Moved to https://forge.fedoraproject.org/infra/ansible

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

README.md

@@ -1,143 +1,3 @@
-Fedora Infrastructure
-=====================
-
-Welcome! This is the Fedora Infrastructure Ansible Pagure project.
-
-Pull requests and forks can be made against this repository hosted
-at https://pagure.io/fedora-infra/ansible
-
-This repository is also mirrored for production runs to
-https://infrastructure.fedoraproject.org/infra/ansible/
-but this is the working repository where changes are made.
-
-If you would like to help out with Fedora Infrastructure, see:
-
-* https://docs.fedoraproject.org/en-US/infra/gettingstarted/
-* https://docs.fedoraproject.org/en-US/infra/apprentice/
-
-Ansible repository/structure
-----------------------------
-
-```
-files - files and templates for use in playbooks/tasks
-      - subdirs for specific tasks/dirs highly recommended
-
-inventory - where the inventory and additional vars is stored
-          - All files in this directory in ini format
-          - added together for total inventory
-  group_vars:
-          - per group variables set here in a file per group
-  host_vars:
-          - per host variables set here in a file per host
-
-library - library of custom local ansible modules
-
-playbooks - collections of plays we want to run on systems
-
-  groups: groups of hosts configured from one playbook.
-
-  hosts: playbooks for single hosts.
-
-  manual: playbooks that are only run manually by an admin as needed.
-
-tasks - snippets of tasks that should be included in plays
-
-roles - specific roles to be use in playbooks.
-        Each role has it's own files/templates/vars
-
-filter_plugins - Jinja filters
-
-main.yml - This is the main playbook, consisting of all
-             current group and host playbooks. Note that the
-             daily cron doesn't run this, it runs even over
-             playbooks that are not yet included in main.
-             This playbook is usefull for making changes over
-             multiple groups/hosts usually with -t (tag).
-```
-
-Paths
------
-
-The public path on batcave01 (our control host) for everything is `/srv/web/infra/ansible`
-
-The private path on batcave01 (our control host) (which is sysadmin-main accessible only)
-is `/srv/private/ansible`
-
-In general to run any ansible playbook you will want to run:
-
-```
-sudo -i ansible-playbook /path/to/playbook.yml
-```
-
-(On batcave01, our control host)
-
-Scheduled check-diff
---------------------
-
-Every night a cron job runs over all playbooks under `playbooks/{groups}{hosts}`
-with `ansible --check --diff`. A report from this is sent to sysadmin-logs.
-In the ideal state this report would be empty.
-
-Idempotency
------------
-
-All playbooks should be idempotent. Ie, if run once they should bring the
-machine(s) to the desired state, and if run again N times after that they should
-make 0 changes (because the machine(s) are in the desired state).
-Please make sure your playbooks are idempotent.
-
-Can be run anytime
-------------------
-
-When a playbook or change is checked into ansible you should assume
-that it could be run at ***ANY TIME***. Always make sure the checked in state
-is the desired state. Always test changes when they land so they don't
-surprise you later.
-
-Contributing and Licensing
---------------------------
-
-Contributions to this repository are subject to the Fedora Project
-Contributor Agreement. If no license is specified, the MIT license is used, otherwise
-the contribution is under the specified acceptable Fedora License.
-See https://docs.fedoraproject.org/en-US/legal/fpca/
-for more information.
-
-Contributing Pull Requests
---------------------------
-
-If found a way to improve this repository or fix an issue found in our
-infrastructure tracker (see https://forge.fedoraproject.org/infra/tickets)
-open a pull-request.
-
-You either should have capability to run the playbooks after they have been reviewed,
-and merged or find the person responsible and work with them to make sure the changes
-will be aplied afterwards. 
-
-We are currently working on a simple to use list of Point Of Contanct people for the applications
-here, untill it is done, you can, look at people that recently edited the ansible files,
-or if you belong to sysadmin group, view the /etc/ansible_utils/rbac.yaml located on batcave01,
-where you can see the groups of people that have capabilities to run the relevant playbooks.
-
-For example, to upgrade Release Monitoring, you need to run playbook openshift-apps/release-monitoring.yaml.
-People in sysadmin-releasemonitoring have that capability, and you cand find the members in https://accounts.fedoraproject.org/group/sysadmin-releasemonitoring/
-
-If the application in question is not on the critical path it should be sufficient,
-if person responsible for the application reviews the PR.
-
-If the files in question are on the critical path, that are necessary for functioning packager workflow,
-at least two different people should review the PR.
-
-If there is any risk at all, that the application of the changes would induce downtime,
-work closely with other to ensure that the downtime is properly scheduled:
-
-- there is an issue in https://forge.fedoraproject.org/infra/tickets specifying the downtime
-- there is an email sent to the devel-list
-- https://status.fedoraproject.org is updated (see https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/status-fedora/)
-
-Applications on critical path: pagure, mirrormanager, toddlers, bodhi, noggin, mdapi, rpmautospec, pagure-dist-git, mirror_from_pagure, fedora-messaging, dist-git, PDC/FPDC, FMN, sigul
-robosignatory, tag2distrepo, ci-resultsdb-listener, stylo, mirrorlist
-resultsdb, Nagios, koschei, wiki / mediawiki, wiki / moin, waiverdb, 
-greenwave, ODCS, Mailman3 / HK, mailman 2, OSBS, pungi, koji, MBS, 
-IPA, rabbitmq, geoip,ipsilon
+This repo has moved to https://forge.fedoraproject.org/infra/ansible
 
+Please go there to make any changes.

inventory/group_vars/copr_aws

@@ -25,6 +25,8 @@ builders:
   aws_reserved:
     aarch64: [50, 20, 33]
     x86_64: [58, 20, 52]
+  aws_reserved_powerful:
+    x86_64: [1, 1, 1]
   aws_powerful:
     aarch64: [10, 2, 0]
     x86_64: [10, 2, 1]
@@ -37,7 +39,7 @@ builders:
   ppc64le_hypervisor_02:
     ppc64le: [0, 4, 13]
   p09_hypervisor_01:
-    ppc64le: [0, 5, 31]
+    ppc64le: [15, 5, 15]
   p09_hypervisor_02:
     ppc64le: [15, 5, 15]
   p09_hypervisor_03:
@@ -45,13 +47,13 @@ builders:
   p09_hypervisor_04:
     ppc64le: [15, 5, 15]
   x86_hypervisor_01:
-    x86_64: [0, 4, 20]
+    x86_64: [20, 4, 20]
   x86_hypervisor_02:
-    x86_64: [0, 4, 20]
+    x86_64: [20, 4, 20]
   x86_hypervisor_03:
-    x86_64: [0, 4, 20]
+    x86_64: [20, 4, 20]
   x86_hypervisor_04:
-    x86_64: [0, 4, 20]
+    x86_64: [20, 4, 20]
 
   ibm_cloud_us_east_hp:
     s390x: [2, 1, 0]

inventory/group_vars/copr_dev_aws

@@ -38,7 +38,7 @@ builders:
   ppc64le_hypervisor_02:
     ppc64le: [0, 1, 1]
   p09_hypervisor_01:
-    ppc64le: [0, 1, 1]
+    ppc64le: [1, 1, 1]
   p09_hypervisor_02:
     ppc64le: [1, 1, 1]
   p09_hypervisor_03:
@@ -46,11 +46,11 @@ builders:
   p09_hypervisor_04:
     ppc64le: [1, 1, 1]
   x86_hypervisor_01:
-    x86_64: [0, 1, 1]
+    x86_64: [2, 1, 1]
   x86_hypervisor_02:
-    x86_64: [0, 1, 1]
+    x86_64: [2, 1, 1]
   x86_hypervisor_03:
-    x86_64: [0, 1, 1]
+    x86_64: [2, 1, 1]
   x86_hypervisor_04:
     x86_64: [2, 1, 1]
 

