Hello,

First of all, thank you to all of you at #fedora-admin who helped me get started.

I've edited five group_vars files and created a patch with my local commit. Please find attached and pasted below. Hope it makes some sense

Juan



    csi vars for bastion, copr-back, cpr-back-stg, copr-front, copr-front-stg

diff --git a/inventory/group_vars/bastion b/inventory/group_vars/bastion
index 87a0e33..40733b4 100644
--- a/inventory/group_vars/bastion
+++ b/inventory/group_vars/bastion
@@ -1,5 +1,5 @@
 ---
-# Define resources for this group of hosts here.
+# Define resources for this group of hosts here.
 lvm_size: 20000
 mem_size: 8192
 num_cpus: 4
@@ -37,3 +37,16 @@ fas_aliases: true
 #
 nrpe_procs_warn: 1100
 nrpe_procs_crit: 1200
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: High
+csi_primary_contact: sysadmin-main admin@fedoraproject.org
+csi_purpose: SSH proxy to access infrastructure not exposed to the web
+csi_relationship:
+  * Provides ssh access to all phx2/vpn connected servers.
+  * Bastion is the hub for all infrastructure's VPN connections.
+  * All incoming SMTP from phx2 and VPN, as well as outgoing SMTP, pass or are filtered here.
+  * Bastion does not accept any mail outside phx2/vpn.
diff --git a/inventory/group_vars/copr-back b/inventory/group_vars/copr-back
index 6d598e4..c2a279f 100644
--- a/inventory/group_vars/copr-back
+++ b/inventory/group_vars/copr-back
@@ -20,3 +20,14 @@ do_sign: "true"
 
 spawn_in_advance: "true"
 frontend_base_url: "https://copr-fe.cloud.fedoraproject.org"
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: High
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide the backend for copr (3rd party packages)
+csi_relationship:
+  * Backend: Management of copr cloud infrastructure (OpenStack).
+  * Small frontend with copr's public stats
diff --git a/inventory/group_vars/copr-back-stg b/inventory/group_vars/copr-back-stg
index 7c0fb6a..42ac9fa 100644
--- a/inventory/group_vars/copr-back-stg
+++ b/inventory/group_vars/copr-back-stg
@@ -18,3 +18,12 @@ do_sign: "true"
 
 spawn_in_advance: "false"
 frontend_base_url: "http://copr-fe-dev.cloud.fedoraproject.org"
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: Moderate
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide the testing environment of copr's backend
+csi_relationship: This host is the testing environment for the cloud infrastructure of copr's backend
diff --git a/inventory/group_vars/copr-front b/inventory/group_vars/copr-front
index 7dcfcd7..628ab78 100644
--- a/inventory/group_vars/copr-front
+++ b/inventory/group_vars/copr-front
@@ -1,3 +1,14 @@
 ---
 copr_hostname: "copr-fe.cloud.fedoraproject.org"
 copr_frontend_public_hostname: "copr.fedoraproject.org"
+
+# These variables are pushed into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+
+csi_security_category: Moderate
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide a publicly accessible frontend for 3rd party packages (copr)
+csi_relationship:
+  * This host provides the frontend part of copr only.
+  * It's the point of contact between end users and the copr build system (backend, package singer)
diff --git a/inventory/group_vars/copr-front-stg b/inventory/group_vars/copr-front-stg
index 835a21a..e12e6e2 100644
--- a/inventory/group_vars/copr-front-stg
+++ b/inventory/group_vars/copr-front-stg
@@ -1,2 +1,7 @@
 ---
 copr_frontend_public_hostname: "copr-fe-dev.cloud.fedoraproject.org"
+
+csi_security_category: Low
+csi_primary_contact: msuchy (mirek, vgologuz) | IRC: #fedora-admin, #fedora-buildsys
+csi_purpose: Provide the testing environment of copr's frontend




On Wed, 2015-11-18 at 09:33 -0500, Zach Villers wrote:
arm-packager
arm-qa
atomichw
bastion
beaker
beaker-stg
beaker-virthosts
bkernel
blockerbugs
blockerbugs-stg
bodhi-backend
buildaarch64
buildarm
buildhw
buildppc
buildppc64
buildppcle
buildvm
buildvmhost
buildvm-ppc64
buildvm-ppc64le
buildvm-stg
busgateway
busgateway-stg
bvirthost
cloud-hardware
composers
composers-stg
copr
copr-back
copr-back-stg
copr-dist-git
copr-dist-git-stg
copr-front
copr-front-stg
copr-keygen
copr-keygen-stg
copr-stg
darkserver
datagrepper
datagrepper-stg
dev
dhcp
docs-backend
download-ib
download-phx2
download-rdu2
elections
elections-stg
existgrpvar.sh
existgrpvar.sh~
fas
fas-stg
fedimg
fedimg-stg
fedocal
fedocal-stg
gallery
gallery-stg
github2fedmsg
github2fedmsg-stg
hosted
hotness
hotness-stg
ipsilon
ipsilon-stg
jenkins-master
jenkins-slave
kernel-qa
kerneltest
kerneltest-stg
keys
koji
koji-not-yet-ansibilized
koji-stg
lockbox
mailman
mailman-stg
mdapi
mdapi-stg
memcached
memcached-stg
mirrorlist2
mirrorlist2-stg
mm
mm-stg
notifs-backend
notifs-backend-stg
notifs-web
notifs-web-stg
nuancier
nuancier-stg
openqa
openqa-stg
openqa-stg-workers
openqa-workers
openstack-compute
osbs-stg
OSv3
packages
packages-stg
paste
paste-stg
persistent-cloud
pkgdb
pkgdb-stg
pkgs
pkgs-stg
postgresql-server
qadevel
qa-stg
releng
releng-compose
resultsdb-dev
resultsdb-prod
resultsdb-stg
retrace
secondary
sign-bridge
sign-vault
smtp-mm
staging
statscache-backend
statscache-backend-stg
statscache-web
statscache-web-stg
summershum
summershum-stg
sundries
sundries-stg
tagger
tagger-stg
taskotron-dev
taskotron-dev-client-hosts
taskotron-dev-clients
taskotron-prod
taskotron-prod-clients
taskotron-stg
taskotron-stg-clients
twisted-buildbots
unbound
virthost
virthost-comm
wiki
wiki-stg
_______________________________________________
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/infrastructure@lists.fedoraproject.org