From 1454797a4e52d0f8aab87c207545203e3adf792a Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Sun, 7 Jun 2015 14:30:01 +0000
Subject: [PATCH] Try to mount /mnt/fedora_koji as read only in staging.

---
 inventory/group_vars/koji-stg | 3 ++-
 playbooks/groups/koji-hub.yml | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/inventory/group_vars/koji-stg b/inventory/group_vars/koji-stg
index 937ebedf25..cc90ac509b 100644
--- a/inventory/group_vars/koji-stg
+++ b/inventory/group_vars/koji-stg
@@ -23,5 +23,6 @@ fedmsg_certs:
   owner: root
   group: apache
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid"
+# NOTE -- staging mounts read-only
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid"
 sudoers: "{{ private }}/files/sudo/arm-releng-sudoers"
diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index c2fd5e6b56..5f98d7899c 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -52,6 +52,11 @@
     mnt_dir: '/mnt/koji'
     nfs_src_dir: 'fedora_s390/data'
     when: env == 'production' and inventory_hostname.startswith('s390')
+    # In staging, we mount fedora_koji as read only (see nfs_mount_opts)
+  - role: nfs/client
+    mnt_dir: '/mnt/fedora_koji_prod'
+    nfs_src_dir: 'fedora_koji'
+    when: env == 'staging' and inventory_hostname.startswith('koji')
   - sudo
 
   tasks: