacenter: iad2
eth0_ipv4_gw: 10.3.166.254
eth0_ipv4_ip: 10.3.166.39
ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2
vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org
volgroup: /dev/vg_guests

32
inventory/inventory
View file

@ -90,18 +90,12 @@ ibiblio05.fedoraproject.org
[busgateway]
busgateway01.iad2.fedoraproject.org
[busgateway_stg]
busgateway01.stg.iad2.fedoraproject.org
[flatpak_cache]
flatpak-cache01.iad2.fedoraproject.org
[github2fedmsg]
github2fedmsg01.iad2.fedoraproject.org
[github2fedmsg_stg]
github2fedmsg01.stg.iad2.fedoraproject.org
[mailman]
mailman01.iad2.fedoraproject.org
@ -161,7 +155,6 @@ db-datanommer01.stg.iad2.fedoraproject.org
# clients that talk to the main postgres stg servers
[postgres_clients_stg]
bodhi-backend01.stg.iad2.fedoraproject.org
busgateway01.stg.iad2.fedoraproject.org
koji01.stg.iad2.fedoraproject.org
[download_iad2]
@ -532,7 +525,6 @@ buildvm-x86-02.stg.iad2.fedoraproject.org
buildvm-x86-03.stg.iad2.fedoraproject.org
buildvm-x86-04.stg.iad2.fedoraproject.org
buildvm-x86-05.stg.iad2.fedoraproject.org
busgateway01.stg.iad2.fedoraproject.org
compose-x86-01.stg.iad2.fedoraproject.org
copr-be-dev.aws.fedoraproject.org
#copr-be-dev-temp.aws.fedoraproject.org
@ -549,7 +541,6 @@ db.stg.aws.fedoraproject.org
debuginfod01.stg.iad2.fedoraproject.org
oci-candidate-registry01.stg.iad2.fedoraproject.org
oci-registry01.stg.iad2.fedoraproject.org
github2fedmsg01.stg.iad2.fedoraproject.org
ipa01.stg.iad2.fedoraproject.org
ipa02.stg.iad2.fedoraproject.org
ipa03.stg.iad2.fedoraproject.org
@ -667,46 +658,25 @@ wiki02.iad2.fedoraproject.org
busgateway
pkgs
[fedmsg_hubs_stg:children]
busgateway_stg
pkgs_stg
[fedmsg_ircs:children]
value
[fedmsg_ircs_stg:children]
value_stg
[fedmsg_relays:children]
busgateway
[fedmsg_relays_stg:children]
busgateway_stg
[fedmsg_gateways:children]
busgateway
proxies
[fedmsg_gateways_stg:children]
busgateway_stg
proxies_stg
[fedmsg_services:children]
fedmsg_hubs
fedmsg_ircs
fedmsg_relays
fedmsg_gateways
[fedmsg_services_stg:children]
fedmsg_hubs_stg
fedmsg_ircs_stg
fedmsg_relays_stg
fedmsg_gateways_stg
# These are groups that are using the python34 fedmsg stack.
[python34_fedmsg:children]
mailman
mailman_stg
## END fedmsg services
@ -1038,10 +1008,8 @@ bodhi_backend_stg
buildvm_stg
buildvm_ppc64le_stg
buildvm_aarch64_stg
busgateway_stg
dbserver_stg
debuginfod_stg
github2fedmsg_stg
ipa_stg
ipsilon_stg
koji_stg

1
main.yml
View file

@ -5,7 +5,6 @@
## over all machines.
##
## some common ones:
## -t fedmsgconfig -> runs fedmsg/base config over all playbooks
## -t apache -> run when tasks/apache.yml changes.
##
##

6
playbooks/groups/busgateway.yml
View file

@ -1,10 +1,10 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "busgateway:busgateway_stg"
myhosts: "busgateway"
- name: Dole out the generic configuration
hosts: busgateway:busgateway_stg
hosts: busgateway
user: root
gather_facts: true
@ -32,7 +32,7 @@
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: Dole out the service-specific config
hosts: busgateway:busgateway_stg
hosts: busgateway
user: root
gather_facts: true

6
playbooks/groups/github2fedmsg.yml
View file

@ -6,10 +6,10 @@
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "github2fedmsg:github2fedmsg_stg"
myhosts: "github2fedmsg"
- name: Make the box be real
hosts: github2fedmsg:github2fedmsg_stg
hosts: github2fedmsg
user: root
gather_facts: true
@ -39,7 +39,7 @@
- import_tasks: "{{ handlers_path }}/restart_services.yml"
- name: Deploy service-specific config
hosts: github2fedmsg:github2fedmsg_stg
hosts: github2fedmsg
user: root
gather_facts: true

2
playbooks/manual/noggin-deployment/uninstall_ipa_client.yml
View file

@ -1,6 +1,6 @@
---
- name: Uninstall IPA client
hosts: bodhi_backend_stg:bugzilla2fedmsg_stg:github2fedmsg_stg:ipsilon_stg:buildvm_stg:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x_stg
hosts: bodhi_backend_stg:bugzilla2fedmsg_stg:ipsilon_stg:buildvm_stg:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x_stg
user: root
vars_files:
- /srv/web/infra/ansible/vars/global.yml

12
playbooks/manual/restart-fedmsg-services.yml
View file

@ -7,7 +7,7 @@
---
- name: Restart fedmsg-gateway instances
hosts: fedmsg_gateways:fedmsg_gateways_stg
hosts: fedmsg_gateways
user: root
gather_facts: false
@ -21,7 +21,7 @@
service: name=fedmsg-gateway state=restarted
- name: Restart fedmsg-relay instances
hosts: fedmsg_relays:fedmsg_relays_stg
hosts: fedmsg_relays
user: root
gather_facts: false
@ -35,7 +35,7 @@
service: name=fedmsg-relay state=restarted
- name: Restart fedmsg-irc instances
hosts: fedmsg_ircs:fedmsg_ircs_stg
hosts: fedmsg_ircs
user: root
gather_facts: false
@ -49,7 +49,7 @@
service: name=fedmsg-irc state=restarted
- name: Tell nagios to be quiet about FMN for the moment
hosts: notifs_backend:notifs_backend_stg
hosts: notifs_backend
user: root
gather_facts: false
@ -67,7 +67,7 @@
# service: name=fmn-digests@1 state=restarted
- name: Restart fedmsg-hub instances
hosts: fedmsg_hubs:fedmsg_hubs_stg
hosts: fedmsg_hubs
user: root
gather_facts: false
@ -81,7 +81,7 @@
service: name=fedmsg-hub state=restarted
- name: Restart moksha-hub instances
hosts: moksha_hubs:moksha_hubs_stg
hosts: moksha_hubs
user: root
gather_facts: false

6
playbooks/manual/upgrade/fedmsg.yml
View file

@ -2,22 +2,16 @@
- name: Push packages out
hosts:
- fedmsg-hubs
- fedmsg-hubs-stg
- fedmsg-relays
- fedmsg-relays-stg
- fedmsg-ircs
- fedmsg-ircs-stg
- fedmsg-gateways
- fedmsg-gateways-stg
- moksha-hubs
- moksha-hubs-stg
- datagrepper
- datagrepper-stg
user: root
vars_files:

7
roles/base/templates/iptables/iptables.staging
View file

@ -29,13 +29,6 @@
-A INPUT -p tcp -m tcp --dport 10050 -s 10.3.166.61 -j ACCEPT
# if the host declares a fedmsg-enabled wsgi app, open ports for it
{% if wsgi_fedmsg_service is defined %}
{% for i in range(wsgi_procs * wsgi_threads) %}
-A INPUT -p tcp -m tcp --dport 30{{ '%02d' % i }} -j ACCEPT
{% endfor %}
{% endif %}
# if the host/group defines incoming tcp_ports - allow them
{% for port in tcp_ports %}
-A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT

7
roles/base/templates/nftables/nftables.staging
View file

@ -29,13 +29,6 @@ add rule ip filter INPUT tcp dport 10051 counter accept
add rule ip filter INPUT ip saddr 10.3.166.61 tcp dport 10050 counter accept
# if the host declares a fedmsg-enabled wsgi app, open ports for it
{% if wsgi_fedmsg_service is defined %}
{% for i in range(wsgi_procs * wsgi_threads) %}
add rule ip filter INPUT tcp dport 30{{ '%02d' % i }} counter accept
{% endfor %}
{% endif %}
# if the host/group defines incoming tcp_ports - allow them
{% for port in tcp_ports %}
add rule ip filter INPUT tcp dport {{ port }} counter accept

2
roles/batcave/tasks/main.yml
View file

@ -201,7 +201,7 @@
- zodbot
#
# This is another script to announce commits, this time to the fedmsg bus
# This is another script to announce commits, this time to the fedora messaging
#
- name: Install packages needed

2
roles/bugzilla2fedmsg/tasks/main.yml
View file

@ -1,6 +1,4 @@
---
# Setup a fedmsg-hub
- name: Install needed packages
ansible.builtin.package: name={{ item }} state=present
with_items:

2
roles/bugzilla2fedmsg/templates/bugzilla2fedmsg.ini
View file

@ -5,8 +5,6 @@
# Some configuration for our workers
bugzilla.products = Fedora, Fedora EPEL
# If you have 8 worker threads you *also* need 8 fedmsg endpoints in fedmsg.d/
# and 8 open holes in the firewall
bugzilla.num_workers = 1
moksha.workers_per_consumer = 2
moksha.threadpool_size = 5

3
roles/collectd/base/tasks/main.yml
View file

@ -184,9 +184,6 @@
# each of the below should move to a separate task list
# since they are odd-balls and one-offs
# fedmsg - busgateway## only
# add /usr/share/collectd/fedmsg-types.db
# memcached - memcached only
# postgres - this is a conn check

4
roles/copr/backend/templates/copr-be.conf.j2
View file

@ -77,10 +77,6 @@ builds_max_workers_sandbox=4
# actions.
actions_max_workers={% if env == 'production' %}20{% else %}4{% endif %}
# publish fedmsg notifications from workers if true
# default is false
#fedmsg_enabled=false
# enable package signing, require configured
# signer host and correct /etc/sign.conf
do_sign={{ do_sign }}

2
roles/hosts/files/koji01.stg.iad2.fedoraproject.org-hosts
View file

@ -1,4 +1,4 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.5.128.120 db01.stg.phx2.fedoraproject.org db-ask db-elections db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_dbdb-summershum db-tahrir db-notifs db-kerneltest
10.5.128.120 db01.stg.phx2.fedoraproject.org db-ask db-elections db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-fedocal tagger_dbdb-summershum db-tahrir db-notifs db-kerneltest

16
roles/openshift-apps/firmitas/templates/certlist.yml.j2
View file

@ -463,22 +463,6 @@ git-hooks:
time: null
path: production/git-hooks.crt
user: firmitas-automata
github2fedmsg.stg:
certstat:
cstarted: true
cstopped: false
daystobt: -2055
daystodd: 1595
issuauth: RabbitMQ STAGING CA
serialno: 307862844954847146655560450394425008564
stopdate: 2029-02-18 18:33:59
strtdate: 2019-02-21 18:33:59
notistat:
done: false
link: null
time: null
path: github2fedmsg.stg.crt
user: firmitas-automata
gitlab-centos.stg:
certstat:
cstarted: true

5
roles/openshift-apps/release-monitoring/templates/anitya.toml
View file

@ -219,11 +219,6 @@ level = "INFO"
propagate = false
handlers = ["console"]
[anitya_log_config.loggers.fedmsg]
level = "INFO"
propagate = false
handlers = ["console"]
[anitya_log_config.root]
level = "INFO"
handlers = ["console"]

1
roles/pagure/tasks/main.yml
View file

@ -483,7 +483,6 @@
# - pagure_api_key_expire_mail.timer
- pagure_mirror_project_in
- pagure_mirror_project_in.timer
# - fedmsg-relay
- haveged
ignore_errors: true
tags: