--- # Define resources for this group of hosts here. lvm_size: 20000 mem_size: 2048 num_cpus: 2 # for systems that do not match the above - specify the same parameter in # the host_vars/$hostname file # 9940 is for the anitya public relay tcp_ports: [ 80, 443, 9940 ] custom_rules: [ # Need for rsync from log01 for logs. '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT', # Need so that anitya-backend can talk fedmsg to our relay '-A INPUT -p tcp -m tcp -s 140.211.169.230 --dport 9941 -j ACCEPT', ] fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran # Don't use testing repos in production testing: False freezes: false vpn: true # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - service: shell owner: root group: sysadmin can_send: - logger.log - service: anitya owner: root group: apache can_send: - anitya.distro.add - anitya.distro.edit - anitya.distro.remove - anitya.project.add - anitya.project.add.tried - anitya.project.edit - anitya.project.flag - anitya.project.flag.set - anitya.project.map.new - anitya.project.map.remove - anitya.project.map.update - anitya.project.remove - anitya.project.version.remove - anitya.project.version.update fedmsg_prefix: org.release-monitoring fedmsg_env: prod # For the MOTD csi_security_category: Low csi_primary_contact: Fedora admins - admin@fedoraproject.org csi_purpose: Run the 'anitya' mod_wsgi app for release-monitoring.org csi_relationship: | There are a few things running here: - The apache/mod_wsgi app for release-monitoring.org - A fedmsg-relay instance for anitya's local fedmsg bus - This host relies on: - A postgres db server running on anitya-backend01 - Lots of external third-party services. The anitya webapp can scrape pypi, rubygems.org, sourceforge and many others on command. - Things that rely on this host: - The Fedora Infrastructure bus subscribes to the anitya bus published here by the local fedmsg-relay daemon at tcp://release-monitoring.org:9940 - the-new-hotness is a fedmsg-hub plugin running in FI on hotness01. It listens for anitya messages from here and performs actions on koji and bugzilla. - anitya-backend01 expects to publish fedmsg messages via anitya-frontend01's fedmsg-relay daemon. Access should be restricted by firewall.