Merge branch 'openvpn_handler' of /git/ansible into openvpn_handler

Add nagios to trusted openid roots
Add openvpn handler for Fedora 20+
2026-03-20 20:16:58 +08:00 · 2014-08-02 15:00:10 +00:00 · 2014-08-02 15:00:06 +00:00 · 2014-08-01 12:58:11 +02:00 · 2014-08-01 12:39:43 +02:00 · 2014-08-01 12:35:11 +02:00
1629 changed files with 76321 additions and 2588 deletions
--- a/callback_plugins/fedmsg_callback.py
+++ b/callback_plugins/fedmsg_callback.py
@@ -34,7 +34,7 @@ def getlogin():
 class CallbackModule(object):
    """ Publish playbook starts and stops to fedmsg. """

-    playbook = None
+    playbook_path = None

    def __init__(self):
        config = fedmsg.config.load_config()
@@ -43,7 +43,14 @@ class CallbackModule(object):
            cert_prefix='shell',
            active=True,
        ))
-        fedmsg.init(**config)
+        # It seems like recursive playbooks call this over and over again and
+        # fedmsg doesn't like to be initialized more than once.  So, here, just
+        # catch that and ignore it.
+        try:
+            fedmsg.init(**config)
+        except ValueError:
+            pass
+

    def playbook_on_play_start(self, pattern):
        # This gets called once for each play.. but we just issue a message once
@@ -57,7 +64,7 @@ class CallbackModule(object):
            if play.playbook.check:
                return

-            if not self.playbook:
+            if not self.playbook_path:
                fedmsg.publish(
                    modname="ansible", topic="playbook.start",
                    msg=dict(
@@ -69,17 +76,17 @@ class CallbackModule(object):
                        check=play.playbook.check,
                    ),
                )
-                self.playbook = path
+                self.playbook_path = path

    def playbook_on_stats(self, stats):
-        if not self.playbook:
+        if not self.playbook_path:
            return

        results = dict([(h, stats.summarize(h)) for h in stats.processed])
        fedmsg.publish(
            modname="ansible", topic="playbook.complete",
            msg=dict(
-                playbook=self.playbook,
+                playbook=self.playbook_path,
                userid=getlogin(),
                results=results,
            ),
--- a/callback_plugins/logdetail.py
+++ b/callback_plugins/logdetail.py
@@ -92,7 +92,7 @@ class LogMech(object):
        res['task_args'] = task.module_args
        if self.playbook_id == 'ansible-cmd':
            res['task_userid'] = getlogin()
-        for k in ("delegate_to", "environment", "first_available_file",
+        for k in ("delegate_to", "environment", "with_first_found",
                  "local_action", "notified_by", "notify",
                  "register", "sudo", "sudo_user", "tags",
                  "transport", "when"):
--- a/callback_plugins/profile_tasks.py
+++ b/callback_plugins/profile_tasks.py
@@ -0,0 +1,40 @@
+import time
+
+
+class CallbackModule(object):
+    """
+    A plugin for timing tasks
+    """
+    def __init__(self):
+        self.stats = {}
+        self.current = None
+
+    def playbook_on_task_start(self, name, is_conditional):
+        """
+        Logs the start of each task
+        """
+        if self.current is not None:
+            # Record the running time of the last executed task 
+            self.stats[self.current] = time.time() - self.stats[self.current]
+
+        # Record the start time of the current task
+        self.current = name
+        self.stats[self.current] = time.time()
+
+    def playbook_on_stats(self, stats):
+        """
+        Prints the timings
+        """
+        # Record the timing of the very last task
+        if self.current is not None:
+            self.stats[self.current] = time.time() - self.stats[self.current]
+
+        # Sort the tasks by their running time
+        results = sorted(self.stats.items(), key=lambda value: value[1], reverse=True)
+
+        # Just keep the top 10
+        results = results[:10]
+
+        # Print the timings
+        for name, elapsed in results:
+            print "{0:-<70}{1:->9}".format('{0} '.format(name), ' {0:.02f}s'.format(elapsed))
--- a/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org
+++ b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org
@@ -0,0 +1,27 @@
+pam_url:
+{
+	settings:
+	{
+                {% if env == 'staging' %}
+		url = "https://fas-all.stg.phx2.fedoraproject.org:8443/";	# URI to fetch
+                {% elif datacenter == 'phx2' %}
+		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
+                {% else %}
+		url = "https://fas-all.vpn.fedoraproject.org:8443/";	# URI to fetch   
+                {% endif %}
+		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
+		userfield = "user";				# userfield name to send
+		passwdfield = "token";				# passwdfield name to send
+		extradata = "&do=login";			# extradata to send
+		prompt = "Password+Token: ";			# password prompt
+	};
+
+	ssl:
+	{
+		verify_peer = true;				# Should we verify SSL ?
+		verify_host = true;				# Should we verify the CN in the SSL cert?
+		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
+		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
+                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
+	};
+};
--- a/files/common/epel7.repo
+++ b/files/common/epel7.repo
@@ -0,0 +1,20 @@
+[epel]
+name=Extras Packages for Enterprise Linux $releasever - $basearch
+baseurl=http://infrastructure.fedoraproject.org/pub/epel/7/$basearch/
+enabled=0
+gpgcheck=1
+gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
+
+[epel-testing]
+name=Extras Packages for Enterprise Linux $releasever - $basearch
+baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/
+enabled=0
+gpgcheck=1
+gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
+
+[epel-beta]
+name=Extras Packages for Enterprise Linux beta $releasever - $basearch
+baseurl=http://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/
+enabled=1
+gpgcheck=1
+gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
--- a/files/common/fedora-updates-testing.repo-arm
+++ b/files/common/fedora-updates-testing.repo-arm
@@ -1,7 +1,7 @@
 [updates-testing]
 name=Fedora $releasever - $basearch - Test Updates
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
@@ -10,7 +10,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-testing-debuginfo]
 name=Fedora $releasever - $basearch - Test Updates Debug
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/debug/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
@@ -19,7 +19,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-testing-source]
 name=Fedora $releasever - Test Updates Source
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/SRPMS/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
--- a/files/common/fedora-updates.repo-arm
+++ b/files/common/fedora-updates.repo-arm
@@ -1,7 +1,7 @@
 [updates]
 name=Fedora $releasever - $basearch - Updates
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
 enabled=1
 gpgcheck=1
@@ -10,7 +10,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-debuginfo]
 name=Fedora $releasever - $basearch - Updates - Debug
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/debug/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
@@ -19,7 +19,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-source]
 name=Fedora $releasever - Updates Source
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/SRPMS/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
--- a/files/common/fedora.repo-arm
+++ b/files/common/fedora.repo-arm
@@ -1,7 +1,7 @@
 [fedora]
 name=Fedora $releasever - $basearch
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/os/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
 enabled=1
 metadata_expire=7d
@@ -11,7 +11,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [fedora-debuginfo]
 name=Fedora $releasever - $basearch - Debug
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/debug/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
 enabled=0
 metadata_expire=7d
@@ -21,7 +21,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [fedora-source]
 name=Fedora $releasever - Source
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/source/SRPMS/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
 enabled=0
 metadata_expire=7d
--- a/files/common/rhel7.repo
+++ b/files/common/rhel7.repo
@@ -0,0 +1,24 @@
+[rhel7-dvd]
+name = rhel7 base dvd
+baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+[rhel7-base]
+name = rhel7 base $basearch
+baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+[rhel7-optional]
+name = rhel7 optional $basearch
+baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+[rhel7-extras]
+name = rhel7 extras $basearch
+baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+
+[rhel7-ha]
+name = rhel7 ha $basearch
+baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
--- a/files/copr/DigiCertCA.crt
+++ b/files/copr/DigiCertCA.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
+YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
+4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
+Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
+itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
+4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
+sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft
+bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
+MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
+NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
+dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
+L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG
+BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
+UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
+aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
+aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
+E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
+/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu
+xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
+0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
+cPUeybQ=
+-----END CERTIFICATE-----
--- a/files/copr/copr-be.conf
+++ b/files/copr/copr-be.conf
@@ -7,7 +7,7 @@ results_baseurl=http://copr-be.cloud.fedoraproject.org/results
 # ??? What is this
 # default is http://coprs/rest/api
 #frontend_url=http://copr-fe.cloud.fedoraproject.org/backend
-frontend_url=http://172.16.5.6/backend
+frontend_url=http://172.16.5.31/backend

