ipa/client: configure global shell access and sudo
Almost global anyway, i.e. inside the VPN. The ipa/client-based shell access and sudo rules are only effective for staging right now, the respective playbook bits are masked out for prod. - Assign Ansible host groups to IPA host groups, the latter don't care about 'stg' in the name and use dashes rather than underscores. - Distill shell access groups from fas_client_groups in group and host vars. - Let all `sysadmin-*` groups in the previous list run anything via sudo in the host group (except bastion & batcave). - Remove `fas_client_groups` from staging host and group vars. - Remove sudoers from staging host and group vars if only `sysadmin-*` groups have shell access. - Set up `ipa_client_shell_groups` on bastion to be a super set of the same on batcave. Newly created IPA host groups: - autosign - badges - basset - bastion - batcave - blockerbugs - bodhi - bugzilla2fedmsg - busgateway - datagrepper - dbserver - dns - fedimg - github2fedmsg - ipa - kernel-qa - kerneltest - kojibuilder - kojihub - kojipkgs - logging - mailman - memcached - mirrormanager - nagios - notifs - oci-registry - odcs - openqa - openqa-workers - osbs - packages - pdc-web - pkgs - proxies - rabbitmq - releng-compose - resultsdb - secondary - sign-bridge - sundries - value - wiki Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen
parent
491514e8ba
commit
dbbf94a411
97 changed files with 773 additions and 94 deletions
|
|
@ -17,6 +17,12 @@ ansible_ifcfg_allowlist:
|
|||
|
||||
fas_client_groups: sysadmin-releng
|
||||
host_group: autosign
|
||||
ipa_host_group: autosign
|
||||
ipa_host_group_desc: Hosts signing content automatically
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
fedmsg_error_recipients: []
|
||||
|
||||
|
|
|
|||
11
inventory/group_vars/badges
Normal file
11
inventory/group_vars/badges
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
ipa_host_group: badges
|
||||
ipa_host_group_desc: Hosts running the Badges application
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-badges
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-badges
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
|
@ -10,8 +10,6 @@ num_cpus: 2
|
|||
tcp_ports: [ 3000, 3001, 3002, 3003,
|
||||
3004, 3005, 3006, 3007 ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-badges,sysadmin-veteran
|
||||
|
||||
# These people get told when something goes wrong.
|
||||
fedmsg_error_recipients:
|
||||
- sysadmin-badges-members@fedoraproject.org
|
||||
|
|
|
|||
11
inventory/group_vars/badges_stg
Normal file
11
inventory/group_vars/badges_stg
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
ipa_host_group: badges
|
||||
ipa_host_group_desc: Hosts running the Badges application
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-badges
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-badges
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
|
@ -17,8 +17,6 @@ tcp_ports: [ 80 ]
|
|||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-badges,sysadmin-veteran
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
|
|
|
|||
|
|
@ -15,5 +15,3 @@ custom_rules: [
|
|||
'-A INPUT -p tcp -m tcp -s 10.5.128.106 --dport 80 -j ACCEPT',
|
||||
'-A INPUT -p tcp -m tcp -s 10.5.128.107 --dport 80 -j ACCEPT',
|
||||
]
|
||||
|
||||
fas_client_groups: sysadmin-main
|
||||
|
|
|
|||
|
|
@ -23,6 +23,23 @@ custom_rules: [
|
|||
|
||||
fas_client_groups: sysadmin-analysis,sysadmin-ask,sysadmin-atomic,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,sysadmin-mbs,pungi-devel,sysadmin-upstreamfirst,sysadmin-releasemonitoring,sysadmin-gnome,sysadmin-copr,sysadmin-coreos,sysadmin-dbgserver,sysadmin-osbs,sysadmin-odcs,sysadmin-kernel
|
||||
|
||||
ipa_host_group: bastion
|
||||
ipa_host_group_desc: Bastion hosts
|
||||
|
||||
# this assumes the `batcave` group exists with at least one host in it
|
||||
batcave_ipa_client_shell_groups: "{{ hostvars[groups['batcave'][0]]['ipa_client_shell_groups'] | default([]) }}"
|
||||
bastion_ipa_client_shell_groups:
|
||||
- pungi-devel
|
||||
- sysadmin-analysis
|
||||
- sysadmin-dba
|
||||
- sysadmin-dbgserver
|
||||
- sysadmin-ppc
|
||||
- sysadmin-secondary
|
||||
- sysadmin-spin
|
||||
- sysadmin-troubleshoot
|
||||
|
||||
ipa_client_shell_groups: "{{ (bastion_ipa_client_shell_groups + batcave_ipa_client_shell_groups) | sort | unique }}"
|
||||
|
||||
#
|
||||
# This is a postfix gateway. This will pick up gateway postfix config in base
|
||||
#
|
||||
|
|
|
|||
|
|
@ -20,11 +20,24 @@ custom_rules: [
|
|||
]
|
||||
#
|
||||
# allow a bunch of sysadmin groups here so they can access internal stuff
|
||||
#
|
||||
ipa_host_group: bastion
|
||||
ipa_host_group_desc: Bastion hosts
|
||||
|
||||
fas_client_groups: sysadmin-analysis,sysadmin-ask,sysadmin-atomic,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc,sysadmin-koschei,sysadmin-secondary,sysadmin-fedimg,sysadmin-veteran,sysadmin-mbs,pungi-devel,sysadmin-upstreamfirst,sysadmin-releasemonitoring,sysadmin-gnome,sysadmin-copr,sysadmin-coreos,sysadmin-dbgserver,sysadmin-osbs,sysadmin-odcs
|
||||
# this only works if the `batcave_stg` group and at least one host in it is defined
|
||||
# batcave_ipa_client_shell_groups: "{{ hostvars[groups['batcave_stg'][0]]['ipa_client_shell_groups'] | default([]) }}"
|
||||
batcave_ipa_client_shell_groups: []
|
||||
bastion_ipa_client_shell_groups:
|
||||
- pungi-devel
|
||||
- sysadmin-analysis
|
||||
- sysadmin-dba
|
||||
- sysadmin-dbgserver
|
||||
- sysadmin-ppc
|
||||
- sysadmin-secondary
|
||||
- sysadmin-spin
|
||||
- sysadmin-troubleshoot
|
||||
|
||||
# Disable mail stuff in stg
|
||||
fas_aliases: false
|
||||
ipa_client_shell_groups: "{{ (bastion_ipa_client_shell_groups + batcave_ipa_client_shell_groups) | sort | unique }}"
|
||||
|
||||
#
|
||||
# Sometimes there are lots of postfix processes
|
||||
|
|
|
|||
|
|
@ -10,6 +10,39 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '
|
|||
|
||||
fas_client_groups: sysadmin-ask,sysadmin-atomic,sysadmin-cvs,sysadmin-main,sysadmin-web,sysadmin-noc,sysadmin-hosted,sysadmin-releng,sysadmin-qa,sysadmin-tools,sysadmin-cloud,sysadmin-bot,sysadmin-centos,sysadmin-koschei,sysadmin-datanommer,sysadmin-fedimg,fi-apprentice,sysadmin-badges,sysadmin-mbs,sysadmin-veteran,sysadmin-coreos,sysadmin-upstreamfirst,sysadmin-releasemonitoring,sysadmin-fpdc,sysadmin-messaging,sysadmin-libravatar,sysadmin-gnome,sysadmin-copr,sysadmin-osbs,sysadmin-odcs
|
||||
|
||||
ipa_host_group: batcave
|
||||
ipa_host_group_desc: The Bat Cave
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-ask
|
||||
- sysadmin-atomic
|
||||
- sysadmin-badges
|
||||
- sysadmin-bot
|
||||
- sysadmin-centos
|
||||
- sysadmin-cloud
|
||||
- sysadmin-copr
|
||||
- sysadmin-coreos
|
||||
- sysadmin-cvs
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-fedimg
|
||||
- sysadmin-fpdc
|
||||
- sysadmin-gnome
|
||||
- sysadmin-hosted
|
||||
- sysadmin-koschei
|
||||
- sysadmin-libravatar
|
||||
- sysadmin-mbs
|
||||
- sysadmin-messaging
|
||||
- sysadmin-noc
|
||||
- sysadmin-odcs
|
||||
- sysadmin-osbs
|
||||
- sysadmin-qa
|
||||
- sysadmin-releasemonitoring
|
||||
- sysadmin-releng
|
||||
- sysadmin-tools
|
||||
- sysadmin-upstreamfirst
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
ansible_base: /srv/web/infra
|
||||
freezes: false
|
||||
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
|
||||
|
|
|
|||
|
|
@ -14,6 +14,18 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '
|
|||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-qa,sysadmin-veteran
|
||||
sudoers: "{{ private }}/files/sudo/qadevel-sudoers"
|
||||
|
||||
ipa_host_group: blockerbugs
|
||||
ipa_host_group_desc: Blocker bug tracking service
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
|
||||
# This gets overridden by whichever node we want to run special cronjobs.
|
||||
master_blockerbugs_node: False
|
||||
|
||||
|
|
|
|||
|
|
@ -11,8 +11,17 @@ tcp_ports: [ 80, 443, 8888 ]
|
|||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-qa,sysadmin-veteran
|
||||
sudoers: "{{ private }}/files/sudo/qadevel-sudoers"
|
||||
ipa_host_group: blockerbugs
|
||||
ipa_host_group_desc: Blocker bug tracking service
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
|
||||
# This gets overridden by whichever node we want to run special cronjobs.
|
||||
master_blockerbugs_node: False
|
||||
|
|
|
|||
|
|
@ -38,5 +38,14 @@ nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
|
|||
fas_client_groups: sysadmin-releng,sysadmin-bodhi
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
|
||||
ipa_host_group: bodhi
|
||||
ipa_host_group_desc: Bodhi update service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-bodhi
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-bodhi
|
||||
- sysadmin-releng
|
||||
|
||||
## XXX - note that the csi_ stuff is kept at the host_vars/ level.
|
||||
|
||||
|
|
|
|||
|
|
@ -26,9 +26,14 @@ bodhi_message_queue_name: "bodhi{{ env_suffix }}_composer"
|
|||
bodhi_message_routing_keys:
|
||||
- "org.fedoraproject.*.bodhi.composer.start"
|
||||
|
||||
fas_client_groups: sysadmin-releng,sysadmin-bodhi
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers-bodhi-stg"
|
||||
|
||||
ipa_host_group: bodhi
|
||||
ipa_host_group_desc: Bodhi update service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-bodhi
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-bodhi
|
||||
- sysadmin-releng
|
||||
|
||||
# For the MOTD
|
||||
csi_security_category: Moderate
|
||||
|
|
|
|||
|
|
@ -12,6 +12,17 @@ tcp_ports: [ 3000, 3001, 3002, 3003 ]
|
|||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran
|
||||
sudoers: "{{ private }}/files/sudo/bugzilla2fedmsg-sudoers"
|
||||
|
||||
ipa_host_group: bugzilla2fedmsg
|
||||
ipa_host_group_desc: Service to bridge Bugzilla events into fedmsg
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
|
|
|
|||
|
|
@ -9,8 +9,16 @@ num_cpus: 1
|
|||
|
||||
tcp_ports: [ 3000, 3001 ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran
|
||||
sudoers: "{{ private }}/files/sudo/bugzilla2fedmsg-sudoers"
|
||||
ipa_host_group: bugzilla2fedmsg
|
||||
ipa_host_group_desc: Service to bridge Bugzilla events into fedmsg
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
|
|
@ -6,3 +6,10 @@ nagios_Check_Services:
|
|||
nrpe: false
|
||||
swap: false
|
||||
mail: false
|
||||
|
||||
ipa_host_group: kojibuilder
|
||||
ipa_host_group_desc: Koji Build hosts
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
|
|
|||
|
|
@ -6,3 +6,10 @@ nagios_Check_Services:
|
|||
nrpe: false
|
||||
swap: false
|
||||
mail: false
|
||||
|
||||
ipa_host_group: kojibuilder
|
||||
ipa_host_group_desc: Koji Build hosts
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
|
|
|||
|
|
@ -15,8 +15,6 @@ dns: 10.3.163.33
|
|||
# for systems that do not match the above - specify the same parameter in
|
||||
# the host_vars/$hostname file
|
||||
host_group: kojibuilder
|
||||
fas_client_groups: sysadmin-releng
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
datacenter: staging
|
||||
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
|
||||
|
||||
|
|
|
|||
|
|
@ -15,8 +15,6 @@ dns: 10.3.163.33
|
|||
# for systems that do not match the above - specify the same parameter in
|
||||
# the host_vars/$hostname file
|
||||
host_group: kojibuilder
|
||||
fas_client_groups: sysadmin-releng
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
datacenter: staging
|
||||
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
|
||||
|
||||
|
|
|
|||
|
|
@ -14,8 +14,6 @@ dns: 10.3.163.33
|
|||
# for systems that do not match the above - specify the same parameter in
|
||||
# the host_vars/$hostname file
|
||||
host_group: kojibuilder
|
||||
fas_client_groups: sysadmin-releng
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
datacenter: staging
|
||||
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,6 @@
|
|||
ansible_ifcfg_blocklist: True
|
||||
createrepo: False
|
||||
host_group: kojibuilder
|
||||
fas_client_groups: sysadmin-releng
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-32-s390x
|
||||
ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/32/Server/s390x/os/
|
||||
virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}"
|
||||
|
|
|
|||
|
|
@ -17,8 +17,6 @@ ipa_server: ipa01.stg.iad2.fedoraproject.org
|
|||
# for systems that do not match the above - specify the same parameter in
|
||||
# the host_vars/$hostname file
|
||||
host_group: kojibuilder
|
||||
fas_client_groups: sysadmin-releng,sysadmin-osbs
|
||||
sudoers: "{{ private }}/files/sudo/buildvm-stg-sudoers"
|
||||
datacenter: staging
|
||||
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,16 @@ tcp_ports: [
|
|||
]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran
|
||||
ipa_host_group: busgateway
|
||||
ipa_host_group_desc: Bridge between fedmsg and fedora-messaging
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
|
|
@ -14,9 +14,16 @@ tcp_ports: [
|
|||
9919, # The websocket server publishes here. Proxies need to connect.
|
||||
]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/busgateway-stg-sudoers"
|
||||
ipa_host_group: busgateway
|
||||
ipa_host_group_desc: Bridge between fedmsg and fedora-messaging
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
|
|
@ -11,5 +11,3 @@ tcp_ports: [ 80, 443 ]
|
|||
|
||||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-main
|
||||
|
|
|
|||
|
|
@ -16,6 +16,18 @@ custom_rules: [
|
|||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice,sysadmin-veteran
|
||||
|
||||
ipa_host_group: datagrepper
|
||||
ipa_host_group_desc: Service to grep through historical message bus data
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
freezes: false
|
||||
|
||||
deployment_type: prod
|
||||
|
|
|
|||
|
|
@ -11,6 +11,16 @@ tcp_ports: [ 80, 443, 6996 ]
|
|||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice,sysadmin-veteran
|
||||
ipa_host_group: datagrepper
|
||||
ipa_host_group_desc: Service to grep through historical message bus data
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
freezes: false
|
||||
|
|
|
|||
11
inventory/group_vars/dbserver
Normal file
11
inventory/group_vars/dbserver
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
ipa_host_group: dbserver
|
||||
ipa_host_group_desc: Database server hosts
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-dba
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-dba
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
11
inventory/group_vars/dbserver_stg
Normal file
11
inventory/group_vars/dbserver_stg
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
ipa_host_group: dbserver
|
||||
ipa_host_group_desc: Database server hosts
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-dba
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-dba
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
|
@ -12,6 +12,13 @@ tcp_ports: [ 53 ]
|
|||
|
||||
fas_client_groups: sysadmin-main,sysadmin-dns
|
||||
|
||||
ipa_host_group: dns
|
||||
ipa_host_group_desc: DNS servers
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-dns
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-dns
|
||||
|
||||
nrpe_procs_warn: 300
|
||||
nrpe_procs_crit: 500
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,12 @@ tcp_ports: [
|
|||
# TODO, restrict this down to just sysadmin-releng
|
||||
fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg
|
||||
|
||||
ipa_host_group: fedimg
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
# These people get told when something goes wrong.
|
||||
fedmsg_error_recipients:
|
||||
- sysadmin-fedimg-members@fedoraproject.org
|
||||
|
|
|
|||
|
|
@ -15,8 +15,11 @@ tcp_ports: [
|
|||
3007, 3008, 3009, 3010, 3011, 3012, 3013,
|
||||
]
|
||||
|
||||
# TODO, restrict this down to just sysadmin-releng
|
||||
fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg,fi-apprentice,sysadmin-noc,sysadmin-veteran,sysadmin-atomic
|
||||
ipa_host_group: fedimg
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
fedmsg_debug_loopback: True
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,15 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '
|
|||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-veteran
|
||||
|
||||
ipa_host_group: github2fedmsg
|
||||
ipa_host_group_desc: Bridge select GitHub repo events into bus messages
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
# for fedora-messaging
|
||||
username: "github2fedmsg{{ env_suffix }}"
|
||||
deployment_type: prod
|
||||
|
|
|
|||
|
|
@ -17,7 +17,14 @@ tcp_ports: [ 80 ]
|
|||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-veteran
|
||||
ipa_host_group: github2fedmsg
|
||||
ipa_host_group_desc: Bridge select GitHub repo events into bus messages
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
# for fedora-messaging
|
||||
username: "github2fedmsg{{ env_suffix }}"
|
||||
|
|
|
|||
|
|
@ -12,6 +12,13 @@ custom_rules: [
|
|||
|
||||
fas_client_groups: sysadmin-main,sysadmin-accounts
|
||||
|
||||
ipa_host_group: ipa
|
||||
ipa_host_group_desc: IPA service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-accounts
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-accounts
|
||||
|
||||
nrpe_procs_warn: 300
|
||||
nrpe_procs_crit: 500
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,12 @@ num_cpus: 2
|
|||
|
||||
tcp_ports: [ 80, 88, 389, 443, 464, 636 ]
|
||||
|
||||
fas_client_groups: sysadmin-main,sysadmin-accounts
|
||||
ipa_host_group: ipa
|
||||
ipa_host_group_desc: IPA service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-accounts
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-accounts
|
||||
|
||||
nrpe_procs_warn: 300
|
||||
nrpe_procs_crit: 500
|
||||
|
|
|
|||
|
|
@ -3,4 +3,11 @@ freezes: false
|
|||
resolvconf: "{{ files }}/resolv.conf/iad2"
|
||||
fas_client_groups: sysadmin-kernel
|
||||
sudoers: "{{ private }}/files/sudo/kernel-qa"
|
||||
|
||||
ipa_host_group: kernel-qa
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-kernel
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-kernel
|
||||
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 192.168.122.0/24 --dport 2049 -j ACCEPT' ]
|
||||
|
|
|
|||
|
|
@ -19,6 +19,14 @@ custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '
|
|||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-veteran
|
||||
|
||||
ipa_host_group: kerneltest
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
|
|
|
|||
|
|
@ -21,6 +21,13 @@ custom_rules: [
|
|||
fas_client_groups: sysadmin-releng
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
|
||||
ipa_host_group: kojihub
|
||||
ipa_host_group_desc: Koji Hub hosts
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
|
|
|
|||
|
|
@ -12,7 +12,19 @@ tcp_ports: [ 80, 443, 111, 2049,
|
|||
|
||||
udp_ports: [ 111, 2049 ]
|
||||
|
||||
fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran,sysadmin-osbs
|
||||
ipa_host_group: kojihub
|
||||
ipa_host_group_desc: Koji Hub hosts
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-osbs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-osbs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
|
|
@ -15,6 +15,17 @@ tcp_ports: [80, 8080]
|
|||
|
||||
fas_client_groups: sysadmin-releng,sysadmin-noc,sysadmin-veteran
|
||||
|
||||
ipa_host_group: kojipkgs
|
||||
ipa_host_group_desc: Koji Packages hosts
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
varnish_group: kojipkgs
|
||||
|
||||
# For the MOTD
|
||||
|
|
|
|||
16
inventory/group_vars/logging
Normal file
16
inventory/group_vars/logging
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
ipa_host_group: logging
|
||||
ipa_host_group_desc: Logging hosts
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-analysis
|
||||
- sysadmin-atomic
|
||||
- sysadmin-logs
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-analysis
|
||||
- sysadmin-atomic
|
||||
- sysadmin-logs
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
|
@ -15,6 +15,13 @@ tcp_ports: [
|
|||
|
||||
fas_client_groups: sysadmin-tools,sysadmin-main
|
||||
|
||||
ipa_host_group: mailman
|
||||
ipa_host_group_desc: Mailing list services
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-tools
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-tools
|
||||
|
||||
deployment_type: prod
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
|
|
|
|||
|
|
@ -11,7 +11,15 @@ tcp_ports: [
|
|||
# For outbound fedmsg
|
||||
3000, 3001, 3002, 3003,
|
||||
]
|
||||
fas_client_groups: sysadmin-tools,sysadmin-main
|
||||
|
||||
ipa_host_group: mailman
|
||||
ipa_host_group_desc: Mailing list services
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-tools
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-tools
|
||||
|
||||
deployment_type: prod
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
|
|
@ -10,3 +10,15 @@ num_cpus: 2
|
|||
tcp_ports: [ 11211 ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran
|
||||
|
||||
ipa_host_group: memcached
|
||||
ipa_host_group_desc: Distributed Memory Caching service
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
|
|
|||
|
|
@ -9,4 +9,14 @@ num_cpus: 1
|
|||
|
||||
tcp_ports: [ 11211 ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran
|
||||
ipa_host_group: memcached
|
||||
ipa_host_group_desc: Distributed Memory Caching service
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
|
|
|||
|
|
@ -1,7 +1,18 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
# Define resources for this group of hosts here.
|
||||
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
|
||||
sudoers: "{{ private }}/files/sudo/mm2-sudoers"
|
||||
|
||||
ipa_host_group: mirrormanager
|
||||
ipa_host_group_desc: Mirror Manager
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
mm2_checkin: false
|
||||
deployment_type: prod
|
||||
|
|
|
|||
|
|
@ -1,7 +1,15 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
|
||||
sudoers: "{{ private }}/files/sudo/mm2-sudoers"
|
||||
# Define resources for this group of hosts here.
|
||||
ipa_host_group: mirrormanager
|
||||
ipa_host_group_desc: Mirror Manager
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
mm2_checkin: false
|
||||
deployment_type: stg
|
||||
|
|
|
|||
|
|
@ -25,6 +25,16 @@ fedmsg_certs:
|
|||
- nagios.service.state.change
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-veteran
|
||||
|
||||
ipa_host_group: nagios
|
||||
ipa_host_group_desc: Nagios Monitoring
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
csi_security_category: High
|
||||
csi_primary_contact: Fedora Admins - admin@fedoraproject.org
|
||||
csi_purpose: Monitoring system
|
||||
|
|
|
|||
11
inventory/group_vars/notifs
Normal file
11
inventory/group_vars/notifs
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
ipa_host_group: notifs
|
||||
ipa_host_group_desc: Fedora Notifications
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
|
@ -10,10 +10,6 @@ num_cpus: 4
|
|||
|
||||
tcp_ports: [ 3000, 3001, 3002, 3003, 3004 ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/notifs-sudoers"
|
||||
|
||||
deployment_type: stg
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
11
inventory/group_vars/notifs_stg
Normal file
11
inventory/group_vars/notifs_stg
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
ipa_host_group: notifs
|
||||
ipa_host_group_desc: Fedora Notifications
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-datanommer
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
|
@ -13,10 +13,6 @@ wsgi_threads: 2
|
|||
|
||||
tcp_ports: [ 80 ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-datanommer,sysadmin-veteran
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/notifs-sudoers"
|
||||
|
||||
deployment_type: stg
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
|
|
|
|||
|
|
@ -4,6 +4,13 @@ fas_client_groups: sysadmin-releng
|
|||
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
|
||||
ipa_host_group: oci-registry
|
||||
ipa_host_group_desc: OCI Registry service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
tcp_ports: [ 5000 ]
|
||||
|
||||
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,10 @@
|
|||
---
|
||||
fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-veteran
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
ipa_host_group: oci-registry
|
||||
ipa_host_group_desc: OCI Registry service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
tcp_ports: [ 5000 ]
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,16 @@
|
|||
ipa_host_group: odcs
|
||||
ipa_host_group_desc: On Demand Compose Service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-odcs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-odcs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
# Configs executed on releng backends must have "releng_" prefix.
|
||||
odcs_raw_config_urls:
|
||||
releng_fmc:
|
||||
|
|
|
|||
|
|
@ -31,8 +31,6 @@ nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
|
|||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-odcs,sysadmin-veteran
|
||||
|
||||
fedmsg_hub_auto_restart: False
|
||||
|
||||
odcs_allowed_source_types: ["tag", "module"]
|
||||
|
|
|
|||
|
|
@ -22,8 +22,6 @@ udp_ports: [ 111 ]
|
|||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-odcs,sysadmin-veteran
|
||||
|
||||
odcs_allowed_source_types: ["tag", "module"]
|
||||
|
||||
odcs_target_dir_url: https://odcs.stg.fedoraproject.org/composes
|
||||
|
|
|
|||
|
|
@ -1,3 +1,16 @@
|
|||
ipa_host_group: odcs
|
||||
ipa_host_group_desc: On Demand Compose Service
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-odcs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-odcs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
# Configs executed on releng backends must have "releng_" prefix.
|
||||
odcs_raw_config_urls:
|
||||
releng_fmc:
|
||||
|
|
|
|||
|
|
@ -57,3 +57,15 @@ openqa_amqp_smtp: bastion
|
|||
|
||||
# http and NFS
|
||||
tcp_ports: [80, 2049]
|
||||
|
||||
ipa_host_group: openqa-servers
|
||||
ipa_host_group_desc: OpenQA servers
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
|
|
|
|||
|
|
@ -20,3 +20,10 @@ openqa_nfs_worker: true
|
|||
|
||||
deployment_type: prod
|
||||
freezes: false
|
||||
|
||||
ipa_host_group: openqa-workers
|
||||
ipa_host_group_desc: OpenQA worker hosts
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-qa
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-qa
|
||||
|
|
|
|||
|
|
@ -9,6 +9,20 @@ tcp_ports: [ 80, 443, 8443]
|
|||
fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran,sysadmin-osbs
|
||||
sudoers: "{{ private }}/files/sudo/osbs-sudoers"
|
||||
|
||||
ipa_host_group: osbs
|
||||
ipa_host_group_desc: OpenShift Build Service
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-osbs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-osbs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org"
|
||||
docker_registry: "candidate-registry.fedoraproject.org"
|
||||
source_registry: "registry.fedoraproject.org"
|
||||
|
|
|
|||
|
|
@ -12,9 +12,6 @@ tcp_ports: [ 80, 443, 8443]
|
|||
openshift_node_labels: {'region':'infra'}
|
||||
openshift_schedulable: False
|
||||
|
||||
fas_client_groups: sysadmin-releng,sysadmin-noc,sysadmin-osbs
|
||||
sudoers: "{{ private }}/files/sudo/osbs-sudoers"
|
||||
|
||||
docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org"
|
||||
source_registry: "registry.stg.fedoraproject.org"
|
||||
docker_registry: "candidate-registry.stg.fedoraproject.org"
|
||||
|
|
|
|||
|
|
@ -1,7 +1,5 @@
|
|||
---
|
||||
# Define resources for this group of hosts here.
|
||||
fas_client_groups: sysadmin-releng,sysadmin-noc,sysadmin-veteran,sysadmin-osbs
|
||||
sudoers: "{{ private }}/files/sudo/osbs-sudoers"
|
||||
|
||||
# Variables used in the ansible-ansible-openshift-ansible role in osbs-cluster playbook
|
||||
osbs_url: "osbs.stg.fedoraproject.org"
|
||||
|
|
|
|||
|
|
@ -6,8 +6,19 @@ num_cpus: 2
|
|||
|
||||
tcp_ports: [ 80, 443, 8443]
|
||||
|
||||
fas_client_groups: sysadmin-releng,fi-apprentice,sysadmin-noc,sysadmin-veteran,sysadmin-osbs
|
||||
sudoers: "{{ private }}/files/sudo/osbs-sudoers"
|
||||
ipa_host_group: osbs
|
||||
ipa_host_group_desc: OpenShift Build Service
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-osbs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-osbs
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org"
|
||||
source_registry: "registry.fedoraproject.org"
|
||||
|
|
|
|||
|
|
@ -19,6 +19,18 @@ fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran,sysadmin-packages
|
|||
|
||||
sudoers: "{{ private }}/files/sudo/sysadmin-packages"
|
||||
|
||||
ipa_host_group: packages
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-packages
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-packages
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
|
|
|
|||
|
|
@ -12,9 +12,17 @@ tcp_ports: [ 80, 443,
|
|||
# Neeed for rsync from log01 for logs.
|
||||
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice,sysadmin-veteran,sysadmin-packages
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/sysadmin-packages"
|
||||
ipa_host_group: packages
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-packages
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-packages
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
|
|
@ -15,6 +15,19 @@ tcp_ports: [ 80 ]
|
|||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
|
||||
|
||||
ipa_host_group: pdc-web
|
||||
ipa_host_group_desc: Product Definition Center web app
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-mbs
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-mbs
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
deployment_type: prod
|
||||
|
||||
# This just defines the CN of the saml2 cert we pull from the private repo
|
||||
|
|
|
|||
|
|
@ -13,7 +13,18 @@ wsgi_threads: 2
|
|||
|
||||
tcp_ports: [ 80 ]
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-releng,sysadmin-mbs,sysadmin-veteran
|
||||
ipa_host_group: pdc-web
|
||||
ipa_host_group_desc: Product Definition Center web app
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-mbs
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-mbs
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
|
||||
deployment_type: stg
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,18 @@ fas_client_admin_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /u
|
|||
fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran"
|
||||
admin_groups: "@sysadmin-cvs @sysadmin-releng"
|
||||
|
||||
ipa_host_group: pkgs
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-cvs
|
||||
- sysadmin-main
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-cvs
|
||||
- sysadmin-main
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
clamscan_mailto: admin@fedoraproject.org
|
||||
clamscan_paths:
