commit ace1d1967358a3c85e4bc80f336924c4b9306afe Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Mon Oct 10 12:11:34 2016 +0200 Update bodhi-backend group_vars/bodhi-backend | 42 ++++++++++++++++++++++++++++++++++++++++ group_vars/bodhi2 | 10 +++++++- group_vars/releng-compose | 47 +++++++++++++++++++++++++++++++++++++++++++++ inventory/inventory | 11 +++++++++- 4 files changed, 107 insertions(+), 3 deletions(-) --- diff --git a/group_vars/bodhi-backend b/group_vars/bodhi-backend new file mode 100644 index 0000000..529d28d --- /dev/null +++ b/group_vars/bodhi-backend @@ -0,0 +1,42 @@ +--- +# common items for the releng-* boxes +lvm_size: 10000 +mem_size: 1024 +num_cpus: 1 + +# Do not use testing repositories on production +testing: False + +# These are for fedmsg publication from the bodhi backend. +# If you change these iptables rules, you also need to changes the endpoints +# list in roles/fedmsg/base/templates/endpoints-bodhi.py +tcp_ports: [ + 3000, 3001, 3002, 3003, 3004, + 3005, 3006, 3007, 3008, 3009, + 3010, 3011, 3012, 3013, 3014, + 3015, 3016, 3017, 3018, 3019, +] +# Make connections from signing bridges stateless, they break sigul connections +# https://bugzilla.redhat.com/show_bug.cgi?id=1283364 +#custom_rules: ['-A INPUT --proto tcp --sport 44334 --source 10.5.125.71 -j ACCEPT'] + +# With 16 cpus, theres a bunch more kernel threads +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +host_group: releng + +# These people get told when something goes wrong. +fedmsg_error_recipients: +- root(a)rpmfusion.org + +## XXX -- note that the fedmsg_certs declaration does not happen here, but +# happens instead at the inventory/host_vars/ level since bodhi-backend03 and +# bodhi-backend02 have different roles and responsibilities. + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4" + +fas_client_groups: sysadmin-releng,sysadmin-bodhi +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +## XXX - note that the csi_ stuff is kept at the host_vars/ level. diff --git a/group_vars/bodhi2 b/group_vars/bodhi2 index 7cec042..18d32dd 100644 --- a/group_vars/bodhi2 +++ b/group_vars/bodhi2 @@ -7,10 +7,13 @@ lvm_size: 40000 mem_size: 16384 num_cpus: 4 +# Do not use testing repositories on production +testing: False + # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file -host_group: bodhi2 +host_group: releng # Definining these vars has a number of effects # 1) mod_wsgi is configured to use the vars for its own setup @@ -25,7 +28,8 @@ tcp_ports: [ 80 ] # Neeed for rsync from log01 for logs. #custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ] -fas_client_groups: sysadmin-main +fas_client_groups: sysadmin-noc,sysadmin-bodhi +sudoers: "{{ private }}/files/sudo/00releng-sudoers" # These set a config value in /etc/fedmsg.d/, see roles/bodhi2/base/ # frontend nodes won't run either of these @@ -73,6 +77,8 @@ fedmsg_certs: # For the MOTD csi_security_category: Moderate +csi_primary_contact: Bodhi Admins root(a)rpmfusion.org +csi_purpose: Run the Bodhi mod_wsgi app for admin.rpmfusion.org csi_relationship: | The apache/mod_wsgi app is the only thing really running here. The mashing of repos is handled by the bodhi-backend node(s). diff --git a/group_vars/releng-compose b/group_vars/releng-compose new file mode 100644 index 0000000..cfe2376 --- /dev/null +++ b/group_vars/releng-compose @@ -0,0 +1,47 @@ +--- +# common items for the releng-* boxes +lvm_size: 10000 +mem_size: 1024 +num_cpus: 1 +ks_url: http://192.168.181.254/install/ks/compose01.ks +ks_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/24/Server/x86_64/os/ +virt_install_command: "{{ virt_install_command_one_nic }}" + +# With 16 cpus, theres a bunch more kernel threads +nrpe_procs_warn: 900 +nrpe_procs_crit: 1000 + +host_group: releng +fas_client_groups: sysadmin-releng +freezes: true +sudoers: "{{ private }}/files/sudo/00releng-sudoers" + +nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4" + +# For the mock config +kojipkgs_url: koji.rpmfusion.org/kojifiles +kojihub_url: koji.rpmfusion.org/kojihub +kojihub_scheme: http + +# for kojid config +koji_server_url: "http://koji.rpmfusion.org/kojihub" +koji_weburl: "http://koji.rpmfusion.org/koji" +koji_topurl: "http://koji.rpmfusion.org/kojifiles" + +# These are consumed by a task in roles/fedmsg/base/main.yml +fedmsg_certs: +- service: shell + owner: root + group: root + can_send: + - logger.log +- service: releng + owner: root + group: masher + can_send: + - pungi.compose.phase.start + - pungi.compose.phase.stop + - pungi.compose.status.change + # Then there are *all these* make-updates things from releng+cloudsig + - compose.23.make-updates.start + - compose.23.make-updates.done diff --git a/inventory/inventory b/inventory/inventory index 2eab70a..e64130c 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -1,9 +1,12 @@ [bastion] hv01.online.rpmfusion.net -[bodhi-backend] +[bodhi2] bodhi01.online.rpmfusion.net +[bodhi-backend] +bodhi-backend01.online.rpmfusion.net + [bugzilla] bugzilla02.online.rpmfusion.net @@ -28,6 +31,12 @@ pkgs01.online.rpmfusion.net [proxies] pkgs01.online.rpmfusion.net +[releng-compose] +bodhi01-backend.online.rpmfusion.net + +[sign-bridge] +koji01.online.rpmfusion.net + [bvirthost] [buildvmhost]