Add first work on the easyfix role

This still requires some work: - It has no playbook - It is missing the proxy bits - configuration of the proxies themselves - cron job copying the files from the app running the cron job onto the proxies
This config needs to be readable by apache to get db connect info.
2026-02-03 13:13:22 +08:00 · 2014-03-03 17:55:03 +01:00 · 2014-03-02 19:48:39 +00:00 · 2014-03-02 19:37:53 +00:00 · 2014-03-02 19:08:18 +00:00 · 2014-03-02 19:01:18 +00:00
740 changed files with 31865 additions and 4697 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 *.swp
+*.pyc
--- a/112
+++ b/112
@@ -0,0 +1,112 @@
+This file describes some conventions we are going to try and use
+to keep things organized and everyone on the same page. 
+
+If you find you need to diverge from this document for something, 
+please discuss it on the infrastructure list and see if we can 
+adjust this document for that use case. 
+
+Playbook naming
+===============
+The top level playbooks directory should contain: 
+
+* Playbooks that are generic and used by serveral groups/hosts playbooks
+* Playbooks used for utility purposes from command line
+* Groups and Hosts subdirs. 
+
+Generic playbooks are included in other playbooks and perform 
+basic setup that is used by other groups/hosts. 
+Examples: cloud setup, collectd, webserver, iptables, etc
+
+Utility playbooks are used by sysadmins command line to perform some 
+specific function. Examples: host update, vhost update, vhost reboot. 
+
+The playbooks/groups/ directory should contain one playbook per 
+group. This should be used in the case of multiple machines/instances
+in a group. MUST include a hosts entry that describes the hosts in the group.
+Examples: packages, proxy, unbound, virthost, etc.
+Try and be descriptive with the name here. 
+
+The playbooks/hosts/ directory should contain one playbook per 'host'
+for when a role is handled by only one host. Hosts playbooks
+MUST be FQDN.yml, MUST contain Hosts: the host or ip. 
+Examples: persistent cloud images, special hosts. 
+
+Where possible groups should be used. Hosts playbooks should only 
+be used in specific cases where a generic group playbook would not work. 
+
+Both groups and hosts playbooks should always include:  
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "{{ private}}/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+Play naming
+===========
+Plays in playbooks should be a short readable description of what the play
+is doing. This will be displayed to the user and/or mailed out, so think 
+about what you would like to see if the play you are writing failed that 
+would be descriptive to the reader to help fix it. 
+
+Inventory
+=========
+The inventory file should add all hosts to one (or more) groups. 
+
+When there are staging hosts for a role/service, they should be in the 
+main group for that role as well as a staging for the role. 
+FIXME: will depend on how we do staging. (see below)
+
+Tags
+====
+Tags allow you to run just a subset of plays with a specific tag(s). 
+
+We have some standard tags we should use on all plays: 
+
+packages - this play installs or removes packages. 
+
+config - this play installs config files. 
+
+check - we could use this tag to include 'is everything running that should be' 
+        type tasks. 
+
+FIXME: others?
+
+Production vs Staging vs Development
+====================================
+In the default state, we should strive to have production and staging using 
+the same exact playbooks. development can also do so, or just be a more 
+minimal free form for the developer. 
+
+When needing to make changes to test in staging the following process should
+be used: 
+
+FIXME... :) 
+
+Requirements: 
+
+1. shouldn't touch prod playbook by default
+2. should be easy to merge changes back to prod
+3. should not require people to remember to do a bunch of steps. 
+4. should be easy to see exactly what changes are pending only in stg. 
+
+Cron job/automatic execution
+============================
+
+We would like to get ansible running over hosts in an automated way. 
+A git hook could do this. 
+
+* On commit:
+	If we have a way to detemine exactly what hosts are affected by a 
+        change we could simply run only on those hosts. 
+
+        We might want a short delay (10m) to allow someone to see a problem
+        or others to note one from the commit. 
+
+* Once a day: (more often? less often?) 
+
+        We may want to re-run on all hosts once a day and yell loudly 
+        if anything changed. 
+
+        FIXME: perhaps we want a tag of items to run at this time? 
+        FIXME: alternately we could have a util playbook that runs a 
+               bunch of checks for us? 
+
--- a/37
+++ b/37
@@ -1,9 +1,15 @@
-ansible repository/structure
+== ansible repository/structure ==

 files - files and templates for use in playbooks/tasks
      - subdirs for specific tasks/dirs highly recommended

 inventory - where the inventory and additional vars is stored
+          - All files in this directory in ini format 
+          - added together for total inventory
+  group_vars: 
+          - per group variables set here in a file per group 
+  host_vars: 
+          - per host variables set here in a file per host 

 library - library of custom local ansible modules

@@ -11,6 +17,10 @@ playbooks - collections of plays we want to run on systems

 tasks - snippets of tasks that should be included in plays

+roles - specific roles to be use in playbooks. 
+        Each role has it's own files/templates/vars
+
+== Paths ==

 public path for everything is:

@@ -20,12 +30,11 @@ private path - which is sysadmin-main accessible only is:

 /srv/private/ansible

-
 In general to run any ansible playbook you will want to run:

 sudo -i ansible-playbook /path/to/playbook.yml

-
+== Cloud information ==

 cloud instances:
 to startup a new cloud instance and configure for basic server use run (as
@@ -61,9 +70,6 @@ define these with:

 --extra-vars="varname=value varname1=value varname2=value"

-
-
-
 Name        Memory_MB  Disk   VCPUs
 m1.tiny     512        0      1    
 m1.small    2048       20     1    
@@ -124,7 +130,7 @@ description: some description so someone else can know what this is

 The available images can be found by running::
   source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
-   euca-describe-images | grep emi
+   euca-describe-images | grep ami

 4. setup a host playbook ansible/playbooks/hosts/$YOUR_HOSTNAME_HERE.yml
   Note: the name of this file doesn't really matter but it should normally
@@ -137,10 +143,10 @@ The available images can be found by running::

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"

  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"

 - name: provision instance
  hosts: $YOUR_HOSTNAME/IP HERE
@@ -149,15 +155,15 @@ The available images can be found by running::

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ private }}/vars.yml"
+   - /srv/web/infra/ansible/vars//{{ ansible_distribution }}.yml

  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml
  # fill in other actions/includes/etc here

  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml


 5. add/commit the above to the git repo and push your changes
@@ -171,10 +177,6 @@ The available images can be found by running::
 You should be able to run that playbook over and over again safely, it will
 only setup/create a new instance if the ip is not up/responding.

-
-
-
-
 SECURITY GROUPS
 - to edit security groups you must either have your own cloud account or
  be a member of sysadmin-main
@@ -212,6 +214,7 @@ euca-create-group -d "group description here" groupname

 To add a rule to a group:
 euca-authorize -P tcp -p 22 groupname
+euca-authorize -P icmp -t -1:-1 groupname

 To delete a rule from a group:
 euca-revoke -P tcp -p 22 groupname
--- a/callback_plugins/fedmsg_callback.py
+++ b/callback_plugins/fedmsg_callback.py
@@ -0,0 +1,86 @@
+# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com>
+# based on the log_plays example
+# skvidal@fedoraproject.org
+# rbean@redhat.com
+
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import pwd
+
+import fedmsg
+import fedmsg.config
+
+
+def getlogin():
+    try:
+        user = os.getlogin()
+    except OSError, e:
+        user = pwd.getpwuid(os.geteuid())[0]
+    return user
+
+
+class CallbackModule(object):
+    """ Publish playbook starts and stops to fedmsg. """
+
+    playbook = None
+
+    def __init__(self):
+        config = fedmsg.config.load_config()
+        config.update(dict(
+            name='relay_inbound',
+            cert_prefix='shell',
+            active=True,
+        ))
+        fedmsg.init(**config)
+
+    def playbook_on_play_start(self, pattern):
+        # This gets called once for each play.. but we just issue a message once
+        # for the first one.  One per "playbook"
+        play = getattr(self, 'play', None)
+        if play:
+            # figure out where the playbook FILE is
+            path = os.path.abspath(play.playbook.filename)
+
+            # Bail out early without publishing if we're in --check mode
+            if play.playbook.check:
+                return
+
+            if not self.playbook:
+                fedmsg.publish(
+                    modname="ansible", topic="playbook.start",
+                    msg=dict(
+                        playbook=path,
+                        userid=getlogin(),
+                        extra_vars=play.playbook.extra_vars,
+                        inventory=play.playbook.inventory.host_list,
+                        playbook_checksum=play.playbook.check,
+                        check=play.playbook.check,
+                    ),
+                )
+                self.playbook = path
+
+    def playbook_on_stats(self, stats):
+        if not self.playbook:
+            return
+
+        results = dict([(h, stats.summarize(h)) for h in stats.processed])
+        fedmsg.publish(
+            modname="ansible", topic="playbook.complete",
+            msg=dict(
+                playbook=self.playbook,
+                userid=getlogin(),
+                results=results,
+            ),
+        )
--- a/callback_plugins/logdetail.py
+++ b/callback_plugins/logdetail.py
@@ -50,24 +50,24 @@ class LogMech(object):
                    raise

        # checksum of full playbook?
-        
+
    @property
    def playbook_id(self):
        if self._pb_fn:
            return os.path.basename(self._pb_fn).replace('.yml', '').replace('.yaml', '')
        else:
            return "ansible-cmd"
-    
+
    @playbook_id.setter
    def playbook_id(self, value):
        self._pb_fn = value
-    
+
    @property
    def logpath_play(self):
        # this is all to get our path to look nice ish
        tstamp = time.strftime('%Y/%m/%d/%H.%M.%S', time.localtime(self.started))
        path = os.path.normpath(self.logpath + '/' + self.playbook_id +  '/' + tstamp + '/')
-        
+
        if not os.path.exists(path):
            try:
                os.makedirs(path)
@@ -76,13 +76,13 @@ class LogMech(object):
                    raise

        return path
-        
+
    def play_log(self, content):
        # record out playbook.log
        # include path to playbook, checksums, user running playbook
        # any args we can get back from the invocation
        fd = open(self.logpath_play + '/' + 'playbook-' + self.pid + '.info', 'a')
-        fd.write('%s\n' % content) 
+        fd.write('%s\n' % content)
        fd.close()

    def task_to_json(self, task):
@@ -92,25 +92,25 @@ class LogMech(object):
        res['task_args'] = task.module_args
        if self.playbook_id == 'ansible-cmd':
            res['task_userid'] = getlogin()
-        for k in ("delegate_to", "environment", "first_available_file", 
-                  "local_action", "notified_by", "notify", "only_if", 
-                  "register", "sudo", "sudo_user", "tags", 
+        for k in ("delegate_to", "environment", "first_available_file",
+                  "local_action", "notified_by", "notify",
+                  "register", "sudo", "sudo_user", "tags",
                  "transport", "when"):
            v = getattr(task, k, None)
            if v:
                res['task_' + k] = v
-            
+
        return res
-        
+
    def log(self, host, category, data, task=None, count=0):
        if not host:
            host = 'HOSTMISSING'
-        
+
        if type(data) == dict:
            name = data.get('module_name',None)
        else:
            name = "unknown"
-            
+

        # we're in setup - move the invocation  info up one level
        if 'invocation' in data:
@@ -126,21 +126,23 @@ class LogMech(object):
            data['task_start'] = self._last_task_start
            data['task_end'] = time.time()
            data.update(self.task_to_json(task))
-        
+
        if 'task_userid' not in data:
            data['task_userid'] = getlogin()
-            
+
        if category == 'OK' and data.get('changed', False):
            category = 'CHANGED'
-        
-        if self.play_info.get('check', False):
+
+        if self.play_info.get('check', False) and self.play_info.get('diff', False):
+            category = 'CHECK_DIFF:' + category
+        elif self.play_info.get('check', False):    
            category = 'CHECK:' + category
-                
+
        fd = open(self.logpath_play + '/' + host + '.log', 'a')
        now = time.strftime(TIME_FORMAT, time.localtime())
        fd.write(MSG_FORMAT % dict(now=now, name=name, count=count, category=category, data=json.dumps(data)))
        fd.close()
-        
+

 logmech = LogMech()

@@ -238,7 +240,7 @@ class CallbackModule(object):

    def playbook_on_play_start(self, pattern):
        self._task_count = 0
-        
+
        play = getattr(self, 'play', None)
        if play:
            # figure out where the playbook FILE is
@@ -258,27 +260,29 @@ class CallbackModule(object):
                pb_info['inventory'] = play.playbook.inventory.host_list
                pb_info['playbook_checksum'] = utils.md5(path)
                pb_info['check'] = play.playbook.check
+                pb_info['diff'] = play.playbook.diff
                logmech.play_log(json.dumps(pb_info, indent=4))
-            
-            self._play_count += 1            
-            # then write per-play info that doesn't duplcate the playbook info                
+
+            self._play_count += 1
+            # then write per-play info that doesn't duplcate the playbook info
            info = {}
            info['play'] = play.name
            info['hosts'] = play.hosts
            info['transport'] = play.transport
            info['number'] = self._play_count
            info['check'] = play.playbook.check
+            info['diff'] = play.playbook.diff
            logmech.play_info = info
            logmech.play_log(json.dumps(info, indent=4))


    def playbook_on_stats(self, stats):
-        results = {} 
+        results = {}
        for host in stats.processed.keys():
            results[host] = stats.summarize(host)
            logmech.log(host, 'STATS', results[host])
        logmech.play_log(json.dumps({'stats': results}, indent=4))
        logmech.play_log(json.dumps({'playbook_end': time.time()}, indent=4))
        print 'logs written to: %s' % logmech.logpath_play
-        
+

