Add first work on the easyfix role

This still requires some work: - It has no playbook - It is missing the proxy bits - configuration of the proxies themselves - cron job copying the files from the app running the cron job onto the proxies
2026-05-02 14:30:45 +08:00 · 2014-03-03 17:55:03 +01:00
2043 changed files with 3758 additions and 85606 deletions
--- a/8
+++ b/8
@@ -81,7 +81,7 @@ m1.builder  5120       50     3
 Setting up a new persistent cloud host:
 1. select an ip:
   source /srv/private/ansible/files/openstack/persistent-admin/ec2rc.sh
-   oeuca-describe-addresses
+   euca-describe-addresses
  - pick an ip from the list that is not assigned anywhere
  - add it into dns - normally in the cloud.fedoraproject.org but it doesn't
    have to be
@@ -114,9 +114,9 @@ Contents should look like this (remove all the comments)
 ---
 # 2cpus, 3GB of ram 20GB of ephemeral space
 instance_type: m1.large 
-# image id - see global vars. You can also use euca-describe-images to find other images as well
+# image id
-image: "{{ el6_qcow_id }}"
+image: emi-B8793915 
-keypair: fedora-admin-20130801
+keypair: fedora-admin
 # what security group to add the host to
 security_group: webserver 
 zone: fedoracloud 
--- a/callback_plugins/fedmsg_callback.py
+++ b/callback_plugins/fedmsg_callback.py
@@ -34,7 +34,7 @@ def getlogin():
 class CallbackModule(object):
    """ Publish playbook starts and stops to fedmsg. """
-    playbook_path = None
+    playbook = None
    def __init__(self):
        config = fedmsg.config.load_config()
@@ -43,14 +43,7 @@ class CallbackModule(object):
            cert_prefix='shell',
            active=True,
        ))
-        # It seems like recursive playbooks call this over and over again and
+        fedmsg.init(**config)
        # fedmsg doesn't like to be initialized more than once.  So, here, just
        # catch that and ignore it.
        try:
            fedmsg.init(**config)
        except ValueError:
            pass
    def playbook_on_play_start(self, pattern):
        # This gets called once for each play.. but we just issue a message once
@@ -64,7 +57,7 @@ class CallbackModule(object):
            if play.playbook.check:
                return
-            if not self.playbook_path:
+            if not self.playbook:
                fedmsg.publish(
                    modname="ansible", topic="playbook.start",
                    msg=dict(
@@ -76,17 +69,17 @@ class CallbackModule(object):
                        check=play.playbook.check,
                    ),
                )
-                self.playbook_path = path
+                self.playbook = path
    def playbook_on_stats(self, stats):
-        if not self.playbook_path:
+        if not self.playbook:
            return
        results = dict([(h, stats.summarize(h)) for h in stats.processed])
        fedmsg.publish(
            modname="ansible", topic="playbook.complete",
            msg=dict(
-                playbook=self.playbook_path,
+                playbook=self.playbook,
                userid=getlogin(),
                results=results,
            ),
--- a/callback_plugins/logdetail.py
+++ b/callback_plugins/logdetail.py
@@ -92,7 +92,7 @@ class LogMech(object):
        res['task_args'] = task.module_args
        if self.playbook_id == 'ansible-cmd':
            res['task_userid'] = getlogin()
-        for k in ("delegate_to", "environment", "with_first_found",
+        for k in ("delegate_to", "environment", "first_available_file",
                  "local_action", "notified_by", "notify",
                  "register", "sudo", "sudo_user", "tags",
                  "transport", "when"):
--- a/callback_plugins/profile_tasks.py
+++ b/callback_plugins/profile_tasks.py
@@ -1,40 +0,0 @@
 import time
 class CallbackModule(object):
    """
    A plugin for timing tasks
    """
    def __init__(self):
        self.stats = {}
        self.current = None
    def playbook_on_task_start(self, name, is_conditional):
        """
        Logs the start of each task
        """
        if self.current is not None:
            # Record the running time of the last executed task 
            self.stats[self.current] = time.time() - self.stats[self.current]
        # Record the start time of the current task
        self.current = name
        self.stats[self.current] = time.time()
    def playbook_on_stats(self, stats):
        """
        Prints the timings
        """
        # Record the timing of the very last task
        if self.current is not None:
            self.stats[self.current] = time.time() - self.stats[self.current]
        # Sort the tasks by their running time
        results = sorted(self.stats.items(), key=lambda value: value[1], reverse=True)
        # Just keep the top 10
        results = results[:10]
        # Print the timings
        for name, elapsed in results:
            print "{0:-<70}{1:->9}".format('{0} '.format(name), ' {0:.02f}s'.format(elapsed))
--- a/files/2fa/pam_url.conf.cloud
+++ b/files/2fa/pam_url.conf.cloud
@@ -1,21 +0,0 @@
 pam_url:
 {
 	settings:
 	{
 		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
 		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
 		userfield = "user";				# userfield name to send
 		passwdfield = "token";				# passwdfield name to send
 		extradata = "&do=login";			# extradata to send
 		prompt = "Password+Token: ";			# password prompt
 	};
 	ssl:
 	{
 		verify_peer = true;				# Should we verify SSL ?
 		verify_host = true;				# Should we verify the CN in the SSL cert?
 		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
 		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
 	};
 };
--- a/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org
+++ b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org
@@ -1,27 +0,0 @@
 pam_url:
 {
 	settings:
 	{
                {% if env == 'staging' %}
 		url = "https://fas-all.stg.phx2.fedoraproject.org:8443/";	# URI to fetch
                {% elif datacenter == 'phx2' %}
 		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
                {% else %}
 		url = "https://fas-all.vpn.fedoraproject.org:8443/";	# URI to fetch   
                {% endif %}
 		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
 		userfield = "user";				# userfield name to send
 		passwdfield = "token";				# passwdfield name to send
 		extradata = "&do=login";			# extradata to send
 		prompt = "Password+Token: ";			# password prompt
 	};
 	ssl:
 	{
 		verify_peer = true;				# Should we verify SSL ?
 		verify_host = true;				# Should we verify the CN in the SSL cert?
 		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
 		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
 	};
 };
--- a/files/common/epel7.repo
+++ b/files/common/epel7.repo
@@ -1,20 +0,0 @@
 [epel]
 name=Extras Packages for Enterprise Linux $releasever - $basearch
 baseurl=http://infrastructure.fedoraproject.org/pub/epel/7/$basearch/
 enabled=1
 gpgcheck=1
 gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
 [epel-testing]
 name=Extras Packages for Enterprise Linux $releasever - $basearch
 baseurl=http://infrastructure.fedoraproject.org/pub/epel/testing/7/$basearch/
 enabled=0
 gpgcheck=1
 gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
 [epel-beta]
 name=Extras Packages for Enterprise Linux beta $releasever - $basearch
 baseurl=http://infrastructure.fedoraproject.org/pub/epel/beta/7/$basearch/
 enabled=0
 gpgcheck=1
 gpgkey=http://infrastructure.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
--- a/files/common/fedora-updates-testing.repo-arm
+++ b/files/common/fedora-updates-testing.repo-arm
@@ -1,7 +1,7 @@
 [updates-testing]
 name=Fedora $releasever - $basearch - Test Updates
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
@@ -10,7 +10,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-testing-debuginfo]
 name=Fedora $releasever - $basearch - Test Updates Debug
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/$basearch/debug/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
@@ -19,7 +19,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-testing-source]
 name=Fedora $releasever - Test Updates Source
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/testing/$releasever/SRPMS/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/testing/$releasever/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
--- a/files/common/fedora-updates.repo-arm
+++ b/files/common/fedora-updates.repo-arm
@@ -1,7 +1,7 @@
 [updates]
 name=Fedora $releasever - $basearch - Updates
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
 enabled=1
 gpgcheck=1
@@ -10,7 +10,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-debuginfo]
 name=Fedora $releasever - $basearch - Updates - Debug
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/debug/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
@@ -19,7 +19,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [updates-source]
 name=Fedora $releasever - Updates Source
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/updates/$releasever/SRPMS/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/updates/$releasever/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch
 enabled=0
 gpgcheck=1
--- a/files/common/fedora.repo-arm
+++ b/files/common/fedora.repo-arm
@@ -1,7 +1,7 @@
 [fedora]
 name=Fedora $releasever - $basearch
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/os/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
 enabled=1
 metadata_expire=7d
@@ -11,7 +11,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [fedora-debuginfo]
 name=Fedora $releasever - $basearch - Debug
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
 enabled=0
 metadata_expire=7d
@@ -21,7 +21,7 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch
 [fedora-source]
 name=Fedora $releasever - Source
 failovermethod=priority
-baseurl=http://infrastructure.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/
+baseurl=http://infrastructure.fedoraproject.org/pub/fedora-secondary/releases/$releasever/Everything/source/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
 enabled=0
 metadata_expire=7d
--- a/files/common/rhel7.repo
+++ b/files/common/rhel7.repo
@@ -1,24 +0,0 @@
 [rhel7-dvd]
 name = rhel7 base dvd
 baseurl=http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-$basearch/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 [rhel7-base]
 name = rhel7 base $basearch
 baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-rpms
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 [rhel7-optional]
 name = rhel7 optional $basearch
 baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-optional-rpms
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 [rhel7-extras]
 name = rhel7 extras $basearch
 baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-7-server-extras-rpms
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 [rhel7-ha]
 name = rhel7 ha $basearch
 baseurl=http://infrastructure.fedoraproject.org/repo/rhel/rhel7/$basearch/rhel-ha-for-rhel-7-server-rpms/
