arm-packager arm-qa atomichw bastion beaker beaker-stg beaker-virthosts bkernel blockerbugs blockerbugs-stg bodhi-backend buildaarch64 buildarm buildhw buildppc buildppc64 buildppcle buildvm buildvmhost buildvm-ppc64 buildvm-ppc64le buildvm-stg busgateway busgateway-stg bvirthost cloud-hardware composers composers-stg copr copr-back copr-back-stg copr-dist-git copr-dist-git-stg copr-front copr-front-stg copr-keygen copr-keygen-stg copr-stg darkserver datagrepper datagrepper-stg dev dhcp docs-backend download-ib download-phx2 download-rdu2 elections elections-stg existgrpvar.sh existgrpvar.sh~ fas fas-stg fedimg fedimg-stg fedocal fedocal-stg gallery gallery-stg github2fedmsg github2fedmsg-stg hosted hotness hotness-stg ipsilon ipsilon-stg jenkins-master jenkins-slave kernel-qa kerneltest kerneltest-stg keys koji koji-not-yet-ansibilized koji-stg lockbox mailman mailman-stg mdapi mdapi-stg memcached memcached-stg mirrorlist2 mirrorlist2-stg mm mm-stg notifs-backend notifs-backend-stg notifs-web notifs-web-stg nuancier nuancier-stg openqa openqa-stg openqa-stg-workers openqa-workers openstack-compute osbs-stg OSv3 packages packages-stg paste paste-stg persistent-cloud pkgdb pkgdb-stg pkgs pkgs-stg postgresql-server qadevel qa-stg releng releng-compose resultsdb-dev resultsdb-prod resultsdb-stg retrace secondary sign-bridge sign-vault smtp-mm staging statscache-backend statscache-backend-stg statscache-web statscache-web-stg summershum summershum-stg sundries sundries-stg tagger tagger-stg taskotron-dev taskotron-dev-client-hosts taskotron-dev-clients taskotron-prod taskotron-prod-clients taskotron-stg taskotron-stg-clients twisted-buildbots unbound virthost virthost-comm wiki wiki-stg
Hello, First of all, thank you to all of you at #fedora-admin who helped me get started. I've edited five group_vars files and created a patch with my local commit. Please find attached and pasted below. Hope it makes some sense Juan csi vars for bastion, copr-back, cpr-back-stg, copr-front, copr- front-stg diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion index 87a0e33..40733b4 100644 --- a/inventory/group_vars/bastion +++ b/inventory/group_vars/bastion @@ -1,5 +1,5 @@ --- -# Define resources for this group of hosts here. +# Define resources for this group of hosts here. lvm_size: 20000 mem_size: 8192 num_cpus: 4 @@ -37,3 +37,16 @@ fas_aliases: true # nrpe_procs_warn: 1100 nrpe_procs_crit: 1200 + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: sysadmin-main admin@fedoraproject.org +csi_purpose: SSH proxy to access infrastructure not exposed to the web +csi_relationship: + * Provides ssh access to all phx2/vpn connected servers. + * Bastion is the hub for all infrastructure's VPN connections. + * All incoming SMTP from phx2 and VPN, as well as outgoing SMTP, pass or are filtered here. + * Bastion does not accept any mail outside phx2/vpn. diff --git a/inventory/group_vars/copr-back b/inventory/group_vars/copr-back index 6d598e4..c2a279f 100644 --- a/inventory/group_vars/copr-back +++ b/inventory/group_vars/copr-back @@ -20,3 +20,14 @@ do_sign: "true" spawn_in_advance: "true" frontend_base_url: "https://copr-fe.cloud.fedoraproject.org" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: High +csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys +csi_purpose: Provide the backend for copr (3rd party packages) +csi_relationship: + * Backend: Management of copr cloud infrastructure (OpenStack). + * Small frontend with copr's public stats diff --git a/inventory/group_vars/copr-back-stg b/inventory/group_vars/copr-back-stg index 7c0fb6a..42ac9fa 100644 --- a/inventory/group_vars/copr-back-stg +++ b/inventory/group_vars/copr-back-stg @@ -18,3 +18,12 @@ do_sign: "true" spawn_in_advance: "false" frontend_base_url: "http://copr-fe-dev.cloud.fedoraproject.org" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: Moderate +csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys +csi_purpose: Provide the testing environment of copr's backend +csi_relationship: This host is the testing environment for the cloud infrastructure of copr's backend diff --git a/inventory/group_vars/copr-front b/inventory/group_vars/copr-front index 7dcfcd7..628ab78 100644 --- a/inventory/group_vars/copr-front +++ b/inventory/group_vars/copr-front @@ -1,3 +1,14 @@ --- copr_hostname: "copr-fe.cloud.fedoraproject.org" copr_frontend_public_hostname: "copr.fedoraproject.org" + +# These variables are pushed into /etc/system_identification by the base role. +# Groups and individual hosts should override them with specific info. +# See http://infrastructure.fedoraproject.org/csi/security-policy/ + +csi_security_category: Moderate +csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys +csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr) +csi_relationship: + * This host provides the frontend part of copr only. + * It's the point of contact between end users and the copr build system (backend, package singer) diff --git a/inventory/group_vars/copr-front-stg b/inventory/group_vars/copr-front-stg index 835a21a..e12e6e2 100644 --- a/inventory/group_vars/copr-front-stg +++ b/inventory/group_vars/copr-front-stg @@ -1,2 +1,7 @@ --- copr_frontend_public_hostname: "copr-fe-dev.cloud.fedoraproject.org" + +csi_security_category: Low +csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys +csi_purpose: Provide the testing environment of copr's frontend On Wed, 2015-11-18 at 09:33 -0500, Zach Villers wrote:
arm-packager arm-qa atomichw bastion beaker beaker-stg beaker-virthosts bkernel blockerbugs blockerbugs-stg bodhi-backend buildaarch64 buildarm buildhw buildppc buildppc64 buildppcle buildvm buildvmhost buildvm-ppc64 buildvm-ppc64le buildvm-stg busgateway busgateway-stg bvirthost cloud-hardware composers composers-stg copr copr-back copr-back-stg copr-dist-git copr-dist-git-stg copr-front copr-front-stg copr-keygen copr-keygen-stg copr-stg darkserver datagrepper datagrepper-stg dev dhcp docs-backend download-ib download-phx2 download-rdu2 elections elections-stg existgrpvar.sh existgrpvar.sh~ fas fas-stg fedimg fedimg-stg fedocal fedocal-stg gallery gallery-stg github2fedmsg github2fedmsg-stg hosted hotness hotness-stg ipsilon ipsilon-stg jenkins-master jenkins-slave kernel-qa kerneltest kerneltest-stg keys koji koji-not-yet-ansibilized koji-stg lockbox mailman mailman-stg mdapi mdapi-stg memcached memcached-stg mirrorlist2 mirrorlist2-stg mm mm-stg notifs-backend notifs-backend-stg notifs-web notifs-web-stg nuancier nuancier-stg openqa openqa-stg openqa-stg-workers openqa-workers openstack-compute osbs-stg OSv3 packages packages-stg paste paste-stg persistent-cloud pkgdb pkgdb-stg pkgs pkgs-stg postgresql-server qadevel qa-stg releng releng-compose resultsdb-dev resultsdb-prod resultsdb-stg retrace secondary sign-bridge sign-vault smtp-mm staging statscache-backend statscache-backend-stg statscache-web statscache-web-stg summershum summershum-stg sundries sundries-stg tagger tagger-stg taskotron-dev taskotron-dev-client-hosts taskotron-dev-clients taskotron-prod taskotron-prod-clients taskotron-stg taskotron-stg-clients twisted-buildbots unbound virthost virthost-comm wiki wiki-stg _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/infrastructure@lists.fedor aproject.org
Unfortunately, there's some line wrapping issues going on that makes it so git doesn't want to apply. ;(
Can you resend as an attachment?
kevin
Did my attachment not arrive OK? Trying again. Should I assume the csi vars were OK like that then? Happy to carry on doing more. Great exercise to get to know how the infrastructure is set up Juan On Fri, 2015-11-20 at 11:08 -0700, Kevin Fenzi wrote:
Unfortunately, there's some line wrapping issues going on that makes it so git doesn't want to apply. ;(
Can you resend as an attachment?
kevin
On Fri, 20 Nov 2015 19:16:46 +0000 Juan Jimenez-Anca juan@encremento.com wrote:
Did my attachment not arrive OK? Trying again. Should I assume the csi vars were OK like that then? Happy to carry on doing more. Great exercise to get to know how the infrastructure is set up
That worked. Something in the previous send wasn't happy with whitespace. ;)
kevin --
Juan On Fri, 2015-11-20 at 11:08 -0700, Kevin Fenzi wrote:
Unfortunately, there's some line wrapping issues going on that makes it so git doesn't want to apply. ;(
Can you resend as an attachment?
kevin
infrastructure@lists.fedoraproject.org