2014-09-09 12:48:09 +02:00
|
|
|
---
|
2015-01-14 20:41:20 +00:00
|
|
|
# Define resources for this group of hosts here.
|
2014-09-09 12:48:09 +02:00
|
|
|
lvm_size: 20000
|
|
|
|
|
mem_size: 2048
|
|
|
|
|
num_cpus: 2
|
|
|
|
|
|
|
|
|
|
# for systems that do not match the above - specify the same parameter in
|
|
|
|
|
# the host_vars/$hostname file
|
|
|
|
|
|
2014-10-03 14:25:12 +00:00
|
|
|
# 9940 is for the anitya public relay
|
|
|
|
|
tcp_ports: [ 80, 443, 9940 ]
|
2014-09-09 12:48:09 +02:00
|
|
|
|
2014-10-03 16:30:05 +00:00
|
|
|
custom_rules: [
|
|
|
|
|
# Need for rsync from log01 for logs.
|
|
|
|
|
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
|
|
|
|
|
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
|
|
|
|
|
# Need so that anitya-backend can talk fedmsg to our relay
|
2014-10-03 16:32:50 +00:00
|
|
|
'-A INPUT -p tcp -m tcp -s 140.211.169.230 --dport 9941 -j ACCEPT',
|
2014-10-03 16:30:05 +00:00
|
|
|
]
|
2014-09-09 12:48:09 +02:00
|
|
|
|
2017-06-12 03:09:13 +00:00
|
|
|
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
|
2014-09-09 12:48:09 +02:00
|
|
|
|
2017-02-16 13:53:02 +00:00
|
|
|
# Don't use testing repos in production
|
|
|
|
|
testing: False
|
|
|
|
|
|
2015-02-24 14:05:02 +00:00
|
|
|
freezes: false
|
2017-01-08 23:07:48 +00:00
|
|
|
vpn: true
|
2014-09-09 12:48:09 +02:00
|
|
|
# These are consumed by a task in roles/fedmsg/base/main.yml
|
|
|
|
|
fedmsg_certs:
|
|
|
|
|
- service: shell
|
|
|
|
|
owner: root
|
|
|
|
|
group: sysadmin
|
2015-12-03 19:30:08 +00:00
|
|
|
can_send:
|
|
|
|
|
- logger.log
|
2014-09-09 12:48:09 +02:00
|
|
|
- service: anitya
|
|
|
|
|
owner: root
|
|
|
|
|
group: apache
|
2015-06-12 17:21:54 +00:00
|
|
|
can_send:
|
|
|
|
|
- anitya.distro.add
|
|
|
|
|
- anitya.distro.edit
|
|
|
|
|
- anitya.distro.remove
|
|
|
|
|
- anitya.project.add
|
|
|
|
|
- anitya.project.add.tried
|
|
|
|
|
- anitya.project.edit
|
2015-12-16 19:55:10 +00:00
|
|
|
- anitya.project.flag
|
2016-01-13 14:43:03 +00:00
|
|
|
- anitya.project.flag.set
|
2015-06-12 17:21:54 +00:00
|
|
|
- anitya.project.map.new
|
|
|
|
|
- anitya.project.map.remove
|
|
|
|
|
- anitya.project.map.update
|
|
|
|
|
- anitya.project.remove
|
|
|
|
|
- anitya.project.version.remove
|
|
|
|
|
- anitya.project.version.update
|
2015-01-14 20:41:20 +00:00
|
|
|
|
2015-06-12 16:27:31 +00:00
|
|
|
fedmsg_prefix: org.release-monitoring
|
|
|
|
|
fedmsg_env: prod
|
2015-01-14 20:41:20 +00:00
|
|
|
|
|
|
|
|
# For the MOTD
|
|
|
|
|
csi_security_category: Low
|
|
|
|
|
csi_primary_contact: Fedora admins - admin@fedoraproject.org
|
|
|
|
|
csi_purpose: Run the 'anitya' mod_wsgi app for release-monitoring.org
|
|
|
|
|
csi_relationship: |
|
|
|
|
|
There are a few things running here:
|
|
|
|
|
|
|
|
|
|
- The apache/mod_wsgi app for release-monitoring.org
|
|
|
|
|
- A fedmsg-relay instance for anitya's local fedmsg bus
|
|
|
|
|
|
|
|
|
|
- This host relies on:
|
|
|
|
|
- A postgres db server running on anitya-backend01
|
|
|
|
|
- Lots of external third-party services. The anitya webapp can scrape
|
|
|
|
|
pypi, rubygems.org, sourceforge and many others on command.
|
|
|
|
|
|
|
|
|
|
- Things that rely on this host:
|
|
|
|
|
- The Fedora Infrastructure bus subscribes to the anitya bus published
|
|
|
|
|
here by the local fedmsg-relay daemon at
|
|
|
|
|
tcp://release-monitoring.org:9940
|
|
|
|
|
- the-new-hotness is a fedmsg-hub plugin running in FI on hotness01. It
|
|
|
|
|
listens for anitya messages from here and performs actions on koji and
|
|
|
|
|
bugzilla.
|
|
|
|
|
- anitya-backend01 expects to publish fedmsg messages via
|
|
|
|
|
anitya-frontend01's fedmsg-relay daemon. Access should be restricted by
|
|
|
|
|
firewall.
|
