From 68982b36e04b6dd1249484fffd2385109fbb3855 Mon Sep 17 00:00:00 2001
From: Adam Saleh <asaleh@redhat.com>
Date: Thu, 13 May 2021 17:20:43 +0200
Subject: [PATCH 001/189] Moved bodhi in prod to use rpm for building the
 image.

---
 .../bodhi/templates/dockerfile-base           | 67 +++----------------
 1 file changed, 9 insertions(+), 58 deletions(-)

diff --git a/roles/openshift-apps/bodhi/templates/dockerfile-base b/roles/openshift-apps/bodhi/templates/dockerfile-base
index 67aff7af84..ce7ae6435a 100644
--- a/roles/openshift-apps/bodhi/templates/dockerfile-base
+++ b/roles/openshift-apps/bodhi/templates/dockerfile-base
@@ -1,64 +1,15 @@
 FROM fedora:34
 LABEL \
-  name="bodhi-base" \
-  vendor="Fedora Infrastructure" \
-  license="MIT"
-
-RUN curl -o /etc/yum.repos.d/infra-tags.repo https://pagure.io/fedora-infra/ansible/raw/main/f/files/common/fedora-infra-tags.repo
-
-RUN dnf install -y \
-    git                         \
-    python3-pip                 \
-    fedora-messaging            \
-    httpd                       \
-    intltool                    \
-    origin-clients              \
-    python3-alembic             \
-    python3-arrow               \
-    python3-backoff             \
-    python3-bleach              \
-    python3-celery              \
-    python3-click               \
-    python3-colander            \
-    python3-cornice             \
-    python3-dogpile-cache       \
-    python3-fedora-messaging    \
-    python3-feedgen             \
-    python3-jinja2              \
-    python3-markdown            \
-    python3-psycopg2            \
-    python3-prometheus_client   \
-    python3-py3dns              \
-    python3-pyasn1-modules      \
-    python3-pylibravatar        \
-    python3-pyramid             \
-    python3-pyramid-fas-openid  \
-    python3-pyramid-mako        \
-    python3-pyramid_sawing      \
-    python3-bugzilla            \
-    python3-fedora              \
-    python3-pyyaml              \
-    python3-simplemediawiki     \
-    python3-sqlalchemy          \
-    python3-waitress            \
-    python3-dnf                 \
-    python3-koji                \
-    python3-librepo             \
-    python3-mod_wsgi            \
-    python3-gunicorn            \
-    python3-whitenoise          \
-    && dnf --setopt='tsflags=' install -y bodhi-docs \
-    && pip install koji graphene graphene-sqlalchemy WebOb-GraphQL \
-    && dnf clean all
-
-RUN git clone -b {{bodhi_version}} https://github.com/fedora-infra/bodhi.git /srv/bodhi && \
-    cd /srv/bodhi && \
-    python3 -m pip install . --no-use-pep517 && \
-    mkdir -p /usr/share/bodhi && \
-    cp /srv/bodhi/apache/bodhi.wsgi /usr/share/bodhi/bodhi.wsgi
+    name="bodhi-base" \
+    vendor="Fedora Infrastructure" \
+    license="MIT"
+RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags.repo
+# While dnf has a --nodocs, it doesen't have a --docs...
+RUN sed -i '/nodocs/d' /etc/dnf/dnf.conf
+RUN dnf install -y bodhi-server-{{bodhi_version}} bodhi-docs-{{bodhi_version}} python3-pyramid_sawing python3-gunicorn
 
+# Set up krb5
 RUN rm -f /etc/krb5.conf && \
     ln -sf /etc/bodhi/krb5.conf /etc/krb5.conf && \
-    ln -sf /etc/keytabs/koji-keytab /etc/krb5.bodhi_bodhi.fedoraproject.org.keytab
-
+    ln -sf /etc/keytabs/koji-keytab /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab
 ENV USER=openshift

From 1cb04fe7b4dbc07581e00a743d7bf067ee29b964 Mon Sep 17 00:00:00 2001
From: Adam Saleh <asaleh@redhat.com>
Date: Thu, 13 May 2021 17:34:28 +0200
Subject: [PATCH 002/189] Celery beat changed the order of args in bodhi.

---
 roles/openshift-apps/bodhi/templates/deploymentconfig.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
index 2696a4446f..ede4c908c6 100644
--- a/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/bodhi/templates/deploymentconfig.yml
@@ -283,7 +283,7 @@ items:
         - name: bodhi-celery
           image: bodhi-base:latest
           command: ["/usr/bin/celery"]
-          args: ["worker", "-A", "bodhi.server.tasks.app", "-l", "info", "-Q", "celery"]
+          args: ["-A", "bodhi.server.tasks.app", "worker", "-l", "info", "-Q", "celery"]
           resources: {}
           volumeMounts:
           - name: config-volume
@@ -378,7 +378,7 @@ items:
           image: bodhi-base:latest
           workingDir: "/tmp"
           command: ["/usr/bin/celery"]
-          args: ["beat", "-A", "bodhi.server.tasks.app", "-l", "info"]
+          args: ["-A", "bodhi.server.tasks.app", "beat", "-l", "info"]
           resources: {}
           volumeMounts:
           - name: config-volume

From e204d829940229835c9f21e63a4d2159effb76dc Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 13 May 2021 12:39:42 -0700
Subject: [PATCH 003/189] rkhunter: add releng_compose_stg for podman use

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/rkhunter/templates/rkhunter.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/rkhunter/templates/rkhunter.conf.j2 b/roles/rkhunter/templates/rkhunter.conf.j2
index 3f0d29c576..60faf47701 100644
--- a/roles/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/rkhunter/templates/rkhunter.conf.j2
@@ -393,7 +393,7 @@ ALLOWDEVFILE=/dev/shm/spice.*
 {% if inventory_hostname in groups['ipa'] or inventory_hostname in groups['ipa_stg'] %}
 ALLOWDEVFILE=/dev/shm/sem.slapd*.stats
 {% endif %}
-{% if inventory_hostname in groups['retrace'] or inventory_hostname in groups['releng_compose'] %}
+{% if inventory_hostname in groups['retrace'] or inventory_hostname in groups['releng_compose'] or inventory_hostname in groups['releng_compose_stg]' %}
 ALLOWDEVFILE=/dev/shm/libpod_*
 {% endif %}
 {% if inventory_hostname in groups['dbserver'] or inventory_hostname in groups['dbserver_stg'] or inventory_hostname in groups['pkgs'] or inventory_hostname in groups['pagure'] or inventory_hostname in groups['pagure_stg'] or inventory_hostname in groups['zabbix_stg'] or inventory_hostname in groups['retrace'] %}

From 18f4d49a9d09b86c33a35710f01ff68c12f57810 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 13 May 2021 12:41:05 -0700
Subject: [PATCH 004/189] rkhunter: fix bit of dyslexia

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/rkhunter/templates/rkhunter.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/rkhunter/templates/rkhunter.conf.j2 b/roles/rkhunter/templates/rkhunter.conf.j2
index 60faf47701..6d6539eb09 100644
--- a/roles/rkhunter/templates/rkhunter.conf.j2
+++ b/roles/rkhunter/templates/rkhunter.conf.j2
@@ -393,7 +393,7 @@ ALLOWDEVFILE=/dev/shm/spice.*
 {% if inventory_hostname in groups['ipa'] or inventory_hostname in groups['ipa_stg'] %}
 ALLOWDEVFILE=/dev/shm/sem.slapd*.stats
 {% endif %}
-{% if inventory_hostname in groups['retrace'] or inventory_hostname in groups['releng_compose'] or inventory_hostname in groups['releng_compose_stg]' %}
+{% if inventory_hostname in groups['retrace'] or inventory_hostname in groups['releng_compose'] or inventory_hostname in groups['releng_compose_stg'] %}
 ALLOWDEVFILE=/dev/shm/libpod_*
 {% endif %}
 {% if inventory_hostname in groups['dbserver'] or inventory_hostname in groups['dbserver_stg'] or inventory_hostname in groups['pkgs'] or inventory_hostname in groups['pagure'] or inventory_hostname in groups['pagure_stg'] or inventory_hostname in groups['zabbix_stg'] or inventory_hostname in groups['retrace'] %}

From 9bbef456ed57e1d12ff4f096c160b998266fc4eb Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 13 May 2021 13:01:05 -0700
Subject: [PATCH 005/189] bodhi / backend: adjust bodhi-celery service for new
 version

The new celery version wants -A as a global option, then command, so
make it happy and re-arrange the service file.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bodhi2/backend/files/bodhi-celery.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/bodhi2/backend/files/bodhi-celery.service b/roles/bodhi2/backend/files/bodhi-celery.service
index e17933f2a9..21a3d246b8 100644
--- a/roles/bodhi2/backend/files/bodhi-celery.service
+++ b/roles/bodhi2/backend/files/bodhi-celery.service
@@ -6,7 +6,7 @@ Wants = network-online.target
 [Service]
 User = apache
 Group = apache
-ExecStart = /usr/bin/celery-3 worker -A bodhi.server.tasks.app -l info -Q has_koji_mount
+ExecStart = /usr/bin/celery-3 A bodhi.server.tasks.app worker -l info -Q has_koji_mount
 
 [Install]
 WantedBy = multi-user.target

From fb395d74a2eb02988229f2177e61994b6b0d6745 Mon Sep 17 00:00:00 2001
From: Tomas Hrcka <thrcka@redhat.com>
Date: Thu, 13 May 2021 17:35:21 +0200
Subject: [PATCH 006/189] Update sssd config to filter users bodhi and ftpsync

Signed-off-by: Tomas Hrcka <thrcka@redhat.com>
---
 roles/ipa/client/files/fedora-nss-ignore.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ipa/client/files/fedora-nss-ignore.conf b/roles/ipa/client/files/fedora-nss-ignore.conf
index d1b5e0ce17..a4214b99a9 100644
--- a/roles/ipa/client/files/fedora-nss-ignore.conf
+++ b/roles/ipa/client/files/fedora-nss-ignore.conf
@@ -2,5 +2,5 @@
 ## creating restricted accounts but we want to make sure the id in
 ## /etc/passwd and /etc/group are used.
 [nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache
+filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync
 filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache

From d9d0b9d92691dcaea032c8f3394e8494ebdd2277 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 13 May 2021 15:28:23 -0700
Subject: [PATCH 007/189] bodhi-backend: disable updates-sync and auto pushes
 for now

Disable these until we sort out the ostree repo issues in releng 10114.
Please check with me before re-enabling. :)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bodhi2/backend/files/new-updates-sync.cron              | 4 ++--
 roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2 | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/bodhi2/backend/files/new-updates-sync.cron b/roles/bodhi2/backend/files/new-updates-sync.cron
index f9dd3818b0..bac38e8c5e 100644
--- a/roles/bodhi2/backend/files/new-updates-sync.cron
+++ b/roles/bodhi2/backend/files/new-updates-sync.cron
@@ -1,3 +1,3 @@
 MAILTO=releng-cron@lists.fedoraproject.org
-* * * * * ftpsync /usr/local/bin/lock-wrapper updates-push '/usr/local/bin/new-updates-sync' --silent
-
+# disabled by kevin until we sort out releng 10114
+#* * * * * ftpsync /usr/local/bin/lock-wrapper updates-push '/usr/local/bin/new-updates-sync' --silent
diff --git a/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2 b/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
index 4dc15ebd15..59255be002 100644
--- a/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
+++ b/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
@@ -2,5 +2,6 @@ MAILTO=sysadmin-releng-members@fedoraproject.org
 {% if RelEngFrozen %}
 {{ '#' }}14 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
 {% else %}
-14 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
+# disabled by kevin until we sort out releng 10114
+#14 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
 {% endif %}

From 2465791d08ec00d8f68ebc8c3c632fa63c87ea2e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 14 May 2021 08:48:23 -0700
Subject: [PATCH 008/189] Revert "bodhi-backend: disable updates-sync and auto
 pushes for now"

This reverts commit d9d0b9d92691dcaea032c8f3394e8494ebdd2277.
---
 roles/bodhi2/backend/files/new-updates-sync.cron              | 4 ++--
 roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2 | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/roles/bodhi2/backend/files/new-updates-sync.cron b/roles/bodhi2/backend/files/new-updates-sync.cron
index bac38e8c5e..f9dd3818b0 100644
--- a/roles/bodhi2/backend/files/new-updates-sync.cron
+++ b/roles/bodhi2/backend/files/new-updates-sync.cron
@@ -1,3 +1,3 @@
 MAILTO=releng-cron@lists.fedoraproject.org
-# disabled by kevin until we sort out releng 10114
-#* * * * * ftpsync /usr/local/bin/lock-wrapper updates-push '/usr/local/bin/new-updates-sync' --silent
+* * * * * ftpsync /usr/local/bin/lock-wrapper updates-push '/usr/local/bin/new-updates-sync' --silent
+
diff --git a/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2 b/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
index 59255be002..4dc15ebd15 100644
--- a/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
+++ b/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
@@ -2,6 +2,5 @@ MAILTO=sysadmin-releng-members@fedoraproject.org
 {% if RelEngFrozen %}
 {{ '#' }}14 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
 {% else %}
-# disabled by kevin until we sort out releng 10114
-#14 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
+14 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
 {% endif %}

From 671a46c299c526f292a8b7990bb273864d4f6f1f Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 14 May 2021 15:35:57 -0700
Subject: [PATCH 009/189] bodhi / backend: add missing dash in front of A

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bodhi2/backend/files/bodhi-celery.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/bodhi2/backend/files/bodhi-celery.service b/roles/bodhi2/backend/files/bodhi-celery.service
index 21a3d246b8..497bb19160 100644
--- a/roles/bodhi2/backend/files/bodhi-celery.service
+++ b/roles/bodhi2/backend/files/bodhi-celery.service
@@ -6,7 +6,7 @@ Wants = network-online.target
 [Service]
 User = apache
 Group = apache
-ExecStart = /usr/bin/celery-3 A bodhi.server.tasks.app worker -l info -Q has_koji_mount
+ExecStart = /usr/bin/celery-3 -A bodhi.server.tasks.app worker -l info -Q has_koji_mount
 
 [Install]
 WantedBy = multi-user.target

From 08448c6cd129c1115f4fbceb1416a9b78ef285a5 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Sat, 15 May 2021 09:05:32 -0500
Subject: [PATCH 010/189] packages-static: add project delete action to
 playbook

---
 playbooks/openshift-apps/fedora-packages-static.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/playbooks/openshift-apps/fedora-packages-static.yml b/playbooks/openshift-apps/fedora-packages-static.yml
index 15923e177d..701782c689 100644
--- a/playbooks/openshift-apps/fedora-packages-static.yml
+++ b/playbooks/openshift-apps/fedora-packages-static.yml
@@ -56,3 +56,13 @@
     app: fedora-packages-static
     template: deploymentconfig.yml
     objectname: deploymentconfig.yml
+
+###############################################
+# actions to delete the project from OpenShift
+###############################################
+# to run: sudo rbac-playbook -l staging -t delete openshift-apps/fedora-packages-static.yml
+  - role: openshift/object-delete
+    app: fedora-packages-static
+    objecttype: project
+    objectname: fedora-packages-static
+    tags: [ never, delete ]
\ No newline at end of file

From 19d2e4c67c6393f48c55c865e8549bf6510aa10f Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Sat, 15 May 2021 13:35:39 -0500
Subject: [PATCH 011/189] solr: use a route instead of joining pod networks

---
 .../openshift-apps/fedora-packages-static.yml |  2 +-
 playbooks/openshift-apps/solr.yml             | 28 ++++++++++---------
 .../templates/configmap.yml                   |  2 +-
 .../templates/deploymentconfig.yml            |  6 ++--
 4 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/playbooks/openshift-apps/fedora-packages-static.yml b/playbooks/openshift-apps/fedora-packages-static.yml
index 701782c689..56b774a48a 100644
--- a/playbooks/openshift-apps/fedora-packages-static.yml
+++ b/playbooks/openshift-apps/fedora-packages-static.yml
@@ -65,4 +65,4 @@
     app: fedora-packages-static
     objecttype: project
     objectname: fedora-packages-static
-    tags: [ never, delete ]
\ No newline at end of file
+    tags: [ never, delete ]
diff --git a/playbooks/openshift-apps/solr.yml b/playbooks/openshift-apps/solr.yml
index f6a81c0b59..b371e88b5d 100644
--- a/playbooks/openshift-apps/solr.yml
+++ b/playbooks/openshift-apps/solr.yml
@@ -35,21 +35,23 @@
     file: service.yml
     objectname: service.yml
 
+  - role: openshift/route
+    app: solr
+    routename: solr
+    host: "solr{{ env_suffix }}.fedoraproject.org"
+    serviceport: 8983-tcp
+    servicename: solr
+    annotations:
+      haproxy.router.openshift.io/ip_whitelist: 10.0.0.0/8
+
   - role: openshift/object
     app: solr
     template: deploymentconfig.yml
     objectname: deploymentconfig.yml
 
-- name: Link solr and fedora-packages-static networks
-  hosts: os_masters_stg[0]
-  user: root
-  gather_facts: False
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - "/srv/private/ansible/vars.yml"
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  tasks:
-  - name: Run oc adm command to link solr to other projects
-    command: "oc adm pod-network join-projects --to=solr fedora-packages-static"
+# to run: sudo rbac-playbook -l staging -t delete openshift-apps/solr.yml
+  - role: openshift/object-delete
+    app: solr
+    objecttype: project
+    objectname: solr
+    tags: [ never, delete ]
diff --git a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
index 37044ebf68..55d358db6c 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
@@ -6,5 +6,5 @@ metadata:
   labels:
     app: fedora-packages-static
 data:
-  solr-url: "http://solr.solr.svc.cluster.local:8983/"
+  solr-url: "https://solr{{ env_suffix }}.fedoraproject.org:8983/"
   sitemap-url: "https://packages{{ env_suffix }}.fedoraproject.org"
diff --git a/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml b/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
index a442976270..14f6706c54 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
@@ -22,7 +22,7 @@ spec:
       initContainers:
       - name: init-solr
         image: busybox
-        command: ['sh', '-c', 'until nslookup solr.solr.svc.cluster.local; do echo waiting for solr; sleep 2; done;']
+        command: ['sh', '-c', 'until ping -c1 solr{{ env_suffix }}.fedoraproject.org >/dev/null 2>&1; do echo waiting for solr; sleep 2; done']
       containers:
       - name: fedora-packages-static
         image: fedora-packages-static:latest
@@ -30,12 +30,12 @@ spec:
         - name: SOLR_URL
           valueFrom:
             configMapKeyRef:
-              name: fedora-packages-static-configmap 
+              name: fedora-packages-static-configmap
               key: solr-url
         - name: SITEMAP_URL
           valueFrom:
             configMapKeyRef:
-              name: fedora-packages-static-configmap 
+              name: fedora-packages-static-configmap
               key: sitemap-url
         ports:
         - containerPort: 80

From 4fdda9ba302ddc8d3f3fad87238405126e07de90 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 16 May 2021 16:48:40 +0200
Subject: [PATCH 012/189] copr-be-dev: f34 builders

---
 inventory/group_vars/copr_back_dev_aws | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/copr_back_dev_aws b/inventory/group_vars/copr_back_dev_aws
index 05945f8d25..229130fc5c 100644
--- a/inventory/group_vars/copr_back_dev_aws
+++ b/inventory/group_vars/copr_back_dev_aws
@@ -19,8 +19,8 @@ copr_builder_images:
   hypervisor:
     x86_64: copr-builder-20210511_210127
   aws:
-    x86_64: ami-05655b44ed8d4f869 # copr-builder-x86_64-f33-20210119_150254
-    aarch64: ami-0e26990bd41c19eba # copr-builder-aarch64-f33-20210119_145252
+    x86_64: ami-05766cb7551777d09 # copr-builder-x86_64-f34-20210516_142224
+    aarch64: ami-0b7d49fecf0c393a9 # copr-builder-aarch64-f34-20210516_143216
 
 do_sign: "true"
 

From 3ad3dcab97b9753f23112d4dcd47d70619375b29 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 16 May 2021 11:04:53 -0700
Subject: [PATCH 013/189] fasjson: add matrixadmin alias

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/fasjson/files/aliases.static | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/fasjson/files/aliases.static b/roles/fasjson/files/aliases.static
index 368d206772..dc2f9a9d7d 100644
--- a/roles/fasjson/files/aliases.static
+++ b/roles/fasjson/files/aliases.static
@@ -174,6 +174,9 @@ program-manager: fpgm
 diversity: fpl,fcaic,siddharthvipul1
 diversity-inclusion: diversity
 
+# Fedora Matrix admin
+matrixadmin@fedoraproject.org: mattdm,riecatnor,kevin,nb
+
 # FESCo
 fesco-chair: kevin
 fesco: fesco@lists.fedoraproject.org

From 9587670a363b0c0becf8053a60dcb2cf3ae18159 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Sun, 16 May 2021 15:12:39 -0500
Subject: [PATCH 014/189] packages-static: bring solr and packages-static into
 the same os project

packages-static: add solr gid to supplementalGroups

packages-static: delete solr playbook

packages-static: change old solr configmap names

fedora-packages: move solr files to old folder

No idea why Ansible thinks it should be here

packages-static: move solr start
---
 .../openshift-apps/fedora-packages-static.yml |  7 ++
 playbooks/openshift-apps/solr.yml             | 57 ----------------
 .../files/imagestream.yml                     | 11 +++
 .../fedora-packages-static/files/service.yml  | 16 +++++
 .../templates/configmap.yml                   | 25 ++++++-
 .../templates/deploymentconfig.yml            | 68 ++++++++++++++++++-
 .../templates/storage.yml                     | 14 +++-
 .../openshift-apps/solr/files/imagestream.yml | 11 ---
 roles/openshift-apps/solr/files/service.yml   | 16 -----
 .../solr/templates/configmap.yml              | 23 -------
 .../solr/templates/deploymentconfig.yml       | 63 -----------------
 .../openshift-apps/solr/templates/storage.yml | 12 ----
 12 files changed, 138 insertions(+), 185 deletions(-)
 delete mode 100644 playbooks/openshift-apps/solr.yml
 delete mode 100644 roles/openshift-apps/solr/files/imagestream.yml
 delete mode 100644 roles/openshift-apps/solr/files/service.yml
 delete mode 100644 roles/openshift-apps/solr/templates/configmap.yml
 delete mode 100644 roles/openshift-apps/solr/templates/deploymentconfig.yml
 delete mode 100644 roles/openshift-apps/solr/templates/storage.yml

diff --git a/playbooks/openshift-apps/fedora-packages-static.yml b/playbooks/openshift-apps/fedora-packages-static.yml
index 56b774a48a..227e5e2011 100644
--- a/playbooks/openshift-apps/fedora-packages-static.yml
+++ b/playbooks/openshift-apps/fedora-packages-static.yml
@@ -66,3 +66,10 @@
     objecttype: project
     objectname: fedora-packages-static
     tags: [ never, delete ]
+
+  # to run: sudo rbac-playbook -l staging -t deletesolr openshift-apps/fedora-packages-static.yml
+  - role: openshift/object-delete
+    app: solr
+    objecttype: project
+    objectname: solr
+    tags: [ never, deletesolr ]
diff --git a/playbooks/openshift-apps/solr.yml b/playbooks/openshift-apps/solr.yml
deleted file mode 100644
index b371e88b5d..0000000000
--- a/playbooks/openshift-apps/solr.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-- name: Make solr
-  hosts: os_masters_stg[0]
-  user: root
-  gather_facts: False
-
-  vars_files:
-    - /srv/web/infra/ansible/vars/global.yml
-    - "/srv/private/ansible/vars.yml"
-    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-  - role: openshift/project
-    app: solr
-    description: Fedora solr apps
-    appowners:
-    - mymindstorm
-
-  - role: openshift/object
-    app: solr
-    file: imagestream.yml
-    objectname: imagestream.yml
-
-  - role: openshift/object
-    app: solr
-    template: storage.yml
-    objectname: storage.yml
-
-  - role: openshift/object
-    app: solr
-    template: configmap.yml
-    objectname: configmap.yml
-
-  - role: openshift/object
-    app: solr
-    file: service.yml
-    objectname: service.yml
-
-  - role: openshift/route
-    app: solr
-    routename: solr
-    host: "solr{{ env_suffix }}.fedoraproject.org"
-    serviceport: 8983-tcp
-    servicename: solr
-    annotations:
-      haproxy.router.openshift.io/ip_whitelist: 10.0.0.0/8
-
-  - role: openshift/object
-    app: solr
-    template: deploymentconfig.yml
-    objectname: deploymentconfig.yml
-
-# to run: sudo rbac-playbook -l staging -t delete openshift-apps/solr.yml
-  - role: openshift/object-delete
-    app: solr
-    objecttype: project
-    objectname: solr
-    tags: [ never, delete ]
diff --git a/roles/openshift-apps/fedora-packages-static/files/imagestream.yml b/roles/openshift-apps/fedora-packages-static/files/imagestream.yml
index b04fcd453e..828a8f3866 100644
--- a/roles/openshift-apps/fedora-packages-static/files/imagestream.yml
+++ b/roles/openshift-apps/fedora-packages-static/files/imagestream.yml
@@ -8,3 +8,14 @@ spec:
     local: false
 status:
   dockerImageRepository: ""
+---
+apiVersion: v1
+kind: ImageStream
+metadata:
+   name: solr
+spec:
+  tags:
+  - name: 8
+    from:
+      kind: DockerImage
+      name: solr:8
diff --git a/roles/openshift-apps/fedora-packages-static/files/service.yml b/roles/openshift-apps/fedora-packages-static/files/service.yml
index ce64397474..a4dd6b1fb3 100644
--- a/roles/openshift-apps/fedora-packages-static/files/service.yml
+++ b/roles/openshift-apps/fedora-packages-static/files/service.yml
@@ -14,3 +14,19 @@ spec:
   selector:
     app: fedora-packages-static
     deploymentconfig: fedora-packages-static
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: fedora-packages-static
+  name: solr
+spec:
+  ports:
+  - name: 8983-tcp
+    port: 8983
+    protocol: TCP
+    targetPort: 8983
+  selector:
+    app: fedora-packages-static
+    deploymentconfig: fedora-packages-static
diff --git a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
index 55d358db6c..0cd8c85dfc 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
@@ -1,3 +1,4 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -6,5 +7,27 @@ metadata:
   labels:
     app: fedora-packages-static
 data:
-  solr-url: "https://solr{{ env_suffix }}.fedoraproject.org:8983/"
+  solr-url: "http://solr.fedora-packages-static.svc.cluster.local:8983/"
   sitemap-url: "https://packages{{ env_suffix }}.fedoraproject.org"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedora-packages-static-solr-configmap
+  labels:
+    app: fedora-packages-static
+data:
+  solrconfig.xml: |-
+    {{ load_file('packages/solrconfig.xml') | indent }}
+  schema.xml: |-
+    {{ load_file('packages/schema.xml') | indent }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedora-packages-static-solr-start-configmap
+  labels:
+    app: fedora-packages-static
+data:
+  solr-start.sh: |-
+    {{ load_file('solr-start.sh') | indent }}
diff --git a/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml b/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
index 14f6706c54..89a0723aeb 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
@@ -22,7 +22,7 @@ spec:
       initContainers:
       - name: init-solr
         image: busybox
-        command: ['sh', '-c', 'until ping -c1 solr{{ env_suffix }}.fedoraproject.org >/dev/null 2>&1; do echo waiting for solr; sleep 2; done']
+        command: ['sh', '-c', 'until nslookup solr.fedora-packages-static.svc.cluster.local; do echo waiting for solr; sleep 2; done;']
       containers:
       - name: fedora-packages-static
         image: fedora-packages-static:latest
@@ -76,3 +76,69 @@ spec:
       from:
         kind: ImageStreamTag
         name: fedora-packages-static:latest
+---
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    app: fedora-packages-static
+    service: solr
+  name: solr
+spec:
+  replicas: 1 # Only 1! Solr is not configured in cloud mode yet.
+  selector:
+    app: fedora-packages-static
+    deploymentconfig: fedora-packages-static
+  strategy:
+    type: Rolling
+  template:
+    metadata:
+      labels:
+        app: fedora-packages-static
+        deploymentconfig: fedora-packages-static
+    spec:
+      containers:
+      - name: solr
+        image: solr:8
+        command:
+        - bash
+        - /opt/solr-start/solr-start.sh
+        ports:
+        - containerPort: 8983
+        resources: {}
+        volumeMounts:
+        - name: data-volume
+          mountPath: /var/solr
+        - name: config-volume
+          mountPath: /opt/solr/server/solr/configsets/packages
+          readOnly: true
+        - name: script-volume
+          mountPath: /opt/solr-start
+        readinessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 30
+          httpGet:
+            path: /
+            port: 8983
+        livenessProbe:
+          timeoutSeconds: 1
+          initialDelaySeconds: 40
+          httpGet:
+            path: /
+            port: 8983
+      # Add solr's default gid to nfs group
+      securityContext:
+        supplementalGroups: [8983]
+      volumes:
+      - name: data-volume
+        persistentVolumeClaim:
+            claimName: solr-storage{{ '-stg' if env == 'staging' else '' }}
+      - name: config-volume
+        configMap:
+          name: fedora-packages-static-solr-configmap
+      - name: script-volume
+        configMap:
+          name: fedora-packages-static-solr-start-configmap
+
+  triggers:
+  - type: ConfigChange
diff --git a/roles/openshift-apps/fedora-packages-static/templates/storage.yml b/roles/openshift-apps/fedora-packages-static/templates/storage.yml
index a0c38f09be..c972424a09 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/storage.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/storage.yml
@@ -21,4 +21,16 @@ spec:
   resources:
     requests:
       storage: 10Gi
-  storageClassName: ""
\ No newline at end of file
+  storageClassName: ""
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: solr-storage{{ '-stg' if env == 'staging' else '' }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: ""
diff --git a/roles/openshift-apps/solr/files/imagestream.yml b/roles/openshift-apps/solr/files/imagestream.yml
deleted file mode 100644
index 4513e1d0ab..0000000000
--- a/roles/openshift-apps/solr/files/imagestream.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ImageStream
-metadata:
-   name: solr
-spec:
-  tags:
-  - name: 8
-    from:
-      kind: DockerImage
-      name: solr:8
\ No newline at end of file
diff --git a/roles/openshift-apps/solr/files/service.yml b/roles/openshift-apps/solr/files/service.yml
deleted file mode 100644
index 4dfda2080d..0000000000
--- a/roles/openshift-apps/solr/files/service.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: solr
-  name: solr
-spec:
-  ports:
-  - name: 8983-tcp
-    port: 8983
-    protocol: TCP
-    targetPort: 8983
-  selector:
-    app: solr
-    deploymentconfig: solr
\ No newline at end of file
diff --git a/roles/openshift-apps/solr/templates/configmap.yml b/roles/openshift-apps/solr/templates/configmap.yml
deleted file mode 100644
index 58d0b727f6..0000000000
--- a/roles/openshift-apps/solr/templates/configmap.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: solr-configmap
-  labels:
-    app: solr
-{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
-data:
-  solrconfig.xml: |-
-    {{ load_file('packages/solrconfig.xml') | indent }}
-  schema.xml: |-
-    {{ load_file('packages/schema.xml') | indent }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: solr-start-configmap
-  labels:
-    app: solr
-data:
-  solr-start.sh: |-
-    {{ load_file('solr-start.sh') | indent }}
diff --git a/roles/openshift-apps/solr/templates/deploymentconfig.yml b/roles/openshift-apps/solr/templates/deploymentconfig.yml
deleted file mode 100644
index 57d3995775..0000000000
--- a/roles/openshift-apps/solr/templates/deploymentconfig.yml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-apiVersion: v1
-kind: DeploymentConfig
-metadata:
-  labels:
-    app: solr
-    service: solr
-  name: solr
-spec:
-  replicas: 1 # Only 1! Solr is not configured in cloud mode yet.
-  selector:
-    app: solr
-    deploymentconfig: solr
-  strategy:
-    type: Rolling
-  template:
-    metadata:
-      labels:
-        app: solr
-        deploymentconfig: solr
-    spec:
-      containers:
-      - name: solr
-        image: solr:8
-        command:
-        - bash
-        - /opt/solr-start/solr-start.sh
-        ports:
-        - containerPort: 8983
-        resources: {}
-        volumeMounts:
-        - name: data-volume
-          mountPath: /var/solr
-        - name: config-volume
-          mountPath: /opt/solr/server/solr/configsets/packages
-          readOnly: true
-        - name: script-volume
-          mountPath: /opt/solr-start
-        readinessProbe:
-          timeoutSeconds: 1
-          initialDelaySeconds: 30
-          httpGet:
-            path: /
-            port: 8983
-        livenessProbe:
-          timeoutSeconds: 1
-          initialDelaySeconds: 40
-          httpGet:
-            path: /
-            port: 8983
-      volumes:
-      - name: data-volume
-        persistentVolumeClaim:
-            claimName: solr-storage{{ '-stg' if env == 'staging' else '' }}
-      - name: config-volume
-        configMap:
-          name: solr-configmap
-      - name: script-volume
-        configMap:
-          name: solr-start-configmap  
-
-  triggers:
-  - type: ConfigChange
diff --git a/roles/openshift-apps/solr/templates/storage.yml b/roles/openshift-apps/solr/templates/storage.yml
deleted file mode 100644
index a641b48992..0000000000
--- a/roles/openshift-apps/solr/templates/storage.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: solr-storage{{ '-stg' if env == 'staging' else '' }}
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi
-  storageClassName: ""
\ No newline at end of file

From c50c0b1537374f56cebca00185995b4dee451787 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Sun, 16 May 2021 16:33:31 -0500
Subject: [PATCH 015/189] packages-static: quote ImageStream tag name

---
 .../openshift-apps/fedora-packages-static/files/imagestream.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openshift-apps/fedora-packages-static/files/imagestream.yml b/roles/openshift-apps/fedora-packages-static/files/imagestream.yml
index 828a8f3866..7ef1338716 100644
--- a/roles/openshift-apps/fedora-packages-static/files/imagestream.yml
+++ b/roles/openshift-apps/fedora-packages-static/files/imagestream.yml
@@ -15,7 +15,7 @@ metadata:
    name: solr
 spec:
   tags:
-  - name: 8
+  - name: "8"
     from:
       kind: DockerImage
       name: solr:8

From 55250064d644ee32309ea92a43855f35af66e3bc Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Sun, 16 May 2021 16:37:59 -0500
Subject: [PATCH 016/189] packages-static: move files back to new directory

Zuul seems to be incorrect.
---
 .../templates/packages/schema.xml                                 | 0
 .../templates/packages/solrconfig.xml                             | 0
 .../{solr => fedora-packages-static}/templates/solr-start.sh      | 0
 3 files changed, 0 insertions(+), 0 deletions(-)
 rename roles/openshift-apps/{solr => fedora-packages-static}/templates/packages/schema.xml (100%)
 rename roles/openshift-apps/{solr => fedora-packages-static}/templates/packages/solrconfig.xml (100%)
 rename roles/openshift-apps/{solr => fedora-packages-static}/templates/solr-start.sh (100%)

diff --git a/roles/openshift-apps/solr/templates/packages/schema.xml b/roles/openshift-apps/fedora-packages-static/templates/packages/schema.xml
similarity index 100%
rename from roles/openshift-apps/solr/templates/packages/schema.xml
rename to roles/openshift-apps/fedora-packages-static/templates/packages/schema.xml
diff --git a/roles/openshift-apps/solr/templates/packages/solrconfig.xml b/roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
similarity index 100%
rename from roles/openshift-apps/solr/templates/packages/solrconfig.xml
rename to roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
diff --git a/roles/openshift-apps/solr/templates/solr-start.sh b/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh
similarity index 100%
rename from roles/openshift-apps/solr/templates/solr-start.sh
rename to roles/openshift-apps/fedora-packages-static/templates/solr-start.sh

From 0b8c6907023d352fbba47cc8e724c0d5e125123f Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 17 May 2021 08:45:04 +0200
Subject: [PATCH 017/189] copr-be: resalloc VM prod/dev suffix, and hypervisor
 tags

---
 roles/copr/backend/templates/resalloc/pools.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index 36bf18f62f..4b202e258c 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -47,7 +47,7 @@ aws_aarch64_normal_{% if devel %}dev{% else %}prod{% endif %}:
 # x86_64 hypervisors
 {% if devel %}
 {% for hv in ["02", "03", "04"] %}
-copr_hv_x86_64_{{ hv }}:
+copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
     max: 3
     max_starting: 2
     max_prealloc: 2
@@ -65,6 +65,8 @@ copr_hv_x86_64_{{ hv }}:
     - arch_armhfp_emulated
     - arch_s390x
     - arch_s390x_emulated
+    - hypervisor
+    - hypervisor_{{ hv }}
     cmd_new: "/var/lib/resallocserver/provision/libvirt-new --swap-vol-size 168"
     cmd_delete: "/var/lib/resallocserver/provision/libvirt-new --swap-vol-size 168"
     cmd_delete: "/var/lib/resallocserver/provision/libvirt-delete"

From 94e5f21bc18ec755ca8c96fe8090688ec3558899 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 17 May 2021 08:55:31 +0200
Subject: [PATCH 018/189] copr-be: tag AWS resalloc instances with "aws"

---
 roles/copr/backend/templates/resalloc/pools.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index 4b202e258c..d2f097a059 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -17,6 +17,7 @@ aws_x86_64_normal_{% if devel %}dev{% else %}prod{% endif %}:
     - arch_armhfp_emulated
     - arch_s390x
     - arch_s390x_emulated
+    - aws
     cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=x86_64"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
     cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-aws-check"
@@ -35,6 +36,7 @@ aws_aarch64_normal_{% if devel %}dev{% else %}prod{% endif %}:
     - copr_builder
     - arch_aarch64
     - arch_aarch64_native
+    - aws
     cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=aarch64"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
     cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-aws-check"

From 7afba71b54368e79f76dd2792f56f79a257dab39 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 17 May 2021 09:56:05 +0200
Subject: [PATCH 019/189] copr-be-dev: lower the amount of AWS instances

---
 inventory/group_vars/copr_dev_aws | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws
index bc512328d7..156a7fdc4c 100644
--- a/inventory/group_vars/copr_dev_aws
+++ b/inventory/group_vars/copr_dev_aws
@@ -29,7 +29,7 @@ nm_controlled_resolv: True
 builders:
     # max|max_spawn|max_prealloc
     aws:
-        x86_64: [20,5,5]
+        x86_64: [10,1,1]
         armhfp: [3,1,1]
         aarch64: [5,2,2]
 

From f47fe96f95ca776955f77a8ae828cb2bccb91efa Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 17 May 2021 09:59:36 +0200
Subject: [PATCH 020/189] copr-be-dev: lower the amount of preallocated vms on
 HV

---
 roles/copr/backend/templates/resalloc/pools.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index d2f097a059..9a5a29f145 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -51,8 +51,8 @@ aws_aarch64_normal_{% if devel %}dev{% else %}prod{% endif %}:
 {% for hv in ["02", "03", "04"] %}
 copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
     max: 3
-    max_starting: 2
-    max_prealloc: 2
+    max_starting: 1
+    max_prealloc: 1
     tags:
     - copr_builder
     - arch_x86_64

From fa5db1e73d98c4b945ba9012488a87a200007f6a Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 17 May 2021 10:13:13 +0200
Subject: [PATCH 021/189] copr-be-dev: fix IPv6 pattern for devel stack

---
 roles/copr/backend/templates/provision/libvirt-new | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/copr/backend/templates/provision/libvirt-new b/roles/copr/backend/templates/provision/libvirt-new
index f17acd4a5e..91355d349c 100755
--- a/roles/copr/backend/templates/provision/libvirt-new
+++ b/roles/copr/backend/templates/provision/libvirt-new
@@ -391,8 +391,14 @@ def _main():
     _arange_default("resalloc_pool_id", "RESALLOC_POOL_ID")
     _arange_default("resalloc_id_in_pool", "RESALLOC_ID_IN_POOL")
 
+    devel = True
+    if "prod" in args.name:
+        devel = False
+
+
     ip6_a, ip6_g = get_fedora_ipv6_address(args.resalloc_pool_id,
-                                           args.resalloc_id_in_pool)
+                                           args.resalloc_id_in_pool,
+                                           devel)
 
     spawner = LibvirtSpawner(args.resalloc_pool_id, log)
     spawner.vm_name = args.name

From 90ebfe5620ec0637cf88eb003c098ebd4efca55f Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 17 May 2021 10:54:59 +0200
Subject: [PATCH 022/189] copr-be: promote tested builder images to production

And turn on the builders on hypervisors.
---
 inventory/group_vars/copr_back_aws               | 6 ++++--
 roles/copr/backend/templates/resalloc/pools.yaml | 8 ++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/inventory/group_vars/copr_back_aws b/inventory/group_vars/copr_back_aws
index 9e3151c9f0..d67b6a7d92 100644
--- a/inventory/group_vars/copr_back_aws
+++ b/inventory/group_vars/copr_back_aws
@@ -16,9 +16,11 @@ copr_builder_images:
   x86_64: copr-builder-x86_64-f32-20200914_072608
   ppc64le: copr-builder-ppc64le-f31-20200117_132023
   aarch64: copr-builder-aarch64-f32-20200914_073754
+  hypervisor:
+    x86_64: copr-builder-20210511_210127
   aws:
-    x86_64: ami-05655b44ed8d4f869 # copr-builder-x86_64-f33-20210119_150254
-    aarch64: ami-0e26990bd41c19eba # copr-builder-aarch64-f33-20210119_145252
+    x86_64: ami-05766cb7551777d09 # copr-builder-x86_64-f34-20210516_142224
+    aarch64: ami-0b7d49fecf0c393a9 # copr-builder-aarch64-f34-20210516_143216
 
 nrpe_procs_warn: 2200
 nrpe_procs_crit: 2500
diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index 9a5a29f145..c3e7b0624b 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -47,12 +47,17 @@ aws_aarch64_normal_{% if devel %}dev{% else %}prod{% endif %}:
 {% endmacro %}
 
 # x86_64 hypervisors
-{% if devel %}
 {% for hv in ["02", "03", "04"] %}
 copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
+{% if devel %}
     max: 3
     max_starting: 1
     max_prealloc: 1
+{% else %}
+    max: 20
+    max_starting: 4
+    max_prealloc: 20
+{% endif %}
     tags:
     - copr_builder
     - arch_x86_64
@@ -78,7 +83,6 @@ copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
     reuse_max_count: 8
     reuse_max_time: 1800
 {% endfor %}
-{% endif %}
 
 {% macro hw_aarch64(id, inst, max, max_starting, max_prealloc) %}
 aarch64_{{ id }}_{{ inst }}:

From a9df677cf3bdde5190b948a9174844017aacc53d Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 09:20:42 -0700
Subject: [PATCH 023/189] fasjson / aliases: aliases have to be local

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/fasjson/files/aliases.static | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/fasjson/files/aliases.static b/roles/fasjson/files/aliases.static
index dc2f9a9d7d..cee79962d3 100644
--- a/roles/fasjson/files/aliases.static
+++ b/roles/fasjson/files/aliases.static
@@ -175,7 +175,7 @@ diversity: fpl,fcaic,siddharthvipul1
 diversity-inclusion: diversity
 
 # Fedora Matrix admin
-matrixadmin@fedoraproject.org: mattdm,riecatnor,kevin,nb
+matrixadmin: mattdm,riecatnor,kevin,nb
 
 # FESCo
 fesco-chair: kevin

From ec210427ecc99558af94dd9e427dcb10d4a19c63 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 09:31:27 -0700
Subject: [PATCH 024/189] batcave: allow sysadmin to read rbac-playbook config

This should allow folks in the sysadmin group to read (but not write)
the rbac-playbook config. This should allow folks to more easily tell
who is granted rights to run some playbook.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/batcave/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml
index bdf78d20a1..68e3ddc8c0 100644
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@@ -430,7 +430,7 @@
 #
 
 - name: install the ansible_utils/rbac config
-  copy: src={{ private }}/files/rbac/rbac.yaml dest=/etc/ansible_utils/rbac.yaml mode=0500
+  copy: src={{ private }}/files/rbac/rbac.yaml dest=/etc/ansible_utils/rbac.yaml mode=0540 group=sysadmin
   tags:
   - rbac
   - batcave

From 80079bec373975e18d7fde34ceaf7e6a6f161b95 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 5 May 2021 11:48:15 -0700
Subject: [PATCH 025/189] 503: adjust wording on the service not available doc

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/haproxy/files/503.http | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/haproxy/files/503.http b/roles/haproxy/files/503.http
index 2a49026658..8e90b84e08 100644
--- a/roles/haproxy/files/503.http
+++ b/roles/haproxy/files/503.http
@@ -54,10 +54,8 @@ Content-Type: text/html; charset=UTF-8
         <h2>Sorry!  This service is currently unavailable.</h2>
         <p>The service that you are trying to access is currently unavailable.  Please try refreshing this page in a couple of minutes.  If you still see this message, then please follow the steps below:</p>
         <ol>
-          <li>Check on <a href="http://status.fedoraproject.org/">the status page</a> if there are any known outages for our services.</li>
-          <li>Check the <a href="https://pagure.io/fedora-infrastructure/issues">fedora-infrastructure pagure instance</a> for an outage notification.</li>
-          <li>Ask around in #fedora-admin on irc.freenode.net.</li>
-          <li>If it is accessible, check the <a href="https://docs.pagure.org/infra-docs/sysadmin-guide/sops/outage.html">Outage SOP</a> for more information.</li>
+          <li>Check on <a href="https://www.fedorastatus.org/">the status page</a> if there are any known outages for our services.</li>
+          <li>If it is accessible, please check the <a href="https://docs.fedoraproject.org/en-US/cpe/day_to_day_fedora/">how to work with our team document</a> for more information.</li>
         </ol>
       </div>
     </div>

From 368bfaef0119c89b383705de9e354343ceb1ec55 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 09:43:45 -0700
Subject: [PATCH 026/189] haproxy: adjust content length for new text in 503
 message

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/haproxy/files/503.http | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/haproxy/files/503.http b/roles/haproxy/files/503.http
index 8e90b84e08..ffb0f1e9a9 100644
--- a/roles/haproxy/files/503.http
+++ b/roles/haproxy/files/503.http
@@ -1,5 +1,5 @@
 HTTP/1.1 503 Service Temporarily Unavailable
-Content-Length: 3552
+Content-Length: 3349
 Connection: close
 Cache-Control: no-cache
 Pragma: no-cache

From 3a266118418a9a94c36aafe516b54f584fec187a Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 09:55:58 -0700
Subject: [PATCH 027/189] haproxy: add ipa03 into the mix as a backup behind
 ipa02

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/haproxy/templates/haproxy.cfg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg
index 4f7882868d..c86d0bdfe1 100644
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@@ -285,6 +285,7 @@ backend ipa-backend
     server  ipa01 ipa01:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem
 {% if env != "staging" %}
     server  ipa02 ipa02:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
+    server  ipa03 ipa03:443 check inter 10s rise 1 fall 2 ssl verify required ca-file /etc/haproxy/ipa.pem backup
 {% endif %}
     option  httpchk GET /ipa/ui/
 
@@ -326,6 +327,7 @@ backend krb5-backend
     server  ipa01 ipa01:88 weight 1 maxconn 16384
 {% if env == "production" %}
     server  ipa02 ipa02:88 weight 1 maxconn 16384
+    server  ipa03 ipa03:88 weight 1 maxconn 16384
 {% endif %}
 
 frontend oci-candidate-registry-frontend

From 421fbeff1239ebb547cf0094488bf6d962616325 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 10:08:53 -0700
Subject: [PATCH 028/189] koji_hub: add fwupd-efi to secure boot channel.

See https://pagure.io/fedora-infrastructure/issue/9912

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/koji_hub/templates/hub.conf.j2 | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index eeb37e2c7c..f1612e280c 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -93,12 +93,12 @@ Plugins = fedmsg-koji-plugin runroot_hub hub_containerbuild tag2distrepo sidetag
 [policy]
 
 tag =
-    user mbs/mbs.fedoraproject.org && tag module-* && package kernel shim grub2 pesign fwupd :: allow
-    user mbs/mbs.fedoraproject.org && fromtag module-* && package kernel shim grub2 pesign fwupd :: allow
-    user bodhi && tag *-override && package kernel shim grub2 pesign fwupd :: allow
-    has_perm autosign && fromtag *-pending && package kernel shim grub2 pesign fwupd :: allow
-    has_perm autosign && fromtag *-candidate && package kernel shim grub2 pesign fwupd :: allow
-    has_perm secure-boot && package kernel shim grub2 pesign fwupd :: allow
+    user mbs/mbs.fedoraproject.org && tag module-* && package kernel shim grub2 pesign fwupd fwupd-efi :: allow
+    user mbs/mbs.fedoraproject.org && fromtag module-* && package kernel shim grub2 pesign fwupd fwupd-efi:: allow
+    user bodhi && tag *-override && package kernel shim grub2 pesign fwupd fwupd-efi :: allow
+    has_perm autosign && fromtag *-pending && package kernel shim grub2 pesign fwupd fwupd-efi :: allow
+    has_perm autosign && fromtag *-candidate && package kernel shim grub2 pesign fwupd fwupd-efi :: allow
+    has_perm secure-boot && package kernel shim grub2 pesign fwupd fwupd-efi :: allow
     # CoreOS continuous builds, https://pagure.io/releng/issue/8165
     operation tag && tag f*-coreos-continuous && has_perm coreos-continuous :: allow
     operation untag && fromtag f*-coreos-continuous && has_perm coreos-continuous :: allow
@@ -110,7 +110,7 @@ tag =
     operation tag && tag eln* && has_perm eln :: allow
     operation untag && fromtag eln* && has_perm eln :: allow
     # deny tagging secureboot packages that are not related to coreos-continuous and eln
-    package kernel shim grub2 pesign fwupd :: deny
+    package kernel shim grub2 pesign fwupd  fwupd-efi :: deny
 # Allow people to tag stuff into infra-candidate if they're infra
     tag *-infra-candidate && has_perm infra :: allow
     tag *-infra-candidate :: deny
@@ -138,6 +138,7 @@ channel =
     source */pesign* && has_perm secure-boot :: use secure-boot
     source */fwupdate* && has_perm secure-boot :: use secure-boot
     source */fwupd* && has_perm secure-boot :: use secure-boot
+    source */fwupd-efi* && has_perm secure-boot :: use secure-boot
 
 # set this package to use the 'heavybuilder' channel. Note that this is NOT good for most anything.
 # It just happens to be for this particular package. Please check before adding anything here, you could

From 1bbfd7f02f80f35b429ba458bbe8b9833f327bf0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 10:17:43 -0700
Subject: [PATCH 029/189] koji_hub: increase max_delete_processes from 4 to 20

This is the threads that are doing deletes of repos. Since we have so
many repos, lets increase the delete threads as well so it can hopefully
keep up.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/koji_hub/templates/kojira.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/koji_hub/templates/kojira.conf.j2 b/roles/koji_hub/templates/kojira.conf.j2
index e883860824..3a1f59c5eb 100644
--- a/roles/koji_hub/templates/kojira.conf.j2
+++ b/roles/koji_hub/templates/kojira.conf.j2
@@ -27,6 +27,7 @@ separate_source_tags=f{{ FedoraRawhideNumber }}-build eln-build
 ; prevent repo cleanup from stalling repo regen
 ;prune_batch_size=1
 ;delete_batch_size=1
+max_delete_processes=20
 
 ; prevent kojira from flooding the build system with newRepo tasks
 max_repo_tasks=30

From 1ee14dc2f454e6cfce7c87c90be348ebd57c55c1 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 10:37:25 -0700
Subject: [PATCH 030/189] batcave: install postgresql12 psql for client querys
 to db-datanommer

See ticket https://pagure.io/fedora-infrastructure/issue/9913

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/batcave/tasks/main.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml
index 68e3ddc8c0..1b7be9d600 100644
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@@ -623,3 +623,24 @@
   tags:
   - batcave
   - tmux
+
+- name: enable the postgresql 12 module for psql on batcave
+  copy:
+    dest: /etc/dnf/modules.d/postgresql.module
+    content: |
+      [postgresql]
+      name=postgresql
+      stream=12
+      profiles=
+      state=enabled
+  tags:
+  - batcave
+  - postgres
+
+- name: install psql client
+  package: name=postgresql state=present
+  tags:
+  - batcave
+  - postgres
+  - config
+  - packages

From b3d2dc7d90e6c5c83f5240f16d7d7692a21b7719 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 10:42:18 -0700
Subject: [PATCH 031/189] batcave: clean up old tasks

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/batcave/tasks/main.yml | 53 +++---------------------------------
 1 file changed, 4 insertions(+), 49 deletions(-)

diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml
index 1b7be9d600..7547ef3fd0 100644
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@@ -21,44 +21,6 @@
   - packages
   - yumrepos
 
-- name: install packages needed (rhel7)
-  package: name={{ item }} state=present
-  with_items:
-  - srm                       # secure rm to delete sensitive files.
-  - ansible                   # This is our ansible master, needs ansible installed.
-  - ansible-openstack-modules # Needed to manage cloud with ansible
-  - ansible-collection-community-general # various useful community modules for ansible
-  - yum-metadata-parser       # Needed for rhn sync
-  - yum-rhn-plugin            # Needed for rhn sync
-  - createrepo_c              # Needed for rhn sync
-  - ostree                    # Needed for rhn sync
-  - python-sqlalchemy         # Needed for repo2json
-  - pyliblzma                 # Needed for repo2json
-  - ansible_utils             # Needed for rbac-playbook
-  - python-GeoIP              # Needed for geoip scripts
-  - python-fedmsg-fasclient   # fasClient fedmsg job
-  - bind                      # named-checkzone for dns repo
-  - emacs-nox                 
-  - rpm-sign                  # for the sign-and-import playbook
-  - createrepo                # for the sign-and-import playbook
-  - unzip                     # general useful util
-  - fpaste                    # general useful util
-  - mtr                       # useful for network debugging
-  - lftp                      # needed to easily pull in builds from koji for internal repos
-  - git-email                 # needed to send patches for review to the mailing list
-  - python-dns                # needed to have ansible remove ip-based known_host entries
-  - libvirt-client            # needed to allow migrations to be run from here.
-  - ansible-lint              # needed to check ansible playbooks for issues.
-  - atomic-openshift-clients  # For convenient client access to os.fp.o
-  - easy-rsa                  # For easy copying into ansible-private for certs.
-  - dnf                       # To get dnf reposync
-  - dnf-plugins-core          # To get dnf reposync
-  - fedora-messaging          # To send/receive messages on the amqp bus
-  tags:
-  - batcave
-  - config
-  when: ansible_distribution_major_version|int == 7
-
 - name: install packages needed (rhel8)
   package: name={{ item }} state=present
   with_items:
@@ -88,7 +50,6 @@
   tags:
   - batcave
   - config
-  when: ansible_distribution_major_version|int == 8
 
 - name: setup ssh_known_hosts file
   copy: src=ssh_known_hosts dest=/etc/ssh/ssh_known_hosts mode=0644
@@ -455,16 +416,6 @@
   - config
   when: inventory_hostname.startswith('batcave01.phx2')
 
-#
-# fasClient fedmsg job
-#
-
-#- name: Install config for fedmsg tigger for fasClient runs
-#  copy: src=fedmsg-fasclient.py dest=/etc/fedmsg.d/fasclient.py mode=0644
-#  tags:
-#  - batcave
-#  - config
-
 #
 # set selinux context for /srv/web/infra
 #
@@ -624,6 +575,10 @@
   - batcave
   - tmux
 
+#
+# install psql to allow for some ro queries against db-datanommer01
+#
+
 - name: enable the postgresql 12 module for psql on batcave
   copy:
     dest: /etc/dnf/modules.d/postgresql.module

From 6ac5a89b14f43125bec0df83a41adab4645f9079 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 12:30:42 -0700
Subject: [PATCH 032/189] playbooks / fedmsg: drop fedmsg/base from pkgs and
 releng-compose

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/groups/pkgs.yml           | 18 ------------------
 playbooks/groups/releng-compose.yml |  2 --
 2 files changed, 20 deletions(-)

diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml
index d49b4145fe..47eb586eb4 100644
--- a/playbooks/groups/pkgs.yml
+++ b/playbooks/groups/pkgs.yml
@@ -85,21 +85,3 @@
 
   handlers:
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-#- name: setup fedmsg on pkgs
-#  hosts: pkgs01.iad2.fedoraproject.org
-#  user: root
-#  gather_facts: True
-#
-#  vars_files:
-#  - /srv/web/infra/ansible/vars/global.yml
-#  - "/srv/private/ansible/vars.yml"
-#  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-#
-#  roles:
-#  - { role: collectd/fedmsg-service, process: fedmsg-hub }
-#  - fedmsg/base
-#  - fedmsg/hub
-#
-#  handlers:
-#  - import_tasks: "{{ handlers_path }}/restart_services.yml"
diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml
index 9b7a070a0e..660f2fdc61 100644
--- a/playbooks/groups/releng-compose.yml
+++ b/playbooks/groups/releng-compose.yml
@@ -117,8 +117,6 @@
     nfs_src_dir: "{{ koji_hub_nfs }}"
     when: "'releng_compose_stg' in group_names"
 
-  - fedmsg/base
-
   - role: rabbit/user
     username: "pungi{{ env_suffix }}"
 

From f23fd1b7a1dcab2accaafea61131600e8808fc9a Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 13:00:56 -0700
Subject: [PATCH 033/189] totpcgi / 2fa: remove old totpci and files and roles.