 # must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf
 # default is PASSWORDHERE but you really should change it. really.
@@ -22,6 +22,8 @@ spawn_playbook=/home/copr/provision/builderpb.yml
 # default is /etc/copr/terminate_playbook.yml 
 terminate_playbook=/home/copr/provision/terminatepb.yml

+terminate_vars=vm_name
+
 # directory where jobs are stored
 # no defaults
 jobsdir=/var/lib/copr/jobs
--- a/files/copr/delete-forgotten-instances.cron
+++ b/files/copr/delete-forgotten-instances.cron
@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+
+source /home/copr/cloud/ec2rc.sh
+/home/copr/delete-forgotten-instances.pl
+
--- a/files/copr/delete-forgotten-instances.pl
+++ b/files/copr/delete-forgotten-instances.pl
@@ -0,0 +1,28 @@
+#!/usr/bin/perl
+# this scrip query for all running VM and terminate those
+# which are not currently started by some ansible script
+
+while (chomp($a = qx(ps ax |grep -v 'sh -c ps ax'  |grep /home/copr/provision/builderpb.yml | grep -v grep))) {
+  # we are starting some VM and could not determine correct list of running VMs
+  sleep 5;
+}
+
+#print qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }');
+@IPs = split('\s+', qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }'));
+
+#print "Running instances\n";
+#print join(", ", @IPs), "\n";
+for my $i (@IPs) {
+  $check{$i} = 1;
+}
+
+@instances = split('\n', qx(/bin/euca-describe-instances));
+@TO_DELETE = ();
+for my $i (@instances) {
+  my @COLUMNS = split('\s+', $i);
+  next if $COLUMNS[0] eq 'RESERVATION';
+  #print $COLUMNS[1], ", ", $COLUMNS[15], "\n";
+  push(@TO_DELETE, $COLUMNS[1]) unless $check{$COLUMNS[15]};
+}
+$id_merged = join(" ", @TO_DELETE);
+qx|euca-terminate-instances $id_merged| if ($id_merged);
--- a/files/copr/fe/copr.conf
+++ b/files/copr/fe/copr.conf
@@ -4,14 +4,14 @@ DATABASE = '/var/lib/copr/data/copr.db'
 OPENID_STORE = '/var/lib/copr/data/openid_store'
 WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'

-SECRET_KEY = {{ copr_secret_key }}
-BACKEND_PASSWORD = {{ copr_backend_password  }}
+SECRET_KEY = '{{ copr_secret_key }}'
+BACKEND_PASSWORD = '{{ copr_backend_password  }}'

 # restrict access to a set of users
 #USE_ALLOWED_USERS = False
 #ALLOWED_USERS = ['bonnie', 'clyde']

-SQLALCHEMY_DATABASE_URI = {{ copr_database_uri }}
+SQLALCHEMY_DATABASE_URI = '{{ copr_database_uri }}'

 # Token length, defaults to 30 (max 255)
 #API_TOKEN_LENGTH = 30
@@ -28,3 +28,6 @@ SQLALCHEMY_ECHO = False

 CSRF_ENABLED = True
 WTF_CSRF_ENABLED = True
+
+# send emails when user's perms change in project?
+SEND_EMAILS = True
--- a/files/copr/fe/httpd/coprs.conf
+++ b/files/copr/fe/httpd/coprs.conf
@@ -10,8 +10,8 @@ WSGISocketPrefix /var/run/wsgi
    WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
    WSGIProcessGroup 127.0.0.1

-    ErrorLog logs/error_coprs
-    CustomLog logs/access_coprs common
+    #ErrorLog logs/error_coprs
+    #CustomLog logs/access_coprs common

    <Directory /usr/share/copr>
        WSGIApplicationGroup %{GLOBAL}
@@ -35,8 +35,8 @@ WSGISocketPrefix /var/run/wsgi
    WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
    WSGIProcessGroup 127.0.0.1

-    ErrorLog logs/error_coprs
-    CustomLog logs/access_coprs common
+    #ErrorLog logs/error_coprs
+    #CustomLog logs/access_coprs common

    <Directory /usr/share/copr>
        WSGIApplicationGroup %{GLOBAL}
--- a/files/copr/fe/yum/copr.repo
+++ b/files/copr/fe/yum/copr.repo
@@ -4,7 +4,7 @@ failovermethod=priority
 #baseurl=http://copr-be.cloud.fedoraproject.org/results/msuchy/copr/fedora-19-x86_64/
 # 172.16.5.4 is copr-be.cloud.fedoraproject.org
 # see https://fedorahosted.org/fedora-infrastructure/ticket/4025
-baseurl=http://172.16.5.4/results/msuchy/copr/fedora-19-x86_64/
+baseurl=http://172.16.5.4/results/msuchy/copr/fedora-20-x86_64/
 enabled=1
 gpgcheck=0

--- a/files/copr/forward-dev
+++ b/files/copr/forward-dev
@@ -0,0 +1,2 @@
+msuchy+coprmachine@redhat.com
+asamalik@redhat.com
--- a/files/copr/hosts
+++ b/files/copr/hosts
@@ -0,0 +1,7 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+172.16.5.31  copr-fe.cloud.fedoraproject.org
+172.16.5.31  copr.fedoraproject.org
+172.16.5.4 copr-be.cloud.fedoraproject.org
+172.16.5.5 copr-be-dev.cloud.fedoraproject.org
+172.16.5.15 copr-fe-dev.cloud.fedoraproject.org
--- a/files/copr/keystonerc
+++ b/files/copr/keystonerc
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# With the addition of Keystone, to use an openstack cloud you should
+# authenticate against keystone, which returns a **Token** and **Service
+# Catalog**.  The catalog contains the endpoint for all services the
+# user/tenant has access to - including nova, glance, keystone, swift.
+#
+# *NOTE*: Using the 2.0 *auth api* does not mean that compute api is 2.0.  We
+# will use the 1.1 *compute api*
+export OS_AUTH_URL=http://172.23.0.2:5000/v2.0
+
+# With the addition of Keystone we have standardized on the term **tenant**
+# as the entity that owns the resources.
+
+export OS_TENANT_ID={{ copr_tenant_id }}
+export OS_TENANT_NAME="copr"
+
+# In addition to the owning entity (tenant), openstack stores the entity
+# performing the action as the **user**.
+export OS_USERNAME=msuchy
+
+# With Keystone you pass the keystone password.
+export OS_PASSWORD={{ copr_nova_password }}
--- a/files/copr/lighttpd/lighttpd.conf
+++ b/files/copr/lighttpd/lighttpd.conf
@@ -448,8 +448,8 @@ server.upload-dirs = ( "/var/tmp" )

 $SERVER["socket"] == ":443" {
  ssl.engine = "enable"
-  ssl.pemfile = "/etc/lighttpd/coprs-be.fedoraproject.org.pem"
-  ssl.ca-file = "/etc/lighttpd/coprs-be.fedoraproject.org.crt"
+  ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem"
+  ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt"
  ssl.disable-client-renegotiation = "enable"
  ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 }
--- a/files/copr/provision/ansible.cfg
+++ b/files/copr/provision/ansible.cfg
@@ -88,6 +88,6 @@ record_host_keys=False
 # will result in poor performance, so use transport=paramiko on older platforms rather than
 # removing it

-ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r
+ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto -o ControlPersist=60s


--- a/files/copr/provision/builderpb.yml
+++ b/files/copr/provision/builderpb.yml
@@ -1,3 +1,4 @@
+#jinja2:variable_start_string:'[%' , variable_end_string:'%]'
 ---
 - name: check/create instance
  hosts: localhost
@@ -5,30 +6,37 @@
  gather_facts: False

  vars:
-  - keypair: buildsys
-  - image: ami-0000000e
-  - instance_type: m1.builder
  - security_group: builder
+  - OS_AUTH_URL: http://172.23.0.2:5000/v2.0
+  - OS_TENANT_NAME: copr
+  - OS_USERNAME: msuchy
+  - OS_PASSWORD: [% copr_nova_password %]
+  # rhel 6.4 2013-02-21 x86_64 - ami
+  - image_id: cba0c766-84ac-4048-b0f5-6d4000af62f8

  tasks:
-  - name: spin it up
-    local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }}
-    register: inst_res
+  - name: generate builder name
+    local_action: command echo "Copr builder {{ 999999999 | random }}"
+    register: vm_name

-  - name: get its internal ip b/c openstack is sometimes stupid
-    local_action: shell euca-describe-instances {{ inst_res.instances[0].id }} | grep INSTANCE | cut -f 18
-    register: int_ip
+  - name: spin it up
+    local_action: nova_compute auth_url={{OS_AUTH_URL}} flavor_id=6 image_id={{ image_id }} key_name=buildsys login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} security_groups={{security_group}} wait=yes name="{{vm_name.stdout}}"
+    register: nova
+
+  # should be able to use nova.private_ip, but it does not work with Fedora Cloud.
+  - debug: msg="IP={{ nova.info.addresses.vlannet_3[0].addr }}"
+
+  - debug: msg="vm_name={{vm_name.stdout}}"

  - name: add it to the special group
-    local_action: add_host hostname={{ int_ip.stdout }} groupname=builder_temp_group
+    local_action: add_host hostname={{ nova.info.addresses.vlannet_3[0].addr }} groupname=builder_temp_group

  - name: wait for the host to be hot
-    local_action: wait_for host={{ int_ip.stdout }} port=22 delay=5 timeout=600
-
-  - debug: msg="IP={{ int_ip.stdout }}"
+    local_action: wait_for host={{ nova.info.addresses.vlannet_3[0].addr }} port=22 delay=5 timeout=600

 - hosts: builder_temp_group
  user: root
+  gather_facts: False
  vars:
   - files: files/
  
@@ -56,9 +64,15 @@
    - mock
    - createrepo
    - yum-utils
+    - pyliblzma

  - name: make sure newest rpm
-    action: yum name=rpm state=latest
+    action: yum name={{ item }} state=latest
+    with_items:
+    - rpm
+    - glib2
+
+  - yum: name=mock  enablerepo=epel-testing state=latest

  - name: mockbuilder user   
    action: user name=mockbuilder groups=mock
@@ -79,3 +93,4 @@
    - fedora-20-i386.cfg
    - epel-7-x86_64.cfg

+  - lineinfile: dest=/root/.bashrc line="ulimit -n 10240" insertafter=EOF
--- a/files/copr/provision/files/mock/epel-7-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-7-x86_64.cfg
@@ -34,7 +34,7 @@ syslog_device=

 [beta]
 name=beta
-baseurl=http://ftp.redhat.com/redhat/rhel/beta/7/x86_64/os/
+baseurl=http://kojipkgs.fedoraproject.org/rhel/beta/7/x86_64/os/

 [epel]
 name=Extra Packages for Enterprise Linux 7 - $basearch
--- a/files/copr/provision/files/mock/fedora-21-i386.cfg
+++ b/files/copr/provision/files/mock/fedora-21-i386.cfg
@@ -0,0 +1,63 @@
+config_opts['root'] = 'fedora-21-i386'
+config_opts['target_arch'] = 'i686'
+config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
+config_opts['dist'] = 'fc21'  # only useful for --resultdir variable subst
+config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
+config_opts['releasever'] = '21'
+
+config_opts['yum.conf'] = """
+[main]
+cachedir=/var/cache/yum
+debuglevel=1
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+
+# repos
+
+[fedora]
+name=fedora
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+failovermethod=priority
+
+[updates]
+name=updates
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
+failovermethod=priority
+
+[updates-testing]
+name=updates-testing
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[local]
+name=local
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/i386/
+cost=2000
+enabled=0
+
+[fedora-debuginfo]
+name=fedora-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-debuginfo]
+name=updates-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-testing-debuginfo]
+name=updates-testing-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+"""
--- a/files/copr/provision/files/mock/fedora-21-x86_64.cfg
+++ b/files/copr/provision/files/mock/fedora-21-x86_64.cfg
@@ -0,0 +1,63 @@
+config_opts['root'] = 'fedora-21-x86_64'
+config_opts['target_arch'] = 'x86_64'
+config_opts['legal_host_arches'] = ('x86_64',)
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
+config_opts['dist'] = 'fc21'  # only useful for --resultdir variable subst
+config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
+config_opts['releasever'] = '21'
+
+config_opts['yum.conf'] = """
+[main]
+cachedir=/var/cache/yum
+debuglevel=1
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+
+# repos
+
+[fedora]
+name=fedora
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+failovermethod=priority
+
+[updates]
+name=updates
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
+failovermethod=priority
+
+[updates-testing]
+name=updates-testing
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[local]
+name=local
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/x86_64/
+cost=2000
+enabled=0
+
+[fedora-debuginfo]
+name=fedora-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-debuginfo]
+name=updates-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-testing-debuginfo]
+name=updates-testing-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+"""
--- a/files/copr/provision/terminatepb.yml
+++ b/files/copr/provision/terminatepb.yml
@@ -1,16 +1,18 @@
+#jinja2:variable_start_string:'[%' , variable_end_string:'%]'
 ---
 - name: terminate instance
  hosts: all
  user: root
  gather_facts: False

