Add some CSI information for the badges nodes.

inventory/group_vars/badges-backend

@@ -20,3 +20,30 @@ fedmsg_certs:
 - service: fedbadges
   owner: root
   group: fedmsg
+
+
+# For the MOTD
+csi_security_category: Low
+csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org
+csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons)
+csi_relationship: |
+    fedbadges integrates many different services..
+
+    * The fedbadges fedmsg-hub plugin relies on:
+      * the fedmsg bus, to deliver messages
+      * pkgdb, for queries about who owns what packages
+      * fas, to lookup what irc nick corresponds to what fas user.
+      * db-datanommer for the fedmsg history
+      * db01, for storing badge awards
+
+    * badges-web01 will be expecting to display badges entered into the tahrir
+      db on db01.  So, if badges stop showing up there, the problem is likely
+      here.
+
+    * Locally, of note there exists:
+      * a git repo of badge rules and images to be synced here by ansible
+        to /usr/share/badges/  
+      * a local file cache in /var/tmp/fedbadges-cache.dbm (not memcached, atm)
+      * Furthermore, there are a ton of cronjobs for awarding badges in
+        /usr/share/badges/cronjobs/ that depends on all sorts of third parties
+        (flickr, google+, libravatar, etc..).

inventory/group_vars/badges-backend-stg

@@ -20,3 +20,30 @@ fedmsg_certs:
 - service: fedbadges
   owner: root
   group: fedmsg
+
+
+# For the MOTD
+csi_security_category: Low
+csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org
+csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons)
+csi_relationship: |
+    fedbadges integrates many different services..
+
+    * The fedbadges fedmsg-hub plugin relies on:
+      * the fedmsg bus, to deliver messages
+      * pkgdb, for queries about who owns what packages
+      * fas, to lookup what irc nick corresponds to what fas user.
+      * db-datanommer for the fedmsg history
+      * db01, for storing badge awards
+
+    * badges-web01 will be expecting to display badges entered into the tahrir
+      db on db01.  So, if badges stop showing up there, the problem is likely
+      here.
+
+    * Locally, of note there exists:
+      * a git repo of badge rules and images to be synced here by ansible
+        to /usr/share/badges/  
+      * a local file cache in /var/tmp/fedbadges-cache.dbm (not memcached, atm)
+      * Furthermore, there are a ton of cronjobs for awarding badges in
+        /usr/share/badges/cronjobs/ that depends on all sorts of third parties
+        (flickr, google+, libravatar, etc..).

inventory/group_vars/badges-web

@@ -25,3 +25,28 @@ fedmsg_certs:
 - service: tahrir
   owner: root
   group: tahrir
+
+
+# For the MOTD
+csi_security_category: Low
+csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org
+csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org
+csi_relationship: |
+    The apache/mod_wsgi app is the only thing really running here
+
+    * This host relies on:
+      * db01 for its database of badge awards (and users, etc..)
+      * a collection of .pngs in /usr/share/badges/pngs put there by ansible
+      * memcached!
+
+    * Conversely, a few things rely on this site:
+      * We have a mediawiki plugin that hits a JSON endpoint to display badges.
+        It should be resilient, but issues in the badges app may cascade into
+        mediawiki issues in the event of faults.
+      * fedora-mobile (the android app) queries the JSON api here.
+      * zodbot has a .badges <username> command that queries the JSON api here.
+      * openbadges.org may call back to this app to verify that badge assertions
+        are really certified by us (this will happen anytime someone exports
+        their fedora badges to the mozilla universe via the tahrir web
+        interface, but may also happen later in the future to ensure we did not
+        revoke such and such badge).

inventory/group_vars/badges-web-stg

@@ -25,3 +25,28 @@ fedmsg_certs:
 - service: tahrir
   owner: root
   group: tahrir
+
+
+# For the MOTD
+csi_security_category: Low
+csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org
+csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org
+csi_relationship: |
+    The apache/mod_wsgi app is the only thing really running here
+
+    * This host relies on:
+      * db01 for its database of badge awards (and users, etc..)
+      * a collection of .pngs in /usr/share/badges/pngs put there by ansible
+      * memcached!
+
+    * Conversely, a few things rely on this site:
+      * We have a mediawiki plugin that hits a JSON endpoint to display badges.
+        It should be resilient, but issues in the badges app may cascade into
+        mediawiki issues in the event of faults.
+      * fedora-mobile (the android app) queries the JSON api here.
+      * zodbot has a .badges <username> command that queries the JSON api here.
+      * openbadges.org may call back to this app to verify that badge assertions
+        are really certified by us (this will happen anytime someone exports
+        their fedora badges to the mozilla universe via the tahrir web
+        interface, but may also happen later in the future to ensure we did not
+        revoke such and such badge).