|
||||
- /srv/cache/lookaside/pkgs
|
||||
|
|
|
|||
|
|
@ -15,11 +15,17 @@ pagure_static_uid: 600
|
|||
# To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg.
|
||||
fedmsg_active: True
|
||||
|
||||
fas_client_groups: sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran
|
||||
fas_client_restricted_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/libexec/pagure/aclchecker.py %(username)s
|
||||
fas_client_admin_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/libexec/pagure/aclchecker.py %(username)s
|
||||
fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran"
|
||||
admin_groups: "@sysadmin-cvs @sysadmin-releng"
|
||||
ipa_host_group: pkgs
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-cvs
|
||||
- sysadmin-main
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-cvs
|
||||
- sysadmin-main
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
||||
clamscan_mailto: admin@fedoraproject.org
|
||||
clamscan_paths:
|
||||
|
|
|
|||
|
|
@ -88,6 +88,18 @@ blocked_ip_v6: [
|
|||
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran
|
||||
|
||||
ipa_host_group: proxies
|
||||
ipa_host_group_desc: Proxies between internal hosts and the Internet
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
collectd_apache: true
|
||||
|
||||
varnish_group: proxies
|
||||
|
|
|
|||
|
|
@ -67,7 +67,17 @@ custom_rules: [
|
|||
'-A INPUT -p tcp -m tcp --dport 9941 -s 209.132.184.123 -j ACCEPT',
|
||||
]
|
||||
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran
|
||||
ipa_host_group: proxies
|
||||
ipa_host_group_desc: Proxies between internal hosts and the Internet
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
collectd_apache: true
|
||||
varnish_group: proxies
|
||||
|
|
|
|||
|
|
@ -34,4 +34,12 @@ custom_rules: [
|
|||
|
||||
fas_client_groups: sysadmin-main,sysadmin-messaging
|
||||
sudoers: "{{ private }}/files/sudo/rabbitmq-sudoers"
|
||||
|
||||
ipa_host_group: rabbitmq
|
||||
ipa_host_group_desc: RabbitMQ service
|
||||
ipa_shell_groups:
|
||||
- sysadmin-messaging
|
||||
ipa_sudo_groups:
|
||||
- sysadmin-messaging
|
||||
|
||||
mem_size: 4096
|
||||
|
|
|
|||
|
|
@ -49,5 +49,9 @@ custom_rules: [
|
|||
'-A INPUT -p tcp -m tcp -s 10.3.166.80 --dport 25672 -j ACCEPT',
|
||||
]
|
||||
|
||||
fas_client_groups: sysadmin-main,sysadmin-messaging
|
||||
sudoers: "{{ private }}/files/sudo/rabbitmq-sudoers"
|
||||
ipa_host_group: rabbitmq
|
||||
ipa_host_group_desc: RabbitMQ service
|
||||
ipa_shell_groups:
|
||||
- sysadmin-messaging
|
||||
ipa_sudo_groups:
|
||||
- sysadmin-messaging
|
||||
|
|
|
|||
|
|
@ -19,6 +19,13 @@ fas_client_groups: sysadmin-releng
|
|||
freezes: true
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
|
||||
ipa_host_group: releng-compose
|
||||
ipa_host_group_desc: Hosts running composes
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
|
||||
|
||||
# For the mock config
|
||||
|
|
|
|||
|
|
@ -1,4 +1,11 @@
|
|||
---
|
||||
ipa_host_group: releng-compose
|
||||
ipa_host_group_desc: Hosts running composes
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
||||
koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"
|
||||
koji_weburl: "https://koji.stg.fedoraproject.org/koji"
|
||||
koji_topurl: "https://kojipkgs.fedoraproject.org/"
|
||||
|
|
|
|||
|
|
@ -14,6 +14,14 @@ num_cpus: 4
|
|||
# the host_vars/$hostname file
|
||||
|
||||
fas_client_groups: sysadmin-qa
|
||||
|
||||
ipa_host_group: resultsdb
|
||||
ipa_host_group_desc: ResultsDB application servers
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-qa
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-qa
|
||||
|
||||
nrpe_procs_warn: 250
|
||||
nrpe_procs_crit: 300
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,17 @@ freezes: false
|
|||
# make sure we're using the stg fedsmg bus
|
||||
fedmsg_env: stg
|
||||
|
||||
ipa_host_group: resultsdb
|
||||
ipa_host_group_desc: ResultsDB application servers
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-qa
|
||||
- sysadmin-veteran
|
||||
|
||||
############################################################
|
||||
# resultsdb details
|
||||
|
|
|
|||
|
|
@ -11,3 +11,20 @@ nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3"
|
|||
fas_client_groups: sysadmin-noc,alt-sugar,alt-k12linux,altvideos,hosted-content,mips-content,s390_content,fi-apprentice,qa-deltaisos,sysadmin-veteran
|
||||
|
||||
host_group: secondary
|
||||
|
||||
ipa_host_group: secondary
|
||||
ipa_host_group_desc: Serve secondary arch and archived releases
|
||||
ipa_client_shell_groups:
|
||||
- alt-k12linux
|
||||
- alt-sugar
|
||||
- altvideos
|
||||
- fi-apprentice
|
||||
- hosted-content
|
||||
- mips-content
|
||||
- qa-deltaisos
|
||||
- s390_content
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
|
|
|
|||
|
|
@ -11,3 +11,9 @@ tcp_ports: [ 44333, 44334 ]
|
|||
|
||||
fas_client_groups: sysadmin-releng
|
||||
sudoers: "{{ private }}/files/sudo/00releng-sudoers"
|
||||
|
||||
ipa_host_group: sign-bridge
|
||||
ipa_client_shell_groups:
|
||||
- sysadmin-releng
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-releng
|
||||
|
|
|
|||
|
|
@ -22,3 +22,17 @@ nrpe_procs_warn: 300
|
|||
nrpe_procs_crit: 500
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/sundries-sudoers"
|
||||
|
||||
ipa_host_group: sundries
|
||||
ipa_host_group_desc: Odds and ends
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ num_cpus: 2
|
|||
# the host_vars/$hostname file
|
||||
|
||||
tcp_ports: [ 80, 873 ]
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran,sysadmin-releng
|
||||
|
||||
# This gets overridden by whichever node we want to run special cronjobs.
|
||||
master_sundries_node: False
|
||||
|
|
@ -21,4 +20,16 @@ rsync_group: sundries-stg
|
|||
nrpe_procs_warn: 300
|
||||
nrpe_procs_crit: 500
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/sundries-sudoers"
|
||||
ipa_host_group: sundries
|
||||
ipa_host_group_desc: Odds and ends
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-releng
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
|
|
|||
|
|
@ -28,6 +28,20 @@ custom_rules: [
|
|||
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-mote,sysadmin-veteran
|
||||
|
||||
ipa_host_group: value
|
||||
ipa_host_group_desc: "Value added: IRC bots, message logging, etc."