+  vars:
+  - OS_AUTH_URL: http://172.23.0.2:5000/v2.0
+  - OS_TENANT_NAME: copr
+  - OS_USERNAME: msuchy
+  - OS_PASSWORD: [% copr_nova_password %]
+
  tasks:
-  - name: find the instance id from the builder
-    action: command curl -s http://169.254.169.254/latest/meta-data/instance-id
-    register: instanceid
-
  - name: terminate it
-    local_action: command euca-terminate-instances {{ instanceid.stdout }}
-
+    local_action: nova_compute auth_url={{OS_AUTH_URL}} login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} name="{{copr_task.vm_name}}" state=absent


--- a/files/download/download-sync.cron
+++ b/files/download/download-sync.cron
@@ -0,0 +1,3 @@
+# run twice daily rsync of download. but lock it
+MAILTO=smooge@gmail.com
+00 11,23 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-downloads"
--- a/files/download/sync-up-downloads.sh
+++ b/files/download/sync-up-downloads.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+##
+## This script is used to sync data from main download servers to
+## secondary server at ibiblio.
+##
+
+RSYNC='/usr/bin/rsync'
+RS_OPT="-avSHP  --numeric-ids"
+RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
+ALT_EXCLUDES="--exclude deltaisos/archive"
+EPL_EXCLUDES=""
+FED_EXCLUDES=""
+
+SERVER=dl.fedoraproject.org
+
+# http://dl.fedoraproject.org/pub/alt/stage/
+${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-alt/stage/  /srv/pub/alt/stage/ | tail -n2 | logger -p local0.notice -t rsync_updates_alt_stg
+# http://dl.fedoraproject.org/pub/alt/bfo/
+${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-alt/bfo/  /srv/pub/alt/bfo/ | tail -n2 | logger -p local0.notice -t rsync_updates_alt_bfo
+# http://dl.fedoraproject.org/pub/epel/
+${RSYNC} ${RS_OPT} ${RS_DEADLY} ${EPL_EXCLUDES} ${SERVER}::fedora-epel/ /srv/pub/epel/ | tail -n2 | logger -p local0.notice -t rsync_updates_epel
+# http://dl.fedoraproject.org/pub/fedora/
+${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-enchilada0/ /srv/pub/fedora/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora
+
+# Let MM know I'm all up to date
+#/usr/bin/report_mirror
--- a/files/gnome/backup.sh
+++ b/files/gnome/backup.sh
@@ -28,7 +28,8 @@ MACHINES='signal.gnome.org
          view.gnome.org
          puppet.gnome.org
          accelerator.gnome.org
-          range.gnome.org'
+          range.gnome.org
+          pentagon.gimp.org'

 BACKUP_DIR='/fedora_backups/gnome/'
 LOGS_DIR='/fedora_backups/gnome/logs'
--- a/files/gnome/ssh_config
+++ b/files/gnome/ssh_config
@@ -3,6 +3,6 @@ Host live.gnome.org extensions.gnome.org puppet.gnome.org view.gnome.org drawabl
     IdentityFile /usr/local/etc/gnome_backup_id.rsa
     ProxyCommand ssh -W %h:%p bastion.gnome.org -F /usr/local/etc/gnome_ssh_config

-Host *.gnome.org
+Host *.gnome.org pentagon.gimp.org
     User root
     IdentityFile /usr/local/etc/gnome_backup_id.rsa
--- a/files/hosts/badges-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-backend01.stg.phx2.fedoraproject.org-hosts
@@ -1,10 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.85     db-datanommer   db-datanommer
-10.5.126.85     db-tahrir       db-tahrir
--- a/files/hosts/badges-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-web01.stg.phx2.fedoraproject.org-hosts
@@ -1,11 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     db-tahrir       db-tahrir
--- a/files/hosts/fedocal01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/fedocal01.stg.phx2.fedoraproject.org-hosts
@@ -1,11 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     db-fedocal       db-fedocal
--- a/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
@@ -1,12 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     db-notifs       db-notifs
-10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
@@ -1,12 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     db-notifs       db-notifs
-10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
@@ -1,12 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     db-notifs       db-notifs
-10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/nuancier01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier01.stg.phx2.fedoraproject.org-hosts
@@ -1,11 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     nuancier_db       nuancier_db
--- a/files/hosts/nuancier02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier02.stg.phx2.fedoraproject.org-hosts
@@ -1,11 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     nuancier_db       nuancier_db
--- a/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
@@ -1,12 +0,0 @@
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-
-10.5.126.89     admin.fedoraproject.org
-10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
-10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.23     infrastructure.fedoraproject.org
-10.5.125.44     pkgs.fedoraproject.org
-
-10.5.126.81     memcached03 memcached03.stg app01 app01.stg
-
-10.5.126.85     db-summershum       db-summershum
--- a/files/httpd/httpd.logrotate
+++ b/files/httpd/httpd.logrotate
@@ -0,0 +1,13 @@
+/var/log/httpd/*log {
+    daily
+    rotate 7
+    missingok
+    ifempty
+    compress
+    compresscmd /usr/bin/xz
+    uncompresscmd /usr/bin/xz
+    compressext .xz
+    dateext
+    sharedscripts
+    copytruncate
+}
--- a/files/jenkins/master/config.xml
+++ b/files/jenkins/master/config.xml
@@ -30,22 +30,6 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
  <clouds/>
  <slaves>
-    <slave>
-      <name>Fedora18</name>
-      <description></description>
-      <remoteFS>/mnt/jenkins/</remoteFS>
-      <numExecutors>2</numExecutors>
-      <mode>NORMAL</mode>
-      <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
-      <launcher class="hudson.plugins.sshslaves.SSHLauncher"
-      plugin="ssh-slaves@0.21">
-        <host>172.16.5.12</host>
-        <port>22</port>
-        <credentialsId>d844d352-af1d-466b-9fc9-cbb19348103a</credentialsId>
-      </launcher>
-      <label></label>
-      <nodeProperties/>
-    </slave>
    <slave>
      <name>Fedora19</name>
      <description></description>
@@ -94,6 +78,22 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
       <label></label>
       <nodeProperties/>
     </slave>
+     <slave>
+        <name>EL7-beta</name>
+        <description></description>
+        <remoteFS>/mnt/jenkins/</remoteFS>
+        <numExecutors>2</numExecutors>
+        <mode>NORMAL</mode>
+        <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
+        <launcher class="hudson.plugins.sshslaves.SSHLauncher"
+        plugin="ssh-slaves@0.21">
+          <host>172.16.5.14</host>
+          <port>22</port>
+          <credentialsId>950d5dd7-acb2-402a-8670-21f152d04928</credentialsId>
+        </launcher>
+        <label></label>
+        <nodeProperties/>
+      </slave>
  </slaves>
  <quietPeriod>5</quietPeriod>
  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
--- a/files/keyserver/sks.conf
+++ b/files/keyserver/sks.conf
@@ -51,9 +51,9 @@ NameVirtualHost *:443
 	ServerAlias keys01.fedoraproject.org

