- name: Set up those ProxyPassReverse statements.  Somebody get me a cup of coffee..
  hosts: proxies-stg:proxies
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

  vars:
  - varnish_url: http://localhost:6081

  pre_tasks:

  - name: Remove some crusty files from bygone eras
    file: dest=/etc/httpd/conf.d/{{item}} state=absent
    with_items:
    - meetbot.fedoraproject.org/reversepassproxy.conf
    - meetbot.fedoraproject.org/meetbot.conf
    notify:
    - reload proxyhttpd
    tags:
    - httpd
    - httpd/reverseproxy


  roles:

  - role: httpd/reverseproxy
    website: copr.fedoraproject.org
    destname: coprapi
    localpath: /api
    remotepath: /api
    proxyurl: https://copr.fedorainfracloud.org

  - role: httpd/reverseproxy
    website: nagios.fedoraproject.org
    destname: nagios
    remotepath: /
    proxyurl: http://noc01.phx2.fedoraproject.org

  - role: httpd/reverseproxy
    website: lists.fedoraproject.org
    destname: mailman3
    localpath: /
    remotepath: /
    header_scheme: true
    keephost: true
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: lists.fedorahosted.org
    destname: mailman3
    localpath: /
    remotepath: /
    header_scheme: true
    keephost: true
    proxyurl: "{{ varnish_url }}"

  # The place for the raw originals
  - role: httpd/reverseproxy
    website: meetbot-raw.fedoraproject.org
    destname: meetbot
    remotepath: /meetbot/
    # Talk directly to the app server, not haproxy
    proxyurl: http://value01

  # The place for the fancy mote view
  - role: httpd/reverseproxy
    website: meetbot.fedoraproject.org
    destname: mote
    #remotepath: /mote/
    # Talk directly to the app server, not haproxy
    proxyurl: http://value01

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: nuancier
    localpath: /nuancier
    remotepath: /nuancier
    header_scheme: true
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: github2fedmsg
    localpath: /github2fedmsg
    remotepath: /github2fedmsg
    header_scheme: true
    proxyurl: http://localhost:10037

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: fedora-notifications
    localpath: /notifications
    remotepath: /notifications
    header_scheme: true
    proxyurl: http://localhost:10036

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: packages
    localpath: /packages
    remotepath: /packages
    proxyurl: http://localhost:10016

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: tagger
    localpath: /tagger
    remotepath: /tagger
    rewrite: true
    proxyurl: http://localhost:10017

  - role: httpd/reverseproxy
    website: ask.fedoraproject.org
    destname: askbot
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: paste.fedoraproject.org
    destname: modernpaste
    keephost: true
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: awx.fedoraproject.org
    destname: awx
    remotepath: /
    localpath: /
    proxyurl: http://localhost:10069
    when: env == "production"
    tags:
    - awx.fedoraproject.org

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: totpcgiprovision
    localpath: /totpcgiprovision
    proxyurl: http://localhost:10019

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: fas
    remotepath: /accounts
    localpath: /accounts
    proxyurl: http://localhost:10004

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: elections
    remotepath: /voting
    localpath: /voting
    proxyurl: http://localhost:10007

  # Fedoauth is odd here -- it has an entry for both stg and prod.
  - role: httpd/reverseproxy
    website: id.stg.fedoraproject.org
    destname: id
    proxyurl: http://localhost:10020
    when: env == "staging"

  - role: httpd/reverseproxy
    website: username.id.stg.fedoraproject.org
    destname: usernameid
    proxyurl: http://localhost:10020
    when: env == "staging"

  - role: httpd/reverseproxy
    website: id.stg.fedoraproject.org
    destname: 00-kdcproxy
    remotepath: /KdcProxy
    localpath: /KdcProxy
    proxyurl: http://localhost:10053
    when: env == "staging"

  - role: httpd/reverseproxy
    website: id.stg.fedoraproject.org
    destname: 00-ipa
    remotepath: /ipa
    localpath: /ipa
    proxyurl: http://localhost:10061
    when: env == "staging"

  - role: httpd/reverseproxy
    website: id.fedoraproject.org
    destname: id
    proxyurl: http://localhost:10020
    tags:
    - id.fedoraproject.org
    when: env != "staging"

  - role: httpd/reverseproxy
    website: username.id.fedoraproject.org
    destname: usernameid
    proxyurl: http://localhost:10020
    tags:
    - id.fedoraproject.org
    when: env != "staging"

  - role: httpd/reverseproxy
    website: id.fedoraproject.org
    destname: 00-kdcproxy
    remotepath: /KdcProxy
    localpath: /KdcProxy
    proxyurl: http://localhost:10053
    when: env != "staging"

  - role: httpd/reverseproxy
    website: id.fedoraproject.org
    destname: 00-ipa
    remotepath: /ipa
    localpath: /ipa
    proxyurl: http://localhost:10061
    when: env != "staging"

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: datagrepper
    remotepath: /datagrepper
    localpath: /datagrepper
    rewrite: true
    proxyurl: http://localhost:10028

  - role: httpd/reverseproxy
    website: badges.fedoraproject.org
    destname: badges
    proxyurl: http://localhost:10032

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: fedocal
    remotepath: /calendar
    localpath: /calendar
    header_scheme: true
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: kerneltest
    remotepath: /kerneltest
    localpath: /kerneltest
    header_scheme: true
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: qa.fedoraproject.org
    destname: blockerbugs
    remotepath: /blockerbugs
    localpath: /blockerbugs
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: fedoraproject.org
    destname: fp-wiki
    wpath: /w
    wikipath: /wiki
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: pkgdb
    remotepath: /pkgdb
    localpath: /pkgdb
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: bodhi.fedoraproject.org
    destname: bodhi
    proxyurl: http://localhost:10065
    keephost: true
    tags: bodhi

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: mirrormanager
    remotepath: /mirrormanager
    localpath: /mirrormanager
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: mirrors.fedoraproject.org
    destname: mirrormanager-mirrorlist
    proxyurl: http://localhost:10002

  - role: httpd/reverseproxy
    website: download.fedoraproject.org
    destname: mirrormanager-redirector
    proxyurl: http://localhost:10002

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: koschei
    localpath: /koschei
    remotepath: /koschei
    proxyurl: "{{ varnish_url }}"

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: mdapi
    remotepath: /mdapi
    localpath: /mdapi
    proxyurl: http://localhost:10043

  - role: httpd/reverseproxy
    website: openqa.fedoraproject.org
    destname: openqa
    remotepath: /
    localpath: /
    proxyurl: http://localhost:10044

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: autocloud
    localpath: /autocloud
    remotepath: /autocloud
    proxyurl: http://localhost:10041

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: statscache
    localpath: /statscache
    remotepath: /statscache
    proxyurl: http://localhost:10042

  - role: httpd/reverseproxy
    website: pdc.fedoraproject.org
    destname: pdc
    proxyurl: http://localhost:10045
    header_scheme: true
    tags: pdc

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: zanata2fedmsg
    localpath: /zanata2fedmsg
    remotepath: /zanata2fedmsg
    proxyurl: http://localhost:10046

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: yk-val
    remotepath: /yk-val/verify
    localpath: /yk-val/verify
    proxyurl: http://localhost:10004

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: pager
    remotepath: /pager
    localpath: /pager
    # Talk directly to the app server, not haproxy
    proxyurl: http://sundries01

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: awstats
    remotepath: /awstats
    localpath: /awstats
    # Talk directly to the app server, not haproxy
    proxyurl: http://log01

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: epylog
    remotepath: /epylog
    localpath: /epylog
    # Talk directly to the app server, not haproxy
    proxyurl: http://log01

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: maps
    remotepath: /maps
    localpath: /maps
    # Talk directly to the app server, not haproxy
    proxyurl: http://log01

  - role: httpd/reverseproxy
    website: fedoraproject.org
    destname: freemedia
    remotepath: /freemedia
    localpath: /freemedia
    proxyurl: http://localhost:10011

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: collectd
    localpath: /collectd
    remotepath: /collectd
    # Talk directly to the app server, not haproxy
    proxyurl: http://log01

  ### Four entries for taskotron for production
  - role: httpd/reverseproxy
    website: taskotron.fedoraproject.org
    destname: taskotron
    # Talk directly to the app server, not haproxy
    proxyurl: http://taskotron01.vpn.fedoraproject.org

  - role: httpd/reverseproxy
    website: taskotron.fedoraproject.org
    destname: taskotron-resultsdb
    localpath: /resultsdb
    remotepath: /resultsdb
    # Talk directly to the app server, not haproxy
    proxyurl: http://resultsdb01.vpn.fedoraproject.org

  - role: httpd/reverseproxy
    website: taskotron.fedoraproject.org
    destname: taskotron-resultsdbapi
    localpath: /resultsdb_api
    remotepath: /resultsdb_api
    # Talk directly to the app server, not haproxy
    proxyurl: http://resultsdb01.vpn.fedoraproject.org

