From 1cb0972193be60e04ef6db975687c5a11b45a911 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 15 Jan 2017 20:16:41 +0000
Subject: [PATCH] add kojipkgs to proxy01/10 and haproxy

---
 playbooks/include/proxies-reverseproxy.yml | 6 ++++++
 playbooks/include/proxies-websites.yml     | 5 +++++
 roles/haproxy/templates/haproxy.cfg        | 8 ++++++++
 3 files changed, 19 insertions(+)

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 662c16f755..3b98d41966 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -613,3 +613,9 @@
     destname: armkoji
     proxyurl: http://localhost:10060
     keephost: true
+
+  - role: httpd/reverseproxy
+    website: kojipkgs.fedoraproject.org
+    destname: kojipkgs
+    proxyurl: http://localhost:10062
+    keephost: true
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 41f3b9c4df..03e0ec124c 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -507,6 +507,11 @@
     cert_name: secondary.koji.fedoraproject.org.letsencrypt
     SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt
 
+  - role: httpd/website
+    name: kojipkgs.fedoraproject.org
+    sslonly: true
+    cert_name: "{{wildcard_cert_name}}"
+
   - role: httpd/website
     name: apps.fedoraproject.org
     server_aliases: [apps.stg.fedoraproject.org]
diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg
index 314e51b1bd..058147e332 100644
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@@ -405,6 +405,14 @@ listen  ipa01 0.0.0.0:10061
     server  ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
     option  httpchk GET /ipa/ui/
 
+{% if env == "production" and 'phx2' in inventory_hostname %}
+listen kojipkgs 0.0.0.0:10062
+    balance hdr(appserver)
+    server kojipkgs01.phx2.fedoraproject.org kojipkgs01.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2
+    server kojipkgs02.phx2.fedoraproject.org kojipkgs02.phx2.fedoraproject.org:80 check inter 10s rise 1 fall 2
+    option httpchk GET /
+{% endif %}
+
 # Apache doesn't handle the initial connection here like the other proxy
 # entries.  This proxy also doesn't use the http mode like the others.
 # stunnel should be sitting on port 9939 (public) and redirecting