inventory/group_vars/nagios

@@ -34,8 +34,12 @@ rdu3_external:
   - ns-iad02.fedoraproject.org
   - pkgs.fedoraproject.org
   - proxy01.fedoraproject.org
+  - proxy03.fedoraproject.org
   - proxy10.fedoraproject.org
+  - proxy14.fedoraproject.org
   - secondary01.fedoraproject.org
+  - smtp-mm-iso01.fedoraproject.org
+  - storinator01.fedoraproject.org
 #
 # This is a list of hosts which are in the RDU3 160 mgmt network
 # we do not have them in ansible because it tries to connect

inventory/group_vars/proxies

@@ -84,6 +84,7 @@ nft_block_rules:
   - 'add rule ip filter INPUT ip saddr 101.47.184.0/21  counter reject'
   - 'add rule ip filter INPUT ip saddr 101.47.185.0/24  counter reject'
   - 'add rule ip filter INPUT ip saddr 101.47.186.0/23  counter reject'
+  - 'add rule ip filter INPUT ip saddr 34.159.191.146/32  counter reject'
 nft_custom_rules:
   # Need for rsync from log01 for logs.
   - 'add rule ip filter INPUT ip saddr 10.16.163.39     tcp dport 873 counter accept'

inventory/hardware

@@ -76,11 +76,12 @@ backup01.rdu3.fedoraproject.org
 [powerpc]
 #bvmhost-p09-01.stg.rdu3.fedoraproject.org
 bvmhost-p09-05.rdu3.fedoraproject.org
-vmhost-p08-copr01.rdu-cc.fedoraproject.org
-vmhost-p08-copr02.rdu-cc.fedoraproject.org
-vmhost-p09-copr01.rdu3.fedoraproject.org
 bvmhost-p10-01.rdu3.fedoraproject.org
 bvmhost-p10-02.rdu3.fedoraproject.org
+vmhost-p09-copr01.rdu3.fedoraproject.org
+vmhost-p09-copr02.rdu3.fedoraproject.org
+vmhost-p09-copr03.rdu3.fedoraproject.org
+vmhost-p09-copr04.rdu3.fedoraproject.org
 
 [appliedmicro]
 bvmhost-a64-01.stg.rdu3.fedoraproject.org

inventory/host_vars/buildhw-x86-02.rdu3.fedoraproject.org

@@ -4,6 +4,7 @@ dns1: 10.16.163.33
 br0_ipv4_ip: 10.16.169.32
 br0_ipv4_gw: 10.16.169.254
 br0_ipv4_nm: 24
+freezes: false
 has_ipv4: yes
 has_ipv6: no
 mac0: c4:cb:e1:e1:5c:02

inventory/host_vars/logdetective01.fedorainfracloud.org

@@ -15,7 +15,7 @@ drive_device: 38e6c8c2-5747-47bf-b3d2-9f0dea371edc
 
 datacenter: aws
 devel: false
-root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari
+root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari jmatufka
 
 nrpe_client_uid: 500
 

inventory/host_vars/logdetective02.fedorainfracloud.org

@@ -15,7 +15,7 @@ drive_device: c62e20b2-3388-459f-87ff-aa937d6a9318
 
 datacenter: aws
 devel: false
-root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari
+root_auth_users: msuchy frostyx praiskup nikromen ttomecek jpodivin sgallagh mmassari jmatufka
 
 nagios_Can_Connect: false
 nagios_Check_Services:

inventory/host_vars/vmhost-p09-copr01.rdu3.fedoraproject.org

@@ -6,8 +6,11 @@ br0_ipv6_ip: 2620:52:6:1161::10
 br0_ipv6_gw: 2620:52:6:1161::1
 br0_ipv6_nm: 64
 datacenter: rdu3
+dns1: 10.16.163.33
+dns2: 10.16.163.34
+dns_search2: "rdu3.fedoraproject.org"
+dns_search3: "fedoraproject.org"
 has_ipv4: yes
-has_ipv6: yes
 nbde: false
 mac0: "08:94:ef:81:d0:aa"
 mac1: "08:94:ef:81:d0:ab"
@@ -15,8 +18,9 @@ mac2: "b8:ce:f6:c6:00:c6"
 mac3: "b8:ce:f6:c6:00:c7"
 mac4: "b8:ce:f6:c6:00:d0"
 mac5: "b8:ce:f6:c6:00:d1"
+libvirt_host: "[{{ br0_ipv6_ip }}]"
 libvirt_pool: vmhost_p09_01
-libvirt_pool_order_id: 6
+libvirt_pool_order_id: 4
 libvirt_arch: ppc64le
 network_connections:
    # Bridge profile
@@ -37,6 +41,7 @@ network_connections:
         - "{{ dns_search1 }}"
         - "{{ dns_search2 }}"
       gateway4: "{{ br0_ipv4_gw }}"
+      gateway6: "{{ br0_ipv6_gw }}"
    # Bond profile
    - name: bond0
      type: bond

inventory/host_vars/vmhost-x86-copr01.rdu3.fedoraproject.org

@@ -19,7 +19,8 @@ mac5: b4:96:91:63:3b:e9
 mac6: b4:96:91:63:3b:ea 
 mac7: b4:96:91:63:3b:eb
 mac8: f4:02:70:d3:15:95
-libvirt_pool: copr_hv_x86_64_01
+libvirt_host: "[{{ br0_ipv6_ip }}]"
+libvirt_pool: vmhost_x86_01
 libvirt_pool_order_id: 7
 libvirt_arch: x86_64
 network_connections:

inventory/host_vars/vmhost-x86-copr02.rdu3.fedoraproject.org

@@ -18,7 +18,8 @@ mac4: b4:96:91:63:3b:9d
 mac5: 84:16:0c:bc:24:e0
 mac6: b4:96:91:63:3b:9e
 mac7: b4:96:91:63:3b:9f
-libvirt_pool: copr_hv_x86_64_02
+libvirt_host: "[{{ br0_ipv6_ip }}]"
+libvirt_pool: vmhost_x86_02
 libvirt_pool_order_id: 8
 libvirt_arch: x86_64
 network_connections:

inventory/host_vars/vmhost-x86-copr03.rdu3.fedoraproject.org

@@ -18,7 +18,8 @@ mac4: "b4:96:91:63:3b:50"
 mac5: "b4:96:91:63:3b:51"
 mac6: "b4:96:91:63:3b:52"
 mac7: "b4:96:91:63:3b:53"
-libvirt_pool: copr_hv_x86_64_03
+libvirt_host: "[{{ br0_ipv6_ip }}]"
+libvirt_pool: vmhost_x86_03
 libvirt_pool_order_id: 9
 libvirt_arch: x86_64
 network_connections:

playbooks/groups/batcave.yml

@@ -35,10 +35,10 @@
     user_name: "batcave{{ env_suffix }}"
     user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.(ansible|git|infragit|logger)\..*
   - role: rabbit/queue
-    queue_username: "mirror_pagure_ansible{{ env_suffix }}"
-    queue_name: "mirror_pagure_ansible{{ env_suffix }}"
+    queue_username: "mirror_forge_ansible{{ env_suffix }}"
+    queue_name: "mirror_forge_ansible{{ env_suffix }}"
     queue_routing_keys:
-    - "io.pagure.*.pagure.git.receive"
+    - "org.fedoraproject.prod.forgejo.push"
     queue_thresholds:
       warning: 10
       critical: 100
@@ -48,7 +48,7 @@
     when: datacenter == 'rdu3'
   - { role: nfs/client, when: inventory_hostname.startswith('batcave'), mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
   - { role: nfs/client, when: inventory_hostname.startswith('batcave01'), mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' }
-  - { role: mirror_pagure_ansible, tags: ['mirror_pagure_ansible'] }
+  - { role: mirror_forge_ansible, tags: ['mirror_forge_ansible'] }
   - kickstarts
 
   pre_tasks:

playbooks/groups/copr-hypervisor.yml

@@ -38,7 +38,9 @@
     - import_role: name=openvpn/client
     - import_role: name=zabbix/zabbix_agent
     - import_role: name=ipa/client
-    - import_role: name=copr/hypervisor
+    - import_role:
+        name: copr/hypervisor
+      tags: copr_hypervisor
     - {import_role: name=linux-system-roles.nbde_client, tags: ['nbde_client'], when: (nbde|bool) }
 
 

roles/anubis-el/files/botPolicy.yaml

@@ -12,6 +12,9 @@ bots:
     weight:
       adjust: 20
     path_regex: ^/fork/
+  - name: allow POSTs
+    expression: method == "POST"
+    action: ALLOW
   - name: cloudfront
     user_agent_regex: ".*CloudFront.*"
     action: ALLOW

roles/anubis/templates/policies.yaml.j2

@@ -15,6 +15,9 @@ bots:
   - name: bodhi and badges rss feeds
     path_regex: /rss/
     action: ALLOW
+  - name: allow POSTs
+    expression: method == "POST"
+    action: ALLOW
   - name: allow ostree
     path_regex: ^/ostree
     action: ALLOW

roles/copr/backend/tasks/resalloc.yml

@@ -45,11 +45,6 @@
         set -- $(echo "$decoded")
         IP=$1
       fi
-      case $RESALLOC_NAME in
-      *vmhost_p09_02_prod_01867876_20260202_151259*)
-        exit 0
-        ;;
-      esac
       ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=10 "${SSH_USER-root}@$IP" true
     mode: "0755"
     dest: /usr/local/bin/resalloc-check-vm-ip

roles/copr/backend/templates/resalloc/pools.yaml.j2

@@ -15,7 +15,7 @@
 #   default priority is 0
 #   reserved instances in cloud has > 0
 #   on-premise instance < 0
-#   high performance instances <= 40
+#   high performance instances <= - 40
 #
 # - if you need to drop a pool, it requires you to do a few steps:
 #   a) first evacutate the pool by setting `max: 0`,
@@ -26,7 +26,7 @@
 
 {% macro aws(arch, max, max_starting, max_prealloc, spot=False, on_demand=none, priority=0, reserved=False) %}
 aws_{{ arch }}_{{ on_demand + '_' if on_demand is not none else '' }}{% if spot %}spot{% else %}normal{% endif %}{% if reserved %}reserved{% endif %}_{% if devel %}dev{% else %}prod{% endif %}:
-{% if on_demand %}
+{% if on_demand and not reserved %}
     max: 10
     max_starting: 4
 {% elif reserved and devel %}
@@ -195,7 +195,7 @@ copr_osuosl_{% if cpu == "p10" %}p10{% else %}p09{% endif %}_{% if on_demand %}{
 {% endmacro %}
 
 # x86_64 hypervisors
-{% for hv in ["04"] %}
+{% for hv in ["01", "02", "03", "04"] %}
 {% if "x86_hypervisor_" + hv in builders %}
 vmhost_x86_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
     max: {{ builders["x86_hypervisor_" + hv]["x86_64"][0] }}
@@ -467,11 +467,18 @@ copr_ic_s390x_{{ zone }}_{% if devel %}dev{% else %}prod{% endif %}:
 #### High performance builders
 # priority should be less than any other normal builder. i.e., <= -40
 
+# aws(arch, max, max_starting, max_prealloc, spot=False, on_demand=none, priority=0, reserved=False)
+{% if not devel %}
+{{ aws('x86_64', builders.aws_reserved_powerful.x86_64[0], builders.aws_reserved_powerful.x86_64[1],
+       builders.aws_reserved_powerful.x86_64[2], on_demand='powerful', reserved=True, priority=-40) }}
+{% endif %}
+
+
 {{ aws('x86_64', builders.aws_powerful.x86_64[0], builders.aws_powerful.x86_64[1],
-       builders.aws_powerful.x86_64[2], spot=True, on_demand='powerful', priority=-40) }}
+       builders.aws_powerful.x86_64[2], spot=True, on_demand='powerful', priority=-50) }}
 
 {{ aws('aarch64', builders.aws_powerful.aarch64[0], builders.aws_powerful.aarch64[1],
-       builders.aws_powerful.aarch64[2], spot=True, on_demand='powerful', priority=-40) }}
+       builders.aws_powerful.aarch64[2], spot=True, on_demand='powerful', priority=-50) }}
 
 {{ aws('x86_64', builders.aws_powerful.x86_64[0], builders.aws_powerful.x86_64[1],
        builders.aws_powerful.x86_64[2], on_demand='powerful', priority=-60) }}

roles/copr/frontend/templates/copr.conf

@@ -280,10 +280,6 @@ EXTRA_BUILDCHROOT_TAGS = [{
     # powerful builders for RISC-V team - specific packages
     "pattern": "@forge-riscv-members/.*/.*riscv64/(kernel|gcc|llvm|clang).*",
     "tags": ["on_demand_powerful"],
-}, {
-    # powerful builders for RISC-V team - repos ending with _kernel
-    "pattern": "@forge-riscv-members/.*_kernel/.*riscv64/.*",
-    "tags": ["on_demand_powerful"],
 }]
 {% endif %}
 

roles/distgit/pagure/templates/pagure.cfg

@@ -40,7 +40,7 @@ DB_URL = 'postgresql://{{ distgit_pagure_db_user }}:{{ distgit_pagure_db_pass }}
 
 # Something breaks the database connections after a while, recycle them sooner
 # https://forge.fedoraproject.org/infra/tickets/12622
-DB_POOL_RECYCLE = 600
+DB_POOL_RECYCLE = 300
 
 ### FAS groups of pagure admins
 ADMIN_GROUP = ['cvsadmin', 'sysadmin-main']

roles/download/templates/httpd/dl.fedoraproject.org.conf

@@ -32,6 +32,11 @@
    SSLProtocol {{ ssl_protocols }}
    SSLCipherSuite {{ ssl_ciphers }}
 
+  RewriteEngine On
+  RewriteCond %{REQUEST_URI} ^/pub/alt/virtio-win/.*$
+  RewriteRule .* - [F]
+
+
   # proxy all requests to anubis after ssl termination
 
   RequestHeader set "X-Real-Ip" expr=%{REMOTE_ADDR}

roles/mailman3/templates/settings.py.j2

@@ -300,6 +300,7 @@ Q_CLUSTER = {
 #
 REST_FRAMEWORK = {
     'PAGE_SIZE': 10,
+    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
     'DEFAULT_RENDERER_CLASSES': [
         'rest_framework.renderers.JSONRenderer',
     ],

roles/mirror_forge_ansible/templates/mirror_forge_ansible.cfg

@@ -13,9 +13,8 @@ callback = "mirror_from_forge_bus:MirrorFromForge"
 queue = "mirror_forge_ansible{{ env_suffix }}"
 {% endif %}
 exchange = "amq.topic"
-# FIXME: This key is probably wrong.
 routing_keys = [
-    "org.fedoraproject.prod.forgejo.git.receive",
+    "org.fedoraproject.prod.forgejo.push",
 ]
 
 [tls]

roles/mirror_forge_ansible/templates/mirror_from_forge_bus.py

@@ -11,8 +11,10 @@ import time
 
 from fedora_messaging import config, message
 
-# FIXME: This key is probably wrong
-_msg_topic = "org.fedoraproject.prod.forgejo.git.receive"
+_msg_topic = "org.fedoraproject.prod.forgejo.push"
+
+# "pagure" or "forgejo"
+_msg_from = "forgejo"
 