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
--- a/files/copr/DigiCertCA.crt
+++ b/files/copr/DigiCertCA.crt
@@ -1,28 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
 ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL
 MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
 LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy
 YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2
 4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC
 Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1
 itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn
 4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X
 sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft
 bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA
 MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
 NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
 dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
 L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG
 BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ
 UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D
 aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd
 aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH
 E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly
 /D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu
 xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF
 0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae
 cPUeybQ=
 -----END CERTIFICATE-----
--- a/files/copr/copr-be.conf
+++ b/files/copr/copr-be.conf
@@ -2,12 +2,12 @@
 # URL where are results visible
 # default is http://copr
-results_baseurl=https://copr-be.cloud.fedoraproject.org/results
+results_baseurl=http://copr-be.cloud.fedoraproject.org/results
 # ??? What is this
 # default is http://coprs/rest/api
 #frontend_url=http://copr-fe.cloud.fedoraproject.org/backend
-frontend_url=https://172.16.5.31/backend
+frontend_url=http://172.16.5.6/backend
 # must have same value as BACKEND_PASSWORD from have frontend in /etc/copr/copr.conf
 # default is PASSWORDHERE but you really should change it. really.
@@ -22,8 +22,6 @@ spawn_playbook=/home/copr/provision/builderpb.yml
 # default is /etc/copr/terminate_playbook.yml 
 terminate_playbook=/home/copr/provision/terminatepb.yml
 terminate_vars=vm_name
 # directory where jobs are stored
 # no defaults
 jobsdir=/var/lib/copr/jobs
@@ -55,25 +53,6 @@ worker_logdir=/var/log/copr/workers/
 #fedmsg_enabled=false
 fedmsg_enabled=true
 # minimum age for builds to be pruned
 prune_days=14
 # path to executable script to clean old build
 prune_script=/usr/share/copr/copr_prune_old_builds.sh
 # enable package signing, require configured
 # signer host and correct /etc/sign.conf
 do_sign={{ do_sign }}
 # host or ip of machine with copr-keygen
 # usually the same as in /etc/sign.conf
 keygen_host={{ keygen_host }}
 # Spawn builder in advance, before we get task?
 # It save time, but consume resources even when
 # nothing is in queue
 spawn_in_advance={{ spawn_in_advance }}
 [builder]
 # default is 1800
 timeout=3600
--- a/files/copr/copr-be.conf-dev
+++ b/files/copr/copr-be.conf-dev
@@ -51,24 +51,6 @@ worker_logdir=/var/log/copr/workers/
 # default is false
 #fedmsg_enabled=false
 # minimum age for builds to be pruned
 prune_days=14
 # path to executable script to clean old build
 prune_script=/usr/share/copr/copr_prune_old_builds.sh
 # enable package signing, require configured
 # signer host and correct /etc/sign.conf
 do_sign={{ do_sign }}
 # host or ip of machine with copr-keygen
 # usually the same as in /etc/sign.conf
 keygen_host={{ keygen_host }}
 # Spawn builder in advance, before we get task?
 # It save time, but consume resources even when
 # nothing is in queue
 spawn_in_advance={{ spawn_in_advance }}
 [builder]
 # default is 1800
--- a/files/copr/delete-forgotten-instances.cron
+++ b/files/copr/delete-forgotten-instances.cron
@@ -1,5 +0,0 @@
 #!/usr/bin/bash
 source /home/copr/cloud/ec2rc.sh
 /home/copr/delete-forgotten-instances.pl
--- a/files/copr/delete-forgotten-instances.pl
+++ b/files/copr/delete-forgotten-instances.pl
@@ -1,28 +0,0 @@
 #!/usr/bin/perl
 # this scrip query for all running VM and terminate those
 # which are not currently started by some ansible script
 while (chomp($a = qx(ps ax |grep -v 'sh -c ps ax'  |grep 'Task: ' | grep -v grep))) {
  # we are starting some VM and could not determine correct list of running VMs
  sleep 5;
 }
 #print qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }');
@IPs = split('\s+', qx(ps ax |grep ' 172.16.3.' |awk '{ print \$33 }'));
 #print "Running instances\n";
 #print join(", ", @IPs), "\n";
 for my $i (@IPs) {
  $check{$i} = 1;
 }
@instances = split('\n', qx(/bin/euca-describe-instances));
@TO_DELETE = ();
 for my $i (@instances) {
  my @COLUMNS = split('\s+', $i);
  next if $COLUMNS[0] eq 'RESERVATION';
  #print $COLUMNS[1], ", ", $COLUMNS[15], "\n";
  push(@TO_DELETE, $COLUMNS[1]) unless $check{$COLUMNS[15]};
 }
 $id_merged = join(" ", @TO_DELETE);
 qx|euca-terminate-instances $id_merged| if ($id_merged);
--- a/files/copr/fe/copr.conf
+++ b/files/copr/fe/copr.conf
@@ -3,16 +3,15 @@ DATA_DIR = '/var/lib/copr/data'
 DATABASE = '/var/lib/copr/data/copr.db'
 OPENID_STORE = '/var/lib/copr/data/openid_store'
 WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'
 WHOSHEE_MIN_STRING_LEN = 2
-SECRET_KEY = '{{ copr_secret_key }}'
+SECRET_KEY = {{ copr_secret_key }}
-BACKEND_PASSWORD = '{{ copr_backend_password  }}'
+BACKEND_PASSWORD = {{ copr_backend_password  }}
 # restrict access to a set of users
 #USE_ALLOWED_USERS = False
 #ALLOWED_USERS = ['bonnie', 'clyde']
-SQLALCHEMY_DATABASE_URI = '{{ copr_database_uri }}'
+SQLALCHEMY_DATABASE_URI = {{ copr_database_uri }}
 # Token length, defaults to 30 (max 255)
 #API_TOKEN_LENGTH = 30
@@ -29,8 +28,3 @@ SQLALCHEMY_ECHO = False
 CSRF_ENABLED = True
 WTF_CSRF_ENABLED = True
 # send emails when user's perms change in project?
 SEND_EMAILS = True
 PUBLIC_COPR_HOSTNAME = '{{ copr_frontend_public_hostname }}'
--- a/files/copr/fe/httpd/coprs.conf
+++ b/files/copr/fe/httpd/coprs.conf
@@ -10,8 +10,8 @@ WSGISocketPrefix /var/run/wsgi
    WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
    WSGIProcessGroup 127.0.0.1
-    #ErrorLog logs/error_coprs
+    ErrorLog logs/error_coprs
-    #CustomLog logs/access_coprs common
+    CustomLog logs/access_coprs common
    <Directory /usr/share/copr>
        WSGIApplicationGroup %{GLOBAL}
@@ -22,10 +22,9 @@ WSGISocketPrefix /var/run/wsgi
 <VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2
-    # Use secure TLSv1.1 and TLSv1.2 ciphers
+    #optimeize on speed
-    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
+    SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
    SSLHonorCipherOrder on
    Header add Strict-Transport-Security "max-age=15768000"
    SSLCertificateFile /etc/pki/tls/ca.crt
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key
@@ -36,8 +35,8 @@ WSGISocketPrefix /var/run/wsgi
    WSGIScriptAlias / /usr/share/copr/coprs_frontend/application
    WSGIProcessGroup 127.0.0.1
-    #ErrorLog logs/error_coprs
+    ErrorLog logs/error_coprs
-    #CustomLog logs/access_coprs common
+    CustomLog logs/access_coprs common
    <Directory /usr/share/copr>
        WSGIApplicationGroup %{GLOBAL}
--- a/files/copr/fe/yum/copr.repo
+++ b/files/copr/fe/yum/copr.repo
@@ -4,7 +4,7 @@ failovermethod=priority
 #baseurl=http://copr-be.cloud.fedoraproject.org/results/msuchy/copr/fedora-19-x86_64/
 # 172.16.5.4 is copr-be.cloud.fedoraproject.org
 # see https://fedorahosted.org/fedora-infrastructure/ticket/4025
-baseurl=http://172.16.5.4/results/msuchy/copr/fedora-20-x86_64/
+baseurl=http://172.16.5.4/results/msuchy/copr/fedora-19-x86_64/
 enabled=1
 gpgcheck=0
--- a/files/copr/forward-dev
+++ b/files/copr/forward-dev
@@ -1,3 +0,0 @@
 msuchy+coprmachine@redhat.com
 asamalik@redhat.com
 vgologuz@redhat.com
--- a/files/copr/hosts
+++ b/files/copr/hosts
@@ -1,7 +0,0 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 172.16.5.31  copr-fe.cloud.fedoraproject.org
 172.16.5.31  copr.fedoraproject.org
 172.16.5.4 copr-be.cloud.fedoraproject.org
 172.16.5.5 copr-be-dev.cloud.fedoraproject.org
 172.16.5.15 copr-fe-dev.cloud.fedoraproject.org
--- a/files/copr/keystonerc
+++ b/files/copr/keystonerc
@@ -1,23 +0,0 @@
 #!/bin/bash
 # With the addition of Keystone, to use an openstack cloud you should
 # authenticate against keystone, which returns a **Token** and **Service
 # Catalog**.  The catalog contains the endpoint for all services the
 # user/tenant has access to - including nova, glance, keystone, swift.
 #
 # *NOTE*: Using the 2.0 *auth api* does not mean that compute api is 2.0.  We
 # will use the 1.1 *compute api*
 export OS_AUTH_URL=http://172.23.0.2:5000/v2.0
 # With the addition of Keystone we have standardized on the term **tenant**
 # as the entity that owns the resources.
 export OS_TENANT_ID={{ copr_tenant_id }}
 export OS_TENANT_NAME="copr"
 # In addition to the owning entity (tenant), openstack stores the entity
 # performing the action as the **user**.
 export OS_USERNAME=msuchy
 # With Keystone you pass the keystone password.
 export OS_PASSWORD={{ copr_nova_password }}
--- a/files/copr/lighttpd/lighttpd.conf
+++ b/files/copr/lighttpd/lighttpd.conf
@@ -448,8 +448,8 @@ server.upload-dirs = ( "/var/tmp" )
 $SERVER["socket"] == ":443" {
  ssl.engine = "enable"
-  ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem"
+  ssl.pemfile = "/etc/lighttpd/coprs-be.fedoraproject.org.pem"
-  ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt"
+  ssl.ca-file = "/etc/lighttpd/coprs-be.fedoraproject.org.crt"
  ssl.disable-client-renegotiation = "enable"
  ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 }
--- a/files/copr/provision/ansible.cfg
+++ b/files/copr/provision/ansible.cfg
@@ -88,6 +88,6 @@ record_host_keys=False
 # will result in poor performance, so use transport=paramiko on older platforms rather than
 # removing it
-ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto -o ControlPersist=60s
+ssh_args=-o PasswordAuthentication=no -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/tmp/ansible-ssh-%h-%p-%r
--- a/files/copr/provision/builderpb.yml
+++ b/files/copr/provision/builderpb.yml
@@ -1,4 +1,3 @@
 #jinja2:variable_start_string:'[%' , variable_end_string:'%]'
 ---
 - name: check/create instance
  hosts: localhost
@@ -6,37 +5,30 @@
  gather_facts: False
  vars:
  - keypair: buildsys
  - image: ami-0000000e
  - instance_type: m1.builder
  - security_group: builder
  - OS_AUTH_URL: http://172.23.0.2:5000/v2.0
  - OS_TENANT_NAME: copr
  - OS_USERNAME: msuchy
  - OS_PASSWORD: [% copr_nova_password %]
  # rhel 6.4 2013-02-21 x86_64 - ami
  - image_id: cba0c766-84ac-4048-b0f5-6d4000af62f8
  tasks:
  - name: generate builder name
    local_action: command echo "Copr builder {{ 999999999 | random }}"
    register: vm_name
  - name: spin it up
-    local_action: nova_compute auth_url={{OS_AUTH_URL}} flavor_id=6 image_id={{ image_id }} key_name=buildsys login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} security_groups={{security_group}} wait=yes name="{{vm_name.stdout}}"
+    local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }}
-    register: nova
+    register: inst_res
-  # should be able to use nova.private_ip, but it does not work with Fedora Cloud.
+  - name: get its internal ip b/c openstack is sometimes stupid
-  - debug: msg="IP={{ nova.info.addresses.vlannet_3[0].addr }}"
+    local_action: shell euca-describe-instances {{ inst_res.instances[0].id }} | grep INSTANCE | cut -f 18
-
+    register: int_ip
  - debug: msg="vm_name={{vm_name.stdout}}"
  - name: add it to the special group
-    local_action: add_host hostname={{ nova.info.addresses.vlannet_3[0].addr }} groupname=builder_temp_group
+    local_action: add_host hostname={{ int_ip.stdout }} groupname=builder_temp_group
  - name: wait for the host to be hot
-    local_action: wait_for host={{ nova.info.addresses.vlannet_3[0].addr }} port=22 delay=5 timeout=600
+    local_action: wait_for host={{ int_ip.stdout }} port=22 delay=5 timeout=600
  - debug: msg="IP={{ int_ip.stdout }}"
 - hosts: builder_temp_group
  user: root
  gather_facts: False
  vars:
   - files: files/
@@ -64,16 +56,9 @@
    - mock
    - createrepo
    - yum-utils
    - pyliblzma
  - name: make sure newest rpm
-    action: yum name={{ item }} state=latest
+    action: yum name=rpm state=latest
    with_items:
    - rpm
    - glib2
    - ca-certificates
  - yum: name=mock  enablerepo=epel-testing state=latest
  - name: mockbuilder user   
    action: user name=mockbuilder groups=mock
@@ -94,4 +79,3 @@
    - fedora-20-i386.cfg
    - epel-7-x86_64.cfg
  - lineinfile: dest=/root/.bashrc line="ulimit -n 10240" insertafter=EOF
--- a/files/copr/provision/files/mock/epel-7-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-7-x86_64.cfg
@@ -1,16 +1,28 @@
 config_opts['chroothome'] = '/builddir'
 config_opts['basedir'] = '/var/lib/mock'
 config_opts['root'] = 'epel-7-x86_64'
 config_opts['target_arch'] = 'x86_64'
 config_opts['legal_host_arches'] = ('x86_64',)
-config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
+config_opts['chroot_setup_cmd'] = 'install bash bzip2 coreutils cpio diffutils findutils gawk gcc gcc-c++ grep gzip info make patch redhat-release-server redhat-rpm-config rpm-build sed shadow-utils tar unzip util-linux which xz'
 config_opts['dist'] = 'el7'  # only useful for --resultdir variable subst
 config_opts['macros'] = {}
 config_opts['macros']['%dist'] = '.el7'
 config_opts['macros']['%rhel'] = '7'
 config_opts['macros']['%el7'] = '1'
 config_opts['macros']['%_topdir'] = '/builddir/build'
 config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'
 config_opts['releasever'] = '7'
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['plugin_conf']['yum_cache_enable'] = False
 config_opts['plugin_conf']['ccache_enable'] = False
 config_opts['yum.conf'] = """
 [main]
 cachedir=/var/cache/yum
 debuglevel=1
 reposdir=/dev/null
 logfile=/var/log/yum.log
 reposdir=/dev/null
 retries=20
 obsoletes=1
 gpgcheck=0
@@ -19,42 +31,15 @@ syslog_ident=mock
 syslog_device=
 # repos
 [base]
 name=BaseOS
 mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os
 failovermethod=priority
-[updates]
+[beta]
-name=updates
+name=beta
-enabled=1
+baseurl=http://ftp.redhat.com/redhat/rhel/beta/7/x86_64/os/
 mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates
 failovermethod=priority
 [epel]
-name=epel
+name=Extra Packages for Enterprise Linux 7 - $basearch
-mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=x86_64
+#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
 mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
 failovermethod=priority
-
+enabled=1
 [extras]
 name=extras
 mirrorlist=http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=extras
 failovermethod=priority
 [testing]
 name=epel-testing
 enabled=0
 mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=testing-epel7&arch=x86_64
 failovermethod=priority
 [local]
 name=local
 baseurl=http://kojipkgs.fedoraproject.org/repos/epel7-build/latest/x86_64/
 cost=2000
 enabled=0
 [epel-debug]
 name=epel-debug
 mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-7&arch=x86_64
 failovermethod=priority
 enabled=0
 """
--- a/files/copr/provision/files/mock/fedora-21-i386.cfg
+++ b/files/copr/provision/files/mock/fedora-21-i386.cfg
@@ -1,63 +0,0 @@
 config_opts['root'] = 'fedora-21-i386'
 config_opts['target_arch'] = 'i686'
 config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
 config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
 config_opts['dist'] = 'fc21'  # only useful for --resultdir variable subst
 config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
 config_opts['releasever'] = '21'
 config_opts['yum.conf'] = """
 [main]
 cachedir=/var/cache/yum
 debuglevel=1
 reposdir=/dev/null
 logfile=/var/log/yum.log
 retries=20
 obsoletes=1
 gpgcheck=0
 assumeyes=1
 syslog_ident=mock
 syslog_device=
 # repos
 [fedora]
 name=fedora
 metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
 failovermethod=priority
 [updates]
 name=updates
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
 failovermethod=priority
 [updates-testing]
 name=updates-testing
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 [local]
 name=local
 baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/i386/
 cost=2000
 enabled=0
 [fedora-debuginfo]
 name=fedora-debuginfo
 metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 [updates-debuginfo]
 name=updates-debuginfo
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 [updates-testing-debuginfo]
 name=updates-testing-debuginfo
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 """
--- a/files/copr/provision/files/mock/fedora-21-x86_64.cfg
+++ b/files/copr/provision/files/mock/fedora-21-x86_64.cfg
@@ -1,63 +0,0 @@
 config_opts['root'] = 'fedora-21-x86_64'
 config_opts['target_arch'] = 'x86_64'
 config_opts['legal_host_arches'] = ('x86_64',)
 config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
 config_opts['dist'] = 'fc21'  # only useful for --resultdir variable subst
 config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
 config_opts['releasever'] = '21'
 config_opts['yum.conf'] = """
 [main]
 cachedir=/var/cache/yum
 debuglevel=1
 reposdir=/dev/null
 logfile=/var/log/yum.log
 retries=20
 obsoletes=1
 gpgcheck=0
 assumeyes=1
 syslog_ident=mock
 syslog_device=
 # repos
 [fedora]
 name=fedora
 metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
 failovermethod=priority
 [updates]
 name=updates
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
 failovermethod=priority
 [updates-testing]
 name=updates-testing
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 [local]
 name=local
 baseurl=http://kojipkgs.fedoraproject.org/repos/f21-build/latest/x86_64/
 cost=2000
 enabled=0
 [fedora-debuginfo]
 name=fedora-debuginfo
 metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 [updates-debuginfo]
 name=updates-debuginfo
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 [updates-testing-debuginfo]
 name=updates-testing-debuginfo
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
 failovermethod=priority
 enabled=0
 """
--- a/files/copr/provision/files/mock/site-defaults.cfg
+++ b/files/copr/provision/files/mock/site-defaults.cfg
@@ -57,7 +57,7 @@
 # NOTE: Some of the caching options can theoretically affect build
 #  reproducability. Change with care.
 #
-config_opts['plugin_conf']['package_state_enable'] = False
+config_opts['plugin_conf']['package_state_enable'] = True
 # config_opts['plugin_conf']['ccache_enable'] = True
 # config_opts['plugin_conf']['ccache_opts']['max_cache_size'] = '4G'
 # config_opts['plugin_conf']['ccache_opts']['compress'] = None
--- a/files/copr/provision/terminatepb.yml
+++ b/files/copr/provision/terminatepb.yml
@@ -1,18 +1,16 @@
 #jinja2:variable_start_string:'[%' , variable_end_string:'%]'
 ---
 - name: terminate instance
  hosts: all
  user: root
  gather_facts: False
  vars:
  - OS_AUTH_URL: http://172.23.0.2:5000/v2.0
  - OS_TENANT_NAME: copr
  - OS_USERNAME: msuchy
  - OS_PASSWORD: [% copr_nova_password %]
  tasks:
  - name: find the instance id from the builder
    action: command curl -s http://169.254.169.254/latest/meta-data/instance-id
    register: instanceid
  - name: terminate it
-    local_action: nova_compute auth_url={{OS_AUTH_URL}} login_password={{OS_PASSWORD}} login_tenant_name={{OS_TENANT_NAME}} login_username={{OS_USERNAME}} name="{{copr_task.vm_name}}" state=absent
+    local_action: command euca-terminate-instances {{ instanceid.stdout }}
--- a/files/download/download-sync.cron
+++ b/files/download/download-sync.cron
@@ -1,3 +0,0 @@
 # run twice daily rsync of download. but lock it
 MAILTO=smooge@gmail.com
 00 11,23 * * * root /usr/local/bin/lock-wrapper sync-up-downloads "/usr/local/bin/sync-up-downloads"
--- a/files/download/sync-up-downloads.sh
+++ b/files/download/sync-up-downloads.sh
@@ -1,27 +0,0 @@
 #!/bin/bash
 ##
 ## This script is used to sync data from main download servers to
 ## secondary server at ibiblio.
 ##
 RSYNC='/usr/bin/rsync'
 RS_OPT="-avSHP  --numeric-ids"
 RS_DEADLY="--delete --delete-excluded --delete-delay --delay-updates"
 ALT_EXCLUDES="--exclude deltaisos/archive --exclude 21_Alpha* --exclude 21-Alpha* --exclude 21_Beta* --exclude=F21a-TC1"
 EPL_EXCLUDES=""
 FED_EXCLUDES=""
 SERVER=dl.fedoraproject.org
 # http://dl.fedoraproject.org/pub/alt/stage/
 ${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-alt/stage/  /srv/pub/alt/stage/ | tail -n2 | logger -p local0.notice -t rsync_updates_alt_stg
 # http://dl.fedoraproject.org/pub/alt/bfo/
 ${RSYNC} ${RS_OPT} ${RS_DEADLY} ${ALT_EXCLUDES} ${SERVER}::fedora-alt/bfo/  /srv/pub/alt/bfo/ | tail -n2 | logger -p local0.notice -t rsync_updates_alt_bfo
 # http://dl.fedoraproject.org/pub/epel/
 ${RSYNC} ${RS_OPT} ${RS_DEADLY} ${EPL_EXCLUDES} ${SERVER}::fedora-epel/ /srv/pub/epel/ | tail -n2 | logger -p local0.notice -t rsync_updates_epel
 # http://dl.fedoraproject.org/pub/fedora/
 ${RSYNC} ${RS_OPT} ${RS_DEADLY} ${FED_EXCLUDES} ${SERVER}::fedora-enchilada0/ /srv/pub/fedora/ | tail -n2 | logger -p local0.notice -t rsync_updates_fedora
 # Let MM know I'm all up to date
 #/usr/bin/report_mirror
--- a/files/fedora-cloud/fed09-ssh-key.pub
+++ b/files/fedora-cloud/fed09-ssh-key.pub
@@ -1 +0,0 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfk627wDgkJisjGl4RbrUS457WoPdSate1vzgZXApQeAkTG9LLEstAEyThphnJZzDWRYceId+DqZvyrwZttB6Tfptwqs9qwW60HelSVtvq6RDoiQO5yB1ffbeelM6ci5spvzA0b8llUmYpDlCmrbv/or5IXtO9ScAxK7S6Pp2XQYyHJepEclCqfUkmgOXqnoFPFhKhIdaNe7wXCDKnjHSL0HLQmpTREbJ98HNexI76DMdiuG+II7m42XbfToHZtDrsUfd5HGyWLqUWqFfLFoFSSrARE7Aqa2cS1zrLdKHTFnDitBezNeb2J4Go3/23bHe58LV8RfPdIQG9Z8hqYiD9 root@fed-cloud09.cloud.fedoraproject.org
--- a/files/fedora-cloud/hosts
+++ b/files/fedora-cloud/hosts
@@ -1,13 +0,0 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4                                     
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 
 # http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-neutron-networking-controller-node.html
 # controller
 {{ controller_public_ip }}       controller
 # network
 {{ network_public_ip }}       network
 # compute1
 # compute1_public_ip        compute1
--- a/files/fedora-cloud/ifcfg-br-ex
+++ b/files/fedora-cloud/ifcfg-br-ex
@@ -1,9 +0,0 @@
 DEVICE=br-ex
 DEVICETYPE=ovs
 TYPE=OVSBridge
 BOOTPROTO=static
 IPADDR={{ network_public_ip }}
 NETMASK={{ public_netmask }}  # your netmask
 GATEWAY={{ public_gateway_ip }}  # your gateway
 DNS1={{ public_dns }}     # your nameserver
 ONBOOT=yes
--- a/files/fedora-cloud/keystonerc_msuchy
+++ b/files/fedora-cloud/keystonerc_msuchy
@@ -1,5 +0,0 @@
 export OS_USERNAME=msuchy
 export OS_TENANT_NAME=copr
 export OS_PASSWORD=TBD
 export OS_AUTH_URL=http://209.132.184.9:5000/v2.0/
 export PS1='[\u@\h \W(keystone_msuchy)]\$ '
--- a/files/fedora-cloud/my.cnf
+++ b/files/fedora-cloud/my.cnf
@@ -1,4 +0,0 @@
 [client]
 host=localhost
 user=root
 password={{ DBPASSWORD }}
--- a/files/fedora-cloud/packstack-controller-answers.txt
+++ b/files/fedora-cloud/packstack-controller-answers.txt
@@ -1,502 +0,0 @@
 [general]
