blob: 644932f87ad80f814aa6c5e2812c27676f91eec3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 2048
num_cpus: 2
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
# 9940 is for the anitya public relay
tcp_ports: [ 80, 443, 9940 ]
custom_rules: [
# Need for rsync from log01 for logs.
'-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
# Need so that anitya-backend can talk fedmsg to our relay
'-A INPUT -p tcp -m tcp -s 140.211.169.230 --dport 9941 -j ACCEPT',
]
fas_client_groups: sysadmin-noc,sysadmin-web,sysadmin-veteran
# Don't use testing repos in production
testing: False
freezes: false
vpn: true
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: anitya
owner: root
group: apache
can_send:
- anitya.distro.add
- anitya.distro.edit
- anitya.distro.remove
- anitya.project.add
- anitya.project.add.tried
- anitya.project.edit
- anitya.project.flag
- anitya.project.flag.set
- anitya.project.map.new
- anitya.project.map.remove
- anitya.project.map.update
- anitya.project.remove
- anitya.project.version.remove
- anitya.project.version.update
fedmsg_prefix: org.release-monitoring
fedmsg_env: prod
# For the MOTD
csi_security_category: Low
csi_primary_contact: Fedora admins - admin@fedoraproject.org
csi_purpose: Run the 'anitya' mod_wsgi app for release-monitoring.org
csi_relationship: |
There are a few things running here:
- The apache/mod_wsgi app for release-monitoring.org
- A fedmsg-relay instance for anitya's local fedmsg bus
- This host relies on:
- A postgres db server running on anitya-backend01
- Lots of external third-party services. The anitya webapp can scrape
pypi, rubygems.org, sourceforge and many others on command.
- Things that rely on this host:
- The Fedora Infrastructure bus subscribes to the anitya bus published
here by the local fedmsg-relay daemon at
tcp://release-monitoring.org:9940
- the-new-hotness is a fedmsg-hub plugin running in FI on hotness01. It
listens for anitya messages from here and performs actions on koji and
bugzilla.
- anitya-backend01 expects to publish fedmsg messages via
anitya-frontend01's fedmsg-relay daemon. Access should be restricted by
firewall.
|
