From 706d8a1bbad835a206b186dbd53163c16b06cd3d Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 14 Jan 2015 20:24:27 +0000 Subject: [PATCH 1/3] Fix FAS endpoints for fedmsg. There are 40 wsgi processes. --- roles/fedmsg/base/templates/endpoints.py.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/fedmsg/base/templates/endpoints.py.j2 b/roles/fedmsg/base/templates/endpoints.py.j2 index b3b47b03eb..de935a4bc4 100644 --- a/roles/fedmsg/base/templates/endpoints.py.j2 +++ b/roles/fedmsg/base/templates/endpoints.py.j2 @@ -41,16 +41,16 @@ config = dict( # the usual 8 since there are so many mod_wsgi processes for it. "fas.fas01": [ "tcp://fas01.%s:30%02i" % (suffix, i) - for i in range(32) + for i in range(40) ], {% if env != 'staging' %} "fas.fas02": [ "tcp://fas02.%s:30%02i" % (suffix, i) - for i in range(32) + for i in range(40) ], "fas.fas03": [ "tcp://fas03.%s:30%02i" % (suffix, i) - for i in range(32) + for i in range(40) ], {% endif %} # fedoratagger needs 32 endpoints too, just like FAS. From 04a9a907514a1298256f1a1c058cc348287f2b00 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 14 Jan 2015 20:28:51 +0000 Subject: [PATCH 2/3] Open additional ports on fas servers for fedmsg. --- inventory/group_vars/fas | 6 ++++-- inventory/group_vars/fas-stg | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/inventory/group_vars/fas b/inventory/group_vars/fas index 6eea6304f4..134757c61b 100644 --- a/inventory/group_vars/fas +++ b/inventory/group_vars/fas @@ -8,12 +8,14 @@ num_cpus: 4 # the host_vars/$hostname file tcp_ports: [ 80, 873, 8443, 8444, - # fas has 32 wsgi processes, each of which need their own port + # fas has 40 wsgi processes, each of which need their own port # open for outbound fedmsg messages. 8000, 8001, 8002, 8003, 8004, 8005, 8006, 8007, 8008, 8009, 8010, 8011, 8012, 8013, 8014, 8015, 8016, 8017, 8018, 8019, 8020, 8021, 8022, 8023, - 8024, 8025, 8026, 8027, 8028, 8029, 8030, 8031, ] + 8024, 8025, 8026, 8027, 8028, 8029, 8030, 8031, + 8032, 8033, 8034, 8035, 8036, 8037, 8038, 8039, + ] fas_client_groups: sysadmin-main,sysadmin-accounts diff --git a/inventory/group_vars/fas-stg b/inventory/group_vars/fas-stg index d30b31f421..bc49906e5a 100644 --- a/inventory/group_vars/fas-stg +++ b/inventory/group_vars/fas-stg @@ -8,12 +8,14 @@ num_cpus: 2 # the host_vars/$hostname file tcp_ports: [ 80, 873, 8443, 8444, - # fas has 32 wsgi processes, each of which need their own port + # fas has 40 wsgi processes, each of which need their own port # open for outbound fedmsg messages. 8000, 8001, 8002, 8003, 8004, 8005, 8006, 8007, 8008, 8009, 8010, 8011, 8012, 8013, 8014, 8015, 8016, 8017, 8018, 8019, 8020, 8021, 8022, 8023, - 8024, 8025, 8026, 8027, 8028, 8029, 8030, 8031, ] + 8024, 8025, 8026, 8027, 8028, 8029, 8030, 8031, + 8032, 8033, 8034, 8035, 8036, 8037, 8038, 8039, + ] fas_client_groups: sysadmin-main,sysadmin-accounts From 185ef53b13ce601bfdadf9c1550a9f41d8481b53 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Wed, 14 Jan 2015 20:41:20 +0000 Subject: [PATCH 3/3] Define CSI metadata for the anitya nodes. --- inventory/group_vars/anitya-backend | 23 +++++++++++++++++++++- inventory/group_vars/anitya-frontend | 29 +++++++++++++++++++++++++++- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/inventory/group_vars/anitya-backend b/inventory/group_vars/anitya-backend index e2937fb0eb..6f090aa51b 100644 --- a/inventory/group_vars/anitya-backend +++ b/inventory/group_vars/anitya-backend @@ -1,5 +1,5 @@ --- -# Define resources for this group of hosts here. +# Define resources for this group of hosts here. lvm_size: 20000 mem_size: 8192 num_cpus: 2 @@ -26,3 +26,24 @@ fedmsg_certs: - service: anitya owner: root group: fedmsg + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'anitya' backend cronjobs and database server +csi_relationship: | + There are a few things running here: + + - A number of cronjobs that scrape upstreams for new releases + - A postgres database server to be used by those crons and by + anitya-frontend01 + + - This host relies on: + - The fedmsg-relay daemon running on anitya-frontend01. + - Lots of external third-party services. The cronjobs make all kinds of + requests out to the Internet that can fail in various ways. + + - Things that rely on this host: + - The webapps running on anitya-frontend01 relies on the postgres db + server running on this node. diff --git a/inventory/group_vars/anitya-frontend b/inventory/group_vars/anitya-frontend index a558b9c515..2969d10a2a 100644 --- a/inventory/group_vars/anitya-frontend +++ b/inventory/group_vars/anitya-frontend @@ -1,5 +1,5 @@ --- -# Define resources for this group of hosts here. +# Define resources for this group of hosts here. lvm_size: 20000 mem_size: 2048 num_cpus: 2 @@ -28,3 +28,30 @@ fedmsg_certs: - service: anitya owner: root group: apache + + +# For the MOTD +csi_security_category: Low +csi_primary_contact: Fedora admins - admin@fedoraproject.org +csi_purpose: Run the 'anitya' mod_wsgi app for release-monitoring.org +csi_relationship: | + There are a few things running here: + + - The apache/mod_wsgi app for release-monitoring.org + - A fedmsg-relay instance for anitya's local fedmsg bus + + - This host relies on: + - A postgres db server running on anitya-backend01 + - Lots of external third-party services. The anitya webapp can scrape + pypi, rubygems.org, sourceforge and many others on command. + + - Things that rely on this host: + - The Fedora Infrastructure bus subscribes to the anitya bus published + here by the local fedmsg-relay daemon at + tcp://release-monitoring.org:9940 + - the-new-hotness is a fedmsg-hub plugin running in FI on hotness01. It + listens for anitya messages from here and performs actions on koji and + bugzilla. + - anitya-backend01 expects to publish fedmsg messages via + anitya-frontend01's fedmsg-relay daemon. Access should be restricted by + firewall.