  - role: httpd/reverseproxy
    website: taskotron.fedoraproject.org
    destname: taskotron-execdb
    localpath: /execdb
    remotepath: /execdb
    # Talk directly to the app server, not haproxy
    proxyurl: http://resultsdb01.vpn.fedoraproject.org

  - role: httpd/reverseproxy
    website: taskotron.fedoraproject.org
    destname: taskotron-vault
    localpath: /vault
    remotepath: /vault
    # Talk directly to the app server, not haproxy
    proxyurl: http://resultsdb01.vpn.fedoraproject.org


  ### And four entries for taskotron for staging
  - role: httpd/reverseproxy
    website: taskotron.stg.fedoraproject.org
    destname: taskotron
    # Talk directly to the app server, not haproxy
    proxyurl: http://taskotron-stg01.qa.fedoraproject.org
    when: env == "staging"

  - role: httpd/reverseproxy
    website: taskotron.stg.fedoraproject.org
    destname: taskotron-resultsdb
    localpath: /resultsdb
    remotepath: /resultsdb
    # Talk directly to the app server, not haproxy
    proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
    when: env == "staging"

  - role: httpd/reverseproxy
    website: taskotron.stg.fedoraproject.org
    destname: taskotron-resultsdbapi
    localpath: /resultsdb_api
    remotepath: /resultsdb_api
    # Talk directly to the app server, not haproxy
    proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
    when: env == "staging"

  - role: httpd/reverseproxy
    website: taskotron.stg.fedoraproject.org
    destname: taskotron-execdb
    localpath: /execdb
    remotepath: /execdb
    # Talk directly to the app server, not haproxy
    proxyurl: http://resultsdb-stg01.qa.fedoraproject.org
    when: env == "staging"

  ### Beaker production
  - role: httpd/reverseproxy
    website: beaker.qa.fedoraproject.org
    destname: beaker
    # Talk directly to the app server, not haproxy
    proxyurl: http://beaker01.vpn.fedoraproject.org
    when: env == "production"

  ### Beaker staging
  - role: httpd/reverseproxy
    website: beaker.stg.fedoraproject.org
    destname: beaker-stg
    # Talk directly to the app server, not haproxy
    proxyurl: http://beaker-stg01.qa.fedoraproject.org
    when: env == "staging"

  ### QA staging

  - role: httpd/reverseproxy
    website: qa.stg.fedoraproject.org
    destname: qa-stg
    # Talk directly to the app server, not haproxy
    proxyurl: http://qa-stg01.qa.fedoraproject.org
    when: env == "staging"

  - role: httpd/reverseproxy
    website: qa.stg.fedoraproject.org
    destname: blockerbugs
    remotepath: /blockerbugs
    localpath: /blockerbugs
    proxyurl: "{{ varnish_url }}"
    when: env == "staging"

  - role: httpd/reverseproxy
    website: phab.qa.stg.fedoraproject.org
    destname: qa-stg-phab
    # Talk directly to the app server, not haproxy
    proxyurl: http://phab.qa-stg01.qa.fedoraproject.org
    keephost: true
    when: env == "staging"

  - role: httpd/reverseproxy
    website: docs.qa.stg.fedoraproject.org
    destname: qa-stg-docs
    # Talk directly to the app server, not haproxy
    proxyurl: http://docs.qa-stg01.qa.fedoraproject.org
    when: env == "staging"

  ### QA production

  - role: httpd/reverseproxy
    website: qa.fedoraproject.org
    destname: qa-prod
    # Talk directly to the app server, not haproxy
    proxyurl: http://qa-prod01.vpn.fedoraproject.org

  - role: httpd/reverseproxy
    website: phab.qa.fedoraproject.org
    destname: qa-prod-phab
    # Talk directly to the app server, not haproxy
    proxyurl: http://phab.qa-prod01.vpn.fedoraproject.org
    keephost: true

  - role: httpd/reverseproxy
    website: docs.qa.fedoraproject.org
    destname: qa-prod-docs
    # Talk directly to the app server, not haproxy
    proxyurl: http://docs.qa-prod01.vpn.fedoraproject.org

  # This one gets its own role (instead of httpd/reverseproxy) so that it can
  # copy in some silly static resources (globe.png, index.html)
  - role: geoip-city-wsgi/proxy
    website: geoip.fedoraproject.org
    proxyurl: http://localhost:10029

  - role: httpd/reverseproxy
    website: src.fedoraproject.org
    destname: git
    proxyurl: http://localhost:10057
    header_scheme: true
    keephost: true

  - role: httpd/reverseproxy
    website: osbs.fedoraproject.org
    destname: osbs
    proxyurl: http://localhost:10047