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-mote
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-mote
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
- service: shell
|
||||
|
|
|
|||
|
|
@ -26,7 +26,19 @@ custom_rules: [
|
|||
'-A INPUT -p tcp -m tcp -s 10.5.126.23 --dport 5050 -j ACCEPT',
|
||||
]
|
||||
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-mote,sysadmin-veteran
|
||||
ipa_host_group: value
|
||||
ipa_host_group_desc: "Value added: IRC bots, message logging, etc."
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-mote
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-mote
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
# These are consumed by a task in roles/fedmsg/base/main.yml
|
||||
fedmsg_certs:
|
||||
|
|
|
|||
|
|
@ -12,6 +12,18 @@ virt_install_command: "{{ virt_install_command_two_nic }}"
|
|||
tcp_ports: [ 80 ]
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran
|
||||
|
||||
ipa_host_group: wiki
|
||||
ipa_host_group_desc: Fedora Wiki
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
# mediawiki variables
|
||||
wikiname: "fp"
|
||||
wikipath: "wiki"
|
||||
|
|
|
|||
|
|
@ -7,7 +7,18 @@ num_cpus: 2
|
|||
deployment_type: stg
|
||||
|
||||
tcp_ports: [ 80 ]
|
||||
fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-veteran
|
||||
|
||||
ipa_host_group: wiki
|
||||
ipa_host_group_desc: Fedora Wiki
|
||||
ipa_client_shell_groups:
|
||||
- fi-apprentice
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
ipa_client_sudo_groups:
|
||||
- sysadmin-noc
|
||||
- sysadmin-veteran
|
||||
- sysadmin-web
|
||||
|
||||
# mediawiki variables
|
||||
wikiname: "fp"
|
||||
|
|
|
|||
|
|
@ -10,8 +10,6 @@ eth0_ip: 10.3.167.33
|
|||
vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org
|
||||
datacenter: staging
|
||||
|
||||
fas_client_groups: sysadmin-releng,sysadmin-fedimg,modularity-wg,pungi-devel
|
||||
|
||||
koji_hub_nfs: "fedora_koji"
|
||||
|
||||
kojipkgs_url: kojipkgs.fedoraproject.org
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ mem_size: 65536
|
|||
max_mem_size: 98304
|
||||
num_cpus: 8
|
||||
tcp_ports: [ 5432, 443 ]
|
||||
fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
|
||||
|
||||
# kernel SHMMAX value
|
||||
kernel_shmmax: 68719476736
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ dbs_to_backup:
|
|||
lvm_size: 30000
|
||||
mem_size: 4096
|
||||
num_cpus: 2
|
||||
fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
|
||||
|
||||
#
|
||||
# Only allow postgresql access from the frontend node and ipsilon01.stg and
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@ lvm_size: 1500000
|
|||
mem_size: 16384
|
||||
max_mem_size: "{{ mem_size }}"
|
||||
num_cpus: 8
|
||||
fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran,sysadmin-releng
|
||||
|
||||
# kernel SHMMAX value
|
||||
kernel_shmmax: 68719476736
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ databases:
|
|||
lvm_size: 500000
|
||||
mem_size: 16384
|
||||
num_cpus: 4
|
||||
fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
|
||||
|
||||
#
|
||||
# We should narrow this down at some point
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ lvm_size: 300000
|
|||
mem_size: 8192
|
||||
num_cpus: 2
|
||||
tcp_ports: [ 5432, 443, 3306 ]
|
||||
fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-veteran
|
||||
|
||||
# kernel SHMMAX value
|
||||
kernel_shmmax: 68719476736
|
||||
|
|
|
|||
|
|
@ -17,8 +17,6 @@ mem_size: 4096
|
|||
num_cpus: 4
|
||||
freezes: false
|
||||
|
||||
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran,sysadmin-dbgserver
|
||||
|
||||
virt_install_command: "{{ virt_install_command_two_nic }}"
|
||||
|
||||
sudoers: "{{ private }}/files/sudo/dbgserver-sudoers"
|
||||
|
|
|
|||
|
|
@ -20,6 +20,4 @@ lvm_size: 1048576
|
|||
mem_size: 16384
|
||||
num_cpus: 16
|
||||
|
||||
fas_client_groups: fi-apprentice,sysadmin-veteran,sysadmin-logs,sysadmin-noc,sysadmin-atomic,sysadmin-analysis
|
||||
|
||||
#host_backup_targets: ['/var/log']
|
||||
|
|
|
|||
|
|
@ -23,8 +23,6 @@ vmhost: vmhost-x86-05.stg.iad2.fedoraproject.org
|
|||
# virtual machine
|
||||
############################################################
|
||||
|
||||
fas_client_groups: sysadmin-qa,sysadmin-main,sysadmin-noc,fi-apprentice,sysadmin-veteran
|
||||
lvm_size: 50000
|
||||
mem_size: 8192
|
||||
num_cpus: 4
|
||||
sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
|
||||
|
|
|
|||
|
|
@ -314,6 +314,14 @@ iddev.fedorainfracloud.org
|
|||
noc01.iad2.fedoraproject.org
|
||||
noc02.fedoraproject.org
|
||||
|
||||
[notifs:children]
|
||||
notifs_backend
|
||||
notifs_web
|
||||
|
||||
[notifs_stg:children]
|
||||
notifs_backend_stg
|
||||
notifs_web_stg
|
||||
|
||||
[notifs_backend]
|
||||
notifs-backend01.iad2.fedoraproject.org
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue