Merge branch 'openvpn_handler' of /git/ansible into openvpn_handler

Add nagios to trusted openid roots
2026-02-03 05:03:34 +08:00 · 2014-08-02 15:00:10 +00:00 · 2014-08-02 15:00:06 +00:00
806 changed files with 3048 additions and 22460 deletions
--- a/8
+++ b/8
@@ -81,7 +81,7 @@ m1.builder  5120       50     3
 Setting up a new persistent cloud host:
 1. select an ip:
   source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
-   oeuca-describe-addresses
+   euca-describe-addresses
  - pick an ip from the list that is not assigned anywhere
  - add it into dns - normally in the cloud.fedoraproject.org but it doesn't
    have to be
@@ -114,9 +114,9 @@ Contents should look like this (remove all the comments)
 ---
 # 2cpus, 3GB of ram 20GB of ephemeral space
 instance_type: m1.large 
-# image id - see global vars. You can also use euca-describe-images to find other images as well
-image: "{{ el6_qcow_id }}"
-keypair: fedora-admin-20130801
+# image id
+image: emi-B8793915 
+keypair: fedora-admin
 # what security group to add the host to
 security_group: webserver 
 zone: fedoracloud 
--- a/files/2fa/pam_url.conf.cloud
+++ b/files/2fa/pam_url.conf.cloud
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
--- a/files/common/epel7.repo
+++ b/files/common/epel7.repo
@@ -1,7 +1,7 @@
 [epel]
 name=Extras Packages for Enterprise Linux $releasever - $basearch
 baseurl=http://infrastructure.fedoraproject.org/pub/epel/7/$basearch/
-enabled=1
+enabled=0
 gpgcheck=1
 gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

@@ -15,6 +15,6 @@ gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
 [epel-beta]
 name=Extras Packages for Enterprise Linux beta $releasever - $basearch
 baseurl=http://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/
-enabled=0
+enabled=1
 gpgcheck=1
 gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
--- a/files/copr/copr-be.conf
+++ b/files/copr/copr-be.conf
@@ -2,12 +2,12 @@

 # URL where are results visible
 # default is http://copr
-results_baseurl=https://copr-be.cloud.fedoraproject.org/results
+results_baseurl=http://copr-be.cloud.fedoraproject.org/results

 # ??? What is this
 # default is http://coprs/rest/api
 #frontend_url=http://copr-fe.cloud.fedoraproject.org/backend
-frontend_url=https://172.16.5.31/backend
+frontend_url=http://172.16.5.31/backend

 # must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf
 # default is PASSWORDHERE but you really should change it. really.
@@ -55,25 +55,6 @@ worker_logdir=/var/log/copr/workers/
 #fedmsg_enabled=false
 fedmsg_enabled=true

-# minimum age for builds to be pruned
-prune_days=14
-# path to executable script to clean old build
-prune_script=/usr/share/copr/copr_prune_old_builds.sh
-
-# enable package signing, require configured
-# signer host and correct /etc/sign.conf
-do_sign={{ do_sign }}
-
-# host or ip of machine with copr-keygen
-# usually the same as in /etc/sign.conf
-keygen_host={{ keygen_host }}
-
-# Spawn builder in advance, before we get task?
-# It save time, but consume resources even when
-# nothing is in queue
-
-spawn_in_advance={{ spawn_in_advance }}
-
 [builder]
 # default is 1800
 timeout=3600
--- a/files/copr/copr-be.conf-dev
+++ b/files/copr/copr-be.conf-dev
@@ -51,24 +51,6 @@ worker_logdir=/var/log/copr/workers/
 # default is false
 #fedmsg_enabled=false

-# minimum age for builds to be pruned
-prune_days=14
-# path to executable script to clean old build
-prune_script=/usr/share/copr/copr_prune_old_builds.sh
-
-# enable package signing, require configured
-# signer host and correct /etc/sign.conf
-do_sign={{ do_sign }}
-
-# host or ip of machine with copr-keygen
-# usually the same as in /etc/sign.conf
-keygen_host={{ keygen_host }}
-
-# Spawn builder in advance, before we get task?
-# It save time, but consume resources even when
-# nothing is in queue
-
-spawn_in_advance={{ spawn_in_advance }}

 [builder]
 # default is 1800
--- a/files/copr/delete-forgotten-instances.pl
+++ b/files/copr/delete-forgotten-instances.pl
@@ -2,7 +2,7 @@
 # this scrip query for all running VM and terminate those
 # which are not currently started by some ansible script

-while (chomp($a = qx(ps ax |grep -v 'sh -c ps ax'  |grep 'Task: ' | grep -v grep))) {
+while (chomp($a = qx(ps ax |grep -v 'sh -c ps ax'  |grep /home/copr/provision/builderpb.yml | grep -v grep))) {
  # we are starting some VM and could not determine correct list of running VMs
  sleep 5;
 }
--- a/files/copr/fe/copr.conf
+++ b/files/copr/fe/copr.conf
@@ -3,7 +3,6 @@ DATA_DIR = '/var/lib/copr/data'
 DATABASE = '/var/lib/copr/data/copr.db'
 OPENID_STORE = '/var/lib/copr/data/openid_store'
 WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'
-WHOSHEE_MIN_STRING_LEN = 2

 SECRET_KEY = '{{ copr_secret_key }}'
 BACKEND_PASSWORD = '{{ copr_backend_password  }}'
@@ -32,5 +31,3 @@ WTF_CSRF_ENABLED = True

 # send emails when user's perms change in project?
 SEND_EMAILS = True
-
-PUBLIC_COPR_HOSTNAME = '{{ copr_frontend_public_hostname }}'
--- a/files/copr/fe/httpd/coprs.conf
+++ b/files/copr/fe/httpd/coprs.conf
@@ -22,10 +22,9 @@ WSGISocketPrefix /var/run/wsgi
 <VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2
-    # Use secure TLSv1.1 and TLSv1.2 ciphers
-    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
+    #optimeize on speed
+    SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
    SSLHonorCipherOrder on
-    Header add Strict-Transport-Security "max-age=15768000"

    SSLCertificateFile /etc/pki/tls/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
--- a/files/copr/forward-dev
+++ b/files/copr/forward-dev
@@ -1,3 +1,2 @@
 msuchy+coprmachine@redhat.com
 asamalik@redhat.com
-vgologuz@redhat.com
--- a/files/copr/provision/builderpb.yml
+++ b/files/copr/provision/builderpb.yml
@@ -71,7 +71,6 @@
    with_items:
    - rpm
    - glib2
-    - ca-certificates

  - yum: name=mock  enablerepo=epel-testing state=latest

--- a/files/copr/provision/files/mock/epel-7-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-7-x86_64.cfg
@@ -1,16 +1,28 @@
+config_opts['chroothome'] = '/builddir'
+config_opts['basedir'] = '/var/lib/mock'
 config_opts['root'] = 'epel-7-x86_64'
 config_opts['target_arch'] = 'x86_64'
 config_opts['legal_host_arches'] = ('x86_64',)
-config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
+config_opts['chroot_setup_cmd'] = 'install bash bzip2 coreutils cpio diffutils findutils gawk gcc gcc-c++ grep gzip info make patch redhat-release-server redhat-rpm-config rpm-build sed shadow-utils tar unzip util-linux which xz'
 config_opts['dist'] = 'el7'  # only useful for --resultdir variable subst
+config_opts['macros'] = {}
+config_opts['macros']['%dist'] = '.el7'
+config_opts['macros']['%rhel'] = '7'
+config_opts['macros']['%el7'] = '1'
+config_opts['macros']['%_topdir'] = '/builddir/build'
+config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'
 config_opts['releasever'] = '7'

+config_opts['plugin_conf']['root_cache_enable'] = False
+config_opts['plugin_conf']['yum_cache_enable'] = False
+config_opts['plugin_conf']['ccache_enable'] = False
+
 config_opts['yum.conf'] = """
 [main]
 cachedir=/var/cache/yum
 debuglevel=1
-reposdir=/dev/null
 logfile=/var/log/yum.log
+reposdir=/dev/null
 retries=20
 obsoletes=1
 gpgcheck=0
@@ -19,42 +31,15 @@ syslog_ident=mock
 syslog_device=

 # repos
-[base]
-name=BaseOS
-mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os
-failovermethod=priority

-[updates]
-name=updates
-enabled=1
-mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates
-failovermethod=priority
+[beta]
+name=beta
+baseurl=http://kojipkgs.fedoraproject.org/rhel/beta/7/x86_64/os/

 [epel]
-name=epel
-mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=x86_64
+name=Extra Packages for Enterprise Linux 7 - $basearch
+#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
+mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
 failovermethod=priority
-
-[extras]
-name=extras
-mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras
-failovermethod=priority
-
-[testing]
-name=epel-testing
-enabled=0
-mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel7&arch=x86_64
-failovermethod=priority
-
-[local]
-name=local
-baseurl=http://kojipkgs.fedoraproject.org/repos/epel7-build/latest/x86_64/
-cost=2000
-enabled=0
-
-[epel-debug]
-name=epel-debug
-mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-7&arch=x86_64
-failovermethod=priority
-enabled=0
+enabled=1
 """
--- a/files/copr/provision/files/mock/site-defaults.cfg
+++ b/files/copr/provision/files/mock/site-defaults.cfg
@@ -57,7 +57,7 @@
 # NOTE: Some of the caching options can theoretically affect build
 #  reproducability. Change with care.
 #
-config_opts['plugin_conf']['package_state_enable'] = False
+config_opts['plugin_conf']['package_state_enable'] = True
 # config_opts['plugin_conf']['ccache_enable'] = True
 # config_opts['plugin_conf']['ccache_opts']['max_cache_size'] = '4G'
 # config_opts['plugin_conf']['ccache_opts']['compress'] = None
--- a/files/download/sync-up-downloads.sh
+++ b/files/download/sync-up-downloads.sh
@@ -8,7 +8,7 @@
 RSYNC='/usr/bin/rsync'
 RS_OPT="-avSHP  --numeric-ids"
 RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
-ALT_EXCLUDES="--exclude deltaisos/archive --exclude 21_Alpha* --exclude 21-Alpha* --exclude 21_Beta* --exclude=F21a-TC1"
+ALT_EXCLUDES="--exclude deltaisos/archive"
 EPL_EXCLUDES=""
 FED_EXCLUDES=""

--- a/files/fedora-cloud/fed09-ssh-key.pub
+++ b/files/fedora-cloud/fed09-ssh-key.pub
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfk627wDgkJisjGl4RbrUS457WoPdSate1vzgZXApQeAkTG9LLEstAEyThphnJZzDWRYceId+DqZvyrwZttB6Tfptwqs9qwW60HelSVtvq6RDoiQO5yB1ffbeelM6ci5spvzA0b8llUmYpDlCmrbv/or5IXtO9ScAxK7S6Pp2XQYyHJepEclCqfUkmgOXqnoFPFhKhIdaNe7wXCDKnjHSL0HLQmpTREbJ98HNexI76DMdiuG+II7m42XbfToHZtDrsUfd5HGyWLqUWqFfLFoFSSrARE7Aqa2cS1zrLdKHTFnDitBezNeb2J4Go3/23bHe58LV8RfPdIQG9Z8hqYiD9 root@fed-cloud09.cloud.fedoraproject.org
--- a/files/fedora-cloud/hosts
+++ b/files/fedora-cloud/hosts
@@ -1,13 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4                                     
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 
-
-# http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
-# controller
-{{ controller_public_ip }}       controller
-
-# network
-{{ network_public_ip }}       network
-
-# compute1
-# compute1_public_ip        compute1
-
--- a/files/fedora-cloud/ifcfg-br-ex
+++ b/files/fedora-cloud/ifcfg-br-ex
@@ -1,9 +0,0 @@
-DEVICE=br-ex
-DEVICETYPE=ovs
-TYPE=OVSBridge
-BOOTPROTO=static
-IPADDR={{ network_public_ip }}
-NETMASK={{ public_netmask }}  # your netmask
-GATEWAY={{ public_gateway_ip }}  # your gateway
-DNS1={{ public_dns }}     # your nameserver
-ONBOOT=yes
--- a/files/fedora-cloud/keystonerc_msuchy
+++ b/files/fedora-cloud/keystonerc_msuchy
@@ -1,5 +0,0 @@
-export OS_USERNAME=msuchy
-export OS_TENANT_NAME=copr
-export OS_PASSWORD=TBD
-export OS_AUTH_URL=http://209.132.184.9:5000/v2.0/
-export PS1='[\u@\h \W(keystone_msuchy)]\$ '
--- a/files/fedora-cloud/my.cnf
+++ b/files/fedora-cloud/my.cnf
@@ -1,4 +0,0 @@
-[client]
-host=localhost
-user=root
-password={{ DBPASSWORD }}
--- a/files/fedora-cloud/packstack-controller-answers.txt
+++ b/files/fedora-cloud/packstack-controller-answers.txt
@@ -1,502 +0,0 @@
-[general]
-
-# Path to a Public key to install on servers. If a usable key has not
-# been installed on the remote servers the user will be prompted for a
-# password and this key will be installed so the password will not be
-# required again
-CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
-
-# Set to 'y' if you would like Packstack to install MySQL
-CONFIG_MARIADB_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack Image
-# Service (Glance)
-CONFIG_GLANCE_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack Block
-# Storage (Cinder)
-CONFIG_CINDER_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack Compute
-# (Nova)
-CONFIG_NOVA_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack
-# Networking (Neutron)
-CONFIG_NEUTRON_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack
-# Dashboard (Horizon)
-CONFIG_HORIZON_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack Object
-# Storage (Swift)
-CONFIG_SWIFT_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack
-# Metering (Ceilometer)
-CONFIG_CEILOMETER_INSTALL=y
-
-# Set to 'y' if you would like Packstack to install OpenStack
-# Orchestration (Heat)
-CONFIG_HEAT_INSTALL=n
-
-# Set to 'y' if you would like Packstack to install the OpenStack
-# Client packages. An admin "rc" file will also be installed
-CONFIG_CLIENT_INSTALL=y
-
-# Comma separated list of NTP servers. Leave plain if Packstack
-# should not install ntpd on instances.
-CONFIG_NTP_SERVERS=
-
-# Set to 'y' if you would like Packstack to install Nagios to monitor
-# OpenStack hosts
-CONFIG_NAGIOS_INSTALL=n
-
-# Comma separated list of servers to be excluded from installation in
-# case you are running Packstack the second time with the same answer
-# file and don't want Packstack to touch these servers. Leave plain if
-# you don't need to exclude any server.
-EXCLUDE_SERVERS=
-
-# Set to 'y' if you want to run OpenStack services in debug mode.
-# Otherwise set to 'n'.
-CONFIG_DEBUG_MODE=n
-
-# Set to 'y' if you want to use VMware vCenter as hypervisor and
-# storageOtherwise set to 'n'.
-CONFIG_VMWARE_BACKEND=n
-
-# The IP address of the server on which to install MySQL
-CONFIG_MARIADB_HOST={{ controller_public_ip }}
-
-# Username for the MySQL admin user
-CONFIG_MARIADB_USER=root
-
-# Password for the MySQL admin user
-CONFIG_MARIADB_PW={{ DBPASSWORD }}
-
-# Set the server for the AMQP service
-CONFIG_AMQP_BACKEND=rabbitmq
-
-# The IP address of the server on which to install the AMQP service
-CONFIG_AMQP_HOST={{ controller_public_ip }}
-
-# Enable SSL for the AMQP service
-CONFIG_AMQP_ENABLE_SSL=n
-
-# Enable Authentication for the AMQP service
-CONFIG_AMQP_ENABLE_AUTH=n
-
-# The password for the NSS certificate database of the AMQP service
-CONFIG_AMQP_NSS_CERTDB_PW={{ CONFIG_AMQP_NSS_CERTDB_PW }}
-
-# The port in which the AMQP service listens to SSL connections
-CONFIG_AMQP_SSL_PORT=5671
-
-# The filename of the certificate that the AMQP service is going to
-# use
-CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
-
-# The filename of the private key that the AMQP service is going to
-# use
-CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/amqp_selfkey.pem
-
-# Auto Generates self signed SSL certificate and key
-CONFIG_AMQP_SSL_SELF_SIGNED=y
-
-# User for amqp authentication
-CONFIG_AMQP_AUTH_USER=amqp_user
-
-# Password for user authentication
-CONFIG_AMQP_AUTH_PASSWORD={{ CONFIG_AMQP_AUTH_PASSWORD }}
-
-# The password to use for the Keystone to access DB
-CONFIG_KEYSTONE_DB_PW={{ KEYSTONE_DBPASS }}
-
-# The token to use for the Keystone service api
-CONFIG_KEYSTONE_ADMIN_TOKEN={{ ADMIN_TOKEN }}
-
-# The password to use for the Keystone admin user
-CONFIG_KEYSTONE_ADMIN_PW={{ ADMIN_PASS }}
-
-# The password to use for the Keystone demo user
-CONFIG_KEYSTONE_DEMO_PW={{ DEMO_PASS }}
-
-# Kestone token format. Use either UUID or PKI
-CONFIG_KEYSTONE_TOKEN_FORMAT=PKI
-
-# The password to use for the Glance to access DB
-CONFIG_GLANCE_DB_PW={{ GLANCE_DBPASS }}
-
-# The password to use for the Glance to authenticate with Keystone
-CONFIG_GLANCE_KS_PW={{ GLANCE_PASS }}
-
-# The password to use for the Cinder to access DB
-CONFIG_CINDER_DB_PW={{ CINDER_DBPASS }}
-
-# The password to use for the Cinder to authenticate with Keystone
-CONFIG_CINDER_KS_PW={{ CINDER_PASS }}
-
-# The Cinder backend to use, valid options are: lvm, gluster, nfs,
-# vmdk
-CONFIG_CINDER_BACKEND=lvm
-
-# Create Cinder's volumes group. This should only be done for testing
-# on a proof-of-concept installation of Cinder.  This will create a
-# file-backed volume group and is not suitable for production usage.
-CONFIG_CINDER_VOLUMES_CREATE=n
-
-# Cinder's volumes group size. Note that actual volume size will be
-# extended with 3% more space for VG metadata.
-CONFIG_CINDER_VOLUMES_SIZE=5G
-
-# A single or comma separated list of gluster volume shares to mount,
-# eg: ip-address:/vol-name, domain:/vol-name
-CONFIG_CINDER_GLUSTER_MOUNTS=
-
-# A single or comma seprated list of NFS exports to mount, eg: ip-
-# address:/export-name
-CONFIG_CINDER_NFS_MOUNTS=
-
-# The IP address of the VMware vCenter datastore
-CONFIG_VCENTER_HOST=
-
-# The username to authenticate to VMware vCenter datastore
-CONFIG_VCENTER_USER=
-
-# The password to authenticate to VMware vCenter datastore
-CONFIG_VCENTER_PASSWORD=
-
-# A comma separated list of IP addresses on which to install the Nova
-# Compute services
-CONFIG_COMPUTE_HOSTS={{ controller_public_ip }}
-
-# The IP address of the server on which to install the Nova Conductor
-# service
-CONFIG_NOVA_CONDUCTOR_HOST={{ controller_public_ip }}
-
-# The password to use for the Nova to access DB
-CONFIG_NOVA_DB_PW={{ NOVA_DBPASS }}
-
-# The password to use for the Nova to authenticate with Keystone
-CONFIG_NOVA_KS_PW={{ NOVA_PASS }}
-
-# The overcommitment ratio for virtual to physical CPUs. Set to 1.0
-# to disable CPU overcommitment
-CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
-
-# The overcommitment ratio for virtual to physical RAM. Set to 1.0 to
-# disable RAM overcommitment
-CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
-
-# Private interface for Flat DHCP on the Nova compute servers
-CONFIG_NOVA_COMPUTE_PRIVIF=lo
-
-# The list of IP addresses of the server on which to install the Nova
-# Nova network manager
-CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
-
-# Public interface on the Nova network server
-CONFIG_NOVA_NETWORK_PUBIF={{ controller_public_ip }}
-
-# Private interface for network manager on the Nova network server
-CONFIG_NOVA_NETWORK_PRIVIF=lo
-
-# IP Range for network manager
-CONFIG_NOVA_NETWORK_FIXEDRANGE={{ internal_interface_cidr }}
-
-# IP Range for Floating IP's
-CONFIG_NOVA_NETWORK_FLOATRANGE={{ public_interface_cidr }}
-
-# Name of the default floating pool to which the specified floating
-# ranges are added to
-CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL=external
-
-# Automatically assign a floating IP to new instances
-CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=y
-
-# First VLAN for private networks
-CONFIG_NOVA_NETWORK_VLAN_START=100
-
-# Number of networks to support
-CONFIG_NOVA_NETWORK_NUMBER=1
-
-# Number of addresses in each private subnet
-CONFIG_NOVA_NETWORK_SIZE=255
-
-# The IP address of the VMware vCenter server
-CONFIG_VCENTER_HOST=
-
-# The username to authenticate to VMware vCenter server
-CONFIG_VCENTER_USER=
-
-# The password to authenticate to VMware vCenter server
-CONFIG_VCENTER_PASSWORD=
-
-# The name of the vCenter cluster
-CONFIG_VCENTER_CLUSTER_NAME=
-
-# The password to use for Neutron to authenticate with Keystone
-CONFIG_NEUTRON_KS_PW={{ NEUTRON_PASS }}
-
-# The password to use for Neutron to access DB
-CONFIG_NEUTRON_DB_PW={{ NEUTRON_DBPASS }}
-
-# A comma separated list of IP addresses on which to install Neutron
-CONFIG_NETWORK_HOSTS={{ controller_public_ip }}
-
-# The name of the bridge that the Neutron L3 agent will use for
-# external traffic, or 'provider' if using provider networks
-CONFIG_NEUTRON_L3_EXT_BRIDGE=provider
-
-
-# The name of the L2 plugin to be used with Neutron
-CONFIG_NEUTRON_L2_PLUGIN=ml2
-
-# A comma separated list of IP addresses on which to install Neutron
-# metadata agent
-CONFIG_NEUTRON_METADATA_PW={{ NEUTRON_PASS }}
-
-# A comma separated list of network type driver entrypoints to be
-# loaded from the neutron.ml2.type_drivers namespace.
-CONFIG_NEUTRON_ML2_TYPE_DRIVERS=local,flat,gre
-
-# A comma separated ordered list of network_types to allocate as
-# tenant networks. The value 'local' is only useful for single-box
-# testing but provides no connectivity between hosts.
-CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=gre
-
-# A comma separated ordered list of networking mechanism driver
-# entrypoints to be loaded from the neutron.ml2.mechanism_drivers
-# namespace.
-CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
-
-# A comma separated  list of physical_network names with which flat
-# networks can be created. Use * to allow flat networks with arbitrary
-# physical_network names.
-CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
-
-# A comma separated list of <physical_network>:<vlan_min>:<vlan_max>
-# or <physical_network> specifying physical_network names usable for
-# VLAN provider and tenant networks, as well as ranges of VLAN tags on
-# each available for allocation to tenant networks.
-CONFIG_NEUTRON_ML2_VLAN_RANGES=
-
-# A comma separated list of <tun_min>:<tun_max> tuples enumerating
-# ranges of GRE tunnel IDs that are available for tenant network
-# allocation. Should be an array with tun_max +1 - tun_min > 1000000
-CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1:1000
-
-# Multicast group for VXLAN. If unset, disables VXLAN enable sending
-# allocate broadcast traffic to this multicast group. When left
-# unconfigured, will disable multicast VXLAN mode. Should be an
-# Multicast IP (v4 or v6) address.
-CONFIG_NEUTRON_ML2_VXLAN_GROUP=
-
-# A comma separated list of <vni_min>:<vni_max> tuples enumerating
-# ranges of VXLAN VNI IDs that are available for tenant network
-# allocation. Min value is 0 and Max value is 16777215.
-CONFIG_NEUTRON_ML2_VNI_RANGES=
-
-# The name of the L2 agent to be used with Neutron
-CONFIG_NEUTRON_L2_AGENT=openvswitch
-
-# The type of network to allocate for tenant networks (eg. vlan,
-# local)
-CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE=gre
-
-# A comma separated list of VLAN ranges for the Neutron linuxbridge
-# plugin (eg. physnet1:1:4094,physnet2,physnet3:3000:3999)
-CONFIG_NEUTRON_LB_VLAN_RANGES=
-
-# A comma separated list of interface mappings for the Neutron
-# linuxbridge plugin (eg. physnet1:br-eth1,physnet2:br-eth2,physnet3
-# :br-eth3)
-CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
-
-# Type of network to allocate for tenant networks (eg. vlan, local,
-# gre, vxlan)
-CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=gre
-
-# A comma separated list of VLAN ranges for the Neutron openvswitch
-# plugin (eg. physnet1:1:4094,physnet2,physnet3:3000:3999)
-CONFIG_NEUTRON_OVS_VLAN_RANGES=floatnet
-
-# A comma separated list of bridge mappings for the Neutron
-# openvswitch plugin (eg. physnet1:br-eth1,physnet2:br-eth2,physnet3
-# :br-eth3)
-CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=floatnet:br-ex
-
-# A comma separated list of colon-separated OVS bridge:interface
-# pairs. The interface will be added to the associated bridge.
-CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-tun:eth1
-
-# A comma separated list of tunnel ranges for the Neutron openvswitch
-# plugin (eg. 1:1000)
-CONFIG_NEUTRON_OVS_TUNNEL_RANGES=1:1000
-
-# The interface for the OVS tunnel. Packstack will override the IP
-# address used for tunnels on this hypervisor to the IP found on the
-# specified interface. (eg. eth1)
-CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
-
-# VXLAN UDP port
-CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
-
-# To set up Horizon communication over https set this to "y"
-CONFIG_HORIZON_SSL=y
-
-# PEM encoded certificate to be used for ssl on the https server,
-# leave blank if one should be generated, this certificate should not
-# require a passphrase
-CONFIG_SSL_CERT=/etc/pki/tls/certs/fed-cloud09.pem
-
-# PEM encoded CA certificates from which the certificate chain of the
-# # server certificate can be assembled.
-CONFIG_SSL_CACHAIN=/etc/pki/tls/certs/fed-cloud09.pem
-
-# Keyfile corresponding to the certificate if one was entered
-CONFIG_SSL_KEY=/etc/pki/tls/private/fed-cloud09.key
-
-# The password to use for the Swift to authenticate with Keystone
-CONFIG_SWIFT_KS_PW={{ SWIFT_PASS }}
-
-# A comma separated list of IP addresses on which to install the
-# Swift Storage services, each entry should take the format
-# <ipaddress>[/dev], for example 127.0.0.1/vdb will install /dev/vdb
-# on 127.0.0.1 as a swift storage device(packstack does not create the
-# filesystem, you must do this first), if /dev is omitted Packstack
-# will create a loopback device for a test setup
-CONFIG_SWIFT_STORAGES=
-
-# Number of swift storage zones, this number MUST be no bigger than
-# the number of storage devices configured
-CONFIG_SWIFT_STORAGE_ZONES=1
-
-# Number of swift storage replicas, this number MUST be no bigger
-# than the number of storage zones configured
-CONFIG_SWIFT_STORAGE_REPLICAS=1
-
-# FileSystem type for storage nodes
-CONFIG_SWIFT_STORAGE_FSTYPE=ext4
-
-# Shared secret for Swift
-CONFIG_SWIFT_HASH={{ SWIFT_HASH }}
-
-# Size of the swift loopback file storage device
-CONFIG_SWIFT_STORAGE_SIZE=2G
-
-# Whether to provision for demo usage and testing. Note that
-# provisioning is only supported for all-in-one installations.
-CONFIG_PROVISION_DEMO=n
-
-# Whether to configure tempest for testing. Note that provisioning is
-# only supported for all-in-one installations.
-CONFIG_PROVISION_TEMPEST=n
-
-# The CIDR network address for the floating IP subnet
-CONFIG_PROVISION_DEMO_FLOATRANGE=
-
-# The uri of the tempest git repository to use
-CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
-
-# The revision of the tempest git repository to use
-CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
-
-# Whether to configure the ovs external bridge in an all-in-one
-# deployment
-CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE=n
-
-# The password used by Heat user to authenticate against MySQL
-CONFIG_HEAT_DB_PW={{ HEAT_DBPASS }}
-
-# The encryption key to use for authentication info in database
-CONFIG_HEAT_AUTH_ENC_KEY={{ HEAT_AUTH_ENC_KEY }}
-
-# The password to use for the Heat to authenticate with Keystone
-CONFIG_HEAT_KS_PW={{ HEAT_PASS }}
-
-# Set to 'y' if you would like Packstack to install Heat CloudWatch
-# API
-CONFIG_HEAT_CLOUDWATCH_INSTALL=n
-
-# Set to 'y' if you would like Packstack to install Heat
-# CloudFormation API
-CONFIG_HEAT_CFN_INSTALL=n
-
-# The IP address of the server on which to install Heat CloudWatch
-# API service
-CONFIG_HEAT_CLOUDWATCH_HOST={{ controller_public_ip }}
-
-# The IP address of the server on which to install Heat
-# CloudFormation API service
-CONFIG_HEAT_CFN_HOST={{ controller_public_ip }}
-
-# The IP address of the management node
-CONFIG_CONTROLLER_HOST={{ controller_public_ip }}
-
-# Secret key for signing metering messages.
-CONFIG_CEILOMETER_SECRET={{ CEILOMETER_SECRET }}
-
-# The password to use for Ceilometer to authenticate with Keystone
-CONFIG_CEILOMETER_KS_PW={{ CEILOMETER_PASS }}
-
-# The IP address of the server on which to install mongodb
-CONFIG_MONGODB_HOST={{ controller_public_ip }}
-
-# The password of the nagiosadmin user on the Nagios server
-CONFIG_NAGIOS_PW=
-
-# To subscribe each server to EPEL enter "y"
-CONFIG_USE_EPEL=y
-
-# A comma separated list of URLs to any additional yum repositories
-# to install
-CONFIG_REPO=
-
-# To subscribe each server with Red Hat subscription manager, include
-# this with CONFIG_RH_PW
-CONFIG_RH_USER=
-
-# To subscribe each server with Red Hat subscription manager, include
-# this with CONFIG_RH_USER
-CONFIG_RH_PW=
-
-# To subscribe each server to Red Hat Enterprise Linux 6 Server Beta
-# channel (only needed for Preview versions of RHOS) enter "y"
-CONFIG_RH_BETA_REPO=n
-
-# To subscribe each server with RHN Satellite,fill Satellite's URL
-# here. Note that either satellite's username/password or activation
-# key has to be provided
-CONFIG_SATELLITE_URL=
-
-# Username to access RHN Satellite
-CONFIG_SATELLITE_USER=
-
-# Password to access RHN Satellite
-CONFIG_SATELLITE_PW=
-
-# Activation key for subscription to RHN Satellite
-CONFIG_SATELLITE_AKEY=
-
-# Specify a path or URL to a SSL CA certificate to use
-CONFIG_SATELLITE_CACERT=
-
-# If required specify the profile name that should be used as an
-# identifier for the system in RHN Satellite
-CONFIG_SATELLITE_PROFILE=
-
-# Comma separated list of flags passed to rhnreg_ks. Valid flags are:
-# novirtinfo, norhnsd, nopackages
-CONFIG_SATELLITE_FLAGS=
-
-# Specify a HTTP proxy to use with RHN Satellite
-CONFIG_SATELLITE_PROXY=
-
-# Specify a username to use with an authenticated HTTP proxy
-CONFIG_SATELLITE_PROXY_USER=
-
-# Specify a password to use with an authenticated HTTP proxy.
-CONFIG_SATELLITE_PROXY_PW=
--- a/files/fedora-cloud/uninstall.sh
+++ b/files/fedora-cloud/uninstall.sh
@@ -1,32 +0,0 @@
-# Warning! Dangerous step! Destroys VMs
-# if you do know what you are doing feel free to remove the line below to proceed
-exit 1
-# also if you really insist to remove VM, uncomment that vgremove near bottom
-
-for x in $(virsh list --all | grep instance- | awk '{print $2}') ; do
-    virsh destroy $x ;
-    virsh undefine $x ;
-done ;
-
-# Warning! Dangerous step! Removes lots of packages, including many
-# which may be unrelated to RDO.
-yum remove -y nrpe "*openstack*" \
-"*nova*" "*keystone*" "*glance*" "*cinder*" "*swift*" \
-mysql mysql-server httpd "*memcache*" ;
-
-ps -ef | grep -i repli | grep swift | awk '{print $2}' | xargs kill ;
-
-# Warning! Dangerous step! Deletes local application data
-rm -rf /etc/nagios /etc/yum.repos.d/packstack_* /root/.my.cnf \
-/var/lib/mysql/* /var/lib/glance /var/lib/nova /etc/nova /etc/swift \
-/srv/node/device*/* /var/lib/cinder/ /etc/rsync.d/frag* \
-/var/cache/swift /var/log/keystone ;
-
-umount /srv/node/device* ;
-killall -9 dnsmasq tgtd httpd ;
-#vgremove -f cinder-volumes ;
-losetup -a | sed -e 's/:.*//g' | xargs losetup -d ;
-find /etc/pki/tls -name "ssl_ps*" | xargs rm -rf ;
-for x in $(df | grep "/lib/" | sed -e 's/.* //g') ; do
-    umount $x ;
-done
--- a/files/gnome/backup.sh
+++ b/files/gnome/backup.sh
@@ -29,8 +29,7 @@ MACHINES='signal.gnome.org
          puppet.gnome.org
          accelerator.gnome.org
          range.gnome.org
-          pentagon.gimp.org
-          account.gnome.org'
+          pentagon.gimp.org'

 BACKUP_DIR='/fedora_backups/gnome/'
 LOGS_DIR='/fedora_backups/gnome/logs'
--- a/files/iptables/iptables
+++ b/files/iptables/iptables
@@ -17,6 +17,12 @@
 # allow ssh - always
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT

+# for fireball mode - allow port 5099 from lockbox and it's ips
+-A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT
+
 # for nrpe - allow it from nocs
 -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT
 # FIXME - this is the global nat-ip and we need the noc01-specific ip
--- a/files/iptables/iptables.staging
+++ b/files/iptables/iptables.staging
@@ -29,6 +29,12 @@ COMMIT
 # allow ssh - always
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT

+# for fireball mode - allow port 5099 from lockbox and it's ips
+-A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT
+
 # for nrpe - allow it from nocs
 -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT
 # FIXME - this is the global nat-ip and we need the noc01-specific ip
--- a/files/jenkins/master/config.xml
+++ b/files/jenkins/master/config.xml
@@ -30,6 +30,22 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
  <clouds/>
  <slaves>
+    <slave>
+      <name>Fedora19</name>
+      <description></description>
+      <remoteFS>/mnt/jenkins/</remoteFS>
+      <numExecutors>2</numExecutors>
+      <mode>NORMAL</mode>
+      <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
+      <launcher class="hudson.plugins.sshslaves.SSHLauncher"
+      plugin="ssh-slaves@0.21">
+        <host>172.16.5.12</host>
+        <port>22</port>
+        <credentialsId>d844d352-af1d-466b-9fc9-cbb19348103a</credentialsId>
+      </launcher>
+      <label></label>
+      <nodeProperties/>
+    </slave>
    <slave>
      <name>EL6</name>
      <description></description>
--- a/files/jenkins/slaves/sbt.repo
+++ b/files/jenkins/slaves/sbt.repo
@@ -1,6 +1,6 @@
-[codeblock-sbt-extras]
-name=Copr repo for sbt-extras owned by codeblock
-baseurl=https://copr-be.cloud.fedoraproject.org/results/codeblock/sbt-extras/fedora-$releasever-$basearch/
-skip_if_unavailable=True
+[sbt-fedorapeople]
+name=SBT Fedorapeople Repo
+baseurl=http://repos.fedorapeople.org/repos/codeblock/sbt/fedora-18/RPMS/
+enabled=1
+skip_if_unavailable=1
 gpgcheck=0
-enabled=0
--- a/files/rdiff-backup/#run-rdiff-backups.cron#
+++ b/files/rdiff-backup/#run-rdiff-backups.cron#
@@ -0,0 +1,3 @@
+# run rdiff backups
+MAILTO=kevin@scrye.com,smooge@gmail.com
+00 22 * * * root /usr/local/bin/lock-wrapper run-rdiff-backups "/usr/local/bin/run-rdiff-backups"
--- a/files/rdiff-backup/run-rdiff-backups
+++ b/files/rdiff-backup/run-rdiff-backups
@@ -5,5 +5,5 @@ source /root/sshagent >>/dev/null
 TMPDIR=`mktemp -d /tmp/backups.XXXX`

 cd $TMPDIR
-git clone https://infrastructure.fedoraproject.org/infra/ansible.git
+git clone http://infrastructure.fedoraproject.org/infra/ansible.git
 ansible-playbook -i ansible/inventory ansible/playbooks/rdiff-backup.yml 
--- a/files/rdo/rdo.conf
+++ b/files/rdo/rdo.conf
@@ -0,0 +1,7 @@
+Alias /openstack /srv/persist/openstack
+<Directory "/srv/persist/openstack">
+    Options Indexes MultiViews FollowSymLinks
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
--- a/roles/releng/files/branched
+++ b/roles/releng/files/branched
--- a/roles/releng/files/fedmsg/base.py
+++ b/roles/releng/files/fedmsg/base.py
--- a/roles/releng/files/fedmsg/endpoints.py
+++ b/roles/releng/files/fedmsg/endpoints.py
--- a/roles/releng/files/fedmsg/ircbot.py
+++ b/roles/releng/files/fedmsg/ircbot.py
--- a/roles/releng/files/fedmsg/ssl.py
+++ b/roles/releng/files/fedmsg/ssl.py
--- a/roles/releng/templates/fedora-branched-compose-armhfp.cfg
+++ b/roles/releng/templates/fedora-branched-compose-armhfp.cfg
@@ -26,13 +26,13 @@ assumeyes=1

 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/branched/armhfp/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/branched/armhfp/os
 enabled=1
 cost=5000

 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/f21-build/latest/armhfp
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/armhfp
 enabled=1
 #cost=2000
 """
--- a/roles/releng/templates/fedora-branched-compose-i386.cfg
+++ b/roles/releng/templates/fedora-branched-compose-i386.cfg
@@ -26,13 +26,13 @@ assumeyes=1

 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/branched/i386/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/branched/i386/os
 enabled=1
 cost=5000

 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/f21-build/latest/i386
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/i386
 enabled=1
 #cost=2000
 """
--- a/roles/releng/templates/fedora-branched-compose-x86_64.cfg
+++ b/roles/releng/templates/fedora-branched-compose-x86_64.cfg
@@ -26,13 +26,13 @@ assumeyes=1

 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/branched/x86_64/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/branched/x86_64/os
 enabled=1
 cost=5000

 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/f21-build/latest/x86_64
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/x86_64
 enabled=1
 #cost=2000
 """
--- a/roles/releng/files/fedora-branched-pungi-i386.cfg
+++ b/roles/releng/files/fedora-branched-pungi-i386.cfg
--- a/roles/releng/files/fedora-branched-pungi-x86_64.cfg
+++ b/roles/releng/files/fedora-branched-pungi-x86_64.cfg
--- a/roles/releng/files/fedora-devel-pungi-ppc.cfg
+++ b/roles/releng/files/fedora-devel-pungi-ppc.cfg
--- a/roles/releng/templates/fedora-rawhide-compose-armhfp.cfg
+++ b/roles/releng/templates/fedora-rawhide-compose-armhfp.cfg
@@ -25,13 +25,13 @@ assumeyes=1

 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/rawhide/armhfp/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/armhfp/os
 enabled=1
 cost=5000

 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/rawhide/latest/armhfp
+baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/armhfp
 enabled=1
 #cost=2000
 """
--- a/roles/releng/templates/fedora-rawhide-compose-i386.cfg
+++ b/roles/releng/templates/fedora-rawhide-compose-i386.cfg
@@ -25,13 +25,13 @@ assumeyes=1

 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/rawhide/i386/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/i386/os
 enabled=1
 cost=5000

 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/rawhide/latest/i386
+baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/i386
 enabled=1
 #cost=2000
 """
--- a/roles/releng/templates/fedora-rawhide-compose-x86_64.cfg
+++ b/roles/releng/templates/fedora-rawhide-compose-x86_64.cfg
@@ -25,13 +25,13 @@ assumeyes=1

 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/rawhide/x86_64/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/x86_64/os
 enabled=1
 cost=5000

 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/rawhide/latest/x86_64
+baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/x86_64
 enabled=1
 #cost=2000
 """
--- a/roles/releng/files/fedora-rawhide-pungi-i386.cfg
+++ b/roles/releng/files/fedora-rawhide-pungi-i386.cfg
--- a/roles/releng/files/fedora-rawhide-pungi-x86_64.cfg
+++ b/roles/releng/files/fedora-rawhide-pungi-x86_64.cfg
--- a/roles/releng/files/mash/masher.config
+++ b/roles/releng/files/mash/masher.config
--- a/roles/releng/files/mash/masher.id_rsa.pub
+++ b/roles/releng/files/mash/masher.id_rsa.pub
--- a/roles/releng/files/rawhide
+++ b/roles/releng/files/rawhide
--- a/roles/releng/files/update-fullfilelist
+++ b/roles/releng/files/update-fullfilelist
--- a/files/scripts/confine-ssh.sh
+++ b/files/scripts/confine-ssh.sh
@@ -1,16 +0,0 @@
-#!/bin/sh
-# Confine ssh commands
-case "$SSH_ORIGINAL_COMMAND" in
-*\&*)
-echo "Rejected"
-;;
-*\;*)
-echo "Rejected"
-;;
-rsync\ --server\ --sender*)
-$SSH_ORIGINAL_COMMAND
-;;
-*)
-echo "Rejected"
-;;
-esac
--- a/files/virthost/99-bridge.rules
+++ b/files/virthost/99-bridge.rules
@@ -1 +0,0 @@
-ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -65,16 +65,16 @@
 - name: restart ntpd
  action: service name=ntpd state=restarted

- name: restart openvpn (Fedora)
-  when: ansible_distribution == "Fedora"
-  action: service name=openvpn@openvpn state=restarted
-
- name: restart openvpn (RHEL6)
-  when: ansible_distribution == "RedHat" and ansible_distribution_major_version == "6"
+- name: restart openvpn
  action: service name=openvpn state=restarted

- name: restart openvpn (RHEL7)
-  when: ansible_distribution == "RedHat" and ansible_distribution_major_version == "7"
+- name: restart openvpn 2
+  action: service name=openvpn state=restarted
+
+- name: restart openvpn 6
+  action: service name=openvpn state=restarted
+
+- name: restart openvpn 7
  action: service name=openvpn@openvpn state=restarted

 - name: restart postfix
@@ -98,9 +98,6 @@
 - name: restart netapproute
  action: command /etc/sysconfig/network-scripts/ifup-routes eth1

- name: restart network
-  action: service name=network state=restarted
-
 - name: restart unbound
  action: service name=unbound state=restarted

@@ -124,20 +121,3 @@

 - name: restart memcached
  service: name=memcached state=restarted
-
- name: reload systemd
-  command: systemctl daemon-reload
-
- name: restart nagios
-  shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
-
- name: restart bridge
-  shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge
-
- name: hup libvirtd
-  command: pkill -HUP libvirtd
-  ignore_errors: true
-  when: inventory_hostname.startswith('buildhw')
-
- name: restart fcomm-cache-worker
-  service: name=fcomm-cache-worker state=restarted
--- a/inventory/backups
+++ b/inventory/backups
@@ -1,19 +0,0 @@
-#
-# This is the list of clients we backup with rdiff-backup. 
-#
-[backup_clients]
-collab04.fedoraproject.org
-db01.phx2.fedoraproject.org
-db-datanommer02.phx2.fedoraproject.org
-hosted04.fedoraproject.org
-hosted-lists01.fedoraproject.org
-lockbox01.phx2.fedoraproject.org
-people03.fedoraproject.org
-pkgs01.phx2.fedoraproject.org
-log01.phx2.fedoraproject.org
-qadevel.cloud.fedoraproject.org
-db-qa01.qa.fedoraproject.org
-db-koji01.phx2.fedoraproject.org
-copr-be.cloud.fedoraproject.org
-value01.phx2.fedoraproject.org
-taskotron01.qa.fedoraproject.org
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -54,10 +54,6 @@ dbs_to_backup: []
 nrpe_procs_warn: 250
 nrpe_procs_crit: 300

-# by default, the number of emails in queue before we whine
-nrpe_check_postfix_queue_warn: 2
-nrpe_check_postfix_queue_crit: 5
-
 # env is staging or production, we default it to production here. 
 env: production

--- a/inventory/group_vars/anitya-backend
+++ b/inventory/group_vars/anitya-backend
@@ -1,28 +0,0 @@
---
-# Define resources for this group of hosts here. 
-lvm_size: 20000
-mem_size: 8192
-num_cpus: 2
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-custom_rules: [
-    # Need for rsync from log01 for logs.
-    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
-    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
- ]
-
-# No other ports open.  no web service running here.
-#tcp_ports: []
-
-fas_client_groups: sysadmin-noc
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
- service: shell
-  owner: root
-  group: sysadmin
- service: anitya
-  owner: root
-  group: fedmsg
--- a/inventory/group_vars/anitya-frontend
+++ b/inventory/group_vars/anitya-frontend
@@ -1,30 +0,0 @@
---
-# Define resources for this group of hosts here. 
-lvm_size: 20000
-mem_size: 2048
-num_cpus: 2
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-# 9940 is for the anitya public relay
-tcp_ports: [ 80, 443, 9940 ]
-
-custom_rules: [
-    # Need for rsync from log01 for logs.
-    '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT',
-    '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT',
-    # Need so that anitya-backend can talk fedmsg to our relay
-    '-A INPUT -p tcp -m tcp -s 140.211.169.230 --dport 9941 -j ACCEPT',
- ]
-
-fas_client_groups: sysadmin-noc,sysadmin-web
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
- service: shell
-  owner: root
-  group: sysadmin
- service: anitya
-  owner: root
-  group: apache
--- a/inventory/group_vars/arm-releng
+++ b/inventory/group_vars/arm-releng
@@ -1,5 +1,4 @@
 ---
-host_group: releng
 fas_client_groups: sysadmin-releng
 freezes: false
 #
@@ -7,7 +6,3 @@ freezes: false
 #
 libdir: /usr/lib
 sudoers: "{{ private }}/files/sudo/arm-releng-sudoers"
-
-# For the mock config
-kojipkgs_url: kojipkgs.fedoraproject.org
-kojihub_url: koji.fedoraproject.org/kojihub
--- a/inventory/group_vars/arm-retrace
+++ b/inventory/group_vars/arm-retrace
@@ -1,9 +1,10 @@
 ---
 fas_client_groups: retrace
 freezes: false
+#
+# These are 32bit
+#
+libdir: /usr/lib
 sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers"

-tcp_ports: [ 80, 443 ]
-
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
+tcp_ports: [ 80 ]
--- a/inventory/group_vars/badges-backend
+++ b/inventory/group_vars/badges-backend
@@ -7,8 +7,7 @@ freezes: false
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file

-tcp_ports: [ 3000, 3001, 3002, 3003,
-             3004, 3005, 3006, 3007 ]
+tcp_ports: [ 3000 ]

 fas_client_groups: sysadmin-noc,sysadmin-badges

--- a/inventory/group_vars/badges-backend-stg
+++ b/inventory/group_vars/badges-backend-stg
@@ -7,8 +7,7 @@ num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file

-tcp_ports: [ 3000, 3001, 3002, 3003,
-             3004, 3005, 3006, 3007 ]
+tcp_ports: [ 3000 ]

 fas_client_groups: sysadmin-noc,sysadmin-badges

--- a/inventory/group_vars/bastion
+++ b/inventory/group_vars/bastion
@@ -1,39 +0,0 @@
---
-# Define resources for this group of hosts here. 
-lvm_size: 20000
-mem_size: 8192
-num_cpus: 4
-
-#
-# allow incoming openvpn and smtp
-#
-tcp_ports: [ 25, 1194 ]
-udp_ports: [ 1194 ]
-
-#
-# drop incoming traffic from less trusted vpn hosts
-#
-custom_rules: [
-    '-A INPUT -s 192.168.100/24 -j REJECT --reject-with icmp-host-prohibited',
-]
-#
-# allow a bunch of sysadmin groups here so they can access internal stuff
-#
-fas_client_groups: sysadmin-ask,sysadmin-web,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc,sysadmin-releng,sysadmin-dba,sysadmin-hosted,sysadmin-tools,sysadmin-spin,sysadmin-cloud,fi-apprentice,sysadmin-darkserver,sysadmin-badges,sysadmin-troubleshoot,sysadmin-qa,sysadmin-centos,sysadmin-ppc
-
-#
-# This is a postfix gateway. This will pick up gateway postfix config in base
-#
-postfix_group: gateway
-postfix_transport_filename: transports.gateway
-
-#
-# Set this to get fasclient cron to make the aliases file
-#
-fas_aliases: true
-
-#
-# Sometimes there are lots of postfix processes
-#
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
--- a/inventory/group_vars/beaker
+++ b/inventory/group_vars/beaker
@@ -11,5 +11,3 @@ udp_ports: [ 69 ]
 fas_client_groups: sysadmin-qa
 nrpe_procs_warn: 250
 nrpe_procs_crit: 300
-
-freezes: false
--- a/inventory/group_vars/copr
+++ b/inventory/group_vars/copr
@@ -1,6 +0,0 @@
---
-devel: false
-_forward_src: "forward"
-copr_backend_ips: "172.16.5.4"
-resolvconf: "resolv.conf/cloud"
-
--- a/inventory/group_vars/copr-back
+++ b/inventory/group_vars/copr-back
@@ -1,8 +0,0 @@
---
-_lighttpd_conf_src: "lighttpd/lighttpd.conf"
-_copr_be_conf: "copr-be.conf"
-
-do_sign: "false"
-keygen_host: "copr-keygen.cloud.fedoraproject.org"
-
-spawn_in_advance: "true"
--- a/inventory/group_vars/copr-back-stg
+++ b/inventory/group_vars/copr-back-stg
@@ -1,8 +0,0 @@
---
-_lighttpd_conf_src: "lighttpd/lighttpd_dev.conf"
-_copr_be_conf: "copr-be.conf-dev"
-
-do_sign: "true"
-keygen_host: "209.132.184.124"
-
-spawn_in_advance: "true"
--- a/inventory/group_vars/copr-front
+++ b/inventory/group_vars/copr-front
@@ -1,3 +0,0 @@
---
-copr_hostname: "copr-fe.cloud.fedoraproject.org"
-copr_frontend_public_hostname: "copr.fedoraproject.org"
--- a/inventory/group_vars/copr-front-stg
+++ b/inventory/group_vars/copr-front-stg
@@ -1,2 +0,0 @@
---
-copr_frontend_public_hostname: "copr-fe-dev.cloud.fedoraproject.org"
--- a/inventory/group_vars/copr-keygen
+++ b/inventory/group_vars/copr-keygen
@@ -1,2 +0,0 @@
---
-tcp_ports: [80, 5167]
--- a/inventory/group_vars/copr-keygen-stg
+++ b/inventory/group_vars/copr-keygen-stg
@@ -1,3 +0,0 @@
---
-copr_hostbase: copr-keygen-dev
-tcp_ports: [80, 5167]
--- a/inventory/group_vars/copr-stg
+++ b/inventory/group_vars/copr-stg
@@ -1,7 +0,0 @@
---
-devel: true
-#_forward-src: "{{ files }}/copr/forward-dev"
-_forward_src: "forward_dev"
-
-copr_backend_ips: "172.16.5.5 172.16.5.4 172.16.5.24"
-resolvconf: "resolv.conf/cloud"
--- a/inventory/group_vars/fas
+++ b/inventory/group_vars/fas
@@ -1,26 +0,0 @@
---
-# Define resources for this group of hosts here. 
-lvm_size: 30000
-mem_size: 2048
-num_cpus: 2
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-tcp_ports: [ 80, 8443, 8444,
-             # fas has 32 wsgi processes, each of which need their own port
-             # open for outbound fedmsg messages.
-             8000, 8001, 8002, 8003, 8004, 8005, 8006, 8007,
-             8008, 8009, 8010, 8011, 8012, 8013, 8014, 8015,
-             8016, 8017, 8018, 8019, 8020, 8021, 8022, 8023,
-             8024, 8025, 8026, 8027, 8028, 8029, 8030, 8031, ]
-
-fas_client_groups: sysadmin-main,sysadmin-accounts
-
-master_fas_node: False 
-
-# A host group for rsync config
-rsync_group: fas
-
-nrpe_procs_warn: 300
-nrpe_procs_crit: 500
--- a/inventory/group_vars/fedimg
+++ b/inventory/group_vars/fedimg
@@ -9,7 +9,7 @@ num_cpus: 2
 tcp_ports: [ 3000 ]

 # TODO, restrict this down to just sysadmin-releng
-fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg
+fas_client_groups: sysadmin-datanommer,sysadmin-releng

 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
--- a/inventory/group_vars/fedimg-stg
+++ b/inventory/group_vars/fedimg-stg
@@ -9,7 +9,7 @@ num_cpus: 2
 tcp_ports: [ 3000 ]

 # TODO, restrict this down to just sysadmin-releng
-fas_client_groups: sysadmin-datanommer,sysadmin-releng,sysadmin-fedimg
+fas_client_groups: sysadmin-datanommer,sysadmin-releng

 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
--- a/inventory/group_vars/hotness
+++ b/inventory/group_vars/hotness
@@ -1,21 +0,0 @@
---
-# Define resources for this group of hosts here. 
-lvm_size: 20000
-mem_size: 1024
-num_cpus: 2
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-tcp_ports: [ 3000, 3001, 3002, 3003 ]
-
-fas_client_groups: sysadmin-noc
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
- service: shell
-  owner: root
-  group: sysadmin
- service: hotness
-  owner: root
-  group: fedmsg
--- a/inventory/group_vars/hotness-stg
+++ b/inventory/group_vars/hotness-stg
@@ -1,21 +0,0 @@
---
-# Define resources for this group of hosts here. 
-lvm_size: 20000
-mem_size: 1024
-num_cpus: 1
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-tcp_ports: [ 3000, 3001, 3002, 3003 ]
-
-fas_client_groups: sysadmin-noc
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
- service: shell
-  owner: root
-  group: sysadmin
- service: hotness
-  owner: root
-  group: fedmsg
--- a/inventory/group_vars/jenkins-cloud
+++ b/inventory/group_vars/jenkins-cloud
@@ -1,7 +1,5 @@
 postfix_group: jenkins-cloud

-tcp_ports: [22, 80, 443]
-
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
--- a/inventory/group_vars/kernel-qa
+++ b/inventory/group_vars/kernel-qa
@@ -1,5 +1,5 @@
 ---
-freezes: false
+freezes: true
 resolvconf: "{{ files }}/resolv.conf/phx2"
 fas_client_groups: sysadmin-kernel
 sudoers: "{{ private }}/files/sudo/kernel-qa"
--- a/inventory/group_vars/mailman
+++ b/inventory/group_vars/mailman
@@ -23,9 +23,4 @@ fedmsg_certs:
 postfix_group: mailman

 # Used by the mailman role
-mailman_db_server: db01.phx2.fedoraproject.org
-mailman_url: lists.fedoraproject.org
-
-# by default, the number of emails in queue before we whine
-nrpe_check_postfix_queue_warn: 20
-nrpe_check_postfix_queue_crit: 50
+mailman_dbserver: db01.phx2.fedoraproject.org
--- a/inventory/group_vars/mailman-stg
+++ b/inventory/group_vars/mailman-stg
@@ -30,11 +30,6 @@ virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ m

 # Postfix main.cf
 postfix_group: mailman-stg
-mailman_url: lists.stg.fedoraproject.org

 # Used by the mailman role
-mailman_db_server: db02.stg.phx2.fedoraproject.org
-
-# by default, the number of emails in queue before we whine
-nrpe_check_postfix_queue_warn: 20
-nrpe_check_postfix_queue_crit: 50
+mailman_dbserver: db02.stg.phx2.fedoraproject.org
--- a/inventory/group_vars/mirrorlist
+++ b/inventory/group_vars/mirrorlist
@@ -1,6 +1,6 @@
 ---
 lvm_size: 20000
-mem_size: 8192
+mem_size: 4096
 num_cpus: 4
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
--- a/inventory/group_vars/mm-stg
+++ b/inventory/group_vars/mm-stg
@@ -1,3 +0,0 @@
---
-# Define resources for this group of hosts here. 
-fas_client_groups: sysadmin-noc
--- a/inventory/group_vars/nagios-phx
+++ b/inventory/group_vars/nagios-phx
--- a/inventory/group_vars/notifs-backend
+++ b/inventory/group_vars/notifs-backend
@@ -1,13 +1,13 @@
 ---
 # Define resources for this group of hosts here. 
 lvm_size: 20000
-mem_size: 6144
-num_cpus: 4
+mem_size: 2048
+num_cpus: 2

 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file

-tcp_ports: [ 3000, 3001, 3002, 3003, 3004 ]
+tcp_ports: [ 3000, 3001, 3002, 3003 ]

 fas_client_groups: sysadmin-noc,sysadmin-datanommer

--- a/inventory/group_vars/notifs-backend-stg
+++ b/inventory/group_vars/notifs-backend-stg
@@ -7,7 +7,7 @@ num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file

-tcp_ports: [ 3000, 3001, 3002, 3003, 3004 ]
+tcp_ports: [ 3000, 3001, 3002, 3003 ]

 fas_client_groups: sysadmin-noc,sysadmin-datanommer

--- a/inventory/group_vars/pkgs
+++ b/inventory/group_vars/pkgs
@@ -1,47 +0,0 @@
---
-lvm_size: 100000
-mem_size: 4096
-num_cpus: 4
-
-tcp_ports: [80, 443, 9418,
-    # These 16 ports are used by fedmsg.  One for each wsgi thread.
-    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
-    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
-
-fas_client_groups: sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc
-fas_client_restricted_app: /usr/bin/gl-auth-command
-fas_client_admin_app: /usr/bin/gl-auth-command -s
-fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc"
-
-git_group: packager
-git_port: 9418
-git_server: /usr/libexec/git-core/git-daemon
-git_server_args: --export-all --syslog --inetd --verbose
-git_basepath: /srv/git/rpms
-
-clamscan_mailto: admin@fedoraproject.org
-clamscan_paths:
- /srv/cache/lookaside/pkgs
-clamscan_excludes:
- clamav-
- amavisd-new-2.3.3.tar.gz
- bro-20080804.tgz
- mailman-
- sagator-
- nicotine
- fwsnort-1.0.6.tar.gz
- psad-2.1.7.tar.bz2
- pymilter-
- linkchecker-
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
- service: shell
-  owner: root
-  group: sysadmin
- service: scm
-  owner: root
-  group: packager
- service: lookaside
-  owner: root
-  group: apache
--- a/inventory/group_vars/pkgs-stg
+++ b/inventory/group_vars/pkgs-stg
@@ -1,47 +0,0 @@
---
-lvm_size: 100000
-mem_size: 4096
-num_cpus: 4
-
-tcp_ports: [80, 443, 9418,
-    # These 16 ports are used by fedmsg.  One for each wsgi thread.
-    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
-    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
-
-fas_client_groups: sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc
-fas_client_restricted_app: HOME=/srv/git /usr/share/gitolite3/gitolite-shell user
-fas_client_admin_app: HOME=/srv/git /usr/share/gitolite3/gitolite-shell admin
-fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-build,sysadmin-noc"
-
-git_group: packager
-git_port: 9418
-git_server: /usr/libexec/git-core/git-daemon
-git_server_args: --export-all --syslog --inetd --verbose
-git_basepath: /srv/git/rpms
-
-clamscan_mailto: admin@fedoraproject.org
-clamscan_paths:
- /srv/cache/lookaside/pkgs
-clamscan_excludes:
- clamav-
- amavisd-new-2.3.3.tar.gz
- bro-20080804.tgz
- mailman-
- sagator-
- nicotine
- fwsnort-1.0.6.tar.gz
- psad-2.1.7.tar.bz2
- pymilter-
- linkchecker-
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
- service: shell
-  owner: root
-  group: sysadmin
- service: scm
-  owner: root
-  group: packager
- service: lookaside
-  owner: root
-  group: apache
--- a/inventory/group_vars/postgresql-server
+++ b/inventory/group_vars/postgresql-server
@@ -6,4 +6,5 @@ num_cpus: 4
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file

+tcp_ports: [ 80 ]
 fas_client_groups: sysadmin-noc
--- a/inventory/group_vars/qadevel
+++ b/inventory/group_vars/qadevel
@@ -18,24 +18,3 @@ virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ m
                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }}"
                 --network=bridge=br0 --autostart --noautoconsole
-
-buildmaster_db_host: localhost
-buildmaster_template: ci.master.cfg.j2
-buildmaster_endpoint: buildmaster
-buildslave_ssh_pubkey: ''
-buildslave_port: 9989
-buildmaster_dir: /home/buildmaster/master
-buildslave_dir: /home/buildslave/slave
-buildslave_poll_interval: 1800
-master_dir: /home/buildmaster/master
-master_user: buildmaster
-external_hostname: qadevel.qa.fedoraproject.org
-deployment_type: qadevel-prod
-tcp_ports: [ 80, 443, "{{ buildslave_port }}" ]
-
-# for now, we're just doing a local slave so we need the slave vars in here
-slave_home: /home/buildslave/
-slave_dir: /home/buildslave/slave
-slave_user: buildslave
-
-freezes: false
--- a/inventory/group_vars/qadevel-stg
+++ b/inventory/group_vars/qadevel-stg
@@ -18,19 +18,3 @@ virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ m
                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }}"
                 --network=bridge=br0 --autostart --noautoconsole
-
-buildmaster_db_host: localhost
-buildmaster_template: ci.master.cfg.j2
-buildmaster_endpoint: taskmaster
-buildslave_ssh_pubkey: ''
-buildslave_port: 9989
-buildmaster_dir: /home/buildmaster/master
-buildslave_dir: /home/buildslave/slave
-buildslave_poll_interval: 1800
-master_dir: /home/buildmaster/master
-master_user: buildmaster
-external_hostname: qadevel-stg.qa.fedoraproject.org
-deployment_type: qadevel-stg
-tcp_ports: [ 80, 443, "{{ buildslave_port }}" ]
-
-freezes: false
--- a/inventory/group_vars/resultsdb-dev
+++ b/inventory/group_vars/resultsdb-dev
@@ -26,5 +26,3 @@ resultsdb_fe_endpoint: '/resultsdb'
 resultsdb_db_name: resultsdb_dev
 allowed_hosts:
    - 10.5.124
-
-freezes: false
--- a/inventory/group_vars/resultsdb-prod
+++ b/inventory/group_vars/resultsdb-prod
@@ -11,7 +11,7 @@ fas_client_groups: sysadmin-qa
 nrpe_procs_warn: 250
 nrpe_procs_crit: 300

-virt_install_command: /usr/bin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
+virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
                 "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
--- a/inventory/group_vars/resultsdb-stg
+++ b/inventory/group_vars/resultsdb-stg
@@ -27,5 +27,3 @@ resultsdb_fe_endpoint: '/resultsdb'
 resultsdb_db_name: resultsdb_stg
 allowed_hosts:
    - 10.5.124
-
-freezes: false
--- a/inventory/group_vars/sign-bridge
+++ b/inventory/group_vars/sign-bridge
@@ -8,6 +8,6 @@ lvm_size: 10000
 mem_size: 4096
 num_cpus: 4

-tcp_ports: [ 22, 44333, 44334 ]
+tcp_ports: [ 44333, 44334 ]

 fas_client_groups: sysadmin-releng
--- a/inventory/group_vars/tagger
+++ b/inventory/group_vars/tagger
@@ -8,11 +8,9 @@ num_cpus: 2
 # the host_vars/$hostname file

 tcp_ports: [ 80, 443,
-    # These 32 ports are used by fedmsg.  One for each wsgi thread.
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
-    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015,
-    3016, 3017, 3018, 3019, 3020, 3021, 3022, 3023,
-    3024, 3025, 3026, 3027, 3028, 3029, 3030, 3031]
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

 # Neeed for rsync from log01 for logs.
 custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
--- a/inventory/group_vars/tagger-stg
+++ b/inventory/group_vars/tagger-stg
@@ -8,11 +8,9 @@ num_cpus: 2
 # the host_vars/$hostname file

 tcp_ports: [ 80, 443,
-    # These 32 ports are used by fedmsg.  One for each wsgi thread.
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
-    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015,
-    3016, 3017, 3018, 3019, 3020, 3021, 3022, 3023,
-    3024, 3025, 3026, 3027, 3028, 3029, 3030, 3031]
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

 # Neeed for rsync from log01 for logs.
 custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
--- a/inventory/group_vars/taskotron
+++ b/inventory/group_vars/taskotron
@@ -0,0 +1,20 @@
+---
+# common items for the releng-* boxes
+lvm_size: 50000
+mem_size: 4096
+num_cpus: 4
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443, 9989 ]
+fas_client_groups: sysadmin-qa
+nrpe_procs_warn: 250
+nrpe_procs_crit: 300
+
+virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
+                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
+                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
+                 "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                  hostname={{ inventory_hostname }} nameserver={{ dns }}
+                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none"
+                 --network=bridge=br0,model=virtio --autostart --noautoconsole
--- a/inventory/group_vars/taskotron-dev
+++ b/inventory/group_vars/taskotron-dev
@@ -23,7 +23,7 @@ master_user: buildmaster
 external_hostname: taskotron-dev.fedoraproject.org
 resultsdb_url: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb_api/api/v1.0
 resultsdb_frontend_url: http://resultsdb-dev01.qa.fedoraproject.org/resultsdb/
-resultsdb_external_url: https://taskotron-dev.fedoraproject.org/resultsdb/
+resultsdb_external_url: https://taskotron-dev.fedoraproject.org/resultsdb_api/
 resultsdb_endpoint: resultsdb
 resultsdb_api_endpoint: resultsdb_api
 landingpage_title: "Taskotron Development"
@@ -34,4 +34,3 @@ fakefedorainfra_db_name: dev_fakefedorainfra
 fakefedorainfra_endpoint: fakefedorainfra
 fakefedorainfra_url: https://taskotron-dev.fedoraproject.org/fakefedorainfra
 taskotron_docs_url: https://docs.qadevel.cloud.fedoraproject.org/libtaskotron/latest/
-freezes: false
--- a/inventory/group_vars/taskotron-dev-clients
+++ b/inventory/group_vars/taskotron-dev-clients
@@ -21,4 +21,3 @@ buildslave_public_sshkey_file: dev-buildslave-sshkey/dev_buildslave.pub
 taskotron_admin_email: taskotron-admin-members@fedoraproject.org
 sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
 buildmaster_pubkey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK4M03mLIZ0Wf9CzoJtUfOV8pcSxYLSsd4zxaFovDIHZGZH3ifg5Ocwut6L6lBalR3iepa/9EuFvgosi90WM3iI="
-freezes: false
--- a/inventory/group_vars/taskotron-prod-clients
+++ b/inventory/group_vars/taskotron-prod-clients
@@ -1,13 +1,12 @@
 ---
-lvm_size: 60000
-mem_size: 8096
+lvm_size: 20000
+mem_size: 4096
 num_cpus: 2

 slave_user: buildslave
 taskotron_fas_user: taskotron
 resultsdb_server: http://resultsdb01.qa.fedoraproject.org/resultsdb_api/api/v1.0/
-# this is proxy01.phx2
-bodhi_server: https://admin.fedoraproject.org/updates
+bodhi_server: http://10.5.124.206/fakefedorainfra/bodhi/
 kojihub_url: http://koji.fedoraproject.org/kojihub
 taskotron_master: https://taskotron.fedoraproject.org/taskmaster/
 deployment_type: prod
@@ -21,4 +20,4 @@ buildslave_private_sshkey_file: prod-buildslave-sshkey/prod_buildslave
 buildslave_public_sshkey_file: prod-buildslave-sshkey/prod_buildslave.pub
 taskotron_admin_email: taskotron-admin-members@fedoraproject.org
 sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
-buildmaster_pubkey: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBlB0+PK20wI+MN1eYTDCjpnRZCo3eEdAwR2yuOFhm5BdMvdAokpS3CjA6KSKPQjgTc9UHz4WjwGVysV0sns9h0='
+buildmaster_pubkey: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM5J0rmopyW96QyCVq5qyRmvsMIevnnPxXRNView1/vFI0ZkmQNeG6KYp0jmXsTDzPMeD4aC1nYIzyLp6OiMjvQ='
--- a/inventory/group_vars/taskotron-stg
+++ b/inventory/group_vars/taskotron-stg
@@ -30,4 +30,3 @@ fakefedorainfra_db_name: fakefedorainfra_stg
 fakefedorainfra_endpoint: fakefedorainfra
 fakefedorainfra_url: https://taskotron.stg.fedoraproject.org/fakefedorainfra
 taskotron_docs_url: https://docs.qadevel.cloud.fedoraproject.org/libtaskotron/latest/
-freezes: false
--- a/inventory/group_vars/taskotron-stg-clients
+++ b/inventory/group_vars/taskotron-stg-clients
@@ -21,4 +21,3 @@ buildslave_public_sshkey_file: stg-buildslave-sshkey/stg_buildslave.pub
 taskotron_admin_email: taskotron-admin-members@fedoraproject.org
 sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
 buildmaster_pubkey: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJJ4xAImruf8x0ghwxfq0DM6S00pSoEhpI1VZiG2DT14xD+eMubFQcUMpoQ3IBs3eaatlwVr2qjM4EEBfds/1Zs='
-freezes: false
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Patrick Uiterwijk	e35e850ad3	Merge branch 'openvpn_handler' of /git/ansible into openvpn_handler	2014-08-02 15:00:10 +00:00
Patrick Uiterwijk	2c5755dbc4	Add nagios to trusted openid roots	2014-08-02 15:00:06 +00:00
				`@@ -1 +0,0 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfk627wDgkJisjGl4RbrUS457WoPdSate1vzgZXApQeAkTG9LLEstAEyThphnJZzDWRYceId+DqZvyrwZttB6Tfptwqs9qwW60HelSVtvq6RDoiQO5yB1ffbeelM6ci5spvzA0b8llUmYpDlCmrbv/or5IXtO9ScAxK7S6Pp2XQYyHJepEclCqfUkmgOXqnoFPFhKhIdaNe7wXCDKnjHSL0HLQmpTREbJ98HNexI76DMdiuG+II7m42XbfToHZtDrsUfd5HGyWLqUWqFfLFoFSSrARE7Aqa2cS1zrLdKHTFnDitBezNeb2J4Go3/23bHe58LV8RfPdIQG9Z8hqYiD9 root@fed-cloud09.cloud.fedoraproject.org`
				`@@ -1 +0,0 @@`
				`ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"`