1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
---
# Define resources for this group of hosts here.
lvm_size: 20000
mem_size: 2048
num_cpus: 2
tcp_ports: [ 80, 443,
# This port is required by gluster
6996,
# These 12 ports are used by fedmsg. One for each wsgi thread.
3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 30010, 3011, 3012]
# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice,sysadmin-veteran
freezes: false
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: askbot
owner: root
group: apache
can_send:
- askbot.post.delete
- askbot.post.edit
- askbot.post.flag_offensive.add
- askbot.post.flag_offensive.delete
- askbot.tag.update
virt_install_command: "{{ virt_install_command_rhel6 }}"
# For the MOTD
csi_security_category: Low
csi_primary_contact: Fedora admins - admin@fedoraproject.org
csi_purpose: Run the django webapp for ask.fedoraproject.org
csi_relationship: |
This depends on:
- The database server on db01.
- memcached (specifically memcached02), but only in production. In staging,
a local-memory backend is used instead.
Gotchas:
- The packages for celery are installed, but we do not actually run or
depend on the celery daemon.
- There are *lots* of hotfixes in effect on this machine.
|