 # Path to a Public key to install on servers. If a usable key has not
 # been installed on the remote servers the user will be prompted for a
 # password and this key will be installed so the password will not be
 # required again
 CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
 # Set to 'y' if you would like Packstack to install MySQL
 CONFIG_MARIADB_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack Image
 # Service (Glance)
 CONFIG_GLANCE_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack Block
 # Storage (Cinder)
 CONFIG_CINDER_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack Compute
 # (Nova)
 CONFIG_NOVA_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack
 # Networking (Neutron)
 CONFIG_NEUTRON_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack
 # Dashboard (Horizon)
 CONFIG_HORIZON_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack Object
 # Storage (Swift)
 CONFIG_SWIFT_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack
 # Metering (Ceilometer)
 CONFIG_CEILOMETER_INSTALL=y
 # Set to 'y' if you would like Packstack to install OpenStack
 # Orchestration (Heat)
 CONFIG_HEAT_INSTALL=n
 # Set to 'y' if you would like Packstack to install the OpenStack
 # Client packages. An admin "rc" file will also be installed
 CONFIG_CLIENT_INSTALL=y
 # Comma separated list of NTP servers. Leave plain if Packstack
 # should not install ntpd on instances.
 CONFIG_NTP_SERVERS=
 # Set to 'y' if you would like Packstack to install Nagios to monitor
 # OpenStack hosts
 CONFIG_NAGIOS_INSTALL=n
 # Comma separated list of servers to be excluded from installation in
 # case you are running Packstack the second time with the same answer
 # file and don't want Packstack to touch these servers. Leave plain if
 # you don't need to exclude any server.
 EXCLUDE_SERVERS=
 # Set to 'y' if you want to run OpenStack services in debug mode.
 # Otherwise set to 'n'.
 CONFIG_DEBUG_MODE=n
 # Set to 'y' if you want to use VMware vCenter as hypervisor and
 # storageOtherwise set to 'n'.
 CONFIG_VMWARE_BACKEND=n
 # The IP address of the server on which to install MySQL
 CONFIG_MARIADB_HOST={{ controller_public_ip }}
 # Username for the MySQL admin user
 CONFIG_MARIADB_USER=root
 # Password for the MySQL admin user
 CONFIG_MARIADB_PW={{ DBPASSWORD }}
 # Set the server for the AMQP service
 CONFIG_AMQP_BACKEND=rabbitmq
 # The IP address of the server on which to install the AMQP service
 CONFIG_AMQP_HOST={{ controller_public_ip }}
 # Enable SSL for the AMQP service
 CONFIG_AMQP_ENABLE_SSL=n
 # Enable Authentication for the AMQP service
 CONFIG_AMQP_ENABLE_AUTH=n
 # The password for the NSS certificate database of the AMQP service
 CONFIG_AMQP_NSS_CERTDB_PW={{ CONFIG_AMQP_NSS_CERTDB_PW }}
 # The port in which the AMQP service listens to SSL connections
 CONFIG_AMQP_SSL_PORT=5671
 # The filename of the certificate that the AMQP service is going to
 # use
 CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
 # The filename of the private key that the AMQP service is going to
 # use
 CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/amqp_selfkey.pem
 # Auto Generates self signed SSL certificate and key
 CONFIG_AMQP_SSL_SELF_SIGNED=y
 # User for amqp authentication
 CONFIG_AMQP_AUTH_USER=amqp_user
 # Password for user authentication
 CONFIG_AMQP_AUTH_PASSWORD={{ CONFIG_AMQP_AUTH_PASSWORD }}
 # The password to use for the Keystone to access DB
 CONFIG_KEYSTONE_DB_PW={{ KEYSTONE_DBPASS }}
 # The token to use for the Keystone service api
 CONFIG_KEYSTONE_ADMIN_TOKEN={{ ADMIN_TOKEN }}
 # The password to use for the Keystone admin user
 CONFIG_KEYSTONE_ADMIN_PW={{ ADMIN_PASS }}
 # The password to use for the Keystone demo user
 CONFIG_KEYSTONE_DEMO_PW={{ DEMO_PASS }}
 # Kestone token format. Use either UUID or PKI
 CONFIG_KEYSTONE_TOKEN_FORMAT=PKI
 # The password to use for the Glance to access DB
 CONFIG_GLANCE_DB_PW={{ GLANCE_DBPASS }}
 # The password to use for the Glance to authenticate with Keystone
 CONFIG_GLANCE_KS_PW={{ GLANCE_PASS }}
 # The password to use for the Cinder to access DB
 CONFIG_CINDER_DB_PW={{ CINDER_DBPASS }}
 # The password to use for the Cinder to authenticate with Keystone
 CONFIG_CINDER_KS_PW={{ CINDER_PASS }}
 # The Cinder backend to use, valid options are: lvm, gluster, nfs,
 # vmdk
 CONFIG_CINDER_BACKEND=lvm
 # Create Cinder's volumes group. This should only be done for testing
 # on a proof-of-concept installation of Cinder.  This will create a
 # file-backed volume group and is not suitable for production usage.
 CONFIG_CINDER_VOLUMES_CREATE=n
 # Cinder's volumes group size. Note that actual volume size will be
 # extended with 3% more space for VG metadata.
 CONFIG_CINDER_VOLUMES_SIZE=5G
 # A single or comma separated list of gluster volume shares to mount,
 # eg: ip-address:/vol-name, domain:/vol-name
 CONFIG_CINDER_GLUSTER_MOUNTS=
 # A single or comma seprated list of NFS exports to mount, eg: ip-
 # address:/export-name
 CONFIG_CINDER_NFS_MOUNTS=
 # The IP address of the VMware vCenter datastore
 CONFIG_VCENTER_HOST=
 # The username to authenticate to VMware vCenter datastore
 CONFIG_VCENTER_USER=
 # The password to authenticate to VMware vCenter datastore
 CONFIG_VCENTER_PASSWORD=
 # A comma separated list of IP addresses on which to install the Nova
 # Compute services
 CONFIG_COMPUTE_HOSTS={{ controller_public_ip }}
 # The IP address of the server on which to install the Nova Conductor
 # service
 CONFIG_NOVA_CONDUCTOR_HOST={{ controller_public_ip }}
 # The password to use for the Nova to access DB
 CONFIG_NOVA_DB_PW={{ NOVA_DBPASS }}
 # The password to use for the Nova to authenticate with Keystone
 CONFIG_NOVA_KS_PW={{ NOVA_PASS }}
 # The overcommitment ratio for virtual to physical CPUs. Set to 1.0
 # to disable CPU overcommitment
 CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
 # The overcommitment ratio for virtual to physical RAM. Set to 1.0 to
 # disable RAM overcommitment
 CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
 # Private interface for Flat DHCP on the Nova compute servers
 CONFIG_NOVA_COMPUTE_PRIVIF=lo
 # The list of IP addresses of the server on which to install the Nova
 # Nova network manager
 CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
 # Public interface on the Nova network server
 CONFIG_NOVA_NETWORK_PUBIF={{ controller_public_ip }}
 # Private interface for network manager on the Nova network server
 CONFIG_NOVA_NETWORK_PRIVIF=lo
 # IP Range for network manager
 CONFIG_NOVA_NETWORK_FIXEDRANGE={{ internal_interface_cidr }}
 # IP Range for Floating IP's
 CONFIG_NOVA_NETWORK_FLOATRANGE={{ public_interface_cidr }}
 # Name of the default floating pool to which the specified floating
 # ranges are added to
 CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL=external
 # Automatically assign a floating IP to new instances
 CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=y
 # First VLAN for private networks
 CONFIG_NOVA_NETWORK_VLAN_START=100
 # Number of networks to support
 CONFIG_NOVA_NETWORK_NUMBER=1
 # Number of addresses in each private subnet
 CONFIG_NOVA_NETWORK_SIZE=255
 # The IP address of the VMware vCenter server
 CONFIG_VCENTER_HOST=
 # The username to authenticate to VMware vCenter server
 CONFIG_VCENTER_USER=
 # The password to authenticate to VMware vCenter server
 CONFIG_VCENTER_PASSWORD=
 # The name of the vCenter cluster
 CONFIG_VCENTER_CLUSTER_NAME=
 # The password to use for Neutron to authenticate with Keystone
 CONFIG_NEUTRON_KS_PW={{ NEUTRON_PASS }}
 # The password to use for Neutron to access DB
 CONFIG_NEUTRON_DB_PW={{ NEUTRON_DBPASS }}
 # A comma separated list of IP addresses on which to install Neutron
 CONFIG_NETWORK_HOSTS={{ controller_public_ip }}
 # The name of the bridge that the Neutron L3 agent will use for
 # external traffic, or 'provider' if using provider networks
 CONFIG_NEUTRON_L3_EXT_BRIDGE=provider
 # The name of the L2 plugin to be used with Neutron
 CONFIG_NEUTRON_L2_PLUGIN=ml2
 # A comma separated list of IP addresses on which to install Neutron
 # metadata agent
 CONFIG_NEUTRON_METADATA_PW={{ NEUTRON_PASS }}
 # A comma separated list of network type driver entrypoints to be
 # loaded from the neutron.ml2.type_drivers namespace.
 CONFIG_NEUTRON_ML2_TYPE_DRIVERS=local,flat,gre
 # A comma separated ordered list of network_types to allocate as
 # tenant networks. The value 'local' is only useful for single-box
 # testing but provides no connectivity between hosts.
 CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=gre
 # A comma separated ordered list of networking mechanism driver
 # entrypoints to be loaded from the neutron.ml2.mechanism_drivers
 # namespace.
 CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
 # A comma separated  list of physical_network names with which flat
 # networks can be created. Use * to allow flat networks with arbitrary
 # physical_network names.
 CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
 # A comma separated list of <physical_network>:<vlan_min>:<vlan_max>
 # or <physical_network> specifying physical_network names usable for
 # VLAN provider and tenant networks, as well as ranges of VLAN tags on
 # each available for allocation to tenant networks.
 CONFIG_NEUTRON_ML2_VLAN_RANGES=
 # A comma separated list of <tun_min>:<tun_max> tuples enumerating
 # ranges of GRE tunnel IDs that are available for tenant network
 # allocation. Should be an array with tun_max +1 - tun_min > 1000000
 CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1:1000
 # Multicast group for VXLAN. If unset, disables VXLAN enable sending
 # allocate broadcast traffic to this multicast group. When left
 # unconfigured, will disable multicast VXLAN mode. Should be an
 # Multicast IP (v4 or v6) address.
 CONFIG_NEUTRON_ML2_VXLAN_GROUP=
 # A comma separated list of <vni_min>:<vni_max> tuples enumerating
 # ranges of VXLAN VNI IDs that are available for tenant network
 # allocation. Min value is 0 and Max value is 16777215.
 CONFIG_NEUTRON_ML2_VNI_RANGES=
 # The name of the L2 agent to be used with Neutron
 CONFIG_NEUTRON_L2_AGENT=openvswitch
 # The type of network to allocate for tenant networks (eg. vlan,
 # local)
 CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE=gre
 # A comma separated list of VLAN ranges for the Neutron linuxbridge
 # plugin (eg. physnet1:1:4094,physnet2,physnet3:3000:3999)
 CONFIG_NEUTRON_LB_VLAN_RANGES=
 # A comma separated list of interface mappings for the Neutron
 # linuxbridge plugin (eg. physnet1:br-eth1,physnet2:br-eth2,physnet3
 # :br-eth3)
 CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
 # Type of network to allocate for tenant networks (eg. vlan, local,
 # gre, vxlan)
 CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=gre
 # A comma separated list of VLAN ranges for the Neutron openvswitch
 # plugin (eg. physnet1:1:4094,physnet2,physnet3:3000:3999)
 CONFIG_NEUTRON_OVS_VLAN_RANGES=floatnet
 # A comma separated list of bridge mappings for the Neutron
 # openvswitch plugin (eg. physnet1:br-eth1,physnet2:br-eth2,physnet3
 # :br-eth3)
 CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=floatnet:br-ex
 # A comma separated list of colon-separated OVS bridge:interface
 # pairs. The interface will be added to the associated bridge.
 CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-tun:eth1
 # A comma separated list of tunnel ranges for the Neutron openvswitch
 # plugin (eg. 1:1000)
 CONFIG_NEUTRON_OVS_TUNNEL_RANGES=1:1000
 # The interface for the OVS tunnel. Packstack will override the IP
 # address used for tunnels on this hypervisor to the IP found on the
 # specified interface. (eg. eth1)
 CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
 # VXLAN UDP port
 CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
 # To set up Horizon communication over https set this to "y"
 CONFIG_HORIZON_SSL=y
 # PEM encoded certificate to be used for ssl on the https server,
 # leave blank if one should be generated, this certificate should not
 # require a passphrase
 CONFIG_SSL_CERT=/etc/pki/tls/certs/fed-cloud09.pem
 # PEM encoded CA certificates from which the certificate chain of the
 # # server certificate can be assembled.
 CONFIG_SSL_CACHAIN=/etc/pki/tls/certs/fed-cloud09.pem
 # Keyfile corresponding to the certificate if one was entered
 CONFIG_SSL_KEY=/etc/pki/tls/private/fed-cloud09.key
 # The password to use for the Swift to authenticate with Keystone
 CONFIG_SWIFT_KS_PW={{ SWIFT_PASS }}
