diff --git a/inventory/group_vars/badges-backend b/inventory/group_vars/badges-backend index edf2e71006..f00415f65e 100644 --- a/inventory/group_vars/badges-backend +++ b/inventory/group_vars/badges-backend @@ -20,3 +20,30 @@ fedmsg_certs: - service: fedbadges owner: root group: fedmsg + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons) +csi_relationship: | + fedbadges integrates many different services.. + + * The fedbadges fedmsg-hub plugin relies on: + * the fedmsg bus, to deliver messages + * pkgdb, for queries about who owns what packages + * fas, to lookup what irc nick corresponds to what fas user. + * db-datanommer for the fedmsg history + * db01, for storing badge awards + + * badges-web01 will be expecting to display badges entered into the tahrir + db on db01. So, if badges stop showing up there, the problem is likely + here. + + * Locally, of note there exists: + * a git repo of badge rules and images to be synced here by ansible + to /usr/share/badges/ + * a local file cache in /var/tmp/fedbadges-cache.dbm (not memcached, atm) + * Furthermore, there are a ton of cronjobs for awarding badges in + /usr/share/badges/cronjobs/ that depends on all sorts of third parties + (flickr, google+, libravatar, etc..). diff --git a/inventory/group_vars/badges-backend-stg b/inventory/group_vars/badges-backend-stg index 3b8988c730..f100c1b380 100644 --- a/inventory/group_vars/badges-backend-stg +++ b/inventory/group_vars/badges-backend-stg @@ -20,3 +20,30 @@ fedmsg_certs: - service: fedbadges owner: root group: fedmsg + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run fedmsg-hub with the fedbadges plugin to award badges (+ some crons) +csi_relationship: | + fedbadges integrates many different services.. + + * The fedbadges fedmsg-hub plugin relies on: + * the fedmsg bus, to deliver messages + * pkgdb, for queries about who owns what packages + * fas, to lookup what irc nick corresponds to what fas user. + * db-datanommer for the fedmsg history + * db01, for storing badge awards + + * badges-web01 will be expecting to display badges entered into the tahrir + db on db01. So, if badges stop showing up there, the problem is likely + here. + + * Locally, of note there exists: + * a git repo of badge rules and images to be synced here by ansible + to /usr/share/badges/ + * a local file cache in /var/tmp/fedbadges-cache.dbm (not memcached, atm) + * Furthermore, there are a ton of cronjobs for awarding badges in + /usr/share/badges/cronjobs/ that depends on all sorts of third parties + (flickr, google+, libravatar, etc..). diff --git a/inventory/group_vars/badges-web b/inventory/group_vars/badges-web index c69bf1575c..336d376f7a 100644 --- a/inventory/group_vars/badges-web +++ b/inventory/group_vars/badges-web @@ -25,3 +25,28 @@ fedmsg_certs: - service: tahrir owner: root group: tahrir + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + * This host relies on: + * db01 for its database of badge awards (and users, etc..) + * a collection of .pngs in /usr/share/badges/pngs put there by ansible + * memcached! + + * Conversely, a few things rely on this site: + * We have a mediawiki plugin that hits a JSON endpoint to display badges. + It should be resilient, but issues in the badges app may cascade into + mediawiki issues in the event of faults. + * fedora-mobile (the android app) queries the JSON api here. + * zodbot has a .badges command that queries the JSON api here. + * openbadges.org may call back to this app to verify that badge assertions + are really certified by us (this will happen anytime someone exports + their fedora badges to the mozilla universe via the tahrir web + interface, but may also happen later in the future to ensure we did not + revoke such and such badge). diff --git a/inventory/group_vars/badges-web-stg b/inventory/group_vars/badges-web-stg index 5f58d9c780..2bbe4a2e43 100644 --- a/inventory/group_vars/badges-web-stg +++ b/inventory/group_vars/badges-web-stg @@ -25,3 +25,28 @@ fedmsg_certs: - service: tahrir owner: root group: tahrir + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org +csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org +csi_relationship: | + The apache/mod_wsgi app is the only thing really running here + + * This host relies on: + * db01 for its database of badge awards (and users, etc..) + * a collection of .pngs in /usr/share/badges/pngs put there by ansible + * memcached! + + * Conversely, a few things rely on this site: + * We have a mediawiki plugin that hits a JSON endpoint to display badges. + It should be resilient, but issues in the badges app may cascade into + mediawiki issues in the event of faults. + * fedora-mobile (the android app) queries the JSON api here. + * zodbot has a .badges command that queries the JSON api here. + * openbadges.org may call back to this app to verify that badge assertions + are really certified by us (this will happen anytime someone exports + their fedora badges to the mozilla universe via the tahrir web + interface, but may also happen later in the future to ensure we did not + revoke such and such badge).