--- a/files/bacula/bacula-dir.conf.j2
+++ b/files/bacula/bacula-dir.conf.j2
--- a/files/bacula/bacula-fd.conf.j2
+++ b/files/bacula/bacula-fd.conf.j2
@@ -1,45 +0,0 @@
-#
-# Default  Bacula File Daemon Configuration file
-#
-#  For Bacula release 2.0.3 (06 March 2007) -- redhat (Zod)
-#
-# There is not much to change here except perhaps the
-# File daemon Name to
-#
-
-#
-# List Directors who are permitted to contact this File daemon
-#
-Director {
-  Name = bacula-dir
-  Password = "{{ bacula5PasswordDir }}"
-}
-
-#
-# Restricted Director, used by tray-monitor to get the
-#   status of the file daemon
-#
-Director {
-  Name = bacula-mon
-  Password = "{{ bacula5PasswordDir }}"
-  Monitor = yes
-}
-
-#
-# "Global" File daemon configuration specifications
-#
-FileDaemon {                          # this is me
-  Name = bacula-fd
-  FDport = 9102                  # where we listen for the director
-  WorkingDirectory = /var/spool/bacula
-  Pid Directory = /var/run
-  Maximum Concurrent Jobs = 10
-  Heartbeat Interval = 10
-  #Maximum Network Buffer Size = 131072
-}
-
-# Send all messages except skipped files back to Director
-Messages {
-  Name = Standard
-  director = bacula-dir = all, !skipped, !restored
-}
--- a/files/bacula/bacula-sd.conf.j2
+++ b/files/bacula/bacula-sd.conf.j2
@@ -1,104 +0,0 @@
-#
-# Default Bacula Storage Daemon Configuration file
-#
-#  For Bacula release 2.0.3 (06 March 2007) -- redhat (Zod)
-#
-# You may need to change the name of your tape drive
-#   on the "Archive Device" directive in the Device
-#   resource.  If you change the Name and/or the 
-#   "Media Type" in the Device resource, please ensure
-#   that dird.conf has corresponding changes.
-#
-
-Storage {                             # definition of myself
-  Name = bacula-sd
-  SDPort = 9103                  # Director's port      
-  WorkingDirectory = "/var/spool/bacula"
-  Pid Directory = "/var/run"
-  Maximum Concurrent Jobs = 10
-  Heartbeat Interval = 5
-}
-
-#
-# List Directors who are permitted to contact Storage daemon
-#
-Director {
-  Name = bacula-dir
-  Password = "{{ bacula5PasswordDir }}"
-}
-
-#
-# Restricted Director, used by tray-monitor to get the
-#   status of the storage daemon
-#
-Director {
-  Name = bacula-mon
-  Password = "{{ bacula5PasswordDir }}"
-  Monitor = yes
-}
-
-#
-# Devices supported by this Storage daemon
-# To connect, the Director's bacula-dir.conf must have the
-#  same Name and MediaType. 
-#
-
-Device {
-  Name = FileStorage
-  Media Type = File
-  Archive Device = /bacula/
-  LabelMedia = yes;                   # lets Bacula label unlabeled media
-  Random Access = Yes;
-  AutomaticMount = yes;               # when device opened, read it
-  RemovableMedia = no;
-  AlwaysOpen = no;
-}
-
-
-Device {
-  Name = FileStorage2
-  Media Type = File
-  Archive Device = /bacula2/
-  LabelMedia = yes;                   # lets Bacula label unlabeled media
-  Random Access = Yes;
-  AutomaticMount = yes;               # when device opened, read it
-  RemovableMedia = no;
-  AlwaysOpen = no;
-}
-
-#
-# An autochanger device with two drives
-
-Autochanger {
-  Name = Autochanger
-  Device = Drive-1
-  Changer Command = "/usr/libexec/bacula/mtx-changer %c %o %S %a %d"
-  Changer Device = /dev/sg1
-}
-
-Device {
-  Name = Drive-1                      #
-  Drive Index = 0
-  Media Type = LTO-5
-  Archive Device = /dev/nst0
-  AutomaticMount = yes;               # when device opened, read it
-  AlwaysOpen = yes;
-  RemovableMedia = yes;
-  RandomAccess = no;
-  AutoChanger = yes
-  SpoolDirectory = /bacula/bacula/spool/;
-  Maximum Spool Size = 1600G;
-#  Label Media = yes
-  # Enable the Alert command only if you have the mtx package loaded
-  Alert Command = "sh -c 'tapeinfo -f %c |grep TapeAlert|cat'"
-  # If you have smartctl, enable this, it has more info than tapeinfo 
-  Alert Command = "sh -c 'smartctl -H -l error %c'"  
-}
-# 
-# Send all messages to the Director, 
-# mount messages also are sent to the email address
-#
-Messages {
-  Name = Standard
-  director = bacula-dir = all
-}
--- a/files/bacula/bconsole.conf.j2
+++ b/files/bacula/bconsole.conf.j2
@@ -1,10 +0,0 @@
-#
-# Bacula User Agent (or Console) Configuration File
-#
-
-Director {
-  Name = bacula-dir
-  DIRport = 9101
-  address = localhost
-  Password = "{{ bacula5PasswordCon }}"
-}
--- a/files/bacula/fedora_delete_catalog_backup
+++ b/files/bacula/fedora_delete_catalog_backup
@@ -1,5 +0,0 @@
-#!/bin/sh
-#
-# This script deletes a catalog dump
-#
-rm -f /bacula/bacula.sql
--- a/files/bacula/fedora_make_catalog_backup
+++ b/files/bacula/fedora_make_catalog_backup
@@ -1,3 +0,0 @@
-#!/bin/sh
-rm -f /bacula/bacula.sql
-/usr/bin/mysqldump -u bacula -f bacula > /bacula/bacula.sql
--- a/files/common/fedora-updates-testing.repo
+++ b/files/common/fedora-updates-testing.repo
@@ -0,0 +1,26 @@
+[updates-testing]
+name=Fedora $releasever - $basearch - Test Updates
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+[updates-testing-debuginfo]
+name=Fedora $releasever - $basearch - Test Updates Debug
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+[updates-testing-source]
+name=Fedora $releasever - Test Updates Source
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
--- a/files/common/fedora-updates-testing.repo-arm
+++ b/files/common/fedora-updates-testing.repo-arm
@@ -0,0 +1,26 @@
+[updates-testing]
+name=Fedora $releasever - $basearch - Test Updates
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
+
+[updates-testing-debuginfo]
+name=Fedora $releasever - $basearch - Test Updates Debug
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/debug/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
+
+[updates-testing-source]
+name=Fedora $releasever - Test Updates Source
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/SRPMS/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
--- a/files/common/fedora-updates.repo
+++ b/files/common/fedora-updates.repo
@@ -0,0 +1,26 @@
+[updates]
+name=Fedora $releasever - $basearch - Updates
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+[updates-debuginfo]
+name=Fedora $releasever - $basearch - Updates - Debug
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+[updates-source]
+name=Fedora $releasever - Updates Source
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
--- a/files/common/fedora-updates.repo-arm
+++ b/files/common/fedora-updates.repo-arm
@@ -0,0 +1,26 @@
+[updates]
+name=Fedora $releasever - $basearch - Updates
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
+
+[updates-debuginfo]
+name=Fedora $releasever - $basearch - Updates - Debug
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/debug/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
+
+[updates-source]
+name=Fedora $releasever - Updates Source
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/SRPMS/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
+enabled=0
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
--- a/files/common/fedora.repo
+++ b/files/common/fedora.repo
@@ -0,0 +1,29 @@
+[fedora]
+name=Fedora $releasever - $basearch
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+enabled=1
+metadata_expire=7d
+gpgcheck=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+[fedora-debuginfo]
+name=Fedora $releasever - $basearch - Debug
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
+enabled=0
+metadata_expire=7d
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+[fedora-source]
+name=Fedora $releasever - Source
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
+enabled=0
+metadata_expire=7d
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
--- a/files/common/fedora.repo-arm
+++ b/files/common/fedora.repo-arm
@@ -0,0 +1,29 @@
+[fedora]
+name=Fedora $releasever - $basearch
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/os/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+enabled=1
+metadata_expire=7d
+gpgcheck=0
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
+
+[fedora-debuginfo]
+name=Fedora $releasever - $basearch - Debug
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/debug/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
+enabled=0
+metadata_expire=7d
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
+
+[fedora-source]
+name=Fedora $releasever - Source
+failovermethod=priority
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/source/SRPMS/
+#metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
+enabled=0
+metadata_expire=7d
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
--- a/files/common/sysadmin-main
+++ b/files/common/sysadmin-main
@@ -1,42 +1,17 @@
-#ausil
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAD9QDskl41P2f4wqBuDBRD3VJ7MfKD6gMetMEaOy2b/CzfxN1vzeoxEvUxefi4+uh5b5ht5+BhQVhvBV7sTxxYftEH+B7IRmWigqcS1Ndnw+ML6zCbSTCJOqDvTLxmkZic0NUBIBP907ztMCoZjaOW9SSCrdA9Vp87V3x/KEQaeSNntmnFqtnpQI/N0NlmqxB78p97W/QDpLuftqJ33sM0uyvxXSusThLSFBHjisezsWox49nEKY8HW+Kwkmw+k7EF4tsDWymPB+S0gMsMlTxzjutNASVDmn6H+lgkzns+5Xxii4/mZWrcjqfLuH7vCI2mWykZJ6ek0LiQea9tNN+KZomqX6NbTUK3riaDPrZPNexa4I83Fp+DYNmYgnGMInqn+cZ5PoUJ3u3LaqZGBQeuuONTw0yQ8Pkkn5xibpPO6qblHKcet0pfmWQ5ab+5BDrsyLcPXolMci5h45GNWebr7UMuXT6+q+EolnYgbgDzzGJ4xPohF04OW8CwflK64KEnYcqlGs+DF4TNgGFlhKiyCWfXSjizmQusxn17ayi6+yrkiGeqfz72qyZ1pSKlwA8XRYC2VkAAquJP6zAtAKjCUdmRTSyYgCpoIAlMwBO07BiPLLov6lKdphZYY1DI7pTXA98fhVU04PDqJJYR1GKkttmCsjbRWnxjkPl/Zka1+ei3k9DNidT6j4hFj+uTj8SS70qZUtKLNpc5IcedHaGEK0vcXJm9lIEKBIEnN0PCLZCa4kQZnfdsbuep1fbXNf4WYPXea29aRKJc4hiqsdrccTp4KueHgWt1Jj6CZDZcFgX+NlUVWwk6djgjRzHUryExtsjCcgGMPRJWdUnVcpgkQ1qJhEXng3W+nFFboArWfwU8u1pXEdeE1Z+m+ows3nJHdEgQevyy/cUx6BPNPZkBh10MWskSV8Z+vb02vJB+QikRMwQs3Ywf6RMaZFrBkWD4FfUaU24f4wgtPQN7j5xxJ2rWLJ/s9ZOWSl9yrytC6ZUQwmayLmiPUdm4u/7ZZmaly39K1YWqFDl3eUrRAZwf1L/NAqFu/qcQQ3Xf20K0nI55nVbZ8ODyx6BtfwoioblnTEcehK0uud5Vamc5mfpErFY0agEecsc0sMZO+ky9pf/gCUdM7je7kMDI2hdx61fOa8Wypb5u9WNBWKRKx8xT1XUKhb2uFumm3sR1iNm1Qhj92mo/NO2aETOA1lsYSL0XK571Yy0iFK3X1nOqp/gCsEGLI8OPQk6XuFqv8hmfiIXNKV8IwuDStw7eIvuQIgT7bmMkj+1Ca25foSmg3w5FqJux1gO9t5F018LeQZ6LVlYHZaQnaN+eTU7KfoCozhWw1H9pprDz Dennis Gilmore
-
-#codeblock
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAACAEAstHxky7hl1inyHBy+q/9M+Aen2HSfy8IoW+sAO6HSuHEUT7qWB8AlSNjHhahjXx7sy/BUkUed+NB/177rjlThokZDJ0yoM9KKymp26ETGaamBSkWBxZatTj96BWfD0P2K9jc/9vxtgKBq3VK9UaOt6VtJ9q6mKY3DdWLZn+K6iGQAKMCAgd8cCMgD6epBB5/litz7WhYv+aYTyjZGUGbBojQUiWgXDv9lR7p0w+VP7pnZEeb3//k4pZhsPrKFwwRVRLxBvWgVKNvA6nMXmsdikHCLLj8YAevhEY1xAba+iCKOpTqT7Bu+1Fnb9St8u5iDod21gRmN7MGGWYsO+Iu2MNAW9sw2nsA/sdNR0HEEgBqJLhERjGv399fWKyiZaF90n59lg8Pb6EzE6wHRs6rSB+9uKApBzPk99BEHLvC6mhn6RjrOC+TWSTcmXojAwQYCadqIdgWUaBsxaugKEXBFcmRuDWtpDfsqmM1kjeGU6MiaMlqPW0KjsMaVVChLO5ZvB/T7qW4wr5ZjLri475MuHocCMP0ECSUk7I3YW2h8RU6FEFmTpuULFRQo01iPreY5XJ7l0+xy2eggAWo+X2h3nGjXhCPOelBg+LYe0WOmPgB5oc1m5HZtFTcFzYbhAE+xQKlbwNeYT8HmNmEMhPjVoNyOOV7NAap+ueS2u/7li5D59O5Iy8aa5n/WiuYfkqH4pG796nFyLr5L/LVudzyaYFb/Gk8C1j/NAWYw53D/9aOA277HHe5t0/daJhbo98u0asF5mvPld3swPuPqkEZzgUfmNgH5CkvcQcMzaOvj6qr6xNmQfgsHroCShb46kplQ2uSf1pMAqsjN7jGhk6l+Bu6hKHnJKhZJVLiuAZtgYvkCB1ahaO3wRVozA1VKCAlqHOqoCq4YLIobUL95H08Kwcz7vIRIadX1TkOoLb2EwPkE/xrhDp4BySh+j6YNklSBkiRHvJMBNnRIj8NTRjYyj2o1Om7kJ770lEdryg2og8QBaFWCmFkwzg1QVrBOuu0dN7kt2l7VI7Ib4lavKSVTrqUdxdSbthUlu/b4Qif+pbyEtUFgykRsHVs+5Ofg7FZpsgCJ8rLFjzeVF/hAYX7t3XaIPLu+DL8kzamb/CRy1b7+iAw9nJbd7ED2SGyU6+c2coMPG23y6+YxgEmNG/rkCLCypkEEDOZe4DuMerZQ/RxMo06+glC6HC/3VN2dHlVLtEEV33B04/6Z0plAhqtjG7PVs08f8a5msV/VYn5ifa4z0oIXX1r5CIg3Ejp1JguLhBHpWa7YbS2Mwu6GAbD+hQfCYrsUkFonoOLu5czpITLo7ceJFTQmAt7OxZEoZBfmtYfzADQsQVYQb6J4QwvM3iKJOn30dgtYnJOVlDZEn+0fivedxoBAt9jHJ8lVp2ov/dOFnimi5V+2QIMB0fKTkChsk10zsDZ/KUk6zfijjEju0WfjRHCd357KswNv3aXHazfRIw77S2UOenD+xmUDZ6WgnxservUSDNDz7NldLf/gdPOMO4uSwKZixzsoCNioeLEmQv4gomNK7DyZBLMHLlWlbliqP+QWuIJO1rfoH2vaxzzA7l5tJW1gfnxm87RrrwIf9v5kpdJM6gQZxqmBCRsKQd5VkrEJ/xaFfkv080pWNV0drWTZW8fAAgfUNYB260Hyk3rHsjQlVtQxGJ1aAcgjMi3eGKQMwptbUMYHqct75czX6xp6zgXPiC/glX6AtuiZQ5bOI07imil20ien/ks/dnel8L+dmYDasL9m0B2jZ3lbl3eR1Dy7UhqGyERx//vYQapEBuwFcqQ9UdIWCGGG2Pte1I39BSehUUGSCOOD38a/GCu0l7OWZKdwq80MK/Ixgz4neiZQZ7MD2wPy6vk6Num18PZPN7OynMrI2UG5MViQ0GAhRgxwbUCvc7uKnGRqZo9q2mCabCxLbv+hJ4bppxpHHJxMDDXilTKMfZb0YRbvjBUi7LFKLN3MBMK2U1jHE+PjBgweqF8Jtuw04CQMxK3unajZOVkYAIq8IdMbw0oBVP4++eGB9z0x1eH+IsqL6IgknbbyoMgQqW9/8atm8HW2QYCX47oPd4FHs8rgJZk3bz8MwN3tp8WCRtYnJuwkWGWSq77ans0Ycl/tUfSSwUjnSvMsJnuSbxvdX0XbP5eRWikk0pJz5lM9sjYFOPHrQ44/U254yBa0N6UhyNTQnMGzRvY+fADE49b10hXZwCCrxpY9KvGr1XNJMnMcUke+4p9RS5LUwcZ8A6v7oWtZaZwnuBzvKk+HAn2gevD7Stjto+TnRCx1qcbx8iOhAEC6nvbLl+U313TmawrO/usrI5w3EFKP/4BnlKJDtNBeklJ0MpU3R1fmisqfegjuBW2bbaxq8Uo6m7uqPsYuAl7E6rOyZHLbtA8szvbQ46MSqAHezqxHJajWn2oZXMtbddgO5vlkxbRp3SSVKaPOeIj3XOGl78Owp4gFNRE0RY2EuUvrwUhXZR4wx1VHYjS6o9HAwOx3dH+pf1OiblUEanLQ9HLuOBkLhP8wn1M2slsSw+A1gyuI0ayjRujYFXdw6Mqp6XKTdU8vNue2c3d0I+TMifBypP0oJtxXmEoPp/VsU9yLKA2FF7Xvv/Xq1gtZcuZWAbSwMok/ENY1xeIFyjV+0yBidmax3jaf9yus/XEpyeBS3iIz63ymU10Kb2vrWjubg/sa2yd+q0y96dLdDRbnbwGwMmg6mXvTlVXf8c= ricky@padlock01.home.elrod.me
-
-#jstanley
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5bNJQBrvT/YuvfLO0y6smZW5N+946uISkzmDi9myffLgHAZP4nBGeH/4GcB5ns9HJ19xVtbIwqOz4QwIqKh4gKU7DgaqND2Iu0bUUFL1KXPLGyAIW+9N3yHB+nKkH31alDnF4dpKkvO63DRkqh4ptxwEQbZDCFqn+vXuMnG4cPmDEweR3QZUt5m0Vc7HXzbehZxjUZ3xRWvT/pu+khBhJcRFkLlA60Fnqv7Q+MQP1C0Cpf3hiX1LcXUogXkNooAqx1YYRd8VqvI8e9yQW+a99x8FftnmXKlGCxP33ng6+U6Y2H7u3cRDrlRTbWqkry4SuUYo+6MtvZVgL0fw6PsZ jstanley@hawtness.rmrf.net
-
-#kevin
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJH1lA7WHRCbaFtvzbw0HxHYJstZjuXhax1+eL+SUJ5fFRGosEc4fLrSCP0gSFDfXmNzuspoBgcQTqnNO8FdIUwkJLDEu0vTQls1aT9YUXb+RVwKB7ULA3b1dqFkmOgLEjTJL9AplK4OJ9Su0kq6QBV4mXCxMsgEML/gn6r8muZmu2L/LdzUnxKKggyq7O5q1K/eW5Yy21fpvbHt2UPQX1f6gt4ty7E9Nnuhi7SHCI7fNIa+kHyIesfTm/SzeK/PY9rDwZKjuyS8o22GJXGEScJomK1cjMESH/J+t8Hffaj88BjGHNczvcnXAjq6y73VJQ9DiGLD4zmFquQMxDu0Tf kevin@jelerak.scrye.com
-
-#lmacken
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDefONrBaBJlCxKtDwkYWVhf96lMhRQfwVJyBoBd4Pk6TqKMlAu2eST1xRZlV4cJSxAWgZpOaFgqJ5EGd6mq8PvVk+mKXdtX7CAoWm4f3c6otUFsFDCTw3gVvYSlEk23XBHuACsbAVNL4HmP+9C7PxQBePukbMBFD2smsyQkPcX7lZw+lDJW5lOTz3dHAA92bcopDycxRDI99gGkawzjlmxpm2C9nhRabKS6mpGw3N64d8hwHkkFbtHY7rS0/0Cka0geYYYv0NVki1IIctkhZE9LndcWbVcVe1pIlR0RyW2sorfgCgoa5fRZZhukUCtspdv981h/0b87RpRVUJKuRd1 lmacken@tomservo
-
-#mdomsch
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsmLoA/97DrE7roCHOY7NdB5TV/g7oxAsk74HgHcFRYAbn/rkoa7r9ZsgR7qzwd6Z+5Z77qFqvl1Bs3XtJf+1vJ3kwdcNFdKTw1DgTdE/rNPI7QzUgXKKKv/WCiU6UDBX4HHWq8Yuq4tkr/yepS8sLzMz2e0pHU4uWFQuvr5ttP9ABGohhDnPr0IcaT5vm+uBTJItJBrhqGws2fnVxhWEm8Y96AZb2vFZVwiMdcKKqfVZby3/wTuEtaDbv0krQNtLJcjaOTWLHWnxJEvLWSdFgkuIDvoNKR7ZV2lsmh5UD/smStgf8TkORR59r63dp2kWAn0/Jl59ARsdXDXGCiduF3GamxglTUA+kYbkN/PBQbl6o+nNKy4Q5TI53WNmhpdsbEJWCjzT+V1ju5JejFEHIhnWyBoBUWB2NKxWaSlToI2B9E0iJ0HK68IlA7bO4X7SD8q5cZBVTKMByFxt9uQXFeZeG7QRCPIsg6bXsirnFn5028iz+RfVFe3Mavp18v1hObvH6SDTczQauuAhTwYOtphaPZj+iHbaKvKndvlOWdGoyrNxgcx+t4loyEEcEWD0Astdp0bZD39nag94PD7hnoENOC0oE6mbtyUuSCGrU6ogee8qxYAt0AP3Rq1LLaRWXqe/1rM5A9oaDNwNkWA/JWbJbZQf0vvWTZmTib3rfew== mdomsch@fedoraproject.org
-
-#mmcgrath
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7U0WbKLL/D6iR03/vdDZJ8Lkj1jjAkindSvC4PkXVgi6qJo1YBZnIgsmoQopYcra2yzHFt58crygIh79P/rpQowWY99W+Sk4kB9UNuiAiX/LRi+1YdxwCKcRNTVOwuji6MGZoscACERmIjPY6P1oFPERoXhUkOuzPcrDK/0z/Bp9dpNRVZE/0zN6dvHA9QODLGvcFtgnX73SbZfoIbaVP/37IvOZvjGI1jxC5DwCmY+ihM13GpELP6BM8iihlnl1pjk1vtqPxD9g9Llr14Sc6cZJKl1WCulqhde4SEMOjpMJ8J8cGYBSsdh49hB36pdKQuTTnuCXpEt5Tl8PUKCrr mmcgrath@desktop.mmcgrath.net
-
-#notting
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3eVd6Ccegp1r1mhm7tPnlGUcw0zsAbR2p9hrFZ7RKxdIponuVV9ix4lgwpNEVDs0j4vxAApeLpJrsV8R8+YLUZO3Mzi+2s8nM8LXrKHtJT9wKKqoU3O/lC79drbWk3EMgETyP61Zpjkub0hwG2MjviPee63zCuRbxzxyalzk+AtwkRSxYaS2Ha0uKxGDiq1c/Iu6HRgm8HrtW+Pr6QbSSoHLhGUpR0HkgoC6852xXGhrRMkzXXbD9L6vaK9F39YmzD7Z8yey+xDTFW529avkEIWDeqBpbae+HjKqEQaBx71/rcmXhqKYrEagzUGpS8Bwskp3JMksd/v9tMuUhGQ2XaooCeKzvM0KnVUk/Q031ZtjNYxLpy/rEqbyt18+8wYOvVoGgnRZ/yJ/UVwYbGJrttYrrQmaJv7b357bkgDJobkIki+zGzi1xkvb85JWEt0mfh38H2vCnpwQtSAIyF/hmrS+1xsD/oAoc83IUhsVYcDhLbBEVKMX2IsJLMAPwCE6GexRYyVE5vEN4PMV9A8VmGuIC3IzkPEbStdtlbP4ttNKtfwS+MrY+ceAABDixls6xpedgT1he44R+7C1p+w4uj4TnYReLVce6+KgfJ6mz8CTXVULLWM4l2H3PylEUyoHGRDpVanGAvm7h2D0HgxErWIkjZkL79GFhzQc1xjzixQ== notting@nostromo.devel.redhat.com
-
-#ricky
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDAeAohiRJ2v/RO7R9GS93TF92Gc9ixK6HM7wlbMdlZ4yYAbeoEX8VpeNaSTfo/Nw3zazr9VpmpHg+H70K8ljQsPgRwcgpetRVpF55M5FYjqM5oM+N94HV3nSGcnWbSIho1R31DaDH2ptxVqgh2m5DG7Bc45w9Bd4wjfdQ8nBrGv93tuH7X/cee4g6GvexLm5nXhAngdEmiyxw5MHuJAvj+54l4wMXRWpeF6XlI2iamW42nLSfRMCFkGNiXvBm8zkfkeH2L7I2cNKXXoP/cPCd3G/teIsI9FDqYpZ6CS0zMkWhlTuh7rlCjc9+nJsLdDLgwhb75skiUOOfimGvCCxWeHuCsSL+KpCu4AgI9UAVgO6xblDlmbQXxlGopep29U/s00W/0qv3Zp8Ks4Za0xHdoIwHiaLM0OYymFaNDd3ZqFG0FN23ZjcGqUmFGhGfUQRDt72+e9HtXlBJ0mUaCX9+e4wFGTVciG1/5CKsLHCaLRf+knsWXrv2zcv9BoZ9SCAK32zCZw05wjcmr7jYDCTLmtC6kEBNaOeE9Qqi2oomo4ji8ybg+Qq+1BwOtJKExvmZaooBZud0qd24HmCU0/0ysw732jGcqexzxsCR0VArd+7LKexOD7KwMW0VUss6fdOWac9gwCLx9FaKYh8mVvcQjKhKGI3aO2sXRUWSbBJw8w== ricky@alpha.rzhou.org
-
-#skvidal
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjlnCEiFMrKpkiIBjs5IW1+RXDald3aKvTszj0hUw9Gl6w3vt3RAiqTD/XRKcNdP0+pVIK/I4KexKfZzemNZ8UYmZ+a9EK+Gj7OQbJv7TQDeR0zyJ8ZgFXaWoN+CnWXLO2mp9poysUR6CILjaDJt4GDxJaD+bebRu+zxUQSlgrjObhIUTSfwsEJu++zK+fy4+xSEMG7SANEJHd+zOAw6+isLnnbp8qY2fs3reKpc8XPkyJscLU4BQV2cGXwlPUhzPVv/itUUV/uWHeAqoz2i5XG4C0/BXk6D85qkGIyE08Nl3COxn6giivrdTIH6W4dUtBdYgTMZ3RgMHL9ClLpS17 skvidal@opus
-
-#smooge
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnzCHH11nDM1m7yvqo6Uanq5vcZjBcs/mr3LccxwJ59ENzSXwUgEQy/P8vby9VKMwsskoaqZcvJdOSZBFhNV970NTPb69OIXPQAl/xhaLwiJOn606fB+/S8WepeuntS0qLiebbEiA9vIQLteZ+bWl1s/didD/sFo3/wItoTGA4GuShUu1AyWJx5Ue7Y34rwGR+kIvDoy2GHUcunn2PjGt4r3v2vpiR8GuK0JRupJAGYbYCiMBDRMkR0cgEyHW6+QQNqMlA6nRJjp94PcUMKaZK6Tc+6h5v8kLLtzuZ6ZupwMMC4X8sh85YcxqoW9DynrvO28pzaMNBHm7qr9LeY9PIhXscSa35GAcGZ7UwPK4aJAAuIzCf8BzazyvUM3Ye7GPCXHxUwY0kdXk+MHMVKFzZDChNp/ovgdhxNrw9Xzcs4yw7XYambN9Bk567cI6/tWcPuYLYD4ZJQP0qSXVzVgFEPss1lDcgd0k4if+pINyxM8eVFZVAqU+BMeDC+6W8HUUPgv6LiyTWs+xTXTuORwBTSF1pOqWB4LjqsCGIiMAc6n/xdALBGUN7qsuKDU6Q7bwPppaxypi4KCvuJsqW+8sDtMUaZ34I5Zo1q7cu03wqnOljUGoAY6IDn3J66F2KlPPyb/q3PDV3WbY/jnH16L29/xUA73nFUW1p+WXutwmSU= ssmoogen@ponyo.int.smoogespace.com
-
-#spot
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFZ3AD/I0OfU84IrK573amZptucuBrDxHoue/c+PUsD3MGIA6QXRceq3ZkLuz25OAAu53hFxzCE4d6eVS299rVR8Cd+tVU8aqBdTHzdqv52Vs8zRfXMW69sV7fhwRLaQDcRTwY90Wmz2MbZmN996XmJDNtUIWI2mML+PBYEdO0PyiB2ttb7mmA3SwtC/rwEMJL2YHh+bTzlJ9W4BgFcFwizMXU3mk5uGp2/q3nKzEvgTROM8yWvqdM34cRYpjFKyOlpo6k3SPt76hgDUEIsAu6Ul1S0FHTCRMIihcxZOSN4frMtXVjX0NhW9mKcn1IRBpzd0Yon/gPB8OJ31ojIIop spot@pterodactyl
-
-#toshio
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDfgKJEBuHFlFc8/IHDeIpdprNnAFQHkicXAFfAzIJSkhUaOJFjsulmgPZn2TJJpYqFAxYUjhWJOdrOwx7AHSg6gWu4TT4a0sTay+Z0eqZOShf5UL/M587DxJk1JZU8g812yDKZMc7Sv7K6zdteONnCvno1kALSg0F2MVMJXFjE/tSontkIRH6IuG19R19NGEj1h56uGwdfe78xjOmv5wk6RZBjaOKqiPSQKNqCKbY9Kyz6yrem2M5uxRK45u3wSPJdmopo8l/nwf0p6ydrUSL5C/aXGh7LPqh31eTBDQUbWHw9LQMk1SibMGQPwJt59lLMlzc5OQZAJEbadsDAgl6VVA6MZkBQROiK9E087kvPesMoGWE0KBgvTqzpBZj0uHATP9i097dv80gjupMyaePsnQOxk0wRho9nRkxRo18Drt3QPVND4YGHzahMe/YR2N83MkbnGoP8K+GsFhLMAp3NKh6yUofFxTgRiB6H8ULKf3CV+hlk0Z9RJR3CpgMTKILYHPlaleJqoP6sXg6tJxI0rUE+0jUKvaTj+N2gX0MjKfUINk5mTbjD2mdVrPtKOBvos2luNhY5nTDpJuAHQqnFHPlPw8l3lXC2VBWOjqfTeeS+qD7ArKe6F7IO5ZNxJ2mTUuodhaPySta1MS37DWoz6UqeJu+wKIsHok90+EU4aAvUABh3RXSQA1E3IaxkooMhhrdIQO6K4L0M+CZ7lP35sW5pnwsN4sFlPec9Xn5e15LTlb9yFlx7Nm4DE2SX1s9QyMRE7z0LNO0X7wiihojuyQM6OQwc+ZaaDw5HerBisX/3LcC9osVLQQg1pt91YcCczUQ08qfUJV6aOD962K+EGzVFQGGauJDzgEH9BHQg7QwCWr0f3mu8/TNBzys2c0YsywDUc3AT1KP6TEJcR/dy6WbhJD3qyO/BLfCzRrHUOIaz+WbwmfTX8tGEQnVV5sEkZ39PWA1hRQ83b3MNV8cRJl+h/FnTk62yM4ZqGu73+x8JiEG3HAJp9/xYfNSwg8++PojJBXe+yM6DrTh5fTnBhxatLEKB658p8jTqJtF4+YD9D8+L39xEns6GQ7FphNqTC6IcpXyqq+zNuzF7vs/T+5n7978dUs3sK6YpBX4BlDxK6MsRF1WYqajEVeBJEMwdX2rfGkN9B5GfWdmdrzBjZQ6yyvlx5Dg++qgxpMiVOXSnw5v7H03PrT1we9wKre/2SQ1A2Oq/UDt/7tR2cMLoaPDNBpFT1W44LJB7o9iDT9YHUG3dC7R8JoeJ5YjyFmxbUQ5xg1oHnrBaPrGCuEYdQWhuDmp9Px2yRu8Agxzr9rNCZ/W8nWJVmvwvlXoldrum2rAECx0wiWqBhQ/+eX65 badger@unaka.lan
-
-#ansible root key
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmS3g5fSXizcCqKMI1n5WPFrfMyu7BMrMkMYyck07rB/cf2orO8kKj5schjILA8NYJFStlv2CGRXmQlendj523FPzPmzxvTP/OT4qdywa4LKGvAxOkRGCMMxWzVFLdEMzsLUE/+FLX+xd1US9UPLGRsbMkdz4ORCc0G8gqTr835H56mQPI+/zPFeQjHoHGYtQA1wnJH/0LCuFFfU82IfzrXzFDIBAA5i2S+eEOk7/SA4Ciek1CthNtqPX27M6UqkJMBmVpnAdeDz2noWMvlzAAUQ7dHL84CiXbUnF3hhYrHDbmD+kEK+KiRrYh3PT+5YfEPVI/xiDJ2fdHGxY7Dr2TQ== root@lockbox01.phx2.fedoraproject.org
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDnI+8JwOdXUO6T7gI6oXHUG4oQJsMsCwEGnRBjU4po93i9g9C5sShgqJMvBI2wzDdgL/xOFJeHuo+WTP6W/oiv8KHEco3wXSI4OlsPanORGn2TajwzEaYlfxJNlQPvmuxFxcrfkPF8cOGa0DRNTLZK7abO3tKfZV7IJyNX3Z0LFZ+VwcJBy1ryg0GonMYkjEreiAgJyGCJ1crnKiRMPSu/QONb0MTytMlJRtc/Lfi/KkT8C/LQ/e3zA5DWo9Ykb79M1k4MmtmE8mIUlWUQ9hagMhCj3/6Uze04H48fpYzDPr6AHU6rqxLTdBGgLCeSIUkE1ReZpAk2E+QAB/fTliydT93ig5i2RDt3YHcAa994C85bc0D+A21u0H/LzR1wbIItx+MpOkZePHevDSe4y8ULx0cUiEHxmTTZ2C6j+1EqaP5PeWEqlU3iXTgiqOzTEwfEaH7nScBpGbFmPnzdgO7xLuKebnvWjGu6d8Jd41KN5dN5WNMJaNEXBl65ySfeQYCCX/JZ5bfvC/07zAKj0/RKOFMyS07rb0rKh3EBcRx/tHgCq0hJ23NwfkShchj7v2Zh+JjgHKBv1+ZiIwnx2/WuYwvKwyqXZ5Jpy+lgxcC7l11w1ZN3tCd66E6NdU8AJIOz0n+trIorsipQBY0In3ZBLUU0PUYwno73e7ZabgcE7Q== patrick-new@fedora.thuis.local
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDep2yv5JTFJ0IdCiqumMFfNdu3H5Ej/rVVDEotS+3n5+1plKvajPXOA9c/0RLrBC/vL8LqDVrxBaiCvPFCIRN9a3Y1ru3Dwg++NmcMEvYq/H3SMHhZsH1yjlCD2r38znpX+D+CBMQnn7F5jqYFAnaMeESrgGGFFANfJN9HdHjb6eIrBGJyUOJ2JnZnhLFT5y7ru2xRMDmgsO3U+crmecYAeX/4iUadUxit36defAniVOA/3Jwva4Gjz73vIDTHNy1mxB8Y2ZBBl9WcL4qHc6wnAyFaiULcT5++Gdjn+MIyL86G/7mIIgC+fcVk/5JrdwMBiAZYMUZO/pzPobOe0spF threebean@marat
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2xAeq5uO72kY4mSFgFl9ZSveiAqe4tUv8hemrxwZH+w24RFOGrW1nOV+hjQhRpYVNwvqJkrd9N7VY/HXkd9df2AgQyYoiVfeMPTA7lB0/e/S1Bd6XGdWudvqRU1O6Rug0j3RQOuz7WDJgnanBVcBl8+X7EaPGpv9aILgh6CJDOVAO2GgaFdzI7CHtR99CMqNG7BsQF8C9Y8ALK+8HOPRE0R1wzgaAw85HTo0gyIWcrZqr4HI/QDuLjUQ6AZSgzE7dTiwZuFnUjLBnL0YP1bxJglt9IFx6r6jvdp/yMD+Bn/91WvmBL/AD+GIQ/ZydoeLo+JQW22ibiX/SzdAE4Cd3 pingou@FedoraProject

--- a/files/copr/boto
+++ b/files/copr/boto
@@ -0,0 +1,2 @@
+[Boto]
+https_validate_certificates = False
--- a/files/copr/copr-be.conf
+++ b/files/copr/copr-be.conf
@@ -0,0 +1,58 @@
+[backend]
+
+# URL where are results visible
+# default is http://copr
+results_baseurl=http://copr-be.cloud.fedoraproject.org/results
+
+# ??? What is this
+# default is http://coprs/rest/api
+#frontend_url=http://copr-fe.cloud.fedoraproject.org/backend
+frontend_url=http://172.16.5.6/backend
+
+# must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf
+# default is PASSWORDHERE but you really should change it. really.
+frontend_auth={{ copr_backend_password }}
+
+# path to ansible playbook which spawns builder
+# see /usr/share/copr*/playbooks/ for examples
+# default is /etc/copr/builder_playbook.yml
+spawn_playbook=/home/copr/provision/builderpb.yml
+
+# path to ansible playbook which terminate builder
+# default is /etc/copr/terminate_playbook.yml 
+terminate_playbook=/home/copr/provision/terminatepb.yml
+
+# directory where jobs are stored
+# no defaults
+jobsdir=/var/lib/copr/jobs
+
+# directory where results are stored
+# should be accessible from web using 'results_baseurl' URL
+# no default
+destdir=/var/lib/copr/public_html/results
+
+# default is 10
+sleeptime=30
+
+# default is 8
+num_workers=8
+
+# path to log file
+# default is /var/log/copr/backend.log
+logfile=/var/log/copr/backend.log
+
+# default is /var/log/copr/workers/
+worker_logdir=/var/log/copr/workers/
+
+# exit on worker failure
+# default is false
+#exit_on_worker=false
+
+# publish fedmsg notifications from workers if true
+# default is false
+#fedmsg_enabled=false
+fedmsg_enabled=true
+
+[builder]
+# default is 1800
+timeout=3600
--- a/files/copr/copr-be.conf-dev
+++ b/files/copr/copr-be.conf-dev
@@ -0,0 +1,57 @@
+[backend]
+
+# URL where are results visible
+# default is http://copr
+results_baseurl=http://copr-be-dev.cloud.fedoraproject.org/results
+
+# ??? What is this
+# default is http://coprs/rest/api
+frontend_url=http://copr-fe-dev.cloud.fedoraproject.org/backend
+
+# must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf
+# default is PASSWORDHERE but you really should change it. really.
+frontend_auth=PASSWORDHERE
+
+# path to ansible playbook which spawns builder
+# see /usr/share/copr*/playbooks/ for examples
+# default is /etc/copr/builder_playbook.yml
+spawn_playbook=/home/copr/provision/builderpb.yml
+
+# path to ansible playbook which terminate builder
+# default is /etc/copr/terminate_playbook.yml 
+terminate_playbook=/home/copr/provision/terminatepb.yml
+
+# directory where jobs are stored
+# no defaults
+jobsdir=/var/lib/copr/jobs
+
+# directory where results are stored
+# should be accessible from web using 'results_baseurl' URL
+# no default
+destdir=/var/lib/copr/public_html/results
+
+# default is 10
+sleeptime=30
+
+# default is 8
+num_workers=5
+
+# path to log file
+# default is /var/log/copr/backend.log
+logfile=/var/log/copr/backend.log
+
+# default is /var/log/copr/workers/
+worker_logdir=/var/log/copr/workers/
+
+# exit on worker failure
+# default is false
+#exit_on_worker=false
+
+# publish fedmsg notifications from workers if true
+# default is false
+#fedmsg_enabled=false
+
+
+[builder]
+# default is 1800
+timeout=3600
--- a/files/copr/copr_bashrc
+++ b/files/copr/copr_bashrc
@@ -5,6 +5,6 @@ if [ -f /etc/bashrc ]; then
 	. /etc/bashrc
 fi

-if [ -f /srv/copr-work/copr/cloud/ec2rc.sh ]; then
-     . /srv/copr-work/copr/cloud/ec2rc.sh
+if [ -f /home/copr/cloud/ec2rc.sh ]; then
+     . /home/copr/cloud/ec2rc.sh
 fi
--- a/files/copr/fe/copr.conf
+++ b/files/copr/fe/copr.conf
@@ -0,0 +1,30 @@
+# Directory and files where is stored Copr database files
+DATA_DIR = '/var/lib/copr/data'
+DATABASE = '/var/lib/copr/data/copr.db'
+OPENID_STORE = '/var/lib/copr/data/openid_store'
+WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'
+
+SECRET_KEY = {{ copr_secret_key }}
+BACKEND_PASSWORD = {{ copr_backend_password  }}
+
+# restrict access to a set of users
+#USE_ALLOWED_USERS = False
+#ALLOWED_USERS = ['bonnie', 'clyde']
+
+SQLALCHEMY_DATABASE_URI = {{ copr_database_uri }}
+
+# Token length, defaults to 30 (max 255)
+#API_TOKEN_LENGTH = 30
+
+# Expiration of API token in days
+#API_TOKEN_EXPIRATION = 180
+
+# logging options
+#SEND_LOGS_TO = ['root@localhost']
+#LOGGING_LEVEL = logging.ERROR
+
+DEBUG = False
+SQLALCHEMY_ECHO = False
+
+CSRF_ENABLED = True
+WTF_CSRF_ENABLED = True
--- a/files/copr/fe/httpd/coprs.conf
+++ b/files/copr/fe/httpd/coprs.conf
@@ -7,15 +7,58 @@ WSGISocketPrefix /var/run/wsgi

    WSGIPassAuthorization On
    WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5
-    WSGIScriptAlias / /srv/copr-fe/copr/coprs_frontend/application
+    WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
    WSGIProcessGroup 127.0.0.1

    ErrorLog logs/error_coprs
    CustomLog logs/access_coprs common

-    <Directory /srv/copr-fe/copr>
+    <Directory /usr/share/copr>
        WSGIApplicationGroup %{GLOBAL}
-        Order deny,allow
-        Allow from all
+	Require all granted
    </Directory>
 </VirtualHost>
+
+<VirtualHost *:443>
+    SSLEngine on
+    SSLProtocol all -SSLv2
+    #optimeize on speed
+    SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
+    SSLHonorCipherOrder on
+
+    SSLCertificateFile /etc/pki/tls/ca.crt
+    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
+    ServerName copr-fe.cloud.fedoraproject.org:443
+
+    WSGIPassAuthorization On
+    #WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe threads=5
+    WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
+    WSGIProcessGroup 127.0.0.1
+
+    ErrorLog logs/error_coprs
+    CustomLog logs/access_coprs common
+
+    <Directory /usr/share/copr>
+        WSGIApplicationGroup %{GLOBAL}
+        Require all granted
+    </Directory>
+</VirtualHost>
+
+<IfModule mod_status.c>
+ExtendedStatus On
+
+<Location /server-status>
+    SetHandler server-status
+    Require all denied
+    Require host localhost .redhat.com
+</Location>
+</IfModule>
+
+<IfModule mpm_prefork_module>
+    StartServers          8
+    MinSpareServers       8
+    MaxSpareServers      20
+    MaxClients          50
+    MaxRequestsPerChild   10000
+</IfModule>
+
--- a/files/copr/fe/pg/pg_hba.conf
+++ b/files/copr/fe/pg/pg_hba.conf
@@ -0,0 +1,13 @@
+local coprdb copr-fe md5
+host  coprdb copr-fe 127.0.0.1/8 md5
+host  coprdb copr-fe ::1/128 md5
+local coprdb postgres  ident
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+# "local" is for Unix domain socket connections only
+local   all             all                                     peer
+# IPv4 local connections:
+host    all             all             127.0.0.1/32            ident
+# IPv6 local connections:
+host    all             all             ::1/128                 ident
--- a/files/copr/fe/yum/copr.repo
+++ b/files/copr/fe/yum/copr.repo
@@ -0,0 +1,10 @@
+[Copr]
+name=Copr
+failovermethod=priority
+#baseurl=http://copr-be.cloud.fedoraproject.org/results/msuchy/copr/fedora-19-x86_64/
+# 172.16.5.4 is copr-be.cloud.fedoraproject.org
+# see https://fedorahosted.org/fedora-infrastructure/ticket/4025
+baseurl=http://172.16.5.4/results/msuchy/copr/fedora-19-x86_64/
+enabled=1
+gpgcheck=0
+
--- a/files/copr/forward
+++ b/files/copr/forward
@@ -0,0 +1,4 @@
+msuchy+coprmachine@redhat.com
+kevin@scrye.com
+nb@fedoraproject.org
+sgallagh@redhat.com
--- a/files/copr/lighttpd/lighttpd.conf
+++ b/files/copr/lighttpd/lighttpd.conf
@@ -90,7 +90,7 @@ server.port = 80
 ##
 ## Use IPv6?
 ##
-server.use-ipv6 = "enable"
+server.use-ipv6 = "disable"

 ##
 ## bind to a specific IP
@@ -112,7 +112,7 @@ server.groupname = "lighttpd"
 ##
 ## Document root
 ##
-server.document-root = "/srv/copr-repo"
+server.document-root = "/var/lib/copr/public_html"

 ##
 ## The value for the "Server:" response field.
@@ -445,3 +445,11 @@ server.upload-dirs = ( "/var/tmp" )
 #include_shell "cat /etc/lighttpd/vhosts.d/*.conf"
 ##
 #######################################################################
+
+$SERVER["socket"] == ":443" {
+  ssl.engine = "enable"
+  ssl.pemfile = "/etc/lighttpd/coprs-be.fedoraproject.org.pem"
+  ssl.ca-file = "/etc/lighttpd/coprs-be.fedoraproject.org.crt"
+  ssl.disable-client-renegotiation = "enable"
+  ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+}
--- a/files/copr/provision/ansible.cfg
+++ b/files/copr/provision/ansible.cfg
@@ -6,11 +6,11 @@

 # location of inventory file, eliminates need to specify -i

-hostfile = /srv/copr-work/provision/inventory
+hostfile = /home/copr/provision/inventory

 # location of ansible library, eliminates need to specify --module-path

-library = /srv/copr-work/provision/library:/usr/share/ansible
+library = /home/copr/provision/library:/usr/share/ansible

 # default module name used in /usr/bin/ansible when -m is not specified

@@ -48,7 +48,11 @@ sudo_user=root

 # connection to use when -c <connection_type> is not specified

-transport=paramiko
+#transport=paramiko
+transport=ssh
+
+# this is needed for paramiko, ssh already have this said in .ssh/config
+host_key_checking = False

 # remote SSH port to be used when --port or "port:" or an equivalent inventory
 # variable is not specified.
@@ -69,11 +73,12 @@ remote_user=root

 # additional plugin paths for non-core plugins

-action_plugins     = /usr/lib/python2.6/site-packages/ansible/runner/action_plugins:/srv/copr-work/provision/action_plugins/
-
+action_plugins     = /usr/lib/python2.7/site-packages/ansible/runner/action_plugins:/home/copr/provision/action_plugins/

+private_key_file=/home/copr/.ssh/id_rsa

 [paramiko_connection]
+record_host_keys=False

 # nothing to configure yet

--- a/files/copr/provision/builderpb.yml
+++ b/files/copr/provision/builderpb.yml
@@ -12,19 +12,20 @@

  tasks:
  - name: spin it up
-    local_action: ec2 keypair=${keypair} image=${image} type=${instance_type} wait=true group=${security_group}
+    local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }}
    register: inst_res

  - name: get its internal ip b/c openstack is sometimes stupid
-    local_action: shell euca-describe-instances ${inst_res.instances[0].id} | grep INSTANCE | cut -f 18
+    local_action: shell euca-describe-instances {{ inst_res.instances[0].id }} | grep INSTANCE | cut -f 18
    register: int_ip

  - name: add it to the special group
-    local_action: add_host hostname=${int_ip.stdout} groupname=builder_temp_group
+    local_action: add_host hostname={{ int_ip.stdout }} groupname=builder_temp_group

  - name: wait for the host to be hot
-    local_action: wait_for host=${int_ip.stdout} port=22 delay=5 timeout=600
+    local_action: wait_for host={{ int_ip.stdout }} port=22 delay=5 timeout=600

+  - debug: msg="IP={{ int_ip.stdout }}"

 - hosts: builder_temp_group
  user: root
@@ -34,21 +35,27 @@
  tasks:
  - name: edit hostname to be instance name
    action: shell hostname  `curl -s http://169.254.169.254/2009-04-04/meta-data/instance-id`
-  
+
+  - name: install pkgs
+    action: yum state=present pkg={{ item }}
+    with_items:
+    - rsync
+    - openssh-clients
+    - libselinux-python
+    - libsemanage-python
+
  - name: add repos
-    action: copy src=$files/$item dest=/etc/yum.repos.d/$item
+    action: copy src={{ files }}/{{ item }} dest=/etc/yum.repos.d/{{ item }}
    with_items:
    - builder.repo
    - epel6.repo

-  - name: install pkgs
-    action: yum state=present pkg=$item
+  - name: install additional pkgs
+    action: yum state=present pkg={{ item }}
    with_items:
    - mock
    - createrepo
    - yum-utils
-    - rsync
-    - openssh-clients

  - name: make sure newest rpm
    action: yum name=rpm state=latest
@@ -60,16 +67,15 @@
    action: file state=directory path=/home/mockbuilder/.ssh mode=0700 owner=mockbuilder group=mockbuilder

  - name: mockbuilder authorized_keys
-    action: authorized_key user=mockbuilder key='$FILE(${files}/buildsys.pub)'
+    action: authorized_key user=mockbuilder key='{{ lookup('file', '/home/copr/provision/files/buildsys.pub') }}'

  - name: put updated mock configs into /etc/mock
-    action: copy src=$files/mock/$item dest=/etc/mock
+    action: copy src={{ files }}/mock/{{ item }} dest=/etc/mock
    with_items:
    - site-defaults.cfg
    - epel-5-x86_64.cfg
    - epel-5-i386.cfg
-
-  - name: put updated   mockchain into /usr/bin
-    action: copy src=$files/mockchain dest=/usr/bin/mockchain mode=0755 owner=root group=root
-
+    - fedora-20-x86_64.cfg
+    - fedora-20-i386.cfg
+    - epel-7-x86_64.cfg

--- a/files/copr/provision/files/builder.repo
+++ b/files/copr/provision/files/builder.repo
@@ -5,3 +5,19 @@ enabled=1
 gpgcheck=1
 gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE

+[msuchy-Mock]
+name=Copr repo for Mock owned by msuchy
+description=Mock for RHEL6 with patch from https://bugzilla.redhat.com/show_bug.cgi?id=1028438 and https://bugzilla.redhat.com/show_bug.cgi?id=1034805
+baseurl=http://172.16.5.4/results/msuchy/Mock/epel-6-$basearch/
+skip_if_unavailable=True
+gpgcheck=0
+enabled=1
+
+[msuchy-scl-utils]
+name=Copr repo for scl-utils owned by msuchy
+description=scl-utils with patch from https://bugzilla.redhat.com/show_bug.cgi?id=985233
+baseurl=http://172.16.5.4/results/msuchy/scl-utils/epel-6-$basearch/
+skip_if_unavailable=True
+gpgcheck=0
+enabled=1
+
--- a/files/copr/provision/files/mock/epel-5-i386.cfg
+++ b/files/copr/provision/files/mock/epel-5-i386.cfg
@@ -3,8 +3,12 @@ config_opts['target_arch'] = 'i386'
 config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
 config_opts['chroot_setup_cmd'] = 'install buildsys-build'
 config_opts['dist'] = 'el5'  # only useful for --resultdir variable subst
-config_opts['macros'] = {}
+if not config_opts.has_key('macros'):  config_opts['macros'] = {}
 config_opts['macros']['%__arch_install_post'] = '%{nil}'
+config_opts['macros']['%rhel'] = '5'
+config_opts['macros']['%dist'] = '.el5'
+config_opts['macros']['%el5'] = '1'
+config_opts['releasever'] = '5'

 config_opts['yum.conf'] = """
 [main]
--- a/files/copr/provision/files/mock/epel-5-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-5-x86_64.cfg
@@ -3,8 +3,12 @@ config_opts['target_arch'] = 'x86_64'
 config_opts['legal_host_arches'] = ('x86_64',)
 config_opts['chroot_setup_cmd'] = 'install buildsys-build'
 config_opts['dist'] = 'el5'  # only useful for --resultdir variable subst
-config_opts['macros'] = {}
+if not config_opts.has_key('macros'):  config_opts['macros'] = {}
 config_opts['macros']['%__arch_install_post'] = '%{nil}'
+config_opts['macros']['%rhel'] = '5'
+config_opts['macros']['%dist'] = '.el5'
+config_opts['macros']['%el5'] = '1'
+config_opts['releasever'] = '5'

 config_opts['yum.conf'] = """
 [main]
--- a/files/copr/provision/files/mock/epel-7-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-7-x86_64.cfg
@@ -0,0 +1,45 @@
+config_opts['chroothome'] = '/builddir'
+config_opts['basedir'] = '/var/lib/mock'
+config_opts['root'] = 'epel-7-x86_64'
+config_opts['target_arch'] = 'x86_64'
+config_opts['legal_host_arches'] = ('x86_64',)
+config_opts['chroot_setup_cmd'] = 'install bash bzip2 coreutils cpio diffutils findutils gawk gcc gcc-c++ grep gzip info make patch redhat-release-server redhat-rpm-config rpm-build sed shadow-utils tar unzip util-linux which xz'
+config_opts['dist'] = 'el7'  # only useful for --resultdir variable subst
+config_opts['macros'] = {}
+config_opts['macros']['%dist'] = '.el7'
+config_opts['macros']['%rhel'] = '7'
+config_opts['macros']['%el7'] = '1'
+config_opts['macros']['%_topdir'] = '/builddir/build'
+config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'
+config_opts['releasever'] = '7'
+
+config_opts['plugin_conf']['root_cache_enable'] = False
+config_opts['plugin_conf']['yum_cache_enable'] = False
+config_opts['plugin_conf']['ccache_enable'] = False
+
+config_opts['yum.conf'] = """
+[main]
+cachedir=/var/cache/yum
+debuglevel=1
+logfile=/var/log/yum.log
+reposdir=/dev/null
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+
+# repos
+
+[beta]
+name=beta
+baseurl=http://ftp.redhat.com/redhat/rhel/beta/7/x86_64/os/
+
+[epel]
+name=Extra Packages for Enterprise Linux 7 - $basearch
+#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
+mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
+failovermethod=priority
+enabled=1
+"""
--- a/files/copr/provision/files/mock/fedora-20-i386.cfg
+++ b/files/copr/provision/files/mock/fedora-20-i386.cfg
@@ -0,0 +1,62 @@
+config_opts['root'] = 'fedora-20-i386'
+config_opts['target_arch'] = 'i686'
+config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
+config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
+config_opts['dist'] = 'fc20'  # only useful for --resultdir variable subst
+config_opts['releasever'] = '20'
+
+config_opts['yum.conf'] = """
+[main]
+cachedir=/var/cache/yum
+debuglevel=1
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+
+# repos
+
+[fedora]
+name=fedora
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=i386
+failovermethod=priority
+
+[updates]
+name=updates
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f20&arch=i386
+failovermethod=priority
+
+[updates-testing]
+name=updates-testing
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f20&arch=i386
+failovermethod=priority
+enabled=0
+
+[local]
+name=local
+baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386/
+cost=2000
+enabled=0
+
+[fedora-debuginfo]
+name=fedora-debuginfo
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-20&arch=i386
+failovermethod=priority
+enabled=0
+
+[updates-debuginfo]
+name=updates-debuginfo
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-f20&arch=i386
+failovermethod=priority
+enabled=0
+
+[updates-testing-debuginfo]
+name=updates-testing-debuginfo
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-debug-f20&arch=i386
+failovermethod=priority
+enabled=0
+"""
--- a/files/copr/provision/files/mock/fedora-20-x86_64.cfg
+++ b/files/copr/provision/files/mock/fedora-20-x86_64.cfg
@@ -0,0 +1,62 @@
+config_opts['root'] = 'fedora-20-x86_64'
+config_opts['target_arch'] = 'x86_64'
+config_opts['legal_host_arches'] = ('x86_64',)
+config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
+config_opts['dist'] = 'fc20'  # only useful for --resultdir variable subst
+config_opts['releasever'] = '20'
+
+config_opts['yum.conf'] = """
+[main]
+cachedir=/var/cache/yum
+debuglevel=1
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+
+# repos
+
+[fedora]
+name=fedora
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=x86_64
+failovermethod=priority
+
+[updates]
+name=updates
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f20&arch=x86_64
+failovermethod=priority
+
+[updates-testing]
+name=updates-testing
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f20&arch=x86_64
+failovermethod=priority
+enabled=0
+
+[local]
+name=local
+baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64/
+cost=2000
+enabled=0
+
+[fedora-debuginfo]
+name=fedora-debuginfo
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-debug-20&arch=x86_64
+failovermethod=priority
+enabled=0
+
+[updates-debuginfo]
+name=updates-debuginfo
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-f20&arch=x86_64
+failovermethod=priority
+enabled=0
+
+[updates-testing-debuginfo]
+name=updates-testing-debuginfo
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-debug-f20&arch=x86_64
+failovermethod=priority
+enabled=0
+"""
--- a/files/copr/provision/files/mockchain
+++ b/files/copr/provision/files/mockchain
@@ -1,337 +0,0 @@
-#!/usr/bin/python -tt
-# by skvidal@fedoraproject.org
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Library General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA.
-# copyright 2012 Red Hat, Inc.
-
-# SUMMARY
-# mockchain
-# take a mock config and a series of srpms
-# rebuild them one at a time
-# adding each to a local repo
-# so they are available as build deps to next pkg being built
-
-import sys
-import subprocess
-import os
-import optparse
-import tempfile
-import shutil
-from urlgrabber import grabber
-import time
-
-mockconfig_path='/etc/mock'
-
-def createrepo(path):
-    if os.path.exists(path + '/repodata/repomd.xml'):
-        comm = ['/usr/bin/createrepo', '--update', path]
-    else:
-        comm = ['/usr/bin/createrepo', path]
-    cmd = subprocess.Popen(comm,
-             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-    out, err = cmd.communicate()
-    return out, err
-
-def parse_args(args):
-    parser = optparse.OptionParser('\nmockchain -r mockcfg pkg1 [pkg2] [pkg3]')
-    parser.add_option('-r', '--root', default=None, dest='chroot',
-            help="chroot config name/base to use in the mock build")
-    parser.add_option('-l', '--localrepo', default=None, 
-            help="local path for the local repo, defaults to making its own")
-    parser.add_option('-c', '--continue', default=False, action='store_true',
-            dest='cont',
-            help="if a pkg fails to build, continue to the next one")
-    parser.add_option('-a','--addrepo', default=[], action='append',
-            dest='repos',
-            help="add these repo baseurls to the chroot's yum config")
-    parser.add_option('--recurse', default=False, action='store_true',
-            help="if more than one pkg and it fails to build, try to build the rest and come back to it")
-    parser.add_option('--log', default=None, dest='logfile',
-            help="log to the file named by this option, defaults to not logging")
-    parser.add_option('--tmp_prefix', default=None, dest='tmp_prefix',
-            help="tmp dir prefix - will default to username-pid if not specified")
-
-            
-    #FIXME?
-    # figure out how to pass other args to mock?
-    
-    opts, args = parser.parse_args(args)
-    if opts.recurse:
-        opts.cont = True
-    
-    if not opts.chroot:
-        print "You must provide an argument to -r for the mock chroot"
-        sys.exit(1)
-        
-        
-    if len(sys.argv) < 3:
-        print "You must specifiy at least 1 package to build"
-        sys.exit(1)
-
-
-    return opts, args
-    
-def add_local_repo(infile, destfile, baseurl, repoid=None):
-    """take a mock chroot config and add a repo to it's yum.conf
-       infile = mock chroot config file
-       destfile = where to save out the result
-       baseurl = baseurl of repo you wish to add"""
-        
-    try:
-        config_opts = {}
-        execfile(infile)
-        if not repoid:
-            repoid=baseurl.split('//')[1].replace('/','_')
-        localyumrepo="""
-[%s]
-name=%s
-baseurl=%s
-enabled=1
-skip_if_unavailable=1
-metadata_expire=30
-cost=1
-""" % (repoid, baseurl, baseurl)
-
-        config_opts['yum.conf'] += localyumrepo
-        br_dest = open(destfile, 'w')
-        for k,v in config_opts.items():
-            br_dest.write("config_opts[%r] = %r\n" % (k, v))
-        br_dest.close()
-        return True, ''
-    except (IOError, OSError):
-        return False, "Could not write mock config to %s" % destfile
-
-    return True, ''
-
-def do_build(opts, cfg, pkg):
-
-    # returns 0, cmd, out, err = failure
-    # returns 1, cmd, out, err  = success
-    # returns 2, None, None, None = already built
-    
-    s_pkg = os.path.basename(pkg)
-    pdn = s_pkg.replace('.src.rpm', '')
-    resdir = '%s/%s' % (opts.local_repo_dir, pdn)
-    resdir = os.path.normpath(resdir)
-    if not os.path.exists(resdir):
-        os.makedirs(resdir)
-
-    success_file = resdir + '/success'
-    fail_file = resdir + '/fail'
-    
-    if os.path.exists(success_file):
-        return 2, None, None, None
-    
-    # clean it up if we're starting over :)
-    if os.path.exists(fail_file):
-        os.unlink(fail_file)
-        
-    mockcmd = ['/usr/bin/mock', 
-               '--configdir', opts.config_path,
-               '--resultdir', resdir,
-               '--uniqueext', opts.uniqueext,
-               '-r', cfg, ]
-    print 'building %s' % s_pkg
-    mockcmd.append(pkg)
-    cmd = subprocess.Popen(mockcmd,
-           stdout=subprocess.PIPE, 
-           stderr=subprocess.PIPE )
-    out, err = cmd.communicate()
-    if cmd.returncode == 0:
-        open(success_file, 'w').write('done\n')
-        ret = 1
-    else:
-        open(fail_file, 'w').write('undone\n')
-        ret = 0
-    
-    return ret, cmd, out, err
-
-
-def log(lf, msg):
-    if lf:
-        now = time.time()
-        try:
-            open(lf, 'a').write(str(now) + ':' + msg + '\n')
-        except (IOError, OSError), e:
-            print 'Could not write to logfile %s - %s' % (lf, str(e))
-    print msg
-    
-    
-    
-def main(args):
-    opts, args = parse_args(args)
-
-    # take mock config + list of pkgs
-    cfg=opts.chroot
-    pkgs=args[1:]
-    mockcfg = mockconfig_path + '/' + cfg + '.cfg'
-    
-    if not os.path.exists(mockcfg):
-        print "could not find config: %s" % mockcfg
-        sys.exit(1)
-
-
-    if not opts.tmp_prefix:
-        try:
-            opts.tmp_prefix = os.getlogin()
-        except OSError, e:
-            print "Could not find login name for tmp dir prefix add --tmp_prefix"
-            sys.exit(1)
-    pid = os.getpid()
-    opts.uniqueext = '%s-%s' % (opts.tmp_prefix, pid)
-
-
-    # create a tempdir for our local info
-    if opts.localrepo:
-        local_tmp_dir = os.path.abspath(opts.localrepo)
-        if not os.path.exists(local_tmp_dir):
-            os.makedirs(local_tmp_dir)
-    else:
-        pre = 'mock-chain-%s-' % opts.uniqueext
-        local_tmp_dir = tempfile.mkdtemp(prefix=pre, dir='/var/tmp')
-
-    os.chmod(local_tmp_dir, 0755)
-
-    if opts.logfile:
-        opts.logfile = os.path.join(local_tmp_dir, opts.logfile)
-        if os.path.exists(opts.logfile):
-            os.unlink(opts.logfile)
-            
-    log(opts.logfile, "starting logfile: %s" % opts.logfile)
-    opts.local_repo_dir = os.path.normpath(local_tmp_dir + '/results/' + cfg + '/')
-
-    if not os.path.exists(opts.local_repo_dir):
-        os.makedirs(opts.local_repo_dir, mode=0755)
-    
-    local_baseurl="file://%s" % opts.local_repo_dir
-    log(opts.logfile, "results dir: %s" % opts.local_repo_dir)
-    opts.config_path = os.path.normpath(local_tmp_dir + '/configs/' + cfg + '/')
-    
-    if not os.path.exists(opts.config_path):
-        os.makedirs(opts.config_path, mode=0755)
-
-    log(opts.logfile, "config dir: %s" % opts.config_path)
-
-    my_mock_config = opts.config_path + '/' + os.path.basename(mockcfg)
-    
-    # modify with localrepo
-    res, msg = add_local_repo(mockcfg, my_mock_config, local_baseurl, 'local_build_repo')
-    if not res:
-         log(opts.logfile, "Error: Could not write out local config: %s" % msg)
-         sys.exit(1)
-
-    for baseurl in opts.repos:
-        res, msg =  add_local_repo(my_mock_config, my_mock_config, baseurl)
-        if not res:
-            log(opts.logfile, "Error: Could not add: %s to yum config in mock chroot: %s" % (baseurl, msg))
-            sys.exit(1)
-
-        
-    # these files needed from the mock.config dir to make mock run
-    for fn in ['site-defaults.cfg', 'logging.ini']:
-        pth = mockconfig_path + '/' + fn
-        shutil.copyfile(pth, opts.config_path + '/' + fn)
-
-   
-    # createrepo on it
-    out, err = createrepo(opts.local_repo_dir)
-    if err.strip():
-        log(opts.logfile, "Error making local repo: %s" % opts.local_repo_dir)
-        log(opts.logfile, "Err: %s" % err)
-        sys.exit(1)
-
- 
-    download_dir = tempfile.mkdtemp()
-    downloaded_pkgs = {}
-    built_pkgs = []
-    try_again = True
-    to_be_built = pkgs
-    while try_again:
-        failed = []
-        for pkg in to_be_built:
-            if not pkg.endswith('.rpm'):
-                log(opts.logfile, "%s doesn't appear to be an rpm - skipping" % pkg)
-                failed.append(pkg)
-                continue
-            
-            elif pkg.startswith('http://') or pkg.startswith('https://'):
-                url = pkg
-                cwd = os.getcwd()
-                os.chdir(download_dir)
-                try:
-                    log(opts.logfile, 'Fetching %s' % url)
-                    ug = grabber.URLGrabber()
-                    fn = ug.urlgrab(url)
-                    pkg = download_dir + '/' + fn
-                except Exception, e:
-                    log(opts.logfile, 'Error Downloading %s: %s' % (url, str(e)))
-                    failed.append(url)
-                    os.chdir(cwd)
-                    continue
-                else:
-                    os.chdir(cwd)
-                    downloaded_pkgs[pkg] = url
-            log(opts.logfile, "Start build: %s" % pkg)
-            ret, cmd, out, err = do_build(opts, cfg, pkg)
-            log(opts.logfile, "End build: %s" % pkg) 
-            if ret == 0:
-                if opts.recurse:
-                    failed.append(pkg)
-                    log(opts.logfile, "Error building %s, will try again" % os.path.basename(pkg))
-                else:
-                    log(opts.logfile,"Error building %s" % os.path.basename(pkg))
-                    log(opts.logfile,"See logs/results in %s" % opts.local_repo_dir)
-                    if not opts.cont:
-                        sys.exit(1)
-                    
-            elif ret == 1:
-                log(opts.logfile, "Success building %s" % os.path.basename(pkg))
-                built_pkgs.append(pkg)
-                # createrepo with the new pkgs
-                out, err = createrepo(opts.local_repo_dir)
-                if err.strip():
-                    log(opts.logfile, "Error making local repo: %s" % opts.local_repo_dir)
-                    log(opts.logfile, "Err: %s" % err)
-            elif ret == 2:
-                log(opts.logfile, "Skipping already built pkg %s" % os.path.basename(pkg))
-        
-        if failed:
-            if len(failed) != len(to_be_built):
-                to_be_built = failed
-                try_again = True
-                log(opts.logfile, 'Trying to rebuild %s failed pkgs' % len(failed))
-            else:
-                log(opts.logfile, "Tried twice - following pkgs could not be successfully built:")
-                for pkg in failed:
-                    msg = pkg
-                    if pkg in downloaded_pkgs:
-                        msg = downloaded_pkgs[pkg]
-                    log(opts.logfile, msg)
-
-                try_again = False
-        else:
-            try_again = False
-            
-    # cleaning up our download dir
-    shutil.rmtree(download_dir, ignore_errors=True)
-    
-    log(opts.logfile, "Results out to: %s" % opts.local_repo_dir)
-    log(opts.logfile, "Pkgs built: %s" % len(built_pkgs))
-    log(opts.logfile, "Packages successfully built in this order:")
-    for pkg in built_pkgs:
-        log(opts.logfile, pkg)
-
-if __name__ == "__main__":
-    main(sys.argv)
-    sys.exit(0)
--- a/files/copr/provision/terminatepb.yml
+++ b/files/copr/provision/terminatepb.yml
@@ -10,7 +10,7 @@
    register: instanceid

  - name: terminate it
-    local_action: command euca-terminate-instances ${instanceid.stdout}
+    local_action: command euca-terminate-instances {{ instanceid.stdout }}



--- a/files/fedmsg/logging.py.j2
+++ b/files/fedmsg/logging.py.j2
@@ -1,32 +0,0 @@
-# Setup fedmsg logging.
-# See the following for constraints on this format http://bit.ly/Xn1WDn
-config = dict(
-    logging=dict(
-        version=1,
-        formatters=dict(
-            bare={
-                "format": "%(message)s",
-            },
-        ),
-        handlers=dict(
-            console={
-                "class": "logging.StreamHandler",
-                "formatter": "bare",
-                "level": "DEBUG",
-                "stream": "ext://sys.stdout",
-            }
-        ),
-        loggers=dict(
-            fedmsg={
-                "level": "DEBUG",
-                "propagate": False,
-                "handlers": ["console"],
-            },
-            moksha={
-                "level": "DEBUG",
-                "propagate": False,
-                "handlers": ["console"],
-            },
-        ),
-    ),
-)
--- a/files/gnome/backup.sh
+++ b/files/gnome/backup.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# backup.sh will run FROM backup03 TO the various GNOME boxes on the set. (there's two set
+# of machines, one being the ones with a public IP and the others being the IP-less ones that
+# will forward their agent through bastion.gnome.org)
+
+export PATH=$PATH:/bin:/usr/bin:/usr/local/bin
+
+MACHINES='signal.gnome.org
+          webapps2.gnome.org
+          clutter.gnome.org
+          blogs.gnome.org
+          chooser.gnome.org
+          git.gnome.org
+          webapps.gnome.org
+          socket.gnome.org
+          bugzilla-web.gnome.org
+          progress.gnome.org
+          clipboard.gnome.org
+          cloud-ssh.gnome.org
+          bastion.gnome.org
+          spinner.gnome.org
+          master.gnome.org
+          combobox.gnome.org
+          restaurant.gnome.org
+          expander.gnome.org
+          live.gnome.org
+          extensions.gnome.org
+          view.gnome.org
+          puppet.gnome.org
+          accelerator.gnome.org
+          range.gnome.org'
+
+BACKUP_DIR='/fedora_backups/gnome/'
+LOGS_DIR='/fedora_backups/gnome/logs'
+
+for MACHINE in $MACHINES; do
+      rsync -avz -e 'ssh -F /usr/local/etc/gnome_ssh_config' --bwlimit=2000 $MACHINE:/etc/rsyncd/backup.exclude $BACKUP_DIR/excludes/$MACHINE.exclude
+      rdiff-backup --remote-schema 'ssh -F /usr/local/etc/gnome_ssh_config %s rdiff-backup --server' --print-statistics --exclude-device-files --exclude /selinux --exclude /sys --exclude /proc --exclude-globbing-filelist $BACKUP_DIR/excludes/$MACHINE.exclude $MACHINE::/ $BACKUP_DIR/$MACHINE/ | mail -s "Daily backup: $MACHINE" backups@gnome.org
+done
--- a/files/gnome/ssh_config
+++ b/files/gnome/ssh_config
@@ -0,0 +1,8 @@
+Host live.gnome.org extensions.gnome.org puppet.gnome.org view.gnome.org drawable.gnome.org
+     User root
+     IdentityFile /usr/local/etc/gnome_backup_id.rsa
+     ProxyCommand ssh -W %h:%p bastion.gnome.org -F /usr/local/etc/gnome_ssh_config
+
+Host *.gnome.org
+     User root
+     IdentityFile /usr/local/etc/gnome_backup_id.rsa
--- a/files/hosts/arm.fedoraproject.org-hosts
+++ b/files/hosts/arm.fedoraproject.org-hosts
@@ -4,6 +4,7 @@
 10.5.125.36    kojipkgs.fedoraproject.org
 10.5.126.23    infrastructure.fedoraproject.org
 10.5.124.138   arm.koji.fedoraproject.org
+10.5.124.138   armpkgs.fedoraproject.org
 10.5.125.44    pkgs.fedoraproject.org  pkgs
 #
 # This is proxy01.phx2.fedoraproject.org
--- a/files/hosts/ask01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/ask01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,7 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.71     db-ask
--- a/files/hosts/ask01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/ask01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     db-ask
--- a/files/hosts/ask02.phx2.fedoraproject.org-hosts
+++ b/files/hosts/ask02.phx2.fedoraproject.org-hosts
@@ -0,0 +1,7 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.71     db-ask
--- a/files/hosts/badges-backend01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-backend01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.52     admin.fedoraproject.org
+10.5.126.109    db-datanommer   db-datanommer
+10.5.126.71     db-tahrir       db-tahrir
--- a/files/hosts/badges-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-backend01.stg.phx2.fedoraproject.org-hosts
@@ -2,7 +2,7 @@
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

 10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org

--- a/files/hosts/badges-web01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-web01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,5 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-tahrir       db-tahrir
--- a/files/hosts/badges-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-web01.stg.phx2.fedoraproject.org-hosts
@@ -2,7 +2,7 @@
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

 10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org

--- a/files/hosts/badges-web02.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-web02.phx2.fedoraproject.org-hosts
@@ -0,0 +1,5 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-tahrir       db-tahrir
--- a/files/hosts/fedoauth01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/fedoauth01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,9 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
--- a/files/hosts/fedocal01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/fedocal01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.71     db-fedocal       db-fedocal
--- a/files/hosts/fedocal01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/fedocal01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     db-fedocal       db-fedocal
--- a/files/hosts/fedocal02.phx2.fedoraproject.org-hosts
+++ b/files/hosts/fedocal02.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.71     db-fedocal       db-fedocal
--- a/files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/notifs-web01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/notifs-web02.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web02.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/nuancier01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,7 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.71     nuancier_db         nuancier_db
--- a/files/hosts/nuancier01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     nuancier_db       nuancier_db
--- a/files/hosts/nuancier02.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier02.phx2.fedoraproject.org-hosts
@@ -0,0 +1,7 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.71     nuancier_db         nuancier_db
--- a/files/hosts/nuancier02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier02.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     nuancier_db       nuancier_db
--- a/files/hosts/summershum01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/summershum01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.125.44     pkgs.fedoraproject.org
+10.5.126.71     db-summershum       db-summershum
--- a/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+
+10.5.126.89     admin.fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.125.44     pkgs.fedoraproject.org
+
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
+
+10.5.126.85     db-summershum       db-summershum
--- a/files/hotfix/python-openid/fetchers.py
+++ b/files/hotfix/python-openid/fetchers.py
@@ -0,0 +1,430 @@
+# -*- test-case-name: openid.test.test_fetchers -*-
+"""
+This module contains the HTTP fetcher interface and several implementations.
+"""
+
+__all__ = ['fetch', 'getDefaultFetcher', 'setDefaultFetcher', 'HTTPResponse',
+           'HTTPFetcher', 'createHTTPFetcher', 'HTTPFetchingError',
+           'HTTPError']
+
+import urllib2
+import time
+import cStringIO
+import sys
+
+import openid
+import openid.urinorm
+
+# Try to import httplib2 for caching support
+# http://bitworking.org/projects/httplib2/
+try:
+    import httplib2
+except ImportError:
+    # httplib2 not available
+    httplib2 = None
+
+# try to import pycurl, which will let us use CurlHTTPFetcher
+try:
+    import pycurl
+except ImportError:
+    pycurl = None
+
+USER_AGENT = "python-openid/%s (%s)" % (openid.__version__, sys.platform)
+MAX_RESPONSE_KB = 1024
+
+def fetch(url, body=None, headers=None):
+    """Invoke the fetch method on the default fetcher. Most users
+    should need only this method.
+
+    @raises Exception: any exceptions that may be raised by the default fetcher
+    """
+    fetcher = getDefaultFetcher()
+    return fetcher.fetch(url, body, headers)
+
+def createHTTPFetcher():
+    """Create a default HTTP fetcher instance
+
+    prefers Curl to urllib2."""
+    if pycurl is None:
+        fetcher = Urllib2Fetcher()
+    else:
+        fetcher = CurlHTTPFetcher()
+
+    return fetcher
+
+# Contains the currently set HTTP fetcher. If it is set to None, the
+# library will call createHTTPFetcher() to set it. Do not access this
+# variable outside of this module.
+_default_fetcher = None
+
+def getDefaultFetcher():
+    """Return the default fetcher instance
+    if no fetcher has been set, it will create a default fetcher.
+
+    @return: the default fetcher
+    @rtype: HTTPFetcher
+    """
+    global _default_fetcher
+
+    if _default_fetcher is None:
+        setDefaultFetcher(createHTTPFetcher())
+
+    return _default_fetcher
+
+def setDefaultFetcher(fetcher, wrap_exceptions=True):
+    """Set the default fetcher
+
+    @param fetcher: The fetcher to use as the default HTTP fetcher
+    @type fetcher: HTTPFetcher
+
+    @param wrap_exceptions: Whether to wrap exceptions thrown by the
+        fetcher wil HTTPFetchingError so that they may be caught
+        easier. By default, exceptions will be wrapped. In general,
+        unwrapped fetchers are useful for debugging of fetching errors
+        or if your fetcher raises well-known exceptions that you would
+        like to catch.
+    @type wrap_exceptions: bool
+    """
+    global _default_fetcher
+    if fetcher is None or not wrap_exceptions:
+        _default_fetcher = fetcher
+    else:
+        _default_fetcher = ExceptionWrappingFetcher(fetcher)
+
+def usingCurl():
+    """Whether the currently set HTTP fetcher is a Curl HTTP fetcher."""
+    fetcher = getDefaultFetcher()
+    if isinstance(fetcher, ExceptionWrappingFetcher):
+        fetcher = fetcher.fetcher
+    return isinstance(fetcher, CurlHTTPFetcher)
+
+class HTTPResponse(object):
+    """XXX document attributes"""
+    headers = None
+    status = None
+    body = None
+    final_url = None
+
+    def __init__(self, final_url=None, status=None, headers=None, body=None):
+        self.final_url = final_url
+        self.status = status
+        self.headers = headers
+        self.body = body
+
+    def __repr__(self):
+        return "<%s status %s for %s>" % (self.__class__.__name__,
+                                          self.status,
+                                          self.final_url)
+
+class HTTPFetcher(object):
+    """
+    This class is the interface for openid HTTP fetchers.  This
+    interface is only important if you need to write a new fetcher for
+    some reason.
+    """
+
+    def fetch(self, url, body=None, headers=None):
+        """
+        This performs an HTTP POST or GET, following redirects along
+        the way. If a body is specified, then the request will be a
+        POST. Otherwise, it will be a GET.
+
+
+        @param headers: HTTP headers to include with the request
+        @type headers: {str:str}
+
+        @return: An object representing the server's HTTP response. If
+            there are network or protocol errors, an exception will be
+            raised. HTTP error responses, like 404 or 500, do not
+            cause exceptions.
+
+        @rtype: L{HTTPResponse}
+
+        @raise Exception: Different implementations will raise
+            different errors based on the underlying HTTP library.
+        """
+        raise NotImplementedError
+
+def _allowedURL(url):
+    return url.startswith('http://') or url.startswith('https://')
+
+class HTTPFetchingError(Exception):
+    """Exception that is wrapped around all exceptions that are raised
+    by the underlying fetcher when using the ExceptionWrappingFetcher
+
+    @ivar why: The exception that caused this exception
+    """
+    def __init__(self, why=None):
+        Exception.__init__(self, why)
+        self.why = why
+
+class ExceptionWrappingFetcher(HTTPFetcher):
+    """Fetcher that wraps another fetcher, causing all exceptions
+
+    @cvar uncaught_exceptions: Exceptions that should be exposed to the
+        user if they are raised by the fetch call
+    """
+
+    uncaught_exceptions = (SystemExit, KeyboardInterrupt, MemoryError)
+
+    def __init__(self, fetcher):
+        self.fetcher = fetcher
+
+    def fetch(self, *args, **kwargs):
+        try:
+            return self.fetcher.fetch(*args, **kwargs)
+        except self.uncaught_exceptions:
+            raise
+        except:
+            exc_cls, exc_inst = sys.exc_info()[:2]
+            if exc_inst is None:
+                # string exceptions
+                exc_inst = exc_cls
+
+            raise HTTPFetchingError(why=exc_inst)
+
+class Urllib2Fetcher(HTTPFetcher):
+    """An C{L{HTTPFetcher}} that uses urllib2.
+    """
+
+    # Parameterized for the benefit of testing frameworks, see
+    # http://trac.openidenabled.com/trac/ticket/85
+    urlopen = staticmethod(urllib2.urlopen)
+
+    def fetch(self, url, body=None, headers=None):
+        if not _allowedURL(url):
+            raise ValueError('Bad URL scheme: %r' % (url,))
+
+        if headers is None:
+            headers = {}
+
+        headers.setdefault(
+            'User-Agent',
+            "%s Python-urllib/%s" % (USER_AGENT, urllib2.__version__,))
+
+        req = urllib2.Request(url, data=body, headers=headers)
+        try:
+            f = self.urlopen(req)
+            try:
+                return self._makeResponse(f)
+            finally:
+                f.close()
+        except urllib2.HTTPError, why:
+            try:
+                return self._makeResponse(why)
+            finally:
+                why.close()
+
+    def _makeResponse(self, urllib2_response):
+        resp = HTTPResponse()
+        resp.body = urllib2_response.read(MAX_RESPONSE_KB * 1024)
+        resp.final_url = urllib2_response.geturl()
+        resp.headers = dict(urllib2_response.info().items())
+
+        if hasattr(urllib2_response, 'code'):
+            resp.status = urllib2_response.code
+        else:
+            resp.status = 200
+
+        return resp
+
+class HTTPError(HTTPFetchingError):
+    """
+    This exception is raised by the C{L{CurlHTTPFetcher}} when it
+    encounters an exceptional situation fetching a URL.
+    """
+    pass
+
+# XXX: define what we mean by paranoid, and make sure it is.
+class CurlHTTPFetcher(HTTPFetcher):
+    """
+    An C{L{HTTPFetcher}} that uses pycurl for fetching.
+    See U{http://pycurl.sourceforge.net/}.
+    """
+    ALLOWED_TIME = 20 # seconds
+
+    def __init__(self):
+        HTTPFetcher.__init__(self)
+        if pycurl is None:
+            raise RuntimeError('Cannot find pycurl library')
+
+    def _parseHeaders(self, header_file):
+        header_file.seek(0)
+
+        # Remove the status line from the beginning of the input
+        unused_http_status_line = header_file.readline().lower ()
+        while unused_http_status_line.lower().startswith('http/1.1 1'):
+            unused_http_status_line = header_file.readline()
+            unused_http_status_line = header_file.readline()
+
+        lines = [line.strip() for line in header_file]
+
+        # and the blank line from the end
+        empty_line = lines.pop()
+        if empty_line:
+            raise HTTPError("No blank line at end of headers: %r" % (line,))
+
+        headers = {}
+        for line in lines:
+            try:
+                name, value = line.split(':', 1)
+            except ValueError:
+                raise HTTPError(
+                    "Malformed HTTP header line in response: %r" % (line,))
+
+            value = value.strip()
+
+            # HTTP headers are case-insensitive
+            name = name.lower()
+            headers[name] = value
+
+        return headers
+
+    def _checkURL(self, url):
+        # XXX: document that this can be overridden to match desired policy
+        # XXX: make sure url is well-formed and routeable
+        return _allowedURL(url)
+
+    def fetch(self, url, body=None, headers=None):
+        stop = int(time.time()) + self.ALLOWED_TIME
+        off = self.ALLOWED_TIME
+
+        if headers is None:
+            headers = {}
+
+        headers.setdefault('User-Agent',
+                           "%s %s" % (USER_AGENT, pycurl.version,))
+
+        header_list = []
+        if headers is not None:
+            for header_name, header_value in headers.iteritems():
+                header_list.append('%s: %s' % (header_name, header_value))
+
+        c = pycurl.Curl()
+        try:
+            c.setopt(pycurl.NOSIGNAL, 1)
+
+            if header_list:
+                c.setopt(pycurl.HTTPHEADER, header_list)
+
+            # Presence of a body indicates that we should do a POST
+            if body is not None:
+                c.setopt(pycurl.POST, 1)
+                c.setopt(pycurl.POSTFIELDS, body)
+
+            while off > 0:
+                if not self._checkURL(url):
+                    raise HTTPError("Fetching URL not allowed: %r" % (url,))
+
+                data = cStringIO.StringIO()
+                def write_data(chunk):
+                    if data.tell() > 1024*MAX_RESPONSE_KB:
+                        return 0
+                    else:
+                        return data.write(chunk)
+
+                response_header_data = cStringIO.StringIO()
+                c.setopt(pycurl.WRITEFUNCTION, write_data)
+                c.setopt(pycurl.HEADERFUNCTION, response_header_data.write)
+                c.setopt(pycurl.TIMEOUT, off)
+                c.setopt(pycurl.URL, openid.urinorm.urinorm(url))
+
+                c.perform()
+
+                response_headers = self._parseHeaders(response_header_data)
+                code = c.getinfo(pycurl.RESPONSE_CODE)
+                if code in [301, 302, 303, 307]:
+                    url = response_headers.get('location')
+                    if url is None:
+                        raise HTTPError(
+                            'Redirect (%s) returned without a location' % code)
+
+                    # Redirects are always GETs
+                    c.setopt(pycurl.POST, 0)
+
+                    # There is no way to reset POSTFIELDS to empty and
+                    # reuse the connection, but we only use it once.
+                else:
+                    resp = HTTPResponse()
+                    resp.headers = response_headers
+                    resp.status = code
+                    resp.final_url = url
+                    resp.body = data.getvalue()
+                    return resp
+
+                off = stop - int(time.time())
+
+            raise HTTPError("Timed out fetching: %r" % (url,))
+        finally:
+            c.close()
+
+class HTTPLib2Fetcher(HTTPFetcher):
+    """A fetcher that uses C{httplib2} for performing HTTP
+    requests. This implementation supports HTTP caching.
+
+    @see: http://bitworking.org/projects/httplib2/
+    """
+
+    def __init__(self, cache=None):
+        """@param cache: An object suitable for use as an C{httplib2}
+            cache. If a string is passed, it is assumed to be a
+            directory name.
+        """
+        if httplib2 is None:
+            raise RuntimeError('Cannot find httplib2 library. '
+                               'See http://bitworking.org/projects/httplib2/')
+
+        super(HTTPLib2Fetcher, self).__init__()
+
+        # An instance of the httplib2 object that performs HTTP requests
+        self.httplib2 = httplib2.Http(cache)
+
+        # We want httplib2 to raise exceptions for errors, just like
+        # the other fetchers.
+        self.httplib2.force_exception_to_status_code = False
+
+    def fetch(self, url, body=None, headers=None):
+        """Perform an HTTP request
+
+        @raises Exception: Any exception that can be raised by httplib2
+
+        @see: C{L{HTTPFetcher.fetch}}
+        """
+        if body:
+            method = 'POST'
+        else:
+            method = 'GET'
+
+        if headers is None:
+            headers = {}
+
+        # httplib2 doesn't check to make sure that the URL's scheme is
+        # 'http' so we do it here.
+        if not (url.startswith('http://') or url.startswith('https://')):
+            raise ValueError('URL is not a HTTP URL: %r' % (url,))
+
+        httplib2_response, content = self.httplib2.request(
+            url, method, body=body, headers=headers)
+
+        # Translate the httplib2 response to our HTTP response abstraction
+
+        # When a 400 is returned, there is no "content-location"
+        # header set. This seems like a bug to me. I can't think of a
+        # case where we really care about the final URL when it is an
+        # error response, but being careful about it can't hurt.
+        try:
+            final_url = httplib2_response['content-location']
+        except KeyError:
+            # We're assuming that no redirects occurred
+            assert not httplib2_response.previous
+
+            # And this should never happen for a successful response
+            assert httplib2_response.status != 200
+            final_url = url
+
+        return HTTPResponse(
+            body=content,
+            final_url=final_url,
+            headers=dict(httplib2_response.items()),
+            status=httplib2_response.status,
+            )
--- a/files/jenkins/jenkins-admin-keys
+++ b/files/jenkins/jenkins-admin-keys
@@ -25,9 +25,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3eVd6Ccegp1r1mhm7tPnlGUcw0zsAbR2p9hrFZ7RK
 #ricky
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDAeAohiRJ2v/RO7R9GS93TF92Gc9ixK6HM7wlbMdlZ4yYAbeoEX8VpeNaSTfo/Nw3zazr9VpmpHg+H70K8ljQsPgRwcgpetRVpF55M5FYjqM5oM+N94HV3nSGcnWbSIho1R31DaDH2ptxVqgh2m5DG7Bc45w9Bd4wjfdQ8nBrGv93tuH7X/cee4g6GvexLm5nXhAngdEmiyxw5MHuJAvj+54l4wMXRWpeF6XlI2iamW42nLSfRMCFkGNiXvBm8zkfkeH2L7I2cNKXXoP/cPCd3G/teIsI9FDqYpZ6CS0zMkWhlTuh7rlCjc9+nJsLdDLgwhb75skiUOOfimGvCCxWeHuCsSL+KpCu4AgI9UAVgO6xblDlmbQXxlGopep29U/s00W/0qv3Zp8Ks4Za0xHdoIwHiaLM0OYymFaNDd3ZqFG0FN23ZjcGqUmFGhGfUQRDt72+e9HtXlBJ0mUaCX9+e4wFGTVciG1/5CKsLHCaLRf+knsWXrv2zcv9BoZ9SCAK32zCZw05wjcmr7jYDCTLmtC6kEBNaOeE9Qqi2oomo4ji8ybg+Qq+1BwOtJKExvmZaooBZud0qd24HmCU0/0ysw732jGcqexzxsCR0VArd+7LKexOD7KwMW0VUss6fdOWac9gwCLx9FaKYh8mVvcQjKhKGI3aO2sXRUWSbBJw8w== ricky@alpha.rzhou.org

-#skvidal
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjlnCEiFMrKpkiIBjs5IW1+RXDald3aKvTszj0hUw9Gl6w3vt3RAiqTD/XRKcNdP0+pVIK/I4KexKfZzemNZ8UYmZ+a9EK+Gj7OQbJv7TQDeR0zyJ8ZgFXaWoN+CnWXLO2mp9poysUR6CILjaDJt4GDxJaD+bebRu+zxUQSlgrjObhIUTSfwsEJu++zK+fy4+xSEMG7SANEJHd+zOAw6+isLnnbp8qY2fs3reKpc8XPkyJscLU4BQV2cGXwlPUhzPVv/itUUV/uWHeAqoz2i5XG4C0/BXk6D85qkGIyE08Nl3COxn6giivrdTIH6W4dUtBdYgTMZ3RgMHL9ClLpS17 skvidal@opus
-
 #smooge
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnzCHH11nDM1m7yvqo6Uanq5vcZjBcs/mr3LccxwJ59ENzSXwUgEQy/P8vby9VKMwsskoaqZcvJdOSZBFhNV970NTPb69OIXPQAl/xhaLwiJOn606fB+/S8WepeuntS0qLiebbEiA9vIQLteZ+bWl1s/didD/sFo3/wItoTGA4GuShUu1AyWJx5Ue7Y34rwGR+kIvDoy2GHUcunn2PjGt4r3v2vpiR8GuK0JRupJAGYbYCiMBDRMkR0cgEyHW6+QQNqMlA6nRJjp94PcUMKaZK6Tc+6h5v8kLLtzuZ6ZupwMMC4X8sh85YcxqoW9DynrvO28pzaMNBHm7qr9LeY9PIhXscSa35GAcGZ7UwPK4aJAAuIzCf8BzazyvUM3Ye7GPCXHxUwY0kdXk+MHMVKFzZDChNp/ovgdhxNrw9Xzcs4yw7XYambN9Bk567cI6/tWcPuYLYD4ZJQP0qSXVzVgFEPss1lDcgd0k4if+pINyxM8eVFZVAqU+BMeDC+6W8HUUPgv6LiyTWs+xTXTuORwBTSF1pOqWB4LjqsCGIiMAc6n/xdALBGUN7qsuKDU6Q7bwPppaxypi4KCvuJsqW+8sDtMUaZ34I5Zo1q7cu03wqnOljUGoAY6IDn3J66F2KlPPyb/q3PDV3WbY/jnH16L29/xUA73nFUW1p+WXutwmSU= ssmoogen@ponyo.int.smoogespace.com

--- a/files/jenkins/master/config.xml
+++ b/files/jenkins/master/config.xml
@@ -46,6 +46,22 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
      <label></label>
      <nodeProperties/>
    </slave>
+    <slave>
+      <name>Fedora19</name>
+      <description></description>
+      <remoteFS>/mnt/jenkins/</remoteFS>
+      <numExecutors>2</numExecutors>
+      <mode>NORMAL</mode>
+      <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
+      <launcher class="hudson.plugins.sshslaves.SSHLauncher"
+      plugin="ssh-slaves@0.21">
+        <host>172.16.5.12</host>
+        <port>22</port>
+        <credentialsId>d844d352-af1d-466b-9fc9-cbb19348103a</credentialsId>
+      </launcher>
+      <label></label>
+      <nodeProperties/>
+    </slave>
    <slave>
      <name>EL6</name>
      <description></description>
@@ -62,6 +78,22 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
      <label></label>
      <nodeProperties/>
    </slave>
+    <slave>
+       <name>Fedora20</name>
+       <description></description>
+       <remoteFS>/mnt/jenkins/</remoteFS>
+       <numExecutors>2</numExecutors>
+       <mode>NORMAL</mode>
+       <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
+       <launcher class="hudson.plugins.sshslaves.SSHLauncher"
+       plugin="ssh-slaves@0.21">
+         <host>172.16.5.23</host>
+         <port>22</port>
+         <credentialsId>950d5dd7-acb2-402a-8670-21f152d04928</credentialsId>
+       </launcher>
+       <label></label>
+       <nodeProperties/>
+     </slave>
  </slaves>
  <quietPeriod>5</quietPeriod>
  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
--- a/files/jenkins/master/credentials.xml
+++ b/files/jenkins/master/credentials.xml
@@ -1,25 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<com.cloudbees.plugins.credentials.SystemCredentialsProvider plugin="credentials@1.4">
-  <credentials>
-    <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@0.3">
-      <scope>SYSTEM</scope>
-      <id>d844d352-af1d-466b-9fc9-cbb19348103a</id>
-      <description>172.16.5.12</description>
-      <username>jenkins_slave</username>
-      <passphrase>bEcypl4niEJMODrtoQ7iCw==</passphrase>
-      <privateKeySource class="com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource">
-        <privateKeyFile>/var/tmp/jenkins_master_id_rsa</privateKeyFile>
-      </privateKeySource>
-    </com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey>
-    <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@0.3">
-      <scope>SYSTEM</scope>
-      <id>950d5dd7-acb2-402a-8670-21f152d04928</id>
-      <description>172.16.5.10</description>
-      <username>jenkins_slave</username>
-      <passphrase>bEcypl4niEJMODrtoQ7iCw==</passphrase>
-      <privateKeySource class="com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource">
-        <privateKeyFile>/var/tmp/jenkins_master_id_rsa</privateKeyFile>
-      </privateKeySource>
-    </com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey>
-  </credentials>
-</com.cloudbees.plugins.credentials.SystemCredentialsProvider>
--- a/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml
+++ b/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml
@@ -0,0 +1,22 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!-- plugin requested by user rholy (ticket #4175) -->
+<hudson.plugins.warnings.WarningsDescriptor plugin="warnings@4.39">
+  <groovyParsers>
+    <hudson.plugins.warnings.GroovyParser>
+      <name>pyflakes</name>
+      <regexp>^(.*):([0-9]*):(.*)$</regexp>
+      <script>import hudson.plugins.warnings.parser.Warning
+import hudson.plugins.analysis.util.model.Priority
+
+String fileName = matcher.group(1)
+String category = &quot;PyFlakes Error&quot;
+String lineNumber = matcher.group(2)
+String message = matcher.group(3)
+
+return new Warning(fileName, Integer.parseInt(lineNumber), category, &quot;PyFlakes Parser&quot;, message, Priority.NORMAL);</script>
+      <example></example>
+      <linkName>https://pypi.python.org/pypi/pyflakes</linkName>
+      <trendName>pyflakes errors</trendName>
+    </hudson.plugins.warnings.GroovyParser>
+  </groovyParsers>
+</hudson.plugins.warnings.WarningsDescriptor>
--- a/files/jenkins/master/plugins/bazaar.hpi
+++ b/files/jenkins/master/plugins/bazaar.hpi
--- a/files/jenkins/master/plugins/cobertura.hpi
+++ b/files/jenkins/master/plugins/cobertura.hpi
--- a/files/jenkins/master/plugins/cvs.hpi
+++ b/files/jenkins/master/plugins/cvs.hpi
--- a/files/jenkins/master/plugins/external-monitor-job.hpi
+++ b/files/jenkins/master/plugins/external-monitor-job.hpi
--- a/files/jenkins/master/plugins/git-client.hpi
+++ b/files/jenkins/master/plugins/git-client.hpi
--- a/files/jenkins/master/plugins/git.hpi
+++ b/files/jenkins/master/plugins/git.hpi
--- a/files/jenkins/master/plugins/instant-messaging.hpi
+++ b/files/jenkins/master/plugins/instant-messaging.hpi
--- a/files/jenkins/master/plugins/ldap.hpi
+++ b/files/jenkins/master/plugins/ldap.hpi
--- a/files/jenkins/master/plugins/maven-plugin.hpi
+++ b/files/jenkins/master/plugins/maven-plugin.hpi
--- a/files/jenkins/master/plugins/mercurial.hpi
+++ b/files/jenkins/master/plugins/mercurial.hpi
--- a/files/jenkins/master/plugins/openid.hpi
+++ b/files/jenkins/master/plugins/openid.hpi
--- a/files/jenkins/master/plugins/scm-api.hpi
+++ b/files/jenkins/master/plugins/scm-api.hpi
--- a/files/jenkins/master/plugins/ssh-agent.hpi
+++ b/files/jenkins/master/plugins/ssh-agent.hpi
--- a/files/jenkins/master/plugins/subversion.hpi
+++ b/files/jenkins/master/plugins/subversion.hpi
--- a/files/jenkins/master/plugins/xunit.hpi
+++ b/files/jenkins/master/plugins/xunit.hpi
--- a/files/keyserver/css.css
+++ b/files/keyserver/css.css
@@ -0,0 +1,132 @@
+    * { font-family: helvetica, sans-serif; }
+ 
+    h1,
+    p {
+      margin: 0; /* Let's zero those margins */
+    }
+
+h2 {	color: #3c6eb4; margin: 0;}
+ 
+    #container {
+ /*     border: 1px solid #555; /* Nice transition from white background */
+      width: 600px; /* Should be narrow enough for small screens */
+      margin: 0 auto; /* Centering */
+      font-size: 1.1em; /* Font big enough not to need to squint */
+      line-height: 1.3em;
+
+    }
+ 
+    #title {
+ /*     background-color:#e2e5e2; */
+      padding: 10px;
+    }
+   
+    #title h1, #title h2 {
+      margin-top: 0.3em;
+    }
+ 
+    #info {
+      /* background-color:#e2e5e2; */
+      padding: 5px 10px;
+    }
+ 
+    #main {
+     /* background : #FAFBEA; */
+      padding: 0 10px 10px 10px;
+    }
+ 
+    #main header {
+      padding-top: 1em;
+    }
+ 
+    #main p {
+      margin: 0.5em 0;
+    }
+ 
+    #keytext {
+      width: 100%;
+      height: 150px;
+      border: 1px solid #555;
+      background : #fff;
+      max-width: 100%;
+      display: block;
+    }
+ 
+    ul {
+      width: 100%;
+      list-style-type: none;
+      padding-left: 0;
+    }
+ 
+    li {
+      width: 99%;
+    }
+ 
+    li label {
+      width: 57%;
+      display: inline-block;
+    }
+   
+    button {
+      border-radius: 3px;
+      -moz-border-radius: 3px;
+      background: -webkit-gradient(linear, left top, left bottom, from(#fff), to(#ddd));
+      background: -moz-linear-gradient(top, #fff, #ddd);  
+      border: 1px solid #bbb;
+    }
+ 
+    #info p {line-height: 1.1em; margin-bottom: 0.3em;}
+
+
+
+#bodyform {
+	margin-top: 20px;
+	color: #555;
+	font-weight: normal;
+	font-size: 16px;
+
+}
+
+#headcontent {
+	width: 700px;
+	margin: auto;
+	display: table;
+
+}
+
+#lefttop {
+	float: left;
+	text-align: left;
+}
+
+#righttop {
+	float:right;
+	text-align: right;
+}
+
+hr {
+	background: #3c6eb4;
+	height: 8px;
+	border: 0px;
+}
+
+footer {
+	background: #3c6eb4;
+	margin: auto;
+	color: #fff;
+
+}
+
+footer p { width: 500px; margin: auto; text-align: center;}
+
+a {text-decoration: none; color: #B8C9FF; font-weight: bold;}
+
+fieldset {
+	border: 2px solid #4462C4;
+}
+
+legend {
+	color: #3c6eb4;
+}
+
+
--- a/files/keyserver/index.html
+++ b/files/keyserver/index.html
@@ -0,0 +1,91 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> 
+<head>
+  <link rel="stylesheet" type="text/css" media="all" href="css.css" /> 
+  <title>Fedora Project GPG Key Server</title>
+</head>
+
+  <body> 
+
+<div id=bodyform>
+	<div id=headcontent>
+		<div id=lefttop>
+			<a href="https://fedoraproject.org">
+				<img src='https://fedoraproject.org/static/images/fedora-logo.png'>
+			</a>
+		</div>
+		<div id=righttop>
+			<h1>SKS OpenPGP Key server</h1> 
+			<h2>keys.fedoraproject.org</h2> 
+		</div>
+	</div>
+	<hr></hr>
+
+    <div id="container"> 
+ 
+      <div id="main" role="main"> 
+        <header> 
+          <h2>Extract a key</h2> 
+        </header> 
+        <p>You can find a key by typing in some words that appear in the
+          userid (name, email, etc.) of the key you're looking for, or
+          by typing in the keyid in hex format ("0x&#8230;")</p> 
+        <form id="lookup" action="/pks/lookup" method="get"> 
+          <fieldset checked="true"> <legend>Search for a public key</legend> 
+            <ul> 
+              <li> <label for="search">String</label> <input id="search"
+                  name="search" placeholder="0xDEADBEEF" required="" autofocus=""
+                  type="text"> </li> 
+              <li> <label for="fingerprint">Show PGP Fingerprints</label> 
+                <input id="fingerprint" name="fingerprint" type="checkbox"> 
+              </li> 
+              <li> <label for="hash">Show SKS full-key hashes</label> <input
+                  id="hash" name="hash" type="checkbox"> </li> 
+              <li> <label for="matching">Get regular index of matching
+                  keys</label> <input id="matching" name="op" value="index"
+                  type="radio"> </li> 
+              <li> <label for="verbose">Get verbose index of matching
+                  keys</label> <input id="verbose" name="op" value="vindex"
+                  checked="checked" type="radio"> </li> 
+              <li> <label for="asciiarmored">Retrieve ascii-armored
+                  keys</label> <input id="asciiarmored" name="op" value="get"
+                  type="radio"> </li> 
+              <li> <label for="fullkey">Retrieve keys by full-key hash</label> 
+                <input id="fullkey" name="op" value="hget" type="radio"> 
+              </li> 
+            </ul> 
+            <button type="reset">Reset</button> <button type="submit">Search
+ 
+ 
+ 
+ 
+ 
+ 
+              for a key</button> </fieldset> 
+        </form> 
+        <header> 
+          <h2>Submit a key</h2> 
+        </header> 
+        <p>You can submit a key by simply pasting in the ASCII-armored
+          version of your key and clicking on submit.</p> 
+        <form id="add" action="/pks/add" method="post"> 
+          <fieldset> <textarea id="keytext" name="keytext" rows="5" cols="30"></textarea> 
+            <button type="reset">Reset</button> <button checked="true"
+              type="submit">Submit this key</button></fieldset> 
+        </form> 
+      </div> 
+      <!-- end of #main -->  
+    </div> 
+    <!--! end of #container --> 
+      <footer id="info"> 
+        <p><a href="https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home">SKS</a> is
+          a new <a href="http://www.openpgp.org/">OpenPGP</a> 
+          keyserver. The main innovation of SKS is that it includes a
+          highly-efficient reconciliation algorithm for keeping the
+          keyservers synchronized.</p> 
+        <p style="text-align: center;"><a href="/pks/lookup?op=stats">SKS statistics</a></p> 
+      </footer>
+</div>
+  </body> 
+
+</html>
--- a/files/keyserver/membership
+++ b/files/keyserver/membership
@@ -0,0 +1,42 @@
+a.sks.srv.scientia.net		11370 # root@sks.srv.scientia.net
+key.adeti.org			11370 # Marco RODRIGUES <marco@adeti.org> 0x7CE697FC
+key.ip6.li			11370 # Christian Felsing <hostmaster@ip6.li> 0x5386E2A0
+keys2.kfwebs.net		11370 # 0x0B7F8B60E3EDFAE3
+#keys.christensenplace.us	11370 # Eric Christensen <eric@christensenplace.us> 0x024BB3D1
+keyserver.cns.vt.edu		11370 # Phil Benchoff <benchoff@vt.edu> <keymaster@cns.vt.edu>
+#keyserver.computer42.org	11370 # H.-Dirk Schmitt <dirk@computer42.org> 0x6A017B17
+keyserver.dacr.hu  		11370 # David Horvath <dacr@dacr.hu> 0x00CBC81A
+keyserver.gingerbear.net	11370 # John P. Clizbe <John@Gingerbear.net> 0xD6569825
+keyserver.kim-minh.com		11370 # Kim Minh Kaplan<kaplan+sks@kim-minh.com> 0xAF1E829C
+keyserver.kjsl.org		11370 # Javier Henderson <javier@kjsl.org> 0x9BF88EE5
+keyserver.nausch.org		11370 # Michael Nausch <michael@nausch.org> 0x2384C849 
+key-server.nl			11370 # Wijnand Modderman-Lenstra <maze@key-server.nl> 0x294DF221
+keyserver.saol.no-ip.com	11370 # Peter <peter@saol.no-ip.com> 0x39E97290
+keyserver.secretresearchfacility.com 11370 # Stephan Seitz <s.seitz@secretresearchfacility.com> 0xAB83B1C3
+keyserver.serviz.fr		11370 # robert <sks(at)serviz(pt)fr> 0xEF333C7E
+keyserver.sincer.us 		11370 # Petru Ghita <petrutz@venaver.info> 0x7CF29D04
+keyserver.skoopsmedia.net	11370 # unknown
+#keyservers.org			11370 # Rob Hansen <rjh@sixdemonbag.org>
+keyserver.stack.nl		11370 # Johan van Selst <johans@stack.nl> 0xD3AE8D3A
+keyserver.ut.mephi.ru		11370 # Dmitry Yu Okunev <dyokunev@ut.mephi.ru> 0x8E30679C, pks team <pks@ut.mephi.ru>
+keys.exosphere.de		11370 # Christoph Gebhardt <chris@exosphere.de> 0xE1C2E92C
+keys.jhcloos.com  		11370 # James Cloos <cloos@jhcloos.com>  0xED7DAEA6
+keys.niif.hu			11370 # Gabor Kiss <kissg@ssg.ki.iif.hu>
+keys.thoma.cc			11370 # Maximilian Thoma <keys@thoma.cc> 0xB480AC4B
+keys.wuschelpuschel.org		11370 # 0x017D1C3D Peter Kornherr <peter@wuschelpuschel.org>
+openpgp1.claruscomms.net	11370 # unknown
+pgp.circl.lu			11370 # CIRCL - info@circl.lu - 0x22BD4CD5
+#pgp.codelabs.ru		11370 # Eygene Ryabinkin <rea@codelabs.ru> 0x8152ECFB
+pgp.jjim.de			11370 # Joel Garske <admin@pgp.jjim.de> 0xA921EB20
+pgpkeys.mallos.nl		11370 # Arnold Schekkerman <arnold@mallos.nl> 0xB66BBBAA
+pgp.megagod.net			11370 # Kullawat Chaowanawatee (0xC19EAE3A)
+pgp.rediris.es			11370 # Francisco.monserrat <francisco.monserrat@rediris.es> 0xD3A42C61
+#pki.colliertech.org		11370 # C.J. Adams-Collier <cjac@uw.edu> 0x8E562765BA27A83C
+ranger.ky9k.org			11370 # Brian D Heaton <pgp-keymaster@ky9k.org>       0x9A016118
+sks.ecks.ca			11370 # Eric Benoit <eric@ecks.ca> 0x69E65D2C
+sks.es.net			11370 # keymaster@es.net
+sks.karotte.org			11370 # Sebastian Wiesinger <sebastian@karotte.org> 0x93A0B9CE
+sks.keyservers.net		11370 # John P. Clizbe <John@Gingerbear.net> 0xD6569825
+sks-peer.spodhuis.org		11370 # Phil Pennock <keyserver@spodhuis.org> 0x3903637F
+sks.pkqs.net			11370 # Stephan Beyer <s-beyer@gmx.net> 0xFCC5040F
+zimmermann.mayfirst.org		11370 # Daniel Kahn Gillmor <dkg@fifthhorseman.net> 0xCCD2ED94D21739E9
--- a/files/keyserver/sks.conf
+++ b/files/keyserver/sks.conf
@@ -0,0 +1,83 @@
+ServerName keys.fedoraproject.org
+Listen 80.239.156.219:11371
+NameVirtualHost *:443
+
+<ifModule !mod_proxy.c>
+    LoadModule proxy_module modules/mod_proxy.so
+</IfModule>
+
+<IfModule !mod_proxy_http.c>
+    LoadModule proxy_http_module modules/mod_proxy_http.so
+</IfModule>
+
+<IfModule !mod_proxy_balancer.c>
+    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+</IfModule>
+
+<IfModule !mod_headers.c>
+    LoadModule headers_module modules/mod_headers.so
+</IfModule>
+
+<IfModule !mod_authz_host.c>
+    LoadModule authz_host_module modules/mod_authz_host.so
+</IfModule>
+
+<IfModule !mod_log_config.c>
+    LoadModule log_config_module modules/mod_log_config.so
+</IfModule>
+
+<IfModule !mod_env.c>
+    LoadModule env_module modules/mod_env.so
+</IfModule>
+
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+<VirtualHost *:80>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName keys.fedoraproject.org
+        ProxyPass / http://127.0.0.1:11371/
+        ProxyPassReverse / http://127.0.0.1:11371/
+        SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
+<VirtualHost *:443>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName keys.fedoraproject.org
+	ServerAlias keys01.fedoraproject.org
+
+        SSLEngine on
+        SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+	SSLCertificateChainFile /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
+        SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+	ProxyPass / http://localhost:11371/
+	ProxyPassReverse / http://localhost:11371/
+        SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
+<VirtualHost *:443>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName pool.sks-keyservers.net
+        ServerAlias sks-keyservers.net
+	ServerAlias *.sks-keyservers.net
+
+        SSLEngine on
+        SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
+        SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
+        ProxyPass / http://localhost:11371/
+        ProxyPassReverse / http://localhost:11371/
+        SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
+<VirtualHost *:11371>
+	ServerAdmin sysadmin-keys-members@fedoraproject.org
+	ServerName keys.fedoraproject.org
+	ProxyPass / http://127.0.0.1:11371/
+	ProxyPassReverse / http://127.0.0.1:11371/
+	SetEnv proxy-nokeepalive 1
+	ProxyVia Full
+</VirtualHost>
--- a/files/keyserver/sksconf
+++ b/files/keyserver/sksconf
@@ -0,0 +1,13 @@
+basedir: /srv/sks
+#debuglevel: 10
+#debug:
+hostname: keys.fedoraproject.org
+hkp_address: 127.0.0.1
+hkp_port: 11371
+recon_port: 11370
+#gossip_interval: 1440
+stat_hour: 00
+initial_stat:
+membership_reload_interval: 1
+disable_mailsync:
+server_contact: 0x167B4A54236BBEAA37DCCD92ED14D5E7110810E9
--- a/files/keyserver/ssl.conf
+++ b/files/keyserver/ssl.conf
@@ -0,0 +1,224 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these 
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+LoadModule ssl_module modules/mod_ssl.so
+
+#
+# When we also provide SSL we have to listen to the 
+# the HTTPS port in addition.
+#
+Listen 443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
+SSLSessionCacheTimeout  300
+
+#   Semaphore:
+#   Configure the path to the mutual exclusion semaphore the
+#   SSL engine uses internally for inter-process synchronization. 
+SSLMutex default
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+#   WARNING! On some platforms /dev/random blocks if not enough entropy
+#   is available. This means you then cannot use the /dev/random device
+#   because it would lead to very long connection times (as long as
+#   it requires to make more entropy available). But usually those
+#   platforms additionally provide a /dev/urandom device which doesn't
+#   block. So, if available, use this one instead. Read the mod_ssl User
+#   Manual for more details.
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names.  NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly. 
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+    #    ProxyPass / http://localhost:11371/
+     #   ProxyPassReverse / http://localhost:11371/
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect.  Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+#   SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+#   Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate.  If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase.  Note that a kill -HUP will prompt again.  A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is send or allowed to received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+SetEnvIf User-Agent ".*MSIE.*" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
--- a/files/kojibuilder/route-eth1
+++ b/files/kojibuilder/route-eth1
@@ -1 +0,0 @@
-10.5.88.0/24 dev eth1
--- a/files/lists-dev/aliases
+++ b/files/lists-dev/aliases
@@ -1,96 +0,0 @@
-#
-#  Aliases in this file will NOT be expanded in the header from
-#  Mail, but WILL be visible over networks or from /bin/mail.
-#
-#	>>>>>>>>>>	The program "newaliases" must be run after
-#	>> NOTE >>	this file is updated for any changes to
-#	>>>>>>>>>>	show through to sendmail.
-#
-
-# Basic system aliases -- these MUST be present.
-mailer-daemon:	postmaster
-postmaster:	root
-
-# General redirections for pseudo accounts.
-bin:		root
-daemon:		root
-adm:		root
-lp:		root
-sync:		root
-shutdown:	root
-halt:		root
-mail:		root
-news:		root
-uucp:		root
-operator:	root
-games:		root
-gopher:		root
-ftp:		root
-nobody:		root
-radiusd:	root
-nut:		root
-dbus:		root
-vcsa:		root
-canna:		root
-wnn:		root
-rpm:		root
-nscd:		root
-pcap:		root
-apache:		root
-webalizer:	root
-dovecot:	root
-fax:		root
-quagga:		root
-radvd:		root
-pvm:		root
-amandabackup:		root
-privoxy:	root
-ident:		root
-named:		root
-xfs:		root
-gdm:		root
-mailnull:	root
-postgres:	root
-sshd:		root
-smmsp:		root
-postfix:	root
-netdump:	root
-ldap:		root
-squid:		root
-ntp:		root
-mysql:		root
-desktop:	root
-rpcuser:	root
-rpc:		root
-nfsnobody:	root
-
-ingres:		root
-system:		root
-toor:		root
-manager:	root
-dumper:		root
-abuse:		root
-
-newsadm:	news
-newsadmin:	news
-usenet:		news
-ftpadm:		ftp
-ftpadmin:	ftp
-ftp-adm:	ftp
-ftp-admin:	ftp
-www:		webmaster
-webmaster:	root
-noc:		root
-security:	root
-hostmaster:	root
-info:		postmaster
-marketing:	postmaster
-sales:		postmaster
-support:	postmaster
-
-
-# trap decode to catch security attacks
-decode:		root
-
-# Person who should get root's mail
-root:		abompard@fedoraproject.org
--- a/files/lists-dev/hyperkitty.apache.conf
+++ b/files/lists-dev/hyperkitty.apache.conf
@@ -1,27 +0,0 @@
-#Alias /robots.txt  /etc/hyperkitty/sites/default/static/robots.txt
-#Alias /favicon.ico /etc/hyperkitty/sites/default/static/favicon.ico
-Alias /hyperkitty/static      /var/lib/hyperkitty/sites/default/static
-
-#ErrorLog /var/log/httpd/hyperkitty_error.log
-#CustomLog /var/log/httpd/hyperkitty_access.log combined
-
-WSGIScriptAlias /hyperkitty /etc/hyperkitty/sites/default/wsgi.py
-WSGIDaemonProcess hyperkitty threads=25 python-path=/etc/hyperkitty/sites/default
-# If using VirtualEnv
-#WSGIDaemonProcess hyperkitty threads=25 python-path=/etc/hyperkitty/sites/default:/path/to/your/venv/lib/python2.X/site-packages
-WSGISocketPrefix run/wsgi
-
-<Directory "/etc/hyperkitty/sites/default">
-    <Files wsgi.py>
-        Order deny,allow
-        Allow from all
-        Require all granted
-    </Files>
-    WSGIProcessGroup hyperkitty
-</Directory>
-
-<Directory "/var/lib/hyperkitty/sites/default/static">
-    Order deny,allow
-    Allow from all
-    Require all granted
-</Directory>
--- a/files/lists-dev/hyperkitty.cfg
+++ b/files/lists-dev/hyperkitty.cfg
@@ -1,3 +0,0 @@
-[general]
-base_url: http://lists-dev.cloud.fedoraproject.org/
-django_settings: /etc/hyperkitty/sites/default/settings.py
--- a/files/lists-dev/hyperkitty.logrotate.conf
+++ b/files/lists-dev/hyperkitty.logrotate.conf
@@ -1,10 +0,0 @@
-/var/log/hyperkitty/*.log {
-    missingok
-    notifempty
-    sharedscripts
-    delaycompress
-    su root apache
-    postrotate
-        /sbin/service httpd reload > /dev/null 2>/dev/null || true
-    endscript
-}
--- a/files/lists-dev/hyperkitty.settings_local.py.j2
+++ b/files/lists-dev/hyperkitty.settings_local.py.j2
@@ -1,96 +0,0 @@
-#-*- coding: utf-8 -*-
-
-"""
-Django local settings for the hyperkitty project.
-"""
-
-DEBUG = True
-TEMPLATE_DEBUG = DEBUG
-
-ADMINS = ()
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.postgresql_psycopg2',
-        'NAME': 'hyperkitty',
-        'USER': 'hyperkitty',
-        'PASSWORD': '{{ lists_dev_hk_db_pass }}',
-        'HOST': 'localhost',
-        'PORT': '',
-    }
-}
-# URL prefix for static files.
-# Example: "http://media.lawrence.com/static/"
-STATIC_URL = '/hyperkitty/static/'
-
-# Add Fedora to the authentication backends
-AUTHENTICATION_BACKENDS = (
-    'social_auth.backends.browserid.BrowserIDBackend',
-    'hyperkitty.lib.fedora.FedoraBackend',
-    'social_auth.backends.google.GoogleBackend',
-    'social_auth.backends.yahoo.YahooBackend',
-    #'social_auth.backends.OpenIDBackend',
-    'django.contrib.auth.backends.ModelBackend',
-)
-
-# Use the email address as the username (add associate_by_email).
-SOCIAL_AUTH_PIPELINE = (
-    'social_auth.backends.pipeline.social.social_auth_user',
-    'social_auth.backends.pipeline.associate.associate_by_email',
-    'social_auth.backends.pipeline.user.get_username',
-    'social_auth.backends.pipeline.user.create_user',
-    'social_auth.backends.pipeline.social.associate_user',
-    'social_auth.backends.pipeline.social.load_extra_data',
-    'social_auth.backends.pipeline.user.update_user_details'
-)
-
-# A sample logging configuration. The only tangible logging
-# performed by this configuration is to send an email to
-# the site admins on every HTTP 500 error.
-# See http://docs.djangoproject.com/en/dev/topics/logging for
-# more details on how to customize your logging configuration.
-LOGGING = {
-    'version': 1,
-    'disable_existing_loggers': False,
-    'handlers': {
-        'mail_admins': {
-            'level': 'ERROR',
-            'class': 'django.utils.log.AdminEmailHandler'
-        },
-        'file':{
-            'level': 'DEBUG',
-            #'class': 'logging.handlers.RotatingFileHandler',
-            'class': 'logging.FileHandler',
-            'filename': '/var/log/hyperkitty/hyperkitty.log',
-            'formatter': 'verbose',
-        },
-    },
-    'loggers': {
-        'django.request': {
-            'handlers': ['file'],
-            'level': 'ERROR',
-            'propagate': True,
-        },
-        'django': {
-            'handlers': ['file'],
-            'level': 'ERROR',
-            'propagate': True,
-        },
-        'hyperkitty': {
-            'handlers': ['file'],
-            'level': 'DEBUG',
-            'propagate': True,
-        },
-    },
-    'formatters': {
-        'verbose': {
-            'format': '%(levelname)s %(asctime)s %(module)s %(process)d %(thread)d %(message)s'
-        },
-        'simple': {
-            'format': '%(levelname)s %(message)s'
-        },
-    },
-}
-
-APP_NAME = 'Fedora list archives'
-KITTYSTORE_URL = 'postgres://kittystore:{{ lists_dev_ks_db_pass }}@localhost/kittystore'
-USE_MOCKUPS = False
--- a/files/lists-dev/hyperkitty.urls.py
+++ b/files/lists-dev/hyperkitty.urls.py
@@ -1,37 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright (C) 1998-2012 by the Free Software Foundation, Inc.
-#
-# This file is part of HyperKitty.
-#
-# HyperKitty is free software: you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free
-# Software Foundation, either version 3 of the License, or (at your option)
-# any later version.
-#
-# HyperKitty is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
-# more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# HyperKitty.  If not, see <http://www.gnu.org/licenses/>.
-
-import hyperkitty
-
-from django.conf.urls.defaults import *
-from django.conf import settings
-
-# Uncomment the next two lines to enable the admin:
-from django.contrib import admin
-admin.autodiscover()
-
-# Import mailman urls and set urlpatterns if you want to hook
-# mailman_django into an existing django site. 
-# Otherwise set ROOT_URLCONF in settings.py to
-# `mailman_django.urls`.
-# from mailman_django import urls as mailman_urls
-
-urlpatterns = patterns('',
-    url(r'^$', 'hyperkitty.views.pages.index'),
-    url(r'', include('hyperkitty.urls')),
-)
--- a/files/lists-dev/mailman.cfg.j2
+++ b/files/lists-dev/mailman.cfg.j2
@@ -1,25 +0,0 @@
-# This is the absolute bare minimum base configuration file.  User supplied
-# configurations are pushed onto this.
-
-[mailman]
-site_owner: root@localhost
-
-# Set the paths to be Fedora-compliant
-layout: fhs
-[paths.fhs]
-var_dir: /srv/persist/mailman
-bin_dir: /usr/libexec/mailman
-lock_dir: /run/lock/mailman
-pid_file: /run/mailman/master.pid
-
-[database]
-class: mailman.database.postgresql.PostgreSQLDatabase
-url: postgres://mailman:{{ lists_dev_mm_db_pass }}@localhost/mailman
-
-[archiver.hyperkitty]
-class: hyperkitty.archiver.Archiver
-enable: yes
-configuration: /etc/mailman.d/hyperkitty.cfg
-
-#[archiver.prototype]
-#enable: yes
--- a/Show More
+++ b/Show More