WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-12 10:56:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b7e5056a4ec6fda678d33f052d6980775fa16cf1
fedora-infra_ansible/inventory/group_vars/badges_web
Kevin Fenzi 580cd252c5 Inventory group/host variables: Sort yaml 
This was done using yq (
https://mikefarah.gitbook.io/yq/operators/sort-keys )

Doing things this way makes it much easier to see if a variable is set
in a file or if two hosts differ in what variables they set. Hopefully
we can keep things sorted moving forward.

Basically this means just sort a-z anything you add to any host or group
vaiable and it will be in the right place.

Additionally, this enforces 'normal' intent rules for all the variable
files which we should also try and obey. 2 spaces for first level, 3 for
next, etc. When in doubt you can run yq on it.

This should cause NO actual vairable changes, it's all just readability
fixing for humans, ansible parses it exactly the same.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-11-16 13:27:57 -08:00

53 lines
2.0 KiB
Plaintext
Raw Blame History

---
csi_primary_contact: Badges admins - sysadmin-badges-members@fedoraproject.org
csi_purpose: Run the 'tahrir' mod_wsgi app to display badges.fedoraproject.org
csi_relationship: |
The apache/mod_wsgi app is the only thing really running here
* This host relies on:
* db01 for its database of badge awards (and users, etc..)
* a collection of .pngs in /usr/share/badges/pngs put there by ansible
* memcached!
* Conversely, a few things rely on this site:
* We have a mediawiki plugin that hits a JSON endpoint to display badges.
It should be resilient, but issues in the badges app may cascade into
mediawiki issues in the event of faults.
* fedora-mobile (the android app) queries the JSON api here.
* zodbot has a .badges <username> command that queries the JSON api here.
* openbadges.org may call back to this app to verify that badge assertions
are really certified by us (this will happen anytime someone exports
their fedora badges to the mozilla universe via the tahrir web
interface, but may also happen later in the future to ensure we did not
revoke such and such badge).
# For the MOTD
csi_security_category: Low
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- can_send:
- logger.log
group: sysadmin
owner: root
service: shell
- can_send:
- fedbadges.badge.award
- fedbadges.person.rank.advance
- fedbadges.person.login.first
group: tahrir
owner: root
service: tahrir
freezes: false
lvm_size: 20000
mem_size: 6144
num_cpus: 2
tcp_ports: [80]
# Definining these vars has a number of effects
# 1) mod_wsgi is configured to use the vars for its own setup
# 2) iptables opens enough ports for all threads for fedmsg
# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
wsgi_fedmsg_service: tahrir
wsgi_procs: 2
wsgi_threads: 2
Reference in New Issue View Git Blame Copy Permalink