 # A comma separated list of IP addresses on which to install the
 # Swift Storage services, each entry should take the format
 # <ipaddress>[/dev], for example 127.0.0.1/vdb will install /dev/vdb
 # on 127.0.0.1 as a swift storage device(packstack does not create the
 # filesystem, you must do this first), if /dev is omitted Packstack
 # will create a loopback device for a test setup
 CONFIG_SWIFT_STORAGES=
 # Number of swift storage zones, this number MUST be no bigger than
 # the number of storage devices configured
 CONFIG_SWIFT_STORAGE_ZONES=1
 # Number of swift storage replicas, this number MUST be no bigger
 # than the number of storage zones configured
 CONFIG_SWIFT_STORAGE_REPLICAS=1
 # FileSystem type for storage nodes
 CONFIG_SWIFT_STORAGE_FSTYPE=ext4
 # Shared secret for Swift
 CONFIG_SWIFT_HASH={{ SWIFT_HASH }}
 # Size of the swift loopback file storage device
 CONFIG_SWIFT_STORAGE_SIZE=2G
 # Whether to provision for demo usage and testing. Note that
 # provisioning is only supported for all-in-one installations.
 CONFIG_PROVISION_DEMO=n
 # Whether to configure tempest for testing. Note that provisioning is
 # only supported for all-in-one installations.
 CONFIG_PROVISION_TEMPEST=n
 # The CIDR network address for the floating IP subnet
 CONFIG_PROVISION_DEMO_FLOATRANGE=
 # The uri of the tempest git repository to use
 CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
 # The revision of the tempest git repository to use
 CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
 # Whether to configure the ovs external bridge in an all-in-one
 # deployment
 CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE=n
 # The password used by Heat user to authenticate against MySQL
 CONFIG_HEAT_DB_PW={{ HEAT_DBPASS }}
 # The encryption key to use for authentication info in database
 CONFIG_HEAT_AUTH_ENC_KEY={{ HEAT_AUTH_ENC_KEY }}
 # The password to use for the Heat to authenticate with Keystone
 CONFIG_HEAT_KS_PW={{ HEAT_PASS }}
 # Set to 'y' if you would like Packstack to install Heat CloudWatch
 # API
 CONFIG_HEAT_CLOUDWATCH_INSTALL=n
 # Set to 'y' if you would like Packstack to install Heat
 # CloudFormation API
 CONFIG_HEAT_CFN_INSTALL=n
 # The IP address of the server on which to install Heat CloudWatch
 # API service
 CONFIG_HEAT_CLOUDWATCH_HOST={{ controller_public_ip }}
 # The IP address of the server on which to install Heat
 # CloudFormation API service
 CONFIG_HEAT_CFN_HOST={{ controller_public_ip }}
 # The IP address of the management node
 CONFIG_CONTROLLER_HOST={{ controller_public_ip }}
 # Secret key for signing metering messages.
 CONFIG_CEILOMETER_SECRET={{ CEILOMETER_SECRET }}
 # The password to use for Ceilometer to authenticate with Keystone
 CONFIG_CEILOMETER_KS_PW={{ CEILOMETER_PASS }}
 # The IP address of the server on which to install mongodb
 CONFIG_MONGODB_HOST={{ controller_public_ip }}
 # The password of the nagiosadmin user on the Nagios server
 CONFIG_NAGIOS_PW=
 # To subscribe each server to EPEL enter "y"
 CONFIG_USE_EPEL=y
 # A comma separated list of URLs to any additional yum repositories
 # to install
 CONFIG_REPO=
 # To subscribe each server with Red Hat subscription manager, include
 # this with CONFIG_RH_PW
 CONFIG_RH_USER=
 # To subscribe each server with Red Hat subscription manager, include
 # this with CONFIG_RH_USER
 CONFIG_RH_PW=
 # To subscribe each server to Red Hat Enterprise Linux 6 Server Beta
 # channel (only needed for Preview versions of RHOS) enter "y"
 CONFIG_RH_BETA_REPO=n
 # To subscribe each server with RHN Satellite,fill Satellite's URL
 # here. Note that either satellite's username/password or activation
 # key has to be provided
 CONFIG_SATELLITE_URL=
 # Username to access RHN Satellite
 CONFIG_SATELLITE_USER=
 # Password to access RHN Satellite
 CONFIG_SATELLITE_PW=
 # Activation key for subscription to RHN Satellite
 CONFIG_SATELLITE_AKEY=
 # Specify a path or URL to a SSL CA certificate to use
 CONFIG_SATELLITE_CACERT=
 # If required specify the profile name that should be used as an
 # identifier for the system in RHN Satellite
 CONFIG_SATELLITE_PROFILE=
 # Comma separated list of flags passed to rhnreg_ks. Valid flags are:
 # novirtinfo, norhnsd, nopackages
 CONFIG_SATELLITE_FLAGS=
 # Specify a HTTP proxy to use with RHN Satellite
 CONFIG_SATELLITE_PROXY=
 # Specify a username to use with an authenticated HTTP proxy
 CONFIG_SATELLITE_PROXY_USER=
 # Specify a password to use with an authenticated HTTP proxy.
 CONFIG_SATELLITE_PROXY_PW=
--- a/files/fedora-cloud/uninstall.sh
+++ b/files/fedora-cloud/uninstall.sh
@@ -1,32 +0,0 @@
 # Warning! Dangerous step! Destroys VMs
 # if you do know what you are doing feel free to remove the line below to proceed
 exit 1
 # also if you really insist to remove VM, uncomment that vgremove near bottom
 for x in $(virsh list --all | grep instance- | awk '{print $2}') ; do
    virsh destroy $x ;
    virsh undefine $x ;
 done ;
 # Warning! Dangerous step! Removes lots of packages, including many
 # which may be unrelated to RDO.
 yum remove -y nrpe "*openstack*" \
 "*nova*" "*keystone*" "*glance*" "*cinder*" "*swift*" \
 mysql mysql-server httpd "*memcache*" ;
 ps -ef | grep -i repli | grep swift | awk '{print $2}' | xargs kill ;
 # Warning! Dangerous step! Deletes local application data
 rm -rf /etc/nagios /etc/yum.repos.d/packstack_* /root/.my.cnf \
 /var/lib/mysql/* /var/lib/glance /var/lib/nova /etc/nova /etc/swift \
 /srv/node/device*/* /var/lib/cinder/ /etc/rsync.d/frag* \
 /var/cache/swift /var/log/keystone ;
 umount /srv/node/device* ;
 killall -9 dnsmasq tgtd httpd ;
 #vgremove -f cinder-volumes ;
 losetup -a | sed -e 's/:.*//g' | xargs losetup -d ;
 find /etc/pki/tls -name "ssl_ps*" | xargs rm -rf ;
 for x in $(df | grep "/lib/" | sed -e 's/.* //g') ; do
    umount $x ;
 done
--- a/files/gnome/backup.sh
+++ b/files/gnome/backup.sh
@@ -28,9 +28,7 @@ MACHINES='signal.gnome.org
          view.gnome.org
          puppet.gnome.org
          accelerator.gnome.org
-          range.gnome.org
+          range.gnome.org'
          pentagon.gimp.org
          account.gnome.org'
 BACKUP_DIR='/fedora_backups/gnome/'
 LOGS_DIR='/fedora_backups/gnome/logs'
--- a/files/gnome/ssh_config
+++ b/files/gnome/ssh_config
@@ -3,6 +3,6 @@ Host live.gnome.org extensions.gnome.org puppet.gnome.org view.gnome.org drawabl
     IdentityFile /usr/local/etc/gnome_backup_id.rsa
     ProxyCommand ssh -W %h:%p bastion.gnome.org -F /usr/local/etc/gnome_ssh_config
-Host *.gnome.org pentagon.gimp.org
+Host *.gnome.org
     User root
     IdentityFile /usr/local/etc/gnome_backup_id.rsa
--- a/roles/hosts/files/arm.fedoraproject.org-hosts
+++ b/roles/hosts/files/arm.fedoraproject.org-hosts
--- a/roles/hosts/files/ask01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/ask01.phx2.fedoraproject.org-hosts
--- a/roles/hosts/files/elections02.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/elections02.phx2.fedoraproject.org-hosts
@@ -1,7 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.71     db-elections         db-elections
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-ask
--- a/roles/hosts/files/ask02.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/ask02.phx2.fedoraproject.org-hosts
--- a/roles/hosts/files/badges-backend01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/badges-backend01.phx2.fedoraproject.org-hosts
@@ -2,5 +2,5 @@
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.52     admin.fedoraproject.org
-10.5.126.111    db-datanommer   db-datanommer02
+10.5.126.109    db-datanommer   db-datanommer
 10.5.126.71     db-tahrir       db-tahrir
--- a/files/hosts/badges-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-backend01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,10 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.85     db-datanommer   db-datanommer
 10.5.126.85     db-tahrir       db-tahrir
--- a/roles/hosts/files/badges-web01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/badges-web01.phx2.fedoraproject.org-hosts
--- a/files/hosts/badges-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/badges-web01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-tahrir       db-tahrir
--- a/roles/hosts/files/badges-web02.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/badges-web02.phx2.fedoraproject.org-hosts
--- a/roles/hosts/files/elections01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/elections01.phx2.fedoraproject.org-hosts
@@ -1,7 +1,9 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
-10.5.126.71     db-elections         db-elections
+10.5.126.81     memcached03 memcached03.stg app01 app01.stg
--- a/roles/hosts/files/fedocal01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/fedocal01.phx2.fedoraproject.org-hosts
@@ -1,8 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-10.5.126.52     admin.fedoraproject.org
+10.5.126.89     admin.fedoraproject.org
-10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.71     db-fedocal       db-fedocal
--- a/files/hosts/fedocal01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/fedocal01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-fedocal       db-fedocal
--- a/roles/hosts/files/fedocal02.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/fedocal02.phx2.fedoraproject.org-hosts
@@ -1,8 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-10.5.126.52     admin.fedoraproject.org
+10.5.126.89     admin.fedoraproject.org
-10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
+10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.71     db-fedocal       db-fedocal
--- a/roles/hosts/files/kojibuilder-hosts
+++ b/roles/hosts/files/kojibuilder-hosts
--- a/roles/hosts/files/notifs-backend01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/notifs-backend01.phx2.fedoraproject.org-hosts
@@ -3,4 +3,4 @@
 10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.71     db-notifs       db-notifs
-10.5.126.111    db-datanommer   db-datanommer02
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-notifs       db-notifs
 10.5.126.85     db-datanommer       db-datanommer
--- a/roles/hosts/files/notifs-web01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/notifs-web01.phx2.fedoraproject.org-hosts
@@ -3,4 +3,4 @@
 10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.71     db-notifs       db-notifs
-10.5.126.111    db-datanommer   db-datanommer02
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-notifs       db-notifs
 10.5.126.85     db-datanommer       db-datanommer
--- a/roles/hosts/files/notifs-web02.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/notifs-web02.phx2.fedoraproject.org-hosts
@@ -3,4 +3,4 @@
 10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.71     db-notifs       db-notifs
-10.5.126.111    db-datanommer   db-datanommer02
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-notifs       db-notifs
 10.5.126.85     db-datanommer       db-datanommer
--- a/roles/hosts/files/nuancier01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/nuancier01.phx2.fedoraproject.org-hosts
--- a/files/hosts/nuancier01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     nuancier_db       nuancier_db
--- a/roles/hosts/files/nuancier02.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/nuancier02.phx2.fedoraproject.org-hosts
--- a/files/hosts/nuancier02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/nuancier02.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,11 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     nuancier_db       nuancier_db
--- a/roles/hosts/files/qa.fedoraproject.org-hosts
+++ b/roles/hosts/files/qa.fedoraproject.org-hosts
@@ -9,11 +9,3 @@
 #
 10.5.126.52    mirrors.fedoraproject.org
 10.5.126.52    admin.fedoraproject.org
 10.5.126.52    hub.fedoraproject.org
 # for VPN
 10.5.126.12    gateway.phx2.fedoraproject.org gateway bastion01.phx2.fedoraproject.org bastion01
 10.5.126.11    bastion02.phx2.fedoraproject.org bastion02
 # these are needed for the beaker-project repos
 74.207.232.43  beaker-project.org
--- a/roles/hosts/files/releng-hosts
+++ b/roles/hosts/files/releng-hosts
--- a/roles/hosts/files/sign-hosts
+++ b/roles/hosts/files/sign-hosts
@@ -1,12 +1,12 @@
 127.0.0.1	localhost	localhost.localdomain	localhost4	localhost4.localdomain4
 ::1	localhost	localhost.localdomain	localhost6	localhost6.localdomain6
 10.5.126.23	infrastructure.fedoraproject.org
-10.5.126.52     admin.fedoraproject.org