        SSLEngine on
-        SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
-	SSLCertificateChainFile /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
-        SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+        SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
+	SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
+        SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
 	ProxyPass / http://localhost:11371/
 	ProxyPassReverse / http://localhost:11371/
        SetEnv proxy-nokeepalive 1
--- a/files/rdiff-backup/#run-rdiff-backups.cron#
+++ b/files/rdiff-backup/#run-rdiff-backups.cron#
@@ -0,0 +1,3 @@
+# run rdiff backups
+MAILTO=kevin@scrye.com,smooge@gmail.com
+00 22 * * * root /usr/local/bin/lock-wrapper run-rdiff-backups "/usr/local/bin/run-rdiff-backups"
--- a/files/releng/branched
+++ b/files/releng/branched
@@ -1,3 +1,3 @@
 # branched compose
-MAILTO=rel-eng@lists.fedoraproject.org
+MAILTO=releng-cron@lists.fedoraproject.org
 15 7 * * * masher TMPDIR=`mktemp -d /tmp/branched.XXXXXX` && cd $TMPDIR && git clone -n git://git.fedorahosted.org/releng && cd releng && git checkout -b stable rawhide-stable && LANG=en_US.UTF-8 ./scripts/buildbranched $(date "+\%Y\%m\%d") && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora
--- a/files/releng/fedmsg/endpoints.py
+++ b/files/releng/fedmsg/endpoints.py
@@ -9,7 +9,7 @@ config = dict(
        # This is the output side of the relay to which all other
        # services can listen.
        "relay_outbound": [
-            "tcp://app01.%s:3999" % suffix,
+            "tcp://busgateway01.%s:3999" % suffix,
        ],

        # For other, more 'normal' services, fedmsg will try to guess the
@@ -24,11 +24,11 @@ config = dict(
            "tcp://app02.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
-        "bodhi.releng01": [
-            "tcp://releng01.%s:3000" % suffix
+        "bodhi.branched-composer": [
+            "tcp://branched-composer.%s:3000" % suffix
        ],
-        "bodhi.releng02": [
-            "tcp://releng02.%s:3000" % suffix
+        "bodhi.rawhide-composer": [
+            "tcp://rawhide-composer.%s:3000" % suffix
        ],
        "bodhi.app03": [
            "tcp://app03.%s:300%i" % (suffix, i)
@@ -60,12 +60,12 @@ config = dict(
            "tcp://fas01.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
-        "fedoratagger.packages01": [
-            "tcp://packages01.%s:300%i" % (suffix, i)
+        "fedoratagger.tagger01": [
+            "tcp://tagger01.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
-        "fedoratagger.packages02": [
-            "tcp://packages02.%s:300%i" % (suffix, i)
+        "fedoratagger.tagger02": [
+            "tcp://tagger02.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
        "busmon.app01": [
@@ -85,5 +85,5 @@ config = dict(
    # It is also used by the git-hook, for the same reason.
    # It is also used by the mediawiki php plugin which, due to the oddities of
    # php, can't maintain a single passive-bind endpoint of it's own.
-    relay_inbound="tcp://app01.%s:3998" % suffix,
+    relay_inbound="tcp://busgateway01.%s:9941" % suffix,
 )
--- a/files/releng/fedmsg/ssl.py
+++ b/files/releng/fedmsg/ssl.py
@@ -50,12 +50,12 @@ config = dict(
    ] + [
        ("shell.relepel01", "shell-relepel01.%s" % suffix),
        ("shell.releng04", "shell-releng04.%s" % suffix),
-        ("shell.releng01", "shell-releng01.%s" % suffix),
-        ("shell.releng02", "shell-releng02.%s" % suffix),
+        ("shell.branched-composer", "shell-releng01.%s" % suffix),
+        ("shell.rawhide-composer", "shell-releng02.%s" % suffix),
        ("bodhi.relepel01", "bodhi-relepel01.%s" % suffix),
        ("bodhi.releng04", "bodhi-releng04.%s" % suffix),
-        ("bodhi.releng01", "bodhi-releng01.%s" % suffix),
-        ("bodhi.releng02", "bodhi-releng02.%s" % suffix),
+        ("bodhi.branched-composer", "bodhi-releng01.%s" % suffix),
+        ("bodhi.rawhide-composer", "bodhi-releng02.%s" % suffix),
    ] + [
        ("shell.value01", "shell-value01.%s" % suffix),
        ("shell.value03", "shell-value03.%s" % suffix),
--- a/files/releng/fedora-branched-compose-armhfp.cfg
+++ b/files/releng/fedora-branched-compose-armhfp.cfg
@@ -32,7 +32,7 @@ cost=5000

 [static]
 name=static
-baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/armhfp
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/armhfp
 enabled=1
 #cost=2000
 """
--- a/files/releng/fedora-branched-compose-i386.cfg
+++ b/files/releng/fedora-branched-compose-i386.cfg
@@ -32,7 +32,7 @@ cost=5000

 [static]
 name=static
-baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/i386
 enabled=1
 #cost=2000
 """
--- a/files/releng/fedora-branched-compose-x86_64.cfg
+++ b/files/releng/fedora-branched-compose-x86_64.cfg
@@ -32,7 +32,7 @@ cost=5000

 [static]
 name=static
-baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64
+baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/x86_64
 enabled=1
 #cost=2000
 """
--- a/files/releng/fedora-rawhide-compose-armhfp.cfg
+++ b/files/releng/fedora-rawhide-compose-armhfp.cfg
@@ -1,11 +1,14 @@
 config_opts['root'] = 'fedora-rawhide-compose-armhfp'
 config_opts['target_arch'] = 'armv7hl'
-config_opts['chroot_setup_cmd'] = 'install @buildsys-build uboot-tools'
-config_opts['dist'] = 'fc10'  # only useful for --resultdir variable subst
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi uboot-tools'
+config_opts['dist'] = 'fc21'  # only useful for --resultdir variable subst
 config_opts['plugin_conf']['root_cache_enable'] = False
+config_opts['internal_dev_setup'] = False
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))

 config_opts['yum.conf'] = """
 [main]
--- a/files/releng/fedora-rawhide-compose-i386.cfg
+++ b/files/releng/fedora-rawhide-compose-i386.cfg
@@ -1,10 +1,14 @@
 config_opts['root'] = 'fedora-rawhide-compose-i386'
 config_opts['target_arch'] = 'i386'
-config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
-config_opts['dist'] = 'fc10'  # only useful for --resultdir variable subst
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi'
+config_opts['dist'] = 'fc16'  # only useful for --resultdir variable subst
 config_opts['plugin_conf']['root_cache_enable'] = False
+config_opts['internal_dev_setup'] = False
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))

 config_opts['yum.conf'] = """
 [main]
--- a/files/releng/fedora-rawhide-compose-x86_64.cfg
+++ b/files/releng/fedora-rawhide-compose-x86_64.cfg
@@ -0,0 +1,40 @@
+config_opts['root'] = 'fedora-rawhide-compose-x86_64'
+config_opts['target_arch'] = 'x86_64'
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi'
+config_opts['dist'] = 'fc16'  # only useful for --resultdir variable subst
+config_opts['plugin_conf']['root_cache_enable'] = False
+config_opts['internal_dev_setup'] = False
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))
+
+config_opts['yum.conf'] = """
+[main]
+cachedir=/var/cache/yum
+debuglevel=2
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+
+# repos
+
+[fedora]
+name=fedora
+baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/x86_64/os
+enabled=1
+cost=5000
+
+[static]
+name=static
+baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/x86_64
+enabled=1
+#cost=2000
+"""
+
+
+
--- a/files/releng/fedora-rawhide-pungi-i386.cfg
+++ b/files/releng/fedora-rawhide-pungi-i386.cfg
@@ -1,12 +1,14 @@
 config_opts['root'] = 'fedora-rawhide-pungi-i386'
 config_opts['target_arch'] = 'i386'
-config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
-config_opts['dist'] = 'fc9'
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi'
+config_opts['dist'] = 'fc16'  # only useful for --resultdir variable subst
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['internal_dev_setup'] = False
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' ))
-
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))

 config_opts['yum.conf'] = """
 [main]
--- a/files/releng/fedora-rawhide-pungi-x86_64.cfg
+++ b/files/releng/fedora-rawhide-pungi-x86_64.cfg
@@ -1,12 +1,14 @@
 config_opts['root'] = 'fedora-rawhide-pungi-x86_64'
 config_opts['target_arch'] = 'x86_64'
-config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
-config_opts['dist'] = 'fc9'
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi'
+config_opts['dist'] = 'fc16'  # only useful for --resultdir variable subst
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['internal_dev_setup'] = False
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' ))
-
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))

 config_opts['yum.conf'] = """
 [main]
--- a/files/releng/rawhide
+++ b/files/releng/rawhide
@@ -1,3 +1,3 @@
 # rawhide compose
-MAILTO=rel-eng@lists.fedoraproject.org
+MAILTO=releng-cron@lists.fedoraproject.org
 15 5 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.XXXXXX` && cd $TMPDIR && git clone -n git://git.fedorahosted.org/releng && cd releng && git checkout -b stable rawhide-stable && LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d") && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora
--- a/files/releng/releng.repo
+++ b/files/releng/releng.repo
@@ -1,6 +0,0 @@
-[releng]
-name=Rel-Eng Packages from Fedora Infrastructure $releasever - $basearch
-baseurl=http://infrastructure.fedoraproject.org/repo/releng/$releasever/$basearch/
-enabled=1
-gpgcheck=1
-gpgkey=http://infrastructure.fedoraproject.org/repo/RPM-GPG-KEY-INFRASTRUCTURE
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -6,7 +6,7 @@
  action: service name=auditd state=restarted

 - name: restart apache
-  action: service name=httpd state=restarted
+  command: /usr/local/bin/conditional-restart.sh httpd httpd

 - name: reload apache
  action: service name=httpd state=reloaded
@@ -17,8 +17,20 @@
 - name: restart crond
  action: service name=crond state=restarted

+- name: restart fedmsg-gateway
+  command: /usr/local/bin/conditional-restart.sh fedmsg-gateway fedmsg-gateway
+
+- name: restart fedmsg-hub
+  command: /usr/local/bin/conditional-restart.sh fedmsg-hub fedmsg-hub
+
+- name: restart fedmsg-irc
+  command: /usr/local/bin/conditional-restart.sh fedmsg-irc fedmsg-irc
+
+- name: restart fedmsg-relay
+  command: /usr/local/bin/conditional-restart.sh fedmsg-relay fedmsg-relay
+
 - name: restart httpd
-  action: service name=httpd state=restarted
+  command: /usr/local/bin/conditional-restart.sh httpd httpd

 - name: reload httpd
  action: service name=httpd state=reloaded
@@ -56,6 +68,15 @@
 - name: restart openvpn
  action: service name=openvpn state=restarted

+- name: restart openvpn 2
+  action: service name=openvpn state=restarted
+
+- name: restart openvpn 6
+  action: service name=openvpn state=restarted
+
+- name: restart openvpn 7
+  action: service name=openvpn@openvpn state=restarted
+
 - name: restart postfix
  action: service name=postfix state=restarted

@@ -68,12 +89,6 @@
 - name: restart rsyslog
  action: service name=rsyslog state=restarted

- name: restart sks-db
-  action: service name=sks-db state=restarted
-
- name: restart sks-recon
-  action: service name=sks-recon state=restarted
-
 - name: restart sshd
  action: service name=sshd state=restarted

@@ -85,3 +100,24 @@

 - name: restart unbound
  action: service name=unbound state=restarted
+
+- name: rebuild postfix transport
+  command: /usr/sbin/postmap /etc/postfix/transport
+
+- name: restart glusterd
+  service: name=glusterd state=restarted
+
+- name: restart supervisord
+  service: name=supervisord state=restarted
+
+- name: run rkhunter
+  command: rkhunter --propupd
+
+- name: restart moksha-hub
+  service: name=moksha-hub state=restarted
+
+- name: restart dhcpd
+  service: name=dhcpd state=restarted
+
+- name: restart memcached
+  service: name=memcached state=restarted
--- a/inventory/builders
+++ b/inventory/builders
@@ -28,16 +28,10 @@ buildvm-25.phx2.fedoraproject.org
 buildvm-26.phx2.fedoraproject.org
 buildvm-27.phx2.fedoraproject.org

+[buildvm-stg]
+buildvm-01.stg.phx2.fedoraproject.org
+
 [buildvmhost]
-buildvmhost-01.phx2.fedoraproject.org
-buildvmhost-02.phx2.fedoraproject.org
-buildvmhost-03.phx2.fedoraproject.org
-buildvmhost-04.phx2.fedoraproject.org
-buildvmhost-05.phx2.fedoraproject.org
-buildvmhost-06.phx2.fedoraproject.org
-buildvmhost-07.phx2.fedoraproject.org
-buildvmhost-08.phx2.fedoraproject.org
-buildvmhost-09.phx2.fedoraproject.org
 buildvmhost-10.phx2.fedoraproject.org
 buildvmhost-11.phx2.fedoraproject.org
 buildvmhost-12.phx2.fedoraproject.org
@@ -46,6 +40,16 @@ buildvmhost-12.phx2.fedoraproject.org
 [buildhw]
 buildhw-01.phx2.fedoraproject.org
 buildhw-02.phx2.fedoraproject.org
+buildhw-03.phx2.fedoraproject.org
+buildhw-04.phx2.fedoraproject.org
+buildhw-05.phx2.fedoraproject.org
+buildhw-06.phx2.fedoraproject.org
+buildhw-07.phx2.fedoraproject.org
+buildhw-08.phx2.fedoraproject.org
+buildhw-09.phx2.fedoraproject.org
+buildhw-10.phx2.fedoraproject.org
+buildhw-11.phx2.fedoraproject.org
+buildhw-12.phx2.fedoraproject.org

 [buildppc]
 buildppc-01.phx2.fedoraproject.org
@@ -64,8 +68,9 @@ arm04
 # These are secondary arch builders. 
 #
 [arm01]
-arm01-builder00.arm.fedoraproject.org
-arm01-builder01.arm.fedoraproject.org
+# 00 and 01 are in use as releng and retrace instances
+#arm01-releng00.arm.fedoraproject.org
+#arm01-retrace01.arm.fedoraproject.org
 arm01-builder02.arm.fedoraproject.org
 arm01-builder03.arm.fedoraproject.org
 arm01-builder04.arm.fedoraproject.org
@@ -84,7 +89,6 @@ arm01-builder16.arm.fedoraproject.org
 arm01-builder17.arm.fedoraproject.org
 arm01-builder18.arm.fedoraproject.org
 arm01-builder19.arm.fedoraproject.org
-# these are v5
 arm01-builder20.arm.fedoraproject.org
 arm01-builder21.arm.fedoraproject.org
 arm01-builder22.arm.fedoraproject.org
@@ -173,11 +177,9 @@ arm04-builder16.arm.fedoraproject.org
 arm04-builder17.arm.fedoraproject.org
 arm04-builder18.arm.fedoraproject.org
 arm04-builder19.arm.fedoraproject.org
-# These are v5
 arm04-builder20.arm.fedoraproject.org
 arm04-builder21.arm.fedoraproject.org
-# broken disk - kevin 2013-04-05
-#arm04-builder22.arm.fedoraproject.org
+arm04-builder22.arm.fedoraproject.org
 arm04-builder23.arm.fedoraproject.org

