--- # Define resources for this group of hosts here. lvm_size: 30000 mem_size: 6144 num_cpus: 2 deployment_type: prod # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file tcp_ports: [ 80, 443, # These 16 ports are used by fedmsg. One for each wsgi thread. 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015] custom_rules: [ # Needed for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', # Needed to let nagios on noc01 and noc02 pipe alerts to zodbot here '-A INPUT -p tcp -m tcp -s 10.3.163.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.166.10 --dport 5050 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.20 --dport 5050 -j ACCEPT', # batcave01 also needs access to announce commits. '-A INPUT -p tcp -m tcp -s 192.168.20.41 --dport 5050 -j ACCEPT', ] fas_client_groups: sysadmin-noc,fi-apprentice,sysadmin-web,sysadmin-mote,sysadmin-veteran # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - service: shell owner: root group: sysadmin can_send: - logger.log - service: supybot owner: root group: daemon can_send: # cookies! - irc.karma # standard meetbot stuff - meetbot.meeting.complete - meetbot.meeting.start - meetbot.meeting.topic.update # meetbot line items - meetbot.meeting.item.agreed - meetbot.meeting.item.accepted - meetbot.meeting.item.rejected - meetbot.meeting.item.action - meetbot.meeting.item.info - meetbot.meeting.item.idea - meetbot.meeting.item.help - meetbot.meeting.item.link # For the MOTD csi_security_category: Moderate csi_primary_contact: mote admins - sysadmin-mote-members@fedoraproject.org csi_purpose: Hosts services which help facilitate communication over IRC and related mediums. csi_relationship: | There are a couple things running here. * zodbot, a supybot instance. See the zodbot SOP for more info. * fedmsg-irc, our fedmsg to IRC relay. 'journalctl -u fedmsg-irc' * mote, a webapp running behind httpd that serves meetbot log files.