Note: there are still some calls here in old fas in openshift, but we
will remove those when we remove old fas (likely as soon as zodbot is
ported over to noggin).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 files/2fa/pam_url.conf.cloud                  |  21 --
 files/2fa/pam_url.conf.j2                     |  27 --
 files/2fa/pam_url.conf.stg.fedoraproject.org  |  21 --
 files/2fa/pam_url.conf.vpn.fedoraproject.org  |  21 --
 files/2fa/sudo.pam                            |   9 -
 files/2fa/sudo.pam.dev.fedoraproject.org      |   6 -
 roles/haproxy/templates/haproxy.cfg           |  32 ---
 roles/totpcgi/files/html/error.html           |  26 --
 roles/totpcgi/files/html/login.html           |  49 ----
 roles/totpcgi/files/html/totp.html            |  53 ----
 roles/totpcgi/files/index.cgi                 | 200 -------------
 roles/totpcgi/files/pam_url.conf              |  21 --
 roles/totpcgi/files/pam_url.conf.fakefas01    |  21 --
 roles/totpcgi/files/pam_url.conf.stg          |  21 --
 roles/totpcgi/files/pam_url.conf.vpn          |  21 --
 roles/totpcgi/files/provisioning.cgi          | 265 ------------------
 roles/totpcgi/files/sudo.pam                  |  11 -
 .../files/sudo.pam.dev.fedoraproject.org      |   6 -
 .../files/sudo.pam.qa.fedoraproject.org       |   6 -
 roles/totpcgi/tasks/main.yml                  | 236 ----------------
 roles/totpcgi/templates/configmap.yml         | 138 ---------
 .../templates/provisioning-httpd.conf.j2      |  44 ---
 roles/totpcgi/templates/provisioning.conf.j2  |  88 ------
 roles/totpcgi/templates/totpcgi-httpd.conf.j2 |  37 ---
 .../templates/totpcgi-httpd.conf.stg.j2       |  37 ---
 .../templates/totpcgi-httpd.conf.vpn.j2       |  36 ---
 roles/totpcgi/templates/totpcgi.conf.j2       |  31 --
 tasks/2fa_client.yml                          |  40 ---
 28 files changed, 1524 deletions(-)
 delete mode 100644 files/2fa/pam_url.conf.cloud
 delete mode 100644 files/2fa/pam_url.conf.j2
 delete mode 100644 files/2fa/pam_url.conf.stg.fedoraproject.org
 delete mode 100644 files/2fa/pam_url.conf.vpn.fedoraproject.org
 delete mode 100644 files/2fa/sudo.pam
 delete mode 100644 files/2fa/sudo.pam.dev.fedoraproject.org
 delete mode 100644 roles/totpcgi/files/html/error.html
 delete mode 100644 roles/totpcgi/files/html/login.html
 delete mode 100644 roles/totpcgi/files/html/totp.html
 delete mode 100755 roles/totpcgi/files/index.cgi
 delete mode 100644 roles/totpcgi/files/pam_url.conf
 delete mode 100644 roles/totpcgi/files/pam_url.conf.fakefas01
 delete mode 100644 roles/totpcgi/files/pam_url.conf.stg
 delete mode 100644 roles/totpcgi/files/pam_url.conf.vpn
 delete mode 100644 roles/totpcgi/files/provisioning.cgi
 delete mode 100644 roles/totpcgi/files/sudo.pam
 delete mode 100644 roles/totpcgi/files/sudo.pam.dev.fedoraproject.org
 delete mode 100644 roles/totpcgi/files/sudo.pam.qa.fedoraproject.org
 delete mode 100644 roles/totpcgi/tasks/main.yml
 delete mode 100644 roles/totpcgi/templates/configmap.yml
 delete mode 100644 roles/totpcgi/templates/provisioning-httpd.conf.j2
 delete mode 100644 roles/totpcgi/templates/provisioning.conf.j2
 delete mode 100644 roles/totpcgi/templates/totpcgi-httpd.conf.j2
 delete mode 100644 roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
 delete mode 100644 roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2
 delete mode 100644 roles/totpcgi/templates/totpcgi.conf.j2
 delete mode 100644 tasks/2fa_client.yml

diff --git a/files/2fa/pam_url.conf.cloud b/files/2fa/pam_url.conf.cloud
deleted file mode 100644
index 9ce7690b81..0000000000
--- a/files/2fa/pam_url.conf.cloud
+++ /dev/null
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/files/2fa/pam_url.conf.j2 b/files/2fa/pam_url.conf.j2
deleted file mode 100644
index 53de133ec2..0000000000
--- a/files/2fa/pam_url.conf.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-                {% if env == 'staging' %}
-		url = "https://fas-all.stg.phx2.fedoraproject.org:8443/";	# URI to fetch
-                {% elif datacenter == 'iad2' %}
-		url = "https://fas-all.iad2.fedoraproject.org:8443/";	# URI to fetch
-                {% else %}
-		url = "https://fas-all.vpn.fedoraproject.org:8443/";	# URI to fetch   
-                {% endif %}
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/files/2fa/pam_url.conf.stg.fedoraproject.org b/files/2fa/pam_url.conf.stg.fedoraproject.org
deleted file mode 100644
index 508c5d9cf7..0000000000
--- a/files/2fa/pam_url.conf.stg.fedoraproject.org
+++ /dev/null
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.stg.phx2.fedoraproject.org:8443/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/files/2fa/pam_url.conf.vpn.fedoraproject.org b/files/2fa/pam_url.conf.vpn.fedoraproject.org
deleted file mode 100644
index 6e102e12f7..0000000000
--- a/files/2fa/pam_url.conf.vpn.fedoraproject.org
+++ /dev/null
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.vpn.fedoraproject.org:8443/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/files/2fa/sudo.pam b/files/2fa/sudo.pam
deleted file mode 100644
index 9912cdef59..0000000000
--- a/files/2fa/sudo.pam
+++ /dev/null
@@ -1,9 +0,0 @@
-#%PAM-1.0
-auth       required     pam_env.so
-auth       sufficient   pam_url.so config=/etc/pam_url.conf
-auth       requisite    pam_succeed_if.so uid >= 500 quiet
-auth       required     pam_deny.so
-account    include      system-auth
-password   include      system-auth
-session    optional     pam_keyinit.so revoke
-session    required     pam_limits.so
diff --git a/files/2fa/sudo.pam.dev.fedoraproject.org b/files/2fa/sudo.pam.dev.fedoraproject.org
deleted file mode 100644
index 030bb26463..0000000000
--- a/files/2fa/sudo.pam.dev.fedoraproject.org
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth       include      system-auth
-account    include      system-auth
-password   include      system-auth
-session    optional     pam_keyinit.so revoke
-session    required     pam_limits.so
diff --git a/roles/haproxy/templates/haproxy.cfg b/roles/haproxy/templates/haproxy.cfg
index c86d0bdfe1..a59e0f9c03 100644
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@@ -94,16 +94,6 @@ backend freemedia-backend
 #{% endif %}
 #    option  httpchk GET /packages/_heartbeat
 
-frontend totpcgiprovision-frontend
-    bind 0.0.0.0:10019
-    default_backend totpcgiprovision-backend
-
-backend totpcgiprovision-backend
-    balance hdr(appserver)
-    http-check expect status 401
-    server  fas01 fas01:8444 check inter 5s rise 1 fall 2
-    option httpchk GET /index.cgi
-
 frontend blockerbugs-frontend
     bind 0.0.0.0:10022
     default_backend blockerbugs-backend
@@ -289,28 +279,6 @@ backend ipa-backend
 {% endif %}
     option  httpchk GET /ipa/ui/
 
-# This is for TOTPCGI (legacy 2fa). It goes to the Openshift routers, which then passthrough TLS to the totpcgi pods
-frontend totp-frontend
-    mode tcp
-    bind 0.0.0.0:8443
-    default_backend totp-backend
-
-backend totp-backend
-    mode tcp
-    option tcplog
-    balance roundrobin
-    maxconn 16384
-    timeout queue 5000
-    timeout server 86400000
-    timeout connect 86400000
-    server  os-node01 os-node01:443 weight 1 maxconn 16384
-    server  os-node02 os-node02:443 weight 1 maxconn 16384
-    server  os-node03 os-node03:443 weight 1 maxconn 16384
-    server  os-node04 os-node04:443 weight 1 maxconn 16384
-{% if env == "production" %}
-    server  os-node05 os-node05:443 weight 1 maxconn 16384
-{% endif %}
-
 frontend krb5-frontend
     mode tcp
     bind 0.0.0.0:1088
diff --git a/roles/totpcgi/files/html/error.html b/roles/totpcgi/files/html/error.html
deleted file mode 100644
index 7229ce49d8..0000000000
--- a/roles/totpcgi/files/html/error.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-    <head>
-        <title>Fedora Project Google Authenticator provisioning - Error</title>
-        <link href="${css_root}provisioning.css" rel="stylesheet" type="text/css" />
-    </head>
-    <body>
-        <div id="mainwindow" class="status">
-            <div id="title">Fedora Project - Error</div>
-            <div id="mainarea">
-                <p class="error">
-                    $errormsg
-                </p>
-                <p>
-                You can <a href="$action_url">try again</a> or you can contact
-                the Fedora Infrastructure team at <a href="mailto:admin@fedoraproject.org">admin@fedoraproject.org</a>.
-                </p>
-            </div>
-            <div id="copyright">
-                &copy; 2012 Red Hat, Inc. and others.
-            </div>
-        </div>
-    </body>
-</html>
diff --git a/roles/totpcgi/files/html/login.html b/roles/totpcgi/files/html/login.html
deleted file mode 100644
index 024a8ac84d..0000000000
--- a/roles/totpcgi/files/html/login.html
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-    <head>
-        <title>Fedora Project Google Authenticator provisioning</title>
-        <link href="${css_root}provisioning.css" rel="stylesheet" type="text/css" />
-    </head>
-    <body>
-        <div id="mainwindow" class="login">
-            <div id="title">Fedora Project</div>
-            <div id="mainarea">
-                <div class="message">
-                    Please log in to obtain your new Google Authenticator
-                    secret.
-                </div>
-                <form id="login_form" name="login_form" action="$action_url" method="post">
-                    <table border="0" align="center">
-                        <tr>
-                            <td class="fieldname">
-                                <label for="username">Username:</label>
-                            </td>
-                            <td>
-                                <input type="text" id="username" name="username" class="inputfield"/>
-                            </td>
-                        </tr>
-                        <tr>
-                            <td class="fieldname">
-                                <label for="pincode">Pincode:</label>
-                            </td>
-                            <td>
-                                <input type="password" id="pincode" name="pincode" class="inputfield"/>
-                            </td>
-                        </tr>
-                        <tr>
-                            <td class="fieldname"></td>
-                            <td>
-                                <input type="submit" value="Submit &raquo;"/>
-                            </td>
-                        </tr>
-                    </table>
-                </form>
-            </div>
-            <div id="copyright">
-                &copy; 2012 Red Hat, Inc. and others.
-            </div>
-        </div>
-    </body>
-</html>
diff --git a/roles/totpcgi/files/html/totp.html b/roles/totpcgi/files/html/totp.html
deleted file mode 100644
index 9e968e2ebd..0000000000
--- a/roles/totpcgi/files/html/totp.html
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-    <head>
-        <title>Fedora Project Google Authenticator Provisioning</title>
-        <link href="${css_root}provisioning.css" rel="stylesheet" type="text/css" />
-        <link href="${css_root}provisioning-print.css" rel="stylesheet" media="print" type="text/css" />
-    </head>
-    <body>
-        <div id="mainwindow" class="totp">
-            <div id="title">Fedora Project Google Authenticator Provisioning</div>
-            <div id="mainarea">
-                <div id="qrcode">
-                $qrcode_embed
-                </div>
-                <div id="explanation">
-                    <p>
-                    Your new Google Authenticator token has been issued.
-                    To import this token into your device, simply go to your
-                    Google Authenticator app, select the option to add an
-                    account, and then select "Scan Barcode". Point the camera
-                    at the QR Barcode displayed next to this message. Google
-                    Authenticator will then import your new token into the
-                    device. It should be ready to use immediately.
-                    </p>
-                </div>
-                <div id="scratch_tokens">
-                    <p>
-                    If the administrator permitted the use of scratch tokens,
-                    you should see them listed below. If you lose access to
-                    your Google Authenticator device, you should be able to
-                    use one of these tokens to gain emergency access to your
-                    account. Please write them down.
-                    </p>
-                    <div id="scratch_tokens_list">
-                        $scratch_tokens
-                    </div>
-                </div>
-                <div id="support_requests">
-                    <p>
-                    If you require any help with your Google Authenticator
-                    token or experience any difficulty importing it into
-                    your mobile device, please email
-                    <a href="mailto:admin@fedoraproject.org">admin@fedoraproject.org</a>.
-                </div>
-            </div>
-            <div id="copyright">
-                &copy; 2012 Red Hat, Inc. and others.
-            </div>
-        </div>
-    </body>
-</html>
diff --git a/roles/totpcgi/files/index.cgi b/roles/totpcgi/files/index.cgi
deleted file mode 100755
index de3d066eac..0000000000
--- a/roles/totpcgi/files/index.cgi
+++ /dev/null
@@ -1,200 +0,0 @@
-#!/usr/bin/python -ttW ignore::DeprecationWarning
-##
-# Copyright (C) 2012 by Konstantin Ryabitsev and contributors
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-#
-import os
-import re
-import sys
-import cgi
-import logging
-logging.basicConfig(level=logging.INFO)
-import urllib2
-
-import totpcgi
-import totpcgi.backends
-
-if len(sys.argv) > 1:
-    # blindly assume it's the config file
-    config_file = sys.argv[1]
-else:
-    config_file = '/etc/totpcgi/totpcgi.conf'
-
-import ConfigParser
-
-from fedora.client import AuthError
-from fedora.client.fasproxy import FasProxyClient
-
-config = ConfigParser.RawConfigParser()
-config.read(config_file)
-
-require_pincode = config.getboolean('main', 'require_pincode')
-success_string  = config.get('main', 'success_string')
-
-fas_url = config.get('main', 'fas_url')
-try:
-    fas = FasProxyClient(fas_url)
-except Exception, e:
-    logging.exception("Problem connecting to FAS")
-    sys.exit(1)
-
-backends = totpcgi.backends.Backends()
-
-try:
-    backends.load_from_config(config)
-except totpcgi.backends.BackendNotSupported, ex:
-    logging.exception("Backend engine not supported")
-    sys.exit(1)
-
-### Begin custom Fedora Functions
-
-def google_auth_fas_pincode_verify(user, pincode):
-    if not fas.verify_password(user, pincode):
-      raise totpcgi.UserPincodeError('User Password Error')
-
-backends.pincode_backend.verify_user_pincode = google_auth_fas_pincode_verify
-
-client_id = '1'
-
-def parse_token(token):
-    if token > 44:
-        otp = token[-44:]
-    if otp.startswith('ccccc'):
-        return token[:-44], otp
-
-    # Not a password + yubikey
-    return False
-
-class YubikeyAuthenticator(object):
-    auth_regex = re.compile('^status=(?P<rc>\w{2})')
-    def __init__(self, require_pincode=False):
-        self.require_pincode = require_pincode
-
-    def verify_user_token(self, user, token):
-        # Parse the token apart into a password and token
-        password, otp = parse_token(token)
-
-        # Verify token against yubikey server
-        server_prefix = 'http://yubikey:8080/yk-val/verify?id='
-        server_url = server_prefix + client_id + "&otp=" + otp
-
-        fh = urllib2.urlopen(server_url)
-
-        for line in fh:
-            match = self.auth_regex.search(line.strip('\n'))
-            if match:
-                if match.group('rc') == 'OK':
-                    # Yubikey token is valid
-                    break
-                raise totpcgi.VerifyFailed(line.split('=')[1])
-        else:
-            raise totpcgi.VerifyFailed('yk-val returned malformed response')
-
-
-        # Verify that the yubikey token belongs to the user
-        # As a side effect, verify the password is good as well
-        # if the user+password are wrong, this will raise a fedora.client.AuthError
-        try:
-            response = fas.send_request('/config/list/%s/yubikey' % user,
-                    auth_params={'username': user, 'password': password})
-        except AuthError, e:
-            raise totpcgi.VerifyFailed('User Password Error: %s' % e)
-        if not response[1].configs.prefix or not response[1].configs.enabled:
-            raise totpcgi.VerifyFailed('Yubikey OTP unconfigured')
-        elif len(response[1].configs.prefix) != 12:
-            raise totpcgi.VerifyFailed('Invalid Yubikey OTP prefix')
-        if not otp.startswith(response[1].configs.prefix):
-            raise totpcgi.VerifyFailed('Unauthorized/Invalid OTP')
-
-        # Okay, everything passed
-        return 'Valid yubikey returned'
-
-
-### End of custom Fedora Functions
-
-def bad_request(why):
-    output = 'ERR\n' + why + '\n'
-    sys.stdout.write('Status: 400 BAD REQUEST\n')
-    sys.stdout.write('Content-type: text/plain\n')
-    sys.stdout.write('Content-Length: %s\n' % len(output))
-    sys.stdout.write('\n')
-
-    sys.stdout.write(output)
-    sys.exit(0)
-
-def cgimain():
-    form = cgi.FieldStorage()
-
-    must_keys = ('user', 'token', 'mode')
-
-    for must_key in must_keys:
-        if must_key not in form:
-            bad_request("Missing field: %s" % must_key)
-
-    user  = form.getfirst('user')
-    token = form.getfirst('token')
-    mode  = form.getfirst('mode')
-
-    remote_host = os.environ['REMOTE_ADDR']
-
-    if mode != 'PAM_SM_AUTH':
-        bad_request('We only support PAM_SM_AUTH')
-
-    if parse_token(token):
-        ga = YubikeyAuthenticator(require_pincode)
-    else:
-        # totp/googleauth
-        ga = totpcgi.GoogleAuthenticator(backends, require_pincode)
-
-    try:
-        status = ga.verify_user_token(user, token)
-    except Exception, ex:
-        logging.warning(
-            "TOKEN FAILURE! user=%s, mode=%s, host=%s, message=%s",
-            user,
-            mode,
-            remote_host,
-            str(ex))
-        bad_request(str(ex))
-
-    logging.info(
-        "Token success! user=%s, mode=%s, host=%s, message=%s",
-        user,
-        mode,
-        remote_host,
-        status)
-
-    sys.stdout.write('Status: 200 OK\n')
-    sys.stdout.write('Content-type: text/plain\n')
-    sys.stdout.write('Content-Length: %s\n' % len(success_string))
-    sys.stdout.write('\n')
-
-    sys.stdout.write(success_string)
-
-if __name__ == '__main__':
-    try:
-        cgimain()
-    except Exception:
-        logging.exception("Server error during processing")
-        output = 'ERR\nInternal server error\n'
-        sys.stdout.write('Status: 500 SERVER ERROR\n')
-        sys.stdout.write('Content-type: text/plain\n')
-        sys.stdout.write('Content-Length: %s\n' % len(output))
-        sys.stdout.write('\n')
-
-        sys.stdout.write(output)
-        sys.exit(0)
diff --git a/roles/totpcgi/files/pam_url.conf b/roles/totpcgi/files/pam_url.conf
deleted file mode 100644
index 4ba6808355..0000000000
--- a/roles/totpcgi/files/pam_url.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.iad2.fedoraproject.org:8443/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/roles/totpcgi/files/pam_url.conf.fakefas01 b/roles/totpcgi/files/pam_url.conf.fakefas01
deleted file mode 100644
index 4ba6808355..0000000000
--- a/roles/totpcgi/files/pam_url.conf.fakefas01
+++ /dev/null
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.iad2.fedoraproject.org:8443/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/roles/totpcgi/files/pam_url.conf.stg b/roles/totpcgi/files/pam_url.conf.stg
deleted file mode 100644
index 047ff5a90b..0000000000
--- a/roles/totpcgi/files/pam_url.conf.stg
+++ /dev/null
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.stg.iad2.fedoraproject.org/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/roles/totpcgi/files/pam_url.conf.vpn b/roles/totpcgi/files/pam_url.conf.vpn
deleted file mode 100644
index 6e102e12f7..0000000000
--- a/roles/totpcgi/files/pam_url.conf.vpn
+++ /dev/null
@@ -1,21 +0,0 @@
-pam_url:
-{
-	settings:
-	{
-		url = "https://fas-all.vpn.fedoraproject.org:8443/";	# URI to fetch
-		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
-		userfield = "user";				# userfield name to send
-		passwdfield = "token";				# passwdfield name to send
-		extradata = "&do=login";			# extradata to send
-		prompt = "Password+Token: ";			# password prompt
-	};
-
-	ssl:
-	{
-		verify_peer = true;				# Should we verify SSL ?
-		verify_host = true;				# Should we verify the CN in the SSL cert?
-		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
-		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
-                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
-	};
-};
diff --git a/roles/totpcgi/files/provisioning.cgi b/roles/totpcgi/files/provisioning.cgi
deleted file mode 100644
index 7e5dda5518..0000000000
--- a/roles/totpcgi/files/provisioning.cgi
+++ /dev/null
@@ -1,265 +0,0 @@
-#!/usr/bin/python -tt
-##
-# Copyright (C) 2012 by Konstantin Ryabitsev and contributors
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-# 02111-1307, USA.
-#
-import os
-import sys
-import cgi
-import syslog
-import logging
-
-import cgitb
-cgitb.enable(display=0, logdir="/tmp")
-
-import totpcgi
-import totpcgi.backends
-import totpcgi.utils
-
-import qrcode
-from qrcode.image import svg
-from StringIO import StringIO
-
-from string import Template
-
-if len(sys.argv) > 1:
-    # blindly assume it's the config file
-    config_file = sys.argv[1]
-else:
-    config_file = '/etc/totpcgi/provisioning.conf'
-
-import ConfigParser
-
-config = ConfigParser.RawConfigParser()
-config.read(config_file)
-
-backends = totpcgi.backends.Backends()
-
-try:
-    backends.load_from_config(config)
-except totpcgi.backends.BackendNotSupported, ex:
-    syslog.syslog(syslog.LOG_CRIT,
-            'Backend engine not supported: %s' % ex)
-    sys.exit(1)
-
-syslog.openlog('provisioning.cgi', syslog.LOG_PID, syslog.LOG_AUTH)
-
-def bad_request(config, why):
-    templates_dir = config.get('secret', 'templates_dir')
-    fh = open(os.path.join(templates_dir, 'error.html'))
-    tpt = Template(fh.read())
-    fh.close()
-
-    vals = {
-            'action_url':   config.get('secret', 'action_url'),
-            'css_root':     config.get('secret', 'css_root'),
-            'errormsg':     cgi.escape(why)
-    }
-
-    out = tpt.safe_substitute(vals)
-
-    sys.stdout.write('Status: 400 BAD REQUEST\n')
-    sys.stdout.write('Content-type: text/html\n')
-    sys.stdout.write('Content-Length: %s\n' % len(out))
-    sys.stdout.write('\n')
-
-    sys.stdout.write(out)
-    sys.exit(0)
-
-def show_qr_code(data):
-    qr = qrcode.QRCode(
-            version=1,
-            error_correction=qrcode.constants.ERROR_CORRECT_L,
-            box_size=5,
-            border=4)
-
-    qr.add_data(data)
-    qr.make(fit=True)
-
-    img = qr.make_image()
-
-    fh = StringIO()
-    img.save(fh)
-    out = fh.getvalue()
-    fh.close()
-
-    sys.stdout.write('Status: 200 OK\n')
-    sys.stdout.write('Content-type: image/png\n')
-    sys.stdout.write('Content-Length: %s\n' % len(out))
-    sys.stdout.write('\n')
-
-    sys.stdout.write(out)
-    sys.exit(0)
-
-def show_login_form(config):
-    templates_dir = config.get('secret', 'templates_dir')
-    fh = open(os.path.join(templates_dir, 'login.html'))
-    tpt = Template(fh.read())
-    fh.close()
-
-    vals = {
-            'action_url':   config.get('secret', 'action_url'),
-            'css_root':     config.get('secret', 'css_root')
-    }
-
-    out = tpt.safe_substitute(vals)
-
-    sys.stdout.write('Status: 200 OK\n')
-    sys.stdout.write('Content-type: text/html\n')
-    sys.stdout.write('Content-Length: %s\n' % len(out))
-    sys.stdout.write('\n')
-
-    sys.stdout.write(out)
-    sys.exit(0)
-
-def show_totp_page(config, user, gaus):
-    # generate provisioning URI
-    tpt = Template(config.get('secret', 'totp_user_mask'))
-    totp_user = tpt.safe_substitute(username=user)
-    totp_qr_uri = gaus.totp.provisioning_uri(totp_user)
-
-    action_url = config.get('secret', 'action_url')
-
-    qrcode_embed = '<img src="%s?qrcode=%s"/>' % (action_url, totp_qr_uri)
-
-    templates_dir = config.get('secret', 'templates_dir')
-    fh = open(os.path.join(templates_dir, 'totp.html'))
-    tpt = Template(fh.read())
-    fh.close()
-
-    if gaus.scratch_tokens:
-        scratch_tokens = '<br/>'.join(gaus.scratch_tokens)
-    else:
-        scratch_tokens = '&nbsp;'
-
-    vals = {
-            'action_url':     action_url,
-            'css_root':       config.get('secret', 'css_root'),
-            'qrcode_embed':   qrcode_embed,
-            'scratch_tokens': scratch_tokens
-    }
-
-    out = tpt.safe_substitute(vals)
-
-    sys.stdout.write('Status: 200 OK\n')
-    sys.stdout.write('Content-type: text/html\n')
-    sys.stdout.write('Content-Length: %s\n' % len(out))
-    sys.stdout.write('\n')
-
-    sys.stdout.write(out)
-    sys.exit(0)
-
-def generate_secret(config):
-    encrypt_secret = config.getboolean('secret', 'encrypt_secret')
-    window_size = config.getint('secret', 'window_size')
-    rate_limit = config.get('secret', 'rate_limit')
-
-    # scratch tokens don't make any sense with encrypted secret
-    if not encrypt_secret:
-        scratch_tokens_n = config.getint('secret', 'scratch_tokens_n')
-    else:
-        scratch_tokens_n = 0
-
-    (times, secs) = rate_limit.split(',')
-    rate_limit = (int(times), int(secs))
-
-    gaus = totpcgi.utils.generate_secret(rate_limit, window_size,
-        scratch_tokens_n)
-
-    return gaus
-
-
-def cgimain():
-    form = cgi.FieldStorage()
-
-    if 'qrcode' in form:
-        #if os.environ['HTTP_REFERER'].find(os.environ['SERVER_NAME']) == -1:
-        #    bad_request(config, 'Sorry, you failed the HTTP_REFERER check')
-
-        qrcode = form.getfirst('qrcode')
-        show_qr_code(qrcode)
-
-    remote_host = os.environ['REMOTE_ADDR']
-
-    try:
-        trust_http_auth = config.getboolean('secret', 'trust_http_auth')
-    except ConfigParser.NoOptionError:
-        trust_http_auth = False
-
-    if trust_http_auth and os.environ.has_key('REMOTE_USER'):
-        user    = os.environ['REMOTE_USER']
-        pincode = None
-
-        syslog.syslog(syslog.LOG_NOTICE,
-            'Success (http-auth): user=%s, host=%s' % (user, remote_host))
-
-    else:
-        must_keys = ('username', 'pincode')
-
-        for must_key in must_keys:
-            if must_key not in form:
-                show_login_form(config)
-
-        user    = form.getfirst('username')
-        pincode = form.getfirst('pincode')
-
-        # start by verifying the pincode
-        try:
-            backends.pincode_backend.verify_user_pincode(user, pincode)
-        except Exception, ex:
-            syslog.syslog(syslog.LOG_NOTICE,
-                'Failure: user=%s, host=%s, message=%s' % (user, remote_host,
-                    str(ex)))
-            bad_request(config, str(ex))
-
-        # pincode verified
-        syslog.syslog(syslog.LOG_NOTICE,
-            'Success: user=%s, host=%s' % (user, remote_host))
-
-    # is there an existing secret for this user?
-    exists = True
-
-    try:
-        backends.secret_backend.get_user_secret(user, pincode)
-    except totpcgi.UserNotFound:
-        # if we got it, then there isn't an existing secret in place
-        exists = False
-
-    if exists:
-        syslog.syslog(syslog.LOG_NOTICE,
-            'Secret exists: user=%s, host=%s' % (user, remote_host))
-        bad_request(config, 'Existing secret found. It must be removed first.')
-
-    # now generate the secret and store it
-
-    gaus = generate_secret(config)
-
-    # if we don't need to encrypt the secret, set pincode to None
-    encrypt_secret = config.getboolean('secret', 'encrypt_secret')
-    if not encrypt_secret:
-        pincode = None
-
-    backends.secret_backend.save_user_secret(user, gaus, pincode)
-    # purge all old state, as it's now obsolete
-
-    backends.state_backend.delete_user_state(user)
-
-    show_totp_page(config, user, gaus)
-
-
-if __name__ == '__main__':
-    cgimain()
diff --git a/roles/totpcgi/files/sudo.pam b/roles/totpcgi/files/sudo.pam
deleted file mode 100644
index aa59ebf7a7..0000000000
--- a/roles/totpcgi/files/sudo.pam
+++ /dev/null
@@ -1,11 +0,0 @@
-#%PAM-1.0
-auth       required     pam_env.so
-auth       sufficient   pam_url.so config=/etc/pam_url.conf
-auth       requisite    pam_succeed_if.so uid >= 500 quiet
-auth       required     pam_deny.so
-
-auth       include      system-auth
-account    include      system-auth
-password   include      system-auth
-session    optional     pam_keyinit.so revoke
-session    required     pam_limits.so
diff --git a/roles/totpcgi/files/sudo.pam.dev.fedoraproject.org b/roles/totpcgi/files/sudo.pam.dev.fedoraproject.org
deleted file mode 100644
index 030bb26463..0000000000
--- a/roles/totpcgi/files/sudo.pam.dev.fedoraproject.org
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth       include      system-auth
-account    include      system-auth
-password   include      system-auth
-session    optional     pam_keyinit.so revoke
-session    required     pam_limits.so
diff --git a/roles/totpcgi/files/sudo.pam.qa.fedoraproject.org b/roles/totpcgi/files/sudo.pam.qa.fedoraproject.org
deleted file mode 100644
index 030bb26463..0000000000
--- a/roles/totpcgi/files/sudo.pam.qa.fedoraproject.org
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth       include      system-auth
-account    include      system-auth
-password   include      system-auth
-session    optional     pam_keyinit.so revoke
-session    required     pam_limits.so
diff --git a/roles/totpcgi/tasks/main.yml b/roles/totpcgi/tasks/main.yml
deleted file mode 100644
index 6169dac7e5..0000000000
--- a/roles/totpcgi/tasks/main.yml
+++ /dev/null
@@ -1,236 +0,0 @@
-- name: add totpcgi user
-  user: name=totpcgi uid=501 state=present home=/var/lib/totpcgi createhome=yes system=yes
-  tags:
-  - config
-
-- name: install needed packages
-  package: name={{ item }} state=present
-  with_items:
-  - mod_auth_pgsql
-  - totpcgi
-  - totpcgi-selinux
-  - totpcgi-provisioning
-  - python-qrcode
-  - httpd
-  - mod_ssl
-  tags:
-  - packages
-
-- name: Install the cgi apache configuration files
-  template: >
-    src={{ item.file }}.j2 dest=/etc/httpd/conf.d/{{ item.dest }}
-    owner=root group=root mode=0444
-  with_items:
-  - {file: provisioning-httpd.conf, dest: totpcgi-provisioning.conf }
-  tags:
-  - files
-  - config
-  notify:
-  - restart apache
-
-- name: create directories
-  file: path=/etc/{{ item }} state=directory owner=root group=totpcgi mode=750
-  with_items:
-  - pki/totpcgi
-  - totpcgi/totp
-
-- name: create template directory for totpcgiprov
-  file: path=/etc/{{ item }} state=directory owner=root group=totpcgiprov mode=750
-  with_items:
-  - totpcgi/templates
-
-- name: create /etc/totpcgi with the proper rights and owners
-  file: path=/etc/{{ item }} state=directory owner=totpcgiprov group=totpcgi mode=750
-  with_items:
-  - totpcgi
-
-- name: copy html files over
-  copy: >
-   src=html
-   dest=/etc/totpcgi/templates
-   owner=root
-   group=totpcgiprov
-   mode=0750
-  tags:
-  - files
-  - config
-
-- name: copy provisioning index file over
-  copy: >
-   src=provisioning.cgi
-   dest=/var/www/totpcgi-provisioning/index.cgi
-   owner=totpcgiprov
-   group=totpcgiprov
-   mode=0550
-  tags:
-  - files
-  - config
-
-- name: copy index file over
-  copy: >
-   src=index.cgi
-   dest=/var/www/totpcgi/index.cgi
-   owner=totpcgi
-   group=totpcgi
-   mode=0550
-  tags:
-  - files
-  - config
-
-- name: copy totpcgi.conf file over
-  template: >
-   src=totpcgi.conf.j2
-   dest=/etc/totpcgi/totpcgi.conf
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-
-# staging certs
-
-- name: copy staging server cert file over
-  copy: >
-   src={{ private }}/files/2fa-certs/keys/fas-all.stg.iad2.fedoraproject.org.crt
-   dest=/etc/pki/tls/certs/totpcgi-server.crt
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-  when: env == "staging"
-
-- name: copy staging server key file over
-  copy: >
-   src={{ private }}/files/2fa-certs/keys/fas-all.stg.iad2.fedoraproject.org.key
-   dest=/etc/pki/totpcgi/totpcgi-server.key
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-  when: env == "staging"
-
-- name: copy staging server conf file over
-  template: >
-   src=totpcgi-httpd.conf.stg.j2
-   dest=/etc/httpd/conf.d/totpcgi.conf
-   owner=root
-   group=root
-   mode=0444
-  tags:
-  - files
-  - config
-  - sslciphers
-  when: env == "staging"
-
-# prod certs
-
-- name: copy server cert file over
-  copy: >
-   src={{ private }}/files/2fa-certs/keys/fas-all.iad2.fedoraproject.org.crt
-   dest=/etc/pki/totpcgi/totpcgi-server.crt
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-  notify:
-  - reload httpd
-  when: env == "production"
-
-- name: copy server cert file over
-  copy: >
-   src={{ private }}/files/2fa-certs/keys/fas-all.iad2.fedoraproject.org.key
-   dest=/etc/pki/totpcgi/totpcgi-server.key
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-  notify:
-  - reload httpd
-  when: env == "production"
-
-- name: copy totpcgi httpd config
-  template: >
-   src=totpcgi-httpd.conf.j2
-   dest=/etc/httpd/conf.d/totpcgi.conf
-   owner=root
-   group=root
-   mode=0444
-  tags:
-  - files
-  - config
-  - sslciphers
-  notify:
-  - reload httpd
-  when: env == "production"
-
-# vpn certs
-
-- name: copy VPN server cert file over
-  copy: >
-   src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt
-   dest=/etc/pki/totpcgi/totpcgi-server-vpn.crt
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-  notify:
-  - reload httpd
-  when: env == "production"
-
-- name: copy VPN server cert file over
-  copy: >
-   src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key
-   dest=/etc/pki/totpcgi/totpcgi-server-vpn.key
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-  when: env == "production"
-
-- name: copy VPN server cert file over
-  template: >
-   src=totpcgi-httpd.conf.vpn.j2
-   dest=/etc/httpd/conf.d/totpcgi-vpn.conf
-   owner=root
-   group=root
-   mode=0444
-  tags:
-  - files
-  - config
-  - sslciphers
-  when: env == "production"
-
-- name: copy ca cert over
-  copy: >
-   src={{ private }}/files/2fa-certs/keys/ca.crt
-   dest=/etc/pki/totpcgi/totpcgi-ca.crt
-   owner=root
-   group=totpcgi
-   mode=0640
-  tags:
-  - files
-  - config
-
-- name: copy provisioning.conf over
-  template: >
-   src=provisioning.conf.j2
-   dest=/etc/totpcgi/provisioning.conf
-   owner=root
-   group=totpcgiprov
-   mode=0640
-  tags:
-  - files
-  - config
diff --git a/roles/totpcgi/templates/configmap.yml b/roles/totpcgi/templates/configmap.yml
deleted file mode 100644
index fc059a8d76..0000000000
--- a/roles/totpcgi/templates/configmap.yml
+++ /dev/null
@@ -1,138 +0,0 @@
-{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-{% if objectname == "configmap-totpcgi-vpn.yml" %}
-  name: totpcgi-vpn
-{% else %}
-  name: totpcgi
-{% endif %}
-  labels:
-    app: fas
-data:
-  totpcgi-ca.crt: |-
-    {{ lookup('file', '{{ private }}/files/2fa-certs/keys/ca.crt') | indent() }}
-  provisioning.conf: |-
-    {{ load_file('provisioning.conf.j2') | indent() }}
-  totpcgi.conf: |-
-    {{ load_file('totpcgi.conf.j2') | indent() }}
-  start.sh: |-
-    set -xe
-    rm -rf /httpdir/*
-    mkdir /httpdir/run
-    ln -s /etc/httpd/modules /httpdir/modules
-    truncate --size=0 /httpdir/accesslog /httpdir/errorlog
-    tail -qf /httpdir/accesslog /httpdir/errorlog &
-    exec /usr/sbin/httpd.worker -f /etc/totpcgi/httpd.conf -DFOREGROUND -DNO_DETACH
-  httpd.conf: |-
-    ServerRoot "/httpdir"
-    PidFile "/httpdir/httpd.pid"
-    LoadModule authn_file_module modules/mod_authn_file.so
-    LoadModule authn_anon_module modules/mod_authn_anon.so
-    LoadModule authz_user_module modules/mod_authz_user.so
-    LoadModule authz_host_module modules/mod_authz_host.so
-    LoadModule include_module modules/mod_include.so
-    LoadModule log_config_module modules/mod_log_config.so
-    LoadModule env_module modules/mod_env.so
-    LoadModule ext_filter_module modules/mod_ext_filter.so
-    LoadModule expires_module modules/mod_expires.so
-    LoadModule headers_module modules/mod_headers.so
-    LoadModule mime_module modules/mod_mime.so
-    LoadModule dir_module modules/mod_dir.so
-    LoadModule alias_module modules/mod_alias.so
-    LoadModule version_module modules/mod_version.so
-    LoadModule ssl_module modules/mod_ssl.so
-    LoadModule auth_pgsql_module modules/mod_auth_pgsql.so
-    LoadModule cgi_module modules/mod_cgi.so
-
-    # There's so much in python(-fedora) that wants a valid homedir....
-    SetEnv HOME /httpdir
-
-    Listen 0.0.0.0:8080
-    Listen 0.0.0.0:8443 https
-
-    StartServers         4
-    MaxClients         300
-    MinSpareThreads     25
-    MaxSpareThreads     75
-    ThreadsPerChild     25
-    MaxRequestsPerChild  0
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-    CustomLog /httpdir/accesslog combined
-    ErrorLog /httpdir/errorlog
-    LogLevel info
-    TypesConfig /etc/mime.types
-    AddDefaultCharset UTF-8
-    CoreDumpDirectory /tmp
-
-    DirectoryIndex index.cgi
-
-    <VirtualHost *:8080>
-        Header set Cache-Control no-cache
-        Header set Expires 0
-        Alias /totpcgiprovision /var/www/totpcgi-provisioning
-{% if env == "staging" %}
-        Alias /totpcgiprovision/ /var/www/totpcgi-provisioning
-{% endif %}
-        AddHandler cgi-script .cgi
-
-        DocumentRoot /var/www/totpcgi-provisioning
-        <Directory "/var/www/totpcgi-provisioning">
-            Options ExecCGI
-        </Directory>
-
-        <Location />
-            AuthType Basic
-            AuthName "Fedora totpcgi"
-
-            Auth_PG_host db-fas{{ env_suffix }}
-            Auth_PG_port 5432
-            Auth_PG_user fasreadonly
-            Auth_PG_pwd {{ fasReadOnlyPassword }}
-            Auth_PG_database fas2
-            Auth_PG_pwd_table people
-            Auth_PG_uid_field username
-            Auth_PG_pwd_field password
-            Auth_PG_pwd_whereclause " and status='active'"
-
-            Require valid-user
-        </Location>
-    </VirtualHost>
-
-    <VirtualHost *:8443>
-{% if env == "staging" %}
-        ServerName fas-all.stg.iad2.fedoraproject.org:8443
-{% elif objectname == "configmap-totpcgi-vpn.yml" %}
-        ServerName fas-all.vpn.fedoraproject.org:8443
-{% elif datacenter == 'iad2' %}
-        ServerName fas-all.iad2.fedoraproject.org:8443
-{% endif %}
-        SSLEngine on
-{% if objectname == "configmap-totpcgi-vpn.yml" %}
-        SSLCertificateFile /etc/pki/totp/tls.crt
-        SSLCertificateKeyFile /etc/pki/totp/tls.key
-{% else %}
-        SSLCertificateFile /etc/pki/totp/tls.crt
-        SSLCertificateKeyFile /etc/pki/totp/tls.key
-{% endif %}
-        SSLCACertificateFile /etc/totpcgi/totpcgi-ca.crt
-        SSLHonorCipherOrder On
-        SSLCipherSuite {{ ssl_ciphers }}
-        SSLProtocol {{ ssl_protocols }}
-        AddHandler cgi-script .cgi
-
-        SSLVerifyClient require
-        SSLVerifyDepth 10
-
-         DocumentRoot /var/www/totpcgi
-         <Directory "/var/www/totpcgi">
-                Options ExecCGI
-        </Directory>
-    </VirtualHost>
-  error.html: |-
-    {{ lookup('file', '{{ roles_path }}/totpcgi/files/html/error.html') | indent() }}
-  login.html: |-
-    {{ lookup('file', '{{ roles_path }}/totpcgi/files/html/login.html') | indent() }}
-  totp.html: |-
-    {{ lookup('file', '{{ roles_path }}/totpcgi/files/html/totp.html') | indent() }}
diff --git a/roles/totpcgi/templates/provisioning-httpd.conf.j2 b/roles/totpcgi/templates/provisioning-httpd.conf.j2
deleted file mode 100644
index 6b776fbb27..0000000000
--- a/roles/totpcgi/templates/provisioning-httpd.conf.j2
+++ /dev/null
@@ -1,44 +0,0 @@
-Listen 8444
-<VirtualHost *:8444>
-  LoadModule suexec_module modules/mod_suexec.so
-
-  DocumentRoot /var/www/totpcgi-provisioning
-  ServerName fas01.stg.iad2.fedoraproject.org:8444
-  ErrorLog /var/log/httpd/totpcgi-provisioning-error.log
-  SuexecUserGroup totpcgiprov totpcgiprov
-
-  AddHandler cgi-script .cgi
-  DirectoryIndex index.cgi
-
-  Header set Cache-Control no-cache
-  Header set Expires 0
-
-  #SSLEngine on
-  #SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
-  #SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
-  #SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
-
-  #CustomLog /var/log/httpd/totpcgi-provisioning-ssl-request-log \
-  #  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-  <Directory "/var/www/totpcgi-provisioning">
-    Options ExecCGI
-  </Directory>
-
-  <Location />
-    AuthType Basic
-    AuthName "Fedora totpcgi"
-
-    Auth_PG_host db-fas
-    Auth_PG_port 5432
-    Auth_PG_user fasreadonly
-    Auth_PG_pwd {{ fasReadOnlyPassword }}
-    Auth_PG_database fas2
-    Auth_PG_pwd_table people
-    Auth_PG_uid_field username
-    Auth_PG_pwd_field password
-    Auth_PG_pwd_whereclause " and status='active'"
-
-    Require valid-user
-  </Location>
-</VirtualHost>
diff --git a/roles/totpcgi/templates/provisioning.conf.j2 b/roles/totpcgi/templates/provisioning.conf.j2
deleted file mode 100644
index b15c918d45..0000000000
--- a/roles/totpcgi/templates/provisioning.conf.j2
+++ /dev/null
@@ -1,88 +0,0 @@
-[secret]
-# Whether to encrypt the secret when we generate it. Encrypting the secret
-# with the user's pincode means that even if the .totp file is leaked, an
-# attacker will not be able to get the secret without knowing the user's
-# pincode. The downside is that if a user forgets their pincode, both the
-# pincode and the secret will need to be fully re-provisioned.
-# Setting to "True" will also turn off scratch-token support.
-encrypt_secret = False
-
-# You can allow for some clock drift between the client and server by setting
-# the permitted window size. Window size is calculated in 10-second intervals,
-# so a window size of 6 allows clock drift of 60 seconds in either direction.
-window_size = 6
-
-# First value is the number of times. Second value is the number of seconds.
-# So, "3, 30" means "3 falures within 30 seconds"
-rate_limit = 3, 30
-
-# How many scratch tokens to generate. Note, that this setting is ignored
-# if encrypt_secret is set to True.
-scratch_tokens_n = 5
-
-# This identifies the token in the Google Authenticator application. It comes
-# very handy when users have more than one token, so set this to something
-# descriptive of your environment.
-{% if env == "staging" %}
-totp_user_mask = $username@stg.fedoraproject.org
-{% else %}
-totp_user_mask = $username@fedoraproject.org
-{% endif %}
-
-# Used by provisioning.cgi
-# Where the provisioning CGI is located, with regards to the web root.
-action_url = /totpcgiprovision/index.cgi
-
-# Used by provisioning.cgi
-# Where provisioning.css and provisioning-print.css are located with regards
-# to the web root.
-css_root = /totpcgiprovision/
-
-# Used by provisioning.cgi
-# Where to find the templates files.
-templates_dir = /etc/totpcgi
-
-# Used by provisioning.cgi
-# Whether to rely on HTTP auth to handle authentication.
-# As we don't get the password, only the username, turning this on
-# will automatically set encrypt_secret to false.
-#
-# Be careful turning this on.
-trust_http_auth = True
-
-
-[pincode]
-# Which hashing mechanism to use. Valid entries: md5, bcrypt, sha256, sha512
-usehash = sha256
-
-# Whether to compile the DBM database (only meaningful with the file backend)
-makedb = True
-
-# The backends are pretty much the same as in totpcgi.conf, except if you
-# are using the postgresql secret backend, you need to connect as a user
-# that is allowed to modify user records (e.g. totpcgi_admin).
-[secret_backend]
-;engine = file
-;secrets_dir = /etc/totpcgi/totp
-
-; For PostgreSQL backend:
-engine = pgsql
-pg_connect_string = user={{ totpcgiadminDBUser }} password={{ totpcgiadminDBPassword }} host=db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org dbname=totpcgi
-
-[pincode_backend]
-engine = pgsql
-pg_connect_string = user={{ totpcgiadminDBUser }} password={{ totpcgiadminDBPassword }} host=db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org dbname=totpcgi
-
-; For LDAP backend (simple bind auth):
-;engine = ldap
-;ldap_url    = ldaps://ipa.example.com:636/
-;ldap_dn     = uid=$username,cn=users,cn=accounts,dc=example,dc=com
-;ldap_cacert = /etc/pki/tls/certs/ipa-ca.crt
-
-[state_backend]
-;engine = file
-;state_dir = /var/lib/totpcgi
-
-; For PostgreSQL backend:
-engine = pgsql
-pg_connect_string = user={{ totpcgiadminDBUser }} password={{ totpcgiadminDBPassword }} host=db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org dbname=totpcgi
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.j2
deleted file mode 100644
index 29cd380418..0000000000
--- a/roles/totpcgi/templates/totpcgi-httpd.conf.j2
+++ /dev/null
@@ -1,37 +0,0 @@
-Listen 8443
-<VirtualHost 10.5.126.30:8443 10.5.126.25:8443 10.5.126.26:8443>
-        # Load this module locally here.
-        LoadModule suexec_module modules/mod_suexec.so
-
-	ServerAdmin admin@fedoraproject.org
-	DocumentRoot /var/www/totpcgi
-	ServerName fas-all.iad2.fedoraproject.org:8443
-	ErrorLog /var/log/httpd/totpcgi-error.log
-	SuexecUserGroup totpcgi totpcgi
-
-	# Use this for totp.cgi
-	AddHandler cgi-script .cgi
-	DirectoryIndex index.cgi
-
-	# Or use this for totp.fcgi:
-	#AddHandler fcgid-script .fcgi
-	#DirectoryIndex index.fcgi
-
-	SSLEngine on
-	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
-	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
-	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
-        SSLHonorCipherOrder On
-        SSLCipherSuite {{ ssl_ciphers }}
-        SSLProtocol {{ ssl_protocols }}
-
-	SSLVerifyClient require
-	SSLVerifyDepth 10
-
-	CustomLog /var/log/httpd/totpcgi-ssl-request-log \
-		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-	<Directory "/var/www/totpcgi">
-		Options ExecCGI
-	</Directory>
-</VirtualHost>
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
deleted file mode 100644
index 5424c8e3d0..0000000000
--- a/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
+++ /dev/null
@@ -1,37 +0,0 @@
-Listen 8443
-<VirtualHost *:8443>
-        # Load this module locally here.
-        LoadModule suexec_module modules/mod_suexec.so
-
-	ServerAdmin admin@fedoraproject.org
-	DocumentRoot /var/www/totpcgi
-	ServerName fas-all.stg.iad2.fedoraproject.org:8443
-	ErrorLog /var/log/httpd/totpcgi-error.log
-	SuexecUserGroup totpcgi totpcgi
-
-	# Use this for totp.cgi
-	AddHandler cgi-script .cgi
-	DirectoryIndex index.cgi
-
-	# Or use this for totp.fcgi:
-	#AddHandler fcgid-script .fcgi
-	#DirectoryIndex index.fcgi
-
-	SSLEngine on
-	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
-	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
-	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
-        SSLHonorCipherOrder On
-        SSLCipherSuite {{ ssl_ciphers }}
-        SSLProtocol {{ ssl_protocols }}
-
-	SSLVerifyClient require
-	SSLVerifyDepth 10
-
-	CustomLog /var/log/httpd/totpcgi-ssl-request-log \
-		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-	<Directory "/var/www/totpcgi">
-		Options ExecCGI
-	</Directory>
-</VirtualHost>
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2
deleted file mode 100644
index eb88528e3f..0000000000
--- a/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2
+++ /dev/null
@@ -1,36 +0,0 @@
-<VirtualHost 192.168.1.38:8443 192.168.1.39:8443 192.168.1.49:8443>
-        # Load this module locally here.
-        LoadModule suexec_module modules/mod_suexec.so
-
-	ServerAdmin admin@fedoraproject.org
-	DocumentRoot /var/www/totpcgi
-	ServerName fas-all.vpn.fedoraproject.org:8443
-	ErrorLog /var/log/httpd/totpcgi-error.log
-	SuexecUserGroup totpcgi totpcgi
-
-	# Use this for totp.cgi
-	AddHandler cgi-script .cgi
-	DirectoryIndex index.cgi
-
-	# Or use this for totp.fcgi:
-	#AddHandler fcgid-script .fcgi
-	#DirectoryIndex index.fcgi
-
-	SSLEngine on
-	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server-vpn.crt
-	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server-vpn.key
-	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
-        SSLHonorCipherOrder On
-        SSLCipherSuite {{ ssl_ciphers }}
-        SSLProtocol {{ ssl_protocols }}
-
-	SSLVerifyClient require
-	SSLVerifyDepth 10
-
-	CustomLog /var/log/httpd/totpcgi-ssl-request-log \
-		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-	<Directory "/var/www/totpcgi">
-		Options ExecCGI
-	</Directory>
-</VirtualHost>
diff --git a/roles/totpcgi/templates/totpcgi.conf.j2 b/roles/totpcgi/templates/totpcgi.conf.j2
deleted file mode 100644
index bd6630dfad..0000000000
--- a/roles/totpcgi/templates/totpcgi.conf.j2
+++ /dev/null
@@ -1,31 +0,0 @@
-[main]
-require_pincode = True
-success_string = OK
-{% if env == "staging" %}
-fas_url = https://admin.stg.fedoraproject.org/accounts/
-{% else %}
-fas_url = https://admin.fedoraproject.org/accounts/
-{% endif %}
-
-[secret_backend]
-; For PostgreSQL backend:
-engine = pgsql
-pg_connect_string = user={{ totpcgiDBUser }} password={{ totpcgiDBPassword }} host=db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org dbname=totpcgi
-
-[pincode_backend]
-engine = pgsql
-pg_connect_string = user={{ totpcgiDBUser }} password={{ totpcgiDBPassword }} host=db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org dbname=totpcgi
-
-; For LDAP backend (simple bind auth):
-;engine = ldap
-;ldap_url    = ldaps://ipa.example.com:636/
-;ldap_dn     = uid=$username,cn=users,cn=accounts,dc=example,dc=com
-;ldap_cacert = /etc/pki/tls/certs/ipa-ca.crt
-
-[state_backend]
-;engine = file
-;state_dir = /var/lib/totpcgi
-
-; For PostgreSQL backend:
-engine = pgsql
-pg_connect_string = user={{ totpcgiDBUser }} password={{ totpcgiDBPassword }} host=db-fas01{{ env_suffix }}.{{ datacenter }}.fedoraproject.org dbname=totpcgi
diff --git a/tasks/2fa_client.yml b/tasks/2fa_client.yml
deleted file mode 100644
index 8106193021..0000000000
--- a/tasks/2fa_client.yml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-- name: install pam_url
-  package: name=pam_url state=present
-  tags:
-  - packages
-  - 2fa
-
-- name: /etc/pki/tls/private/totpcgi.pem
-  copy: src="{{ private }}/files/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
-  tags:
-  - config
-  - 2fa
-
-- name: /etc/pki/tls/private/totpcgi-ca.cert
-  copy: src="{{ private }}/files/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
-  tags:
-  - config
-  - 2fa
-
-- name: /etc/pam_url.conf - split for staging/phx2/everyone else
-  template: src={{ item }} dest=/etc/pam_url.conf mode=0644
-  with_first_found:
-  - "{{ files }}/2fa/pam_url.conf.{{ inventory_hostname }}"
-  - "{{ files }}/2fa/pam_url.conf.{{ ansible_domain }}"
-  - "{{ files }}/2fa/pam_url.conf.{{ datacenter }}"
-  - "{{ files }}/2fa/pam_url.conf.j2"
-  tags:
-  - config
-  - pam_url
-  - 2fa
-
-- name: /etc/pam.d/sudo
-  copy: src={{ item }} dest=/etc/pam.d/sudo mode=0644
-  with_first_found:
-  - "{{ files }}/2fa/sudo.pam.{{ inventory_hostname }}"
-  - "{{ files }}/2fa/sudo.pam.{{ ansible_domain }}"
-  - "{{ files }}/2fa/sudo.pam"
-  tags:
-  - config
-  - 2fa

From e0662c5f2dea6a2329f34ff0840683672236e8b0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 17 May 2021 13:46:36 -0700
Subject: [PATCH 034/189] rsyncd / download: adjust odcs to allow package
 rsyncs

odcs just links to the packages in a compose on the /mnt/koji volume
with relative symlinks. ie (
../../../../../../../../mnt/koji/packages/zip/3.0/28.eln109/data/signed/9867c58f/x86_64/zip-3.0-28.eln109.x86_64.rpm
)
Change odcs on download servers to mount on /mnt like koji and then tell
rsync to chroot at /mnt, so it can follow those links and copy the file
from koji volume.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/groups/download.yml                                 | 2 +-
 .../download/files/httpd/dl.fedoraproject.org/secondary.conf  | 4 ++--
 roles/rsyncd/templates/rsyncd.conf.download.j2                | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml
index a5238e8ec9..051fe40b6e 100644
--- a/playbooks/groups/download.yml
+++ b/playbooks/groups/download.yml
@@ -40,7 +40,7 @@
   - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
   - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive',  nfs_src_dir: 'fedora_ftp_archive' }
   - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/koji',  nfs_src_dir: 'fedora_koji/koji/' } # needed for internal sync and odcs
-  - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/srv/odcs',  nfs_src_dir: 'fedora_odcs' } # needed for internal sync
+  - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/odcs',  nfs_src_dir: 'fedora_odcs' } # needed for internal sync
   - sudo
 
   pre_tasks:
diff --git a/roles/download/files/httpd/dl.fedoraproject.org/secondary.conf b/roles/download/files/httpd/dl.fedoraproject.org/secondary.conf
index be85ad32d8..7f0f3695ae 100644
--- a/roles/download/files/httpd/dl.fedoraproject.org/secondary.conf
+++ b/roles/download/files/httpd/dl.fedoraproject.org/secondary.conf
@@ -1,5 +1,5 @@
 Alias /pub /srv/pub
-Alias /odcs /srv/odcs
+Alias /odcs /mnt/odcs
 
 DocumentRoot /srv/web
 
@@ -18,7 +18,7 @@ DocumentRoot /srv/web
   </IfModule>
 </Directory>
 
-<Directory /srv/odcs>
+<Directory /mnt/odcs>
   HeaderName /HEADER.html
   ReadmeName /FOOTER.html
   Options Indexes FollowSymLinks
diff --git a/roles/rsyncd/templates/rsyncd.conf.download.j2 b/roles/rsyncd/templates/rsyncd.conf.download.j2
index 47e212a3af..4af35b9cfb 100644
--- a/roles/rsyncd/templates/rsyncd.conf.download.j2
+++ b/roles/rsyncd/templates/rsyncd.conf.download.j2
@@ -96,7 +96,7 @@ refuse options = checksum
 
 [ fedora-eln ]
 	comment = Fedora ELN composes
-	path = /srv/odcs
+	path = /./mnt/odcs
 	{% if inventory_hostname in groups['download_tier1'] %}
        hosts allow = {% for host in vars['dl_tier1'] %}{{host}},{% endfor %}
         {% endif %}

From 488bb78ccdd79a601d20693474c9b23e64d769d5 Mon Sep 17 00:00:00 2001
From: Tim Flink <tflink@fedoraproject.org>
Date: Tue, 18 May 2021 12:07:49 -0600
Subject: [PATCH 035/189] blockerbugs: upgrade prod to F33

---
 inventory/host_vars/blockerbugs01.iad2.fedoraproject.org | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/inventory/host_vars/blockerbugs01.iad2.fedoraproject.org b/inventory/host_vars/blockerbugs01.iad2.fedoraproject.org
index ebe61448f7..4a6035ef9e 100644
--- a/inventory/host_vars/blockerbugs01.iad2.fedoraproject.org
+++ b/inventory/host_vars/blockerbugs01.iad2.fedoraproject.org
@@ -2,8 +2,10 @@
 nm: 255.255.255.0
 gw: 10.3.163.254
 dns: 10.3.163.33
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
+
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/33/Server/x86_64/os/
+
 volgroup: /dev/vg_guests
 eth0_ip: 10.3.163.88
 vmhost: vmhost-x86-07.iad2.fedoraproject.org

From 9c1297a026ef589a2fcff632e6a60a5b7d5e2920 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Tue, 18 May 2021 13:13:23 -0500
Subject: [PATCH 036/189] packages-static: make sure that solrconfig is applied
 properly

---
 .../fedora-packages-static/templates/configmap.yml            | 4 ++--
 .../templates/packages/{ => conf}/solrconfig.xml              | 0
 .../fedora-packages-static/templates/solr-start.sh            | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)
 rename roles/openshift-apps/fedora-packages-static/templates/packages/{ => conf}/solrconfig.xml (100%)

diff --git a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
index 0cd8c85dfc..830901e2ce 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
@@ -17,8 +17,8 @@ metadata:
   labels:
     app: fedora-packages-static
 data:
-  solrconfig.xml: |-
-    {{ load_file('packages/solrconfig.xml') | indent }}
+  conf/solrconfig.xml: |-
+    {{ load_file('packages/conf/solrconfig.xml') | indent }}
   schema.xml: |-
     {{ load_file('packages/schema.xml') | indent }}
 ---
diff --git a/roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml b/roles/openshift-apps/fedora-packages-static/templates/packages/conf/solrconfig.xml
similarity index 100%
rename from roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
rename to roles/openshift-apps/fedora-packages-static/templates/packages/conf/solrconfig.xml
diff --git a/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh b/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh
index 9c341f5edf..d5428c13f7 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh
+++ b/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh
@@ -13,7 +13,7 @@ fi
 
 . /opt/docker-solr/scripts/run-initdb
 
-/opt/docker-solr/scripts/precreate-core "packages"
+/opt/docker-solr/scripts/precreate-core "packages" /opt/solr/server/solr/configsets/packages
 
 #!/bin/bash
 #
@@ -70,4 +70,4 @@ elif [[ "$TINI" == no ]]; then
 else
   echo "invalid value TINI=$TINI"
   exit 1
-fi
\ No newline at end of file
+fi

From 81b2cd2e9c735a568528d598d510c81a94149aca Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 18 May 2021 13:33:37 -0700
Subject: [PATCH 037/189] download: adjust koji mount to allow odcs/eln images
 to work right

Right now odcs uses /mnt/koji for packages links, but uses
/mnt/fedora_koji/koji for images. Adjusting this and adding a link in
should fix it for both.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/groups/download.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml
index 051fe40b6e..b096276db7 100644
--- a/playbooks/groups/download.yml
+++ b/playbooks/groups/download.yml
@@ -39,7 +39,7 @@
   - rsyncd
   - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
   - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive',  nfs_src_dir: 'fedora_ftp_archive' }
-  - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/koji',  nfs_src_dir: 'fedora_koji/koji/' } # needed for internal sync and odcs
+  - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/fedora_koji',  nfs_src_dir: 'fedora_koji' } # needed for internal sync and odcs
   - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/odcs',  nfs_src_dir: 'fedora_odcs' } # needed for internal sync
   - sudo
 
@@ -73,6 +73,9 @@
     copy: src="{{ files }}/download/download-sync.cron.cc-rdu01"  dest=/etc/cron.d/download-sync owner=root group=root mode=644
     when: inventory_hostname == 'download-cc-rdu01.fedoraproject.org'
 
+  - name: make a mnt/koji link
+    file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
+
   handlers:
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
 

From decd358666cf60524734f6069350bfcf7241ac9d Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Tue, 18 May 2021 15:51:38 -0500
Subject: [PATCH 038/189] packages-static: have the init script mange solr
 config

openshift does not allow subdirectories in configmap volumes.
---
 .../fedora-packages-static/templates/configmap.yml     |  4 ++--
 .../templates/packages/{conf => }/solrconfig.xml       |  0
 .../fedora-packages-static/templates/solr-start.sh     | 10 +++++++++-
 3 files changed, 11 insertions(+), 3 deletions(-)
 rename roles/openshift-apps/fedora-packages-static/templates/packages/{conf => }/solrconfig.xml (100%)

diff --git a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
index 830901e2ce..0cd8c85dfc 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/configmap.yml
@@ -17,8 +17,8 @@ metadata:
   labels:
     app: fedora-packages-static
 data:
-  conf/solrconfig.xml: |-
-    {{ load_file('packages/conf/solrconfig.xml') | indent }}
+  solrconfig.xml: |-
+    {{ load_file('packages/solrconfig.xml') | indent }}
   schema.xml: |-
     {{ load_file('packages/schema.xml') | indent }}
 ---
diff --git a/roles/openshift-apps/fedora-packages-static/templates/packages/conf/solrconfig.xml b/roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
similarity index 100%
rename from roles/openshift-apps/fedora-packages-static/templates/packages/conf/solrconfig.xml
rename to roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
diff --git a/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh b/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh
index d5428c13f7..45a272560b 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh
+++ b/roles/openshift-apps/fedora-packages-static/templates/solr-start.sh
@@ -13,7 +13,15 @@ fi
 
 . /opt/docker-solr/scripts/run-initdb
 
-/opt/docker-solr/scripts/precreate-core "packages" /opt/solr/server/solr/configsets/packages
+# Manually arrange config files into directory structure solr needs because openshift just won't let this be simple
+mkdir -p /var/solr/openshift/packages
+cp /opt/solr/server/solr/configsets/packages/schema.xml /var/solr/openshift/packages
+
+mkdir -p /var/solr/openshift/packages/conf
+cp /opt/solr/server/solr/configsets/packages/solrconfig.xml /var/solr/openshift/packages/conf
+
+# Create the core
+/opt/docker-solr/scripts/precreate-core "packages" /var/solr/openshift/packages
 
 #!/bin/bash
 #

From a6558b4b35f061e9f8616eaa3b0e0408ca73ca56 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 18 May 2021 13:56:38 -0700
Subject: [PATCH 039/189] download: do not make a /mnt/koji/compose as it is
 handled by symlink later

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/download/tasks/main.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index bb6925cd24..fa3686906d 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -14,10 +14,6 @@
 - name: Create /srv/web directory
   file: path=/srv/web state=directory
 
-## This is used by internal systems to get beta content
-- name: Create /mnt/koji/compose directory
-  file: path=/mnt/koji/compose state=directory
-
 - name: Set httpd_use_nfs seboolean
   seboolean: name=httpd_use_nfs state=yes persistent=yes
 

From 8b203e5d856277a6123d8250f0812aa86d39aaf9 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Tue, 18 May 2021 16:17:28 -0500
Subject: [PATCH 040/189] packages-static: correct solr deploymentconfig

---
 roles/openshift-apps/fedora-packages-static/files/service.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openshift-apps/fedora-packages-static/files/service.yml b/roles/openshift-apps/fedora-packages-static/files/service.yml
index a4dd6b1fb3..3be295f31f 100644
--- a/roles/openshift-apps/fedora-packages-static/files/service.yml
+++ b/roles/openshift-apps/fedora-packages-static/files/service.yml
@@ -29,4 +29,4 @@ spec:
     targetPort: 8983
   selector:
     app: fedora-packages-static
-    deploymentconfig: fedora-packages-static
+    deploymentconfig: solr

From e9b1c3c53d36cc0bd4d421bd8d0cf99562b1ad7a Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Tue, 18 May 2021 16:52:53 -0500
Subject: [PATCH 041/189] packages-static: use unprivileged port on container

---
 roles/openshift-apps/fedora-packages-static/files/service.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openshift-apps/fedora-packages-static/files/service.yml b/roles/openshift-apps/fedora-packages-static/files/service.yml
index 3be295f31f..659e531014 100644
--- a/roles/openshift-apps/fedora-packages-static/files/service.yml
+++ b/roles/openshift-apps/fedora-packages-static/files/service.yml
@@ -10,7 +10,7 @@ spec:
   - name: 80-tcp
     port: 80
     protocol: TCP
-    targetPort: 80
+    targetPort: 8080
   selector:
     app: fedora-packages-static
     deploymentconfig: fedora-packages-static

From 52e2a301cc4d07eb90c408ebde4dd5350bc9ad53 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Tue, 18 May 2021 17:25:18 -0500
Subject: [PATCH 042/189]  packages-static: update container port

---
 .../fedora-packages-static/templates/deploymentconfig.yml   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml b/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
index 89a0723aeb..4104c7babf 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/fedora-packages-static/templates/deploymentconfig.yml
@@ -38,7 +38,7 @@ spec:
               name: fedora-packages-static-configmap
               key: sitemap-url
         ports:
-        - containerPort: 80
+        - containerPort: 8080
         resources: {}
         volumeMounts:
         - name: data-volume
@@ -51,13 +51,13 @@ spec:
           initialDelaySeconds: 600
           httpGet:
             path: /
-            port: 80
+            port: 8080
         livenessProbe:
           timeoutSeconds: 1
           initialDelaySeconds: 630
           httpGet:
             path: /
-            port: 80
+            port: 8080
       volumes:
       - name: data-volume
         persistentVolumeClaim:

From 30b8e21945408741452f9408b1f62969f5a3d760 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 19 May 2021 13:28:02 +0200
Subject: [PATCH 043/189] copr-be: spot instance spawning, #1

---
 .../provision/builderpb-aws-spot-aarch64.yml  | 52 +++++++++++++++++++
 .../provision/builderpb-aws-spot-x86_64.yml   | 47 +++++++++++++++++
 .../files/provision/spinup_aws_spot_task.yml  | 47 +++++++++++++++++
 .../backend/templates/resalloc/vm-aws-new     | 18 ++++++-
 4 files changed, 162 insertions(+), 2 deletions(-)
 create mode 100644 roles/copr/backend/files/provision/builderpb-aws-spot-aarch64.yml
 create mode 100644 roles/copr/backend/files/provision/builderpb-aws-spot-x86_64.yml
 create mode 100644 roles/copr/backend/files/provision/spinup_aws_spot_task.yml

diff --git a/roles/copr/backend/files/provision/builderpb-aws-spot-aarch64.yml b/roles/copr/backend/files/provision/builderpb-aws-spot-aarch64.yml
new file mode 100644
index 0000000000..7d948c3e38
--- /dev/null
+++ b/roles/copr/backend/files/provision/builderpb-aws-spot-aarch64.yml
@@ -0,0 +1,52 @@
+---
+- name: create an aarch64 spot instance in aws
+  hosts: 127.0.0.1
+  gather_facts: false
+
+  roles:
+    - spawner
+
+  vars_files:
+    - vars.yml
+    - aws_cloud_vars.yml
+
+  vars:
+    keypair: copr-builder
+    instance_type: a1.xlarge
+    # We keep this around the on-demand price, as we don't want unnecessary
+    # interrupts.
+    spot_price: 0.102
+    security_group: ssh-only
+    max_spawn_time: 1100
+    spawning_vm_user: "fedora"
+    arch: aarch64
+    image_name: "{{ builder_images[arch] }}"
+    instance_volumes:
+      - device_name: sdb
+        delete_on_termination: True
+        volume_type: gp2
+        volume_size: 160
+
+  tasks:
+    - include: "spinup_aws_spot_task.yml"
+
+
+- name: provision builder
+  hosts: builder_temp_group
+  gather_facts: false
+  become: true
+  user: fedora
+
+  vars_files:
+    - vars.yml
+    - aws_cloud_vars.yml
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+  tasks:
+    - include: "create_swap_file.yml"
+      when:
+        - prepare_base_image is defined
+
+    - include: "provision_builder_tasks.yml"
diff --git a/roles/copr/backend/files/provision/builderpb-aws-spot-x86_64.yml b/roles/copr/backend/files/provision/builderpb-aws-spot-x86_64.yml
new file mode 100644
index 0000000000..d08aaa6fcd
--- /dev/null
+++ b/roles/copr/backend/files/provision/builderpb-aws-spot-x86_64.yml
@@ -0,0 +1,47 @@
+---
+- name: create an x86_64 spot instance in aws
+  hosts: 127.0.0.1
+  gather_facts: false
+
+  roles:
+    - spawner
+
+  vars_files:
+    - vars.yml
+    - aws_cloud_vars.yml
+
+  vars:
+    keypair: copr-builder
+    instance_type: i3.large
+    # We keep this around the on-demand price, as we don't want unnecessary
+    # interrupts.
+    spot_price: 0.156
+    security_group: ssh-only
+    max_spawn_time: 1100
+    spawning_vm_user: "fedora"
+    arch: x86_64
+    image_name: "{{ builder_images[arch] }}"
+
+  tasks:
+    - include: "spinup_aws_spot_task.yml"
+
+
+- name: provision builder
+  hosts: builder_temp_group
+  gather_facts: false
+  become: true
+  user: fedora
+
+  vars_files:
+    - vars.yml
+    - aws_cloud_vars.yml
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+  tasks:
+    - include: "create_swap_file.yml"
+      when:
+        - prepare_base_image is defined
+
+    - include: "provision_builder_tasks.yml"
diff --git a/roles/copr/backend/files/provision/spinup_aws_spot_task.yml b/roles/copr/backend/files/provision/spinup_aws_spot_task.yml
new file mode 100644
index 0000000000..c1b94c63bb
--- /dev/null
+++ b/roles/copr/backend/files/provision/spinup_aws_spot_task.yml
@@ -0,0 +1,47 @@
+---
+- debug: msg="vm_name={{ vm_name }}"
+
+- name: random subnet to overcome datacenter failures
+  set_fact: subnet_id={{ item }}
+  with_random_choice: "{{ aws_arch_subnets[arch] }}"
+
+- name: Launch instance
+  ec2:
+    key_name: "{{ keypair }}"
+    group: "{{ security_group }}"
+    instance_type: "{{ instance_type }}"
+    image: "{{ image_name }}"
+    wait: true
+    region: "{{ aws_region }}"
+    # both x86_64 and aarch64 arches can be allocated in us-east-1c
+    vpc_subnet_id: "{{ subnet_id }}"
+    assign_public_ip: yes
+    instance_tags:
+      FedoraGroup: copr
+      CoprPurpose: builder
+      CoprInstance: "{% if devel %}devel{% else %}production{% endif %}"
+      Name: "{{ vm_name }}"
+      arch: "{{ arch }}"
+    aws_access_key: "{{ aws_access_key }}"
+    aws_secret_key: "{{ aws_secret_key }}"
+    volumes: "{% if instance_volumes is defined %}{{ instance_volumes }}{% else %}[]{% endif %}"
+    spot_price: "{{ spot_price }}"
+  register: ec2
+
+- name: Add new instance to host group
+  add_host:
+    hostname: "{{ item.public_ip }}"
+    groupname: builder_temp_group
+  loop: "{{ ec2.instances }}"
+
+- set_fact: builder_ip={{ ec2.instances[0].public_ip }}
+
+- debug: msg="VM_IP={{ builder_ip }}"
+
+- name: wait for he host to be hot
+  local_action: wait_for host={{ builder_ip }} port=22 delay=1 timeout={{ max_spawn_time }}
+
+- name: wait until ssh is available
+  local_action:  shell false; until [ "$?" -eq "0" ]; do sleep 2; ssh -o PasswordAuthentication=no {{ spawning_vm_user|default('fedora') }}@{{ builder_ip }} 'echo foobar' 2>/dev/null; done
+  async: 600
+  poll: 2
diff --git a/roles/copr/backend/templates/resalloc/vm-aws-new b/roles/copr/backend/templates/resalloc/vm-aws-new
index 3777a1a4f0..d8a1e88be5 100755
--- a/roles/copr/backend/templates/resalloc/vm-aws-new
+++ b/roles/copr/backend/templates/resalloc/vm-aws-new
@@ -15,6 +15,7 @@ Allocate AWS VM instance for Copr build system.
 Options:
   --arch                native architecture (required)
   -h, --help            show this help
+  --spot                start a spot instance
 
 Environment variables:
   \$RESALLOC_NAME       the name given to the allocated instance, will be
@@ -31,11 +32,12 @@ test $# -eq 0 && show_help 1
 
 test -n "$RESALLOC_NAME" || show_help 1
 
-ARGS=$(getopt -o "h" -l "arch:,help" -n "getopt" -- "$@") \
+ARGS=$(getopt -o "h" -l "arch:,spot,help" -n "getopt" -- "$@") \
     || show_help 1
 eval set -- "$ARGS"
 
 opt_arch=
+opt_spot=false
 
 while true; do
     # now the name is in $1 and argument in $2
@@ -47,6 +49,13 @@ while true; do
         eval "opt_$opt=\$2"
         shift 2
         ;;
+    --spot)
+        opt=${1##--}
+        opt=${opt##-}
+        opt=${opt//-/_}
+        eval "opt_$opt=:"
+        shift
+        ;;
     -h|--help) show_help 0;;
     --) # end!
         shift; break;;
@@ -72,10 +81,15 @@ cleanup_actions()
 }
 trap cleanup_actions EXIT
 
+spot_pb_part=
+if $opt_spot; then
+    spot_pb_part=-spot
+fi
+
 # TODO: We should call aws-cli directly here, instead of parsing output of
 # ansible playbook.  But at the time of writing this script we had the playbook
 # available, so parsing the output is the easiest way to start.
-playbook=/var/lib/resallocserver/provision/builderpb-aws-"$opt_arch".yml
+playbook=/var/lib/resallocserver/provision/builderpb-aws"$spot_pb_part"-"$opt_arch".yml
 
 {
     vm_ip=$(ansible-playbook "$playbook" \

From ee0a88df3321515bde72859944f3cae00323b911 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 19 May 2021 13:59:41 +0200
Subject: [PATCH 044/189] copr-be: terminate spot instances on shutdown

Per the following error:
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "instance_initiated_shutdown_behavior=stop is not supported for spot instances."}
---
 roles/copr/backend/files/provision/spinup_aws_spot_task.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/copr/backend/files/provision/spinup_aws_spot_task.yml b/roles/copr/backend/files/provision/spinup_aws_spot_task.yml
index c1b94c63bb..18b0fdb993 100644
--- a/roles/copr/backend/files/provision/spinup_aws_spot_task.yml
+++ b/roles/copr/backend/files/provision/spinup_aws_spot_task.yml
@@ -26,6 +26,7 @@
     aws_secret_key: "{{ aws_secret_key }}"
     volumes: "{% if instance_volumes is defined %}{{ instance_volumes }}{% else %}[]{% endif %}"
     spot_price: "{{ spot_price }}"
+    instance_initiated_shutdown_behavior: terminate
   register: ec2
 
 - name: Add new instance to host group

From 0295b35a21295d5f739d7e97714e596d0c60e9b6 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 19 May 2021 14:19:07 +0200
Subject: [PATCH 045/189] copr-dev: configure spot instances

And also add a configuration options for the s390x arch quota.
---
 inventory/group_vars/copr_aws                 |  6 ++++
 inventory/group_vars/copr_dev_aws             | 10 +++++--
 .../backend/templates/resalloc/pools.yaml     | 29 +++++++++++++------
 3 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws
index fed831617c..206d284752 100644
--- a/inventory/group_vars/copr_aws
+++ b/inventory/group_vars/copr_aws
@@ -30,6 +30,12 @@ builders:
     aws:
         x86_64: [100,15,15]
         armhfp: [20,3,3]
+        s390x: [5,1,1]
         aarch64: [20,6,6]
+    aws_spot:
+        x86_64: [0,1,1]
+        armhfp: [0,0,0]
+        s390x: [0,0,0]
+        aarch64: [0,2,2]
 
 rpm_vendor_copr_name: Fedora Copr
diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws
index 156a7fdc4c..a5b2ebd7bf 100644
--- a/inventory/group_vars/copr_dev_aws
+++ b/inventory/group_vars/copr_dev_aws
@@ -29,8 +29,14 @@ nm_controlled_resolv: True
 builders:
     # max|max_spawn|max_prealloc
     aws:
-        x86_64: [10,1,1]
-        armhfp: [3,1,1]
+        x86_64: [4,1,1]
+        armhfp: [2,0,0]
+        s390x: [2,0,0]
+        aarch64: [2,1,1]
+    aws_spot:
+        x86_64: [5,2,3]
+        armhfp: [2,0,0]
+        s390x: [1,0,0]
         aarch64: [5,2,2]
 
 rpm_vendor_copr_name: Fedora Copr (devel)
diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index c3e7b0624b..3ad1b4bd0c 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -1,5 +1,5 @@
-{% macro aws_x86_64(max, max_starting, max_prealloc) %}
-aws_x86_64_normal_{% if devel %}dev{% else %}prod{% endif %}:
+{% macro aws_x86_64(max, max_starting, max_prealloc, spot=False) %}
+aws_x86_64_{% if spot %}spot{% else %}normal{% endif %}_{% if devel %}dev{% else %}prod{% endif %}:
     max: {{ max }}
     max_starting: {{ max_starting }}
     max_prealloc: {{ max_prealloc }}
@@ -18,7 +18,7 @@ aws_x86_64_normal_{% if devel %}dev{% else %}prod{% endif %}:
     - arch_s390x
     - arch_s390x_emulated
     - aws
-    cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=x86_64"
+    cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=x86_64 {% if spot %}--spot{% endif %}"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
     cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-aws-check"
     livecheck_period: 180
@@ -27,8 +27,8 @@ aws_x86_64_normal_{% if devel %}dev{% else %}prod{% endif %}:
     reuse_max_time: 1800
 {% endmacro %}
 
-{% macro aws_aarch64(max, max_starting, max_prealloc) %}
-aws_aarch64_normal_{% if devel %}dev{% else %}prod{% endif %}:
+{% macro aws_aarch64(max, max_starting, max_prealloc, spot=False) %}
+aws_aarch64_{% if spot %}spot{% else %}normal{% endif %}_{% if devel %}dev{% else %}prod{% endif %}:
     max: {{ max }}
     max_starting: {{ max_starting }}
     max_prealloc: {{ max_prealloc }}
@@ -37,7 +37,7 @@ aws_aarch64_normal_{% if devel %}dev{% else %}prod{% endif %}:
     - arch_aarch64
     - arch_aarch64_native
     - aws
-    cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=aarch64"
+    cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=aarch64 {% if spot %}--spot{% endif %}"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
     cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-aws-check"
     livecheck_period: 180
@@ -109,15 +109,26 @@ aarch64_{{ id }}_{{ inst }}:
     - arch_aarch64_native
 {% endmacro %}
 
-{{ aws_x86_64(builders.aws.x86_64[0] + builders.aws.armhfp[0],
-              builders.aws.x86_64[1] + builders.aws.armhfp[1],
-              builders.aws.x86_64[2] + builders.aws.armhfp[2])
+{{ aws_x86_64(builders.aws.x86_64[0] + builders.aws.armhfp[0] + builders.aws.s390x[0],
+              builders.aws.x86_64[1] + builders.aws.armhfp[1] + builders.aws.s390x[1],
+              builders.aws.x86_64[2] + builders.aws.armhfp[2] + builders.aws.s390x[2])
 }}
 {{ aws_aarch64(builders.aws.aarch64[0],
                builders.aws.aarch64[1],
                builders.aws.aarch64[2])
 }}
 
+{{ aws_x86_64(builders.aws_spot.x86_64[0] + builders.aws_spot.armhfp[0] + builders.aws_spot.s390x[0],
+              builders.aws_spot.x86_64[1] + builders.aws_spot.armhfp[1] + builders.aws_spot.s390x[1],
+              builders.aws_spot.x86_64[2] + builders.aws_spot.armhfp[2] + builders.aws_spot.s390x[2],
+              True)
+}}
+{{ aws_aarch64(builders.aws_spot.aarch64[0],
+               builders.aws_spot.aarch64[1],
+               builders.aws_spot.aarch64[2],
+               True)
+}}
+
 {% if env == "production" %}
 {{ hw_aarch64("01", "prod", 4, 2, 4) }}
 {{ hw_aarch64("02", "prod", 4, 2, 4) }}

From cc5436f6b04c1d888022a9ae424091b26b8ffb56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Wed, 19 May 2021 15:50:43 +0200
Subject: [PATCH 046/189] Deploy the new bugzilla2fedmsg to openshift in prod
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 playbooks/openshift-apps/bugzilla2fedmsg.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/openshift-apps/bugzilla2fedmsg.yml b/playbooks/openshift-apps/bugzilla2fedmsg.yml
index 2ce98ebcee..34161512fd 100644
--- a/playbooks/openshift-apps/bugzilla2fedmsg.yml
+++ b/playbooks/openshift-apps/bugzilla2fedmsg.yml
@@ -1,5 +1,5 @@
 - name: make the app be real
-  hosts: os_masters_stg[0]
+  hosts: os_masters[0]:os_masters_stg[0]
   user: root
   gather_facts: False
 

From 0b6408df272fabc0582d39d7ede13d6dc963f909 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 19 May 2021 16:37:55 +0200
Subject: [PATCH 047/189] copr-be: implement livecheck for the hypervisor VMs,
 too

---
 roles/copr/backend/tasks/resalloc.yml                       | 2 +-
 roles/copr/backend/templates/resalloc/pools.yaml            | 6 +++---
 .../backend/templates/resalloc/{vm-aws-check => vm-check}   | 0
 3 files changed, 4 insertions(+), 4 deletions(-)
 rename roles/copr/backend/templates/resalloc/{vm-aws-check => vm-check} (100%)

diff --git a/roles/copr/backend/tasks/resalloc.yml b/roles/copr/backend/tasks/resalloc.yml
index d5e2fa63cc..1a830ea0fa 100644
--- a/roles/copr/backend/tasks/resalloc.yml
+++ b/roles/copr/backend/tasks/resalloc.yml
@@ -61,7 +61,7 @@
   - vm-aarch64-new
   - vm-aws-new
   - vm-aws-delete
-  - vm-aws-check
+  - vm-check
   tags:
   - provision_config
 
diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index 3ad1b4bd0c..f45f966655 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -20,7 +20,7 @@ aws_x86_64_{% if spot %}spot{% else %}normal{% endif %}_{% if devel %}dev{% else
     - aws
     cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=x86_64 {% if spot %}--spot{% endif %}"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
-    cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-aws-check"
+    cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-check"
     livecheck_period: 180
     reuse_opportunity_time: 180
     reuse_max_count: 8
@@ -39,7 +39,7 @@ aws_aarch64_{% if spot %}spot{% else %}normal{% endif %}_{% if devel %}dev{% els
     - aws
     cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=aarch64 {% if spot %}--spot{% endif %}"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
-    cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-aws-check"
+    cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-check"
     livecheck_period: 180
     reuse_opportunity_time: 180
     reuse_max_count: 8
@@ -77,7 +77,7 @@ copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
     cmd_new: "/var/lib/resallocserver/provision/libvirt-new --swap-vol-size 168"
     cmd_delete: "/var/lib/resallocserver/provision/libvirt-new --swap-vol-size 168"
     cmd_delete: "/var/lib/resallocserver/provision/libvirt-delete"
-    cmd_livecheck: "echo TODO"
+    cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-check"
     livecheck_period: 180
     reuse_opportunity_time: 180
     reuse_max_count: 8
diff --git a/roles/copr/backend/templates/resalloc/vm-aws-check b/roles/copr/backend/templates/resalloc/vm-check
similarity index 100%
rename from roles/copr/backend/templates/resalloc/vm-aws-check
rename to roles/copr/backend/templates/resalloc/vm-check

From c95c641f1ea4545595f26809c8792f4adb2423c2 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 19 May 2021 16:46:17 +0200
Subject: [PATCH 048/189] copr-builder: run cleanup script after each builder
 release

Under root, so we can clean-up everything needed:

Fixes: https://pagure.io/copr/copr/issue/1258
---
 roles/copr/backend/tasks/resalloc.yml            |  1 +
 roles/copr/backend/templates/resalloc/pools.yaml |  3 +++
 roles/copr/backend/templates/resalloc/vm-release | 13 +++++++++++++
 3 files changed, 17 insertions(+)
 create mode 100755 roles/copr/backend/templates/resalloc/vm-release

diff --git a/roles/copr/backend/tasks/resalloc.yml b/roles/copr/backend/tasks/resalloc.yml
index 1a830ea0fa..6cc11910ab 100644
--- a/roles/copr/backend/tasks/resalloc.yml
+++ b/roles/copr/backend/tasks/resalloc.yml
@@ -62,6 +62,7 @@
   - vm-aws-new
   - vm-aws-delete
   - vm-check
+  - vm-release
   tags:
   - provision_config
 
diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index f45f966655..ea0d4986cd 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -21,6 +21,7 @@ aws_x86_64_{% if spot %}spot{% else %}normal{% endif %}_{% if devel %}dev{% else
     cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=x86_64 {% if spot %}--spot{% endif %}"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
     cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-check"
+    cmd_release: "/var/lib/resallocserver/resalloc_provision/vm-release"
     livecheck_period: 180
     reuse_opportunity_time: 180
     reuse_max_count: 8
@@ -40,6 +41,7 @@ aws_aarch64_{% if spot %}spot{% else %}normal{% endif %}_{% if devel %}dev{% els
     cmd_new: "/var/lib/resallocserver/resalloc_provision/vm-aws-new --arch=aarch64 {% if spot %}--spot{% endif %}"
     cmd_delete: "/var/lib/resallocserver/resalloc_provision/vm-aws-delete"
     cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-check"
+    cmd_release: "/var/lib/resallocserver/resalloc_provision/vm-release"
     livecheck_period: 180
     reuse_opportunity_time: 180
     reuse_max_count: 8
@@ -78,6 +80,7 @@ copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
     cmd_delete: "/var/lib/resallocserver/provision/libvirt-new --swap-vol-size 168"
     cmd_delete: "/var/lib/resallocserver/provision/libvirt-delete"
     cmd_livecheck: "/var/lib/resallocserver/resalloc_provision/vm-check"
+    cmd_release: "/var/lib/resallocserver/resalloc_provision/vm-release"
     livecheck_period: 180
     reuse_opportunity_time: 180
     reuse_max_count: 8
diff --git a/roles/copr/backend/templates/resalloc/vm-release b/roles/copr/backend/templates/resalloc/vm-release
new file mode 100755
index 0000000000..9772ec1bf1
--- /dev/null
+++ b/roles/copr/backend/templates/resalloc/vm-release
@@ -0,0 +1,13 @@
+#! /bin/sh
+
+die() { echo "$*" >&2 ; exit 1; }
+
+set -x
+set -e
+test -n "$RESALLOC_NAME"
+test -n "$RESALLOC_RESOURCE_DATA"
+
+# we only put IP out in spawning script, nothing else
+set -- $(echo "$RESALLOC_RESOURCE_DATA" | base64 --decode)
+IP=$1
+ssh -o ConnectTimeout=10 "root@$IP" copr-builder-cleanup

From 33813598766481f91ae282ef87c74ae956c46aee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Wed, 19 May 2021 17:33:10 +0200
Subject: [PATCH 049/189] Disable the VM version of bugzilla2fedmsg
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/bugzilla2fedmsg/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/bugzilla2fedmsg/tasks/main.yml b/roles/bugzilla2fedmsg/tasks/main.yml
index 49afc994b2..bd9b3da9b8 100644
--- a/roles/bugzilla2fedmsg/tasks/main.yml
+++ b/roles/bugzilla2fedmsg/tasks/main.yml
@@ -60,6 +60,6 @@
   - bugzilla2fedmsg
 
 - name: moksha-hub service
-  service: name=moksha-hub state=started enabled=yes
+  service: name=moksha-hub state=stopped enabled=no
   tags:
   - bugzilla2fedmsg

From 45cf6f92d1805fda6fcb9223c39642ae556d74cc Mon Sep 17 00:00:00 2001
From: Adam Saleh <asaleh@redhat.com>
Date: Wed, 19 May 2021 18:21:59 +0200
Subject: [PATCH 050/189] Toddlers - add asaleh as owner and remove ref to
 staging, as it was never deployed there.

---
 playbooks/openshift-apps/toddlers.yml                   | 1 +
 roles/openshift-apps/toddlers/templates/buildconfig.yml | 4 ----
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/playbooks/openshift-apps/toddlers.yml b/playbooks/openshift-apps/toddlers.yml
index 2e22f2e642..06d51a66ef 100644
--- a/playbooks/openshift-apps/toddlers.yml
+++ b/playbooks/openshift-apps/toddlers.yml
@@ -18,6 +18,7 @@
     - mohanboddu
     - zlopez
     - scoady
+    - asaleh
     tags:
       - appowners
 
diff --git a/roles/openshift-apps/toddlers/templates/buildconfig.yml b/roles/openshift-apps/toddlers/templates/buildconfig.yml
index be9d5bf1c4..5465386a18 100644
--- a/roles/openshift-apps/toddlers/templates/buildconfig.yml
+++ b/roles/openshift-apps/toddlers/templates/buildconfig.yml
@@ -13,11 +13,7 @@ spec:
     type: Git
     git:
       uri: https://pagure.io/fedora-infra/toddlers.git
-{% if env == 'staging' %}
-      ref: "staging"
-{% else %}
       ref: "production"
-{% endif %}
   strategy:
     type: Docker
   triggers:

From d890a9fbf4662fac4b26da3522484cae49d8869a Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 19 May 2021 12:00:49 -0700
Subject: [PATCH 051/189] bugzilla2fedmsg: drop checks against vm as it has
 moved to openshift

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../templates/check_fedmsg_consumers.cfg.j2   |  2 --
 .../nagios/services/iad2_internal/fedmsg.cfg  | 36 +++++++++----------
 .../nagios_server/templates/nrpe/nrpe.cfg.j2  |  3 --
 3 files changed, 18 insertions(+), 23 deletions(-)

diff --git a/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2 b/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2
index cc709c26a8..27984103d2 100644
--- a/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2
+++ b/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2
@@ -11,7 +11,6 @@ command[check_fedmsg_cp_app]={{libdir}}/nagios/plugins/check_fedmsg_producers_co
 command[check_fedmsg_cp_value]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-irc IRCBotConsumer MonitoringProducer
 command[check_fedmsg_cp_badges_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FedoraBadgesConsumer MonitoringProducer
 command[check_fedmsg_cp_notifs_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FMNConsumer DigestProducer ConfirmationProducer MonitoringProducer
-command[check_fedmsg_cp_bugzilla2fedmsg]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py moksha-hub BugzillaConsumer MonitoringProducer
 command[check_fedmsg_cp_fedimg_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FedimgConsumer MonitoringProducer
 command[check_fedmsg_cp_hotness_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub BugzillaTicketFiler MonitoringProducer
 command[check_fedmsg_cp_packages_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub CacheInvalidator MonitoringProducer
@@ -29,7 +28,6 @@ command[check_fedmsg_cexceptions_app]={{libdir}}/nagios/plugins/check_fedmsg_con
 command[check_fedmsg_cexceptions_value]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-irc IRCBotConsumer 1 10
 command[check_fedmsg_cexceptions_badges_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub FedoraBadgesConsumer 1 10
 command[check_fedmsg_cexceptions_notifs_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub FMNConsumer 1 10
-command[check_fedmsg_cexceptions_bugzilla2fedmsg]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py moksha-hub BugzillaConsumer 1 10
 command[check_fedmsg_cexceptions_fedimg_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub FedimgConsumer 1 10
 command[check_fedmsg_cexceptions_hotness_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub BugzillaTicketFiler 1 10
 command[check_fedmsg_cexceptions_packages_backend]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub CacheInvalidator 1 10
diff --git a/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg b/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg
index 6f8a2b2844..b557fa90dc 100644
--- a/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg
+++ b/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg
@@ -278,12 +278,12 @@ define service {
   use                   defaulttemplate
 }
 
-define service {
-  host_name             bugzilla2fedmsg01.iad2.fedoraproject.org
-  service_description   Check fedmsg consumers and producers hub
-  check_command         check_by_nrpe!check_fedmsg_cp_bugzilla2fedmsg
-  use                   defaulttemplate
-}
+#define service {
+#  host_name             bugzilla2fedmsg01.iad2.fedoraproject.org
+#  service_description   Check fedmsg consumers and producers hub
+#  check_command         check_by_nrpe!check_fedmsg_cp_bugzilla2fedmsg
+#  use                   defaulttemplate
+#}
 
 define service {
   host_name             fedimg01.iad2.fedoraproject.org
@@ -351,12 +351,12 @@ define service {
   use                   defaulttemplate
 }
 
-define service {
-  host_name             bugzilla2fedmsg01.iad2.fedoraproject.org
-  service_description   Check fedmsg-hub consumers exceptions
-  check_command         check_by_nrpe!check_fedmsg_cexceptions_bugzilla2fedmsg
-  use                   defaulttemplate
-}
+#define service {
+#  host_name             bugzilla2fedmsg01.iad2.fedoraproject.org
+#  service_description   Check fedmsg-hub consumers exceptions
+#  check_command         check_by_nrpe!check_fedmsg_cexceptions_bugzilla2fedmsg
+#  use                   defaulttemplate
+#}
 
 define service {
   host_name             fedimg01.iad2.fedoraproject.org
@@ -425,12 +425,12 @@ define service {
   use                   defaulttemplate
 }
 
-define service {
-  host_name             bugzilla2fedmsg01.iad2.fedoraproject.org
-  service_description   Check fedmsg-hub consumers backlog
-  check_command         check_by_nrpe!check_fedmsg_cbacklog_bugzilla2fedmsg
-  use                   defaulttemplate
-}
+#define service {
+#  host_name             bugzilla2fedmsg01.iad2.fedoraproject.org
+#  service_description   Check fedmsg-hub consumers backlog
+#  check_command         check_by_nrpe!check_fedmsg_cbacklog_bugzilla2fedmsg
+#  use                   defaulttemplate
+#}
 
 define service {
   host_name             fedimg01.iad2.fedoraproject.org
diff --git a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2 b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
index e31505bf33..884707d8ac 100644
--- a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
+++ b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
@@ -387,7 +387,6 @@ command[check_fedmsg_cp_app]=/usr/lib64/nagios/plugins/check_fedmsg_producers_co
 command[check_fedmsg_cp_value]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-irc IRCBotConsumer MonitoringProducer
 command[check_fedmsg_cp_badges_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FedoraBadgesConsumer MonitoringProducer
 command[check_fedmsg_cp_notifs_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FMNConsumer DigestProducer ConfirmationProducer MonitoringProducer
-command[check_fedmsg_cp_bugzilla2fedmsg]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py moksha-hub BugzillaConsumer MonitoringProducer
 command[check_fedmsg_cp_fedimg_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FedimgConsumer MonitoringProducer
 command[check_fedmsg_cp_hotness_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub BugzillaTicketFiler MonitoringProducer
 command[check_fedmsg_cp_packages_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub CacheInvalidator MonitoringProducer
@@ -400,7 +399,6 @@ command[check_fedmsg_cexceptions_app]=/usr/lib64/nagios/plugins/check_fedmsg_con
 command[check_fedmsg_cexceptions_value]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-irc IRCBotConsumer 1 10
 command[check_fedmsg_cexceptions_badges_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub FedoraBadgesConsumer 1 10
 command[check_fedmsg_cexceptions_notifs_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub FMNConsumer 1 10
-command[check_fedmsg_cexceptions_bugzilla2fedmsg]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py moksha-hub BugzillaConsumer 1 10
 command[check_fedmsg_cexceptions_fedimg_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub FedimgConsumer 1 10
 command[check_fedmsg_cexceptions_hotness_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub BugzillaTicketFiler 1 10
 command[check_fedmsg_cexceptions_packages_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub CacheInvalidator 1 10
@@ -413,7 +411,6 @@ command[check_fedmsg_cbacklog_app]=/usr/lib64/nagios/plugins/check_fedmsg_consum
 command[check_fedmsg_cbacklog_value]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-irc IRCBotConsumer 10 50
 command[check_fedmsg_cbacklog_badges_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub FedoraBadgesConsumer 25000 35000
 command[check_fedmsg_cbacklog_notifs_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub FMNConsumer 10 50
-command[check_fedmsg_cbacklog_bugzilla2fedmsg]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_backlog.py moksha-hub BugzillaConsumer 10 100
 command[check_fedmsg_cbacklog_fedimg_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub FedimgConsumer 2000 5000
 command[check_fedmsg_cbacklog_hotness_backend]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub BugzillaTicketFiler 100 500
 command[check_fedmsg_cbacklog_packages_backend_hub]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_backlog.py fedmsg-hub CacheInvalidator 30000 40000

From 535041fcddd253757d923650f07e541beb63cda3 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 19 May 2021 12:06:51 -0700
Subject: [PATCH 052/189] robosignatory: add kinoite signing for rawhide

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/robosignatory/templates/robosignatory.toml.j2 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2
index e0c2090d11..90c85ce057 100644
--- a/roles/robosignatory/templates/robosignatory.toml.j2
+++ b/roles/robosignatory/templates/robosignatory.toml.j2
@@ -524,6 +524,15 @@ handlers = ["console"]
         directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
         key = "{{ (env == 'production')|ternary('fedora-35', 'testkey') }}"
 
+        [consumer_config.ostree_refs."fedora/rawhide/aarch64/kinoite"]
+        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
+        key = "{{ (env == 'production')|ternary('fedora-35', 'testkey') }}"
+        [consumer_config.ostree_refs."fedora/rawhide/ppc64le/kinoite"]
+        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
+        key = "{{ (env == 'production')|ternary('fedora-35', 'testkey') }}"
+        [consumer_config.ostree_refs."fedora/rawhide/x86_64/kinoite"]
+        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
+        key = "{{ (env == 'production')|ternary('fedora-35', 'testkey') }}"
 
     [consumer_config.coreos]
     bucket = "fcos-builds"

From c9ee450c6a56cb0fa900ae5980d1d3d37dc960e5 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 19 May 2021 15:31:39 -0700
Subject: [PATCH 053/189] greenwave: specify exact versions for openQA gating
 policy

I was assuming Bodhi queried on "fedora-rawhide" for Rawhide
updates, but it seems it does not, it queries on "fedora-35" (or
whatever the release number is). We do not want to apply the
gating to Rawhide updates ATM, as openQA does not test them.
So unfortunately we'll need to hand-tend this list unless I can
think of a better approach.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 .../greenwave/templates/fedora.yaml            | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/roles/openshift-apps/greenwave/templates/fedora.yaml b/roles/openshift-apps/greenwave/templates/fedora.yaml
index 6cf0f9a8bc..1677551890 100644
--- a/roles/openshift-apps/greenwave/templates/fedora.yaml
+++ b/roles/openshift-apps/greenwave/templates/fedora.yaml
@@ -79,18 +79,18 @@ subject_type: koji_build
 rules:
   - !RemoteRule {}
 
-# For critical path updates, we require passes for all openQA update tests
+# For critical path updates in stable and Branched, we require passes
+# for all openQA update tests
 --- !Policy
 id: "bodhiupdate_bodhipush_openqa"
 product_versions:
-  # this should cover us for a while...
-  - fedora-3*
-  - fedora-4*
-  - fedora-5*
-  - fedora-6*
-  - fedora-7*
-  - fedora-8*
-  - fedora-9*
+  # FIXME: we would use some kind of matching here, but we don't want
+  # to include whatever version Rawhide is, as openQA tests don't run
+  # on Rawhide. So for now this list needs to be updated each time a
+  # release is branched (or goes EOL).
+  - fedora-32
+  - fedora-33
+  - fedora-34
 decision_contexts:
   - bodhi_update_push_testing_critpath
   - bodhi_update_push_stable_critpath

From 7185d7774e4d740b3a284810b23ea87d5c15e793 Mon Sep 17 00:00:00 2001
From: "Frank Ch. Eigler" <fche@redhat.com>
Date: Tue, 18 May 2021 11:27:45 -0400
Subject: [PATCH 054/189] debuginfod redirect+proxy: combine into handcrafted
 httpd conf file

---
 playbooks/include/proxies-redirects.yml            | 10 ----------
 .../templates/reversepassproxy.debuginfod.conf     | 14 ++++++++------
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml
index bb2433ccfc..3cb32aa888 100644
--- a/playbooks/include/proxies-redirects.yml
+++ b/playbooks/include/proxies-redirects.yml
@@ -872,13 +872,3 @@
     website: qa.fedoraproject.org
     path: /
     target: https://fedoraproject.org/wiki/QA
-
-  # redirects for debuginfod main page; subdirs are reverse-proxied
-  - role: httpd/redirect
-    shortname: debuginfod
-    website: debuginfod.fedoraproject.org
-    regex: ^/$
-    target: https://fedoraproject.org/wiki/Debuginfod
-    tags:
-    - debuginfod
-    
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.debuginfod.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.debuginfod.conf
index 8093cd40bc..0300d06b29 100644
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.debuginfod.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.debuginfod.conf
@@ -1,15 +1,17 @@
 
-# Broadly reverse-proxy
-ProxyPassMatch "^/(.*)$" "{{proxyurl}}/$1" {{proxyopts}}
+# Reverse-proxy /buildid/* queries
+ProxyPassMatch "^/buildid/(.*)$" "{{proxyurl}}/buildid/$1" {{proxyopts}}
+
+# Reverse-proxy /metrics - without (...) grouping op, URL just gets copied
+ProxyPassMatch "^/metrics$" "{{proxyurl}}" {{proxyopts}}
+
 ProxyPassReverse / {{proxyurl}}/
 
 # ... but not the top level, which is instead redirected
 ProxyPass / !
 
-# ... configure this redirect in playbooks/include/proxies-redirects.yml
-# Redirect permanent / https://fedoraproject.org/wiki/Debuginfod
-# (or e.g.,)
-# Redirect permanent / https://sourceware.org/elfutils/Debuginfod.html
+# Redirect / URL over to wiki
+Redirect permanent / https://fedoraproject.org/wiki/Debuginfod
 
 # test it with:
 #

From 61be8367c8a201886fc14e3099736d21766525b6 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 19 May 2021 18:29:52 -0700
Subject: [PATCH 055/189] remove last vestiges of 2fa_client

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/groups/copr-db.yml                                | 1 -
 playbooks/hosts/cloud-noc-os01.rdu-cc.fedoraproject.org.yml | 1 -
 playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml        | 1 -
 playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml  | 1 -
 4 files changed, 4 deletions(-)

diff --git a/playbooks/groups/copr-db.yml b/playbooks/groups/copr-db.yml
index 1f6c5a9ce9..a46b3bf161 100644
--- a/playbooks/groups/copr-db.yml
+++ b/playbooks/groups/copr-db.yml
@@ -35,7 +35,6 @@
   - sudo
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
     when: env != "staging"
   - import_tasks: "{{ tasks_path }}/motd.yml"
 
diff --git a/playbooks/hosts/cloud-noc-os01.rdu-cc.fedoraproject.org.yml b/playbooks/hosts/cloud-noc-os01.rdu-cc.fedoraproject.org.yml
index 47e23b5264..8dad7675d4 100644
--- a/playbooks/hosts/cloud-noc-os01.rdu-cc.fedoraproject.org.yml
+++ b/playbooks/hosts/cloud-noc-os01.rdu-cc.fedoraproject.org.yml
@@ -27,7 +27,6 @@
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
   - import_tasks: "{{ tasks_path }}/motd.yml"
 
   - name: install some packages which arent in playbooks
diff --git a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
index 40aa8cf3c6..96b0c4fd0f 100644
--- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
+++ b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
@@ -27,7 +27,6 @@
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
   - import_tasks: "{{ tasks_path }}/motd.yml"
 
   - name: check if ntpd port is already known by selinux
diff --git a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml
index 62e8e32781..70a4285c44 100644
--- a/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml
+++ b/playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml
@@ -31,7 +31,6 @@
   - web-data-analysis
 
   tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
   - import_tasks: "{{ tasks_path }}/motd.yml"
 
   handlers:

From a2f14e982e30754d3de744ee7e4dda728267595d Mon Sep 17 00:00:00 2001
From: Carl George <carl@george.computer>
Date: Tue, 4 May 2021 15:38:37 -0500
Subject: [PATCH 056/189] bodhi2/backend: Add epel8-next to releases in
 new-updates-sync

Signed-off-by: Carl George <carl@george.computer>
---
 roles/bodhi2/backend/files/new-updates-sync | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/roles/bodhi2/backend/files/new-updates-sync b/roles/bodhi2/backend/files/new-updates-sync
index 472b2bb7ba..df3f570fac 100755
--- a/roles/bodhi2/backend/files/new-updates-sync
+++ b/roles/bodhi2/backend/files/new-updates-sync
@@ -172,6 +172,20 @@ RELEASES = {'f34': {'topic': 'fedora',
                                   'dest': os.path.join(EPELDEST, '8', 'Everything')}
                                 ]}}
                      },
+            'epel8n': {'topic': 'epel',
+                      'version': '8',
+                      'modules': ['epel'],
+                      'repos': {'epel-testing': {
+                          'from': 'epel8-next-testing',
+                          'to': [{'arches': ['x86_64', 'aarch64', 'ppc64le', 'source'],
+                                  'dest': os.path.join(EPELDEST, 'testing', 'next', '8', 'Everything')}
+                                ]},
+                                'epel': {
+                          'from': 'epel8-next',
+                          'to': [{'arches': ['x86_64', 'aarch64', 'ppc64le', 'source'],
+                                  'dest': os.path.join(EPELDEST, 'next', '8', 'Everything')}
+                                ]}}
+                     },
             'epel8m': {'topic': 'epel',
                     'version': '8m',
                     'modules': ['epel'],

From c9f5c11ba61495edb85e1da3706364cd0efa6478 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Tue, 18 May 2021 19:17:40 -0500
Subject: [PATCH 057/189] packages-static: correct port

---
 playbooks/openshift-apps/fedora-packages-static.yml           | 2 +-
 roles/openshift-apps/fedora-packages-static/files/service.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/playbooks/openshift-apps/fedora-packages-static.yml b/playbooks/openshift-apps/fedora-packages-static.yml
index 227e5e2011..9646ca616c 100644
--- a/playbooks/openshift-apps/fedora-packages-static.yml
+++ b/playbooks/openshift-apps/fedora-packages-static.yml
@@ -49,7 +49,7 @@
     app: fedora-packages-static
     routename: fedora-packages-static
     host: "packages{{ env_suffix }}.fedoraproject.org"
-    serviceport: 80-tcp
+    serviceport: 8080-tcp
     servicename: fedora-packages-static
 
   - role: openshift/object
diff --git a/roles/openshift-apps/fedora-packages-static/files/service.yml b/roles/openshift-apps/fedora-packages-static/files/service.yml
index 659e531014..ad30ccf27f 100644
--- a/roles/openshift-apps/fedora-packages-static/files/service.yml
+++ b/roles/openshift-apps/fedora-packages-static/files/service.yml
@@ -7,8 +7,8 @@ metadata:
   name: fedora-packages-static
 spec:
   ports:
-  - name: 80-tcp
-    port: 80
+  - name: 8080-tcp
+    port: 8080
     protocol: TCP
     targetPort: 8080
   selector:

From 6580fb89c06adc7b21fbc6b1de2005d55b72f436 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Thu, 20 May 2021 13:20:33 -0700
Subject: [PATCH 058/189] openQA staging: use new openqa scratch build too

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 inventory/group_vars/openqa_lab         | 3 +++
 inventory/group_vars/openqa_lab_workers | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/openqa_lab b/inventory/group_vars/openqa_lab
index 47f62a6c67..5c740b87e1 100644
--- a/inventory/group_vars/openqa_lab
+++ b/inventory/group_vars/openqa_lab
@@ -36,6 +36,9 @@ openqa_env: staging
 # ON THE EDGE (radical guitar riff)
 openqa_repo: updates-testing
 
+# 2021-05 git bump
+openqa_scratch: ["68350730"]
+
 wikitcms_token: "{{ private }}/files/openidc/staging/wikitcms.json"
 openqa_wikitcms_hostname: stg.fedoraproject.org
 openqa_resultsdb_url: http://resultsdb01.stg.iad2.fedoraproject.org/resultsdb_api/api/v2.0/
diff --git a/inventory/group_vars/openqa_lab_workers b/inventory/group_vars/openqa_lab_workers
index 23bf6a88ae..e6c0299de0 100644
--- a/inventory/group_vars/openqa_lab_workers
+++ b/inventory/group_vars/openqa_lab_workers
@@ -19,8 +19,8 @@ openqa_repo: updates-testing
 # we are all NFS workers for now at least
 openqa_nfs_worker: true
 
-# 2021-05 git bump
-openqa_scratch: ["67449532"]
+# 2021-05 git bumps
+openqa_scratch: ["67449532", "68350730"]
 
 deployment_type: stg
 freezes: false

From 176f1fa3cf051d58e15c6f79ac7ea012a11676e3 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Thu, 20 May 2021 13:53:13 -0700
Subject: [PATCH 059/189] openQA lab: bump os-autoinst scratch build

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 inventory/group_vars/openqa_lab_workers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/group_vars/openqa_lab_workers b/inventory/group_vars/openqa_lab_workers
index e6c0299de0..1beea1ff19 100644
--- a/inventory/group_vars/openqa_lab_workers
+++ b/inventory/group_vars/openqa_lab_workers
@@ -20,7 +20,7 @@ openqa_repo: updates-testing
 openqa_nfs_worker: true
 
 # 2021-05 git bumps
-openqa_scratch: ["67449532", "68350730"]
+openqa_scratch: ["68353556", "68350730"]
 
 deployment_type: stg
 freezes: false

From fafa47de963bfa17d39430572273359a7d9c9e75 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 21 May 2021 09:40:19 -0700
Subject: [PATCH 060/189] bodhi / backend: add url for repomd sync checking for
 epel8-next and epel8-next-testing

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bodhi2/base/templates/production.ini.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2
index 47535f00d1..76eca61a69 100644
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@@ -245,6 +245,8 @@ fedora_epel_modular_8_stable_master_repomd = http://dl-iad05.fedoraproject.org/p
 fedora_epel_modular_8_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/Modular/%%s/repodata/repomd.xml
 fedora_epel_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/%%s/%%s/repodata/repomd.xml
 fedora_epel_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/%%s/repodata/repomd.xml
+fedora_epel_next_8_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/next/%%s/Everything/%%s/repodata/repomd.xml
+fedora_epel_next_8_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/next/%%s/Everything/%%s/repodata/repomd.xml
 fedora_modular_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/%%s/Modular/%%s/repodata/repomd.xml
 fedora_modular_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/testing/%%s/Modular/%%s/repodata/repomd.xml
 {% elif env == 'staging' %}

From e3484c5f3d0a924ca0a600a4546b33959b6fa97c Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Thu, 20 May 2021 19:00:48 -0500
Subject: [PATCH 061/189] packages-static: add proxy

---
 playbooks/include/proxies-reverseproxy.yml | 7 +++++++
 playbooks/include/proxies-websites.yml     | 6 ++++++
 2 files changed, 13 insertions(+)

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 6f456a1465..18d70b0f4b 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -757,3 +757,10 @@
     proxyopts: "connectiontimeout=600 timeout=600 keepalive=on"
     tags:
     - debuginfod
+
+  - role: httpd/reverseproxy
+    website: packages{{ env_suffix }}.fedoraproject.org
+    destname: fedora-packages-static
+    balancer_name: app-os
+    targettype: openshift
+    keephost: true
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 69b84346d9..40771b6f43 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -1055,3 +1055,9 @@
     site_name: ols.fedoraproject.org
     sslonly: true
     cert_name: "{{wildcard_cert_name}}"
+
+  - role: httpd/website
+    site_name: packages.fedoraproject.org
+    server_aliases: [packages.stg.fedoraproject.org]
+    sslonly: true
+    cert_name: "{{wildcard_cert_name}}"

From 1dc01d036eea003fea59ebd8bbfb70e16e55f8ae Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 21 May 2021 11:11:35 -0700
Subject: [PATCH 062/189] proxies: packages site is the same in prod and stg
 with an alias

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/include/proxies-reverseproxy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 18d70b0f4b..e0c4b60ab4 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -759,7 +759,7 @@
     - debuginfod
 
   - role: httpd/reverseproxy
-    website: packages{{ env_suffix }}.fedoraproject.org
+    website: packages.fedoraproject.org
     destname: fedora-packages-static
     balancer_name: app-os
     targettype: openshift

From 9006cf784e2dfc4724ab5e4885c2503ca7c468d6 Mon Sep 17 00:00:00 2001
From: Francois Andrieu <darknao@fedoraproject.org>
Date: Fri, 21 May 2021 00:16:09 +0200
Subject: [PATCH 063/189] nagios: remove unused check_datanommer_faf

---
 .../templates/check_datanommer_history.cfg.j2              | 1 -
 .../files/nagios/services/iad2_internal/fedmsg.cfg         | 7 -------
 roles/nagios_server/templates/nrpe/nrpe.cfg.j2             | 1 -
 3 files changed, 9 deletions(-)

diff --git a/roles/nagios_client/templates/check_datanommer_history.cfg.j2 b/roles/nagios_client/templates/check_datanommer_history.cfg.j2
index aa58c83043..09077675ca 100644
--- a/roles/nagios_client/templates/check_datanommer_history.cfg.j2
+++ b/roles/nagios_client/templates/check_datanommer_history.cfg.j2
@@ -20,7 +20,6 @@ command[check_datanommer_bodhi_composes]={{libdir}}/nagios/plugins/check_datanom
 command[check_datanommer_buildsys]={{libdir}}/nagios/plugins/check_datanommer_timesince.py buildsys 14400 86400
 command[check_datanommer_compose]={{libdir}}/nagios/plugins/check_datanommer_timesince.py compose 259200 1814400
 command[check_datanommer_copr]={{libdir}}/nagios/plugins/check_datanommer_timesince.py copr 21600 86400
-command[check_datanommer_faf]={{libdir}}/nagios/plugins/check_datanommer_timesince.py faf 86400 259200
 command[check_datanommer_fas]={{libdir}}/nagios/plugins/check_datanommer_timesince.py fas 1814400 2628000
 command[check_datanommer_fedbadges]={{libdir}}/nagios/plugins/check_datanommer_timesince.py fedbadges 86400 259200
 command[check_datanommer_fedimg]={{libdir}}/nagios/plugins/check_datanommer_timesince.py fedimg 259200 604800
diff --git a/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg b/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg
index b557fa90dc..e548d18b47 100644
--- a/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg
+++ b/roles/nagios_server/files/nagios/services/iad2_internal/fedmsg.cfg
@@ -177,13 +177,6 @@ define service {
   use                   defaulttemplate
 }
 
-define service {
-  host_name             busgateway01.iad2.fedoraproject.org
-  service_description   Check datanommer for recent faf messages
-  check_command         check_by_nrpe!check_datanommer_faf
-  use                   defaulttemplate
-}
-
 define service {
   host_name             busgateway01.iad2.fedoraproject.org
   service_description   Check datanommer for recent mailman messages
diff --git a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2 b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
index 884707d8ac..353f52c3d0 100644
--- a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
+++ b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
@@ -358,7 +358,6 @@ command[check_datanommer_bodhi_composes]=/usr/lib64/nagios/plugins/check_datanom
 command[check_datanommer_buildsys]=/usr/lib64/nagios/plugins/check_datanommer_timesince.py buildsys 14400 86400
 command[check_datanommer_compose]=/usr/lib64/nagios/plugins/check_datanommer_timesince.py compose 259200 1814400
 command[check_datanommer_copr]=/usr/lib64/nagios/plugins/check_datanommer_timesince.py copr 21600 86400
-command[check_datanommer_faf]=/usr/lib64/nagios/plugins/check_datanommer_timesince.py faf 86400 259200
 command[check_datanommer_fas]=/usr/lib64/nagios/plugins/check_datanommer_timesince.py fas 1814400 2628000
 command[check_datanommer_fedbadges]=/usr/lib64/nagios/plugins/check_datanommer_timesince.py fedbadges 86400 259200
 command[check_datanommer_fedimg]=/usr/lib64/nagios/plugins/check_datanommer_timesince.py fedimg 259200 604800

From d9fc78b0e41ff815830ac224702f18dee00c7e77 Mon Sep 17 00:00:00 2001
From: Francois Andrieu <darknao@fedoraproject.org>
Date: Fri, 21 May 2021 00:36:49 +0200
Subject: [PATCH 064/189] nagios: remove MBSProducer check from mbs-backend

---
 roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2 | 2 +-
 roles/nagios_server/templates/nrpe/nrpe.cfg.j2              | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2 b/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2
index 27984103d2..7c680e6f5f 100644
--- a/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2
+++ b/roles/nagios_client/templates/check_fedmsg_consumers.cfg.j2
@@ -14,7 +14,7 @@ command[check_fedmsg_cp_notifs_backend]={{libdir}}/nagios/plugins/check_fedmsg_p
 command[check_fedmsg_cp_fedimg_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FedimgConsumer MonitoringProducer
 command[check_fedmsg_cp_hotness_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub BugzillaTicketFiler MonitoringProducer
 command[check_fedmsg_cp_packages_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub CacheInvalidator MonitoringProducer
-command[check_fedmsg_cp_mbs_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub MBSConsumer MBSProducer MonitoringProducer
+command[check_fedmsg_cp_mbs_backend]={{libdir}}/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub MBSConsumer MonitoringProducer
 
 command[check_fedmsg_cexceptions_busgateway_hub]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub Nommer 1 10
 command[check_fedmsg_cexceptions_busgateway_relay]={{libdir}}/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-relay RelayConsumer 1 10
diff --git a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2 b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
index 353f52c3d0..6ccdbb21d0 100644
--- a/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
+++ b/roles/nagios_server/templates/nrpe/nrpe.cfg.j2
@@ -389,7 +389,7 @@ command[check_fedmsg_cp_notifs_backend]=/usr/lib64/nagios/plugins/check_fedmsg_p
 command[check_fedmsg_cp_fedimg_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub FedimgConsumer MonitoringProducer
 command[check_fedmsg_cp_hotness_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub BugzillaTicketFiler MonitoringProducer
 command[check_fedmsg_cp_packages_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub CacheInvalidator MonitoringProducer
-command[check_fedmsg_cp_mbs_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub MBSConsumer MBSProducer MonitoringProducer
+command[check_fedmsg_cp_mbs_backend]=/usr/lib64/nagios/plugins/check_fedmsg_producers_consumers.py fedmsg-hub MBSConsumer MonitoringProducer
 
 command[check_fedmsg_cexceptions_busgateway_hub]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-hub Nommer 1 10
 command[check_fedmsg_cexceptions_busgateway_relay]=/usr/lib64/nagios/plugins/check_fedmsg_consumer_exceptions.py fedmsg-relay RelayConsumer 1 10

From 24ae7d3d16891f3e64e9e6f45d94440fd0a0e231 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 21 May 2021 12:51:32 -0700
Subject: [PATCH 065/189] ipa / client: rework the excluded local users from
 sssd

There's a real user 'mock' who we want to allow on ipsilon (so they can
login to anything) and people02 (so they can get to their people space),
but no where else, since we ened the local mock user on places like
builders, etc.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/ipa/client/tasks/main.yml               | 23 +------------------
 .../fedora-nss-ignore.conf                    |  0
 .../templates/fedora-nss-ignore.conf.j2       | 20 ++++++++++++++++
 .../fedora-nss-ignore.conf.people             |  0
 .../fedora-nss-ignore.conf.staging            |  0
 5 files changed, 21 insertions(+), 22 deletions(-)
 rename roles/ipa/client/{files => templates}/fedora-nss-ignore.conf (100%)
 create mode 100644 roles/ipa/client/templates/fedora-nss-ignore.conf.j2
 rename roles/ipa/client/{files => templates}/fedora-nss-ignore.conf.people (100%)
 rename roles/ipa/client/{files => templates}/fedora-nss-ignore.conf.staging (100%)

diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml
index 3b9af8cec0..caf45b0f8a 100644
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@@ -72,31 +72,10 @@
   run_once: yes
 
 - name: Ensure that nss knows to skip certain users
-  copy: src=fedora-nss-ignore.conf dest=/etc/sssd/conf.d/ mode=600 owner=root group=root
+  template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/ mode=600 owner=root group=root
   tags:
   - ipa/client
   - config
   notify:
     - restart sssd
     - clean sss caches
-  when: env == "production" and inventory_hostname != 'people02.fedoraproject.org'
-
-- name: Ensure that nss knows to skip certain users (on people02)
-  copy: src=fedora-nss-ignore.conf.people dest=/etc/sssd/conf.d/ mode=600 owner=root group=root
-  tags:
-  - ipa/client
-  - config
-  notify:
-    - restart sssd
-    - clean sss caches
-  when: env == "production" and inventory_hostname == 'people02.fedoraproject.org'
-
-- name: Ensure that nss knows to skip certain users
-  copy: src=fedora-nss-ignore.conf.staging dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root
-  tags:
-  - ipa/client
-  - config
-  notify:
-    - restart sssd
-    - clean sss caches
-  when: env == "staging"
diff --git a/roles/ipa/client/files/fedora-nss-ignore.conf b/roles/ipa/client/templates/fedora-nss-ignore.conf
similarity index 100%
rename from roles/ipa/client/files/fedora-nss-ignore.conf
rename to roles/ipa/client/templates/fedora-nss-ignore.conf
diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
new file mode 100644
index 0000000000..fda576fb2a
--- /dev/null
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
@@ -0,0 +1,20 @@
+{% comment %}
+# There are a bunch of users we want to prefer the local version instead of the ipa/ldap version.
+# But in at least one case, there is a real user ('mock') that we want to exclude on most machines,
+# but not on people and ipsilon to allow them access to their people space and be able to login to things.
+{% endcomment %}
+{% if inventory_hostname in groups['people','ipsilon','ipsilon_stg'] %}
+## This file contains users who are in ipa to stop people from
+## creating restricted accounts but we want to make sure the id in
+## /etc/passwd and /etc/group are used.
+[nss]
+filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,apache
+filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,apache
+{% else %}
+## This file contains users who are in ipa to stop people from
+## creating restricted accounts but we want to make sure the id in
+## /etc/passwd and /etc/group are used.
+[nss]
+filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync
+filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache
+{% endif %}
diff --git a/roles/ipa/client/files/fedora-nss-ignore.conf.people b/roles/ipa/client/templates/fedora-nss-ignore.conf.people
similarity index 100%
rename from roles/ipa/client/files/fedora-nss-ignore.conf.people
rename to roles/ipa/client/templates/fedora-nss-ignore.conf.people
diff --git a/roles/ipa/client/files/fedora-nss-ignore.conf.staging b/roles/ipa/client/templates/fedora-nss-ignore.conf.staging
similarity index 100%
rename from roles/ipa/client/files/fedora-nss-ignore.conf.staging
rename to roles/ipa/client/templates/fedora-nss-ignore.conf.staging

From 1c6dfc82fd1541e59fd83975753170468e3b7211 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 22 May 2021 10:26:50 -0700
Subject: [PATCH 066/189] ipa/client: no comment in this jinja2 sadly, just
 make this a normal comment

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/ipa/client/templates/fedora-nss-ignore.conf         | 6 ------
 roles/ipa/client/templates/fedora-nss-ignore.conf.j2      | 2 --
 roles/ipa/client/templates/fedora-nss-ignore.conf.people  | 6 ------
 roles/ipa/client/templates/fedora-nss-ignore.conf.staging | 6 ------
 4 files changed, 20 deletions(-)
 delete mode 100644 roles/ipa/client/templates/fedora-nss-ignore.conf
 delete mode 100644 roles/ipa/client/templates/fedora-nss-ignore.conf.people
 delete mode 100644 roles/ipa/client/templates/fedora-nss-ignore.conf.staging

diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf b/roles/ipa/client/templates/fedora-nss-ignore.conf
deleted file mode 100644
index a4214b99a9..0000000000
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-## This file contains users who are in ipa to stop people from
-## creating restricted accounts but we want to make sure the id in
-## /etc/passwd and /etc/group are used.
-[nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache
diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
index fda576fb2a..784e4033b3 100644
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
@@ -1,8 +1,6 @@
-{% comment %}
 # There are a bunch of users we want to prefer the local version instead of the ipa/ldap version.
 # But in at least one case, there is a real user ('mock') that we want to exclude on most machines,
 # but not on people and ipsilon to allow them access to their people space and be able to login to things.
-{% endcomment %}
 {% if inventory_hostname in groups['people','ipsilon','ipsilon_stg'] %}
 ## This file contains users who are in ipa to stop people from
 ## creating restricted accounts but we want to make sure the id in
diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf.people b/roles/ipa/client/templates/fedora-nss-ignore.conf.people
deleted file mode 100644
index d6ef610c3f..0000000000
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.people
+++ /dev/null
@@ -1,6 +0,0 @@
-## This file contains users who are in ipa to stop people from
-## creating restricted accounts but we want to make sure the id in
-## /etc/passwd and /etc/group are used.
-[nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,apache
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,apache
diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf.staging b/roles/ipa/client/templates/fedora-nss-ignore.conf.staging
deleted file mode 100644
index d0d0023615..0000000000
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.staging
+++ /dev/null
@@ -1,6 +0,0 @@
-## This file contains users who are in ipa to stop people from
-## creating restricted accounts but we want to make sure the id in
-## /etc/passwd and /etc/group are used.
-[nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock

From 52a197735b7c6ecaef93c503169f5d6c85240a9e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 22 May 2021 10:36:20 -0700
Subject: [PATCH 067/189] ipa/client: split out these groups

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/ipa/client/templates/fedora-nss-ignore.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
index 784e4033b3..b83c765706 100644
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
@@ -1,7 +1,7 @@
 # There are a bunch of users we want to prefer the local version instead of the ipa/ldap version.
 # But in at least one case, there is a real user ('mock') that we want to exclude on most machines,
 # but not on people and ipsilon to allow them access to their people space and be able to login to things.
-{% if inventory_hostname in groups['people','ipsilon','ipsilon_stg'] %}
+{% if inventory_hostname in groups['people'] or inventory_hostname in groups['ipsilon'] or inventory_hostname in groups['ipsilon_stg'] %}
 ## This file contains users who are in ipa to stop people from
 ## creating restricted accounts but we want to make sure the id in
 ## /etc/passwd and /etc/group are used.

From 24def8cd002feae09d40c5edcb45576f9c58a7f1 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 23 May 2021 10:51:01 -0700
Subject: [PATCH 068/189] staging-sync/koji: nfs is nfs-server now

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/manual/staging-sync/koji.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/manual/staging-sync/koji.yml b/playbooks/manual/staging-sync/koji.yml
index 693b37a957..d4af35f799 100644
--- a/playbooks/manual/staging-sync/koji.yml
+++ b/playbooks/manual/staging-sync/koji.yml
@@ -97,8 +97,8 @@
   - wipe-fs
 
   tasks:
-  - name: stop nfs
-    service: name=nfs state=stopped
+  - name: stop nfs-server
+    service: name=nfs-server state=stopped
   - name: unmount /mnt/fedora_koji/koji/ostree
     mount: name=/mnt/fedora_koji/koji/ostree state=unmounted
   - name: unmount /mnt/fedora_koji/koji/compose/ostree

From fd2a8ab38c1b0977834662ccd2ad67fc50248cb2 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 23 May 2021 10:52:37 -0700
Subject: [PATCH 069/189] staging-sync/koji: fix another nfs server case

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/manual/staging-sync/koji.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/manual/staging-sync/koji.yml b/playbooks/manual/staging-sync/koji.yml
index d4af35f799..a6e4c38528 100644
--- a/playbooks/manual/staging-sync/koji.yml
+++ b/playbooks/manual/staging-sync/koji.yml
@@ -124,8 +124,8 @@
 # TODO recreate directories under /mnt/koji/compose (which ones?) that composer expects to exist
   - name: symlink production volume
     file: src=/mnt/fedora_koji_prod/koji dest=/mnt/koji/vol/prod state=link
-  - name: restart nfs
-    service: name=nfs state=started
+  - name: restart nfs-server
+    service: name=nfs-server state=started
   - name: restart httpd
     service: name=httpd state=started
   - name: restart kojira

From 54a29eaaa107b0116ce2a69973c425d7d3aa7897 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 23 May 2021 11:07:35 -0700
Subject: [PATCH 070/189] repo files: drop failovermethod=priority as it's not
 been used in years

Additionally, newer fedora complains about it being invalid.
It was used back in the yum days and never ported to dnf.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 files/common/fedora-modular.repo                 | 3 ---
 files/common/fedora-updates-modular.repo         | 3 ---
 files/common/fedora-updates-testing-modular.repo | 3 ---
 files/common/fedora-updates-testing.repo         | 3 ---
 files/common/fedora-updates.repo                 | 3 ---
 files/common/fedora.repo                         | 3 ---
 6 files changed, 18 deletions(-)

diff --git a/files/common/fedora-modular.repo b/files/common/fedora-modular.repo
index cacbc82abd..7f69a45281 100644
--- a/files/common/fedora-modular.repo
+++ b/files/common/fedora-modular.repo
@@ -1,6 +1,5 @@
 [fedora-modular]
 name=Fedora Modular $releasever - $basearch
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Modular/$basearch/os/
 {% else %}
@@ -14,7 +13,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-modular-debuginfo]
 name=Fedora Modular $releasever - $basearch - Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Modular/$basearch/debug/tree/
 {% else %}
@@ -28,7 +26,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-modular-source]
 name=Fedora Modular $releasever - Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Modular/source/tree/
 {% else %}
diff --git a/files/common/fedora-updates-modular.repo b/files/common/fedora-updates-modular.repo
index e6633268f9..58d114804e 100644
--- a/files/common/fedora-updates-modular.repo
+++ b/files/common/fedora-updates-modular.repo
@@ -1,6 +1,5 @@
 [updates-modular]
 name=Fedora Modular $releasever - $basearch - Updates
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Modular/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch
 enabled=1
@@ -9,7 +8,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-modular-debuginfo]
 name=Fedora Modular $releasever - $basearch - Updates - Debug
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Modular/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch
 enabled=0
@@ -18,7 +16,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-modular-source]
 name=Fedora Modular $releasever - Updates Source
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Modular/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch
 enabled=0
diff --git a/files/common/fedora-updates-testing-modular.repo b/files/common/fedora-updates-testing-modular.repo
index 2047e50451..7b01cac09f 100644
--- a/files/common/fedora-updates-testing-modular.repo
+++ b/files/common/fedora-updates-testing-modular.repo
@@ -1,6 +1,5 @@
 [updates-testing-modular]
 name=Fedora Modular $releasever - $basearch - Test Updates
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Modular/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch
 enabled=0
@@ -9,7 +8,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-modular-debuginfo]
 name=Fedora Modular $releasever - $basearch - Test Updates Debug
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Modular/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch
 enabled=0
@@ -18,7 +16,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-modular-source]
 name=Fedora Modular $releasever - Test Updates Source
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Modular/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch
 enabled=0
diff --git a/files/common/fedora-updates-testing.repo b/files/common/fedora-updates-testing.repo
index 52f807b444..05e87ff1e3 100644
--- a/files/common/fedora-updates-testing.repo
+++ b/files/common/fedora-updates-testing.repo
@@ -1,6 +1,5 @@
 [updates-testing]
 name=Fedora $releasever - $basearch - Test Updates
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/
 {% else %}
@@ -13,7 +12,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-debuginfo]
 name=Fedora $releasever - $basearch - Test Updates Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/$basearch/debug/
 {% else %}
@@ -26,7 +24,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-source]
 name=Fedora $releasever - Test Updates Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/testing/$releasever/Everything/SRPMS/
 {% else %}
diff --git a/files/common/fedora-updates.repo b/files/common/fedora-updates.repo
index f01ae60fb7..04851e12c0 100644
--- a/files/common/fedora-updates.repo
+++ b/files/common/fedora-updates.repo
@@ -1,6 +1,5 @@
 [updates]
 name=Fedora $releasever - $basearch - Updates
-failovermethod=priority
 {% if ansible_distribution_major_version|int > 27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/
 {% else %}
@@ -13,7 +12,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-debuginfo]
 name=Fedora $releasever - $basearch - Updates - Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int > 27  %}
 baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/$basearch/debug/
 {% else %}
@@ -26,7 +24,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-source]
 name=Fedora $releasever - Updates Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int > 27  %}
 baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/updates/$releasever/Everything/SRPMS/
 {% else %}
diff --git a/files/common/fedora.repo b/files/common/fedora.repo
index b8dcf7662e..794ade7733 100644
--- a/files/common/fedora.repo
+++ b/files/common/fedora.repo
@@ -1,6 +1,5 @@
 [fedora]
 name=Fedora $releasever - $basearch
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/os/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
@@ -14,7 +13,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-debuginfo]
 name=Fedora $releasever - $basearch - Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
@@ -28,7 +26,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-source]
 name=Fedora $releasever - Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched|int is defined else FedoraRawhideNumber|int )  %}
 baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora/linux/releases/$releasever/Everything/source/tree/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch

From 9b00f4b02a9c986eccef1ce38017d2d61785fab3 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 23 May 2021 22:05:03 +0200
Subject: [PATCH 071/189] copr-be: centralize aws/spot/hypervisor config in
 inventory

---
 inventory/group_vars/copr_aws                 | 12 +++++++++
 inventory/group_vars/copr_dev_aws             | 12 +++++++++
 roles/copr/backend/tasks/main.yml             | 25 +++++++++++++++++++
 roles/copr/backend/templates/copr-be.conf.j2  |  9 ++++---
 .../backend/templates/resalloc/pools.yaml     | 20 +++++++--------
 5 files changed, 64 insertions(+), 14 deletions(-)

diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws
index 206d284752..6bc9e1f4a6 100644
--- a/inventory/group_vars/copr_aws
+++ b/inventory/group_vars/copr_aws
@@ -38,4 +38,16 @@ builders:
         s390x: [0,0,0]
         aarch64: [0,2,2]
 
+    #x86_hypervisor_01:
+    #    x86_64: [2,1,1]
+
+    x86_hypervisor_02:
+        x86_64: [20,3,20]
+
+    x86_hypervisor_03:
+        x86_64: [20,3,20]
+
+    x86_hypervisor_04:
+        x86_64: [20,3,20]
+
 rpm_vendor_copr_name: Fedora Copr
diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws
index a5b2ebd7bf..611759b6d3 100644
--- a/inventory/group_vars/copr_dev_aws
+++ b/inventory/group_vars/copr_dev_aws
@@ -39,4 +39,16 @@ builders:
         s390x: [1,0,0]
         aarch64: [5,2,2]
 
+    #x86_hypervisor_01:
+    #    x86_64: [2,1,1]
+
+    x86_hypervisor_02:
+        x86_64: [2,1,1]
+
+    x86_hypervisor_03:
+        x86_64: [2,1,1]
+
+    x86_hypervisor_04:
+        x86_64: [2,1,1]
+
 rpm_vendor_copr_name: Fedora Copr (devel)
diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml
index 83b2387030..7805c42b22 100644
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@@ -162,6 +162,31 @@
 #  - library
 #  tags:
 #  - provision_config
+#
+- name: calculate the maximum resalloc workers per architecture
+  set_fact: "max_{{ item }}_workers={{ builders | community.general.json_query('*.'+item+'[0]') | sum() }}"
+  with_items:
+    - x86_64
+    - armhfp
+    - s390x
+    - aarch64
+  tags:
+  - provision_config
+
+- name: calculate max number of workers
+  set_fact: "max_workers={{ max_x86_64_workers|int + max_armhfp_workers|int + max_s390x_workers|int + max_aarch64_workers|int }}"
+  tags:
+  - provision_config
+
+- name: print max arch workers
+  debug: "var=max_{{ item }}_workers"
+  with_items:
+    - x86_64
+    - armhfp
+    - s390x
+    - aarch64
+  tags:
+  - provision_config
 
 - name: resalloc
   import_tasks: resalloc.yml
diff --git a/roles/copr/backend/templates/copr-be.conf.j2 b/roles/copr/backend/templates/copr-be.conf.j2
index ba67a34907..06986e33ac 100644
--- a/roles/copr/backend/templates/copr-be.conf.j2
+++ b/roles/copr/backend/templates/copr-be.conf.j2
@@ -38,13 +38,14 @@ sleeptime=20
 # This option basically controls the amount of RAM allocated for
 # processing builds on copr backend, and how many resalloc tickets can
 # be taken at the same time.
-builds_max_workers={{ builders.aws.x86_64[0] + builders.aws.aarch64[0] + builders.aws.armhfp[0] }}
+builds_max_workers={{ max_workers }}
 
 # Maximum number of concurrently running tasks per architecture.
 builds_max_workers_arch=
-    x86_64={{ builders.aws.x86_64[0] }},
-    aarch64={{ builders.aws.aarch64[0]}},
-    armhfp={{ builders.aws.armhfp[0] }}
+    x86_64={{ max_x86_64_workers }},
+    aarch64={{ max_aarch64_workers }},
+    armhfp={{ max_armhfp_workers }},
+    s390x={{ max_s390x_workers }}
 
 # Maximum number of concurrently running tasks per project owner.
 {% if env == 'production' %}
diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index ea0d4986cd..f9b1e36ab1 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -49,17 +49,12 @@ aws_aarch64_{% if spot %}spot{% else %}normal{% endif %}_{% if devel %}dev{% els
 {% endmacro %}
 
 # x86_64 hypervisors
-{% for hv in ["02", "03", "04"] %}
+{% for hv in ["01", "02", "03", "04"] %}
+{% if "x86_hypervisor_" + hv in builders %}
 copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
-{% if devel %}
-    max: 3
-    max_starting: 1
-    max_prealloc: 1
-{% else %}
-    max: 20
-    max_starting: 4
-    max_prealloc: 20
-{% endif %}
+    max: {{ builders["x86_hypervisor_" + hv]["x86_64"][0] }}
+    max_starting: {{ builders["x86_hypervisor_" + hv]["x86_64"][1] }}
+    max_prealloc: {{ builders["x86_hypervisor_" + hv]["x86_64"][2] }}
     tags:
     - copr_builder
     - arch_x86_64
@@ -85,6 +80,11 @@ copr_hv_x86_64_{{ hv }}_{% if devel %}dev{% else %}prod{% endif %}:
     reuse_opportunity_time: 180
     reuse_max_count: 8
     reuse_max_time: 1800
+{% else %}
+#
+# x86_hypervisor_{{ hv }} not configured in group_vars
+#
+{% endif %}
 {% endfor %}
 
 {% macro hw_aarch64(id, inst, max, max_starting, max_prealloc) %}

From 07ac44211622d3f4ae0f91995d76b4c925eebbf8 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 23 May 2021 22:08:23 +0200
Subject: [PATCH 072/189] copr-be: backend config tagged as provision_config

The provision limits/quota is directly reflected in copr-be.conf.
---
 roles/copr/backend/tasks/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml
index 7805c42b22..22bc213483 100644
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@@ -232,6 +232,7 @@
   tags:
   - config
   - copr_infrastructure_password
+  - provision_config
 
 - name: create messaging config directory
   file: dest=/etc/copr/msgbuses state=directory owner=copr group=copr mode=0700

From 3fdc635dd42c756a5668774260228c68689ffe4a Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 23 May 2021 22:40:48 +0200
Subject: [PATCH 073/189] copr-be: simplify VM quota

---
 inventory/group_vars/copr_dev_aws             | 19 ++++++++----------
 roles/copr/backend/tasks/main.yml             |  6 +-----
 roles/copr/backend/templates/copr-be.conf.j2  |  7 ++++---
 .../backend/templates/resalloc/pools.yaml     | 20 +++++++------------
 4 files changed, 20 insertions(+), 32 deletions(-)

diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws
index 611759b6d3..95ac07ecd9 100644
--- a/inventory/group_vars/copr_dev_aws
+++ b/inventory/group_vars/copr_dev_aws
@@ -29,26 +29,23 @@ nm_controlled_resolv: True
 builders:
     # max|max_spawn|max_prealloc
     aws:
-        x86_64: [4,1,1]
-        armhfp: [2,0,0]
-        s390x: [2,0,0]
-        aarch64: [2,1,1]
+        x86_64: [4, 1, 1]
+        aarch64: [2, 1, 1]
+
     aws_spot:
-        x86_64: [5,2,3]
-        armhfp: [2,0,0]
-        s390x: [1,0,0]
-        aarch64: [5,2,2]
+        x86_64: [5, 2, 3]
+        aarch64: [5, 2, 2]
 
     #x86_hypervisor_01:
     #    x86_64: [2,1,1]
 
     x86_hypervisor_02:
-        x86_64: [2,1,1]
+        x86_64: [2, 1, 1]
 
     x86_hypervisor_03:
-        x86_64: [2,1,1]
+        x86_64: [2, 1, 1]
 
     x86_hypervisor_04:
-        x86_64: [2,1,1]
+        x86_64: [2, 1, 1]
 
 rpm_vendor_copr_name: Fedora Copr (devel)
diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml
index 22bc213483..5915005e9f 100644
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@@ -167,14 +167,12 @@
   set_fact: "max_{{ item }}_workers={{ builders | community.general.json_query('*.'+item+'[0]') | sum() }}"
   with_items:
     - x86_64
-    - armhfp
-    - s390x
     - aarch64
   tags:
   - provision_config
 
 - name: calculate max number of workers
-  set_fact: "max_workers={{ max_x86_64_workers|int + max_armhfp_workers|int + max_s390x_workers|int + max_aarch64_workers|int }}"
+  set_fact: "max_workers={{ max_x86_64_workers|int + max_aarch64_workers|int }}"
   tags:
   - provision_config
 
@@ -182,8 +180,6 @@
   debug: "var=max_{{ item }}_workers"
   with_items:
     - x86_64
-    - armhfp
-    - s390x
     - aarch64
   tags:
   - provision_config
diff --git a/roles/copr/backend/templates/copr-be.conf.j2 b/roles/copr/backend/templates/copr-be.conf.j2
index 06986e33ac..dab60b1baa 100644
--- a/roles/copr/backend/templates/copr-be.conf.j2
+++ b/roles/copr/backend/templates/copr-be.conf.j2
@@ -40,12 +40,13 @@ sleeptime=20
 # be taken at the same time.
 builds_max_workers={{ max_workers }}
 
-# Maximum number of concurrently running tasks per architecture.
+# Maximum number of concurrently running tasks per architecture.  Since we
+# emulate s390x and armhfp on x86_64, we give it ~25% of the x86_64 quota.
 builds_max_workers_arch=
     x86_64={{ max_x86_64_workers }},
     aarch64={{ max_aarch64_workers }},
-    armhfp={{ max_armhfp_workers }},
-    s390x={{ max_s390x_workers }}
+    armhfp={{ (max_x86_64_workers|int / 4)|int }},
+    s390x={{ (max_x86_64_workers|int / 4)|int }},
 
 # Maximum number of concurrently running tasks per project owner.
 {% if env == 'production' %}
diff --git a/roles/copr/backend/templates/resalloc/pools.yaml b/roles/copr/backend/templates/resalloc/pools.yaml
index f9b1e36ab1..af23fabee5 100644
--- a/roles/copr/backend/templates/resalloc/pools.yaml
+++ b/roles/copr/backend/templates/resalloc/pools.yaml
@@ -112,24 +112,18 @@ aarch64_{{ id }}_{{ inst }}:
     - arch_aarch64_native
 {% endmacro %}
 
-{{ aws_x86_64(builders.aws.x86_64[0] + builders.aws.armhfp[0] + builders.aws.s390x[0],
-              builders.aws.x86_64[1] + builders.aws.armhfp[1] + builders.aws.s390x[1],
-              builders.aws.x86_64[2] + builders.aws.armhfp[2] + builders.aws.s390x[2])
+{{ aws_x86_64(builders.aws.x86_64[0], builders.aws.x86_64[1],
+              builders.aws.x86_64[2])
 }}
-{{ aws_aarch64(builders.aws.aarch64[0],
-               builders.aws.aarch64[1],
+{{ aws_aarch64(builders.aws.aarch64[0], builders.aws.aarch64[1],
                builders.aws.aarch64[2])
 }}
 
-{{ aws_x86_64(builders.aws_spot.x86_64[0] + builders.aws_spot.armhfp[0] + builders.aws_spot.s390x[0],
-              builders.aws_spot.x86_64[1] + builders.aws_spot.armhfp[1] + builders.aws_spot.s390x[1],
-              builders.aws_spot.x86_64[2] + builders.aws_spot.armhfp[2] + builders.aws_spot.s390x[2],
-              True)
+{{ aws_x86_64(builders.aws_spot.x86_64[0], builders.aws_spot.x86_64[1],
+              builders.aws_spot.x86_64[2], True)
 }}
-{{ aws_aarch64(builders.aws_spot.aarch64[0],
-               builders.aws_spot.aarch64[1],
-               builders.aws_spot.aarch64[2],
-               True)
+{{ aws_aarch64(builders.aws_spot.aarch64[0], builders.aws_spot.aarch64[1],
+               builders.aws_spot.aarch64[2], True)
 }}
 
 {% if env == "production" %}

From 07d2d46d96cf2d9fb6d61b12bfbb906e7df32eeb Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 23 May 2021 22:44:52 +0200
Subject: [PATCH 074/189] copr-be: fix prod inventory for previous commit

---
 inventory/group_vars/copr_aws | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws
index 6bc9e1f4a6..ae13254e6c 100644
--- a/inventory/group_vars/copr_aws
+++ b/inventory/group_vars/copr_aws
@@ -29,13 +29,9 @@ builders:
     # max|max_spawn|max_prealloc
     aws:
         x86_64: [100,15,15]
-        armhfp: [20,3,3]
-        s390x: [5,1,1]
         aarch64: [20,6,6]
     aws_spot:
         x86_64: [0,1,1]
-        armhfp: [0,0,0]
-        s390x: [0,0,0]
         aarch64: [0,2,2]
 
     #x86_hypervisor_01:

From fe888acea909078ffae8c86969a78a71a64bbf48 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 23 May 2021 22:47:57 +0200
Subject: [PATCH 075/189] copr-be: typo in config

---
 roles/copr/backend/templates/copr-be.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/copr/backend/templates/copr-be.conf.j2 b/roles/copr/backend/templates/copr-be.conf.j2
index dab60b1baa..ba4e0fea64 100644
--- a/roles/copr/backend/templates/copr-be.conf.j2
+++ b/roles/copr/backend/templates/copr-be.conf.j2
@@ -46,7 +46,7 @@ builds_max_workers_arch=
     x86_64={{ max_x86_64_workers }},
     aarch64={{ max_aarch64_workers }},
     armhfp={{ (max_x86_64_workers|int / 4)|int }},
-    s390x={{ (max_x86_64_workers|int / 4)|int }},
+    s390x={{ (max_x86_64_workers|int / 4)|int }}
 
 # Maximum number of concurrently running tasks per project owner.
 {% if env == 'production' %}

From a1b9ee23a348705dce7766dc360888d641a00086 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 23 May 2021 22:54:44 +0200
Subject: [PATCH 076/189] copr-be: limit max tickets for 32bit x86

---
 roles/copr/backend/templates/copr-be.conf.j2 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/copr/backend/templates/copr-be.conf.j2 b/roles/copr/backend/templates/copr-be.conf.j2
index ba4e0fea64..9a06f2f3df 100644
--- a/roles/copr/backend/templates/copr-be.conf.j2
+++ b/roles/copr/backend/templates/copr-be.conf.j2
@@ -42,11 +42,16 @@ builds_max_workers={{ max_workers }}
 
 # Maximum number of concurrently running tasks per architecture.  Since we
 # emulate s390x and armhfp on x86_64, we give it ~25% of the x86_64 quota.
+# The 32bit x86 variants (i386, i586 and i686) are in minority now, so let's
+# limit them as well.
 builds_max_workers_arch=
     x86_64={{ max_x86_64_workers }},
     aarch64={{ max_aarch64_workers }},
     armhfp={{ (max_x86_64_workers|int / 4)|int }},
-    s390x={{ (max_x86_64_workers|int / 4)|int }}
+    s390x={{ (max_x86_64_workers|int / 4)|int }},
+    i386={{ (max_x86_64_workers|int / 4)|int }},
+    i586={{ (max_x86_64_workers|int / 4)|int }},
+    i686={{ (max_x86_64_workers|int / 4)|int }}
 
 # Maximum number of concurrently running tasks per project owner.
 {% if env == 'production' %}

From c112053767e374758a00a66472ec77afc36033ef Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Sun, 23 May 2021 22:59:35 +0200
Subject: [PATCH 077/189] copr-be: turn on spot instances in production

---
 inventory/group_vars/copr_aws | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws
index ae13254e6c..20ff125aad 100644
--- a/inventory/group_vars/copr_aws
+++ b/inventory/group_vars/copr_aws
@@ -28,22 +28,22 @@ nm_controlled_resolv: True
 builders:
     # max|max_spawn|max_prealloc
     aws:
-        x86_64: [100,15,15]
-        aarch64: [20,6,6]
+        x86_64: [30, 5, 5]
+        aarch64: [8, 2, 2]
     aws_spot:
-        x86_64: [0,1,1]
-        aarch64: [0,2,2]
+        x86_64: [60, 10, 20]
+        aarch64: [30, 4, 6]
 
     #x86_hypervisor_01:
-    #    x86_64: [2,1,1]
+    #    x86_64: [20, 4, 20]
 
     x86_hypervisor_02:
-        x86_64: [20,3,20]
+        x86_64: [20, 4, 20]
 
     x86_hypervisor_03:
-        x86_64: [20,3,20]
+        x86_64: [20, 4, 20]
 
     x86_hypervisor_04:
-        x86_64: [20,3,20]
+        x86_64: [20, 4, 20]
 
 rpm_vendor_copr_name: Fedora Copr

From 47f17055ecbc61c822798e1e84d3599a50b2e7a8 Mon Sep 17 00:00:00 2001
From: Brendan Early <mymindstorm@evermiss.net>
Date: Sun, 23 May 2021 16:15:10 -0500
Subject: [PATCH 078/189] packages-static: enable simple query parser

---
 .../templates/packages/solrconfig.xml              | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml b/roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
index 0fc3f8b6cb..f87a30319f 100644
--- a/roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
+++ b/roles/openshift-apps/fedora-packages-static/templates/packages/solrconfig.xml
@@ -368,11 +368,11 @@
   <query>
 
     <!-- Maximum number of clauses allowed when parsing a boolean query string.
-         
+
          This limit only impacts boolean queries specified by a user as part of a query string,
          and provides per-collection controls on how complex user specified boolean queries can
          be.  Query strings that specify more clauses then this will result in an error.
-         
+
          If this per-collection limit is greater then the global `maxBooleanClauses` limit
          specified in `solr.xml`, it will have no effect, as that setting also limits the size
          of user specified boolean queries.
@@ -382,7 +382,7 @@
     <!-- Solr Internal Query Caches
 
          There are four implementations of cache available for Solr:
-         LRUCache, based on a synchronized LinkedHashMap, 
+         LRUCache, based on a synchronized LinkedHashMap,
          LFUCache and FastLRUCache, based on a ConcurrentHashMap, and CaffeineCache -
          a modern and robust cache implementation. Note that in Solr 9.0
          only CaffeineCache will be available, other implementations are now
@@ -705,10 +705,10 @@
       <str name="spellcheck.dictionary">default</str>
       <str name="spellcheck.collate">true</str>
       <!-- Default search field
-      <str name="df">name</str> 
+      <str name="df">name</str>
         -->
       <!-- Change from JSON to XML format (the default prior to Solr 7.0)
-         <str name="wt">xml</str> 
+         <str name="wt">xml</str>
         -->
     </lst>
     <!-- In addition to defaults, "appends" params can be specified
@@ -1076,9 +1076,7 @@
        by SearchHandler) or in LocalParams
     -->
   <!-- example of registering a query parser -->
-  <!--
-     <queryParser name="myparser" class="com.mycompany.MyQParserPlugin"/>
-    -->
+  <queryParser name="simple" class="solr.search.SimpleQParserPlugin"/>
 
   <!-- Function Parsers
 

From 8531bc6068724b2bea4ff969d4567d982bfeca6c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 12:42:28 -0700
Subject: [PATCH 079/189] buildvm / staging: move everything to f34

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/buildvm_aarch64_stg | 4 ++--
 inventory/group_vars/buildvm_ppc64le_stg | 4 ++--
 inventory/group_vars/buildvm_s390x_stg   | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/inventory/group_vars/buildvm_aarch64_stg b/inventory/group_vars/buildvm_aarch64_stg
index 301297296c..af39a5baf3 100644
--- a/inventory/group_vars/buildvm_aarch64_stg
+++ b/inventory/group_vars/buildvm_aarch64_stg
@@ -6,8 +6,8 @@ mem_size: 40960
 max_mem_size: "{{ mem_size }}"
 num_cpus: 5
 max_cpu: "{{ num_cpus }}"
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-33
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/33/Server/aarch64/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/aarch64/os/
 nm: 255.255.255.0
 gw: 10.3.167.254
 dns: 10.3.163.33
diff --git a/inventory/group_vars/buildvm_ppc64le_stg b/inventory/group_vars/buildvm_ppc64le_stg
index 355bfa0119..4481476520 100644
--- a/inventory/group_vars/buildvm_ppc64le_stg
+++ b/inventory/group_vars/buildvm_ppc64le_stg
@@ -5,8 +5,8 @@ lvm_size: 150000
 mem_size: 10240
 max_mem_size: "{{ mem_size }}"
 num_cpus: 4
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-33
-ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/33/Server/ppc64le/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/34/Server/ppc64le/os/
 nm: 255.255.255.0
 gw: 10.3.167.254
 dns: 10.3.163.33
diff --git a/inventory/group_vars/buildvm_s390x_stg b/inventory/group_vars/buildvm_s390x_stg
index d32fae34c1..c516817bba 100644
--- a/inventory/group_vars/buildvm_s390x_stg
+++ b/inventory/group_vars/buildvm_s390x_stg
@@ -2,8 +2,8 @@
 ansible_ifcfg_blocklist: True
 createrepo: False
 host_group: kojibuilder
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-32-s390x
-ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/32/Server/s390x/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/34/Server/s390x/os/
 virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}"
 
 koji_hub_nfs: "fedora_koji"

From 915b183f5a315fbe457dc01a7a43704b075a175f Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 12:52:42 -0700
Subject: [PATCH 080/189] Switch armv7 one nic virt installs to use eth0_ipv4
 instead of eth0_ip

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/all | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index b270392a84..33a48efc43 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -211,7 +211,7 @@ virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname
                  --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
                  'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0
                   hostname={{ inventory_hostname }} nameserver={{ dns }}
-                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+                  ip={{ eth0_ipv4 }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                  --network bridge={{ main_bridge }}
                  --autostart --noautoconsole --rng /dev/random --qemu-commandline="-machine highmem=off"
 

From 1998b6ff75b5939b86905db378b5c6d4647c12bd Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 13:05:11 -0700
Subject: [PATCH 081/189] buildvm-a32-02.stg: new mac

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
index ddb7216f2b..f219d86c95 100644
--- a/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
@@ -11,7 +11,7 @@ eth0_ipv4_gw: 10.3.167.254
 
 has_ipv6: no
 
-mac0: 52:54:00:ac:8e:53
+mac0: 52:54:00:53:97:13
 
 network_connections:
 - name: eth0

From b8734dd65e0b6bc56f9f31cbd43cc576636896a1 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 13:23:52 -0700
Subject: [PATCH 082/189] staging: make sure ipa01.stg is the ipa server used
 to enroll with

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/staging | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inventory/group_vars/staging b/inventory/group_vars/staging
index a9d71a72ba..3ba09af1f0 100644
--- a/inventory/group_vars/staging
+++ b/inventory/group_vars/staging
@@ -28,3 +28,5 @@ ipa_realm: STG.FEDORAPROJECT.ORG
 ipa_admin_password: "{{ ipa_stg_admin_password }}"
 # RIP, FAS
 primary_auth_source: ipa
+ipa_server_nodes:
+  - ipa01.stg.iad2.fedoraproject.org

From e9dea6ca4107b1d6afa215e5504993841ff68797 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 14:38:44 -0700
Subject: [PATCH 083/189] update mac address for buildvm-a32-02.stg

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
index f219d86c95..39d16ed8a5 100644
--- a/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
@@ -11,7 +11,7 @@ eth0_ipv4_gw: 10.3.167.254
 
 has_ipv6: no
 
-mac0: 52:54:00:53:97:13
+mac0: 52:54:00:d4:9c:c1
 
 network_connections:
 - name: eth0

From cd50797995ff7d0a87a3cb9be4fb72e062da840e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 14:54:35 -0700
Subject: [PATCH 084/189] ipa / client: actually install the ignore conf file
 as .conf instead of .conf.j2

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/ipa/client/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml
index caf45b0f8a..e18de5abc5 100644
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@@ -72,7 +72,7 @@
   run_once: yes
 
 - name: Ensure that nss knows to skip certain users
-  template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/ mode=600 owner=root group=root
+  template: src=fedora-nss-ignore.conf.j2 dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root
   tags:
   - ipa/client
   - config

From 3f6b66177ae812dd764b31e6551b8d51f68156ed Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 14:57:56 -0700
Subject: [PATCH 085/189] buildvm / staging: drop linux system roles networking

Pondering more on this, we only want to use linux system roles
networking on bare metal machines. On vm's it's overkill and causes
problems with mac address changes all the time

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../buildvm-a32-01.stg.iad2.fedoraproject.org | 26 -----------------
 .../buildvm-a32-02.stg.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-a64-01.stg.iad2.fedoraproject.org | 28 +------------------
 .../buildvm-a64-02.stg.iad2.fedoraproject.org | 27 +-----------------
 ...ldvm-ppc64le-01.stg.iad2.fedoraproject.org | 27 +-----------------
 ...ldvm-ppc64le-02.stg.iad2.fedoraproject.org | 27 +-----------------
 ...ldvm-ppc64le-03.stg.iad2.fedoraproject.org | 27 +-----------------
 ...ldvm-ppc64le-04.stg.iad2.fedoraproject.org | 27 +-----------------
 ...ldvm-ppc64le-05.stg.iad2.fedoraproject.org | 27 +-----------------
 9 files changed, 8 insertions(+), 235 deletions(-)

diff --git a/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org
index 1bfa15bdec..7ceea79b92 100644
--- a/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org
@@ -5,30 +5,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
 eth0_ip: 10.3.167.46
-eth0_ipv4: 10.3.167.46
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:d4:6a:ca
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
diff --git a/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
index 39d16ed8a5..e3078ca887 100644
--- a/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-02.stg.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.54
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:d4:9c:c1
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.167.54
diff --git a/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org
index bfa23f414b..6d2eb03485 100644
--- a/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-01.stg.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.45
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:2f:20:0d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.167.45
diff --git a/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org
index 66b9531c3d..e8cccc155a 100644
--- a/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-02.stg.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.52
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:2b:1d:73
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.167.52
diff --git a/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org
index cb04900db5..a5658d7bc0 100644
--- a/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-01.stg.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.47
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:c3:5f:9a
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.167.47
diff --git a/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org
index df8b4713ab..68ad40daf3 100644
--- a/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-02.stg.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.48
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:a4:8b:ae
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.167.48
diff --git a/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org
index a580adde10..6b3edca54f 100644
--- a/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-03.stg.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.49
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:ee:06:14
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.167.49
diff --git a/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org
index 09d9060fc2..d339a91278 100644
--- a/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-04.stg.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.50
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:de:dc:59
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.167.50
diff --git a/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org
index b17747314b..1b113a95b4 100644
--- a/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-05.stg.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.167.51
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.167.254
-
-has_ipv6: no
-
-mac0: 52:54:00:e9:f3:a0
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.167.51

From b048b4038fabdc01da542f25b7171c6bc54642c8 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 15:04:48 -0700
Subject: [PATCH 086/189] revert virt-install on arm to use eth0_ip

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/all | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 33a48efc43..b270392a84 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -211,7 +211,7 @@ virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname
                  --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
                  'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0
                   hostname={{ inventory_hostname }} nameserver={{ dns }}
-                  ip={{ eth0_ipv4 }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
+                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                  --network bridge={{ main_bridge }}
                  --autostart --noautoconsole --rng /dev/random --qemu-commandline="-machine highmem=off"
 

From 48e22151ae4aa856707e1a1d4616219a958ef8b0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 15:24:40 -0700
Subject: [PATCH 087/189] ipa/client: flush handlers at the end of ipa/client

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/ipa/client/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml
index e18de5abc5..aac107c33b 100644
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@@ -79,3 +79,5 @@
   notify:
     - restart sssd
     - clean sss caches
+
+- meta: flush_handlers

From 7ceb390a8b9ab5edab05fda63bbbdc308a617185 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 17:44:21 -0700
Subject: [PATCH 088/189] Drop linux-systems-role from some vms to redo them as
 f34

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../buildvm-a32-31.iad2.fedoraproject.org     | 27 +------------------
 .../buildvm-a32-32.iad2.fedoraproject.org     | 27 +------------------
 .../buildvm-a32-33.iad2.fedoraproject.org     | 27 +------------------
 .../buildvm-a64-31.iad2.fedoraproject.org     | 27 +------------------
 .../buildvm-a64-32.iad2.fedoraproject.org     | 27 +------------------
 .../buildvm-a64-33.iad2.fedoraproject.org     | 27 +------------------
 6 files changed, 6 insertions(+), 156 deletions(-)

diff --git a/inventory/host_vars/buildvm-a32-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-31.iad2.fedoraproject.org
index 5f6fb96068..07469a25fd 100644
--- a/inventory/host_vars/buildvm-a32-31.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-31.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.144
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:9e:67:92
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.144
diff --git a/inventory/host_vars/buildvm-a32-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-32.iad2.fedoraproject.org
index ab4a900705..2c777a9546 100644
--- a/inventory/host_vars/buildvm-a32-32.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-32.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.145
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:48:3e:a3
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.145
diff --git a/inventory/host_vars/buildvm-a32-33.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-33.iad2.fedoraproject.org
index 6e3bd10d77..dca4648728 100644
--- a/inventory/host_vars/buildvm-a32-33.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-33.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.146
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:ec:06:17
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.146
diff --git a/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org
index f1b81928c8..e0ff0fa77e 100644
--- a/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-31.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.141
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:cd:15:88
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.141
diff --git a/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org
index 7ea20d4b96..dbeee1cd3c 100644
--- a/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-32.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.142
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:91:82:01
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.142
diff --git a/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org
index f0c8f4c023..d138a9ca3a 100644
--- a/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-33.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.143
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:37:5c:1d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.143

From 0a4befd8f199c8170af2a3f0e107209fb7793ce4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 17:45:50 -0700
Subject: [PATCH 089/189] move arm builders to f34

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/buildvm_aarch64 | 4 ++--
 inventory/group_vars/buildvm_armv7   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/inventory/group_vars/buildvm_aarch64 b/inventory/group_vars/buildvm_aarch64
index 8f0eb42d72..544a19d9b7 100644
--- a/inventory/group_vars/buildvm_aarch64
+++ b/inventory/group_vars/buildvm_aarch64
@@ -6,8 +6,8 @@ mem_size: 40960
 max_mem_size: "{{ mem_size }}"
 num_cpus: 5
 max_cpu: "{{ num_cpus }}"
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-33
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/33/Server/aarch64/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/aarch64/os/
 nm: 255.255.255.0
 gw: 10.3.170.254
 dns: 10.3.163.33
diff --git a/inventory/group_vars/buildvm_armv7 b/inventory/group_vars/buildvm_armv7
index 9f37d5af43..28d05fc764 100644
--- a/inventory/group_vars/buildvm_armv7
+++ b/inventory/group_vars/buildvm_armv7
@@ -6,8 +6,8 @@ mem_size: 24576
 max_mem_size: "{{ mem_size }}"
 num_cpus: 5
 max_cpu: "{{ num_cpus }}"
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-32-armv7-iad2
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/armhfp/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-34-armv7
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/armhfp/os/
 nm: 255.255.255.0
 gw: 10.3.170.254
 dns: 10.3.163.33

From ac2ea4030c24a68649808430e470c56e0d450903 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 18:04:03 -0700
Subject: [PATCH 090/189] switch to efi armv7 in prod

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/buildvm_armv7 |  4 +-
 tasks/virt_instance_create.yml     | 96 +++++++++++++++---------------
 2 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/inventory/group_vars/buildvm_armv7 b/inventory/group_vars/buildvm_armv7
index 28d05fc764..c710a6bb26 100644
--- a/inventory/group_vars/buildvm_armv7
+++ b/inventory/group_vars/buildvm_armv7
@@ -2,12 +2,12 @@
 # common items for the buildvm-aarmv7* koji builders
 volgroup: /dev/vg_guests
 lvm_size: 140000
-mem_size: 24576
+mem_size: 40960
 max_mem_size: "{{ mem_size }}"
 num_cpus: 5
 max_cpu: "{{ num_cpus }}"
 ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-34-armv7
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/armhfp/os/
+ks_repo: http://10.3.163.35/pub/fedora/linux/development/34/Server/armhfp/os/
 nm: 255.255.255.0
 gw: 10.3.170.254
 dns: 10.3.163.33
diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml
index b005f1f36b..bb359a763b 100644
--- a/tasks/virt_instance_create.yml
+++ b/tasks/virt_instance_create.yml
@@ -35,60 +35,60 @@
   delay: 20
   when: inventory_hostname not in result.list_vms
 
-- name: ARMv7 copy the kernel out
-  shell: "virt-builder --get-kernel {{ volgroup }}/{{ inventory_hostname }} --output /var/lib/libvirt/images/  | awk -F/ '{print $NF}' > /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
-  delegate_to: "{{ vmhost}}"
-  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-  tags:
-    - armv7-kernel
-
-- name: ARMv7 extract the kernel details
-  command: "head -n1 /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
-  delegate_to: "{{ vmhost}}"
-  register: host_armv7kernel
-  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-  tags:
-    - armv7-kernel
-
-- name: ARMv7 extract the initrd details
-  command: "tail -n1 /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
-  delegate_to: "{{ vmhost}}"
-  register: host_armv7initrd
-  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-  tags:
-    - armv7-kernel
-
-- name: ARMv7 copy the cmdline out
-  shell: "virt-cat -a {{ volgroup }}/{{ inventory_hostname }} /boot/extlinux/extlinux.conf | grep -m1 append | sed -e 's/append //'"
-  delegate_to: "{{ vmhost}}"
-  register: host_cmdline
-  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-  tags:
-    - armv7-kernel
-
-- name: ARMv7 update the virt parameters
-  vars:
-    ansible_python_interpreter: /usr/bin/python3
-  virt_boot: domain={{ inventory_hostname }} kernel=/var/lib/libvirt/images/{{ host_armv7kernel.stdout }} initrd=/var/lib/libvirt/images/{{ host_armv7initrd.stdout }} cmdline={{ host_cmdline.stdout }}
-  delegate_to: "{{ vmhost }}"
-  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-  tags:
-    - armv7-kernel
-
-- name: when armv7kernelupdate is set we are done
-  fail: msg="armv7kernelupdate was set, so kernel has been updated and target booted up"
-  when: armv7kernelupdate is defined
+#- name: ARMv7 copy the kernel out
+#  shell: "virt-builder --get-kernel {{ volgroup }}/{{ inventory_hostname }} --output /var/lib/libvirt/images/  | awk -F/ '{print $NF}' > /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
+#  delegate_to: "{{ vmhost}}"
+#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
+#  tags:
+#    - armv7-kernel
+#
+#- name: ARMv7 extract the kernel details
+#  command: "head -n1 /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
+#  delegate_to: "{{ vmhost}}"
+#  register: host_armv7kernel
+#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
+#  tags:
+#    - armv7-kernel
+#
+#- name: ARMv7 extract the initrd details
+#  command: "tail -n1 /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
+#  delegate_to: "{{ vmhost}}"
+#  register: host_armv7initrd
+#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
+#  tags:
+#    - armv7-kernel
+#
+#- name: ARMv7 copy the cmdline out
+#  shell: "virt-cat -a {{ volgroup }}/{{ inventory_hostname }} /boot/extlinux/extlinux.conf | grep -m1 append | sed -e 's/append //'"
+#  delegate_to: "{{ vmhost}}"
+#  register: host_cmdline
+#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
+#  tags:
+#    - armv7-kernel
+#
+#- name: ARMv7 update the virt parameters
+#  vars:
+#    ansible_python_interpreter: /usr/bin/python3
+#  virt_boot: domain={{ inventory_hostname }} kernel=/var/lib/libvirt/images/{{ host_armv7kernel.stdout }} initrd=/var/lib/libvirt/images/{{ host_armv7initrd.stdout }} cmdline={{ host_cmdline.stdout }}
+#  delegate_to: "{{ vmhost }}"
+#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
+#  tags:
+#    - armv7-kernel
+#
+#- name: when armv7kernelupdate is set we are done
+#  fail: msg="armv7kernelupdate was set, so kernel has been updated and target booted up"
+#  when: armv7kernelupdate is defined
 
 - name: start the vm up and set it to autostart
   virt: state=running name={{ inventory_hostname }} autostart=True
   delegate_to: "{{ vmhost }}"
   when: inventory_hostname not in result.list_vms
 
-- name: ARMv7 pause while VM updates
-  pause: seconds=5
-  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-  tags:
-    - armv7-kernel
+#- name: ARMv7 pause while VM updates
+#  pause: seconds=5
+#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
+#  tags:
+#    - armv7-kernel
 
 - name: make sure there is no old ssh host key for the host still around
   local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent

From 9a09a926ab9e32e41e019599b4b9a6c5a93f3b3d Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 24 May 2021 18:24:17 -0700
Subject: [PATCH 091/189] drop ntp/ntpdate, no longer in f34

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/koji_builder/tasks/main.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 0fa411b608..8bbe1a7102 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -74,8 +74,6 @@
     - mock
     - kernel-firmware
     - kernel-modules
-    - ntp
-    - ntpdate
     - rsyslog
     - audit
     - pycdio

From b845ffb60b132ef3d27ef68798d5472f3cb9a9ca Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 25 May 2021 11:29:48 -0700
Subject: [PATCH 092/189] bodhi: fix some old phx2 datacenter references.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bodhi2/base/templates/configmap.yml     | 2 +-
 roles/bodhi2/base/templates/production.ini.j2 | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/bodhi2/base/templates/configmap.yml b/roles/bodhi2/base/templates/configmap.yml
index 448978eeef..7d439064c8 100644
--- a/roles/bodhi2/base/templates/configmap.yml
+++ b/roles/bodhi2/base/templates/configmap.yml
@@ -29,7 +29,7 @@ data:
      .fedoraproject.org = FEDORAPROJECT.ORG
      fedoraproject.org = FEDORAPROJECT.ORG
     {% if env == "staging" %}
-     .stg.phx2.fedoraproject.org = STG.FEDORAPROJECT.ORG
+     .stg.iad2.fedoraproject.org = STG.FEDORAPROJECT.ORG
     {% endif %}
      .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
      stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2
index 76eca61a69..7c8d3b81da 100644
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@@ -698,9 +698,7 @@ debugtoolbar.hosts = 127.0.0.1 ::1
 # suitable for a production environment. You can encode a username and password in the URL. For
 # example, postgresql://username:password@hostname/database_name
 # sqlalchemy.url = sqlite:////var/cache/bodhi.db
-{% if env == 'production' and datacenter == 'phx2' %}
-sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi.phx2.fedoraproject.org/bodhi2
-{% elif env == 'production' and datacenter == 'iad2' %}
+{% if env == 'production' %}
 sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi.iad2.fedoraproject.org/bodhi2
 {% elif env == 'staging' %}
 sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db01.stg.iad2.fedoraproject.org/bodhi2

From ec779e97219f96999562c0097c12891e4552004a Mon Sep 17 00:00:00 2001
From: Mohan Boddu <mboddu@bhujji.com>
Date: Tue, 25 May 2021 14:44:41 -0400
Subject: [PATCH 093/189] F32 EOL

Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
---
 roles/bodhi2/backend/files/new-updates-sync   | 44 -----------
 roles/bodhi2/backend/tasks/main.yml           |  2 +-
 .../backend/templates/koji_sync_listener.toml |  4 -
 roles/koji_hub/templates/hub.conf.j2          |  1 -
 .../platform-f32.yaml                         | 28 -------
 .../pkgdb-gnome-software-collections.json     |  2 +-
 roles/releng/files/cloud-updates              |  4 +-
 roles/releng/files/container-updates          |  4 +-
 .../templates/robosignatory.toml.j2           | 78 -------------------
 9 files changed, 6 insertions(+), 161 deletions(-)
 delete mode 100644 roles/mbs/common/files/default-modules.production/platform-f32.yaml

diff --git a/roles/bodhi2/backend/files/new-updates-sync b/roles/bodhi2/backend/files/new-updates-sync
index df3f570fac..6d629e8c3b 100755
--- a/roles/bodhi2/backend/files/new-updates-sync
+++ b/roles/bodhi2/backend/files/new-updates-sync
@@ -114,50 +114,6 @@ RELEASES = {'f34': {'topic': 'fedora',
                                 'dest': os.path.join(FEDORAALTDEST, 'testing', '33', 'Modular')}
                               ]}}
                    },
-            'f32': {'topic': 'fedora',
-                    'version': '32',
-                    'modules': ['fedora', 'fedora-secondary'],
-                    'repos': {'updates': {
-                        'from': 'f32-updates',
-                        'ostrees': [{'ref': 'fedora/32/%(arch)s/updates/silverblue',
-                                     'dest': OSTREEDEST,
-                                     'arches': ['x86_64', 'ppc64le', 'aarch64']}],
-                        'to': [{'arches': ['x86_64', 'armhfp', 'aarch64', 'source'],
-                                'dest': os.path.join(FEDORADEST, '32', 'Everything')},
-                               {'arches': ['ppc64le', 's390x'],
-                                'dest': os.path.join(FEDORAALTDEST, '32', 'Everything')}
-                              ]},
-                              'updates-testing': {
-                        'from': 'f32-updates-testing',
-                        'ostrees': [{'ref': 'fedora/32/%(arch)s/testing/silverblue',
-                                     'dest': OSTREEDEST,
-                                     'arches': ['x86_64', 'ppc64le', 'aarch64']}],
-                        'to': [{'arches': ['x86_64', 'aarch64', 'armhfp', 'source'],
-                                'dest': os.path.join(FEDORADEST, 'testing', '32', 'Everything')},
-                               {'arches': ['ppc64le', 's390x'],
-                                'dest': os.path.join(FEDORAALTDEST, 'testing', '32', 'Everything')}
-                              ]}}
-                   },
-            'f32m': {'topic': 'fedora',
-                    'version': '32m',
-                    'modules': ['fedora', 'fedora-secondary'],
-                    'repos': {'updates': {
-                        'from': 'f32-modular-updates',
-                        'ostrees': [],
-                        'to': [{'arches': ['x86_64', 'aarch64', 'armhfp', 'source'],
-                                'dest': os.path.join(FEDORADEST, '32', 'Modular')},
-                               {'arches': ['ppc64le', 's390x'],
-                                'dest': os.path.join(FEDORAALTDEST, '32', 'Modular')}
-                              ]},
-                              'updates-testing': {
-                        'from': 'f32-modular-updates-testing',
-                        'ostrees': [],
-                        'to': [{'arches': ['x86_64', 'aarch64', 'armhfp', 'source'],
-                                'dest': os.path.join(FEDORADEST, 'testing', '32', 'Modular')},
-                               {'arches': ['ppc64le', 's390x'],
-                                'dest': os.path.join(FEDORAALTDEST, 'testing', '32', 'Modular')}
-                              ]}}
-                   },
             'epel8': {'topic': 'epel',
                       'version': '8',
                       'modules': ['epel'],
diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml
index 02e95ec06b..bf9d9ce5b5 100644
--- a/roles/bodhi2/backend/tasks/main.yml
+++ b/roles/bodhi2/backend/tasks/main.yml
@@ -76,7 +76,7 @@
   # bodhi2/backend/files/koji_sync_listener.py
   # This cronjob runs only once a day.  The listener script runs reactively.
   cron: name="owner-sync" minute="15" hour="4" user="root"
-      job="/usr/local/bin/lock-wrapper owner-sync '/usr/local/bin/owner-sync-pagure f35 f35-container f35-modular f34 f34-container f34-modular f33 f33-container f33-modular f33-flatpak f32 f32-container f32-modular f32-flatpak epel8 epel8-playground epel8-modular epel7 module-package-list modular'"
+      job="/usr/local/bin/lock-wrapper owner-sync '/usr/local/bin/owner-sync-pagure f35 f35-container f35-modular f34 f34-container f34-modular f33 f33-container f33-modular f33-flatpak epel8 epel8-playground epel8-modular epel7 module-package-list modular'"
       cron_file=update-koji-owner
   when: env == "production"
   tags:
diff --git a/roles/bodhi2/backend/templates/koji_sync_listener.toml b/roles/bodhi2/backend/templates/koji_sync_listener.toml
index bfd94186e8..5f90458974 100644
--- a/roles/bodhi2/backend/templates/koji_sync_listener.toml
+++ b/roles/bodhi2/backend/templates/koji_sync_listener.toml
@@ -48,10 +48,6 @@ taglist = [
     "f33-container",
     "f33-modular",
     "f33-flatpak",
-    "f32",
-    "f32-container",
-    "f32-modular",
-    "f32-flatpak",
     "epel8",
     "epel8-playground",
     "epel8-modular",
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index f1612e280c..b9c719d828 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -188,7 +188,6 @@ sidetag =
     tag f35-build :: allow
     tag f34-build :: allow
     tag f33-build :: allow
-    tag f32-build :: allow
     tag eln-build :: allow
     tag epel8-build :: allow
     tag epel7-build :: allow
diff --git a/roles/mbs/common/files/default-modules.production/platform-f32.yaml b/roles/mbs/common/files/default-modules.production/platform-f32.yaml
deleted file mode 100644
index d1405fbed3..0000000000
--- a/roles/mbs/common/files/default-modules.production/platform-f32.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-data:
-  description: Fedora 32 traditional base
-  license:
-    module: [MIT]
-  name: platform
-  profiles:
-    buildroot:
-      rpms: [bash, bzip2, coreutils, cpio, diffutils, fedora-release, findutils, gawk,
-        glibc-minimal-langpack, grep, gzip, info, make, patch, redhat-rpm-config,
-        rpm-build, sed, shadow-utils, tar, unzip, util-linux, which, xz]
-    srpm-buildroot:
-      rpms: [bash, fedora-release, fedpkg-minimal, glibc-minimal-langpack, gnupg2,
-        redhat-rpm-config, rpm-build, shadow-utils]
-  stream: f32
-  summary: Fedora 32 traditional base
-  context: 00000000
-  version: 1
-  xmd:
-    mbs:
-      buildrequires: {}
-      commit: f32
-      requires: {}
-      koji_tag: module-f32-build
-      mse: TRUE
-      virtual_streams: [fedora]
-document: modulemd
-version: 1
-
diff --git a/roles/pkgdb-proxy/files/pkgdb-gnome-software-collections.json b/roles/pkgdb-proxy/files/pkgdb-gnome-software-collections.json
index 5711c28db6..ffc3a6fdce 100644
--- a/roles/pkgdb-proxy/files/pkgdb-gnome-software-collections.json
+++ b/roles/pkgdb-proxy/files/pkgdb-gnome-software-collections.json
@@ -41,7 +41,7 @@
       "dist_tag": ".fc32",
       "koji_name": "f32",
       "name": "Fedora",
-      "status": "Active",
+      "status": "EOL",
       "version": "32"
     },
     {
diff --git a/roles/releng/files/cloud-updates b/roles/releng/files/cloud-updates
index 2cfc2a5a08..731973faf1 100644
--- a/roles/releng/files/cloud-updates
+++ b/roles/releng/files/cloud-updates
@@ -3,8 +3,8 @@ MAILTO=releng-cron@lists.fedoraproject.org
 15 6 * * * root TMPDIR=`mktemp -d /tmp/CloudF33.XXXXXX` && chmod 755 $TMPDIR && pushd $TMPDIR && git clone -n https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f33 && LANG=en_US.UTF-8 ./cloud-nightly.sh RC-$(date "+\%Y\%m\%d").0 && popd && rm -rf $TMPDIR
 
 # Fedora 32 Cloud nightly compose
-MAILTO=releng-cron@lists.fedoraproject.org
-15 7 * * * root TMPDIR=`mktemp -d /tmp/CloudF32.XXXXXX` && chmod 755 $TMPDIR && pushd $TMPDIR && git clone -n https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f32 && LANG=en_US.UTF-8 ./cloud-nightly.sh RC-$(date "+\%Y\%m\%d").0 && popd && rm -rf $TMPDIR
+#MAILTO=releng-cron@lists.fedoraproject.org
+#15 7 * * * root TMPDIR=`mktemp -d /tmp/CloudF32.XXXXXX` && chmod 755 $TMPDIR && pushd $TMPDIR && git clone -n https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f32 && LANG=en_US.UTF-8 ./cloud-nightly.sh RC-$(date "+\%Y\%m\%d").0 && popd && rm -rf $TMPDIR
 
 # Fedora 34 Cloud nightly compose
 MAILTO=releng-cron@lists.fedoraproject.org
diff --git a/roles/releng/files/container-updates b/roles/releng/files/container-updates
index 752c76ce63..85215148d1 100644
--- a/roles/releng/files/container-updates
+++ b/roles/releng/files/container-updates
@@ -7,5 +7,5 @@ MAILTO=releng-cron@lists.fedoraproject.org
 45 7 * * * root TMPDIR=`mktemp -d /tmp/containerF33.XXXXXX` && chmod 755 $TMPDIR && pushd $TMPDIR && git clone -n https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f33 && LANG=en_US.UTF-8 ./container-nightly.sh RC-$(date "+\%Y\%m\%d").0 && popd && rm -rf $TMPDIR
 
 # Fedora 32 Container Updates nightly compose
-MAILTO=releng-cron@lists.fedoraproject.org
-45 6 * * * root TMPDIR=`mktemp -d /tmp/containerF32.XXXXXX` && chmod 755 $TMPDIR && pushd $TMPDIR && git clone -n https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f32 && LANG=en_US.UTF-8 ./container-nightly.sh RC-$(date "+\%Y\%m\%d").0 && popd && rm -rf $TMPDIR
+#MAILTO=releng-cron@lists.fedoraproject.org
+#45 6 * * * root TMPDIR=`mktemp -d /tmp/containerF32.XXXXXX` && chmod 755 $TMPDIR && pushd $TMPDIR && git clone -n https://pagure.io/pungi-fedora.git && cd pungi-fedora && git checkout f32 && LANG=en_US.UTF-8 ./container-nightly.sh RC-$(date "+\%Y\%m\%d").0 && popd && rm -rf $TMPDIR
diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2
index 90c85ce057..550d365bf0 100644
--- a/roles/robosignatory/templates/robosignatory.toml.j2
+++ b/roles/robosignatory/templates/robosignatory.toml.j2
@@ -107,12 +107,6 @@ handlers = ["console"]
             key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}"
             keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}"
 
-            [[consumer_config.koji_instances.primary.tags]]
-            from = "f32-infra-candidate"
-            to = "f32-infra-stg"
-            key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}"
-
             [[consumer_config.koji_instances.primary.tags]]
             from = "f33-infra-candidate"
             to = "f33-infra-stg"
@@ -134,12 +128,6 @@ handlers = ["console"]
 
             # Gated coreos-pool tag
 
-            [[consumer_config.koji_instances.primary.tags]]
-            from = "f32-coreos-signing-pending"
-            to = "coreos-pool"
-            key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('12c944d0', 'd300e724') }}"
-
             [[consumer_config.koji_instances.primary.tags]]
             from = "f33-coreos-signing-pending"
             to = "coreos-pool"
@@ -261,38 +249,6 @@ handlers = ["console"]
             keyid = "{{ (env == 'production')|ternary('9570ff31', 'd300e724') }}"
             type = "modular"
 
-            [[consumer_config.koji_instances.primary.tags]]
-            from = "f32-signing-pending"
-            to = "f32-updates-testing-pending"
-            key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('12c944d0', 'd300e724') }}"
-
-            [consumer_config.koji_instances.primary.tags.sidetags]
-            pattern = 'f32-build-side-<seq_id>'
-            from = '<sidetag>-signing-pending'
-            to = '<sidetag>-testing-pending'
-            trusted_taggers = ['bodhi']
-
-            [[consumer_config.koji_instances.primary.tags]]
-            from = "f32-pending"
-            to = "f32"
-            key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('12c944d0', 'd300e724') }}"
-
-            [[consumer_config.koji_instances.primary.tags]]
-            from = "f32-modular-pending"
-            to = "f32-modular"
-            key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('12c944d0', 'd300e724') }}"
-            type = "modular"
-
-            [[consumer_config.koji_instances.primary.tags]]
-            from = "f32-modular-signing-pending"
-            to = "f32-modular-updates-testing-pending"
-            key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('12c944d0', 'd300e724') }}"
-            type = "modular"
-
             #epel8 modular tags
             [[consumer_config.koji_instances.primary.tags]]
             from = "epel8-modular-signing-pending"
@@ -385,12 +341,6 @@ handlers = ["console"]
             key = "{{ (env == 'production')|ternary('fedora-33', 'testkey') }}"
             keyid = "{{ (env == 'production')|ternary('9570ff31', 'd300e724') }}"
 
-            [[consumer_config.koji_instances.primary.tags]]
-            from = "f32-openh264"
-            to = "f32-openh264"
-            key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('12c944d0', 'd300e724') }}"
-
             # f34-rebuild
             [[consumer_config.koji_instances.primary.tags]]
             from = "f34-rebuild"
@@ -429,34 +379,6 @@ handlers = ["console"]
         directory = "/mnt/fedora_koji/koji/compose/iot/repo/"
         key = "{{ (env == 'production')|ternary('fedora-34', 'testkey') }}"
 
-        [consumer_config.ostree_refs."fedora/32/x86_64/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/aarch64/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/ppc64le/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/x86_64/updates/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/x86_64/testing/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/aarch64/updates/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/aarch64/testing/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/ppc64le/updates/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-        [consumer_config.ostree_refs."fedora/32/ppc64le/testing/silverblue"]
-        directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
-        key = "{{ (env == 'production')|ternary('fedora-32', 'testkey') }}"
-
         [consumer_config.ostree_refs."fedora/33/x86_64/silverblue"]
         directory = "/mnt/fedora_koji/koji/compose/ostree/repo/"
         key = "{{ (env == 'production')|ternary('fedora-33', 'testkey') }}"

From eb8e5ecc851f5de3c13eeafd50772465f01bbda4 Mon Sep 17 00:00:00 2001
From: Mohan Boddu <mboddu@bhujji.com>
Date: Tue, 25 May 2021 15:53:51 -0400
Subject: [PATCH 094/189] Set the pkg owner to releng until they are added to
 koji

Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
---
 roles/bodhi2/backend/templates/owner-sync-pagure.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/bodhi2/backend/templates/owner-sync-pagure.j2 b/roles/bodhi2/backend/templates/owner-sync-pagure.j2
index 11859c0dd3..76c904d4d9 100755
--- a/roles/bodhi2/backend/templates/owner-sync-pagure.j2
+++ b/roles/bodhi2/backend/templates/owner-sync-pagure.j2
@@ -369,6 +369,11 @@ def set_koji_ownership(tag, namespace, packages, arches, verbose=False):
 
         for pkg in packages:
             owner = get_pagure_project_owner(namespace, pkg, verbose=verbose)
+            # When the user is created in fedora infra, they wont be added to koji
+            # until they logged into koji for the first time
+            # Set the owner to 'releng' until they logged into koji
+            if not session.getUser(owner):
+                owner = 'releng'
             if pkg not in koji_pkgs:
                 extra_arches = None
                 if pkg in EXTRA_ARCH_LIST:

From 168c7668110d8b2c024964483bbe9b32c41958b0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 25 May 2021 14:08:37 -0700
Subject: [PATCH 095/189] buildvm: switch buildvm's back to getting networking
 set on install

We don't want to use linux-systems-roles here because:
1) everytime we reinstall the mac address changes.
2) These get all the correct netowkring from the kickstart/initial
   install
We do want to use linux-systems-roles for bare metal machines.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../buildvm-a32-01.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-02.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-03.iad2.fedoraproject.org     | 28 +------------------
 .../buildvm-a32-04.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-05.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-06.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-07.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-08.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-09.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-10.iad2.fedoraproject.org     | 28 +------------------
 .../buildvm-a32-11.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-12.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-13.iad2.fedoraproject.org     | 28 +------------------
 .../buildvm-a32-14.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-15.iad2.fedoraproject.org     | 28 +------------------
 .../buildvm-a32-16.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-17.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-18.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-19.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-20.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-21.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-22.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-23.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-24.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-25.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-26.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a32-27.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-01.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-02.iad2.fedoraproject.org     | 28 +------------------
 .../buildvm-a64-03.iad2.fedoraproject.org     | 28 +------------------
 .../buildvm-a64-04.iad2.fedoraproject.org     | 28 +------------------
 .../buildvm-a64-05.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-06.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-07.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-08.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-09.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-10.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-11.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-12.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-13.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-14.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-15.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-16.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-17.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-18.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-19.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-20.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-21.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-22.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-23.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-24.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-25.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-26.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-a64-27.iad2.fedoraproject.org     | 27 +-----------------
 .../buildvm-ppc64le-01.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-02.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-03.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-04.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-05.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-06.iad2.fedoraproject.org | 28 +------------------
 .../buildvm-ppc64le-07.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-08.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-09.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-10.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-11.iad2.fedoraproject.org | 28 +------------------
 .../buildvm-ppc64le-12.iad2.fedoraproject.org | 28 +------------------
 .../buildvm-ppc64le-13.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-14.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-15.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-16.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-17.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-18.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-19.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-20.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-21.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-22.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-23.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-24.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-25.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-26.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-27.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-28.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-29.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-30.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-31.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-32.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-33.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-34.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-35.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-36.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-37.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-38.iad2.fedoraproject.org | 27 +-----------------
 .../buildvm-ppc64le-39.iad2.fedoraproject.org | 28 +------------------
 .../buildvm-ppc64le-40.iad2.fedoraproject.org | 27 +-----------------
 94 files changed, 94 insertions(+), 2455 deletions(-)

diff --git a/inventory/host_vars/buildvm-a32-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-01.iad2.fedoraproject.org
index f9212de133..341d204034 100644
--- a/inventory/host_vars/buildvm-a32-01.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-01.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.61
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:0d:2c:f0
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.61
diff --git a/inventory/host_vars/buildvm-a32-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-02.iad2.fedoraproject.org
index f9ee260ce6..7092480c8d 100644
--- a/inventory/host_vars/buildvm-a32-02.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-02.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.62
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:ac:8e:53
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.62
diff --git a/inventory/host_vars/buildvm-a32-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-03.iad2.fedoraproject.org
index 1be4cf49eb..52913e6fbe 100644
--- a/inventory/host_vars/buildvm-a32-03.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-03.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.63
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:ec:a5:81
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.170.63
diff --git a/inventory/host_vars/buildvm-a32-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-04.iad2.fedoraproject.org
index b87aa71f7a..08dff18700 100644
--- a/inventory/host_vars/buildvm-a32-04.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-04.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.64
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:5c:f6:d2
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.64
diff --git a/inventory/host_vars/buildvm-a32-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-05.iad2.fedoraproject.org
index 7df0f8ba13..0498937e6e 100644
--- a/inventory/host_vars/buildvm-a32-05.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-05.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.65
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:d7:98:00
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.65
diff --git a/inventory/host_vars/buildvm-a32-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-06.iad2.fedoraproject.org
index 76f0b7fc66..289b87b8e3 100644
--- a/inventory/host_vars/buildvm-a32-06.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-06.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.66
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:de:fc:9e
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.66
diff --git a/inventory/host_vars/buildvm-a32-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-07.iad2.fedoraproject.org
index 0697cbc702..0ab0672e59 100644
--- a/inventory/host_vars/buildvm-a32-07.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-07.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.67
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:5d:9e:16
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.67
diff --git a/inventory/host_vars/buildvm-a32-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-08.iad2.fedoraproject.org
index 501e7d4aff..e74e900309 100644
--- a/inventory/host_vars/buildvm-a32-08.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-08.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.68
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:08:bd:f4
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.68
diff --git a/inventory/host_vars/buildvm-a32-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-09.iad2.fedoraproject.org
index d65faaa028..6fd38a0d1c 100644
--- a/inventory/host_vars/buildvm-a32-09.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-09.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.69
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:e5:6a:68
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.69
diff --git a/inventory/host_vars/buildvm-a32-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-10.iad2.fedoraproject.org
index 26e9c33fd3..3b9903ecda 100644
--- a/inventory/host_vars/buildvm-a32-10.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-10.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.70
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:e7:6f:ed
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.170.70
diff --git a/inventory/host_vars/buildvm-a32-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-11.iad2.fedoraproject.org
index 31a9c7c993..840854e470 100644
--- a/inventory/host_vars/buildvm-a32-11.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-11.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.71
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:18:90:20
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.71
diff --git a/inventory/host_vars/buildvm-a32-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-12.iad2.fedoraproject.org
index b9da517c4a..7486f20a1e 100644
--- a/inventory/host_vars/buildvm-a32-12.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-12.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.72
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:23:d9:c7
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.72
diff --git a/inventory/host_vars/buildvm-a32-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-13.iad2.fedoraproject.org
index da0331eb6a..c1b0e5b16f 100644
--- a/inventory/host_vars/buildvm-a32-13.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-13.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.73
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:67:17:ea
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.170.73
diff --git a/inventory/host_vars/buildvm-a32-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-14.iad2.fedoraproject.org
index 8788cc97e2..fdec200cf4 100644
--- a/inventory/host_vars/buildvm-a32-14.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-14.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.74
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:28:be:1a
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.74
diff --git a/inventory/host_vars/buildvm-a32-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-15.iad2.fedoraproject.org
index 4200843bbf..88368a9f88 100644
--- a/inventory/host_vars/buildvm-a32-15.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-15.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.75
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:52:1c:61
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.170.75
diff --git a/inventory/host_vars/buildvm-a32-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-16.iad2.fedoraproject.org
index c6faf52930..7a3c363a28 100644
--- a/inventory/host_vars/buildvm-a32-16.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-16.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.76
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:34:95:28
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.76
diff --git a/inventory/host_vars/buildvm-a32-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-17.iad2.fedoraproject.org
index e04ddf21af..5cee861ab7 100644
--- a/inventory/host_vars/buildvm-a32-17.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-17.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.77
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:6c:d2:9d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.77
diff --git a/inventory/host_vars/buildvm-a32-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-18.iad2.fedoraproject.org
index a6cff9fd8d..887adb0f8f 100644
--- a/inventory/host_vars/buildvm-a32-18.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-18.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.78
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:f9:13:e4
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.78
diff --git a/inventory/host_vars/buildvm-a32-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-19.iad2.fedoraproject.org
index d1694b7cfa..a6310b8fa6 100644
--- a/inventory/host_vars/buildvm-a32-19.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-19.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.79
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:2d:53:c8
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.79
diff --git a/inventory/host_vars/buildvm-a32-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-20.iad2.fedoraproject.org
index 712f7f22cc..0c0a175ca8 100644
--- a/inventory/host_vars/buildvm-a32-20.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-20.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.80
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:b6:5e:eb
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.80
diff --git a/inventory/host_vars/buildvm-a32-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-21.iad2.fedoraproject.org
index 5e0ce3df0d..7414236714 100644
--- a/inventory/host_vars/buildvm-a32-21.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-21.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.81
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:67:c4:5b
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.81
diff --git a/inventory/host_vars/buildvm-a32-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-22.iad2.fedoraproject.org
index 289eb4b114..fee6cb88d8 100644
--- a/inventory/host_vars/buildvm-a32-22.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-22.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.82
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:77:e0:9d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.82
diff --git a/inventory/host_vars/buildvm-a32-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-23.iad2.fedoraproject.org
index b79250e23d..b88f116220 100644
--- a/inventory/host_vars/buildvm-a32-23.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-23.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.83
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:59:40:a8
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.83
diff --git a/inventory/host_vars/buildvm-a32-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-24.iad2.fedoraproject.org
index 5f90985a91..7edac7c452 100644
--- a/inventory/host_vars/buildvm-a32-24.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-24.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.84
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:d3:91:61
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.84
diff --git a/inventory/host_vars/buildvm-a32-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-25.iad2.fedoraproject.org
index 3deaff5385..7bc5a4507a 100644
--- a/inventory/host_vars/buildvm-a32-25.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-25.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.85
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:fa:fc:dd
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.85
diff --git a/inventory/host_vars/buildvm-a32-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-26.iad2.fedoraproject.org
index d3d73836c3..919a666e04 100644
--- a/inventory/host_vars/buildvm-a32-26.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-26.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.86
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:43:98:b2
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.86
diff --git a/inventory/host_vars/buildvm-a32-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a32-27.iad2.fedoraproject.org
index 452634db78..a5173a1988 100644
--- a/inventory/host_vars/buildvm-a32-27.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-27.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.87
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:ef:19:17
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.87
diff --git a/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org
index 2ea1cb5f3c..0538df2eae 100644
--- a/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-01.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.91
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:a0:23:2f
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.91
diff --git a/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org
index db0229d16f..72bd09ebf6 100644
--- a/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-02.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.92
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:81:4c:e8
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.170.92
diff --git a/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org
index f1c49279e6..a5ca82678a 100644
--- a/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-03.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.93
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:9c:4e:9d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.170.93
diff --git a/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org
index 1543aa072b..b868bc953d 100644
--- a/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-04.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.94
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:4f:50:9f
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.170.94
diff --git a/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org
index b140cfd6ee..d676d3ac8f 100644
--- a/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-05.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.95
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:d8:ce:90
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.95
diff --git a/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org
index 750514f995..ffafaad4fd 100644
--- a/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-06.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.96
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:56:00:ac
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.96
diff --git a/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org
index 2f674e23dc..6e82d5de81 100644
--- a/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-07.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.97
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:3d:74:dc
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.97
diff --git a/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org
index 800a3905c9..2d3120c696 100644
--- a/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-08.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.98
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:20:d4:4b
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.98
diff --git a/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org
index 241b3f1613..3dd1edf897 100644
--- a/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-09.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.99
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:c8:74:89
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.99
diff --git a/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org
index 092fa3a9dd..5921e5967b 100644
--- a/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-10.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.100
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:fa:fe:fd
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.100
diff --git a/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org
index ab18f657f9..5b606fe8ab 100644
--- a/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-11.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.101
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:79:6d:b9
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.101
diff --git a/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org
index bd6da942e4..f8723bd0ad 100644
--- a/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-12.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.102
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:54:7f:f2
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.102
diff --git a/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org
index 1551ffff7b..f37342eff1 100644
--- a/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-13.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.103
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:6c:e5:84
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.103
diff --git a/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org
index b4465eebee..6b38e3c8df 100644
--- a/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-14.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.104
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:70:9d:8d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.104
diff --git a/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org
index 3134fca3d9..4a7649cfe9 100644
--- a/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-15.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.105
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:e4:02:9f
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.105
diff --git a/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org
index 41c61660c5..abe22bf19d 100644
--- a/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-16.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.106
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:92:3b:d3
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.106
diff --git a/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org
index b0bea3bf38..4b4c7cfb56 100644
--- a/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-17.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.107
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:26:84:9e
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.107
diff --git a/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org
index cee6b0c2aa..f15ed90599 100644
--- a/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-18.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.108
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:14:25:7b
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.108
diff --git a/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org
index 4f08cceb44..4893581ebb 100644
--- a/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-19.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.109
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:fa:b9:23
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.109
diff --git a/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org
index 7a963ba8cb..d16213a823 100644
--- a/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-20.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.110
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:7e:9a:f1
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.110
diff --git a/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org
index 3ad27312e3..6b430ce0dd 100644
--- a/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-21.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.111
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:f9:49:c1
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.111
diff --git a/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org
index 5cec67bb18..dcd1d471f0 100644
--- a/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-22.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.112
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:cf:2b:93
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.112
diff --git a/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org
index ac94546764..36c8987065 100644
--- a/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-23.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.113
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:4f:f7:ce
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.113
diff --git a/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org
index 9d5daa07ca..30558fcd36 100644
--- a/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-24.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.114
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:2f:4a:5c
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.170.114
diff --git a/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org
index 08f1cfa704..7827a23848 100644
--- a/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-25.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.115
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:50:46:92
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.115
diff --git a/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org
index 52a5af81c2..d8e151b048 100644
--- a/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-26.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.116
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:49:22:db
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.116
diff --git a/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org
index 72d56203b5..f6286f8742 100644
--- a/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a64-27.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.170.117
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.170.254
-
-has_ipv6: no
-
-mac0: 52:54:00:10:15:cf
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
\ No newline at end of file
+eth0_ip: 10.3.170.117
diff --git a/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org
index 135119462a..6a2b7c587c 100644
--- a/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-01.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.41
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:c6:c6:96
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.41
diff --git a/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org
index 2bf7421691..078a01e063 100644
--- a/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-02.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.42
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:50:6e:ae
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.42
diff --git a/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org
index 26e684f26c..460073c4cc 100644
--- a/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-03.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.43
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:69:cc:10
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.43
diff --git a/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org
index 463fc0a5c2..8e05e8c0ec 100644
--- a/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-04.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.44
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:72:a2:96
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.44
diff --git a/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org
index 505b56d205..ea108c0b49 100644
--- a/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-05.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.45
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:cf:85:9d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.45
diff --git a/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org
index cbd01ca881..a3c3982681 100644
--- a/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-06.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.46
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:e6:6e:da
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.171.46
diff --git a/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org
index 107244a5b9..bf2b5982a9 100644
--- a/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-07.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.47
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:66:cd:a5
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.47
diff --git a/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org
index 53c07af4be..e72b067367 100644
--- a/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-08.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.48
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:c7:ee:cd
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.48
diff --git a/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org
index b2ad69d32e..f227cd6cfe 100644
--- a/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-09.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.49
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:73:93:25
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.49
diff --git a/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org
index 7bc1f32faf..c94ea9923b 100644
--- a/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-10.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.50
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:7d:68:b8
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.50
diff --git a/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org
index 33620b0012..0092023dd2 100644
--- a/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-11.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.51
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:35:7b:11
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.171.51
diff --git a/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org
index ce1bd5c697..d46d969ab1 100644
--- a/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-12.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.52
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:95:93:97
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.171.52
diff --git a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
index 15761e1974..f6ad983317 100644
--- a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
@@ -4,30 +4,5 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
 eth0_ip: 10.3.171.53
-eth0_ipv4: 10.3.171.53
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:36:bc:34
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.53
diff --git a/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org
index b235cf18b9..b004583010 100644
--- a/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-14.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.54
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:9c:b6:cd
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.54
diff --git a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
index b59ccf6b8e..e38eb17ce9 100644
--- a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
@@ -4,30 +4,5 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
 eth0_ip: 10.3.171.55
-eth0_ipv4: 10.3.171.55
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:68:64:dc
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.55
diff --git a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
index a2dca31382..85ccc2080a 100644
--- a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
@@ -4,30 +4,5 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
 eth0_ip: 10.3.171.56
-eth0_ipv4: 10.3.171.56
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:cb:57:ef
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.56
diff --git a/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org
index 70720cf05f..eb29d2045d 100644
--- a/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-17.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.57
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:24:c8:21
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.57
diff --git a/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org
index 9b229cfef6..c01389b777 100644
--- a/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-18.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.58
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:07:95:b8
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.58
diff --git a/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org
index 70c95da01a..2626225675 100644
--- a/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-19.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.59
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:4a:bc:c6
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.59
diff --git a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
index 49d21f2727..c41d825ce4 100644
--- a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
@@ -4,30 +4,5 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
 eth0_ip: 10.3.171.60
-eth0_ipv4: 10.3.171.60
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:e0:0f:d5
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.60
diff --git a/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org
index fd3eab9171..a66a619309 100644
--- a/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-21.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.61
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:53:00:ba
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.61
diff --git a/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org
index c0a4accc27..72a1550ebe 100644
--- a/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-22.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.62
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:c9:a8:47
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.62
diff --git a/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org
index 329fe141fc..60aafdcf64 100644
--- a/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-23.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.63
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:fa:c2:62
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.63
diff --git a/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org
index 6481ae788b..158ad3f056 100644
--- a/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-24.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.64
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:c4:f9:e5
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.64
diff --git a/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org
index 8df138f839..0bbabc8002 100644
--- a/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-25.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.65
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:d9:62:a4
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.65
diff --git a/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org
index 5e8f88a4b3..e4d33ab5da 100644
--- a/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-26.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.66
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:e0:41:0a
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.66
diff --git a/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org
index 4a691b36e8..30caf62d10 100644
--- a/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-27.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.67
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:5e:ae:96
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.67
diff --git a/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org
index 946f0082ed..3a8a329029 100644
--- a/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-28.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.68
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:ed:23:78
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.68
diff --git a/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org
index 8cd9041623..42c8c2f441 100644
--- a/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-29.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.69
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:ee:13:14
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.69
diff --git a/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org
index 548e6dc44c..3b9a05ef82 100644
--- a/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-30.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.70
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:c2:2c:d2
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.70
diff --git a/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org
index e1fe439110..476d83c057 100644
--- a/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-31.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.71
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:f3:f9:4b
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.71
diff --git a/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org
index a1d508932e..6c6eb6bb27 100644
--- a/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-32.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.72
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:24:96:9d
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.72
diff --git a/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org
index efd970e288..b740c8afe5 100644
--- a/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-33.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.73
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:50:e1:63
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.73
diff --git a/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org
index 954f5becad..aee705ac40 100644
--- a/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org
@@ -4,30 +4,5 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
 eth0_ip: 10.3.171.74
-eth0_ipv4: 10.3.171.74
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:b8:ba:ec
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.74
diff --git a/inventory/host_vars/buildvm-ppc64le-35.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-35.iad2.fedoraproject.org
index 7c58f13d19..d41f796aab 100644
--- a/inventory/host_vars/buildvm-ppc64le-35.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-35.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.75
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:1c:10:6a
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.75
diff --git a/inventory/host_vars/buildvm-ppc64le-36.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-36.iad2.fedoraproject.org
index 0ce809a2d3..2f4d18a29e 100644
--- a/inventory/host_vars/buildvm-ppc64le-36.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-36.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.76
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:09:41:c0
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.76
diff --git a/inventory/host_vars/buildvm-ppc64le-37.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-37.iad2.fedoraproject.org
index 5c63038ec1..ab688c4a7b 100644
--- a/inventory/host_vars/buildvm-ppc64le-37.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-37.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.77
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:da:4c:c7
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.77
diff --git a/inventory/host_vars/buildvm-ppc64le-38.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-38.iad2.fedoraproject.org
index 245f63f717..8500559f4f 100644
--- a/inventory/host_vars/buildvm-ppc64le-38.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-38.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.78
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:b4:0c:06
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.78
diff --git a/inventory/host_vars/buildvm-ppc64le-39.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-39.iad2.fedoraproject.org
index 917d33effd..a48dea53ee 100644
--- a/inventory/host_vars/buildvm-ppc64le-39.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-39.iad2.fedoraproject.org
@@ -4,30 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.79
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:79:59:53
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
-
+eth0_ip: 10.3.171.79
diff --git a/inventory/host_vars/buildvm-ppc64le-40.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-40.iad2.fedoraproject.org
index e4bcf174f6..01de5481b6 100644
--- a/inventory/host_vars/buildvm-ppc64le-40.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-40.iad2.fedoraproject.org
@@ -4,29 +4,4 @@ datacenter: iad2
 dns1: 10.3.163.33
 dns2: 10.3.163.34
 
-has_ipv4: yes
-eth0_ipv4: 10.3.171.80
-eth0_ipv4_nm: 24
-eth0_ipv4_gw: 10.3.171.254
-
-has_ipv6: no
-
-mac0: 52:54:00:a2:03:d8
-
-network_connections:
-- name: eth0
-  mac: "{{ mac0 }}"
-  state: up
-  type: ethernet
-  ip:
-    address:
-    - "{{ eth0_ipv4 }}/{{ eth0_ipv4_nm }}"
-    gateway4: "{{ eth0_ipv4_gw }}"
-    dns:
-    - "{{ dns1 }}"
-    - "{{ dns2 }}"
-    dns_search:
-    - iad2.fedoraproject.org
-    - fedoraproject.org
-    dhcp4: no
-    auto6: no
+eth0_ip: 10.3.171.80

From 7750800537cff6db24e0de14529dbee97cf8d9a0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 25 May 2021 14:16:44 -0700
Subject: [PATCH 096/189] buildvm: update things for f34

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/buildvm         | 2 +-
 inventory/group_vars/buildvm_ppc64le | 2 +-
 inventory/group_vars/buildvm_s390x   | 4 ++--
 inventory/group_vars/buildvm_stg     | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm
index b4e82667e0..969df66260 100644
--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@@ -6,7 +6,7 @@ mem_size: 15360
 max_mem_size: "{{ mem_size }}"
 num_cpus: 6
 ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/33/Server/x86_64/os/
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/x86_64/os/
 nm: 255.255.255.0
 gw: 10.5.125.254
 dns: 10.3.163.33
diff --git a/inventory/group_vars/buildvm_ppc64le b/inventory/group_vars/buildvm_ppc64le
index fd15d5bce9..5d3c83cc5d 100644
--- a/inventory/group_vars/buildvm_ppc64le
+++ b/inventory/group_vars/buildvm_ppc64le
@@ -6,7 +6,7 @@ mem_size: 20480
 max_mem_size: 20480
 num_cpus: 8
 
-ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/33/Server/ppc64le/os/
+ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/34/Server/ppc64le/os/
 ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
 
 ipa_server: ipa01.iad2.fedoraproject.org
diff --git a/inventory/group_vars/buildvm_s390x b/inventory/group_vars/buildvm_s390x
index d5a828dc73..cd7df89cf8 100644
--- a/inventory/group_vars/buildvm_s390x
+++ b/inventory/group_vars/buildvm_s390x
@@ -8,8 +8,8 @@ vmhost: buildvmhost-s390x-01.s390.fedoraproject.org
 gw: 10.16.0.254
 main_bridge: vmbr
 volgroup: /dev/fedora_linux_lpar_1
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-31-s390x
-ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/31/Server/s390x/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora-secondary/releases/34/Server/s390x/os/
 dns: 10.3.163.33
 nm: 255.255.255.0
 virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}"
diff --git a/inventory/group_vars/buildvm_stg b/inventory/group_vars/buildvm_stg
index 6bba7e8feb..931189c589 100644
--- a/inventory/group_vars/buildvm_stg
+++ b/inventory/group_vars/buildvm_stg
@@ -8,8 +8,8 @@ num_cpus: 4
 dns: 10.3.163.33
 gw: 10.3.167.254
 nm: 255.255.255.0
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/33/Server/x86_64/os/
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-33
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/x86_64/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm_fedora
 resolvconf: "resolv.conf/iad2"
 virt_install_command: "{{ virt_install_command_one_nic_unsafe }}"
 ipa_server: ipa01.stg.iad2.fedoraproject.org

From 68c5eaebea4ec142d5d1ccc1ca6c0d87a8a750d4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 25 May 2021 14:17:29 -0700
Subject: [PATCH 097/189] virt-instance-create: drop old non efi armv7 stuff

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 tasks/virt_instance_create.yml | 50 ----------------------------------
 1 file changed, 50 deletions(-)

diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml
index bb359a763b..9a60d96452 100644
--- a/tasks/virt_instance_create.yml
+++ b/tasks/virt_instance_create.yml
@@ -35,61 +35,11 @@
   delay: 20
   when: inventory_hostname not in result.list_vms
 
-#- name: ARMv7 copy the kernel out
-#  shell: "virt-builder --get-kernel {{ volgroup }}/{{ inventory_hostname }} --output /var/lib/libvirt/images/  | awk -F/ '{print $NF}' > /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
-#  delegate_to: "{{ vmhost}}"
-#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-#  tags:
-#    - armv7-kernel
-#
-#- name: ARMv7 extract the kernel details
-#  command: "head -n1 /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
-#  delegate_to: "{{ vmhost}}"
-#  register: host_armv7kernel
-#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-#  tags:
-#    - armv7-kernel
-#
-#- name: ARMv7 extract the initrd details
-#  command: "tail -n1 /var/lib/libvirt/images/{{ inventory_hostname }}-details.txt"
-#  delegate_to: "{{ vmhost}}"
-#  register: host_armv7initrd
-#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-#  tags:
-#    - armv7-kernel
-#
-#- name: ARMv7 copy the cmdline out
-#  shell: "virt-cat -a {{ volgroup }}/{{ inventory_hostname }} /boot/extlinux/extlinux.conf | grep -m1 append | sed -e 's/append //'"
-#  delegate_to: "{{ vmhost}}"
-#  register: host_cmdline
-#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-#  tags:
-#    - armv7-kernel
-#
-#- name: ARMv7 update the virt parameters
-#  vars:
-#    ansible_python_interpreter: /usr/bin/python3
-#  virt_boot: domain={{ inventory_hostname }} kernel=/var/lib/libvirt/images/{{ host_armv7kernel.stdout }} initrd=/var/lib/libvirt/images/{{ host_armv7initrd.stdout }} cmdline={{ host_cmdline.stdout }}
-#  delegate_to: "{{ vmhost }}"
-#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-#  tags:
-#    - armv7-kernel
-#
-#- name: when armv7kernelupdate is set we are done
-#  fail: msg="armv7kernelupdate was set, so kernel has been updated and target booted up"
-#  when: armv7kernelupdate is defined
-
 - name: start the vm up and set it to autostart
   virt: state=running name={{ inventory_hostname }} autostart=True
   delegate_to: "{{ vmhost }}"
   when: inventory_hostname not in result.list_vms
 
-#- name: ARMv7 pause while VM updates
-#  pause: seconds=5
-#  when: env != 'staging' and inventory_hostname.startswith(('buildvm-a32', 'buildvm-armv7','armv7-test')) and ( inventory_hostname not in result.list_vms or armv7kernelupdate is defined )
-#  tags:
-#    - armv7-kernel
-
 - name: make sure there is no old ssh host key for the host still around
   local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
   ignore_errors: True

From 16a23a9ae3cd0b614417bebc99ba5a7fb2e7eac8 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 26 May 2021 10:18:01 -0700
Subject: [PATCH 098/189] fedmsg/irc: duplicate all bots for libera network

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/fedmsg/irc/templates/ircbot.py | 683 +++++++++++++++++++++++++++
 1 file changed, 683 insertions(+)

diff --git a/roles/fedmsg/irc/templates/ircbot.py b/roles/fedmsg/irc/templates/ircbot.py
index 2f718330e1..c6752cff58 100644
--- a/roles/fedmsg/irc/templates/ircbot.py
+++ b/roles/fedmsg/irc/templates/ircbot.py
@@ -683,6 +683,689 @@ config = dict(
                     body=['^((?!(fedora-podcast)).)*$'],
             ),
         ),
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fedmsg-stg',
+            channel='fedora-fedmsg-stg',
+            {% else %}
+            nickname='fedmsg-bot',
+            channel='fedora-fedmsg',
+            {% endif %}
+
+            filters=dict(
+                topic=[
+                    # Ignore some of the koji spamminess
+                    'buildsys.package.list.change',
+                    'buildsys.repo.init',
+                    'buildsys.repo.done',
+                    'buildsys.untag',
+                    'buildsys.tag',
+                    # And some of the FAF/ABRT spamminess
+                    'faf.report.threshold1',
+                    'faf.problem.threshold1',
+                    # And some resultsdb spam
+                    'resultsdb.result.new',
+                ],
+                body=[],
+            ),
+        ),
+
+        # For fedora-admin
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-admin',
+            {% else %}
+            nickname='fm-admin',
+            {% endif %}
+            channel='fedora-admin',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=[
+                    "^((?!(fedora-infrastructure)).)*$",
+                ],
+            ),
+        ),
+
+        # For fedora-apps
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-apps',
+            {% else %}
+            nickname='fm-apps',
+            {% endif %}
+            channel='fedora-apps',
+            filters=dict(
+                topic=[
+                    '^((?!(github\.create|github\.issue\.|github\.pull_request|github\.commit_comment|github\.star|pagure)).)*$',
+                ],
+                body=[
+                    "^((?!fedora-infra).)*$",
+                ],
+            ),
+        ),
+
+        # For that commops crew!
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='commops-bot-s',
+            {% else %}
+            nickname='commops-bot',
+            {% endif %}
+            channel='fedora-commops',
+            filters=dict(
+                topic=[
+                    '^((?!(happinesspacket|fedora_elections|meetbot\.meeting\.item\.help|fedocal\.meeting\.new|fedocal\.meeting\.update|fedocal\.calendar|anitya\.distro\.add)).)*$',
+                ],
+            ),
+        ),
+        # A second bot for that commops crew that watches for the term "commops"
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='commops-watch-s',
+            {% else %}
+            nickname='commops-watch',
+            {% endif %}
+            channel='fedora-commops',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure.pull-request.new|pagure.issue.new)).)*$',
+                ],
+                body=['^((?!fedora-commops).)*$'],
+            ),
+        ),
+        # The planet is currently no longer sending messages
+        # # A third one to listen for new Community Blog posts
+        # dict(
+            # network='irc.libera.chat',
+            # port=6667,
+            # make_pretty=True,
+            # make_terse=True,
+
+            # {% if env == 'staging' %}
+            # nickname='fm-commblog-s',
+            # {% else %}
+            # nickname='fm-commblog',
+            # {% endif %}
+            # channel='fedora-commops',
+            # filters=dict(
+                # topic=[
+                    # '^((?!(planet)).)*$',
+                # ],
+                # body=['^((?!communityblog.fedoraproject.org).)*$'],
+            # ),
+        # ),
+        # dict(
+            # network='irc.libera.chat',
+            # port=6667,
+            # make_pretty=True,
+            # make_terse=True,
+
+            # {% if env == 'staging' %}
+            # nickname='fm-planet-s',
+            # {% else %}
+            # nickname='fm-planet',
+            # {% endif %}
+            # channel='fedora-planet',
+            # filters=dict(
+                # topic=[
+                    # '^((?!(planet)).)*$',
+                # ],
+            # ),
+        # ),
+
+        # For that python3 porting fad.  AMAZING!
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fedmsg-python-s',
+            {% else %}
+            nickname='fedmsg-python',
+            {% endif %}
+            channel='fedora-python',
+            filters=dict(
+                topic=[
+                    '^((?!(github\.create|github\.issue\.open|github\.pull_request\.open)).)*$',
+                ],
+                body=[
+                    '^((?!(fedora-python)).)*$',
+                ],
+            ),
+        ),
+
+        # We no longer run askbot
+        # # Just for the Ask Fedora crew in #fedora-ask
+        # dict(
+            # network='irc.libera.chat',
+            # port=6667,
+            # make_pretty=True,
+            # make_terse=True,
+
+            # {% if env == 'staging' %}
+            # nickname='fm-stg-ask',
+            # {% else %}
+            # nickname='fm-ask',
+            # {% endif %}
+            # channel='fedora-ask',
+            # # Only show AskFedora messages
+            # filters=dict(
+                # topic=['^((?!(askbot.post.edit|askbot.flag_offensive.add)).)*$'],
+            # ),
+        # ),
+
+        # Show only compose msgs to the releng crew.
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-releng',
+            {% else %}
+            nickname='fm-releng',
+            {% endif %}
+            channel='fedora-releng',
+            filters=dict(
+                topic=[
+                    '^((?!(compose.rawhide|compose.34|compose.35|compose.36|pungi.compose.status|pagure)).)*$',
+                ],
+                body=[
+                    '^((?!(pagure.io\/releng/failed-composes|pagure.io\/releng\/compose-tracker|pagure.io\/pungi|pagure.io\/fedora-comps|pagure.io\/fedora-kickstarts|compose\/updates|linux\/development|rpms\/fedora-repos|rpms\/fedora-release|rpms\/fedora-packager)).)*$',
+                ],
+            ),
+        ),
+
+        # We no longer run trac
+        # # The proyectofedora crew wants trac messages.
+        # dict(
+            # network='irc.libera.chat',
+            # port=6667,
+            # make_pretty=True,
+            # make_terse=True,
+
+            # {% if env == 'staging' %}
+            # nickname='fm-stg-pfi',
+            # {% else %}
+            # nickname='fm-pfi',
+            # {% endif %}
+            # channel='#proyecto-fedora',
+            # # If the word proyecto appears in any message, forward it.
+            # filters=dict(
+                # body=['^((?!proyecto).)*$'],
+            # ),
+        # ),
+
+        # Similarly for #fedora-latam.
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-latam',
+            {% else %}
+            nickname='fm-latam',
+            {% endif %}
+            channel='#fedora-latam',
+            # If the word fedora-latam appears in any message, forward it.
+            filters=dict(
+                body=['^((?!fedora-latam).)*$'],
+            ),
+        ),
+
+        # And for #fedora-g11n
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-g11n',
+            {% else %}
+            nickname='fm-g11n',
+            {% endif %}
+            channel='#fedora-g11n',
+            # If the word i18n/g11n appears in any of below topic message, forward it.
+            filters=dict(
+                topic=[
+                    '^((?!(trac|pagure|planet|mailman|meetbot\.meeting\.complete)).)*$',
+                ],
+                body=['^((?!(i18n|g11n)).)*$'],
+            ),
+        ),
+
+        # And #ipsilon
+        {% if env == "production" %}
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            nickname='fm-ipsilon',
+            channel='#ipsilon',
+            # If the word ipsilon appears in any message, forward it.
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=['^((?!ipsilonpagure).)*$'],
+            ),
+        ),
+        {% endif %}
+
+        # For pagure
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-pagure',
+            {% else %}
+            nickname='fm-pagure',
+            {% endif %}
+            channel='#pagure',
+            filters=dict(
+                topic=[
+                    '^((?!(github\.star|pagure)).)*$',
+                ],
+                body=[
+                    "^((?!(u'name': u'pagure'|u'name': u'pagure-importer')).)*$",
+                ],
+            ),
+        ),
+
+        # Hook up the design-team
+        {% if env == "production" %}
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+            nickname='fm-design',
+            channel='#fedora-design',
+
+            filters=dict(
+                topic=[
+                    '^((?!(github\.(issue|pull_request)\.opened|mailman|nuancier|pagure\.(issue|pull-request)\.new)).)*$',
+                ],
+                body=[
+                    "^((?!(u'name': u'design'|design-team|fedora-design)).)*$",
+                ],
+            ),
+        ),
+        {% endif %}
+
+        # And #fedora-docs wants in on the action
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+            make_short=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-docs',
+            {% else %}
+            nickname='fm-docs',
+            {% endif %}
+            channel='#fedora-docs',
+            filters=dict(
+                body=['^((?!\/srv\/git\/docs).)*$'],
+            ),
+        ),
+
+        # And #fedora-websites
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-web',
+            {% else %}
+            nickname='fm-web',
+            {% endif %}
+            channel='#fedora-websites',
+            # If the word fedora-websites appears in any message, forward it.
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=['^((?!fedora-websites).)*$'],
+            ),
+        ),
+
+        # And #fedora-mktg
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-mktg',
+            {% else %}
+            nickname='fm-mktg',
+            {% endif %}
+            channel='#fedora-mktg',
+            # If the word fedora-mktg appears in any pagure message, forward it.
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=['^((?!fedora-mktg).)*$'],
+            ),
+        ),
+
+        # And #fedora-modularity-bots
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-mod',
+            {% else %}
+            nickname='fm-mod',
+            {% endif %}
+            channel='#fedora-modularity-bots',
+            # If the word modularity appears in any message, forward it.
+            filters=dict(
+                topic=[
+                    # Ignore some of the ansible and copr spamminess
+                    'org.fedoraproject.*.copr.*',
+                    'org.fedoraproject.*.ansible.*',
+                    # Oh, and koji builds.  We have a lot of those now...
+                    'org.fedoraproject.*.buildsys.*',
+                ],
+                body=['^((?!(modularity|Modularity)).)*$'],
+            ),
+        ),
+
+        # And #fedora-diversity
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-diversity',
+            {% else %}
+            nickname='fm-diversity',
+            {% endif %}
+            channel='#fedora-diversity',
+            # If the word diversity appears in a new Pagure issue, pull
+            # request, or comment, forward it.
+            filters=dict(
+                topic=['^((?!('
+                       'pagure.pull-request.new|'
+                       'pagure.issue.new|'
+                       'pagure.issue.comment.added)).)*$',
+                       ],
+                body=['^((?!(diversity|Diversity)).)*$'],
+            ),
+        ),
+
+        # And #fedora-magazine
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-magazine',
+            {% else %}
+            nickname='fm-magazine',
+            {% endif %}
+            channel='#fedora-magazine',
+            # If the word magazine appears in any message, forward it.
+            filters=dict(
+                topic=[
+                    '^((?!(pagure|planet|badges|fas.group|mailman|meetbot\.meeting)).)*$',
+                ],
+                body=['^((?!(magazine|Magazine)).)*$',
+                      '((?!(fedoramagazine-tips)).)*$',
+                      "u'namespace': u'Fedora-Council'"],
+            ),
+        ),
+
+        # And #fedora-rust
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-rust',
+            {% else %}
+            nickname='fm-rust',
+            {% endif %}
+            channel='fedora-rust',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=[
+                    "^((?!((u)?'namespace': (u)?'fedora-rust')).)*$",
+                ],
+            ),
+        ),
+
+        # And #rit-foss
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-rit',
+            {% else %}
+            nickname='fm-rit',
+            {% endif %}
+            channel='rit-foss',
+            filters=dict(
+                topic=[
+                    '^((?!(mailman)).)*$',
+                ],
+                body=[
+                    "^((?!(fossrit)).)*$",
+                ],
+            ),
+        ),
+
+        # For #fedora-workstation
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-workstation',
+            {% else %}
+            nickname='fm-workstation',
+            {% endif %}
+            channel='#fedora-workstation',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=[
+                    "^((?!(fedora-workstation)).)*$",
+                ],
+            ),
+        ),
+
+        # For #koji
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-koji',
+            {% else %}
+            nickname='fm-koji',
+            {% endif %}
+            channel='koji',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=['^((?!(koji)).)*$',
+                      "u'fullname': u'koji'"],
+            ),
+        ),
+
+        # For #fedora-join
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-join',
+            {% else %}
+            nickname='fm-join',
+            {% endif %}
+            channel='fedora-join',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=['^((?!(fedora-join)).)*$',
+                ],
+            ),
+        ),
+
+        # For #fedora-neuro
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-neuro',
+            {% else %}
+            nickname='fm-neuro',
+            {% endif %}
+            channel='fedora-neuro',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=['^((?!(neuro)).)*$',
+                ],
+            ),
+        ),
+
+        # Hook up #fedora-badges with badges messages
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-badges',
+            {% else %}
+            nickname='fm-badges',
+            {% endif %}
+            channel='#fedora-badges',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure.*(new|added)|mailman)).)*$',
+                ],
+                body=['^((?!(fedora-badges|badges)).)*$'],
+            ),
+        ),
+
+        # channel #centos-ci with centos-infra messages
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-centos-infra',
+            {% else %}
+            nickname='fm-centos-infra',
+            {% endif %}
+            channel='#centos-ci',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                body=['^((?!(centos-infra)).)*$'],
+            ),
+        ),
+
+        # And #fedora-podcast
+        dict(
+            network='irc.libera.chat',
+            port=6667,
+            make_pretty=True,
+            make_terse=True,
+
+            {% if env == 'staging' %}
+            nickname='fm-stg-podcast',
+            {% else %}
+            nickname='fm-podcast',
+            {% endif %}
+            channel='fedora-podcast',
+            filters=dict(
+                topic=[
+                    '^((?!(pagure)).)*$',
+                ],
+                    body=['^((?!(fedora-podcast)).)*$'],
+            ),
+        ),
 
     ],
 

From 7e9144573850a9d32cbf2b7c1aed62b169a99e8b Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 26 May 2021 14:09:14 -0700
Subject: [PATCH 099/189] ipsilon: move to f34

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/ipsilon01.iad2.fedoraproject.org     | 4 ++--
 inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org | 4 ++--
 inventory/host_vars/ipsilon02.iad2.fedoraproject.org     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/inventory/host_vars/ipsilon01.iad2.fedoraproject.org b/inventory/host_vars/ipsilon01.iad2.fedoraproject.org
index 889f1a105f..f8853fc74b 100644
--- a/inventory/host_vars/ipsilon01.iad2.fedoraproject.org
+++ b/inventory/host_vars/ipsilon01.iad2.fedoraproject.org
@@ -3,8 +3,8 @@ nm: 255.255.255.0
 gw: 10.3.163.254
 dns: 10.3.163.33
 
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/x86_64/os/
 
 volgroup: /dev/vg_guests
 eth0_ip: 10.3.163.105
diff --git a/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org b/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org
index 6c05e89a5d..12b5e14ce0 100644
--- a/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/ipsilon01.stg.iad2.fedoraproject.org
@@ -3,8 +3,8 @@ nm: 255.255.255.0
 gw: 10.3.166.254
 dns: 10.3.163.33
 
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/x86_64/os/
 
 volgroup: /dev/vg_guests
 eth0_ip: 10.3.166.30
diff --git a/inventory/host_vars/ipsilon02.iad2.fedoraproject.org b/inventory/host_vars/ipsilon02.iad2.fedoraproject.org
index 0b5eda282c..779645980d 100644
--- a/inventory/host_vars/ipsilon02.iad2.fedoraproject.org
+++ b/inventory/host_vars/ipsilon02.iad2.fedoraproject.org
@@ -3,8 +3,8 @@ nm: 255.255.255.0
 gw: 10.3.163.254
 dns: 10.3.163.33
 
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/x86_64/os/
 
 volgroup: /dev/vg_guests
 eth0_ip: 10.3.163.106

From cd8859d7a6635dfaa6a85b3f287a200060819744 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Thu, 27 May 2021 07:32:03 +0200
Subject: [PATCH 100/189] Update RHBZ SAML data

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 roles/ipsilon/templates/saml2_data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ipsilon/templates/saml2_data b/roles/ipsilon/templates/saml2_data
index 27d7e31e32..8bfc9ad4bd 100644
--- a/roles/ipsilon/templates/saml2_data
+++ b/roles/ipsilon/templates/saml2_data
@@ -47,7 +47,7 @@ rhbz id = https://bugzilla.redhat.com/saml2_metadata.cgi
 rhbz type = SP
 rhbz name = Red Hat Bugzilla
 rhbz Allowed Attributes = ["email"]
-rhbz metadata = <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://bugzilla.redhat.com/saml2_metadata.cgi" validUntil="2018-08-09T10:18:45Z"> <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">  <md:KeyDescriptor use="encryption">   <ds:KeyInfo>    <ds:X509Data>     <ds:X509Certificate>MIIF7TCCBNWgAwIBAgIED/8LBzANBgkqhkiG9w0BAQsFADBBMRAwDgYDVQQKDAdSZWQgSGF0MQ0wCwYDVQQLDARwcm9kMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTgwNzE4MDIxNzE4WhcNMjAwNzE3MDIxNzE4WjCBuDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApQblQgRGV2T3BzMS0wKwYDVQQDDCRidWd6aWxsYS5hcHAucHJvZC5iei5waHgyLnJlZGhhdC5jb20xIjAgBgkqhkiG9w0BCQEWE2hlbHAtb3BzQHJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC33pwPrNc9bpBL/45vSaD/IktOSAi8D0LQ1K7/b50jqVxv/TAJNnkAuJwB63WFiGa4rWFnIMfHII6PkENl93ipvAyQvWoPs+7ajxTX/2TWeiVyelvJfJ8fBybljBRjy71wERfa5YJFTBq6EOONspojr3y5ArLqfwL4hlgS9mdlsnGKhBdKpc3WbycAo3NDnADgtV2qQeepJce/asCf59nfyU24Mj1SPI45HtISGzUU9aAtvifeNiRjg1JRNmZ3ea6YDqPLHgguWGwPAWGTwUJ1UZ2H/BPd59hX6JKHJ7QSyPvUAYU/jVTKIKJcVhYBqoft/yguK2yWE659ma7da+lLBxpQuw9WY8sOtqWCcWopXa9b6+xfdwniOQIoc26DeMsKmefCNuVznY7Ao6kx/j9wxQ5Ees2Fg8VoUwYHyL6Jftc6fs2HLeixoXUgviiRobn9O73EZqNCC2gnLRfi7LpXjZNCB0QZuhDOccu79zaNE0F6whRxX+8t4d+CWlsvz+7J4Hg3cxBcDEumH/N2XAmpCXZccKfPqxVwqIOT3KUz5gko/EQWl92jCa2N7xRidUeZCyteOoGBfAD22rg+B+YxFaiz1tlxkK2OtoK69MFk3DicfQACH5JtsbRgm8g3SWgjBTehpGogSHVvBoSb+e297lfrByX2UcVzugYjV/FSIwIDAQABo4IBczCCAW8wHwYDVR0jBBgwFoAUe9oJ9Uld2ddcyTb4VdIbl54RL34wgd8GA1UdEQSB1zCB1IIkYnVnemlsbGEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3AucmVkaGF0LmNvbS9jYS9vY3NwLzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCeurLcwP5Veomg6HCD/eXn75S9PrbVaW/p/uYQFNIffXYkAB9VHQkoVHoaRB4fHg7LmbJ7Kb+pE897/GrjSU3XGe71+Teiu2/9vLZrcI60fVTwuodSjs6A3fqCGlytCZU9/ZEIhZtMzd+lNopaBKeNcZPoQaDtSWDKuivfYOqzx3gzqXadUF+AZrZItRr52vsuLHSNmU9V6s7Kl0iaVzZJ3PdhRtCoU+y2mCAaQWGPUX/6UjWmx9DFOx6H9BsF2qHexAm9FM3rrrkocV8QY/FUxoSOcItQpqScWZQ3dFUs3MT/yqgXz/htiFxATRzhv6aB3+dFpQ8wK1W504WApdm2</ds:X509Certificate>    </ds:X509Data>   </ds:KeyInfo>  </md:KeyDescriptor>  <md:KeyDescriptor use="signing">   <ds:KeyInfo>    <ds:X509Data>     <ds:X509Certificate>MIIF7TCCBNWgAwIBAgIED/8LBzANBgkqhkiG9w0BAQsFADBBMRAwDgYDVQQKDAdSZWQgSGF0MQ0wCwYDVQQLDARwcm9kMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTgwNzE4MDIxNzE4WhcNMjAwNzE3MDIxNzE4WjCBuDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApQblQgRGV2T3BzMS0wKwYDVQQDDCRidWd6aWxsYS5hcHAucHJvZC5iei5waHgyLnJlZGhhdC5jb20xIjAgBgkqhkiG9w0BCQEWE2hlbHAtb3BzQHJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC33pwPrNc9bpBL/45vSaD/IktOSAi8D0LQ1K7/b50jqVxv/TAJNnkAuJwB63WFiGa4rWFnIMfHII6PkENl93ipvAyQvWoPs+7ajxTX/2TWeiVyelvJfJ8fBybljBRjy71wERfa5YJFTBq6EOONspojr3y5ArLqfwL4hlgS9mdlsnGKhBdKpc3WbycAo3NDnADgtV2qQeepJce/asCf59nfyU24Mj1SPI45HtISGzUU9aAtvifeNiRjg1JRNmZ3ea6YDqPLHgguWGwPAWGTwUJ1UZ2H/BPd59hX6JKHJ7QSyPvUAYU/jVTKIKJcVhYBqoft/yguK2yWE659ma7da+lLBxpQuw9WY8sOtqWCcWopXa9b6+xfdwniOQIoc26DeMsKmefCNuVznY7Ao6kx/j9wxQ5Ees2Fg8VoUwYHyL6Jftc6fs2HLeixoXUgviiRobn9O73EZqNCC2gnLRfi7LpXjZNCB0QZuhDOccu79zaNE0F6whRxX+8t4d+CWlsvz+7J4Hg3cxBcDEumH/N2XAmpCXZccKfPqxVwqIOT3KUz5gko/EQWl92jCa2N7xRidUeZCyteOoGBfAD22rg+B+YxFaiz1tlxkK2OtoK69MFk3DicfQACH5JtsbRgm8g3SWgjBTehpGogSHVvBoSb+e297lfrByX2UcVzugYjV/FSIwIDAQABo4IBczCCAW8wHwYDVR0jBBgwFoAUe9oJ9Uld2ddcyTb4VdIbl54RL34wgd8GA1UdEQSB1zCB1IIkYnVnemlsbGEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL29jc3AucmVkaGF0LmNvbS9jYS9vY3NwLzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQCeurLcwP5Veomg6HCD/eXn75S9PrbVaW/p/uYQFNIffXYkAB9VHQkoVHoaRB4fHg7LmbJ7Kb+pE897/GrjSU3XGe71+Teiu2/9vLZrcI60fVTwuodSjs6A3fqCGlytCZU9/ZEIhZtMzd+lNopaBKeNcZPoQaDtSWDKuivfYOqzx3gzqXadUF+AZrZItRr52vsuLHSNmU9V6s7Kl0iaVzZJ3PdhRtCoU+y2mCAaQWGPUX/6UjWmx9DFOx6H9BsF2qHexAm9FM3rrrkocV8QY/FUxoSOcItQpqScWZQ3dFUs3MT/yqgXz/htiFxATRzhv6aB3+dFpQ8wK1W504WApdm2</ds:X509Certificate>    </ds:X509Data>   </ds:KeyInfo>  </md:KeyDescriptor>  <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bugzilla.redhat.com/saml2_logout.cgi"/>  <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bugzilla.redhat.com/saml2_logout.cgi"/>  <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>  <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bugzilla.redhat.com/saml2_acs.cgi" index="0"/>  <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bugzilla.redhat.com/saml2_acs.cgi" index="1"/> </md:SPSSODescriptor> <md:ContactPerson contactType="technical">  <md:GivenName>Administrator</md:GivenName>  <md:EmailAddress>bugzilla-owner@redhat.com</md:EmailAddress> </md:ContactPerson></md:EntityDescriptor>
+rhbz metadata = <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://bugzilla.redhat.com/saml2_metadata.cgi" validUntil="2021-06-10T05:31:00Z"><md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="encryption"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGHTCCBQWgAwIBAgIED/4C+DANBgkqhkiG9w0BAQsFADBBMRAwDgYDVQQKDAdSZWQgSGF0MQ0wCwYDVQQLDARwcm9kMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAwNzE2MDA0NTQ5WhcNMjIwNzE2MDA0NTQ5WjCBwTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApQblQgRGV2T3BzMS0wKwYDVQQDDCRidWd6aWxsYS5hcHAucHJvZC5iei5waHgyLnJlZGhhdC5jb20xKzApBgkqhkiG9w0BCQEWHHBudC1kZXZvcHMtc3lzb3BzQHJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMTw9TZxaOom7W+Ozj4k2rYTUoc7WVCwbcMeXOjfuybycAViVNPBYwr6QYsU3+IuFupM4sf1u3xjgj7dgZkPl/JUUVOMLUBZI4faE7H91/3BKZbosm4qalTIoBSejwys5UexbhOZg4PH/njJHkKTVaYCXN1s4Ya8Sqrqu6Iz9zlszIWaJ0lEVHRgn99FxCLYDy+DqvhcVaOIChh66/QLewYfIK0OcLI3fBr92jIxmGTQ4DxBtBFPGNvpxr9AXt14nuX9G/jHL4vzOqoLGOz2BIVaKlyt78ijm0ICOCDyXtfFr5E8apRrAB5lnQAIa24H84zfhJbBJCGPj4h6iJZclXJiymT7mimfLVSjqsemPKNtD7wGootONYlB0kLc4vxPRMSuKyXsZphwfnMWxWK62yvtbZ4eq9qQQA/alCYyhRLfErIYbhF/rK4IUwaCa+KUTW3KcPJ2sNIdhnehWx1BhNpUZ80PkeIfGHvut+Bf3nP7/9s50AvOmpEMAECDfFsax1n/TBKAFLNLciFYk5XXBcjx9hLNbq8TrESeScb3vaQN/BXtULJvWNwt0sIK1dR+DleOmNFnAW8CIC6SwjGY0N+R+9XY9RTt68PHYNOhGH6fmiFoWTrHGzTAG9Lu0TkO1sz4+IzEGKbeNcR+GdBtwfAH1BvK0TK42X5tZ2FqC8fwIDAQABo4IBmjCCAZYwHwYDVR0jBBgwFoAUe9oJ9Uld2ddcyTb4VdIbl54RL34wOwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5yZWRoYXQuY29tL2NhL29jc3AvMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwggEFBgNVHREEgf0wgfqCJGJ1Z3ppbGxhLmFwcC5wcm9kLmJ6LnBoeDIucmVkaGF0LmNvbYIkYnVnemlsbGEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBBx1y57pufG4FvXrhToIGUQUatMKtq8jiUoef/vGuL1tt/9s56CfHb6qJZGTlMhfcxHQhWSf3pqt59T96zIr8cykoF0x44Uu/o1oaGxSTaU+LElpqNuxvj23JJLlGSUxLd6ElpuuFUdWpRo82YmCBk7CSkkndYBB+Qloc2jb8TQgoGM2tUTTD2BVBofGa74VUO10xSQu8GiiNS8KwlP23NZgvUeaKUekB0Nw3S7eyYn7TG4+j0f/Wfx04ObYpfeSvy2k/oHtoEB44yg3fSCZHvbPSepUhkiPAzSZiabfZCsMNFPRv3035s3rVO9SHbu/5qKsYtZZLKWDIkSdgKjrZx</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIGHTCCBQWgAwIBAgIED/4C+DANBgkqhkiG9w0BAQsFADBBMRAwDgYDVQQKDAdSZWQgSGF0MQ0wCwYDVQQLDARwcm9kMR4wHAYDVQQDDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjAwNzE2MDA0NTQ5WhcNMjIwNzE2MDA0NTQ5WjCBwTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApQblQgRGV2T3BzMS0wKwYDVQQDDCRidWd6aWxsYS5hcHAucHJvZC5iei5waHgyLnJlZGhhdC5jb20xKzApBgkqhkiG9w0BCQEWHHBudC1kZXZvcHMtc3lzb3BzQHJlZGhhdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMTw9TZxaOom7W+Ozj4k2rYTUoc7WVCwbcMeXOjfuybycAViVNPBYwr6QYsU3+IuFupM4sf1u3xjgj7dgZkPl/JUUVOMLUBZI4faE7H91/3BKZbosm4qalTIoBSejwys5UexbhOZg4PH/njJHkKTVaYCXN1s4Ya8Sqrqu6Iz9zlszIWaJ0lEVHRgn99FxCLYDy+DqvhcVaOIChh66/QLewYfIK0OcLI3fBr92jIxmGTQ4DxBtBFPGNvpxr9AXt14nuX9G/jHL4vzOqoLGOz2BIVaKlyt78ijm0ICOCDyXtfFr5E8apRrAB5lnQAIa24H84zfhJbBJCGPj4h6iJZclXJiymT7mimfLVSjqsemPKNtD7wGootONYlB0kLc4vxPRMSuKyXsZphwfnMWxWK62yvtbZ4eq9qQQA/alCYyhRLfErIYbhF/rK4IUwaCa+KUTW3KcPJ2sNIdhnehWx1BhNpUZ80PkeIfGHvut+Bf3nP7/9s50AvOmpEMAECDfFsax1n/TBKAFLNLciFYk5XXBcjx9hLNbq8TrESeScb3vaQN/BXtULJvWNwt0sIK1dR+DleOmNFnAW8CIC6SwjGY0N+R+9XY9RTt68PHYNOhGH6fmiFoWTrHGzTAG9Lu0TkO1sz4+IzEGKbeNcR+GdBtwfAH1BvK0TK42X5tZ2FqC8fwIDAQABo4IBmjCCAZYwHwYDVR0jBBgwFoAUe9oJ9Uld2ddcyTb4VdIbl54RL34wOwYIKwYBBQUHAQEELzAtMCsGCCsGAQUFBzABhh9odHRwOi8vb2NzcC5yZWRoYXQuY29tL2NhL29jc3AvMA4GA1UdDwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwggEFBgNVHREEgf0wgfqCJGJ1Z3ppbGxhLmFwcC5wcm9kLmJ6LnBoeDIucmVkaGF0LmNvbYIkYnVnemlsbGEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDEuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgihidWd3ZWItdm0tMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tgitzdmNiei1idWd3ZWItMDIuYXBwLnByb2QuYnoucGh4Mi5yZWRoYXQuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBBx1y57pufG4FvXrhToIGUQUatMKtq8jiUoef/vGuL1tt/9s56CfHb6qJZGTlMhfcxHQhWSf3pqt59T96zIr8cykoF0x44Uu/o1oaGxSTaU+LElpqNuxvj23JJLlGSUxLd6ElpuuFUdWpRo82YmCBk7CSkkndYBB+Qloc2jb8TQgoGM2tUTTD2BVBofGa74VUO10xSQu8GiiNS8KwlP23NZgvUeaKUekB0Nw3S7eyYn7TG4+j0f/Wfx04ObYpfeSvy2k/oHtoEB44yg3fSCZHvbPSepUhkiPAzSZiabfZCsMNFPRv3035s3rVO9SHbu/5qKsYtZZLKWDIkSdgKjrZx</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bugzilla.redhat.com/saml2_acs.cgi" index="0"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bugzilla.redhat.com/saml2_acs.cgi" index="1"/></md:SPSSODescriptor><md:ContactPerson contactType="technical"><md:GivenName>Administrator</md:GivenName><md:EmailAddress>bugzilla-owner@redhat.com</md:EmailAddress></md:ContactPerson></md:EntityDescriptor>
 
 awx id = https://awx.fedoraproject.org/
 awx type = SP

From 06605d7d35bbecaf9375582afea839a0d3dff525 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 27 May 2021 13:05:33 +0200
Subject: [PATCH 101/189] Ipsilon: allow dots in usernames
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipsilon/templates/httpd.conf.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/ipsilon/templates/httpd.conf.j2 b/roles/ipsilon/templates/httpd.conf.j2
index cb034e7de5..0c00bbe877 100644
--- a/roles/ipsilon/templates/httpd.conf.j2
+++ b/roles/ipsilon/templates/httpd.conf.j2
@@ -10,13 +10,13 @@ Redirect /.well-known/webfinger /webfinger
 RewriteEngine on
 RewriteMap lowercase int:tolower
 {% if env == "staging" %}
-RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9_-]+\.id\.stg\.fedoraproject\.org$
+RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9_\.-]+\.id\.stg\.fedoraproject\.org$
 RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
-RewriteRule ^([a-z0-9_-]+)\.id\.stg\.fedoraproject\.org/.* /openid/id/$1/ [PT]
+RewriteRule ^([a-z0-9_\.-]+)\.id\.stg\.fedoraproject\.org/.* /openid/id/$1/ [PT]
 {% else %}
-RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9_-]+\.id\.fedoraproject\.org$
+RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9_\.-]+\.id\.fedoraproject\.org$
 RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
-RewriteRule ^([a-z0-9_-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
+RewriteRule ^([a-z0-9_\.-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
 {% endif %}
 
 

From 7b5d4d5145731c9ef393e3b89767bba3bb683bf9 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@smoogespace.com>
Date: Thu, 20 May 2021 15:37:09 -0400
Subject: [PATCH 102/189] This is a hack in order to make grobisplitter
 understand different compression types from pungi output. Basically determine
 if the file is ends with gz (oldstyle) or xz (newstyle) or neither. If it is
 gz assume it is a gzip (HA!) or if it is xz assume it is LZMA (double ha!)
 and bail if it is neither.

A proper fix would be to determine the file type holistically and pull
in the appropriate decompression as needed. However to quote Dante
from Clerks:  I'm not even supposed to be here today!

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
---
 roles/grobisplitter/files/splitter.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/roles/grobisplitter/files/splitter.py b/roles/grobisplitter/files/splitter.py
index d14cd1be39..f1159c1f16 100755
--- a/roles/grobisplitter/files/splitter.py
+++ b/roles/grobisplitter/files/splitter.py
@@ -7,6 +7,7 @@ import shutil
 import gi
 import gzip
 import librepo
+import lzma
 import hawkey
 import tempfile
 import os
@@ -104,7 +105,15 @@ def _parse_repository_modular(repo_info,package_sack):
     """
     cts = {}
     idx = mmd.ModuleIndex()
-    with gzip.GzipFile(filename=repo_info['modules'], mode='r') as gzf:
+    myfile = repo_info['modules']
+    if myfile.endswith(".gz"):
+        openfunc=gzip.GzipFile
+    elif myfile.endswith(".xz"):
+        openfunc=lzma.LZMAFile
+    else:
+        print("This file type is not fixed in this hack. Please fix code. (2021-05-20)");
+        sys.exit(1)
+    with openfunc(filename=myfile, mode='r') as gzf:
         mmdcts = gzf.read().decode('utf-8')
         res, failures = idx.update_from_string(mmdcts, True)
         if len(failures) != 0:
@@ -190,7 +199,15 @@ def get_default_modules(directory):
     if 'modules' not in repo_info:
         return contents
     idx = mmd.ModuleIndex()
-    with gzip.GzipFile(filename=repo_info['modules'], mode='r') as gzf:
+    myfile=repo_info['modules']
+    if myfile.endswith(".gz"):
+        openfunc=gzip.GzipFile
+    elif myfile.endswith(".xz"):
+        openfunc=lzma.LZMAFile
+    else:
+        print("This file type is not fixed in this hack. Please fix code. (2021-05-20)");
+        sys.exit(1)
+    with openfunc(filename=myfile, mode='r') as gzf:
         mmdcts = gzf.read().decode('utf-8')
         res, failures = idx.update_from_string(mmdcts, True)
         if len(failures) != 0:

From e21c30a720b519aded3259084e21b1eb747163d9 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@smoogespace.com>
Date: Thu, 27 May 2021 12:37:51 -0400
Subject: [PATCH 103/189] Make the git countme email me at home so I can see if
 there is an error

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
---
 roles/web-data-analysis/files/countme-update.cron | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/web-data-analysis/files/countme-update.cron b/roles/web-data-analysis/files/countme-update.cron
index f0780b01c3..898bac379e 100644
--- a/roles/web-data-analysis/files/countme-update.cron
+++ b/roles/web-data-analysis/files/countme-update.cron
@@ -1,2 +1,2 @@
-MAILTO=root@fedoraproject.org,mattdm@fedoraproject.org
+MAILTO=root@fedoraproject.org,mattdm@fedoraproject.org,smooge@smoogespace.com
 0 09  * * * countme /usr/local/bin/countme-update.sh

From f732a95cb328297df6fb17d184864ce856b4cf3f Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 27 May 2021 11:05:40 -0700
Subject: [PATCH 104/189] ipsilon / sssd: try and set ldap_dref_threshold to 0
 to improve things with sssd

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/ipsilon/templates/sssd.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/ipsilon/templates/sssd.conf b/roles/ipsilon/templates/sssd.conf
index ed577d6fdb..f929ffa065 100644
--- a/roles/ipsilon/templates/sssd.conf
+++ b/roles/ipsilon/templates/sssd.conf
@@ -10,6 +10,7 @@ access_provider = ipa
 cache_credentials = True
 ldap_tls_cacert = /etc/ipa/ca.crt
 krb5_store_password_if_offline = True
+ldap_deref_threshold = 0
 sudo_provider = ipa
 autofs_provider = ipa
 subdomains_provider = ipa

From b2d51f1c7bc95ea8f236ffc7f22dfd61969ebd98 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Thu, 27 May 2021 15:13:30 -0700
Subject: [PATCH 105/189] fedora_nightlies: put the JSON file somewhere
 publicly accessible

This was requested:
https://pagure.io/fedora_nightlies/issue/10
and I can't really see any harm in it.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 inventory/group_vars/fedora_nightlies | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inventory/group_vars/fedora_nightlies b/inventory/group_vars/fedora_nightlies
index c5139845f6..ad3592a777 100644
--- a/inventory/group_vars/fedora_nightlies
+++ b/inventory/group_vars/fedora_nightlies
@@ -10,6 +10,7 @@ fedora_nightlies_amqp_cert: /etc/pki/fedora-messaging/openqa-cert.pem
 fedora_nightlies_amqp_queue: "openqa_fedora_nightlies"
 fedora_nightlies_amqp_routing_keys: ["org.fedoraproject.prod.openqa.job.done", "org.fedoraproject.prod.pungi.compose.status.change"]
 fedora_nightlies_amqp_html_file: /usr/share/openqa/public/nightlies.html
+fedora_nightlies_amqp_data_file: /usr/share/openqa/public/nightlies.json
 
 # fedora-messaging email error reporting settings
 fedora_nightlies_amqp_mailto: ["adamwill@fedoraproject.org"]

From fcbc972afa1c6886b88b00ae142cc9d2fbbd29ee Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 27 May 2021 15:20:57 -0700
Subject: [PATCH 106/189] mirrormanager / staging: mount in stg too

We want /pub and such in stg too to test things.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/groups/mirrormanager.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/groups/mirrormanager.yml b/playbooks/groups/mirrormanager.yml
index dd215a98e4..e4d2d7077d 100644
--- a/playbooks/groups/mirrormanager.yml
+++ b/playbooks/groups/mirrormanager.yml
@@ -19,8 +19,8 @@
   - ipa/client
   - sudo
   - collectd/base
-  - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
-  - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub/archive',  nfs_src_dir: 'fedora_ftp_archive' }
+  - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub', mount_stg: true }
+  - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub/archive',  nfs_src_dir: 'fedora_ftp_archive', mount_stg: true }
 
   pre_tasks:
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"

From c866965b96a7b73f2ff5c3bff690144a54fc4552 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 27 May 2021 15:34:02 -0700
Subject: [PATCH 107/189] batcave: add sysadmin-releng to groups

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/batcave | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inventory/group_vars/batcave b/inventory/group_vars/batcave
index 1ab5d1e947..b9eeb7e6f7 100644
--- a/inventory/group_vars/batcave
+++ b/inventory/group_vars/batcave
@@ -33,6 +33,7 @@ ipa_client_shell_groups:
 - sysadmin-odcs
 - sysadmin-osbs
 - sysadmin-qa
+- sysadmin-retrace
 - sysadmin-releasemonitoring
 - sysadmin-releng
 - sysadmin-tools

From 7784366dd215f13f4d22ec1ee8efb6d14611b5f2 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 27 May 2021 16:10:46 -0700
Subject: [PATCH 108/189] bodhi / base: fix the name for epel8-next stable
 repomd

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/bodhi2/base/templates/production.ini.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2
index 7c8d3b81da..00001ffb52 100644
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@@ -245,7 +245,7 @@ fedora_epel_modular_8_stable_master_repomd = http://dl-iad05.fedoraproject.org/p
 fedora_epel_modular_8_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/Modular/%%s/repodata/repomd.xml
 fedora_epel_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/%%s/%%s/repodata/repomd.xml
 fedora_epel_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/%%s/repodata/repomd.xml
-fedora_epel_next_8_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/next/%%s/Everything/%%s/repodata/repomd.xml
+fedora_epel_next_8_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/next/%%s/Everything/%%s/repodata/repomd.xml
 fedora_epel_next_8_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/next/%%s/Everything/%%s/repodata/repomd.xml
 fedora_modular_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/%%s/Modular/%%s/repodata/repomd.xml
 fedora_modular_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/testing/%%s/Modular/%%s/repodata/repomd.xml

From e5eef042a47e07bb8d2cdea315734adb0ca6ca39 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 27 May 2021 16:53:42 -0700
Subject: [PATCH 109/189] fedmsg-irc / notifs: drop old irc network in favor of
 new

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/fedmsg/irc/templates/ircbot.py          | 683 ------------------
 .../notifs/backend/templates/fmn.consumer.py  |   6 +-
 2 files changed, 3 insertions(+), 686 deletions(-)

diff --git a/roles/fedmsg/irc/templates/ircbot.py b/roles/fedmsg/irc/templates/ircbot.py
index c6752cff58..0205d0d8b2 100644
--- a/roles/fedmsg/irc/templates/ircbot.py
+++ b/roles/fedmsg/irc/templates/ircbot.py
@@ -1,688 +1,5 @@
 config = dict(
     irc=[
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fedmsg-stg',
-            channel='fedora-fedmsg-stg',
-            {% else %}
-            nickname='fedmsg-bot',
-            channel='fedora-fedmsg',
-            {% endif %}
-
-            filters=dict(
-                topic=[
-                    # Ignore some of the koji spamminess
-                    'buildsys.package.list.change',
-                    'buildsys.repo.init',
-                    'buildsys.repo.done',
-                    'buildsys.untag',
-                    'buildsys.tag',
-                    # And some of the FAF/ABRT spamminess
-                    'faf.report.threshold1',
-                    'faf.problem.threshold1',
-                    # And some resultsdb spam
-                    'resultsdb.result.new',
-                ],
-                body=[],
-            ),
-        ),
-
-        # For fedora-admin
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-admin',
-            {% else %}
-            nickname='fm-admin',
-            {% endif %}
-            channel='fedora-admin',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=[
-                    "^((?!(fedora-infrastructure)).)*$",
-                ],
-            ),
-        ),
-
-        # For fedora-apps
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-apps',
-            {% else %}
-            nickname='fm-apps',
-            {% endif %}
-            channel='fedora-apps',
-            filters=dict(
-                topic=[
-                    '^((?!(github\.create|github\.issue\.|github\.pull_request|github\.commit_comment|github\.star|pagure)).)*$',
-                ],
-                body=[
-                    "^((?!fedora-infra).)*$",
-                ],
-            ),
-        ),
-
-        # For that commops crew!
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='commops-bot-s',
-            {% else %}
-            nickname='commops-bot',
-            {% endif %}
-            channel='fedora-commops',
-            filters=dict(
-                topic=[
-                    '^((?!(happinesspacket|fedora_elections|meetbot\.meeting\.item\.help|fedocal\.meeting\.new|fedocal\.meeting\.update|fedocal\.calendar|anitya\.distro\.add)).)*$',
-                ],
-            ),
-        ),
-        # A second bot for that commops crew that watches for the term "commops"
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='commops-watch-s',
-            {% else %}
-            nickname='commops-watch',
-            {% endif %}
-            channel='fedora-commops',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure.pull-request.new|pagure.issue.new)).)*$',
-                ],
-                body=['^((?!fedora-commops).)*$'],
-            ),
-        ),
-        # The planet is currently no longer sending messages
-        # # A third one to listen for new Community Blog posts
-        # dict(
-            # network='chat.freenode.net',
-            # port=6667,
-            # make_pretty=True,
-            # make_terse=True,
-
-            # {% if env == 'staging' %}
-            # nickname='fm-commblog-s',
-            # {% else %}
-            # nickname='fm-commblog',
-            # {% endif %}
-            # channel='fedora-commops',
-            # filters=dict(
-                # topic=[
-                    # '^((?!(planet)).)*$',
-                # ],
-                # body=['^((?!communityblog.fedoraproject.org).)*$'],
-            # ),
-        # ),
-        # dict(
-            # network='chat.freenode.net',
-            # port=6667,
-            # make_pretty=True,
-            # make_terse=True,
-
-            # {% if env == 'staging' %}
-            # nickname='fm-planet-s',
-            # {% else %}
-            # nickname='fm-planet',
-            # {% endif %}
-            # channel='fedora-planet',
-            # filters=dict(
-                # topic=[
-                    # '^((?!(planet)).)*$',
-                # ],
-            # ),
-        # ),
-
-        # For that python3 porting fad.  AMAZING!
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fedmsg-python-s',
-            {% else %}
-            nickname='fedmsg-python',
-            {% endif %}
-            channel='fedora-python',
-            filters=dict(
-                topic=[
-                    '^((?!(github\.create|github\.issue\.open|github\.pull_request\.open)).)*$',
-                ],
-                body=[
-                    '^((?!(fedora-python)).)*$',
-                ],
-            ),
-        ),
-
-        # We no longer run askbot
-        # # Just for the Ask Fedora crew in #fedora-ask
-        # dict(
-            # network='chat.freenode.net',
-            # port=6667,
-            # make_pretty=True,
-            # make_terse=True,
-
-            # {% if env == 'staging' %}
-            # nickname='fm-stg-ask',
-            # {% else %}
-            # nickname='fm-ask',
-            # {% endif %}
-            # channel='fedora-ask',
-            # # Only show AskFedora messages
-            # filters=dict(
-                # topic=['^((?!(askbot.post.edit|askbot.flag_offensive.add)).)*$'],
-            # ),
-        # ),
-
-        # Show only compose msgs to the releng crew.
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-releng',
-            {% else %}
-            nickname='fm-releng',
-            {% endif %}
-            channel='fedora-releng',
-            filters=dict(
-                topic=[
-                    '^((?!(compose.rawhide|compose.34|compose.35|compose.36|pungi.compose.status|pagure)).)*$',
-                ],
-                body=[
-                    '^((?!(pagure.io\/releng/failed-composes|pagure.io\/releng\/compose-tracker|pagure.io\/pungi|pagure.io\/fedora-comps|pagure.io\/fedora-kickstarts|compose\/updates|linux\/development|rpms\/fedora-repos|rpms\/fedora-release|rpms\/fedora-packager)).)*$',
-                ],
-            ),
-        ),
-
-        # We no longer run trac
-        # # The proyectofedora crew wants trac messages.
-        # dict(
-            # network='chat.freenode.net',
-            # port=6667,
-            # make_pretty=True,
-            # make_terse=True,
-
-            # {% if env == 'staging' %}
-            # nickname='fm-stg-pfi',
-            # {% else %}
-            # nickname='fm-pfi',
-            # {% endif %}
-            # channel='#proyecto-fedora',
-            # # If the word proyecto appears in any message, forward it.
-            # filters=dict(
-                # body=['^((?!proyecto).)*$'],
-            # ),
-        # ),
-
-        # Similarly for #fedora-latam.
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-latam',
-            {% else %}
-            nickname='fm-latam',
-            {% endif %}
-            channel='#fedora-latam',
-            # If the word fedora-latam appears in any message, forward it.
-            filters=dict(
-                body=['^((?!fedora-latam).)*$'],
-            ),
-        ),
-
-        # And for #fedora-g11n
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-g11n',
-            {% else %}
-            nickname='fm-g11n',
-            {% endif %}
-            channel='#fedora-g11n',
-            # If the word i18n/g11n appears in any of below topic message, forward it.
-            filters=dict(
-                topic=[
-                    '^((?!(trac|pagure|planet|mailman|meetbot\.meeting\.complete)).)*$',
-                ],
-                body=['^((?!(i18n|g11n)).)*$'],
-            ),
-        ),
-
-        # And #ipsilon
-        {% if env == "production" %}
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            nickname='fm-ipsilon',
-            channel='#ipsilon',
-            # If the word ipsilon appears in any message, forward it.
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=['^((?!ipsilonpagure).)*$'],
-            ),
-        ),
-        {% endif %}
-
-        # For pagure
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-pagure',
-            {% else %}
-            nickname='fm-pagure',
-            {% endif %}
-            channel='#pagure',
-            filters=dict(
-                topic=[
-                    '^((?!(github\.star|pagure)).)*$',
-                ],
-                body=[
-                    "^((?!(u'name': u'pagure'|u'name': u'pagure-importer')).)*$",
-                ],
-            ),
-        ),
-
-        # Hook up the design-team
-        {% if env == "production" %}
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-            nickname='fm-design',
-            channel='#fedora-design',
-
-            filters=dict(
-                topic=[
-                    '^((?!(github\.(issue|pull_request)\.opened|mailman|nuancier|pagure\.(issue|pull-request)\.new)).)*$',
-                ],
-                body=[
-                    "^((?!(u'name': u'design'|design-team|fedora-design)).)*$",
-                ],
-            ),
-        ),
-        {% endif %}
-
-        # And #fedora-docs wants in on the action
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-            make_short=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-docs',
-            {% else %}
-            nickname='fm-docs',
-            {% endif %}
-            channel='#fedora-docs',
-            filters=dict(
-                body=['^((?!\/srv\/git\/docs).)*$'],
-            ),
-        ),
-
-        # And #fedora-websites
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-web',
-            {% else %}
-            nickname='fm-web',
-            {% endif %}
-            channel='#fedora-websites',
-            # If the word fedora-websites appears in any message, forward it.
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=['^((?!fedora-websites).)*$'],
-            ),
-        ),
-
-        # And #fedora-mktg
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-mktg',
-            {% else %}
-            nickname='fm-mktg',
-            {% endif %}
-            channel='#fedora-mktg',
-            # If the word fedora-mktg appears in any pagure message, forward it.
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=['^((?!fedora-mktg).)*$'],
-            ),
-        ),
-
-        # And #fedora-modularity-bots
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-mod',
-            {% else %}
-            nickname='fm-mod',
-            {% endif %}
-            channel='#fedora-modularity-bots',
-            # If the word modularity appears in any message, forward it.
-            filters=dict(
-                topic=[
-                    # Ignore some of the ansible and copr spamminess
-                    'org.fedoraproject.*.copr.*',
-                    'org.fedoraproject.*.ansible.*',
-                    # Oh, and koji builds.  We have a lot of those now...
-                    'org.fedoraproject.*.buildsys.*',
-                ],
-                body=['^((?!(modularity|Modularity)).)*$'],
-            ),
-        ),
-
-        # And #fedora-diversity
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-diversity',
-            {% else %}
-            nickname='fm-diversity',
-            {% endif %}
-            channel='#fedora-diversity',
-            # If the word diversity appears in a new Pagure issue, pull
-            # request, or comment, forward it.
-            filters=dict(
-                topic=['^((?!('
-                       'pagure.pull-request.new|'
-                       'pagure.issue.new|'
-                       'pagure.issue.comment.added)).)*$',
-                       ],
-                body=['^((?!(diversity|Diversity)).)*$'],
-            ),
-        ),
-
-        # And #fedora-magazine
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-magazine',
-            {% else %}
-            nickname='fm-magazine',
-            {% endif %}
-            channel='#fedora-magazine',
-            # If the word magazine appears in any message, forward it.
-            filters=dict(
-                topic=[
-                    '^((?!(pagure|planet|badges|fas.group|mailman|meetbot\.meeting)).)*$',
-                ],
-                body=['^((?!(magazine|Magazine)).)*$',
-                      '((?!(fedoramagazine-tips)).)*$',
-                      "u'namespace': u'Fedora-Council'"],
-            ),
-        ),
-
-        # And #fedora-rust
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-rust',
-            {% else %}
-            nickname='fm-rust',
-            {% endif %}
-            channel='fedora-rust',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=[
-                    "^((?!((u)?'namespace': (u)?'fedora-rust')).)*$",
-                ],
-            ),
-        ),
-
-        # And #rit-foss
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-rit',
-            {% else %}
-            nickname='fm-rit',
-            {% endif %}
-            channel='rit-foss',
-            filters=dict(
-                topic=[
-                    '^((?!(mailman)).)*$',
-                ],
-                body=[
-                    "^((?!(fossrit)).)*$",
-                ],
-            ),
-        ),
-
-        # For #fedora-workstation
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-workstation',
-            {% else %}
-            nickname='fm-workstation',
-            {% endif %}
-            channel='#fedora-workstation',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=[
-                    "^((?!(fedora-workstation)).)*$",
-                ],
-            ),
-        ),
-
-        # For #koji
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-koji',
-            {% else %}
-            nickname='fm-koji',
-            {% endif %}
-            channel='koji',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=['^((?!(koji)).)*$',
-                      "u'fullname': u'koji'"],
-            ),
-        ),
-
-        # For #fedora-join
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-join',
-            {% else %}
-            nickname='fm-join',
-            {% endif %}
-            channel='fedora-join',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=['^((?!(fedora-join)).)*$',
-                ],
-            ),
-        ),
-
-        # For #fedora-neuro
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-neuro',
-            {% else %}
-            nickname='fm-neuro',
-            {% endif %}
-            channel='fedora-neuro',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=['^((?!(neuro)).)*$',
-                ],
-            ),
-        ),
-
-        # Hook up #fedora-badges with badges messages
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-badges',
-            {% else %}
-            nickname='fm-badges',
-            {% endif %}
-            channel='#fedora-badges',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure.*(new|added)|mailman)).)*$',
-                ],
-                body=['^((?!(fedora-badges|badges)).)*$'],
-            ),
-        ),
-
-        # channel #centos-ci with centos-infra messages
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-centos-infra',
-            {% else %}
-            nickname='fm-centos-infra',
-            {% endif %}
-            channel='#centos-ci',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                body=['^((?!(centos-infra)).)*$'],
-            ),
-        ),
-
-        # And #fedora-podcast
-        dict(
-            network='chat.freenode.net',
-            port=6667,
-            make_pretty=True,
-            make_terse=True,
-
-            {% if env == 'staging' %}
-            nickname='fm-stg-podcast',
-            {% else %}
-            nickname='fm-podcast',
-            {% endif %}
-            channel='fedora-podcast',
-            filters=dict(
-                topic=[
-                    '^((?!(pagure)).)*$',
-                ],
-                    body=['^((?!(fedora-podcast)).)*$'],
-            ),
-        ),
         dict(
             network='irc.libera.chat',
             port=6667,
diff --git a/roles/notifs/backend/templates/fmn.consumer.py b/roles/notifs/backend/templates/fmn.consumer.py
index 6b18b132d8..fbac3c849a 100644
--- a/roles/notifs/backend/templates/fmn.consumer.py
+++ b/roles/notifs/backend/templates/fmn.consumer.py
@@ -116,15 +116,15 @@ config = {
     "fmn.email.from_address": "notifications@" + domain,
 
     # IRC
-    "fmn.irc.network": "irc.freenode.net",
+    "fmn.irc.network": "irc.libera.chat",
     "fmn.irc.nickname": ircnick,
     "fmn.irc.timeout": 120,
     "fmn.irc.port": 6697,
     "fmn.irc.use_ssl": True,
     {% if env == 'staging' %}
-    "fmn.irc.nickserv_pass": "{{fedora_notifstg_freenode_pass}}",
+    "fmn.irc.nickserv_pass": "{{fedora_notifstg_libera_pass}}",
     {% else %}
-    "fmn.irc.nickserv_pass": "{{fedora_notif_freenode_pass}}",
+    "fmn.irc.nickserv_pass": "{{fedora_notif_libera_pass}}",
     {% endif %}
 
     # Colors:

From 6a0a290f9e928a9e8148460a35077da85d0a7cbf Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Fri, 28 May 2021 10:50:30 -0700
Subject: [PATCH 110/189] openqa: drop scratch repo (lab), enable u-t
 temporarily (prod)

Latest builds have been testing on lab and are working fine.
They are in u-t so lab doesn't need to use a scratch repo any
more, but prod needs to enable u-t to get them (can't push
stable yet).

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 inventory/group_vars/openqa             | 3 +++
 inventory/group_vars/openqa_lab         | 3 ---
 inventory/group_vars/openqa_lab_workers | 3 ---
 inventory/group_vars/openqa_workers     | 3 +--
 4 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa
index 709071778e..2927a733d3 100644
--- a/inventory/group_vars/openqa
+++ b/inventory/group_vars/openqa
@@ -20,6 +20,9 @@ openqa_env_suffix:
 openqa_env_prefix:
 openqa_env: production
 
+# updating to tested latest snapshot 2021-05
+openqa_repo: updates-testing
+
 wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json"
 openqa_wikitcms_hostname: fedoraproject.org
 openqa_resultsdb_url: http://resultsdb01.iad2.fedoraproject.org/resultsdb_api/api/v2.0/
diff --git a/inventory/group_vars/openqa_lab b/inventory/group_vars/openqa_lab
index 5c740b87e1..47f62a6c67 100644
--- a/inventory/group_vars/openqa_lab
+++ b/inventory/group_vars/openqa_lab
@@ -36,9 +36,6 @@ openqa_env: staging
 # ON THE EDGE (radical guitar riff)
 openqa_repo: updates-testing
 
-# 2021-05 git bump
-openqa_scratch: ["68350730"]
-
 wikitcms_token: "{{ private }}/files/openidc/staging/wikitcms.json"
 openqa_wikitcms_hostname: stg.fedoraproject.org
 openqa_resultsdb_url: http://resultsdb01.stg.iad2.fedoraproject.org/resultsdb_api/api/v2.0/
diff --git a/inventory/group_vars/openqa_lab_workers b/inventory/group_vars/openqa_lab_workers
index 1beea1ff19..d92c1e1876 100644
--- a/inventory/group_vars/openqa_lab_workers
+++ b/inventory/group_vars/openqa_lab_workers
@@ -19,9 +19,6 @@ openqa_repo: updates-testing
 # we are all NFS workers for now at least
 openqa_nfs_worker: true
 
-# 2021-05 git bumps
-openqa_scratch: ["68353556", "68350730"]
-
 deployment_type: stg
 freezes: false
 
diff --git a/inventory/group_vars/openqa_workers b/inventory/group_vars/openqa_workers
index e2d2a48671..c2b010c999 100644
--- a/inventory/group_vars/openqa_workers
+++ b/inventory/group_vars/openqa_workers
@@ -12,8 +12,7 @@ openqa_env_suffix:
 openqa_env_prefix:
 openqa_env: production
 
-# 2020-11: we're deploying prod from u-t ATM because I don't
-# want to wait a week to push stable
+# updating to tested latest snapshot 2021-05
 openqa_repo: updates-testing
 
 # we are all NFS workers for now at least

From 680ebd81db6c5d0d19ee435a281a8ec50b7c9b02 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 29 May 2021 14:14:54 -0700
Subject: [PATCH 111/189] yum repos: drop failovermethod from secondary repo
 files too

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 files/common/fedora-modular.repo-secondary                 | 3 ---
 files/common/fedora-updates-modular.repo-secondary         | 3 ---
 files/common/fedora-updates-testing-modular.repo-secondary | 3 ---
 files/common/fedora-updates-testing.repo-secondary         | 3 ---
 files/common/fedora-updates.repo-secondary                 | 3 ---
 files/common/fedora.repo-secondary                         | 3 ---
 6 files changed, 18 deletions(-)

diff --git a/files/common/fedora-modular.repo-secondary b/files/common/fedora-modular.repo-secondary
index 84a9dfdcf6..2005b24471 100644
--- a/files/common/fedora-modular.repo-secondary
+++ b/files/common/fedora-modular.repo-secondary
@@ -1,6 +1,5 @@
 [fedora-modular]
 name=Fedora Modular $releasever - $basearch
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Modular/$basearch/os/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch
@@ -14,7 +13,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-modular-debuginfo]
 name=Fedora Modular $releasever - $basearch - Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Modular/$basearch/debug/tree/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch
@@ -28,7 +26,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-modular-source]
 name=Fedora Modular $releasever - Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Modular/source/tree/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch
diff --git a/files/common/fedora-updates-modular.repo-secondary b/files/common/fedora-updates-modular.repo-secondary
index 1536696f38..52ad5962d6 100644
--- a/files/common/fedora-updates-modular.repo-secondary
+++ b/files/common/fedora-updates-modular.repo-secondary
@@ -1,6 +1,5 @@
 [updates-modular]
 name=Fedora Modular $releasever - $basearch - Updates
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Modular/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch
@@ -13,7 +12,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-modular-debuginfo]
 name=Fedora Modular $releasever - $basearch - Updates - Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Modular/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch
@@ -26,7 +24,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-modular-source]
 name=Fedora Modular $releasever - Updates Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Modular/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch
diff --git a/files/common/fedora-updates-testing-modular.repo-secondary b/files/common/fedora-updates-testing-modular.repo-secondary
index 0b05a4cf73..245ec471ce 100644
--- a/files/common/fedora-updates-testing-modular.repo-secondary
+++ b/files/common/fedora-updates-testing-modular.repo-secondary
@@ -1,6 +1,5 @@
 [updates-testing-modular]
 name=Fedora Modular $releasever - $basearch - Test Updates
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Modular/$basearch/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch
 enabled=0
@@ -9,7 +8,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-modular-debuginfo]
 name=Fedora Modular $releasever - $basearch - Test Updates Debug
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Modular/$basearch/debug/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch
 enabled=0
@@ -18,7 +16,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-modular-source]
 name=Fedora Modular $releasever - Test Updates Source
-failovermethod=priority
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Modular/SRPMS/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch
 enabled=0
diff --git a/files/common/fedora-updates-testing.repo-secondary b/files/common/fedora-updates-testing.repo-secondary
index 734a342fc1..c2c47a87b3 100644
--- a/files/common/fedora-updates-testing.repo-secondary
+++ b/files/common/fedora-updates-testing.repo-secondary
@@ -1,6 +1,5 @@
 [updates-testing]
 name=Fedora $releasever - $basearch - Test Updates
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/
 {% else %}
@@ -13,7 +12,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-debuginfo]
 name=Fedora $releasever - $basearch - Test Updates Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/$basearch/debug/
 {% else %}
@@ -26,7 +24,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-testing-source]
 name=Fedora $releasever - Test Updates Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/testing/$releasever/Everything/SRPMS/
 {% else %}
diff --git a/files/common/fedora-updates.repo-secondary b/files/common/fedora-updates.repo-secondary
index f65f951d24..c3475c21e7 100644
--- a/files/common/fedora-updates.repo-secondary
+++ b/files/common/fedora-updates.repo-secondary
@@ -1,6 +1,5 @@
 [updates]
 name=Fedora $releasever - $basearch - Updates
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/
 {% else %}
@@ -13,7 +12,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-debuginfo]
 name=Fedora $releasever - $basearch - Updates - Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/Everything/$basearch/debug/
 {% else %}
@@ -26,7 +24,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [updates-source]
 name=Fedora $releasever - Updates Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int >27  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/updates/$releasever/SRPMS/
 {% else %}
diff --git a/files/common/fedora.repo-secondary b/files/common/fedora.repo-secondary
index d67ea25654..29cd964a78 100644
--- a/files/common/fedora.repo-secondary
+++ b/files/common/fedora.repo-secondary
@@ -1,6 +1,5 @@
 [fedora]
 name=Fedora $releasever - $basearch
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=https://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/os/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
@@ -14,7 +13,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-debuginfo]
 name=Fedora $releasever - $basearch - Debug
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/$basearch/debug/tree/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
@@ -28,7 +26,6 @@ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
 
 [fedora-source]
 name=Fedora $releasever - Source
-failovermethod=priority
 {% if ansible_distribution_major_version|int < ( FedoraBranchedNumber|int if FedoraBranched == True else FedoraRawhideNumber|int )  %}
 baseurl=http://infrastructure.fedoraproject.org/pub{{ archive_if_archived }}/fedora-secondary/releases/$releasever/Everything/source/tree/
 #metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch

From f07e452f93ac996e22a51ff15e75815953f3bbbe Mon Sep 17 00:00:00 2001
From: Adrian Reber <adrian@lisas.de>
Date: Sun, 30 May 2021 15:06:44 +0200
Subject: [PATCH 112/189] Update to latest mirrorlist-server git release

Older releases were printing out messages about DNS errors.

We decided that this is not important and only relevant during
debug runs.

Signed-off-by: Adrian Reber <adrian@lisas.de>
---
 roles/mirrormanager/backend/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/mirrormanager/backend/tasks/main.yml b/roles/mirrormanager/backend/tasks/main.yml
index 49b4277729..b34626f1d5 100644
--- a/roles/mirrormanager/backend/tasks/main.yml
+++ b/roles/mirrormanager/backend/tasks/main.yml
@@ -159,7 +159,7 @@
 - name: checkout mirrorlist-server
   git:
     repo: https://github.com/adrianreber/mirrorlist-server.git
-    version: 3.0.2
+    version: 3.0.4
     dest: /srv/mirrorlist-server.git
   become: yes
   become_user: mirrormanager

From cc91747bdf76261575aa05945b7df0657e1e06e1 Mon Sep 17 00:00:00 2001
From: Adrian Reber <adrian@lisas.de>
Date: Sun, 30 May 2021 18:50:29 +0200
Subject: [PATCH 113/189] mirrormanager: install scan-primary-mirror

scan-primary-mirror is another MirrorManager2 tool rewritten in Rust.

The main advantage is that the path to repository mapping is no longer
part of the code, but it is part of the configuration file which makes
it much easier to add new repository definition.

As with all other rewritten tools in Rust it uses considerably less
memory.

Signed-off-by: Adrian Reber <adrian@lisas.de>
---
 roles/mirrormanager/backend/tasks/main.yml | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/roles/mirrormanager/backend/tasks/main.yml b/roles/mirrormanager/backend/tasks/main.yml
index b34626f1d5..d7c33b704f 100644
--- a/roles/mirrormanager/backend/tasks/main.yml
+++ b/roles/mirrormanager/backend/tasks/main.yml
@@ -156,6 +156,8 @@
     mode: 0600
 - name: create /srv/mirrorlist-server.git
   file: path=/srv/mirrorlist-server.git state=directory owner=mirrormanager group=mirrormanager mode=0755
+- name: create /srv/scan-primary-mirror.git
+  file: path=/srv/scan-primary-mirror.git state=directory owner=mirrormanager group=mirrormanager mode=0755
 - name: checkout mirrorlist-server
   git:
     repo: https://github.com/adrianreber/mirrorlist-server.git
@@ -164,6 +166,14 @@
   become: yes
   become_user: mirrormanager
   register: mirrorlist_server_downloaded
+- name: checkout scan-primary-mirror
+  git:
+    repo: https://github.com/adrianreber/scan-primary-mirror.git
+    version: 0.1.0
+    dest: /srv/scan-primary-mirror.git
+  become: yes
+  become_user: mirrormanager
+  register: scan_primary_mirror_downloaded
 - name: build generate-mirrorlist-cache
   command: "cargo build --release --bin generate-mirrorlist-cache"
   args:
@@ -172,6 +182,14 @@
   become_user: mirrormanager
   register: mirrorlist_server_built
   when: "mirrorlist_server_downloaded is changed"
+- name: build scan-primary-mirror
+  command: "cargo build --release"
+  args:
+    chdir: /srv/scan-primary-mirror.git
+  become: yes
+  become_user: mirrormanager
+  register: scan_primary_mirror_built
+  when: "scan_primary_mirror_downloaded is changed"
 - name: install generate-mirrorlist-cache
   copy:
     src: /srv/mirrorlist-server.git/target/release/generate-mirrorlist-cache
@@ -181,3 +199,12 @@
     group: root
     mode: 755
   when: "mirrorlist_server_built is changed"
+- name: install scan-primary-mirror
+  copy:
+    src: /srv/scan-primary-mirror.git/target/release/scan-primary-mirror
+    dest: /usr/local/bin/scan-primary-mirror
+    remote_src: yes
+    owner: root
+    group: root
+    mode: 755
+  when: "scan_primary_mirror_built is changed"

From 5177b928641104bdfe755c86c44ab7cb9615f973 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 30 May 2021 20:15:11 -0700
Subject: [PATCH 114/189] remove some duplicate ips

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org | 1 -
 inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org | 1 -
 inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org | 1 -
 inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org | 1 -
 4 files changed, 4 deletions(-)

diff --git a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
index f6ad983317..c3f6d494a2 100644
--- a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
@@ -5,4 +5,3 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 
 eth0_ip: 10.3.171.53
-eth0_ip: 10.3.171.53
diff --git a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
index e38eb17ce9..9e01631945 100644
--- a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
@@ -5,4 +5,3 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 
 eth0_ip: 10.3.171.55
-eth0_ip: 10.3.171.55
diff --git a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
index 85ccc2080a..c1585fa5cd 100644
--- a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
@@ -5,4 +5,3 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 
 eth0_ip: 10.3.171.56
-eth0_ip: 10.3.171.56
diff --git a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
index c41d825ce4..4d7a3f3910 100644
--- a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
@@ -5,4 +5,3 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 
 eth0_ip: 10.3.171.60
-eth0_ip: 10.3.171.60

From 89f150cd8c5cdb90ba92f59ba95e7f675e6c68dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Thu, 27 May 2021 11:16:25 +0200
Subject: [PATCH 115/189] abrt: Bring roles up to date with upstream

---
 roles/abrt/faf/meta/.galaxy_install_info      |  2 +-
 roles/abrt/faf/tasks/cleanup.yml              |  1 -
 roles/abrt/retrace/defaults/main.yml          | 20 +++++++++----------
 roles/abrt/retrace/meta/.galaxy_install_info  |  2 +-
 roles/abrt/retrace/meta/main.yml              | 13 ++++++------
 roles/abrt/retrace/tasks/config.yml           |  3 +++
 roles/abrt/retrace/tasks/podman.yml           |  4 ++--
 .../templates/etc-retrace-server.conf.j2      | 11 ++++++++--
 8 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/roles/abrt/faf/meta/.galaxy_install_info b/roles/abrt/faf/meta/.galaxy_install_info
index 928caa4a4c..d014cfad01 100644
--- a/roles/abrt/faf/meta/.galaxy_install_info
+++ b/roles/abrt/faf/meta/.galaxy_install_info
@@ -1,2 +1,2 @@
-install_date: Fri Mar 27 19:49:42 2020
+install_date: Thu May 27 08:27:11 2021
 version: master
diff --git a/roles/abrt/faf/tasks/cleanup.yml b/roles/abrt/faf/tasks/cleanup.yml
index 28941d76f7..e5131097ca 100644
--- a/roles/abrt/faf/tasks/cleanup.yml
+++ b/roles/abrt/faf/tasks/cleanup.yml
@@ -4,7 +4,6 @@
   loop: "{{ eol_opsys | selectattr('opsys') | selectattr('release') | list }}"
   become: yes
   become_user: faf
-  register: remove_eoled_output
   failed_when: false
   changed_when: false
 
diff --git a/roles/abrt/retrace/defaults/main.yml b/roles/abrt/retrace/defaults/main.yml
index d25b03bfea..8757afb331 100644
--- a/roles/abrt/retrace/defaults/main.yml
+++ b/roles/abrt/retrace/defaults/main.yml
@@ -15,6 +15,9 @@ rs_allow_interactive: false
 # Allow X-CoreFileDirectory header
 rs_allow_external_dir: false
 
+# Expose metrics for monitoring via Prometheus
+rs_allow_metrics: true
+
 # Allow to create tasks owned by task manager (security risk)
 rs_allow_task_manager: false
 
@@ -93,6 +96,9 @@ rs_keep_rawhide_latest: 3
 # Repo used to install chroot for vmcores
 rs_kernel_chroot_repo: http://dl.fedoraproject.org/pub/fedora/linux/releases/16/Everything/$ARCH/os/
 
+# Path to the kernel (vmcore) debugger
+rs_kernel_debugger_path: /usr/bin/crash
+
 # Koji directory structure can be used to search for kernel debuginfo
 rs_koji_root: /mnt/koji
 
@@ -128,8 +134,9 @@ rs_use_faf_packages: false
 # Spool directory for FAF packages
 faf_spool_dir: /var/spool/faf
 
-# Run the retrace in a Mock chroot (default), or a Podman container
-# (mock|podman)
+# Run the retrace in a Mock chroot (default), a Podman container,
+# or on the native machine.
+# (mock|podman|native)
 rs_retrace_environment: podman
 
 # Whether to enable e-mail notifications
@@ -183,17 +190,10 @@ rs_force_reinstall: false
 # Check server health after installation
 rs_check_health: true
 
-# Path to the executable hook scripts
-# https://github.com/abrt/retrace-server/wiki/Hook-scripts
-rs_hooks_executable_path: /usr/libexec/retrace-server/hooks/
-
-# Global time limit for hook scripts (in seconds)
-rs_hooks_global_timeout: 300
-
 # Hostname
 hostname: example.org
 
-# Path to the executable hook scripts                                                                                    
+# Path to the executable hook scripts
 # see https://github.com/abrt/retrace-server/wiki/Hook-scripts
 rs_executable_hooks_path: "/usr/libexec/retrace-server/hooks/"
 
diff --git a/roles/abrt/retrace/meta/.galaxy_install_info b/roles/abrt/retrace/meta/.galaxy_install_info
index 5655a5edcb..4e65b113df 100644
--- a/roles/abrt/retrace/meta/.galaxy_install_info
+++ b/roles/abrt/retrace/meta/.galaxy_install_info
@@ -1,2 +1,2 @@
-install_date: Fri Mar 27 19:49:44 2020
+install_date: Thu May 27 08:27:12 2021
 version: master
diff --git a/roles/abrt/retrace/meta/main.yml b/roles/abrt/retrace/meta/main.yml
index ca93f0e38a..48a9303dfe 100644
--- a/roles/abrt/retrace/meta/main.yml
+++ b/roles/abrt/retrace/meta/main.yml
@@ -1,19 +1,18 @@
 ---
 galaxy_info:
   author: sorki
-  description: Deploy retrace-server
+  description: Retrace Server deployment
   license: BSD
-  min_ansible_version: 1.9
+  min_ansible_version: 2.8
   platforms:
    - name: EL
      versions:
       - 7
+      - 8
    - name: Fedora
      versions:
-      - 26
-      - 27
-      - 28
+      - 33
+      - 34
+      - 35
   galaxy_tags:
    - system
-#dependencies:
-#  - { role: httpd }
diff --git a/roles/abrt/retrace/tasks/config.yml b/roles/abrt/retrace/tasks/config.yml
index 94009a3123..72f0136cf3 100644
--- a/roles/abrt/retrace/tasks/config.yml
+++ b/roles/abrt/retrace/tasks/config.yml
@@ -3,16 +3,19 @@
   template:
     src: etc-retrace-server.conf.j2
     dest: /etc/retrace-server/retrace-server.conf
+    mode: 0644
   notify: restart httpd
 
 - name: retrace-server http config
   template:
     src: retrace-server-httpd.conf.j2
     dest: /etc/httpd/conf.d/retrace-server-httpd.conf
+    mode: 0644
   notify: restart httpd
 
 - name: configure retrace-server hooks config
   template:
     src: etc-retrace-server-hooks.conf.j2
     dest: /etc/retrace-server/retrace-server-hooks.conf
+    mode: 0644
   notify: restart httpd
diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml
index 6a61c859b2..c0252c310e 100644
--- a/roles/abrt/retrace/tasks/podman.yml
+++ b/roles/abrt/retrace/tasks/podman.yml
@@ -1,5 +1,5 @@
 ---
-- name: Install podman package
+- name: Install Podman package
   package:
     name: podman
     state: present
@@ -59,7 +59,7 @@
 
   when: '"retrace" not in retrace_subgid.stdout'
 
-- name: Start httpd afterretrace user modification
+- name: Start httpd after retrace user modification
   service:
     name: httpd
     state: started
diff --git a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2 b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2
index 0a090bd92d..d36c7b77f9 100644
--- a/roles/abrt/retrace/templates/etc-retrace-server.conf.j2
+++ b/roles/abrt/retrace/templates/etc-retrace-server.conf.j2
@@ -21,6 +21,9 @@ AllowInteractive = {{ rs_allow_interactive|int }}
 # Allow X-CoreFileDirectory header
 AllowExternalDir = {{ rs_allow_external_dir|int }}
 
+# Expose metrics for monitoring via Prometheus
+AllowMetrics = {{ rs_allow_metrics|int }}
+
 # Allow to create tasks owned by task manager (security risk)
 AllowTaskManager = {{ rs_allow_task_manager|int }}
 
@@ -135,8 +138,9 @@ UseFafPackages = {{ rs_use_faf_packages|int }}
 # Spool directory for FAF packages
 FafLinkDir = {{ faf_spool_dir }}
 
-# Run the retrace in a Mock chroot (default), or a Podman container
-# (mock|podman)
+# Run the retrace in a Mock chroot (default), a Podman container,
+# or on the native machine.
+# (mock|podman|native)
 RetraceEnvironment = {{ rs_retrace_environment }}
 
 # Whether to enable e-mail notifications
@@ -172,6 +176,9 @@ BugzillaRegExes = {{ rs_bugzilla_regexes }}
 # Timeout (in seconds) for communication with any process
 ProcessCommunicateTimeout = {{ rs_process_communicate_timeout|int }}
 
+# Path to the kernel (vmcore) debugger
+KernelDebuggerPath = {{ rs_kernel_debugger_path }}
+
 [archhosts]
 {% for a in rs_archhosts %}
 {{ a.arch }} = {{ a.url|default('', true) }}

From f0cdefabf5310ad1ce69e549d9926377e43b5175 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Thu, 27 May 2021 11:31:33 +0200
Subject: [PATCH 116/189] abrt: Improve code style

* Add names to tasks.
* Split arguments over lines.
---
 roles/abrt/retrace-pre/tasks/main.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/roles/abrt/retrace-pre/tasks/main.yml b/roles/abrt/retrace-pre/tasks/main.yml
index ec17ee00b1..f4eac3603b 100644
--- a/roles/abrt/retrace-pre/tasks/main.yml
+++ b/roles/abrt/retrace-pre/tasks/main.yml
@@ -1,16 +1,23 @@
 ---
 # create uid - this is normaly done by retrace package
 # but the package is not installed yet at this momement
-- user: name="retrace" group=retrace uid=174 home=/srv/retrace/home
+- name: Create retrace user
+  user:
+    name: retrace
+    group: retrace
+    uid: 174
+    home: /srv/retrace/home
 
-- file:
+- name: Create directory for repositories
+  file:
     path: /srv/retrace/repos
     state: directory
     mode: 0755
     owner: retrace
     group: retrace
 
-- file:
+- name: Create directory for retrace tasks
+  file:
     path: /srv/retrace/tasks
     state: directory
     mode: 0755

From 8f308ed0d92284ea65cc838cbec1618c7d17af6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Thu, 27 May 2021 11:32:32 +0200
Subject: [PATCH 117/189] abrt: Do not modify retrace home perms

---
 roles/abrt/retrace-pre/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/abrt/retrace-pre/tasks/main.yml b/roles/abrt/retrace-pre/tasks/main.yml
index f4eac3603b..dc80dd4acd 100644
--- a/roles/abrt/retrace-pre/tasks/main.yml
+++ b/roles/abrt/retrace-pre/tasks/main.yml
@@ -30,10 +30,3 @@
     mode: 0755
     owner: retrace
     group: retrace
-
-- file:
-    path: /srv/retrace/home
-    state: directory
-    mode: 0755
-    owner: retrace
-    group: retrace

From ed06aae6ab0f5ea383df4ad53aee134a2464debc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Thu, 27 May 2021 11:33:36 +0200
Subject: [PATCH 118/189] abrt: Update list of releases for faf and
 retrace-server

---
 .../retrace-stg.aws.fedoraproject.org         |  77 +++----
 .../retrace03.rdu-cc.fedoraproject.org        | 194 ++++++++----------
 roles/abrt/retrace-post/defaults/main.yml     |   4 +-
 3 files changed, 126 insertions(+), 149 deletions(-)

diff --git a/inventory/host_vars/retrace-stg.aws.fedoraproject.org b/inventory/host_vars/retrace-stg.aws.fedoraproject.org
index b0a94ece73..1f5233bbc8 100644
--- a/inventory/host_vars/retrace-stg.aws.fedoraproject.org
+++ b/inventory/host_vars/retrace-stg.aws.fedoraproject.org
@@ -13,8 +13,8 @@ faf_server_name: retrace-stg.aws.fedoraproject.org/faf
 rs_use_faf_packages: true
 
 # we do not have enough storage on stg
-rs_internal_fedora_vers: [32, rawhide]
-rs_internal_fedora_vers_removed: []
+rs_internal_fedora_vers: [34, rawhide]
+rs_internal_fedora_vers_removed: [31, 32, 33]
 rs_internal_arch_list: [source, x86_64, i386]
 
 # List of supported operating systems
@@ -53,39 +53,42 @@ nagios_Check_Services:
   raid: false
 
 faf_repos:
-  - { name: 'fedora-32-source',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/source/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/32/Everything/source/tree/'],
-      arch: 'src',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/x86_64/os/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/32/Everything/x86_64/os/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/x86_64/debug/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/32/Everything/x86_64/debug/tree/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-testing-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/32/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-testing',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/32/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-updates-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/32/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-updates',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/32/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
+  - name: 'fedora-34-source'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/source/tree/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/34/Everything/source/tree/'
+    arch: 'src'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/os/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/34/Everything/x86_64/os/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/debug/tree/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/34/Everything/x86_64/debug/tree/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-testing-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/34/Everything/x86_64/debug/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-testing'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/34/Everything/x86_64/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-updates-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/34/Everything/x86_64/debug/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-updates'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/34/Everything/x86_64/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
 ...
diff --git a/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org b/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org
index edadeddd30..e6d8a81317 100644
--- a/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/retrace03.rdu-cc.fedoraproject.org
@@ -5,8 +5,8 @@ faf_server_name: retrace.fedoraproject.org/faf
 rs_use_faf_packages: true
 
 # we do not have enough storage on stg
-rs_internal_fedora_vers: [32, 33, 34, rawhide]
-rs_internal_fedora_vers_removed: []
+rs_internal_fedora_vers: [33, 34, rawhide]
+rs_internal_fedora_vers_removed: [30, 31, 32]
 rs_internal_arch_list: [source, x86_64, i386]
 
 # consumed by roles/copr/certbot
@@ -35,7 +35,9 @@ faf_opsys_list:
 
 # Clean-up packages of following EOLed operating systems
 eol_opsys:
-#  - { opsys: "Fedora", release: "30"}
+  - { opsys: "Fedora", release: "30"}
+  - { opsys: "Fedora", release: "31"}
+  - { opsys: "Fedora", release: "32"}
 
 # GDPR SAR variables
 sar_script: '/usr/bin/faf sar'
@@ -43,110 +45,82 @@ sar_script_user: faf
 sar_output_file: faf.json
 
 faf_repos:
-  - { name: 'fedora-31-source',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/31/Everything/source/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/31/Everything/source/tree/'],
-      arch: 'src',
-      opsys: 'Fedora 31',
-    }
-  - { name: 'fedora-31-x86_64',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/31/Everything/x86_64/os/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/31/Everything/x86_64/os/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 31',
-    }
-  - { name: 'fedora-31-x86_64-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/31/Everything/x86_64/debug/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/31/Everything/x86_64/debug/tree/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 31',
-    }
-  - { name: 'fedora-31-x86_64-testing-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/31/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 31',
-    }
-  - { name: 'fedora-31-x86_64-testing',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/31/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 31',
-    }
-  - { name: 'fedora-31-x86_64-updates-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/31/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 31',
-    }
-  - { name: 'fedora-31-x86_64-updates',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/31/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 31',
-    }
-  - { name: 'fedora-32-source',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/source/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/32/Everything/source/tree/'],
-      arch: 'src',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/x86_64/os/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/32/Everything/x86_64/os/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/32/Everything/x86_64/debug/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/32/Everything/x86_64/debug/tree/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-testing-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/32/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-testing',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/32/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-updates-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/32/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-  - { name: 'fedora-32-x86_64-updates',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/32/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 32',
-    }
-###### Fedora 33
-  - { name: 'fedora-33-source',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/source/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/33/Everything/source/tree/'],
-      arch: 'src',
-      opsys: 'Fedora 33',
-    }
-  - { name: 'fedora-33-x86_64',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/x86_64/os/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/33/Everything/x86_64/os/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 33',
-    }
-  - { name: 'fedora-33-x86_64-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/x86_64/debug/tree/', 'http://dl01.fedoraproject.org/pub/fedora/linux/development/33/Everything/x86_64/debug/tree/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 33',
-    }
-  - { name: 'fedora-33-x86_64-testing-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/33/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 33',
-    }
-  - { name: 'fedora-33-x86_64-testing',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/33/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 33',
-    }
-  - { name: 'fedora-33-x86_64-updates-debug',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/33/Everything/x86_64/debug/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 33',
-    }
-  - { name: 'fedora-33-x86_64-updates',
-      url: ['http://dl01.fedoraproject.org/pub/fedora/linux/updates/33/Everything/x86_64/'],
-      arch: 'x86_64',
-      opsys: 'Fedora 33',
-    }
-
+  # Fedora 33 repositories ------------------------------------------------
+  - name: 'fedora-33-source'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/source/tree/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/33/Everything/source/tree/'
+    arch: 'src'
+    opsys: 'Fedora 33'
+  - name: 'fedora-33-x86_64'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/x86_64/os/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/33/Everything/x86_64/os/'
+    arch: 'x86_64'
+    opsys: 'Fedora 33'
+  - name: 'fedora-33-x86_64-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/x86_64/debug/tree/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/33/Everything/x86_64/debug/tree/'
+    arch: 'x86_64'
+    opsys: 'Fedora 33'
+  - name: 'fedora-33-x86_64-testing-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/33/Everything/x86_64/debug/'
+    arch: 'x86_64'
+    opsys: 'Fedora 33'
+  - name: 'fedora-33-x86_64-testing'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/33/Everything/x86_64/'
+    arch: 'x86_64'
+    opsys: 'Fedora 33'
+  - name: 'fedora-33-x86_64-updates-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/33/Everything/x86_64/debug/'
+    arch: 'x86_64'
+    opsys: 'Fedora 33'
+  - name: 'fedora-33-x86_64-updates'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/33/Everything/x86_64/'
+    arch: 'x86_64'
+    opsys: 'Fedora 33'
+  # Fedora 34 repositories ------------------------------------------------
+  - name: 'fedora-34-source'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/source/tree/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/34/Everything/source/tree/'
+    arch: 'src'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/os/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/34/Everything/x86_64/os/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/releases/34/Everything/x86_64/debug/tree/'
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/development/34/Everything/x86_64/debug/tree/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-testing-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/34/Everything/x86_64/debug/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-testing'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/testing/34/Everything/x86_64/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-updates-debug'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/34/Everything/x86_64/debug/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+  - name: 'fedora-34-x86_64-updates'
+    url:
+      - 'http://dl01.fedoraproject.org/pub/fedora/linux/updates/34/Everything/x86_64/'
+    arch: 'x86_64'
+    opsys: 'Fedora 34'
+...
diff --git a/roles/abrt/retrace-post/defaults/main.yml b/roles/abrt/retrace-post/defaults/main.yml
index 2d77c3b9e8..fb1633d481 100644
--- a/roles/abrt/retrace-post/defaults/main.yml
+++ b/roles/abrt/retrace-post/defaults/main.yml
@@ -1,8 +1,8 @@
 ---
 
 # List of fedora versions for reposync
-rs_internal_fedora_vers: [32, 33, 34, rawhide]
-rs_internal_fedora_vers_removed: [24, 25, 26, 27, 28, 29, 30, 31]
+rs_internal_fedora_vers: [33, 34, rawhide]
+rs_internal_fedora_vers_removed: [24, 25, 26, 27, 28, 29, 30, 31, 32]
 
 # List of architectures for reposync
 # armhfp disabled untill we get more space

From b70871444453cdfd9b8b885b7f7a0b4bb2eb5944 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Mon, 31 May 2021 16:04:00 +0200
Subject: [PATCH 119/189] abrt: Fix become directive

`become` only accepts, not the user name which belongs in `become_user`.
---
 roles/abrt/faf-post/tasks/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/abrt/faf-post/tasks/main.yml b/roles/abrt/faf-post/tasks/main.yml
index 898bfc426d..8b99924ac5 100644
--- a/roles/abrt/faf-post/tasks/main.yml
+++ b/roles/abrt/faf-post/tasks/main.yml
@@ -22,17 +22,17 @@
 
 - name: get repolist of EOL releases
   shell: "faf repolist | grep fedora-{{ item }} || true"
+  become: yes
+  become_user: faf
   register: eol_repolist
   loop: "{{ rs_internal_fedora_vers_removed }}"
   changed_when: eol_repolist.stdout
-  become: yes
-  become_user: faf
 
 - name: remove repos of EOLed releases
   command: faf repodel "{{ item }}"
-  loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}"
-  become: faf
+  become: yes
   become_user: faf
+  loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}"
 
 - name: cleanup packages from EOLed fedora release
   command: "faf cleanup-packages Fedora '{{ item }}' "

From 14f31b2481b568637bf663716803983966444217 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Tue, 1 Jun 2021 18:12:53 +0200
Subject: [PATCH 120/189] Prod can't reach the secondary STOMP broker, for now
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 .../bugzilla2fedmsg/templates/fedora-messaging.toml            | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/openshift-apps/bugzilla2fedmsg/templates/fedora-messaging.toml b/roles/openshift-apps/bugzilla2fedmsg/templates/fedora-messaging.toml
index 428dcb48a4..3d0bc8e19a 100644
--- a/roles/openshift-apps/bugzilla2fedmsg/templates/fedora-messaging.toml
+++ b/roles/openshift-apps/bugzilla2fedmsg/templates/fedora-messaging.toml
@@ -27,7 +27,8 @@ certfile = "/etc/pki/fedora-messaging/bugzilla2fedmsg-cert.pem"
     user = "{{ redhat_dmz_dev_broker_username }}"
     pass = "{{ redhat_dmz_dev_broker_password }}"
 {% else %}
-    uri = "failover:(ssl://messaging-devops-broker01.dist.prod.ext.phx2.redhat.com:61612,ssl://messaging-devops-broker02.dist.prod.ext.phx2.redhat.com:61612)"
+    #uri = "failover:(ssl://messaging-devops-broker01.dist.prod.ext.phx2.redhat.com:61612,ssl://messaging-devops-broker02.dist.prod.ext.phx2.redhat.com:61612)"
+    uri = "ssl://messaging-devops-broker01.dist.prod.ext.phx2.redhat.com:61612"
     user = "{{ redhat_dmz_prod_broker_username }}"
     pass = "{{ redhat_dmz_prod_broker_password }}"
 {% endif %}

From 10d20fdf0a4d30e40a91091f118db26c939b8ae6 Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@smoogespace.com>
Date: Tue, 1 Jun 2021 15:17:25 -0400
Subject: [PATCH 121/189] Add in new interface for cloud-noc-os01

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
---
 .../cloud-noc-os01.rdu-cc.fedoraproject.org          | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/inventory/host_vars/cloud-noc-os01.rdu-cc.fedoraproject.org b/inventory/host_vars/cloud-noc-os01.rdu-cc.fedoraproject.org
index f542a2c73d..033326dd32 100644
--- a/inventory/host_vars/cloud-noc-os01.rdu-cc.fedoraproject.org
+++ b/inventory/host_vars/cloud-noc-os01.rdu-cc.fedoraproject.org
@@ -20,9 +20,12 @@ eth0_ipv4_nm: 23
 eth0_ipv4_gw: 8.43.85.254
 eth1_ipv4: 172.23.1.3
 eth1_ipv4_nm: 24
+eth2_ipv4: 172.23.5.3
+eth2_ipv4_nm: 24
 
 mac0: 52:54:00:46:ed:ba
 mac1: 52:54:00:24:8e:bc
+mac2: 52:54:00:d6:ab:66
 public_hostname: cloud-noc-os01.rdu-cc.fedoraproject.org
 
 network_connections:
@@ -51,6 +54,15 @@ network_connections:
       - "{{ eth1_ipv4 }}/{{ eth1_ipv4_nm }}"
       dhcp4: no
       auto6: no
+  - name: eth2
+    mac: "{{ mac2 }}"
+    type: ethernet
+    autoconnect: yes
+    ip:
+      address:
+      - "{{ eth2_ipv4 }}/{{ eth2_ipv4_nm }}"
+      dhcp4: no
+      auto6: no
 
 virt_install_command: virt-install -n {{ inventory_hostname }}
                  --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio

From fe1981d29283858cdccfcbb2e05c42fb16600ad9 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 1 Jun 2021 12:19:58 -0700
Subject: [PATCH 122/189] openQA: disable u-t for prod

Don't need it now, latest openQA is pushed stable.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 inventory/group_vars/openqa         | 3 ---
 inventory/group_vars/openqa_workers | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/inventory/group_vars/openqa b/inventory/group_vars/openqa
index 2927a733d3..709071778e 100644
--- a/inventory/group_vars/openqa
+++ b/inventory/group_vars/openqa
@@ -20,9 +20,6 @@ openqa_env_suffix:
 openqa_env_prefix:
 openqa_env: production
 
-# updating to tested latest snapshot 2021-05
-openqa_repo: updates-testing
-
 wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json"
 openqa_wikitcms_hostname: fedoraproject.org
 openqa_resultsdb_url: http://resultsdb01.iad2.fedoraproject.org/resultsdb_api/api/v2.0/
diff --git a/inventory/group_vars/openqa_workers b/inventory/group_vars/openqa_workers
index c2b010c999..5ec254a2a2 100644
--- a/inventory/group_vars/openqa_workers
+++ b/inventory/group_vars/openqa_workers
@@ -12,9 +12,6 @@ openqa_env_suffix:
 openqa_env_prefix:
 openqa_env: production
 
-# updating to tested latest snapshot 2021-05
-openqa_repo: updates-testing
-
 # we are all NFS workers for now at least
 openqa_nfs_worker: true
 

From 0029b86d940818def232930eefde1c2edd7ffc0e Mon Sep 17 00:00:00 2001
From: Stephen Smoogen <smooge@smoogespace.com>
Date: Tue, 1 Jun 2021 15:21:03 -0400
Subject: [PATCH 123/189] Add in 172.23.5.0 network for cloud-noc