 [builders:children]
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -19,22 +19,30 @@ tcp_ports: []
 custom_rules: []

 # defaults for virt installs
-ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-6
-ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL6-x86_64/
+ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
+ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
 mem_size: 2048
 num_cpus: 2
 lvm_size: 20000

 # default virt install command is for a single nic-device
 # define in another group file for more nics (see buildvm)
-virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} 
-                 --disk {{ volgroup }}/{{ inventory_hostname }}
-                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x 
-                 "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} 
-                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
-                  hostname={{ inventory_hostname }}" 
-                 --network=bridge=br0 --autostart --noautoconsole
+#virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }} 
+#                 --disk {{ volgroup }}/{{ inventory_hostname }}
+#                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x 
+#                 "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }} 
+#                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
+#                  hostname={{ inventory_hostname }}" 
+#                 --network=bridge=br0 --autostart --noautoconsole

+virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
+                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
+                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
+                 'ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                  hostname={{ inventory_hostname }} nameserver={{ dns }}
+                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+                 --network bridge=br0,model=virtio
+                 --autostart --noautoconsole

 # By default, nodes get no fedmsg certs.  They need to declare them explicitly.
 fedmsg_certs: []
@@ -43,8 +51,16 @@ fedmsg_certs: []
 dbs_to_backup: []

 # by default the number of procs we allow before we whine
-nrpe_procs_warn: 175
-nrpe_procs_crit: 200
+nrpe_procs_warn: 250
+nrpe_procs_crit: 300

 # env is staging or production, we default it to production here. 
 env: production
+
+# nfs mount options, override at the group/host level
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid"
+
+# by default set sudo to false here We can override it as needed. 
+# Note that if sudo is true, you need to unset requiretty for 
+# ssh controlpersist to work. 
+sudo: false
--- a/inventory/group_vars/arm-packager
+++ b/inventory/group_vars/arm-packager
@@ -1,6 +1,6 @@
 ---
 fas_client_groups: packager
 freezes: false
-sudoers: "{{ private }}/files/sudo/arm-packager"
+sudoers: "{{ private }}/files/sudo/arm-packager-sudoers"
 sudoers_main: nopasswd
 host_group: cloud
--- a/inventory/group_vars/arm-retrace
+++ b/inventory/group_vars/arm-retrace
@@ -0,0 +1,10 @@
+---
+fas_client_groups: retrace
+freezes: false
+#
+# These are 32bit
+#
+libdir: /usr/lib
+sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers"
+
+tcp_ports: [ 80 ]
--- a/inventory/group_vars/ask
+++ b/inventory/group_vars/ask
@@ -8,9 +8,12 @@ tcp_ports: [ 80, 443,
    # These 8 ports are used by fedmsg.  One for each wsgi thread.
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/ask-stg
+++ b/inventory/group_vars/ask-stg
@@ -8,9 +8,12 @@ tcp_ports: [ 80, 443,
    # These 8 ports are used by fedmsg.  One for each wsgi thread.
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc,sysadmin-ask,fi-apprentice

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/atomichw
+++ b/inventory/group_vars/atomichw
@@ -0,0 +1,9 @@
+---
+host_group: atomicbuilder
+freezes: false
+nrpe_procs_warn: 700
+nrpe_procs_crit: 800
+
+fas_client_groups: atomic,sysadmin-atomic
+
+tcp_ports: [ 80, 443, 873 ]
--- a/inventory/group_vars/autosign
+++ b/inventory/group_vars/autosign
@@ -0,0 +1,11 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 30000
+mem_size: 2048
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+fas_client_groups: sysadmin-releng
+host_group: autosign
--- a/inventory/group_vars/badges-backend
+++ b/inventory/group_vars/badges-backend
@@ -11,7 +11,7 @@ tcp_ports: [ 3000 ]

 fas_client_groups: sysadmin-noc,sysadmin-badges

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/badges-backend-stg
+++ b/inventory/group_vars/badges-backend-stg
@@ -11,7 +11,7 @@ tcp_ports: [ 3000 ]

 fas_client_groups: sysadmin-noc,sysadmin-badges

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/badges-web
+++ b/inventory/group_vars/badges-web
@@ -12,9 +12,12 @@ tcp_ports: [ 80, 443,
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc,sysadmin-badges

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/badges-web-stg
+++ b/inventory/group_vars/badges-web-stg
@@ -12,9 +12,12 @@ tcp_ports: [ 80, 443,
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc,sysadmin-badges

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/beaker
+++ b/inventory/group_vars/beaker
@@ -6,7 +6,8 @@ num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file

-tcp_ports: [ 80, 443 ]
+tcp_ports: [ 80, 443, 8000 ]
+udp_ports: [ 69 ]
 fas_client_groups: sysadmin-qa
 nrpe_procs_warn: 250
 nrpe_procs_crit: 300
--- a/inventory/group_vars/bodhi
+++ b/inventory/group_vars/bodhi
@@ -15,9 +15,12 @@ tcp_ports: [ 80, 443,
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/bodhi-stg
+++ b/inventory/group_vars/bodhi-stg
@@ -15,9 +15,12 @@ tcp_ports: [ 80, 443,
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/bugzilla2fedmsg
+++ b/inventory/group_vars/bugzilla2fedmsg
@@ -0,0 +1,21 @@
+---
+lvm_size: 20000
+mem_size: 6144
+num_cpus: 2
+freezes: false
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 3000, 3001 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: bugzilla2fedmsg
+  owner: root
+  group: fedmsg
--- a/inventory/group_vars/bugzilla2fedmsg-stg
+++ b/inventory/group_vars/bugzilla2fedmsg-stg
@@ -0,0 +1,21 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 1
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 3000, 3001 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: bugzilla2fedmsg
+  owner: root
+  group: fedmsg
--- a/inventory/group_vars/buildhw
+++ b/inventory/group_vars/buildhw
@@ -1,5 +1,3 @@
 ---
+host_group: kojibuilder
 freezes: true
- 
-
-
--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@@ -1,15 +1,15 @@
 ---
 # common items for the buildvm-* koji builders
+volgroup: /dev/BuildGuests
 lvm_size: 150000
-mem_size: 6144
-num_cpus: 5
+mem_size: 10240
+num_cpus: 4
 ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-20
 ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/
 nm: 255.255.255.0
 gw: 10.5.125.254
 eth1_gw: 10.5.127.254
 dns: 10.5.126.21
-volgroup: /dev/vg_host01
 virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
--- a/inventory/group_vars/buildvm-stg
+++ b/inventory/group_vars/buildvm-stg
@@ -0,0 +1,24 @@
+---
+# common items for the buildvm-* koji builders
+volgroup: /dev/vg_virthost16
+lvm_size: 150000
+mem_size: 10240
+num_cpus: 4
+ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-20
+ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+virt_install_command: /usr/sbin/virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
+                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
+                 --vcpus={{ num_cpus }}  -l {{ ks_repo }} -x
+                 "ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0 
+                  hostname={{ inventory_hostname }} nameserver={{ dns }} 
+                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none"
+                 --network=bridge=br0,model=virtio --network=bridge=br1,model=virtio
+                 --autostart --noautoconsole
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+host_group: kojibuilder
+datacenter: staging
--- a/inventory/group_vars/busgateway
+++ b/inventory/group_vars/busgateway
@@ -0,0 +1,24 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 4096
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [
+    3999,  # The fedmsg-relay republishes here.  Listeners need to connect.
+    9941,  # The fedmsg-relay listens here.  Ephemeral producers connect.
+    3998,  # The fedmsg-relay listens here.  VPN producers connect.
+    9940,  # The fedmsg-gateway republishes here.  Proxies need to connect.
+    9919,  # The websocket server publishes here.  Proxies need to connect.
+]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
--- a/inventory/group_vars/busgateway-stg
+++ b/inventory/group_vars/busgateway-stg
@@ -0,0 +1,23 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 1
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [
+    3999,  # The fedmsg-relay republishes here.  Listeners need to connect.
+    9941,  # The fedmsg-relay listens here.  Ephemeral producers connect.
+    9940,  # The fedmsg-gateway republishes here.  Proxies need to connect.
+    9919,  # The websocket server publishes here.  Proxies need to connect.
+]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
--- a/inventory/group_vars/bvirthost
+++ b/inventory/group_vars/bvirthost
@@ -0,0 +1,2 @@
+---
+virthost: true
--- a/inventory/group_vars/datagrepper
+++ b/inventory/group_vars/datagrepper
@@ -1,2 +1,16 @@
 ---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443, 6996 ]
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice
+
 freezes: false
--- a/inventory/group_vars/datagrepper-stg
+++ b/inventory/group_vars/datagrepper-stg
@@ -0,0 +1,16 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 1
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443, 6996 ]
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer,fi-apprentice
+
+freezes: false
--- a/inventory/group_vars/dhcp
+++ b/inventory/group_vars/dhcp
@@ -0,0 +1,13 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 10000
+mem_size: 1024
+num_cpus: 1
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 68 ]
+udp_ports: [ 69 ]
+
+fas_client_groups: sysadmin-noc,fi-apprentice
--- a/inventory/group_vars/docs-backend
+++ b/inventory/group_vars/docs-backend
@@ -5,5 +5,5 @@ num_cpus: 1
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file

-tcp_ports: [ 873 ]
+tcp_ports: [ 80, 873 ]
 fas_client_groups: sysadmin-noc,sysadmin-docs
--- a/inventory/group_vars/download-ib
+++ b/inventory/group_vars/download-ib
@@ -0,0 +1,7 @@
+---
+datacenter: ibiblio
+tcp_ports: [80, 443, 873]
+rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
--- a/inventory/group_vars/download-phx2
+++ b/inventory/group_vars/download-phx2
@@ -0,0 +1,9 @@
+---
+datacenter: phx2
+tcp_ports: [80, 443, 873]
+rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+# nfs mount options, overrides the all/default
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600"
--- a/inventory/group_vars/download-rdu2
+++ b/inventory/group_vars/download-rdu2
@@ -0,0 +1,9 @@
+---
+datacenter: rdu
+tcp_ports: [80, 443, 873]
+rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
+nrpe_procs_warn: 900
+nrpe_procs_crit: 1000
+
+# nfs mount options, overrides the all/default
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600"
--- a/inventory/group_vars/elections
+++ b/inventory/group_vars/elections
@@ -4,6 +4,23 @@ lvm_size: 20000
 mem_size: 2048
 num_cpus: 2

-tcp_ports: [ 443 ]
+tcp_ports: [ 80,
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
+
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]

 fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: fedora_elections
+  owner: root
+  group: apache
+
--- a/inventory/group_vars/elections-stg
+++ b/inventory/group_vars/elections-stg
@@ -4,6 +4,22 @@ lvm_size: 20000
 mem_size: 1024
 num_cpus: 2

-tcp_ports: [ 443 ]
+tcp_ports: [ 80,
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]

 fas_client_groups: sysadmin-noc,sysadmin-web,fi-apprentice
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: fedora_elections
+  owner: root
+  group: apache
+
--- a/inventory/group_vars/fedimg
+++ b/inventory/group_vars/fedimg
@@ -0,0 +1,21 @@
+---
+lvm_size: 20000
+mem_size: 6144
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 3000 ]
+
+# TODO, restrict this down to just sysadmin-releng
+fas_client_groups: sysadmin-datanommer,sysadmin-releng
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: fedimg
+  owner: root
+  group: fedmsg
--- a/inventory/group_vars/fedimg-stg
+++ b/inventory/group_vars/fedimg-stg
@@ -0,0 +1,21 @@
+---
+lvm_size: 20000
+mem_size: 6144
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 3000 ]
+
+# TODO, restrict this down to just sysadmin-releng
+fas_client_groups: sysadmin-datanommer,sysadmin-releng
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: fedimg
+  owner: root
+  group: fedmsg
--- a/inventory/group_vars/fedoauth
+++ b/inventory/group_vars/fedoauth
@@ -9,4 +9,7 @@ num_cpus: 2

 tcp_ports: [ 80, 443 ]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-main,sysadmin-accounts
--- a/inventory/group_vars/fedoauth-stg
+++ b/inventory/group_vars/fedoauth-stg
@@ -9,4 +9,7 @@ num_cpus: 2

 tcp_ports: [ 80, 443 ]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-main,sysadmin-accounts
--- a/inventory/group_vars/fedocal
+++ b/inventory/group_vars/fedocal
@@ -12,9 +12,12 @@ tcp_ports: [ 80, 443,
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc,sysadmin-web

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/fedocal-stg
+++ b/inventory/group_vars/fedocal-stg
@@ -12,9 +12,12 @@ tcp_ports: [ 80, 443,
    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]

+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
 fas_client_groups: sysadmin-noc,sysadmin-web

-# These are consumed by a task in roles/fedmsg_base/main.yml
+# These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell
  owner: root
--- a/inventory/group_vars/github2fedmsg
+++ b/inventory/group_vars/github2fedmsg
@@ -0,0 +1,27 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 2048
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443,
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: github2fedmsg
+  owner: root
+  group: apache
--- a/inventory/group_vars/github2fedmsg-stg
+++ b/inventory/group_vars/github2fedmsg-stg
@@ -0,0 +1,27 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 1
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443,
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: github2fedmsg
+  owner: root
+  group: apache
--- a/inventory/group_vars/jenkins-cloud
+++ b/inventory/group_vars/jenkins-cloud
@@ -1 +1,10 @@
 postfix_group: jenkins-cloud
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: root
+- service: jenkins
+  owner: root
+  group: jenkins
--- a/inventory/group_vars/kerneltest
+++ b/inventory/group_vars/kerneltest
@@ -0,0 +1,27 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 1
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443,
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: kerneltest
+  owner: root
+  group: apache
--- a/inventory/group_vars/kerneltest-stg
+++ b/inventory/group_vars/kerneltest-stg
@@ -0,0 +1,27 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 1
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443,
+    # These 16 ports are used by fedmsg.  One for each wsgi thread.
+    3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
+    3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
+
+# Neeed for rsync from log01 for logs.
+custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.126.13 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg/base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: kerneltest
+  owner: root
+  group: apache
--- a/Show More
+++ b/Show More