WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
6706723eea466bc9ffedc00a2fc86a0797279113
fedora-infra_ansible/inventory/group_vars/pagure
Kevin Fenzi 8bf3ced166 pagure: add a new pagure01 in rdu3 iso network 
This instance will be the new pagure.io once everything is migrated to
it. This will need a small outage to migrate it instead of a day or two
outage to move the existing hardware.

Tenatively I'd like to schedule this for december 3rd.
The hardware will be moving from rdu-cc on december 8th.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-11-21 10:41:46 -08:00

86 lines
3.5 KiB
Plaintext
Raw Blame History

---
# Define resources for this group of hosts here.
# Block some ips that are using too mauch resources
custom_rules: [
'-A INPUT -s 81.69.171.38/32 -j REJECT',
'-A INPUT -s 175.24.248.206/32 -j REJECT',
'-A INPUT -s 47.76.209.138/32 -j REJECT',
'-A INPUT -s 47.76.99.127/32 -j REJECT'
]
nft_block_rules:
- 'add rule ip filter INPUT ip saddr 81.69.171.38 counter reject'
- 'add rule ip filter INPUT ip saddr 175.24.248.206 counter reject'
- 'add rule ip filter INPUT ip saddr 47.76.0.0/14 counter reject'
- 'add rule ip filter INPUT ip saddr 47.80.0.0/13 counter reject'
- 'add rule ip filter INPUT ip saddr 47.74.0.0/15 counter reject'
- 'add rule ip filter INPUT ip saddr 66.249.64.0/24 counter reject'
- 'add rule ip filter INPUT ip saddr 43.134.64.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.134.0.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.134.224.0/19 counter reject'
- 'add rule ip filter INPUT ip saddr 43.159.41.0/24 counter reject'
- 'add rule ip filter INPUT ip saddr 43.163.8.0/24 counter reject'
- 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.156.0.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.128.64.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.133.32.0/19 counter reject'
- 'add rule ip filter INPUT ip saddr 43.134.128.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.159.37.0/24 counter reject'
- 'add rule ip filter INPUT ip saddr 43.153.192.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.159.32.0/24 counter reject'
- 'add rule ip filter INPUT ip saddr 43.156.64.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 43.163.0.0/24 counter reject'
- 'add rule ip filter INPUT ip saddr 14.153.15.174 counter reject'
- 'add rule ip filter INPUT ip saddr 47.246.0.0/16 counter reject'
- 'add rule ip filter INPUT ip saddr 47.236.0.0/14 counter reject'
- 'add rule ip filter INPUT ip saddr 47.235.0.0/16 counter reject'
- 'add rule ip filter INPUT ip saddr 47.240.0.0/14 counter reject'
- 'add rule ip filter INPUT ip saddr 47.244.0.0/15 counter reject'
- 'add rule ip filter INPUT ip saddr 146.174.128.0/18 counter reject'
- 'add rule ip filter INPUT ip saddr 154.222.253.0/24 counter reject'
# For the MOTD
db_backup_dir: ['/backups']
dbs_to_backup: ['pagure']
env: pagure
freezes: true
host_backup_targets: ['/srv/git', '/var/www/releases']
ipa_client_shell_groups:
- sysadmin-noc
- sysadmin-web
- sysadmin-veteran
ipa_client_sudo_groups:
- sysadmin-web
ipa_host_group: pagure
ipa_host_group_desc: Pagure GIT Forge
lvm_size: 2t
max_mem_size: 131072
mem_size: 65536
num_cpus: 48
postfix_group: vpn.pagure
primary_auth_source: ipa
sshd_config: ssh/sshd_config.pagure
sshd_keyhelper: true
stunnel_destination_port: :::8080
stunnel_service: "eventsource"
stunnel_source_port: 8088
# for systems that do not match the above - specify the same parameter in
# the host_vars/$hostname file
tcp_ports: [22, 25, 80, 443, 8442, 8443, 8444, 8445,
# Used for the eventsource
8088]
vpn: true
# Pagure has needs vpn for monitoring
zabbix_host: zabbix01.vpn.fedoraproject.org
zabbix_macros:
'VFS.DEV.WRITE.AWAIT.WARN': 60 # frequently saturated writes overnight
notes: |
Run the pagure instances for fedora
There are a few things running here:
* The apache/mod_wsgi app for pagure
* This host relies on:
* A postgres db server running locally
Things that rely on this host:
* nothing currently
Reference in New Issue View Git Blame Copy Permalink