blob: 7489a003b596ec231225a20cf5346dae2a97c1d8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
---
lvm_size: 20000
mem_size: 4096
num_cpus: 2
freezes: false
# Definining these vars has a number of effects
# 1) mod_wsgi is configured to use the vars for its own setup
# 2) iptables opens enough ports for all threads for fedmsg
# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
wsgi_fedmsg_service: tahrir
wsgi_procs: 2
wsgi_threads: 2
tcp_ports: [ 80 ]
# Neeed for rsync from log01 for logs.
custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
fas_client_groups: sysadmin-noc,sysadmin-badges,sysadmin-veteran
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
owner: root
group: sysadmin
can_send:
- logger.log
- service: tahrir
owner: root
group: tahrir
can_send:
- fedbadges.badge.award
- fedbadges.person.rank.advance
- fedbadges.person.login.first
# For the MOTD
csi_security_category: Low
csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org
csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org
csi_relationship: |
The apache/mod_wsgi app is the only thing really running here
* This host relies on:
* db01 for its database of badge awards (and users, etc..)
* a collection of .pngs in /usr/share/badges/pngs put there by ansible
* memcached!
* Conversely, a few things rely on this site:
* We have a mediawiki plugin that hits a JSON endpoint to display badges.
It should be resilient, but issues in the badges app may cascade into
mediawiki issues in the event of faults.
* fedora-mobile (the android app) queries the JSON api here.
* zodbot has a .badges <username> command that queries the JSON api here.
* openbadges.org may call back to this app to verify that badge assertions
are really certified by us (this will happen anytime someone exports
their fedora badges to the mozilla universe via the tahrir web
interface, but may also happen later in the future to ensure we did not
revoke such and such badge).
|
