diff --git a/inventory/group_vars/all b/inventory/group_vars/all index 65259cf693..ef8923e0c5 100644 --- a/inventory/group_vars/all +++ b/inventory/group_vars/all @@ -83,18 +83,8 @@ communishift_projects: copr_build_virthost: false # assume createrepo is true and this builder has the koji nfs mount to do that createrepo: True -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Unspecified -csi_relationship: | - Unspecified. - * What hosts/services does this rely on? - * What hosts/services rely on this? - - To update this text, add the csi_* vars to group_vars/ in ansible. # This vars get shoved into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: Unspecified custom6_rules: [] custom_rules: [] nft_custom6_rules: [] @@ -323,3 +313,8 @@ wsgi_wants_apache: true # set no x-forward header by default x_forward: false # + +notes: | + Unspecified. + * What hosts/services does this rely on? + * What hosts/services rely on this? diff --git a/inventory/group_vars/autosign b/inventory/group_vars/autosign index d4df4cea07..80abde26aa 100644 --- a/inventory/group_vars/autosign +++ b/inventory/group_vars/autosign @@ -3,15 +3,7 @@ ansible_ifcfg_allowlist: - eth0 - eth1 -csi_primary_contact: Release Engineering - rel-eng@lists.fedoraproject.org -csi_purpose: Automatically sign Rawhide and Branched packages -csi_relationship: | - This host will run the robosignatory application which should automatically sign - builds. It listens to koji over fedora-messaging for notifications of new builds, - and then asks sigul, the signing server, to sign the rpms and store the new rpm - header back in Koji. # For the MOTD -csi_security_category: High # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file @@ -31,3 +23,11 @@ lvm_size: 30000 mem_size: 2048 nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3" num_cpus: 2 + +notes: | + Automatically sign Rawhide and Branched packages + + This host will run the robosignatory application which should automatically sign + builds. It listens to koji over fedora-messaging for notifications of new builds, + and then asks sigul, the signing server, to sign the rpms and store the new rpm + header back in Koji. diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion index d54027edf8..66ca566252 100644 --- a/inventory/group_vars/bastion +++ b/inventory/group_vars/bastion @@ -1,17 +1,7 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: sysadmin-main admin@fedoraproject.org -csi_purpose: SSH proxy to access infrastructure not exposed to the web -csi_relationship: | - - Provides ssh access to all iad2/vpn connected servers. - - Bastion is the hub for all infrastructure's VPN connections. - - All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, - pass or are filtered here. - - Bastion does not accept any mail outside phx2/vpn. # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High # # drop incoming traffic from less trusted vpn hosts # allow ntp from internal RH 10 nets @@ -72,3 +62,11 @@ primary_auth_source: ipa # tcp_ports: [22, 1194] udp_ports: [1194] + +notes: | + SSH proxy to access infrastructure not exposed to the web + + * Provides ssh access to all iad2/vpn connected servers. + * Bastion is the hub for all infrastructure's VPN connections. + * All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, pass or are filtered here. + * Bastion does not accept any mail outside phx2/vpn. diff --git a/inventory/group_vars/bastion_stg b/inventory/group_vars/bastion_stg index 86558e5154..d2fa190069 100644 --- a/inventory/group_vars/bastion_stg +++ b/inventory/group_vars/bastion_stg @@ -11,18 +11,8 @@ bastion_ipa_client_shell_groups: # this only works if the `batcave_stg` group and at least one host in it is defined # batcave_ipa_client_shell_groups: "{{ hostvars[groups['batcave_stg'][0]]['ipa_client_shell_groups'] | default([]) }}" batcave_ipa_client_shell_groups: [] -csi_primary_contact: sysadmin-main admin@fedoraproject.org -csi_purpose: SSH proxy to access STAGING infrastructure not exposed to the web -csi_relationship: | - - Provides ssh access to all iad2/vpn connected servers. - - Bastion is the hub for all infrastructure's VPN connections. - - All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, - pass or are filtered here. - - Bastion does not accept any mail outside phx2/vpn. # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High # # drop incoming traffic from less trusted vpn hosts # allow ntp from internal RH 10 nets @@ -57,3 +47,10 @@ num_cpus: 4 # tcp_ports: [22, 25, 1194] udp_ports: [1194] + +notes: | + SSH proxy to access STAGING infrastructure not exposed to the web + * Provides ssh access to all iad2/vpn connected servers. + * Bastion is the hub for all infrastructure's VPN connections. + * All incoming SMTP from iad2 and VPN, as well as outgoing SMTP, pass or are filtered here. + * Bastion does not accept any mail outside phx2/vpn. diff --git a/inventory/group_vars/batcave b/inventory/group_vars/batcave index c8962e8a64..fd62ac89a2 100644 --- a/inventory/group_vars/batcave +++ b/inventory/group_vars/batcave @@ -1,23 +1,6 @@ --- ansible_base: /srv/web/infra -csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members -csi_purpose: Central management host for ansible -csi_relationship: | - From the batcave batman ventures out to fight crime and protect gotham city! - - batcave is the central management host for ansible. - It also is the infrastructure.fedoraproject.org website with various content. - It houses a number of infrastructure git repos. - - * This host relies on: - The virthost it's hosted on (virthost22) - - * Things that rely on this host: - Things that access rhel/fedora/infra rpm repos, including builders and infra hosts. - If this host is down, ansible runs cannot be made to update other hosts. - If this host is down, crime may go up in gotham city. # For the MOTD -csi_security_category: High # Neeed for rsync from log01 for logs. custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] nft_custom_rules: @@ -80,3 +63,20 @@ tcp_ports: [80, 443, 8442, 8443] vpn: true nagios_Check_Services: swap: false + +notes: | + Central management host for ansible + + From the batcave batman ventures out to fight crime and protect gotham city! + + batcave is the central management host for ansible. + It also is the infrastructure.fedoraproject.org website with various content. + It houses a number of infrastructure git repos. + + This host relies on: + * The virthost it's hosted on (virthost22) + + Things that rely on this host: + * Things that access rhel/fedora/infra rpm repos, including builders and infra hosts. + * If this host is down, ansible runs cannot be made to update other hosts. + * If this host is down, crime may go up in gotham city. diff --git a/inventory/group_vars/bodhi_backend_stg b/inventory/group_vars/bodhi_backend_stg index 3e18a13eec..e398fe73d0 100644 --- a/inventory/group_vars/bodhi_backend_stg +++ b/inventory/group_vars/bodhi_backend_stg @@ -4,28 +4,7 @@ bodhi_message_queue_name: "bodhi{{ env_suffix }}_composer" # Define the topics that our fedora-messaging queue should be subscribed to. bodhi_message_routing_keys: - "org.fedoraproject.*.bodhi.composer.start" -csi_primary_contact: Releng Admins sysadmin-releng-members@fedoraproject.org -csi_purpose: Run the Bodhi masher. -csi_relationship: | - The mashing of repos here happens as part of the 'fedmsg-hub' daemon. Check - logs with 'journalctl -u fedmsg-hub'. Check the bodhi masher docs/code for - more detail on what it does: - https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py - - * This host relies on: - * db01 for its database, which is shares with the bodhi2 frontend nodes. - * An NFS mount of koji data in /mnt/koji/ - * The fedmsg bus for triggering mashes. - * XMLRPC calls to koji for tagging and untagging updates. - * bugzilla for posting comments about status changes - * the wiki for getting information about QA "Test Cases" - * taksotron (resultsdb) for getting status-check results (gating updates). - - * No other systems rely directly on this host. Everything depends on it - indirectly for the creation of new updates repos (which get synced out to - the master mirror for distribution. # For the MOTD -csi_security_category: Moderate # Make connections from signing bridges stateless, they break sigul connections # https://bugzilla.redhat.com/show_bug.cgi?id=1283364 # this is sign-bridge01.iad2 ip 10.3.169.120 @@ -48,3 +27,25 @@ nrpe_procs_warn: 900 num_cpus: 2 # Use the infra-testing repo testing: True + +notes: | + Run the Bodhi masher. + + The mashing of repos here happens as part of the 'fedmsg-hub' daemon. + Check logs with 'journalctl -u fedmsg-hub'. + + Check the bodhi masher docs/code for more detail on what it does: + https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py + + * This host relies on: + * db01 for its database, which is shares with the bodhi2 frontend nodes. + * An NFS mount of koji data in /mnt/koji/ + * The fedmsg bus for triggering mashes. + * XMLRPC calls to koji for tagging and untagging updates. + * bugzilla for posting comments about status changes + * the wiki for getting information about QA "Test Cases" + * taksotron (resultsdb) for getting status-check results (gating updates). + + * No other systems rely directly on this host. Everything depends on it + indirectly for the creation of new updates repos (which get synced out to + the master mirror for distribution. diff --git a/inventory/group_vars/buildhw b/inventory/group_vars/buildhw index 0f7987b052..7db41565e9 100644 --- a/inventory/group_vars/buildhw +++ b/inventory/group_vars/buildhw @@ -1,14 +1,7 @@ --- -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. -csi_relationship: | - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High + docker_registry: "candidate-registry.fedoraproject.org" freezes: true host_group: kojibuilder @@ -19,3 +12,10 @@ koji_server_url: "https://koji.fedoraproject.org/kojihub" koji_topurl: "https://kojipkgs.fedoraproject.org/" koji_weburl: "https://koji.fedoraproject.org/koji" source_registry: "registry.fedoraproject.org" + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. + + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm index 9ecff77236..f5e434976c 100644 --- a/inventory/group_vars/buildvm +++ b/inventory/group_vars/buildvm @@ -1,13 +1,5 @@ --- # common items for the buildvm-* koji builders -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. -csi_relationship: | - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new -csi_security_category: High dns: 10.3.163.33 docker_registry: "candidate-registry.fedoraproject.org" eth0_ipv4_gw: 10.3.169.254 @@ -29,3 +21,11 @@ num_cpus: 6 source_registry: "registry.fedoraproject.org" virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" volgroup: /dev/BuildGuests + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. + + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_aarch64 b/inventory/group_vars/buildvm_aarch64 index 6387ec7bc8..17459d7e08 100644 --- a/inventory/group_vars/buildvm_aarch64 +++ b/inventory/group_vars/buildvm_aarch64 @@ -1,13 +1,5 @@ --- # common items for the buildvm-aarch64* koji builders -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. -csi_relationship: | - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new -csi_security_category: High dns: 10.3.163.33 docker_registry: "candidate-registry.fedoraproject.org" eth0_ipv4_gw: 10.3.170.254 @@ -30,3 +22,10 @@ num_cpus: 12 source_registry: "registry.fedoraproject.org" virt_install_command: "{{ virt_install_command_aarch64_one_nic_unsafe }}" volgroup: /dev/vg_guests + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_aarch64_stg b/inventory/group_vars/buildvm_aarch64_stg index c0917694c1..cbfdeabdd9 100644 --- a/inventory/group_vars/buildvm_aarch64_stg +++ b/inventory/group_vars/buildvm_aarch64_stg @@ -1,14 +1,6 @@ --- # common items for the buildvm-* koji builders createrepo: True -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). -csi_relationship: | - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new -csi_security_category: High datacenter: iad2 dns: 10.3.163.33 docker_registry: "candidate-registry.stg.fedoraproject.org" @@ -23,7 +15,6 @@ koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ koji_weburl: "https://koji.stg.fedoraproject.org/koji" ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/aarch64/os/ @@ -38,3 +29,10 @@ source_registry: "registry.stg.fedoraproject.org" # this is to enable nested virt, which we need for some builds virt_install_command: "{{ virt_install_command_aarch64_one_nic_unsafe }}" volgroup: /dev/vg_guests + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le b/inventory/group_vars/buildvm_osbuild_ppc64le index 0496e9fbe7..b6c847074e 100644 --- a/inventory/group_vars/buildvm_osbuild_ppc64le +++ b/inventory/group_vars/buildvm_osbuild_ppc64le @@ -1,11 +1,4 @@ # common variables for osbuild workers -csi_primary_contact: Image Builder team - osbuilders@redhat.com -csi_purpose: This group of VMs builds OS images via Koji using image builder for ppc64le architecture. -csi_relationship: | - * Relies on koji-hub and image-builder-api (external). - * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new - virtual instances - datacenter: iad2 dns: 10.3.163.33 dns_search1: iad2.fedoraproject.org @@ -45,3 +38,9 @@ osbuild_worker_koji_instances: - koji_host: "koji.fedoraproject.org" krb_principal: "osbuild-automation-bot@FEDORAPROJECT.ORG" krb_keytab_file: "{{ private }}/files/osbuild/worker_koji.keytab" + +notes: | + This group of VMs builds OS images via Koji using image builder for ppc64le architecture. + * Relies on koji-hub and image-builder-api (external). + * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new + virtual instances diff --git a/inventory/group_vars/buildvm_osbuild_ppc64le_staging b/inventory/group_vars/buildvm_osbuild_ppc64le_staging index 9c06426b0c..70d3791928 100644 --- a/inventory/group_vars/buildvm_osbuild_ppc64le_staging +++ b/inventory/group_vars/buildvm_osbuild_ppc64le_staging @@ -1,11 +1,4 @@ # common variables for osbuild workers (staging) -csi_primary_contact: Image Builder team - osbuilders@redhat.com -csi_purpose: This group of VMs builds OS images via Koji (staging) using image builder for ppc64le architecture. -csi_relationship: | - * Relies on koji-hub and image-builder-api (external). - * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new - virtual instances - datacenter: iad2 dns: 10.3.163.33 dns_search1: iad2.fedoraproject.org @@ -45,3 +38,9 @@ osbuild_worker_koji_instances: - koji_host: "koji.stg.fedoraproject.org" krb_principal: "osbuild-automation-bot@STG.FEDORAPROJECT.ORG" krb_keytab_file: "{{ private }}/files/osbuild/worker_stg_koji.keytab" + +notes: | + This group of VMs builds OS images via Koji (staging) using image builder for ppc64le architecture. + * Relies on koji-hub and image-builder-api (external). + * Produces automated builds of OS images for the architecture listed. Wokers can be scaled by adding new + virtual instances diff --git a/inventory/group_vars/buildvm_ppc64le b/inventory/group_vars/buildvm_ppc64le index f459cff64d..84349f84a2 100644 --- a/inventory/group_vars/buildvm_ppc64le +++ b/inventory/group_vars/buildvm_ppc64le @@ -1,15 +1,6 @@ # common items for the buildvm-* koji builders -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This group builds packages for ppcle architecture. -csi_relationship: | - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new - * virtual instances # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High datacenter: iad2 dns: 10.3.163.33 eth0_ipv4_gw: 10.3.171.254 @@ -32,4 +23,13 @@ max_mem_size: 20480 mem_size: 20480 num_cpus: 8 virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" -volgroup: /dev/vg_virt_buildvm_ppc64le_iscsi + +volgroup: /dev/vg_guests + +notes: | + Koji service employs a set of virtual machines to build packages for the Fedora project. This group builds packages for ppcle architecture. + + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new + * virtual instances diff --git a/inventory/group_vars/buildvm_ppc64le_stg b/inventory/group_vars/buildvm_ppc64le_stg index d131e88dd3..a9f120b8b9 100644 --- a/inventory/group_vars/buildvm_ppc64le_stg +++ b/inventory/group_vars/buildvm_ppc64le_stg @@ -1,14 +1,6 @@ --- # common items for the buildvm-* koji builders createrepo: True -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). -csi_relationship: | - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new -csi_security_category: High datacenter: staging dns: 10.3.163.33 docker_registry: "candidate-registry.stg.fedoraproject.org" @@ -23,7 +15,6 @@ koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ koji_weburl: "https://koji.stg.fedoraproject.org/koji" ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/ppc64le/os/ @@ -37,3 +28,10 @@ num_cpus: 4 source_registry: "registry.stg.fedoraproject.org" virt_install_command: "{{ virt_install_command_ppc64le_one_nic_unsafe }}" volgroup: /dev/vg_guests + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_s390x b/inventory/group_vars/buildvm_s390x index 0d11e7a1a3..ce8345957d 100644 --- a/inventory/group_vars/buildvm_s390x +++ b/inventory/group_vars/buildvm_s390x @@ -1,13 +1,5 @@ --- createrepo: False -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. -csi_relationship: | - * VMs built on top of a s390x LPAR - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new -csi_security_category: High dns1: 10.3.163.33 dns2: 10.3.163.34 dns_search1: "iad2.fedoraproject.org" @@ -30,3 +22,10 @@ varnish_group: s390kojipkgs virt_install_command: "{{ virt_install_command_s390x_one_nic }}" vmhost: bvmhost-s390x-01.s390.fedoraproject.org volgroup: /dev/vg_guests + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. + * VMs built on top of a s390x LPAR + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_s390x_stg b/inventory/group_vars/buildvm_s390x_stg index 3716635b57..112594bca2 100644 --- a/inventory/group_vars/buildvm_s390x_stg +++ b/inventory/group_vars/buildvm_s390x_stg @@ -1,13 +1,5 @@ --- createrepo: False -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. -csi_relationship: | - * VMs built on top of a s390x LPAR - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new -csi_security_category: High host_group: kojibuilder koji_hub_nfs: "fedora_koji" koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" @@ -16,3 +8,10 @@ koji_weburl: "https://koji.stg.fedoraproject.org/koji" ks_repo: https://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/41/Server/s390x/os/ ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}" + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders. + * VMs built on top of a s390x LPAR + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvm_stg b/inventory/group_vars/buildvm_stg index 174dff114b..10926cf2dd 100644 --- a/inventory/group_vars/buildvm_stg +++ b/inventory/group_vars/buildvm_stg @@ -1,13 +1,5 @@ --- # common items for the buildvm-* koji builders -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). -csi_relationship: | - * VMs built on top of buildvmhost - * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new -csi_security_category: High datacenter: iad2 dns1: 10.3.163.33 docker_registry: "candidate-registry.stg.fedoraproject.org" @@ -23,7 +15,6 @@ koji_server_url: "https://koji.stg.fedoraproject.org/kojihub" koji_topurl: "https://kojipkgs.stg.fedoraproject.org/" # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ koji_weburl: "https://koji.stg.fedoraproject.org/koji" ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/41/Server/x86_64/os/ @@ -37,3 +28,10 @@ resolvconf: "resolv.conf/iad2" source_registry: "registry.fedoraproject.org" virt_install_command: "{{ virt_install_command_one_nic_unsafe }}" volgroup: /dev/vg_guests + +notes: | + Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging). + * VMs built on top of buildvmhost + * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new diff --git a/inventory/group_vars/buildvmhost b/inventory/group_vars/buildvmhost index 1bc74c24d5..5d4ef04aa5 100644 --- a/inventory/group_vars/buildvmhost +++ b/inventory/group_vars/buildvmhost @@ -1,17 +1,15 @@ --- -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. -csi_relationship: | - * Relies on ansible, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Builder vm's are hosted on hosts created with this playbook. # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High nested: True nrpe_procs_crit: 1800 nrpe_procs_warn: 1700 virthost: true nagios_Check_Services: swap: false + +notes: | + Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. + * Relies on ansible, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Builder vm's are hosted on hosts created with this playbook. diff --git a/inventory/group_vars/copr_back_aws b/inventory/group_vars/copr_back_aws index ac9a9936a0..ade4ed605f 100644 --- a/inventory/group_vars/copr_back_aws +++ b/inventory/group_vars/copr_back_aws @@ -6,15 +6,8 @@ copr_backend_target: copr-backend.target # Copr vars copr_hostbase: copr-be -csi_primary_contact: "msuchy (mirek), frostyx, praiskup IRC #fedora-admin, #fedora-buildsys" -csi_purpose: Provide the backend for copr (3rd party packages) -csi_relationship: | - - Backend: Management of copr cloud infrastructure (OpenStack). - - Small frontend with copr's public stats # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High description: copr dispatcher and repo server do_sign: "true" host_backup_targets: ['/var/lib/copr/public_html/results'] @@ -59,3 +52,8 @@ copr_backend_data_raid10_volumes: copr_backend_data_2_raid1_volumes: - nvme-Amazon_Elastic_Block_Store_vol0f226a7163d28d8fd-part1 - nvme-Amazon_Elastic_Block_Store_vol07293869d85a750b8-part1 + +notes: | + Provide the backend for copr (3rd party packages) + * Backend: Management of copr cloud infrastructure (OpenStack). + * Small frontend with copr's public stats diff --git a/inventory/group_vars/copr_back_dev_aws b/inventory/group_vars/copr_back_dev_aws index faeb8762c0..e6b8d38f34 100644 --- a/inventory/group_vars/copr_back_dev_aws +++ b/inventory/group_vars/copr_back_dev_aws @@ -7,13 +7,8 @@ copr_backend_target: copr-backend.target # Copr vars copr_hostbase: copr-be-dev -csi_primary_contact: "msuchy (mirek), frostyx, praiskup IRC #fedora-admin, #fedora-buildsys" -csi_purpose: Provide the testing environment of copr's backend -csi_relationship: This host is the testing environment for the cloud infrastructure of copr's backend # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: Moderate description: copr dispatcher and repo server - dev instance do_sign: "true" # consumed by roles/copr/certbot @@ -53,3 +48,7 @@ copr_backend_data_raid10_volumes: copr_backend_data_2_raid1_volumes: - nvme-Amazon_Elastic_Block_Store_vol0ce8220e998e2e32a-part1 - nvme-Amazon_Elastic_Block_Store_vol0038e042c49987b82-part1 + +notes: | + Provide the testing environment of copr's backend + This host is the testing environment for the cloud infrastructure of copr's backend diff --git a/inventory/group_vars/copr_db_all b/inventory/group_vars/copr_db_all index b252b393bd..99edb1b097 100644 --- a/inventory/group_vars/copr_db_all +++ b/inventory/group_vars/copr_db_all @@ -1,6 +1,6 @@ --- -csi_primary_contact: "msuchy (mirek), frostyx, praiskup IRC #fedora-admin, #fedora-buildsys" -csi_purpose: Provide the testing environment of copr's db -csi_relationship: This host is the testing environment for copr's database -csi_security_category: Low tcp_ports: [22, 5432] + +notes: | + Provide the testing environment of copr's db + This host is the testing environment for copr's database diff --git a/inventory/group_vars/copr_front_aws b/inventory/group_vars/copr_front_aws index e88e13257c..f9e29f5545 100644 --- a/inventory/group_vars/copr_front_aws +++ b/inventory/group_vars/copr_front_aws @@ -8,15 +8,8 @@ copr_messaging_queue: "a9b74258-21c6-4e79-ba65-9e858dc84a2b" copr_pagure_events: io.pagure.prod.pagure: "https://pagure.io/" org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/" -csi_primary_contact: "msuchy (mirek), frostyx, praiskup IRC #fedora-admin, #fedora-buildsys" -csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr) -csi_relationship: | - - This host provides the frontend part of copr only. - - It's the point of contact between end users and the copr build system (backend, package singer) # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: Moderate # consumed by roles/copr/certbot letsencrypt: certificates: @@ -33,3 +26,8 @@ tcp_ports: [22, 80, 443, services_disabled: false aws_ipv6_addr: "2600:1f18:8ee:ae00:9d1f:4737:93ce:6db/128" + +notes: | + Provide a publicly accessible frontend for 3rd party packages (copr) + This host provides the frontend part of copr only. + It's the point of contact between end users and the copr build system (backend, package singer) diff --git a/inventory/group_vars/copr_front_dev_aws b/inventory/group_vars/copr_front_dev_aws index 56319bf9f2..afdd836455 100644 --- a/inventory/group_vars/copr_front_dev_aws +++ b/inventory/group_vars/copr_front_dev_aws @@ -14,10 +14,6 @@ copr_pagure_events: io.pagure.prod.pagure: "https://pagure.io/" io.pagure.stg.pagure: "https://stg.pagure.io" org.fedoraproject.prod.pagure: "https://src.fedoraproject.org/" -csi_primary_contact: "msuchy (mirek), frostyx, praiskup IRC #fedora-admin, #fedora-buildsys" -csi_purpose: Provide the testing environment of copr's frontend -csi_relationship: This host is the testing environment for copr's web interface -csi_security_category: Low # consumed by roles/copr/certbot letsencrypt: certificates: @@ -38,3 +34,7 @@ tcp_ports: [22, 80, 443, services_disabled: false aws_ipv6_addr: "2600:1f18:8ee:ae00:66a:fd15:3f16:4092/128" + +notes: | + Provide the testing environment of copr's frontend + This host is the testing environment for copr's web interface diff --git a/inventory/group_vars/data_reports b/inventory/group_vars/data_reports index c8a258e69a..4f609a2fc8 100644 --- a/inventory/group_vars/data_reports +++ b/inventory/group_vars/data_reports @@ -1,10 +1,5 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: "#fedora-admin" -csi_purpose: for developing reports against datanommerdb -csi_relationship: | - - This vm is for creating reports whicl once automated will be moved elsewhere. -csi_security_category: Low deployment_type: prod ipa_client_shell_groups: - fi-apprentice @@ -20,3 +15,7 @@ max_mem_size: 8192 mem_size: 8192 num_cpus: 2 primary_auth_source: ipa + +notes: | + for developing reports against datanommerdb + This vm is for creating reports whicl once automated will be moved elsewhere. diff --git a/inventory/group_vars/debuginfod b/inventory/group_vars/debuginfod index a34f32d7ee..98b04a8187 100644 --- a/inventory/group_vars/debuginfod +++ b/inventory/group_vars/debuginfod @@ -1,10 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: "#fedora-admin" -csi_purpose: Provides debuginfod services -csi_relationship: | - - This server provides a debuginfod server to allow downloading debuginfod -csi_security_category: Low + deployment_type: prod ipa_client_shell_groups: - fi-apprentice @@ -21,3 +17,7 @@ mem_size: 24576 num_cpus: 4 primary_auth_source: ipa tcp_ports: [8002] + +notes: | + Provides debuginfod services + This server provides a debuginfod server to allow downloading debuginfod diff --git a/inventory/group_vars/debuginfod_stg b/inventory/group_vars/debuginfod_stg index 7a846c4826..9a5a968f49 100644 --- a/inventory/group_vars/debuginfod_stg +++ b/inventory/group_vars/debuginfod_stg @@ -1,10 +1,5 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: "#fedora-admin" -csi_purpose: Provides debuginfod services -csi_relationship: | - - This server provides a debuginfod server to allow downloading debuginfod -csi_security_category: Low deployment_type: stg ipa_client_shell_groups: - fi-apprentice @@ -21,3 +16,7 @@ mem_size: 24576 num_cpus: 4 primary_auth_source: ipa tcp_ports: [8002] + +notes: | + Provides debuginfod services + This server provides a debuginfod server to allow downloading debuginfod diff --git a/inventory/group_vars/dell_fx_build b/inventory/group_vars/dell_fx_build index 5b344629d3..778e23a15a 100644 --- a/inventory/group_vars/dell_fx_build +++ b/inventory/group_vars/dell_fx_build @@ -1,14 +1,14 @@ --- -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. -csi_relationship: | - * Relies on ansible, virthost, and is monitored by nagios - * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. - * Builder vm's are hosted on hosts created with this playbook. # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should ovveride them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High + nrpe_procs_crit: 1000 nrpe_procs_warn: 900 virthost: true + +notes: | + Koji service employs a set of virtual machines to build packages for the Fedora project. This playbook is for the provisioning of a physical host for buildvm's. + + * Relies on ansible, virthost, and is monitored by nagios + * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver. + * Builder vm's are hosted on hosts created with this playbook. diff --git a/inventory/group_vars/dns b/inventory/group_vars/dns index 0c826ad49f..e7f73c27af 100644 --- a/inventory/group_vars/dns +++ b/inventory/group_vars/dns @@ -1,8 +1,5 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Domain Name Service -csi_security_category: High external: true ipa_client_shell_groups: - sysadmin-dns @@ -22,3 +19,5 @@ tcp_ports: [53] # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file udp_ports: [53] + +notes: Domain Name Service diff --git a/inventory/group_vars/flatpak_cache b/inventory/group_vars/flatpak_cache index 83a3a60aeb..8c91ef0d30 100644 --- a/inventory/group_vars/flatpak_cache +++ b/inventory/group_vars/flatpak_cache @@ -1,20 +1,5 @@ --- -csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members -csi_purpose: Centralized cache for any Flatpak requests from OpenQA -csi_relationship: | - This is to avoid slamming Flathub with requests during automated testing. - - It hosts squid to cache anything under the flathub.org domain. - It is locked down to only allow requests from OpenQA. - - * This host relies on: - The virthost it's hosted on (qvmhost-x86-02) - - * Things that rely on this host: - Any requests using Flatpak from OpenQA. - If this host is down, OpenQA hosts might fail. # For the MOTD -csi_security_category: Low freezes: false ipa_client_shell_groups: - sysadmin-noc @@ -31,3 +16,18 @@ mem_size: 2048 num_cpus: 2 primary_auth_source: ipa tcp_ports: [3128] + +notes: | + Centralized cache for any Flatpak requests from OpenQA + + This is to avoid slamming Flathub with requests during automated testing. + It hosts squid to cache anything under the flathub.org domain. + It is locked down to only allow requests from OpenQA. + + * This host relies on: + The virthost it's hosted on (qvmhost-x86-02) + + * Things that rely on this host: + Any requests using Flatpak from OpenQA. + + If this host is down, OpenQA hosts might fail. diff --git a/inventory/group_vars/gnome_backups b/inventory/group_vars/gnome_backups index 2db8f325be..9102eb87fe 100644 --- a/inventory/group_vars/gnome_backups +++ b/inventory/group_vars/gnome_backups @@ -1,7 +1,6 @@ -csi_purpose: GNOME Infrastructure Backups facility -csi_relationship: | - Provides rdiff-backup based backups to all the GNOME Infrastructure - machines and services - - This machine mainly relies on the Red Hat sponsored NetApp assigned - to the GNOME Project where all the backups do reside freezes: False +notes: | + GNOME Infrastructure Backups facility + Provides rdiff-backup based backups to all the GNOME Infrastructure machines and services + * This machine mainly relies on the Red Hat sponsored NetApp assigned + to the GNOME Project where all the backups do reside diff --git a/inventory/group_vars/kojipkgs b/inventory/group_vars/kojipkgs index 2219525fa3..0b1c93f477 100644 --- a/inventory/group_vars/kojipkgs +++ b/inventory/group_vars/kojipkgs @@ -1,22 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: Fedora admins - admin@fedoraproject.org -csi_purpose: Cache packages from koji for builders and others -csi_relationship: | - There are a few things running here: - - - apache web server and varnish caching proxy. - - - This host relies on: - - koji nfs storage - - proxy01/10 to proxy requests to it. - - - Things that rely on this host: - - all koji builders/buildsystem - - koschei - - external users downloading packages from koji. # For the MOTD -csi_security_category: Moderate custom_rules: [ # Need for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] @@ -42,3 +26,17 @@ num_cpus: 16 primary_auth_source: ipa tcp_ports: [80, 8080] varnish_group: kojipkgs + +notes: | + Cache packages from koji for builders and others + + There are a few things running here: + * apache web server and varnish caching. + + This host relies on: + * koji nfs storage + * proxy01/10 to proxy requests to it. + Things that rely on this host: + * all koji builders/buildsystem + * koschei + * external users downloading packages from koji. diff --git a/inventory/group_vars/nagios b/inventory/group_vars/nagios index 788d7f2c2d..c8fa89f129 100644 --- a/inventory/group_vars/nagios +++ b/inventory/group_vars/nagios @@ -1,7 +1,4 @@ --- -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Monitoring system -csi_security_category: High deployment_type: prod dns_external: - ns-iad01.fedoraproject.org @@ -169,3 +166,5 @@ primary_auth_source: ipa # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file tcp_ports: [80, 443] + +notes: Monitoring system diff --git a/inventory/group_vars/noc_rdu_cc b/inventory/group_vars/noc_rdu_cc index 2cf6c8d4f2..2c4d7ed7bd 100644 --- a/inventory/group_vars/noc_rdu_cc +++ b/inventory/group_vars/noc_rdu_cc @@ -1,7 +1,4 @@ --- -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: dhcp and pxe server for rdu-cc -csi_security_category: High deployment_type: prod ipa_client_shell_groups: - sysadmin-noc @@ -11,3 +8,4 @@ ipa_client_sudo_groups: - sysadmin-noc ipa_host_group: NocRduCC ipa_host_group_desc: Rdu CC noc +notes: dhcp and pxe server for rdu-cc diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure index 20cb48a357..ec8d2e9319 100644 --- a/inventory/group_vars/pagure +++ b/inventory/group_vars/pagure @@ -12,20 +12,7 @@ nft_custom_rules: - 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject' - 'add rule ip filter INPUT ip saddr 47.76.209.138 counter reject' - 'add rule ip filter INPUT ip saddr 47.76.99.127 counter reject' -csi_primary_contact: Fedora admins - admin@fedoraproject.org -csi_purpose: Run the pagure instances for fedora -csi_relationship: | - There are a few things running here: - - - The apache/mod_wsgi app for pagure - - - This host relies on: - - A postgres db server running locally - - - Things that rely on this host: - - nothing currently # For the MOTD -csi_security_category: Low db_backup_dir: ['/backups'] dbs_to_backup: ['pagure'] env: pagure @@ -98,3 +85,14 @@ tcp_ports: [22, 25, 80, 443, 8442, 8443, 8444, 8445, # This is for the pagure public fedmsg relay 9940] vpn: true + +notes: | + Run the pagure instances for fedora + + There are a few things running here: + * The apache/mod_wsgi app for pagure + * This host relies on: + * A postgres db server running locally + + Things that rely on this host: + * nothing currently diff --git a/inventory/group_vars/pagure_stg b/inventory/group_vars/pagure_stg index 0c93d11d0b..9eeb4b11d6 100644 --- a/inventory/group_vars/pagure_stg +++ b/inventory/group_vars/pagure_stg @@ -1,19 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: Fedora admins - admin@fedoraproject.org -csi_purpose: Run the pagure instances for fedora -csi_relationship: | - There are a few things running here: - - - The apache/mod_wsgi app for pagure - - - This host relies on: - - A postgres db server running locally - - - Things that rely on this host: - - nothing currently # For the MOTD -csi_security_category: Low env: pagure-staging # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: @@ -88,3 +75,13 @@ tcp_ports: [22, 25, 80, 443, 9418, # This is for the pagure public fedmsg relay 9940] vpn: true + +notes: | + Run the pagure instances for fedora + + There are a few things running here: + * The apache/mod_wsgi app for pagure + * This host relies on: + * A postgres db server running locally + * Things that rely on this host: + * nothing currently diff --git a/inventory/group_vars/people b/inventory/group_vars/people index 55339494cd..acba9d3427 100644 --- a/inventory/group_vars/people +++ b/inventory/group_vars/people @@ -3,18 +3,7 @@ blocked_ips: [] clamscan_mailto: admin@fedoraproject.org clamscan_paths: - /srv/ -csi_primary_contact: Fedora admins - admin@fedoraproject.org -csi_purpose: Provide hosting space for Fedora contributors and Fedora Planet -csi_relationship: | - - shell accounts and web space for fedora contributors - - web space for personal yum repos - - shared space for small group/personal git repos - - Please be aware that this is a shared server, and you should not upload - Private/Secret SSH or GPG keys onto this system. Any such keys found - will be deleted. # For the MOTD -csi_security_category: Low # Neeed for rsync from log01 for logs. custom_rules: ['-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT'] nft_custom_rules: ['add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'] @@ -43,3 +32,12 @@ ipa_host_group: people ipa_host_group_desc: A place for people to host things primary_auth_source: ipa vpn: true + +notes: | + * Provide hosting space for Fedora contributors and Fedora Planet + * shell accounts and web space for fedora contributors + * web space for personal yum repos + * shared space for small group/personal git repos + + Please be aware that this is a shared server, and you should not upload Private/Secret SSH or GPG keys onto this system. + Any such keys found will be deleted. diff --git a/inventory/group_vars/proxies b/inventory/group_vars/proxies index 08e0df2e5a..19eff3742b 100644 --- a/inventory/group_vars/proxies +++ b/inventory/group_vars/proxies @@ -3,15 +3,7 @@ blocked_ip_v6: [] blocked_ips: ['14.102.69.78', '104.219.54.236', '103.38.177.2', '110.172.140.98', '183.80.131.253', '113.190.178.137', '115.76.39.108', '116.109.31.204', '209.64.155.56'] collectd_apache: true -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Provides frontend (reverse) proxy for most web applications -csi_relationship: | - Using Apache -> haproxy, these hosts contact app servers and - other various hosts to provide web applications at sites like - fedoraproject.org and admin.fedoraproject.org. The proxy servers are - balanced via dns and geoIP and are spread all over the place. # For the MOTD -csi_security_category: Moderate custom_rules: [ # Need for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 209.132.181.102 --dport 873 -j ACCEPT', @@ -113,3 +105,9 @@ zabbix_templates: template: "external_hosts_http.json" # Template name in roles/zabbix/zabbix_templates/files/templatename.json custom_template: true # Is the template official template bundled with Zabbix or one of our custom templates hostgroup: "fedora external hosts" # Zabbix hostgroup + +notes: | + * Provides frontend (reverse) proxy for most web applications + * Using Apache -> haproxy, these hosts contact app servers and other various hosts to provide web applications at sites like + fedoraproject.org and admin.fedoraproject.org. + * The proxy servers are balanced via dns and geoIP and are spread all over the place. diff --git a/inventory/group_vars/proxies_stg b/inventory/group_vars/proxies_stg index b6de879e4d..39ff48f242 100644 --- a/inventory/group_vars/proxies_stg +++ b/inventory/group_vars/proxies_stg @@ -1,15 +1,7 @@ --- # Define resources for this group of hosts here. collectd_apache: true -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Provides frontend (reverse) proxy for most web applications -csi_relationship: | - Using Apache -> haproxy, these hosts contact app servers and - other various hosts to provide web applications at sites like - fedoraproject.org and admin.fedoraproject.org. The proxy servers are - balanced via dns and geoIP and are spread all over the place. # For the MOTD -csi_security_category: Moderate custom_rules: [ # Need for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', @@ -97,3 +89,9 @@ tcp_ports: [ ] varnish_group: proxies zabbix_templates: "{{ [] }}" # For the moment we have no proxies external to IAD2, if this changes, put in the changes in the production group. + +notes: | + * Provides frontend (reverse) proxy for most web applications + * Using Apache -> haproxy, these hosts contact app servers and other various hosts to provide web applications + at sites like fedoraproject.org and admin.fedoraproject.org. + * The proxy servers are balanced via dns and geoIP and are spread all over the place. diff --git a/inventory/group_vars/repospanner_temp b/inventory/group_vars/repospanner_temp index 905aca5d57..6d89b18f09 100644 --- a/inventory/group_vars/repospanner_temp +++ b/inventory/group_vars/repospanner_temp @@ -1,9 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: admin@fedoraproject.org / sysadmin-main-members -csi_purpose: repospanner git syncing host # For the MOTD -csi_security_category: Low custom_rules: ['-A INPUT -p tcp -m tcp -s 8.43.84.211 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.84.212 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.85.76 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.149 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 209.132.181.20 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 8.43.85.78 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 152.19.134.191 --dport 8443:8445 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 140.211.169.199 --dport 8443:8445 -j ACCEPT'] nft_custom_rules: - 'add rule ip filter INPUT ip saddr 8.43.84.211 tcp dport 8443-8445 counter accept' @@ -24,3 +21,5 @@ nagios_Check_Services: sshd: false swap: false num_cpus: 8 + +notes: repospanner git syncing host diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace index b58c2649db..1f28d5495b 100644 --- a/inventory/group_vars/retrace +++ b/inventory/group_vars/retrace @@ -1,16 +1,4 @@ --- -csi_primary_contact: "msrb, abrt-devel-list@redhat.com, Libera.chat #abrt" -csi_purpose: Provide a web interface and backend for ABRT Analytics and Retrace Server. -csi_relationship: | - Three services run on this server: - - An Apache httpd serves the web interface and backed functionality for - ABRT Analytics. - - The same server provides the HTTP endpoints for Retrace Server to allow - remote retracing of crashes in Fedora. - - PostgreSQL server for ABRT Analytics. - - The retracing functionality relies on the debuginfod server - (debuginfod.fedoraproject.org). custom_rules: - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT' - '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 5432 -j ACCEPT' @@ -62,3 +50,12 @@ nrpe_procs_warn: 1800 primary_auth_source: ipa tcp_ports: [80, 443] vpn: true + +notes: | + Provide a web interface and backend for ABRT Analytics and Retrace Server. + Three services run on this server: + * An Apache httpd serves the web interface and backed functionality for ABRT Analytics. + * The same server provides the HTTP endpoints for Retrace Server to allow remote retracing of crashes in Fedora. + * PostgreSQL server for ABRT Analytics. + + The retracing functionality relies on the debuginfod server (debuginfod.fedoraproject.org). diff --git a/inventory/group_vars/retrace_stg_aws b/inventory/group_vars/retrace_stg_aws index a86d4dda7e..312e147c94 100644 --- a/inventory/group_vars/retrace_stg_aws +++ b/inventory/group_vars/retrace_stg_aws @@ -1,6 +1,4 @@ --- -csi_primary_contact: "msrb, abrt-devel-list@redhat.com, Libera.chat #abrt" -csi_purpose: Provide staging environment for ABRT Analytics and Retrace Server. env: staging nagios_Check_Services: mail: false @@ -10,3 +8,4 @@ root_auth_users: msuchy mfabik mzidek sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers" tcp_ports: [22, 80, 443] vpn: true +notes: Provide staging environment for ABRT Analytics and Retrace Server. diff --git a/inventory/group_vars/torrent b/inventory/group_vars/torrent index 9656af6680..eedb9c56bf 100644 --- a/inventory/group_vars/torrent +++ b/inventory/group_vars/torrent @@ -1,19 +1,5 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Torrent master server for Fedora distribution -csi_relationship: | - torrent01 is the master torrent server for Fedora releases - This host relies on: - - The virthost it's hosted on (ibiblio05.fedoraproject.org) - - FAS to authenticate users - - VPN connectivity - - Things that rely on this host: - - If this host is down, Fedora will lose a release distribution channel - - The Apache that displays the torrent website - - This server also has opentracker+ running to gather statistics for our torrent -csi_security_category: Low ipa_client_shell_groups: - fi-apprentice - sysadmin-noc @@ -34,3 +20,16 @@ num_cpus: 2 primary_auth_source: ipa tcp_ports: [53, 80, 443, 873, "6881:6999"] udp_ports: [53] + +notes: | + Torrent master server for Fedora distribution + torrent01 is the master torrent server for Fedora releases + This host relies on: + * The virthost it's hosted on (ibiblio05.fedoraproject.org) + * FAS to authenticate users + * VPN connectivity + + Things that rely on this host: + * If this host is down, Fedora will lose a release distribution channel + * The Apache that displays the torrent website + * This server also has opentracker+ running to gather statistics for our torrent diff --git a/inventory/group_vars/value b/inventory/group_vars/value index 0ab52bb4ab..f745cd3fbc 100644 --- a/inventory/group_vars/value +++ b/inventory/group_vars/value @@ -1,15 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: mote admins - sysadmin-mote-members@fedoraproject.org -csi_purpose: Hosts services which help facilitate communication over IRC and related mediums. -csi_relationship: | - There are a couple things running here. - - * zodbot, a supybot instance. See the zodbot SOP for more info. - * fedmsg-irc, our fedmsg to IRC relay. 'journalctl -u fedmsg-irc' - * mote, a webapp running behind httpd that serves meetbot log files. # For the MOTD -csi_security_category: Moderate custom_rules: [ # Needed for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', @@ -73,3 +64,10 @@ primary_auth_source: ipa tcp_ports: [80, 443, # These 16 ports are used by fedmsg. One for each wsgi thread. 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +notes: | + Hosts services which help facilitate communication over IRC and related mediums. + There are a couple things running here. + * zodbot, a supybot instance. See the zodbot SOP for more info. + * fedmsg-irc, our fedmsg to IRC relay. 'journalctl -u fedmsg-irc' + * mote, a webapp running behind httpd that serves meetbot log files. diff --git a/inventory/group_vars/value_stg b/inventory/group_vars/value_stg index b7a6f6b75d..c91c714b02 100644 --- a/inventory/group_vars/value_stg +++ b/inventory/group_vars/value_stg @@ -1,15 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: mote admins - sysadmin-mote-members@fedoraproject.org -csi_purpose: Hosts staging services which help facilitate communication over IRC and related mediums. -csi_relationship: | - There are a couple things running here. - - * ursabot, a supybot instance. See the zodbot SOP for more info. - * fedmsg-irc, our staging fedmsg to IRC relay. 'journalctl -u fedmsg-irc' - * mote, a webapp running behind httpd that serves meetbot log files. # For the MOTD -csi_security_category: Moderate custom_rules: [ # Neeed for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', @@ -73,3 +64,10 @@ num_cpus: 2 tcp_ports: [80, 443, # These 16 ports are used by fedmsg. One for each wsgi thread. 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] + +notes: | + Hosts staging services which help facilitate communication over IRC and related mediums. + There are a couple things running here. + * ursabot, a supybot instance. See the zodbot SOP for more info. + * fedmsg-irc, our staging fedmsg to IRC relay. 'journalctl -u fedmsg-irc' + * mote, a webapp running behind httpd that serves meetbot log files. diff --git a/inventory/group_vars/virthost b/inventory/group_vars/virthost index a72e8f3e5b..d87a060e4f 100644 --- a/inventory/group_vars/virthost +++ b/inventory/group_vars/virthost @@ -1,14 +1,7 @@ --- # iscsi initiator for netapp iscsi volume -csi_primary_contact: Fedora Admins - admin@fedoraproject.org -csi_purpose: Host guest virtual machines. -csi_relationship: | - - Guests on this host will be inaccessible if the host is down. - - This host will be required by any application with a virtual machine running on it, therefore, if this host is down those applications will be impacted. # These variables are pushed into /etc/system_identification by the base role. # Groups and individual hosts should override them with specific info. -# See http://infrastructure.fedoraproject.org/csi/security-policy/ -csi_security_category: High nagios_Check_Services: raid: true netapp_nfs01_iscsi_name: iqn.1992-08.com.netapp:sn.1573980325:vf.f88732f4-106e-11e2-bc86-00a098162a28 @@ -18,3 +11,9 @@ nrpe_procs_crit: 1500 nrpe_procs_warn: 1400 primary_auth_source: ipa virthost: true + +notes: | + Host guest virtual machines. + + Guests on this host will be inaccessible if the host is down. + This host will be required by any application with a virtual machine running on it, therefore, if this host is down those applications will be impacted. diff --git a/inventory/group_vars/wiki b/inventory/group_vars/wiki index 3a4f45ac85..dae4b6925a 100644 --- a/inventory/group_vars/wiki +++ b/inventory/group_vars/wiki @@ -1,13 +1,5 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: "#fedora-admin" -csi_purpose: Provides our wiki -csi_relationship: | - - There are multiple servers that this service requires. All proxy servers and Wiki 1 and 2. - - Wiki requires the proxy servers in order for traffic to pass to them - - If the Apache processes stop on wiki01 and wiki02 the wiki will not display - - The wiki also requires fas for log in purposes -csi_security_category: Moderate deployment_type: prod # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: @@ -43,3 +35,10 @@ wikiname: "fp" wikipath: "wiki" wikiver: "mediawiki" wpath: "w" + +notes: | + - Provides our wiki + - There are multiple servers that this service requires. All proxy servers and Wiki 1 and 2. + - Wiki requires the proxy servers in order for traffic to pass to them + - If the Apache processes stop on wiki01 and wiki02 the wiki will not display + - The wiki also requires fas for log in purposes diff --git a/inventory/group_vars/zabbix b/inventory/group_vars/zabbix index 355b583ef5..8205951367 100644 --- a/inventory/group_vars/zabbix +++ b/inventory/group_vars/zabbix @@ -1,11 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: [] -csi_purpose: [] -csi_relationship: | - Test instance for zabbix server # For the MOTD -csi_security_category: [] deployment_type: stg ipa_client_shell_groups: - fi-apprentice @@ -25,3 +20,4 @@ num_cpus: 4 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file tcp_ports: [80, 443] +notes: Test instanec for zabbix server diff --git a/inventory/group_vars/zabbix_stg b/inventory/group_vars/zabbix_stg index 510c07f0bd..7dd16eeef0 100644 --- a/inventory/group_vars/zabbix_stg +++ b/inventory/group_vars/zabbix_stg @@ -1,11 +1,6 @@ --- # Define resources for this group of hosts here. -csi_primary_contact: [] -csi_purpose: [] -csi_relationship: | - Test instance for zabbix server # For the MOTD -csi_security_category: [] deployment_type: stg ipa_client_shell_groups: - fi-apprentice @@ -25,3 +20,4 @@ num_cpus: 2 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file tcp_ports: [80, 443] +notes: Test instance for zabbix server diff --git a/inventory/host_vars/ibiblio02.fedoraproject.org b/inventory/host_vars/ibiblio02.fedoraproject.org index bad58d277c..6c61b6e9af 100644 --- a/inventory/host_vars/ibiblio02.fedoraproject.org +++ b/inventory/host_vars/ibiblio02.fedoraproject.org @@ -43,3 +43,4 @@ nrpe_procs_crit: 1300 nrpe_procs_warn: 1250 postfix_group: vpn vpn: true +notes: "vhost at ibiblio" diff --git a/inventory/host_vars/noc02.fedoraproject.org b/inventory/host_vars/noc02.fedoraproject.org index 8148e204ec..57cfb5f145 100644 --- a/inventory/host_vars/noc02.fedoraproject.org +++ b/inventory/host_vars/noc02.fedoraproject.org @@ -52,3 +52,4 @@ postfix_transport_filename: transports.noc02.fedoraproject.org vmhost: ibiblio02.fedoraproject.org volgroup: /dev/vg_guests vpn: true +notes: "This is an external nagios server located outside of PHX. It monitors our user websites/applications (fedoraproject.org, FAS, PackageDB, Bodhi/Updates)." diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml index b1c7d14d62..c70b2de594 100644 --- a/playbooks/groups/backup-server.yml +++ b/playbooks/groups/backup-server.yml @@ -34,7 +34,6 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - import_tasks: "{{ tasks_path }}/rdiff_backup_server.yml" handlers: diff --git a/playbooks/groups/bastion.yml b/playbooks/groups/bastion.yml index 95f82be1bb..b030d2eb57 100644 --- a/playbooks/groups/bastion.yml +++ b/playbooks/groups/bastion.yml @@ -30,8 +30,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml index 6b1a02bffd..e3fa03fd90 100644 --- a/playbooks/groups/batcave.yml +++ b/playbooks/groups/batcave.yml @@ -62,8 +62,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/bodhi-backend.yml b/playbooks/groups/bodhi-backend.yml index bf0eab150b..ad176d52b3 100644 --- a/playbooks/groups/bodhi-backend.yml +++ b/playbooks/groups/bodhi-backend.yml @@ -123,7 +123,6 @@ ansible.builtin.file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link tags: bodhi when: env == 'staging' - - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml index 3b64b0acf5..751a35ae02 100644 --- a/playbooks/groups/buildhw.yml +++ b/playbooks/groups/buildhw.yml @@ -88,9 +88,6 @@ when: env == "staging" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - when: not inventory_hostname.startswith('bkernel') - - name: make sure kojid is running service: name=kojid state=started enabled=yes diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml index 6e7c38206c..66573a6422 100644 --- a/playbooks/groups/buildvm.yml +++ b/playbooks/groups/buildvm.yml @@ -72,13 +72,6 @@ candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}" when: env == "staging" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - when: not inventory_hostname.startswith('bkernel') and env == 'production' - -# - name: Make sure kojid is running -# service: name=kojid state=started enabled=yes - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/busgateway.yml b/playbooks/groups/busgateway.yml index 67b49f9a6d..25d655cfa5 100644 --- a/playbooks/groups/busgateway.yml +++ b/playbooks/groups/busgateway.yml @@ -28,9 +28,6 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/certgetter.yml b/playbooks/groups/certgetter.yml index 7e1ae5d0dc..df1452195e 100644 --- a/playbooks/groups/certgetter.yml +++ b/playbooks/groups/certgetter.yml @@ -29,9 +29,7 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - - name: Make sure certbot is installed + - name: make sure certbot is installed ansible.builtin.package: name=certbot state=installed handlers: diff --git a/playbooks/groups/copr-hypervisor.yml b/playbooks/groups/copr-hypervisor.yml index a57380dcbf..c4470938dc 100644 --- a/playbooks/groups/copr-hypervisor.yml +++ b/playbooks/groups/copr-hypervisor.yml @@ -23,7 +23,5 @@ - import_role: name=ipa/client - import_role: name=copr/hypervisor - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/data-reports.yml b/playbooks/groups/data-reports.yml index 3813ae654e..012f7b9f8d 100644 --- a/playbooks/groups/data-reports.yml +++ b/playbooks/groups/data-reports.yml @@ -28,8 +28,5 @@ - collectd/base - sudo - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/db.aws.yml b/playbooks/groups/db.aws.yml index e646a02c8c..94de62a16f 100644 --- a/playbooks/groups/db.aws.yml +++ b/playbooks/groups/db.aws.yml @@ -72,8 +72,5 @@ # - collectd/postgres # This requires a 'databases' var to be set in host_vars - sudo - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/debuginfod.yml b/playbooks/groups/debuginfod.yml index 5700e842f8..9316c8b133 100644 --- a/playbooks/groups/debuginfod.yml +++ b/playbooks/groups/debuginfod.yml @@ -31,9 +31,7 @@ nfs_src_dir: "fedora_koji" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - - name: Install debuginfod + - name: install debuginfod ansible.builtin.package: name=elfutils-debuginfod state=present tags: debuginfod diff --git a/playbooks/groups/dns.yml b/playbooks/groups/dns.yml index d4b6c998cd..250ced7638 100644 --- a/playbooks/groups/dns.yml +++ b/playbooks/groups/dns.yml @@ -32,8 +32,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml index dd4a1509c3..e3b957a9a3 100644 --- a/playbooks/groups/download.yml +++ b/playbooks/groups/download.yml @@ -50,9 +50,7 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - - name: Put in script for syncing fedora on download-ib01 + - name: put in script for syncing fedora on download-ib01 ansible.builtin.copy: src="{{ files }}/download/sync-up-downloads.sh.ib01" dest=/usr/local/bin/sync-up-downloads owner=root group=root mode=755 when: inventory_hostname == 'download-ib01.fedoraproject.org' - name: Put in script for syncing fedora-alt on download-ib01 diff --git a/playbooks/groups/flatpak-cache.yml b/playbooks/groups/flatpak-cache.yml index 080b22b3ea..9a4745391a 100644 --- a/playbooks/groups/flatpak-cache.yml +++ b/playbooks/groups/flatpak-cache.yml @@ -23,9 +23,5 @@ - sudo - flatpak-cache - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/github2fedmsg.yml b/playbooks/groups/github2fedmsg.yml index 4b3dad15bc..99a46d2279 100644 --- a/playbooks/groups/github2fedmsg.yml +++ b/playbooks/groups/github2fedmsg.yml @@ -35,9 +35,6 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index 2cba92310c..2ab38842f6 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -29,9 +29,6 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/ipsilon.yml b/playbooks/groups/ipsilon.yml index 0763d834a4..390250a683 100644 --- a/playbooks/groups/ipsilon.yml +++ b/playbooks/groups/ipsilon.yml @@ -38,9 +38,6 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml index 04ccd3f7f8..93bbbb3930 100644 --- a/playbooks/groups/koji-hub.yml +++ b/playbooks/groups/koji-hub.yml @@ -152,9 +152,6 @@ user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.buildsys\..* when: koji_instance == 'secondary' - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/kojipkgs.yml b/playbooks/groups/kojipkgs.yml index 448566d837..7e149ed905 100644 --- a/playbooks/groups/kojipkgs.yml +++ b/playbooks/groups/kojipkgs.yml @@ -68,8 +68,5 @@ - role: kojipkgs - role: varnish - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/logserver.yml b/playbooks/groups/logserver.yml index 0a7f1c128d..33f66fc451 100644 --- a/playbooks/groups/logserver.yml +++ b/playbooks/groups/logserver.yml @@ -43,7 +43,6 @@ tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" # # We exclude some dirs from restorecon on updates on logservers as they are very large diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml index f7029a0ab5..bd8398d8c2 100644 --- a/playbooks/groups/mailman.yml +++ b/playbooks/groups/mailman.yml @@ -33,10 +33,6 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - # this is how you include other task lists - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/maintainer-test.yml b/playbooks/groups/maintainer-test.yml index a318367a52..b5afd50123 100644 --- a/playbooks/groups/maintainer-test.yml +++ b/playbooks/groups/maintainer-test.yml @@ -24,8 +24,6 @@ tasks: # this is how you include other task lists - - import_tasks: "{{ tasks_path }}/motd.yml" - - name: Install packager tools (dnf) dnf: state=present pkg={{ item }} with_items: diff --git a/playbooks/groups/mariadb-server.yml b/playbooks/groups/mariadb-server.yml index 21c4ebf895..ef821e4b20 100644 --- a/playbooks/groups/mariadb-server.yml +++ b/playbooks/groups/mariadb-server.yml @@ -31,10 +31,6 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - # TODO: add iscsi task handlers: diff --git a/playbooks/groups/memcached.yml b/playbooks/groups/memcached.yml index 27c28d5849..abcc3abe41 100644 --- a/playbooks/groups/memcached.yml +++ b/playbooks/groups/memcached.yml @@ -29,7 +29,7 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" + - import_tasks: "{{ role_path }}/base/tasks/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/nfs-servers.yml b/playbooks/groups/nfs-servers.yml index 68ae669dc8..7579a85234 100644 --- a/playbooks/groups/nfs-servers.yml +++ b/playbooks/groups/nfs-servers.yml @@ -24,9 +24,6 @@ - sudo - openvpn/client - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index ed57e11ad7..b7f2c09588 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -43,9 +43,6 @@ when: datacenter != 'iad2' - { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') } - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/oci-registry.yml b/playbooks/groups/oci-registry.yml index 2c7e366635..3907a80149 100644 --- a/playbooks/groups/oci-registry.yml +++ b/playbooks/groups/oci-registry.yml @@ -47,9 +47,6 @@ when: "env == 'staging'" - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa-onebox-test.yml b/playbooks/groups/openqa-onebox-test.yml index b3e7aac650..21a41f19c2 100644 --- a/playbooks/groups/openqa-onebox-test.yml +++ b/playbooks/groups/openqa-onebox-test.yml @@ -23,9 +23,6 @@ - { role: sudo, tags: ['sudo'] } - apache - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa-workers.yml b/playbooks/groups/openqa-workers.yml index 01ba9bec68..d0a38af163 100644 --- a/playbooks/groups/openqa-workers.yml +++ b/playbooks/groups/openqa-workers.yml @@ -25,8 +25,5 @@ - { role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: openqa_nbde|bool } - apache - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/openqa.yml b/playbooks/groups/openqa.yml index 18cf347ce7..34cd33cd46 100644 --- a/playbooks/groups/openqa.yml +++ b/playbooks/groups/openqa.yml @@ -28,7 +28,7 @@ - apache tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" + - import_tasks: "{{ role_path }}/base/tasks/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/os-control.yml b/playbooks/groups/os-control.yml index 9d7ca9ca6d..34e11b8ea5 100644 --- a/playbooks/groups/os-control.yml +++ b/playbooks/groups/os-control.yml @@ -62,7 +62,6 @@ mode: "0755" - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/os-proxies.yml b/playbooks/groups/os-proxies.yml index 3666b18aab..7f081a5d84 100644 --- a/playbooks/groups/os-proxies.yml +++ b/playbooks/groups/os-proxies.yml @@ -28,9 +28,7 @@ - keepalived tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - - name: Install haproxy + - name: install haproxy ansible.builtin.package: name=haproxy state=present - name: Install haproxy config diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml index 68b53de3e2..6a6549b4bc 100644 --- a/playbooks/groups/pagure.yml +++ b/playbooks/groups/pagure.yml @@ -28,9 +28,6 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index 766334c372..0eba7ebe94 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -84,8 +84,5 @@ - people - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 6826822f72..e74eee0eae 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -33,7 +33,6 @@ - krb5 - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/postgresql-server.yml b/playbooks/groups/postgresql-server.yml index 4a4fd991d1..ae9edd8a65 100644 --- a/playbooks/groups/postgresql-server.yml +++ b/playbooks/groups/postgresql-server.yml @@ -35,9 +35,6 @@ - collectd/postgres # This requires a 'databases' var to be set in host_vars - sudo - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - # TODO: add iscsi task handlers: diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index 929aa38196..edce0657e0 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -37,7 +37,6 @@ # when: env == "staging" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" # You might think we would want these tasks_path on the proxy nodes, but they # actually deliver a configuration that our proxy-specific roles below then go diff --git a/playbooks/groups/rabbitmq.yml b/playbooks/groups/rabbitmq.yml index 97ff4630f3..3c15690b9e 100644 --- a/playbooks/groups/rabbitmq.yml +++ b/playbooks/groups/rabbitmq.yml @@ -32,8 +32,5 @@ - sudo - rabbitmq_cluster - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml index 55a354145a..6fe5a50100 100644 --- a/playbooks/groups/releng-compose.yml +++ b/playbooks/groups/releng-compose.yml @@ -187,9 +187,7 @@ tasks: # this is how you include other task lists - - import_tasks: "{{ tasks_path }}/motd.yml" - - - name: Install skopeo and buildah for container management + - name: install skopeo and buildah for container management ansible.builtin.package: name: - skopeo diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml index af02ffdce7..95e0ea5493 100644 --- a/playbooks/groups/retrace.yml +++ b/playbooks/groups/retrace.yml @@ -73,8 +73,6 @@ - import_role: name=nagios_client - import_role: name=sudo - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index e5ed84b605..065ed9e290 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -55,8 +55,6 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - name: Install some misc packages needed for various tasks ansible.builtin.package: state: present diff --git a/playbooks/groups/sign-bridge.yml b/playbooks/groups/sign-bridge.yml index 171ea330cb..dd955b3a1e 100644 --- a/playbooks/groups/sign-bridge.yml +++ b/playbooks/groups/sign-bridge.yml @@ -37,8 +37,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/smtp-auth.yml b/playbooks/groups/smtp-auth.yml index dc7c5ae924..8a4b9fb566 100644 --- a/playbooks/groups/smtp-auth.yml +++ b/playbooks/groups/smtp-auth.yml @@ -29,8 +29,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/smtp-mm.yml b/playbooks/groups/smtp-mm.yml index 93996d5040..c1fb394985 100644 --- a/playbooks/groups/smtp-mm.yml +++ b/playbooks/groups/smtp-mm.yml @@ -29,8 +29,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml index 77bd552fb6..8a9ece9937 100644 --- a/playbooks/groups/sundries.yml +++ b/playbooks/groups/sundries.yml @@ -89,8 +89,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/tang.yml b/playbooks/groups/tang.yml index dddb8f3f2b..e7e086f112 100644 --- a/playbooks/groups/tang.yml +++ b/playbooks/groups/tang.yml @@ -26,8 +26,5 @@ - sudo - tang - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/torrent.yml b/playbooks/groups/torrent.yml index 237bb0e926..83d9aabf96 100644 --- a/playbooks/groups/torrent.yml +++ b/playbooks/groups/torrent.yml @@ -37,8 +37,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml index 9ea6a5a16c..ba8dd583ce 100644 --- a/playbooks/groups/value.yml +++ b/playbooks/groups/value.yml @@ -48,8 +48,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml index 25250c15cd..73a663581c 100644 --- a/playbooks/groups/virthost.yml +++ b/playbooks/groups/virthost.yml @@ -52,8 +52,5 @@ - {role: linux-system-roles.nbde_client, tags: ['nbde_client'], when: datacenter == 'iad2' and nbde|bool} - {role: serial-console, when: datacenter == 'iad2' and ansible_architecture != 's390x'} - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/wiki.yml b/playbooks/groups/wiki.yml index 4ef9843843..f40ee25648 100644 --- a/playbooks/groups/wiki.yml +++ b/playbooks/groups/wiki.yml @@ -42,8 +42,5 @@ - mediawiki - sudo - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/groups/zabbix.yml b/playbooks/groups/zabbix.yml index 5a61703165..0b17c0a020 100644 --- a/playbooks/groups/zabbix.yml +++ b/playbooks/groups/zabbix.yml @@ -27,8 +27,6 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - name: Sync sysadmin-noc membership to the zabbix server include_role: name: zabbix/zabbix_server diff --git a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml index 46681156e2..303c2a2d65 100644 --- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml +++ b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml @@ -29,7 +29,6 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - name: Check if ntpd port is already known by selinux ansible.builtin.shell: semanage port -l | grep ntp diff --git a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml index 7f75c3f981..9d806ab7da 100644 --- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml +++ b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml @@ -31,9 +31,7 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - - name: Install some packages which arent in playbooks + - name: install some packages which arent in playbooks ansible.builtin.package: state: present name: diff --git a/playbooks/manual/autosign.yml b/playbooks/manual/autosign.yml index 9559944a47..11737da175 100644 --- a/playbooks/manual/autosign.yml +++ b/playbooks/manual/autosign.yml @@ -85,9 +85,5 @@ pre_tasks: - import_tasks: "{{ tasks_path }}/yumrepos.yml" - - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/kernel-qa.yml b/playbooks/manual/kernel-qa.yml index b475d79d8e..42de1b3ceb 100644 --- a/playbooks/manual/kernel-qa.yml +++ b/playbooks/manual/kernel-qa.yml @@ -21,9 +21,5 @@ - sudo - hosts - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/qadevel.yml b/playbooks/manual/qadevel.yml index 3cd0e89ed6..478ba35b19 100644 --- a/playbooks/manual/qadevel.yml +++ b/playbooks/manual/qadevel.yml @@ -43,7 +43,6 @@ tasks: - import_tasks: "{{ tasks_path }}/hosts.yml" - import_tasks: "{{ tasks_path }}/2fa_client.yml" - - import_tasks: "{{ tasks_path }}/motd.yml" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/playbooks/manual/sign-vault.yml b/playbooks/manual/sign-vault.yml index 3f75d2ebc7..cd677f9c11 100644 --- a/playbooks/manual/sign-vault.yml +++ b/playbooks/manual/sign-vault.yml @@ -44,8 +44,5 @@ - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README - import_tasks: "{{ tasks_path }}/yumrepos.yml" - tasks: - - import_tasks: "{{ tasks_path }}/motd.yml" - handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 4d2feff6f8..2034382932 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -553,3 +553,6 @@ - rsyslogd - config - base + +- name: Setup Message of the Day (motd) + import_tasks: motd.yml diff --git a/roles/base/tasks/motd.yml b/roles/base/tasks/motd.yml new file mode 100644 index 0000000000..65e89546be --- /dev/null +++ b/roles/base/tasks/motd.yml @@ -0,0 +1,7 @@ +--- +- name: Add motd to system + ansible.builtin.template: src=motd.j2 dest=/etc/motd + + tags: + - motd + - base diff --git a/roles/base/templates/motd.j2 b/roles/base/templates/motd.j2 new file mode 100644 index 0000000000..a332c7095f --- /dev/null +++ b/roles/base/templates/motd.j2 @@ -0,0 +1,19 @@ +================================== ATTENTION ================================== + + This is a PRIVATE computer system, unauthorized access is + strictly prohibited. + +This system is to be used for Fedora Project and related purposes only. This +is not your personal computing system. Users who are unsure whether or not +they have access to this system, don't have it and should log off immediately. + +There is no expectation of privacy of any kind on this system. All questions +concerning access should be directed to admin@fedoraproject.org + +=============================================================================== + +This system is ansible managed! Local changes may be overwritten. + +Environment: {{env}} +Freezes: {{freezes}} +Notes: {{notes}} diff --git a/tasks/motd.yml b/tasks/motd.yml deleted file mode 100644 index 9715b24df6..0000000000 --- a/tasks/motd.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Add motd to system - ansible.builtin.template: src=/srv/web/infra/hosts/motd.j2 dest=/etc/motd - tags: - - motd - - base