---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 2048
num_cpus: 2

tcp_ports: [ 80, 443,
    # This port is required by gluster
    6996,
    # These 12 ports are used by fedmsg.  One for each wsgi thread.
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 30010, 3011, 3012]

# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]

fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice,sysadmin-veteran

freezes: false

# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
  owner: root
  group: sysadmin
  can_send:
  - logger.log
- service: askbot
  owner: root
  group: apache
  can_send:
  - askbot.post.delete
  - askbot.post.edit
  - askbot.post.flag_offensive.add
  - askbot.post.flag_offensive.delete
  - askbot.tag.update

virt_install_command: "{{ virt_install_command_rhel6 }}"

# For the MOTD
csi_security_category: Low
csi_primary_contact: Fedora admins - admin@fedoraproject.org
csi_purpose: Run the django webapp for ask.fedoraproject.org
csi_relationship: |
    This depends on:

    - The database server on db01.
    - memcached (specifically memcached02), but only in production.  In staging,
      a local-memory backend is used instead.

    Gotchas:

    - The packages for celery are installed, but we do not actually run or
      depend on the celery daemon.
    - There are *lots* of hotfixes in effect on this machine.