Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
ansible/inventory/group_vars/anitya-frontend
Nick Bebout a6ad9e2c05 Add sysadmin-veteran everywhere sysadmin-noc is
2017-06-12 03:09:13 +00:00

81 lines
2.5 KiB
Text
Raw Blame History

---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 2048
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
# 9940 is for the anitya public relay
tcp_ports: [ 80, 443, 9940 ]
custom_rules: [
# Need for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# Need so that anitya-backend can talk fedmsg to our relay
'-A INPUT -p tcp -m tcp -s 140.211.169.230 --dport 9941 -j ACCEPT',
]
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
# Don't use testing repos in production
testing: False
freezes: false
vpn: true
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: anitya
owner: root
group: apache
can_send:
- anitya.distro.add
- anitya.distro.edit
- anitya.distro.remove
- anitya.project.add
- anitya.project.add.tried
- anitya.project.edit
- anitya.project.flag
- anitya.project.flag.set
- anitya.project.map.new
- anitya.project.map.remove
- anitya.project.map.update
- anitya.project.remove
- anitya.project.version.remove
- anitya.project.version.update
fedmsg_prefix: org.release-monitoring
fedmsg_env: prod
# For the MOTD
csi_security_category: Low
csi_primary_contact: Fedora admins - admin@fedoraproject.org
csi_purpose: Run the 'anitya' mod_wsgi app for release-monitoring.org
csi_relationship: |
There are a few things running here:
- The apache/mod_wsgi app for release-monitoring.org
- A fedmsg-relay instance for anitya's local fedmsg bus
- This host relies on:
- A postgres db server running on anitya-backend01
- Lots of external third-party services. The anitya webapp can scrape
pypi, rubygems.org, sourceforge and many others on command.
- Things that rely on this host:
- The Fedora Infrastructure bus subscribes to the anitya bus published
here by the local fedmsg-relay daemon at
tcp://release-monitoring.org:9940
- the-new-hotness is a fedmsg-hub plugin running in FI on hotness01. It
listens for anitya messages from here and performs actions on koji and
bugzilla.
- anitya-backend01 expects to publish fedmsg messages via
anitya-frontend01's fedmsg-relay daemon. Access should be restricted by
firewall.
Reference in a new issue View git blame Copy permalink