  - role: httpd/reverseproxy
    website: registry.fedoraproject.org
    destname: registry-fedora
    # proxyurl in this one is totally ignored, because Docker.
    # (turns out it uses PATCH requests that Varnish cannot deal with)
    proxyurl: "{{ varnish_url }}"
    tags:
    - registry

  - role: httpd/reverseproxy
    website: registry.centos.org
    destname: registry-centos
    # proxyurl in this one is totally ignored, because Docker.
    # (turns out it uses PATCH requests that Varnish cannot deal with)
    proxyurl: "{{ varnish_url }}"
    tags:
    - registry

  - role: httpd/reverseproxy
    website: candidate-registry.fedoraproject.org
    destname: candidate-registry
    proxyurl: http://localhost:10054

  - role: httpd/reverseproxy
    website: retrace.fedoraproject.org
    destname: retrace
    proxyurl: http://localhost:10049
    when: env == "staging"

  - role: httpd/reverseproxy
    website: faf.fedoraproject.org
    destname: faf
    proxyurl: http://localhost:10050
    when: env == "staging"

  - role: httpd/reverseproxy
    website: apps.fedoraproject.org
    destname: pps
    remotepath: /pps
    localpath: /pps
    proxyurl: http://localhost:10051
    when: env == "staging"

  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
    destname: fas3
    remotepath: /fas3
    localpath: /fas3
    proxyurl: http://localhost:10052
    when: env == "staging"

  - role: httpd/reverseproxy
    website: mbs.fedoraproject.org
    destname: mbs
    proxyurl: http://localhost:10063

  - role: httpd/reverseproxy
    website: koji.fedoraproject.org
    destname: koji
    proxyurl: http://localhost:10056
    keephost: true

  - role: httpd/reverseproxy
    website: s390.koji.fedoraproject.org
    destname: s390koji
    proxyurl: http://localhost:10059
    keephost: true

  - role: httpd/reverseproxy
    website: kojipkgs.fedoraproject.org
    destname: kojipkgs
    proxyurl: http://localhost:10062
    keephost: true

  # Nuke after F28 GA.
  # See roles/httpd/reverseproxy/reversepassproxy.brokenostreekojipkgs.conf
  - role: httpd/reverseproxy
    website: brokenostreekojipkgs.fedoraproject.org
    destname: brokenostreekojipkgs
    proxyurl: http://localhost:10062
    keephost: true

  - role: httpd/reverseproxy
    website: os.fedoraproject.org
    destname: os
    balancer_name: os
    balancer_members: ['https://os-master01.vpn.fedoraproject.org', 'https://os-master02.vpn.fedoraproject.org', 'https://os-master03.vpn.fedoraproject.org']
    keephost: true
    tags:
    - os.fedoraproject.org

  - role: httpd/reverseproxy
    website: app.os.fedoraproject.org
    destname: app.os
    balancer_name: app-os
    balancer_members: ['https://os-node01.vpn.fedoraproject.org', 'https://os-node02.vpn.fedoraproject.org']
    keephost: true
    tags:
    - app.os.fedoraproject.org

  - role: httpd/reverseproxy
    website: os.stg.fedoraproject.org
    destname: os
    proxyurl: https://os.stg.phx2.fedoraproject.org
    balancer_name: os-stg
    balancer_members: ['https://os-master01.stg.phx2.fedoraproject.org', 'https://os-master02.stg.phx2.fedoraproject.org', 'https://os-master03.stg.phx2.fedoraproject.org']
    keephost: true
    tags:
    - os.fedoraproject.org
    when: env == "staging"

  - role: httpd/reverseproxy
    website: app.os.stg.fedoraproject.org
    destname: app.os
    balancer_name: app-os-stg
    balancer_members: ['https://os-node01.stg.phx2.fedoraproject.org', 'https://os-node02.stg.phx2.fedoraproject.org']
    proxyurl: http://app.os.phx2.fedoraproject.org
    keephost: true
    tags:
    - app.os.fedoraproject.org
    when: env == "staging"

  - role: httpd/reverseproxy
    website: odcs.fedoraproject.org
    destname: odcs
    proxyurl: http://localhost:10066
    tags:
    - odcs

  - role: httpd/reverseproxy
    website: freshmaker.fedoraproject.org
    destname: freshmaker
    proxyurl: http://localhost:10067
    tags:
    - freshmaker

  - role: httpd/reverseproxy
    website: data-analysis.fedoraproject.org
    destname: awstats
    remotepath: /
    localpath: /
    proxyurl: http://data-analysis01.phx2.fedoraproject.org