+10.5.126.53     admin.fedoraproject.org
 #
 # Here for historical reasons due to cert names. 
 #
 10.5.125.75	sign-vault1
-10.5.125.71	sign-bridge1
+10.5.125.72	sign-bridge1
 #
 # Need to be able to talk to various kojis
 #
--- a/roles/hosts/files/summershum01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/summershum01.phx2.fedoraproject.org-hosts
--- a/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/summershum01.stg.phx2.fedoraproject.org-hosts
@@ -0,0 +1,12 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.89     admin.fedoraproject.org
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 fedoraproject.org
 10.5.126.86     fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.125.44     pkgs.fedoraproject.org
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 10.5.126.85     db-summershum       db-summershum
--- a/files/httpd/httpd.logrotate
+++ b/files/httpd/httpd.logrotate
@@ -1,13 +0,0 @@
 /var/log/httpd/*log {
    daily
    rotate 7
    missingok
    ifempty
    compress
    compresscmd /usr/bin/xz
    uncompresscmd /usr/bin/xz
    compressext .xz
    dateext
    sharedscripts
    copytruncate
 }
--- a/files/iptables/iptables
+++ b/files/iptables/iptables
@@ -17,6 +17,12 @@
 # allow ssh - always
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
 # for fireball mode - allow port 5099 from lockbox and it's ips
 -A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT
 # for nrpe - allow it from nocs
 -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT
 # FIXME - this is the global nat-ip and we need the noc01-specific ip
--- a/files/iptables/iptables.staging
+++ b/files/iptables/iptables.staging
@@ -29,6 +29,12 @@ COMMIT
 # allow ssh - always
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
 # for fireball mode - allow port 5099 from lockbox and it's ips
 -A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT
 # for nrpe - allow it from nocs
 -A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT
 # FIXME - this is the global nat-ip and we need the noc01-specific ip
--- a/files/jenkins/master/config.xml
+++ b/files/jenkins/master/config.xml
@@ -30,6 +30,38 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
  <clouds/>
  <slaves>
    <slave>
      <name>Fedora18</name>
      <description></description>
      <remoteFS>/mnt/jenkins/</remoteFS>
      <numExecutors>2</numExecutors>
      <mode>NORMAL</mode>
      <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
      <launcher class="hudson.plugins.sshslaves.SSHLauncher"
      plugin="ssh-slaves@0.21">
        <host>172.16.5.12</host>
        <port>22</port>
        <credentialsId>d844d352-af1d-466b-9fc9-cbb19348103a</credentialsId>
      </launcher>
      <label></label>
      <nodeProperties/>
    </slave>
    <slave>
      <name>Fedora19</name>
      <description></description>
      <remoteFS>/mnt/jenkins/</remoteFS>
      <numExecutors>2</numExecutors>
      <mode>NORMAL</mode>
      <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
      <launcher class="hudson.plugins.sshslaves.SSHLauncher"
      plugin="ssh-slaves@0.21">
        <host>172.16.5.12</host>
        <port>22</port>
        <credentialsId>d844d352-af1d-466b-9fc9-cbb19348103a</credentialsId>
      </launcher>
      <label></label>
      <nodeProperties/>
    </slave>
    <slave>
      <name>EL6</name>
      <description></description>
@@ -62,22 +94,6 @@ class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
       <label></label>
       <nodeProperties/>
     </slave>
     <slave>
        <name>EL7-beta</name>
        <description></description>
        <remoteFS>/mnt/jenkins/</remoteFS>
        <numExecutors>2</numExecutors>
        <mode>NORMAL</mode>
        <retentionStrategy class="hudson.slaves.RetentionStrategy$Always"/>
        <launcher class="hudson.plugins.sshslaves.SSHLauncher"
        plugin="ssh-slaves@0.21">
          <host>172.16.5.14</host>
          <port>22</port>
          <credentialsId>950d5dd7-acb2-402a-8670-21f152d04928</credentialsId>
        </launcher>
        <label></label>
        <nodeProperties/>
      </slave>
  </slaves>
  <quietPeriod>5</quietPeriod>
  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
--- a/files/jenkins/slaves/sbt.repo
+++ b/files/jenkins/slaves/sbt.repo
@@ -1,6 +1,6 @@
-[codeblock-sbt-extras]
+[sbt-fedorapeople]
-name=Copr repo for sbt-extras owned by codeblock
+name=SBT Fedorapeople Repo
-baseurl=https://copr-be.cloud.fedoraproject.org/results/codeblock/sbt-extras/fedora-$releasever-$basearch/
+baseurl=http://repos.fedorapeople.org/repos/codeblock/sbt/fedora-18/RPMS/
-skip_if_unavailable=True
+enabled=1
 skip_if_unavailable=1
 gpgcheck=0
 enabled=0
--- a/roles/keyserver/files/css.css
+++ b/roles/keyserver/files/css.css
--- a/roles/keyserver/files/index.html
+++ b/roles/keyserver/files/index.html
--- a/roles/keyserver/files/membership
+++ b/roles/keyserver/files/membership
@@ -1,24 +1,16 @@
 a.sks.srv.scientia.net		11370 # root@sks.srv.scientia.net
 key.adeti.org			11370 # Marco RODRIGUES <marco@adeti.org> 0x7CE697FC
 key.bbs4.us 			11370 # Jonathan Zhang <jonathan@bbs4.us> 0xEEFCCF7B
 key.ip6.li			11370 # Christian Felsing <hostmaster@ip6.li> 0x5386E2A0
 keys2.kfwebs.net		11370 # 0x0B7F8B60E3EDFAE3
 keys.andreas-puls.de 		11370 # Andreas Puls <appu@gmx.net> 0xDAC73FA6
 #keys.christensenplace.us	11370 # Eric Christensen <eric@christensenplace.us> 0x024BB3D1
 keyserver.adamas.ai 		11370 # Tyler Durden (Big Brother is watching) <virii@c3l.lu> 0x2A2CF11B
 keyserver.advmapper.com		11370 # Tyler Schwend <tylerschwend@gmail.com> 0xDB4B79F8
 keyserver.blupill.com		11370 # BluKeyserver <keyserver@blupill.com> 0xB9865CB5
 keyserver.cais.rnp.br		11370 # Andre R. Landim <andre.landim@cais.rnp.br> 0xCBFE6A3E
 keyserver.cns.vt.edu		11370 # Phil Benchoff <benchoff@vt.edu> <keymaster@cns.vt.edu>
 keyserver.codinginfinity.com	11370 # Andrew Broekman <andrew@codinginfinity.com> 0xDE4B8C1A85F10FC4377EF2A45C54415118451EAC
 #keyserver.computer42.org	11370 # H.-Dirk Schmitt <dirk@computer42.org> 0x6A017B17
 keyserver.dacr.hu  		11370 # David Horvath <dacr@dacr.hu> 0x00CBC81A
 keyserver.gingerbear.net	11370 # John P. Clizbe <John@Gingerbear.net> 0xD6569825
 keyserver.kim-minh.com		11370 # Kim Minh Kaplan<kaplan+sks@kim-minh.com> 0xAF1E829C
 keyserver.kjsl.org		11370 # Javier Henderson <javier@kjsl.org> 0x9BF88EE5
 keyserver.miniskipper.at 	11370 # Sven Kocksch <sven.kocksch@miniskipper.at> 0x90D94808 
 keyserver.nausch.org		11370 # Michael Nausch <michael@nausch.org> 0x2384C849 
-#key-server.nl			11370 # Wijnand Modderman-Lenstra <maze@key-server.nl> 0x294DF221
+key-server.nl			11370 # Wijnand Modderman-Lenstra <maze@key-server.nl> 0x294DF221
 keyserver.saol.no-ip.com	11370 # Peter <peter@saol.no-ip.com> 0x39E97290
 keyserver.secretresearchfacility.com 11370 # Stephan Seitz <s.seitz@secretresearchfacility.com> 0xAB83B1C3
 keyserver.serviz.fr		11370 # robert <sks(at)serviz(pt)fr> 0xEF333C7E
@@ -27,31 +19,24 @@ keyserver.skoopsmedia.net	11370 # unknown
 #keyservers.org			11370 # Rob Hansen <rjh@sixdemonbag.org>
 keyserver.stack.nl		11370 # Johan van Selst <johans@stack.nl> 0xD3AE8D3A
 keyserver.ut.mephi.ru		11370 # Dmitry Yu Okunev <dyokunev@ut.mephi.ru> 0x8E30679C, pks team <pks@ut.mephi.ru>
 keyserver.vi-di.fr 		11370 # Frank Villaro-Dixon <keyserver@vi-di.fr>016106A6AF223DBE
 keyserver.zap.org.au 		11370 # John Zaitseff <J.Zaitseff@zap.org.au> 0xB0F6BC7F46D30F1432FC46190D254111C4EE569B
 keys.exosphere.de		11370 # Christoph Gebhardt <chris@exosphere.de> 0xE1C2E92C
 keys.jhcloos.com  		11370 # James Cloos <cloos@jhcloos.com>  0xED7DAEA6
 keys.niif.hu			11370 # Gabor Kiss <kissg@ssg.ki.iif.hu>
-#keys.wuschelpuschel.org		11370 # 0x017D1C3D Peter Kornherr <peter@wuschelpuschel.org>
+keys.thoma.cc			11370 # Maximilian Thoma <keys@thoma.cc> 0xB480AC4B
-#openpgp1.claruscomms.net	11370 # unknown
+keys.wuschelpuschel.org		11370 # 0x017D1C3D Peter Kornherr <peter@wuschelpuschel.org>
 openpgp1.claruscomms.net	11370 # unknown
 pgp.circl.lu			11370 # CIRCL - info@circl.lu - 0x22BD4CD5
 pgp.codelabs.ru			11370
 #pgp.codelabs.ru		11370 # Eygene Ryabinkin <rea@codelabs.ru> 0x8152ECFB
 pgp.jjim.de			11370 # Joel Garske <admin@pgp.jjim.de> 0xA921EB20
 pgpkeys.mallos.nl		11370 # Arnold Schekkerman <arnold@mallos.nl> 0xB66BBBAA
-#pgp.megagod.net			11370 # Kullawat Chaowanawatee (0xC19EAE3A)
+pgp.megagod.net			11370 # Kullawat Chaowanawatee (0xC19EAE3A)
 pgp.rediris.es			11370 # Francisco.monserrat <francisco.monserrat@rediris.es> 0xD3A42C61
 #pki.colliertech.org		11370 # C.J. Adams-Collier <cjac@uw.edu> 0x8E562765BA27A83C
-sks.alpha-labs.net 		11370 # Christian Reiss <email@christian-reiss.de> 0x44e29126abcd43c5
+ranger.ky9k.org			11370 # Brian D Heaton <pgp-keymaster@ky9k.org>       0x9A016118
 sks.disunitedstates.com 	11370 # David Benfell <benfell@disunitedstates.com> 0x1236602B
 sks.ecks.ca			11370 # Eric Benoit <eric@ecks.ca> 0x69E65D2C
 sks.es.net			11370 # keymaster@es.net
 sks.fidocon.de			11370 # unknown
 sks.karotte.org			11370 # Sebastian Wiesinger <sebastian@karotte.org> 0x93A0B9CE
 sks.keyservers.net		11370 # John P. Clizbe <John@Gingerbear.net> 0xD6569825
 sks.mrball.net			11370 # Todd Lyons <todd@mrball.net> 0xAE127015
 sks.muc.drweb-av.de 		11370 # Karl Schmitz <ks@muc.drweb-av.de> 0xF58B06CC71D3F6923354FCF1533AA65831B5CDFA
 sks-peer.spodhuis.org		11370 # Phil Pennock <keyserver@spodhuis.org> 0x3903637F
 sks.pkqs.net			11370 # Stephan Beyer <s-beyer@gmx.net> 0xFCC5040F
 vanunu.calyxinstitute.org	11370
 zimmermann.mayfirst.org		11370 # Daniel Kahn Gillmor <dkg@fifthhorseman.net> 0xCCD2ED94D21739E9
--- a/files/keyserver/sks.conf
+++ b/files/keyserver/sks.conf
@@ -51,9 +51,9 @@ NameVirtualHost *:443
 	ServerAlias keys01.fedoraproject.org
        SSLEngine on
-        SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
+        SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
-	SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
+	SSLCertificateChainFile /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
-        SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
+        SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
 	ProxyPass / http://localhost:11371/
 	ProxyPassReverse / http://localhost:11371/
        SetEnv proxy-nokeepalive 1
--- a/roles/keyserver/files/sksconf
+++ b/roles/keyserver/files/sksconf
@@ -10,5 +10,4 @@ stat_hour: 00
 initial_stat:
 membership_reload_interval: 1
 disable_mailsync:
 debuglevel: 4
 server_contact: 0x167B4A54236BBEAA37DCCD92ED14D5E7110810E9
--- a/roles/taskotron/ssl-taskotron/templates/ssl.conf.rhel.j2
+++ b/roles/taskotron/ssl-taskotron/templates/ssl.conf.rhel.j2
@@ -71,13 +71,13 @@ SSLCryptoDevice builtin
 ## SSL Virtual Host Context
 ##
 NameVirtualHost *:443
 <VirtualHost _default_:443>
 # General setup for the virtual host, inherited from global configuration
 #DocumentRoot "/var/www/html"
-ServerName {{ public_hostname }}:443
+    #    ProxyPass / http://localhost:11371/
     #   ProxyPassReverse / http://localhost:11371/
 #ServerName www.example.com:443
 # Use separate log files for the SSL virtual host; note that LogLevel
 # is not inherited from httpd.conf.
@@ -92,7 +92,7 @@ SSLEngine on
 #   SSL Protocol support:
 # List the enable protocol levels with which clients will be able to
 # connect.  Disable SSLv2 access by default:
-SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+SSLProtocol all -SSLv2
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
@@ -104,16 +104,14 @@ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
 # the certificate is encrypted, then you will be prompted for a
 # pass phrase.  Note that a kill -HUP will prompt again.  A new
 # certificate can be generated using the genkey(1) command.
-#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
 SSLCertificateFile /etc/pki/tls/certs/{{ inventory_hostname }}.crt
 #   Server Private Key:
 #   If the key is not combined with the certificate, use this
 #   directive to point at the key file.  Keep in mind that if
 #   you've both a RSA and a DSA private key you can configure
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
-#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
 SSLCertificateKeyFile /etc/pki/tls/private/{{ inventory_hostname }}.key
 #   Server Certificate Chain:
 #   Point SSLCertificateChainFile at a file containing the
@@ -124,7 +122,6 @@ SSLCertificateKeyFile /etc/pki/tls/private/{{ inventory_hostname }}.key
 #   certificate for convinience.
 #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
 #   Certificate Authority (CA):
 #   Set the CA certificate verification path where to find CA
 #   certificates for client authentication or alternatively one
@@ -223,5 +220,5 @@ SetEnvIf User-Agent ".*MSIE.*" \
 CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-</VirtualHost>
+</VirtualHost>                                  
--- a/files/rdiff-backup/run-rdiff-backups
+++ b/files/rdiff-backup/run-rdiff-backups
@@ -5,5 +5,5 @@ source /root/sshagent >>/dev/null
 TMPDIR=`mktemp -d /tmp/backups.XXXX`
 cd $TMPDIR
-git clone https://infrastructure.fedoraproject.org/infra/ansible.git
+git clone http://infrastructure.fedoraproject.org/infra/ansible.git
 ansible-playbook -i ansible/inventory ansible/playbooks/rdiff-backup.yml 
--- a/files/rdo/rdo.conf
+++ b/files/rdo/rdo.conf
@@ -0,0 +1,7 @@
 Alias /openstack /srv/persist/openstack
 <Directory "/srv/persist/openstack">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
 </Directory>
--- a/roles/releng/files/branched
+++ b/roles/releng/files/branched
@@ -1,3 +1,3 @@
 # branched compose
-MAILTO=releng-cron@lists.fedoraproject.org
+MAILTO=rel-eng@lists.fedoraproject.org
 15 7 * * * masher TMPDIR=`mktemp -d /tmp/branched.XXXXXX` && cd $TMPDIR && git clone -n git://git.fedorahosted.org/releng && cd releng && git checkout -b stable rawhide-stable && LANG=en_US.UTF-8 ./scripts/buildbranched $(date "+\%Y\%m\%d") && sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora
--- a/roles/releng/files/fedmsg/base.py
+++ b/roles/releng/files/fedmsg/base.py
--- a/roles/releng/files/fedmsg/endpoints.py
+++ b/roles/releng/files/fedmsg/endpoints.py
@@ -9,7 +9,7 @@ config = dict(
        # This is the output side of the relay to which all other
        # services can listen.
        "relay_outbound": [
-            "tcp://busgateway01.%s:3999" % suffix,
+            "tcp://app01.%s:3999" % suffix,
        ],
        # For other, more 'normal' services, fedmsg will try to guess the
@@ -24,11 +24,11 @@ config = dict(
            "tcp://app02.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
-        "bodhi.branched-composer": [
+        "bodhi.releng01": [
-            "tcp://branched-composer.%s:3000" % suffix
+            "tcp://releng01.%s:3000" % suffix
        ],
-        "bodhi.rawhide-composer": [
+        "bodhi.releng02": [
-            "tcp://rawhide-composer.%s:3000" % suffix
+            "tcp://releng02.%s:3000" % suffix
        ],
        "bodhi.app03": [
            "tcp://app03.%s:300%i" % (suffix, i)
@@ -60,12 +60,12 @@ config = dict(
            "tcp://fas01.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
-        "fedoratagger.tagger01": [
+        "fedoratagger.packages01": [
-            "tcp://tagger01.%s:300%i" % (suffix, i)
+            "tcp://packages01.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
-        "fedoratagger.tagger02": [
+        "fedoratagger.packages02": [
-            "tcp://tagger02.%s:300%i" % (suffix, i)
+            "tcp://packages02.%s:300%i" % (suffix, i)
            for i in range(8)
        ],
        "busmon.app01": [
@@ -85,5 +85,5 @@ config = dict(
    # It is also used by the git-hook, for the same reason.
    # It is also used by the mediawiki php plugin which, due to the oddities of
    # php, can't maintain a single passive-bind endpoint of it's own.
-    relay_inbound="tcp://busgateway01.%s:9941" % suffix,
+    relay_inbound="tcp://app01.%s:3998" % suffix,
 )
--- a/roles/releng/files/fedmsg/ircbot.py
+++ b/roles/releng/files/fedmsg/ircbot.py
--- a/roles/releng/files/fedmsg/ssl.py
+++ b/roles/releng/files/fedmsg/ssl.py
@@ -50,12 +50,12 @@ config = dict(
    ] + [
        ("shell.relepel01", "shell-relepel01.%s" % suffix),
        ("shell.releng04", "shell-releng04.%s" % suffix),
-        ("shell.branched-composer", "shell-releng01.%s" % suffix),
+        ("shell.releng01", "shell-releng01.%s" % suffix),
-        ("shell.rawhide-composer", "shell-releng02.%s" % suffix),
+        ("shell.releng02", "shell-releng02.%s" % suffix),
        ("bodhi.relepel01", "bodhi-relepel01.%s" % suffix),
        ("bodhi.releng04", "bodhi-releng04.%s" % suffix),
-        ("bodhi.branched-composer", "bodhi-releng01.%s" % suffix),
+        ("bodhi.releng01", "bodhi-releng01.%s" % suffix),
-        ("bodhi.rawhide-composer", "bodhi-releng02.%s" % suffix),
+        ("bodhi.releng02", "bodhi-releng02.%s" % suffix),
    ] + [
        ("shell.value01", "shell-value01.%s" % suffix),
        ("shell.value03", "shell-value03.%s" % suffix),
--- a/roles/releng/templates/fedora-branched-compose-armhfp.cfg
+++ b/roles/releng/templates/fedora-branched-compose-armhfp.cfg
@@ -26,13 +26,13 @@ assumeyes=1
 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/branched/armhfp/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/branched/armhfp/os
 enabled=1
 cost=5000
 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/f21-build/latest/armhfp
+baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/armhfp
 enabled=1
 #cost=2000
 """
--- a/roles/releng/templates/fedora-branched-compose-i386.cfg
+++ b/roles/releng/templates/fedora-branched-compose-i386.cfg
@@ -26,13 +26,13 @@ assumeyes=1
 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/branched/i386/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/branched/i386/os
 enabled=1
 cost=5000
 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/f21-build/latest/i386
+baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/i386
 enabled=1
 #cost=2000
 """
--- a/roles/releng/templates/fedora-branched-compose-x86_64.cfg
+++ b/roles/releng/templates/fedora-branched-compose-x86_64.cfg
@@ -26,13 +26,13 @@ assumeyes=1
 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/branched/x86_64/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/branched/x86_64/os
 enabled=1
 cost=5000
 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/f21-build/latest/x86_64
+baseurl=http://kojipkgs.fedoraproject.org/repos/f20-build/latest/x86_64
 enabled=1
 #cost=2000
 """
--- a/roles/releng/files/fedora-branched-pungi-i386.cfg
+++ b/roles/releng/files/fedora-branched-pungi-i386.cfg
--- a/roles/releng/files/fedora-branched-pungi-x86_64.cfg
+++ b/roles/releng/files/fedora-branched-pungi-x86_64.cfg
--- a/roles/releng/files/fedora-devel-pungi-ppc.cfg
+++ b/roles/releng/files/fedora-devel-pungi-ppc.cfg
--- a/roles/releng/templates/fedora-rawhide-compose-armhfp.cfg
+++ b/roles/releng/templates/fedora-rawhide-compose-armhfp.cfg
@@ -1,14 +1,11 @@
 config_opts['root'] = 'fedora-rawhide-compose-armhfp'
 config_opts['target_arch'] = 'armv7hl'
-config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi uboot-tools'
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build uboot-tools'
-config_opts['dist'] = 'fc21'  # only useful for --resultdir variable subst
+config_opts['dist'] = 'fc10'  # only useful for --resultdir variable subst
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['internal_dev_setup'] = False
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['yum.conf'] = """
 [main]
@@ -25,13 +22,13 @@ assumeyes=1
 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/rawhide/armhfp/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/armhfp/os
 enabled=1
 cost=5000
 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/rawhide/latest/armhfp
+baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/armhfp
 enabled=1
 #cost=2000
 """
--- a/roles/releng/templates/fedora-rawhide-compose-i386.cfg
+++ b/roles/releng/templates/fedora-rawhide-compose-i386.cfg
@@ -1,14 +1,10 @@
 config_opts['root'] = 'fedora-rawhide-compose-i386'
 config_opts['target_arch'] = 'i386'
-config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi'
+config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
-config_opts['dist'] = 'fc16'  # only useful for --resultdir variable subst
+config_opts['dist'] = 'fc10'  # only useful for --resultdir variable subst
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['internal_dev_setup'] = False
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['yum.conf'] = """
 [main]
@@ -25,13 +21,13 @@ assumeyes=1
 [fedora]
 name=fedora
-baseurl=http://{{kojipkgs_url}}/mash/rawhide/i386/os
+baseurl=http://kojipkgs.fedoraproject.org/mash/rawhide/i386/os
 enabled=1
 cost=5000
 [static]
 name=static
-baseurl=http://{{kojipkgs_url}}/repos/rawhide/latest/i386
+baseurl=http://kojipkgs.fedoraproject.org/repos/rawhide/latest/i386
 enabled=1
 #cost=2000
 """
--- a/roles/releng/files/fedora-rawhide-pungi-i386.cfg
+++ b/roles/releng/files/fedora-rawhide-pungi-i386.cfg
@@ -1,14 +1,12 @@
 config_opts['root'] = 'fedora-rawhide-pungi-i386'
 config_opts['target_arch'] = 'i386'
-config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi'
+config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
-config_opts['dist'] = 'fc16'  # only useful for --resultdir variable subst
+config_opts['dist'] = 'fc9'
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['internal_dev_setup'] = False
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
+
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))
 config_opts['yum.conf'] = """
 [main]
--- a/roles/releng/files/fedora-rawhide-pungi-x86_64.cfg
+++ b/roles/releng/files/fedora-rawhide-pungi-x86_64.cfg
@@ -1,14 +1,12 @@
 config_opts['root'] = 'fedora-rawhide-pungi-x86_64'
 config_opts['target_arch'] = 'x86_64'
-config_opts['chroot_setup_cmd'] = 'install @buildsys-build vim-enhanced pungi'
+config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
-config_opts['dist'] = 'fc16'  # only useful for --resultdir variable subst
+config_opts['dist'] = 'fc9'
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['internal_dev_setup'] = False
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/srv/pungi', '/srv/pungi' ))
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev', '/dev' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/koji', '/mnt/koji' ))
+config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/dev/pts', '/dev/pts' ))
-config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/mnt/fedora_koji', '/mnt/fedora_koji' ))
+
 config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/pub/fedora', '/pub/fedora' ))
 config_opts['yum.conf'] = """
 [main]
--- a/roles/releng/files/mash/masher.config
+++ b/roles/releng/files/mash/masher.config
--- a/roles/releng/files/mash/masher.id_rsa.pub
+++ b/roles/releng/files/mash/masher.id_rsa.pub
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfk627wDgkJisjGl4RbrUS457WoPdSate1vzgZXApQeAkTG9LLEstAEyThphnJZzDWRYceId+DqZvyrwZttB6Tfptwqs9qwW60HelSVtvq6RDoiQO5yB1ffbeelM6ci5spvzA0b8llUmYpDlCmrbv/or5IXtO9ScAxK7S6Pp2XQYyHJepEclCqfUkmgOXqnoFPFhKhIdaNe7wXCDKnjHSL0HLQmpTREbJ98HNexI76DMdiuG+II7m42XbfToHZtDrsUfd5HGyWLqUWqFfLFoFSSrARE7Aqa2cS1zrLdKHTFnDitBezNeb2J4Go3/23bHe58LV8RfPdIQG9Z8hqYiD9 root@fed-cloud09.cloud.fedoraproject.org`