 _log = logging.getLogger("mirror_from_forge_bus")
 
@@ -73,7 +75,12 @@ class MirrorFromForge(object):
 
         msg = message.Message
         msg.topic = _msg_topic
-        msg.body = {"repo": {"fullname": self.trigger_names[0]}}
+        if _msg_from is None:
+            pass
+        elif _msg_from == "forgejo": # Lots of things missing here...
+            msg.body = {"repository": {"full_name": self.trigger_names[0]}}
+        elif _msg_from == "pagure":
+            msg.body = {"repo": {"fullname": self.trigger_names[0]}}
         self.__call__(message=msg)
 
     def __call__(self, message, cnt=0):
@@ -85,7 +92,14 @@ class MirrorFromForge(object):
         """
         _log.info("Received topic: %s", message.topic)
         if message.topic == _msg_topic:
-            repo_name = message.body.get("repo", {}).get("fullname")
+            #  In theory we could try both here, but it might be confusing later
+            # so just use _msg_from and try one.
+            if _msg_from is None:
+                pass
+            elif _msg_from == "forgejo":
+                repo_name = message.body.get("repository", {}).get("full_name")
+            elif _msg_from == "pagure":
+                repo_name = message.body.get("repo", {}).get("fullname")
             if repo_name not in self.trigger_names:
                 _log.info("%s is not a forge repo of interest, bailing", repo_name)
                 return

roles/nagios_server/templates/nagios/hosts/rdu3-hosts.cfg.j2

@@ -1,5 +1,5 @@
 {% for host in groups['all']|sort %}
-{% if hostvars[host].datacenter == 'rdu3' and hostvars[host].nagios_Can_Connect == true %}
+{% if hostvars[host].datacenter.startswith('rdu3') and hostvars[host].nagios_Can_Connect == true %}
 define host {
 {% if hostvars[host].nagios_Check_Services['nrpe'] == true %}
    use                     defaulttemplate
@@ -26,4 +26,4 @@ define host {
 {% endif %}
 }
 {% endif %}
-{% endfor %}
+{% endfor %}

roles/nagios_server/templates/nagios/services/websites.cfg.j2

@@ -246,7 +246,7 @@ define service {
 define service {
   host_name             pagure.io
   service_description   https://forge.fedoraproject.org/infra/tickets
-  check_command         check_website_follow!pagure.io!https://forge.fedoraproject.org/infra/tickets!Issues
+  check_command         check_website_follow!pagure.io!https://pagure.io/fedora-infrastructure/issues!Issues
   max_check_attempts    8
   use                   websitetemplate
 }

roles/rabbitmq_cluster/tasks/apps.yml

@@ -37,9 +37,7 @@
     user_sent_topics: ^org\.(fedoraproject|centos)\.{{ env_short }}\.ci\..*
   loop:
     - "osci-pipelines{{ env_suffix }}-queue-2"
-    - "osci-pipelines{{ env_suffix }}-queue-4"
     - "osci-pipelines{{ env_suffix }}-queue-5"
-    - "osci-pipelines{{ env_suffix }}-queue-7"
     - "osci-pipelines{{ env_suffix }}-queue-9"
     - "osci-pipelines{{ env_suffix }}-queue-10"
     - "osci-pipelines{{ env_suffix }}-queue-11"

vars/all/FedoraBranchedBodhi.yaml

@@ -4,4 +4,4 @@
 # postbeta: After beta release and before final release
 # current: After final release
 ---
-FedoraBranchedBodhi: preenable
+FedoraBranchedBodhi: prebeta

vars/all/Frozen.yaml

@@ -2,6 +2,6 @@
 # is the infrastructure freeze currently in place?
 InfraFrozen: False
 # is the pending release (Branched) currently frozen?
-NextReleaseFrozen: False
+NextReleaseFrozen: True
 # for 'backwards compatibility'
 Frozen: "{{ InfraFrozen }}"