diff --git a/inventory/group_vars/hosted b/inventory/group_vars/hosted
new file mode 100644
index 0000000000..5f63f720ae
--- /dev/null
+++ b/inventory/group_vars/hosted
@@ -0,0 +1,27 @@
+
+
+# Even though the hosted nodes are still deployed with puppet, we have this
+# definition here so that the fedmsg authz policy can be generated correctly.
+# ... when we eventually fully ansibilize these hosts, just fill out the rest of
+# this file with the other vars we need.  --threebean
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: trac
+  owner: root
+  group: apache
+  can_send:
+  - trac.ticket.delete
+  - trac.ticket.new
+  - trac.ticket.update
+  - trac.wiki.page.delete
+  - trac.wiki.page.new
+  - trac.wiki.page.rename
+  - trac.wiki.page.update
+  - trac.wiki.page.version.delete
+- service: git
+  owner: root
+  group: cla_done
+  can_send:
+  - trac.git.receive
diff --git a/inventory/group_vars/koji b/inventory/group_vars/koji
index 975d9efb57..d24f2f3840 100644
--- a/inventory/group_vars/koji
+++ b/inventory/group_vars/koji
@@ -26,17 +26,15 @@ fedmsg_certs:
 - service: koji
   owner: root
   group: apache
-  ## These are commented out for now only because I don't know how to handle the
-  ## secondary arch kojis
-  #can_send:
-  #- buildsys.build.state.change
-  #- buildsys.package.list.change
-  #- buildsys.repo.done
-  #- buildsys.repo.init
-  #- buildsys.rpm.sign
-  #- buildsys.tag
-  #- buildsys.task.state.change
-  #- buildsys.untag
+  can_send:
+  - buildsys.build.state.change
+  - buildsys.package.list.change
+  - buildsys.repo.done
+  - buildsys.repo.init
+  - buildsys.rpm.sign
+  - buildsys.tag
+  - buildsys.task.state.change
+  - buildsys.untag
 
 nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
 
diff --git a/inventory/group_vars/koji-not-yet-ansibilized b/inventory/group_vars/koji-not-yet-ansibilized
new file mode 100644
index 0000000000..aa5bf62eda
--- /dev/null
+++ b/inventory/group_vars/koji-not-yet-ansibilized
@@ -0,0 +1,17 @@
+# See the comment with the explanation of this group in ``inventory/inventory``
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: koji
+  owner: root
+  group: apache
+  can_send:
+  - buildsys.build.state.change
+  - buildsys.package.list.change
+  - buildsys.repo.done
+  - buildsys.repo.init
+  - buildsys.rpm.sign
+  - buildsys.tag
+  - buildsys.task.state.change
+  - buildsys.untag
diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace
index d6678a4a99..ea0f29f91c 100644
--- a/inventory/group_vars/retrace
+++ b/inventory/group_vars/retrace
@@ -26,3 +26,20 @@ fedmsg_certs:
 - service: faf
   owner: root
   group: faf
+  can_send:
+  - faf.report.threshold1
+  - faf.report.threshold10
+  - faf.report.threshold100
+  - faf.report.threshold1000
+  - faf.report.threshold1000
+  - faf.report.threshold10000
+  - faf.report.threshold100000
+  - faf.report.threshold1000000
+  - faf.problem.threshold1
+  - faf.problem.threshold10
+  - faf.problem.threshold100
+  - faf.problem.threshold1000
+  - faf.problem.threshold1000
+  - faf.problem.threshold10000
+  - faf.problem.threshold100000
+  - faf.problem.threshold1000000
diff --git a/inventory/host_vars/hosted03.fedoraproject.org b/inventory/host_vars/hosted03.fedoraproject.org
new file mode 100644
index 0000000000..f7c6428b6d
--- /dev/null
+++ b/inventory/host_vars/hosted03.fedoraproject.org
@@ -0,0 +1,2 @@
+
+fedmsg_fqdn: hosted03.vpn.fedoraproject.org
diff --git a/inventory/host_vars/hosted04.fedoraproject.org b/inventory/host_vars/hosted04.fedoraproject.org
index fbc0826155..cf335b1ce1 100644
--- a/inventory/host_vars/hosted04.fedoraproject.org
+++ b/inventory/host_vars/hosted04.fedoraproject.org
@@ -1,2 +1,4 @@
 ---
 host_backup_targets: ['/srv']
+
+fedmsg_fqdn: hosted04.vpn.fedoraproject.org
diff --git a/inventory/host_vars/s390-koji01.qa.fedoraproject.org b/inventory/host_vars/s390-koji01.qa.fedoraproject.org
index 3b58c0f153..995ac8dff0 100644
--- a/inventory/host_vars/s390-koji01.qa.fedoraproject.org
+++ b/inventory/host_vars/s390-koji01.qa.fedoraproject.org
@@ -13,6 +13,8 @@ nrpe_procs_crit: 1000
 
 fas_client_groups: sysadmin-noc,sysadmin-secondary
 
+fedmsg_fqdn: s390-hub01.qa.fedoraproject.org
+
 sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
 
 #
diff --git a/inventory/inventory b/inventory/inventory
index 9cb4027ace..61e5e24b9d 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -313,6 +313,14 @@ koji01.phx2.fedoraproject.org
 koji02.phx2.fedoraproject.org
 s390-koji01.qa.fedoraproject.org
 
+# We need an inventory definition of these hosts for fedmsg certs even though
+# they are not yet ansibilized.  When they're finally assimilated, move them to
+# the main group
+[koji-not-yet-ansibilized]
+arm-hub01.qa.fedoraproject.org
+ppc-hub.qa.fedoraproject.org
+
+
 [koji-stg]
 koji01.stg.phx2.fedoraproject.org
 
diff --git a/roles/fedmsg/irc/templates/ircbot.py b/roles/fedmsg/irc/templates/ircbot.py
index eac531ebdd..bef542e8f2 100644
--- a/roles/fedmsg/irc/templates/ircbot.py
+++ b/roles/fedmsg/irc/templates/ircbot.py
@@ -66,7 +66,7 @@ config = dict(
             channel='fedora-hubs',
             filters=dict(
                 topic=[
-                    '^((?!(github\.create|github\.issue\.|github\.pull_request\.|github\.commit_comment|github\.star|github\.push|pagure)).)*$',
+                    '^((?!(github\.create|github\.issue\.|github\.pull_request\.|github\.commit_comment|github\.star|pagure)).)*$',
                 ],
                 body=[
                     "^((?!(fedora-hubs)).)*$",
@@ -74,6 +74,26 @@ config = dict(
             ),
         ),
 
+        # For that commops crew!
+        dict(
+            network='chat.freenode.net',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='commopsbot-s',
+            {% else %}
+            nickname='commopsbot',
+            {% endif %}
+            channel='fedora-commops',
+            filters=dict(
+                topic=[
+                    '^((?!(planet|fedora_elections|meetbot\.meeting\.item\.help|meetbot\.meeting\.complete|github\.star|github\.fork|github\.release|fedocal\.meeting\.new|fedocal\.meeting\.update|fedocal\.meeting\.delete|fedocal\.calendar|fas\.user\.create|fedbadges\.person\.login\.first|pagure\.project\.new|askbot\.post\.flag_offensive|anitya\.distro\.add|anitya\.project\.map\.new)).)*$',
+                ],
+            ),
+        ),
+
         # Just for the Ask Fedora crew in #fedora-ask
         dict(
             network='chat.freenode.net',
diff --git a/roles/hosts/files/koschei01.phx2.fedoraproject.org-hosts b/roles/hosts/files/koschei01.phx2.fedoraproject.org-hosts
index 1b060c2598..cd2b645259 100644
--- a/roles/hosts/files/koschei01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/koschei01.phx2.fedoraproject.org-hosts
@@ -1,4 +1,5 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.51 proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org
 10.5.126.23 infrastructure.fedoraproject.org
 10.5.125.36 kojipkgs.fedoraproject.org