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
---
 .../dhcpd.conf.cloud-noc-os01.rdu-cc.fedoraproject.org    | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/dhcp_server/files/dhcpd.conf.cloud-noc-os01.rdu-cc.fedoraproject.org b/roles/dhcp_server/files/dhcpd.conf.cloud-noc-os01.rdu-cc.fedoraproject.org
index f44998b9ad..1e945509ec 100644
--- a/roles/dhcp_server/files/dhcpd.conf.cloud-noc-os01.rdu-cc.fedoraproject.org
+++ b/roles/dhcp_server/files/dhcpd.conf.cloud-noc-os01.rdu-cc.fedoraproject.org
@@ -13,4 +13,12 @@ shared-network mgmt {
     	   option routers 172.23.1.254;
 	   range 172.23.1.100 172.23.1.249;
 	   }
+    subnet 172.23.5.0 netmask 255.255.255.0 {
+    	   allow booting;
+    	   allow bootp;
+           authoritative;
+
+    	   option routers 172.23.5.254;
+	   range 172.23.5.100 172.23.5.249;
+	   }
 }

From ca112a19229c36c7add1319ac09762653a91fa83 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 1 Jun 2021 13:38:42 -0700
Subject: [PATCH 124/189] openQA: update some branch names to 'main' not
 'master'

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 roles/openqa/dispatcher/tasks/main.yml   | 2 +-
 roles/openqa/worker/defaults/main.yml    | 2 +-
 roles/openqa/worker/tasks/createhdds.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml
index 59f632c895..520a893c5e 100644
--- a/roles/openqa/dispatcher/tasks/main.yml
+++ b/roles/openqa/dispatcher/tasks/main.yml
@@ -201,7 +201,7 @@
     dest: /root/fedora_openqa
   register: gittools
   # case of the 'n' seems inconstant, so intentionally omitted
-  when: "(toolsbranch.stderr.find('ot a git repository') != -1) or (toolsbranch.stdout.find('On branch master') != -1)"
+  when: "(toolsbranch.stderr.find('ot a git repository') != -1) or (toolsbranch.stdout.find('On branch main') != -1)"
 
 - name: Check if fedora_openqa is installed for current Python
   command: "pip show fedora_openqa"
diff --git a/roles/openqa/worker/defaults/main.yml b/roles/openqa/worker/defaults/main.yml
index a1dd3494c8..c44923f7e3 100644
--- a/roles/openqa/worker/defaults/main.yml
+++ b/roles/openqa/worker/defaults/main.yml
@@ -1,6 +1,6 @@
 openqa_hostname: localhost
 openqa_repo: updates
-openqa_createhdds_branch: master
+openqa_createhdds_branch: main
 openqa_nfs_worker: false
 openqa_tap: false
 openqa_hdds_worker: false
diff --git a/roles/openqa/worker/tasks/createhdds.yml b/roles/openqa/worker/tasks/createhdds.yml
index f0df315bb6..e4dd5b30b0 100644
--- a/roles/openqa/worker/tasks/createhdds.yml
+++ b/roles/openqa/worker/tasks/createhdds.yml
@@ -1,7 +1,7 @@
 # Required vars with defaults
 # - openqa_createhdds_branch
 ##       string - The git branch of createhdds to check out
-##       default - master
+##       default - main
 
 - name: Install required packages
   package:

From 7c15f8e022312cb1327952e99bc78cb38174caeb Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 1 Jun 2021 18:33:42 -0700
Subject: [PATCH 125/189] adjust bkernel mgmt interface named

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/nagios | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/inventory/group_vars/nagios b/inventory/group_vars/nagios
index e41c280054..b3423e1500 100644
--- a/inventory/group_vars/nagios
+++ b/inventory/group_vars/nagios
@@ -44,7 +44,8 @@ csi_purpose: Monitoring system
 #
 iad2_management_hosts:
   - backup01.mgmt.iad2.fedoraproject.org
-  - bkernel-x86-01.mgmt.iad2.fedoraproject.org
+  - bkernel01.mgmt.iad2.fedoraproject.org
+  - bkernel02.mgmt.iad2.fedoraproject.org
   - bvmhost-x86-01.mgmt.iad2.fedoraproject.org
   - bvmhost-x86-02.mgmt.iad2.fedoraproject.org
   - bvmhost-x86-03.mgmt.iad2.fedoraproject.org

From 8a08f87d43995f1f66cf08fab664f94974bccfcb Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 2 Jun 2021 08:32:39 +0200
Subject: [PATCH 126/189] copr-dist-git: fix failing Thunderbird import

Fixes: https://pagure.io/copr/copr/issue/1700
---
 .../files/patches/git-python-pr-1254.patch    | 44 +++++++++++++++++++
 roles/copr/dist_git/tasks/main.yml            |  5 +++
 2 files changed, 49 insertions(+)
 create mode 100644 roles/copr/dist_git/files/patches/git-python-pr-1254.patch

diff --git a/roles/copr/dist_git/files/patches/git-python-pr-1254.patch b/roles/copr/dist_git/files/patches/git-python-pr-1254.patch
new file mode 100644
index 0000000000..d65b90ca7f
--- /dev/null
+++ b/roles/copr/dist_git/files/patches/git-python-pr-1254.patch
@@ -0,0 +1,44 @@
+commit 1a04c15b1f77f908b1dd3983a27ee49c41b3a3e5
+Author:     Todd Zullinger <tmz@pobox.com>
+AuthorDate: Mon May 24 17:34:42 2021 -0400
+Commit:     Todd Zullinger <tmz@pobox.com>
+CommitDate: Tue May 25 11:42:07 2021 -0400
+
+    improve index mode for files with executable bit
+    
+    The fix for #430 in bebc4f56 (Use correct mode for executable files,
+    2016-05-19) is incomplete.  It fails (in most cases) when files have
+    modes which are not exactly 0644 or 0755.
+    
+    Git only cares whether the executable bit is set (or not).  Ensure the
+    mode we set for the index is either 100644 or 100755 based on whether
+    the executable bit is set for the file owner.  Do this similarly to how
+    upstream git does it in cache.h¹.
+    
+    Add a test covering various file modes to help catch regressions.
+    
+    Fixes #1253
+    
+    ¹ https://github.com/git/git/blob/v2.31.1/cache.h#L247
+
+diff --git a/git/index/fun.py b/git/index/fun.py
+index f40928c3..1012f480 100644
+--- a/git/index/fun.py
++++ b/git/index/fun.py
+@@ -11,6 +11,7 @@ from stat import (
+     S_ISDIR,
+     S_IFMT,
+     S_IFREG,
++    S_IXUSR,
+ )
+ import subprocess
+ 
+@@ -115,7 +116,7 @@ def stat_mode_to_index_mode(mode):
+         return S_IFLNK
+     if S_ISDIR(mode) or S_IFMT(mode) == S_IFGITLINK:    # submodules
+         return S_IFGITLINK
+-    return S_IFREG | 0o644 | (mode & 0o111)       # blobs with or without executable bit
++    return S_IFREG | (mode & S_IXUSR and 0o755 or 0o644)  # blobs with or without executable bit
+ 
+ 
+ def write_cache(entries: Sequence[Union[BaseIndexEntry, 'IndexEntry']], stream: IO[bytes],
diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml
index 216e5334a0..03f7fab7dd 100644
--- a/roles/copr/dist_git/tasks/main.yml
+++ b/roles/copr/dist_git/tasks/main.yml
@@ -28,6 +28,11 @@
       - dist-git-selinux
       - copr-dist-git
 
+- name: Patch GitPython to import Thunderbird (issue 1700)
+  patch: src=patches/prunerepo-dataloss.patch
+         dest=/usr/lib/python3.9/site-packages/git/index/fun.py
+  tags: patches
+
 - name: switch selinux to enforcing
   selinux: policy=targeted state=enforcing
 

From 0d070d19414449d1729d44982de8fda0ac9f6464 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Wed, 2 Jun 2021 08:35:03 +0200
Subject: [PATCH 127/189] copr-dist-git: correct patch reference

Complements 8a08f87d43995f1f66cf08fab664f94974bccfcb
---
 roles/copr/dist_git/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml
index 03f7fab7dd..5720a3af7f 100644
--- a/roles/copr/dist_git/tasks/main.yml
+++ b/roles/copr/dist_git/tasks/main.yml
@@ -29,7 +29,7 @@
       - copr-dist-git
 
 - name: Patch GitPython to import Thunderbird (issue 1700)
-  patch: src=patches/prunerepo-dataloss.patch
+  patch: src=patches/git-python-pr-1254.patch
          dest=/usr/lib/python3.9/site-packages/git/index/fun.py
   tags: patches
 

From 7cc2903cd56cef9ceb478681471253196a0200f3 Mon Sep 17 00:00:00 2001
From: Adam Saleh <asaleh@redhat.com>
Date: Thu, 27 May 2021 14:59:05 +0200
Subject: [PATCH 128/189] Added aliases for epel and fedora bz assignee,
 resulting in package-owner-fedora and package-owner-epel aliases.

---
 .../files/owner-email-from-pagure.py          | 41 ++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/roles/packager_alias/files/owner-email-from-pagure.py b/roles/packager_alias/files/owner-email-from-pagure.py
index b9b1a42b12..b79fe3d8c1 100644
--- a/roles/packager_alias/files/owner-email-from-pagure.py
+++ b/roles/packager_alias/files/owner-email-from-pagure.py
@@ -57,12 +57,45 @@ def get_pagure_projects():
         pagure_projects_url = data['pagination']['next']
 
 
+def get_pagure_project_overrides(fullname_roject, default_email):
+    pagure_overrides_url = pagure_url + '_dg/bzoverrides/{}'.format(fullname_roject)
+    session = retry_session()
+    data = {}
+    cnt = 0
+    while True:
+        try:
+            response = session.get(pagure_overrides_url)
+            data = response.json()
+            break
+        except Exception:
+            cnt += 1
+            if cnt == 4:
+                raise
+            time.sleep(30)
+    return data.get("fedora_assignee", default_email), data.get("epel_assignee", default_email)
+
+
+def override_to_emails(override):
+    users = [override]
+    if override.startswith('@'):
+        group = override[1:]
+        response = session.get(pagure_group_url.format(group=group))
+        data = response.json()
+        users = data['members']
+    return {'{0}@fedoraproject.org'.format(user) for user in users}
+
+
 session = retry_session()
 group_data = {}
 for project in get_pagure_projects():
     users = set(project['access_users']['owner']) | \
             set(project['access_users']['admin']) | \
             set(project['access_users']['commit'])
+
+    fedora_override, epel_override = get_pagure_project_overrides(
+           project['fullname'],
+           project['access_users']['owner'][0])
+
     groups = set()
     for group_kind in ('admin', 'commit'):
         for group in project['access_groups'][group_kind]:
@@ -100,11 +133,17 @@ for project in get_pagure_projects():
 
     # Handle case-insensitivity in postfix by unioning things.
     project_alias = project_alias.lower()
+    fedora_alias = '{0}-fedora'.format(project_alias)
+    epel_alias = '{0}-epel'.format(project_alias)
+
     if project_alias in project_to_email:
         project_to_email[project_alias] = project_to_email[project_alias].union(emails)
     else:
         project_to_email[project_alias] = set(emails)
 
+    project_to_email[fedora_alias] = override_to_emails(fedora_override)
+    project_to_email[epel_alias] = override_to_emails(epel_override)
 
-for project_alias, emails in project_to_email.items():
+for project_alias in project_to_email:
+    emails = list(project_to_email[project_alias])
     print('{0}: {1}'.format(project_alias, ','.join(sorted(emails))))

From 138a1eddab6284922be33f36e71c3ee7da20da5b Mon Sep 17 00:00:00 2001
From: Adam Saleh <asaleh@redhat.com>
Date: Fri, 28 May 2021 08:57:48 +0200
Subject: [PATCH 129/189] Changed -owner to -maintainers in alias-generating
 code.

---
 roles/packager_alias/files/owner-email-from-pagure.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/packager_alias/files/owner-email-from-pagure.py b/roles/packager_alias/files/owner-email-from-pagure.py
index b79fe3d8c1..198420d396 100644
--- a/roles/packager_alias/files/owner-email-from-pagure.py
+++ b/roles/packager_alias/files/owner-email-from-pagure.py
@@ -3,7 +3,7 @@
 """
 This script is ran as a cronjob and bastion.
 
-Its goal is to generate all the <pkg>-owner email aliases we provide
+Its goal is to generate all the <pkg>-maintainers email aliases we provide
 """
 
 import time
@@ -122,7 +122,7 @@ for project in get_pagure_projects():
         users = users | set(group_members)
         group_data[group] = set(group_members)
 
-    project_alias = '{0}-owner'.format(project['name'])
+    project_alias = '{0}-maintainers'.format(project['name'])
     # If there is a namespace, prefix the email with it plus a dash
     if project['namespace'] and project['namespace'] != 'rpms':
         project_alias = '{0}-{1}'.format(project['namespace'], project_alias)

From 1e85a2719f92aafca5ebe2cf786d950c6a577b42 Mon Sep 17 00:00:00 2001
From: Adrian Reber <adrian@lisas.de>
Date: Wed, 2 Jun 2021 14:37:20 +0200
Subject: [PATCH 130/189] Switch EPEL to scan-primary-mirror (used to be umdl)

To support epel-next repositories this switches EPEL to use
scan-primary-mirror instead of umdl.

Signed-off-by: Adrian Reber <adrian@lisas.de>
---
 .../mirrormanager/backend/files/umdl-required | 13 ++-
 roles/mirrormanager/backend/tasks/main.yml    | 13 ++-
 .../templates/scan-primary-mirror.toml        | 84 +++++++++++++++++++
 3 files changed, 104 insertions(+), 6 deletions(-)
 create mode 100644 roles/mirrormanager/backend/templates/scan-primary-mirror.toml

diff --git a/roles/mirrormanager/backend/files/umdl-required b/roles/mirrormanager/backend/files/umdl-required
index 51dd138931..5ed7b3e1a8 100644
--- a/roles/mirrormanager/backend/files/umdl-required
+++ b/roles/mirrormanager/backend/files/umdl-required
@@ -1,5 +1,11 @@
 #!/bin/bash
 
+# This script checks for changes on the primary mirror and
+# updates the database if changes are found. For most categories
+# the script first checks if a fullfiletimelist-<category>
+# exists and runs the actual primary mirror scan if that file
+# has changed.
+
 if [ $# -ne 2 ]; then
 	echo "Exactly two parameter needed. category and /path/to/logfile"
 	exit 1
@@ -9,12 +15,13 @@ exec >> $2
 exec 2>&1
 
 CURDATE=`date +%s`
-
+SCANNER="/usr/bin/mm2_update-master-directory-list"
 
 if [ "${1}" ==  "fedora" ]; then
 	CATEGORY="Linux"
 elif [ "${1}" ==  "epel" ]; then
 	CATEGORY="EPEL"
+	SCANNER="/usr/local/bin/scan-primary-mirror"
 elif [ "${1}" ==  "alt" ]; then
 	CATEGORY="Other"
 elif [ "${1}" ==  "fedora-secondary" ]; then
@@ -34,7 +41,7 @@ fi
 
 # FULLFILETIMELIST -> FFTL
 if [ "${1}" ==  "codecs" ]; then
-    /usr/local/bin/lock-wrapper umdl-${1} "/usr/bin/mm2_update-master-directory-list --category \"Fedora ${CATEGORY}\""
+    /usr/local/bin/lock-wrapper umdl-${1} "${SCANNER} --category \"Fedora ${CATEGORY}\""
     exit 0
 else
     FFTL="/srv/pub/${1}/fullfiletimelist-${1}"
@@ -55,7 +62,7 @@ fi
 echo -n "${FFTL} has changed since last run. Running umdl for Fedora ${CATEGORY} at "
 date
 
-/usr/local/bin/lock-wrapper umdl-${1} "/usr/bin/mm2_update-master-directory-list --category \"Fedora ${CATEGORY}\""
+/usr/local/bin/lock-wrapper umdl-${1} "${SCANNER} --category \"Fedora ${CATEGORY}\""
 
 if [ "$?" -eq "0" ]; then
 	# success! remember the date of this run
diff --git a/roles/mirrormanager/backend/tasks/main.yml b/roles/mirrormanager/backend/tasks/main.yml
index d7c33b704f..7db2b79e23 100644
--- a/roles/mirrormanager/backend/tasks/main.yml
+++ b/roles/mirrormanager/backend/tasks/main.yml
@@ -154,6 +154,13 @@
     owner: mirrormanager
     group: mirrormanager
     mode: 0600
+- name: install scan-primary-mirror configuration file
+  template:
+    src: scan-primary-mirror.toml
+    dest: /etc/mirrormanager/scan-primary-mirror.toml
+    owner: mirrormanager
+    group: mirrormanager
+    mode: 0600
 - name: create /srv/mirrorlist-server.git
   file: path=/srv/mirrorlist-server.git state=directory owner=mirrormanager group=mirrormanager mode=0755
 - name: create /srv/scan-primary-mirror.git
@@ -169,7 +176,7 @@
 - name: checkout scan-primary-mirror
   git:
     repo: https://github.com/adrianreber/scan-primary-mirror.git
-    version: 0.1.0
+    version: 0.1.1
     dest: /srv/scan-primary-mirror.git
   become: yes
   become_user: mirrormanager
@@ -197,7 +204,7 @@
     remote_src: yes
     owner: root
     group: root
-    mode: 755
+    mode: 0755
   when: "mirrorlist_server_built is changed"
 - name: install scan-primary-mirror
   copy:
@@ -206,5 +213,5 @@
     remote_src: yes
     owner: root
     group: root
-    mode: 755
+    mode: 0755
   when: "scan_primary_mirror_built is changed"
diff --git a/roles/mirrormanager/backend/templates/scan-primary-mirror.toml b/roles/mirrormanager/backend/templates/scan-primary-mirror.toml
new file mode 100644
index 0000000000..1f6ef4dce9
--- /dev/null
+++ b/roles/mirrormanager/backend/templates/scan-primary-mirror.toml
@@ -0,0 +1,84 @@
+max_propagation_days = 2
+max_stale_days = 3
+excludes=[".*\\.snapshot", ".*/\\.~tmp~"]
+skip_paths_for_version=["pub/alt"]
+test_paths=["/test/", "/stage/"]
+skip_repository_paths = ["Cloud", "Workstation", "Server", "drpms", "source"]
+do_not_display_paths = ["_Beta"]
+
+[database]
+url="postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}"
+
+### EPEL ###
+
+[[category]]
+name="Fedora EPEL"
+type="directory"
+url="/srv/pub/epel/"
+
+[[repository_mapping]]
+regex="pub/epel/testing/[\\d]/[^M].*"
+prefix="testing-epel"
+
+[[repository_mapping]]
+regex="pub/epel/[\\d]/[^M].*"
+prefix="epel"
+
+[[repository_mapping]]
+regex="pub/epel/[\\d]/Modular/.*"
+prefix="epel-modular"
+
+[[repository_mapping]]
+regex="pub/epel/testing/next/[\\d]/Everything/.*"
+prefix="epel-testing-next"
+
+[[repository_mapping]]
+regex="pub/epel/next/[\\d]/Everything/.*"
+prefix="epel-next"
+
+[[repository_mapping]]
+regex="pub/epel/playground/[\\d]/Everything/.*"
+prefix="epel-playground"
+
+[[repository_mapping]]
+regex="pub/epel/testing/[\\d]/Modular/.*"
+prefix="testing-modular-epel"
+
+[[repository_aliases]]
+from="testing-modular-epel-debug-"
+to="testing-modular-debug-epel"
+
+# The following repository_aliases are only necessary for EPEL
+# because it has some unusual repository names.
+
+[[repository_aliases]]
+from="epel-playground-"
+to="playground-epel"
+
+[[repository_aliases]]
+from="epel-playground-debug-"
+to="playground-debug-epel"
+
+[[repository_aliases]]
+from="epel-playground-source-"
+to="playground-source-epel"
+
+[[repository_aliases]]
+from="testing-modular-epel-source-"
+to="testing-modular-source-epel"
+
+[[repository_aliases]]
+from="testing-epel-debug-"
+to="testing-debug-epel"
+
+[[repository_aliases]]
+from="testing-epel-source-"
+to="testing-source-epel"
+
+[[repository_aliases]]
+from="testing-epel-"
+to="testing-epel"
+
+[[repository_aliases]]
+from="testing-modular-epel-"
+to="testing-modular-epel"

From 612843d72b64faf3ac564bb6377c4756c8fb8ffd Mon Sep 17 00:00:00 2001
From: Nick Bebout <nebebout@36WTHB2.usi.edu>
Date: Wed, 2 Jun 2021 11:21:02 -0500
Subject: [PATCH 131/189] Add mpeck to logo@fpo alias per ticket # 10005

---
 roles/fasjson/files/aliases.static | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/fasjson/files/aliases.static b/roles/fasjson/files/aliases.static
index cee79962d3..d52ea39056 100644
--- a/roles/fasjson/files/aliases.static
+++ b/roles/fasjson/files/aliases.static
@@ -218,7 +218,7 @@ secalert: security-private@lists.fedoraproject.org
 infra-security: puiterwijk,kevin,smooge,codeblock,mobrien
 
 webmaster: websites@lists.fedoraproject.org
-logo: rlerch@redhat.com,duffy@redhat.com
+logo: rlerch@redhat.com,duffy@redhat.com,mpeck@redhat.com
 ham-radio-exams: nb,jbwillia
 podcast: x3mboy,computerkid,riecatnor
 

From 24031a2038d36addf532e1b4a161f5a8b6cf240d Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 2 Jun 2021 14:55:19 -0700
Subject: [PATCH 132/189] bugzilla2fedmsg: clean up old vm's since we moved to
 openshift

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/bugzilla2fedmsg          | 62 -------------------
 inventory/group_vars/bugzilla2fedmsg_stg      | 61 ------------------
 .../bugzilla2fedmsg01.iad2.fedoraproject.org  | 14 -----
 ...gzilla2fedmsg01.stg.iad2.fedoraproject.org | 13 ----
 inventory/inventory                           | 13 ----
 main.yml                                      |  1 -
 playbooks/groups/bugzilla2fedmsg.yml          | 53 ----------------
 7 files changed, 217 deletions(-)
 delete mode 100644 inventory/group_vars/bugzilla2fedmsg
 delete mode 100644 inventory/group_vars/bugzilla2fedmsg_stg
 delete mode 100644 inventory/host_vars/bugzilla2fedmsg01.iad2.fedoraproject.org
 delete mode 100644 inventory/host_vars/bugzilla2fedmsg01.stg.iad2.fedoraproject.org
 delete mode 100644 playbooks/groups/bugzilla2fedmsg.yml

diff --git a/inventory/group_vars/bugzilla2fedmsg b/inventory/group_vars/bugzilla2fedmsg
deleted file mode 100644
index f9e30a3726..0000000000
--- a/inventory/group_vars/bugzilla2fedmsg
+++ /dev/null
@@ -1,62 +0,0 @@
----
-lvm_size: 20000
-mem_size: 6144
-num_cpus: 2
-freezes: false
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-tcp_ports: [ 3000, 3001, 3002, 3003 ]
-
-primary_auth_source: ipa
-ipa_host_group: bugzilla2fedmsg
-ipa_host_group_desc: Service to bridge Bugzilla events into fedmsg
-ipa_client_shell_groups:
-- sysadmin-datanommer
-- sysadmin-noc
-- sysadmin-veteran
-ipa_client_sudo_groups:
-- sysadmin-datanommer
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
-- service: shell
-  owner: root
-  group: sysadmin
-  can_send:
-  - logger.log
-- service: bugzilla2fedmsg
-  owner: root
-  group: fedmsg
-  can_send:
-  - bugzilla.bug.new
-  - bugzilla.bug.update
-
-# for fedora-messaging
-username: "bugzilla2fedmsg{{ env_suffix }}"
-
-# For the MOTD
-csi_security_category: Low
-csi_primary_contact: Fedmsg admins - sysadmin-datanommer-members@fedoraproject.org
-csi_purpose: Run the bugzilla2fedmsg bridge to forward RH messages onto fedmsg
-csi_relationship: |
-    A 'moksha-hub' daemon is the only thing really running here.  (Don't confuse
-    that with the 'fedmsg-hub' running on most of our other backend machines.)
-
-    The bugzilla2fedmsg package provides a plugin to the moksha-hub that
-    connects out over the STOMP protocol to a 'fabric' of JBOSS FUSE brokers
-    living in the Red Hat DMZ.  We authenticate with a cert/key pair that is
-    kept in /etc/pki/fedmsg/.  Those brokers should push bugzilla events over
-    STOMP to our moksha-hub daemon.  When a message arrives, we query bugzilla
-    about the change to get some 'more interesting' data to stuff in our
-    payload, then we sign the message using a fedmsg cert and fire it off to the
-    rest of our bus.
-
-    This service has no database, no memcached usage.  It depends on those STOMP
-    brokers and being able to query bugzilla.rh.com.
-
-    STOMP config:   /etc/moksha/production.ini
-    fedmsg config:  /etc/fedmsg.d/
-    certs:          /etc/pki/fedmsg
-    code:           /usr/lib/python2.7/site-packages/bugzilla2fedmsg.py
diff --git a/inventory/group_vars/bugzilla2fedmsg_stg b/inventory/group_vars/bugzilla2fedmsg_stg
deleted file mode 100644
index e89dc52db1..0000000000
--- a/inventory/group_vars/bugzilla2fedmsg_stg
+++ /dev/null
@@ -1,61 +0,0 @@
----
-# Define resources for this group of hosts here.
-lvm_size: 20000
-mem_size: 4096
-num_cpus: 1
-
-# for systems that do not match the above - specify the same parameter in
-# the host_vars/$hostname file
-
-tcp_ports: [ 3000, 3001 ]
-
-ipa_host_group: bugzilla2fedmsg
-ipa_host_group_desc: Service to bridge Bugzilla events into fedmsg
-ipa_client_shell_groups:
-- sysadmin-datanommer
-- sysadmin-noc
-- sysadmin-veteran
-ipa_client_sudo_groups:
-- sysadmin-datanommer
-
-# These are consumed by a task in roles/fedmsg/base/main.yml
-fedmsg_certs:
-- service: shell
-  owner: root
-  group: sysadmin
-  can_send:
-  - logger.log
-- service: bugzilla2fedmsg
-  owner: root
-  group: fedmsg
-  can_send:
-  - bugzilla.bug.new
-  - bugzilla.bug.update
-
-# for fedora-messaging
-username: "bugzilla2fedmsg{{ env_suffix }}"
-
-# For the MOTD
-csi_security_category: Low
-csi_primary_contact: Fedmsg admins - sysadmin-datanommer-members@fedoraproject.org
-csi_purpose: Run the bugzilla2fedmsg bridge to forward RH messages onto fedmsg
-csi_relationship: |
-    A 'moksha-hub' daemon is the only thing really running here.  (Don't confuse
-    that with the 'fedmsg-hub' running on most of our other backend machines.)
-
-    The bugzilla2fedmsg package provides a plugin to the moksha-hub that
-    connects out over the STOMP protocol to a 'fabric' of JBOSS FUSE brokers
-    living in the Red Hat DMZ.  We authenticate with a cert/key pair that is
-    kept in /etc/pki/fedmsg/.  Those brokers should push bugzilla events over
-    STOMP to our moksha-hub daemon.  When a message arrives, we query bugzilla
-    about the change to get some 'more interesting' data to stuff in our
-    payload, then we sign the message using a fedmsg cert and fire it off to the
-    rest of our bus.
-
-    This service has no database, no memcached usage.  It depends on those STOMP
-    brokers and being able to query bugzilla.rh.com.
-
-    STOMP config:   /etc/moksha/production.ini
-    fedmsg config:  /etc/fedmsg.d/
-    certs:          /etc/pki/fedmsg
-    code:           /usr/lib/python2.7/site-packages/bugzilla2fedmsg.py
diff --git a/inventory/host_vars/bugzilla2fedmsg01.iad2.fedoraproject.org b/inventory/host_vars/bugzilla2fedmsg01.iad2.fedoraproject.org
deleted file mode 100644
index bed814879e..0000000000
--- a/inventory/host_vars/bugzilla2fedmsg01.iad2.fedoraproject.org
+++ /dev/null
@@ -1,14 +0,0 @@
----
-nm: 255.255.255.0
-gw: 10.3.163.254
-dns: 10.3.163.33
-
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-
-eth0_ip: 10.3.163.45
-
-volgroup: /dev/vg_guests
-vmhost: vmhost-x86-05.iad2.fedoraproject.org
-
-datacenter: iad2
diff --git a/inventory/host_vars/bugzilla2fedmsg01.stg.iad2.fedoraproject.org b/inventory/host_vars/bugzilla2fedmsg01.stg.iad2.fedoraproject.org
deleted file mode 100644
index 99aa3c4805..0000000000
--- a/inventory/host_vars/bugzilla2fedmsg01.stg.iad2.fedoraproject.org
+++ /dev/null
@@ -1,13 +0,0 @@
----
-nm: 255.255.255.0
-gw: 10.3.166.254
-dns: 10.3.163.33
-
-volgroup: /dev/vg_guests
-vmhost: vmhost-x86-04.stg.iad2.fedoraproject.org
-datacenter: iad2
-
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-7-iad2
-ks_repo: http://10.3.163.35/repo/rhel/RHEL7-x86_64/
-
-eth0_ip: 10.3.166.45
diff --git a/inventory/inventory b/inventory/inventory
index 3c1e043fcb..74329b7658 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -73,12 +73,6 @@ blockerbugs01.iad2.fedoraproject.org
 [blockerbugs_stg]
 blockerbugs01.stg.iad2.fedoraproject.org
 
-[bugzilla2fedmsg]
-bugzilla2fedmsg01.iad2.fedoraproject.org
-
-[bugzilla2fedmsg_stg]
-bugzilla2fedmsg01.stg.iad2.fedoraproject.org
-
 [centos_ipa_client_stg]
 centos-ipa-client01.stg.iad2.fedoraproject.org
 centos-ipa-client02.stg.iad2.fedoraproject.org
@@ -623,7 +617,6 @@ autosign01.stg.iad2.fedoraproject.org
 # basset01.stg.iad2.fedoraproject.org
 blockerbugs01.stg.iad2.fedoraproject.org
 bodhi-backend01.stg.iad2.fedoraproject.org
-bugzilla2fedmsg01.stg.iad2.fedoraproject.org
 bvmhost-x86-01.stg.iad2.fedoraproject.org
 bvmhost-x86-02.stg.iad2.fedoraproject.org
 bvmhost-x86-03.stg.iad2.fedoraproject.org
@@ -847,12 +840,6 @@ proxies
 busgateway_stg
 proxies_stg
 
-[moksha_hubs:children]
-bugzilla2fedmsg
-
-[moksha_hubs_stg:children]
-bugzilla2fedmsg_stg
-
 [fedmsg_services:children]
 fedmsg_hubs
 fedmsg_ircs
diff --git a/main.yml b/main.yml
index 70a21d50d0..cfabe01d73 100644
--- a/main.yml
+++ b/main.yml
@@ -19,7 +19,6 @@
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/batcave.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/blockerbugs.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml
-- import_playbook: /srv/web/infra/ansible/playbooks/groups/bugzilla2fedmsg.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/buildhw.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/buildvm.yml
 - import_playbook: /srv/web/infra/ansible/playbooks/groups/busgateway.yml
diff --git a/playbooks/groups/bugzilla2fedmsg.yml b/playbooks/groups/bugzilla2fedmsg.yml
deleted file mode 100644
index c25c5516a8..0000000000
--- a/playbooks/groups/bugzilla2fedmsg.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-# create a new bugzilla2fedmsg server
-# NOTE: should be used with --limit most of the time
-# NOTE: make sure there is room/space for this server on the vmhost
-# NOTE: most of these vars_path come from group_vars/mirrorlist or from hostvars
-
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=bugzilla2fedmsg:bugzilla2fedmsg_stg"
-
-- name: dole out the generic configuration
-  hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg
-  user: root
-  gather_facts: True
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  roles:
-  - base
-  - rkhunter
-  - nagios_client
-  - hosts
-  - ipa/client
-  - sudo
-  - collectd/base
-  - fedmsg/base
-
-  pre_tasks:
-  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
-
-  tasks:
-  - import_tasks: "{{ tasks_path }}/motd.yml"
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"
-
-- name: dole out the service-specific config
-  hosts: bugzilla2fedmsg:bugzilla2fedmsg_stg
-  user: root
-  gather_facts: True
-
-  roles:
-  - bugzilla2fedmsg
-  - role: collectd/fedmsg-service
-    process: moksha-hub
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - "/srv/private/ansible/vars.yml"
-   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
-
-  handlers:
-  - import_tasks: "{{ handlers_path }}/restart_services.yml"

From 8509dd2be387d5bd0216a11f9a9954348d03ee76 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 2 Jun 2021 15:06:24 -0700
Subject: [PATCH 133/189] buildvm-ppc64le-34: drop duplicate eth0_ip

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org | 1 -
 1 file changed, 1 deletion(-)

diff --git a/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org b/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org
index aee705ac40..ff55b23a5f 100644
--- a/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-34.iad2.fedoraproject.org
@@ -5,4 +5,3 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 
 eth0_ip: 10.3.171.74
-eth0_ip: 10.3.171.74

From bce019cac4e410234524fd8a524ba2d027c91b52 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 2 Jun 2021 15:48:59 -0700
Subject: [PATCH 134/189] drop moksha-hubs group now too

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/inventory | 2 --
 1 file changed, 2 deletions(-)

diff --git a/inventory/inventory b/inventory/inventory
index 74329b7658..d92e4ab9c5 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -845,14 +845,12 @@ fedmsg_hubs
 fedmsg_ircs
 fedmsg_relays
 fedmsg_gateways
-moksha_hubs
 
 [fedmsg_services_stg:children]
 fedmsg_hubs_stg
 fedmsg_ircs_stg
 fedmsg_relays_stg
 fedmsg_gateways_stg
-moksha_hubs_stg
 
 # These are groups that are using the python34 fedmsg stack.
 [python34_fedmsg:children]

From ff0fd37e6955769a59da759f75c46050394d91d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= <mkonecny@redhat.com>
Date: Thu, 3 Jun 2021 13:46:45 +0200
Subject: [PATCH 135/189] the-new-hotness: Update staging configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The-new-hotness was rewritten in using CA design, update the configuration
accordingly.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
---
 .../the-new-hotness/templates/buildconfig.yml          |  9 +++++++++
 .../the-new-hotness/templates/config.toml              | 10 ++++++++++
 2 files changed, 19 insertions(+)

diff --git a/roles/openshift-apps/the-new-hotness/templates/buildconfig.yml b/roles/openshift-apps/the-new-hotness/templates/buildconfig.yml
index 2e5e122547..e333d1eec5 100644
--- a/roles/openshift-apps/the-new-hotness/templates/buildconfig.yml
+++ b/roles/openshift-apps/the-new-hotness/templates/buildconfig.yml
@@ -22,13 +22,22 @@ items:
                 rpmdevtools \
                 fedora-messaging \
                 python3-bugzilla \
+{% if not env == 'staging' %}
                 python3-dogpile-cache \
+{% endif %}
                 python3-fedora \
+{% if not env == 'staging' %}
                 python3-fedmsg \
+{% endif %}
                 python3-koji \
+{% if not env == 'staging' %}
                 python3-pycurl \
+{% endif %}
                 python3-requests \
+{% if not env == 'staging' %}
                 python3-six \
+{% endif %}
+                python3-requests \
                 python3-pip && \
             dnf autoremove -y && \
             dnf clean all -y
diff --git a/roles/openshift-apps/the-new-hotness/templates/config.toml b/roles/openshift-apps/the-new-hotness/templates/config.toml
index 6b79d5451e..fc8c939abb 100644
--- a/roles/openshift-apps/the-new-hotness/templates/config.toml
+++ b/roles/openshift-apps/the-new-hotness/templates/config.toml
@@ -13,7 +13,11 @@ topic_prefix = "org.fedoraproject.prod"
 {% endif %}
 passive_declares = true
 
+{% if env == "staging" %}
+callback = "hotness.hotness_consumer:HotnessConsumer"
+{% else %}
 callback = "hotness.consumers:BugzillaTicketFiler"
+{% endif %}
 
 # Note the double brackets below.
 # To add another binding, add another [[bindings]] section.
@@ -22,7 +26,9 @@ queue = "the-new-hotness{{ env_suffix }}"
 exchange = "amq.topic"
 routing_keys = [
   "org.release-monitoring.*.anitya.project.version.update",
+{% if not env == "staging" %}
   "org.release-monitoring.*.anitya.project.map.new",
+{% endif %}
   "org.fedoraproject.*.buildsys.task.state.change",
 ]
 
@@ -87,8 +93,10 @@ read_timeout = 15
 # The number of times the-new-hotness should retry a network request that
 # that failed for any reason (e.g. read timeout, DNS error, etc)
 requests_retries = 3
+{% if not env == "staging" %}
 # If true, publish fedmsg messages instead of fedora-messaging messages
 legacy_messaging = false
+{% endif %}
 
 [consumer_config.bugzilla]
 enabled = true
@@ -147,6 +155,7 @@ opts = {scratch = true}
 priority = 30
 target_tag = "rawhide"
 
+{% if not env == "staging" %}
 [consumer_config.anitya]
 url = "https://release-monitoring.org"
 
@@ -154,3 +163,4 @@ url = "https://release-monitoring.org"
 backend = "dogpile.cache.dbm"
 expiration_time = 300
 arguments = {filename = "/var/tmp/the-new-hotness-cache.dbm"}
+{% endif %}
\ No newline at end of file

From c7db4e481ce0e10b01411943e52a22567e6cdc49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Kone=C4=8Dn=C3=BD?= <mkonecny@redhat.com>
Date: Thu, 3 Jun 2021 14:03:16 +0200
Subject: [PATCH 136/189] the-new-hotness: Fix the url for mdapi in staging
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove the trailing '/' so we don't end up with '//' inside the URL.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
---
 roles/openshift-apps/the-new-hotness/templates/config.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/openshift-apps/the-new-hotness/templates/config.toml b/roles/openshift-apps/the-new-hotness/templates/config.toml
index fc8c939abb..2e5d4585e0 100644
--- a/roles/openshift-apps/the-new-hotness/templates/config.toml
+++ b/roles/openshift-apps/the-new-hotness/templates/config.toml
@@ -76,7 +76,7 @@ handlers = ["console"]
 # the-new-hotness consumer configuration
 [consumer_config]
 {% if env == "staging" %}
-mdapi_url = "https://mdapi.stg.fedoraproject.org/"
+mdapi_url = "https://mdapi.stg.fedoraproject.org"
 pdc_url = "https://pdc.stg.fedoraproject.org"
 dist_git_url = "https://src.stg.fedoraproject.org"
 {% else %}

From 697db5fbc031ce813dc04a63806067e4dd8d9fb0 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Fri, 4 Jun 2021 13:42:54 +0200
Subject: [PATCH 137/189] copr-be: disable hypervisor 04

It is down for an unknown reason ATM.
---
 inventory/group_vars/copr_aws     | 4 ++--
 inventory/group_vars/copr_dev_aws | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws
index 20ff125aad..f900576412 100644
--- a/inventory/group_vars/copr_aws
+++ b/inventory/group_vars/copr_aws
@@ -43,7 +43,7 @@ builders:
     x86_hypervisor_03:
         x86_64: [20, 4, 20]
 
-    x86_hypervisor_04:
-        x86_64: [20, 4, 20]
+    #x86_hypervisor_04:
+    #    x86_64: [20, 4, 20]
 
 rpm_vendor_copr_name: Fedora Copr
diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws
index 95ac07ecd9..ab1dc8978a 100644
--- a/inventory/group_vars/copr_dev_aws
+++ b/inventory/group_vars/copr_dev_aws
@@ -45,7 +45,7 @@ builders:
     x86_hypervisor_03:
         x86_64: [2, 1, 1]
 
-    x86_hypervisor_04:
-        x86_64: [2, 1, 1]
+    #x86_hypervisor_04:
+    #    x86_64: [2, 1, 1]
 
 rpm_vendor_copr_name: Fedora Copr (devel)

From a8568f8a87f63dad6b19ba76dfa086c34900071f Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Fri, 4 Jun 2021 13:44:13 +0200
Subject: [PATCH 138/189] copr-fe: provide link to stats

(this config option will be used in the next copr-frontend release)
---
 roles/copr/frontend-cloud/templates/copr.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/copr/frontend-cloud/templates/copr.conf b/roles/copr/frontend-cloud/templates/copr.conf
index a51359b1ea..8c7e359a5e 100644
--- a/roles/copr/frontend-cloud/templates/copr.conf
+++ b/roles/copr/frontend-cloud/templates/copr.conf
@@ -24,6 +24,8 @@ BACKEND_PASSWORD = '{{ copr_backend_password_stg }}'
 
 BACKEND_BASE_URL = '{{ backend_base_url }}'
 
+BACKEND_STATS_URI = "/stats/index.html"
+
 # restrict access to a set of users
 #USE_ALLOWED_USERS = False
 #ALLOWED_USERS = ['bonnie', 'clyde']

From 84fed6863624704e34d9a2800ed05ddf9e490f51 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 4 Jun 2021 09:18:47 -0700
Subject: [PATCH 139/189] wiki01.stg: move to f34

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/wiki01.stg.iad2.fedoraproject.org | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org b/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org
index 12473ab51f..789ea639b8 100644
--- a/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/wiki01.stg.iad2.fedoraproject.org
@@ -2,8 +2,8 @@
 nm: 255.255.255.0
 gw: 10.3.166.254
 dns: 10.3.163.33
-ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora-32-iad2
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/32/Server/x86_64/os/
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-fedora
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/x86_64/os/
 volgroup: /dev/vg_guests
 eth0_ip: 10.3.166.24
 vmhost: vmhost-x86-07.stg.iad2.fedoraproject.org

From e887af865d698be92d26fd393171cb9535979535 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 4 Jun 2021 09:55:07 -0700
Subject: [PATCH 140/189] koji_hub: setup cron job to clean up old and empty
 side tags daily.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/koji_hub/files/koji-sidetag-cleanup | 3 +++
 roles/koji_hub/tasks/main.yml             | 2 ++
 2 files changed, 5 insertions(+)
 create mode 100644 roles/koji_hub/files/koji-sidetag-cleanup

diff --git a/roles/koji_hub/files/koji-sidetag-cleanup b/roles/koji_hub/files/koji-sidetag-cleanup
new file mode 100644
index 0000000000..de708f8dbb
--- /dev/null
+++ b/roles/koji_hub/files/koji-sidetag-cleanup
@@ -0,0 +1,3 @@
+# Clean up sidetags.
+MAILTO=releng-cron@lists.fedoraproject.org
+0 4 * * * root /usr/local/bin/lock-wrapper koji-sidetag-cleanup "/usr/sbin/koji-sidetag-cleanup --empty-delay=14 --old-delay=30"
diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index c08d362cc8..e33142d1cb 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -445,6 +445,7 @@
   - koji-directory-cleanup
   - koji-gc
   - koji-prune-signed-copies
+  - koji-sidetag-cleanup
   tags:
   - files
   - koji_hub
@@ -455,6 +456,7 @@
   - koji-directory-cleanup
   - koji-gc
   - koji-prune-signed-copies
+  - koji-sidetag-cleanup
   tags:
   - files
   when: env != 'staging' and ansible_hostname.startswith('koji02')

From 5e1fc2603b1845944e732de2dff8d6e8106c0c77 Mon Sep 17 00:00:00 2001
From: Mattia Verga <mattia.verga@tiscali.it>
Date: Sat, 5 Jun 2021 11:19:36 +0200
Subject: [PATCH 141/189] Bodhi: critpath rawhide updates don't need days in
 testing

Signed-off-by: Mattia Verga <mattia.verga@protonmail.com>
---
 roles/bodhi2/base/templates/production.ini.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2
index 00001ffb52..43d3b6cfd5 100644
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@@ -606,6 +606,9 @@ f{{ FedoraRawhideNumber }}c.pre_beta.mandatory_days_in_testing = 0
 # Rawhide gating - Updates in rawhide don't require any days in testing.
 f{{ FedoraRawhideNumber }}.status = pre_beta
 f{{ FedoraRawhideNumber }}.pre_beta.mandatory_days_in_testing = 0
+f{{ FedoraRawhideNumber }}.pre_beta.critpath.min_karma = 0
+f{{ FedoraRawhideNumber }}.pre_beta.critpath.stable_after_days_without_negative_karma = 0
+
 
 # ELN gating - Updates in ELN don't require any days in testing.
 eln.status = pre_beta

From 6579787d6e818dfcd76c2766bcea38ca135af00c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 5 Jun 2021 09:57:24 -0700
Subject: [PATCH 142/189] robosignatory: sign f35-python side tag

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/robosignatory/templates/robosignatory.toml.j2 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2
index 550d365bf0..d41ef9f14d 100644
--- a/roles/robosignatory/templates/robosignatory.toml.j2
+++ b/roles/robosignatory/templates/robosignatory.toml.j2
@@ -341,12 +341,12 @@ handlers = ["console"]
             key = "{{ (env == 'production')|ternary('fedora-33', 'testkey') }}"
             keyid = "{{ (env == 'production')|ternary('9570ff31', 'd300e724') }}"
 
-            # f34-rebuild
+            # f35-python
             [[consumer_config.koji_instances.primary.tags]]
-            from = "f34-rebuild"
-            to = "f34-rebuild"
-            key = "{{ (env == 'production')|ternary('fedora-34', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('45719a39', 'd300e724') }}"
+            from = "f35-python"
+            to = "f35-python"
+            key = "{{ (env == 'production')|ternary('fedora-35', 'testkey') }}"
+            keyid = "{{ (env == 'production')|ternary('9867c58f', 'd300e724') }}"
 
     [consumer_config.ostree_refs]
         [consumer_config.ostree_refs."fedora/rawhide/x86_64/iot"]

From c5d7091b092af7b2f3414c41d625995bc4941a09 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 7 Jun 2021 11:29:08 -0700
Subject: [PATCH 143/189] inventory: remove old pagure01

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../host_vars/pagure01.fedoraproject.org      | 38 -------------------
 1 file changed, 38 deletions(-)
 delete mode 100644 inventory/host_vars/pagure01.fedoraproject.org

diff --git a/inventory/host_vars/pagure01.fedoraproject.org b/inventory/host_vars/pagure01.fedoraproject.org
deleted file mode 100644
index b94b6e8932..0000000000
--- a/inventory/host_vars/pagure01.fedoraproject.org
+++ /dev/null
@@ -1,38 +0,0 @@
----
-nm: 255.255.255.0
-gw: 8.43.85.254
-dns: 8.8.8.8
-
-ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-ext
-ks_repo: http://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
-
-volgroup: /dev/vg_guests
-
-eth0_ip: 8.43.85.75
-eth0_nm: 255.255.255.0
-has_ipv6: yes
-eth0_ipv6: "2620:52:3:1:dead:beef:cafe:fed5"
-eth0_ipv6_gw: "2620:52:3:1:ffff:ffff:ffff:fffe"
-
-vmhost: virthost-cc-rdu02.fedoraproject.org
-datacenter: rdu-cc
-
-#
-# PostgreSQL configuration
-#
-
-shared_buffers: "512MB"
-effective_cache_size: 0
-temp_buffers: "8MB"
-max_stack_depth: "4MB"
-
-ssh_hostnames:
-- pagure.io
-
-# GDPR SAR variables - datanommer/datagrepper
-sar_script: /usr/local/bin/pagure_sar.py
-sar_script_user: git
-sar_output_file: pagure.json
-
-# DB used:
-pagure_db_host: 127.0.0.1

From dd9947afd21ebecb316cd602fcaaa25c3e9e8de4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 7 Jun 2021 13:55:55 -0700
Subject: [PATCH 144/189] value02.stg: add in for supybot rhel8/python3 testing

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/inventory | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inventory/inventory b/inventory/inventory
index d92e4ab9c5..785e130a1a 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -701,6 +701,7 @@ sign-bridge01.stg.iad2.fedoraproject.org
 sign-vault01.stg.iad2.fedoraproject.org
 sundries01.stg.iad2.fedoraproject.org
 value01.stg.iad2.fedoraproject.org
+value02.stg.iad2.fedoraproject.org
 vmhost-x86-01.stg.iad2.fedoraproject.org
 vmhost-x86-02.stg.iad2.fedoraproject.org
 vmhost-x86-03.stg.iad2.fedoraproject.org
@@ -760,6 +761,7 @@ value01.iad2.fedoraproject.org
 
 [value_stg]
 value01.stg.iad2.fedoraproject.org
+value02.stg.iad2.fedoraproject.org
 
 [virthost]
 vmhost-x86-01.stg.iad2.fedoraproject.org

From f4c53a495abb776df47563d602f85fe1439b55b0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 7 Jun 2021 14:03:34 -0700
Subject: [PATCH 145/189] value02.stg: adjust playbook to run old
 fedmsg/python2 stuff only on value01

value02 will be rhel8/python3. So for now we leave mote and fedmsg-irc
on value01 (python2/rhel7).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 .../host_vars/value02.stg.iad2.fedoraproject.org      | 11 +++++++++++
 playbooks/groups/value.yml                            |  9 ++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)
 create mode 100644 inventory/host_vars/value02.stg.iad2.fedoraproject.org

diff --git a/inventory/host_vars/value02.stg.iad2.fedoraproject.org b/inventory/host_vars/value02.stg.iad2.fedoraproject.org
new file mode 100644
index 0000000000..6a7ed0c547
--- /dev/null
+++ b/inventory/host_vars/value02.stg.iad2.fedoraproject.org
@@ -0,0 +1,11 @@
+---
+nm: 255.255.255.0
+gw: 10.3.166.254
+dns: 10.3.163.64
+ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-8-iad2
+ks_repo: http://10.3.163.35/repo/rhel/RHEL8-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.3.166.23
+eth0_nm: 255.255.255.0
+vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org
+datacenter: iad2
diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml
index 163dc18cfe..56191ab25f 100644
--- a/playbooks/groups/value.yml
+++ b/playbooks/groups/value.yml
@@ -20,17 +20,20 @@
   - ipa/client
   - collectd/base
   - apache
-  - fedmsg/base
+  - { role: fedmsg/base,
+      when: inventory_hostname.startswith('value01') }
   # Set up for fedora-messaging
   - { role: rabbit/user,
       username: "value{{ env_suffix }}"}
-  - fedmsg/irc
+  - { role: fedmsg/irc
+      when: inventory_hostname.startswith('value01') }
   - supybot
   - sudo
   - rsyncd
   - role: collectd/fedmsg-service
     process: fedmsg-irc
-  - mote
+  - { role: mote
+      when: inventory_hostname.startswith('value01') }
 
   pre_tasks:
   - import_tasks: "{{ tasks_path }}/yumrepos.yml"

From 0f206f68fc9acdee349e9eceaad8adda84110a10 Mon Sep 17 00:00:00 2001
From: Ryan Lerch <rlerch@redhat.com>
Date: Tue, 8 Jun 2021 07:28:36 +1000
Subject: [PATCH 146/189] value02.stg: add missing , in value playbook

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
---
 playbooks/groups/value.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/groups/value.yml b/playbooks/groups/value.yml
index 56191ab25f..496f55ba5c 100644
--- a/playbooks/groups/value.yml
+++ b/playbooks/groups/value.yml
@@ -25,14 +25,14 @@
   # Set up for fedora-messaging
   - { role: rabbit/user,
       username: "value{{ env_suffix }}"}
-  - { role: fedmsg/irc
+  - { role: fedmsg/irc,
       when: inventory_hostname.startswith('value01') }
   - supybot
   - sudo
   - rsyncd
   - role: collectd/fedmsg-service
     process: fedmsg-irc
-  - { role: mote
+  - { role: mote,
       when: inventory_hostname.startswith('value01') }
 
   pre_tasks:

From 4a46bb16a7a45519974ae6b206bbe7a91210b139 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 7 Jun 2021 15:51:14 -0700
Subject: [PATCH 147/189] value02.stg: fix ip address to be correct

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/value02.stg.iad2.fedoraproject.org | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/host_vars/value02.stg.iad2.fedoraproject.org b/inventory/host_vars/value02.stg.iad2.fedoraproject.org
index 6a7ed0c547..c0a5652b81 100644
--- a/inventory/host_vars/value02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/value02.stg.iad2.fedoraproject.org
@@ -5,7 +5,7 @@ dns: 10.3.163.64
 ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-8-iad2
 ks_repo: http://10.3.163.35/repo/rhel/RHEL8-x86_64/
 volgroup: /dev/vg_guests
-eth0_ip: 10.3.166.23
+eth0_ip: 10.3.166.64
 eth0_nm: 255.255.255.0
 vmhost: vmhost-x86-06.stg.iad2.fedoraproject.org
 datacenter: iad2

From a1e6c965a27611cdb01b00df61b6722bd0dfea20 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 7 Jun 2021 16:35:09 -0700
Subject: [PATCH 148/189] value02.stg: fix dns

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/host_vars/value02.stg.iad2.fedoraproject.org | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/host_vars/value02.stg.iad2.fedoraproject.org b/inventory/host_vars/value02.stg.iad2.fedoraproject.org
index c0a5652b81..287a1aadfa 100644
--- a/inventory/host_vars/value02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/value02.stg.iad2.fedoraproject.org
@@ -1,7 +1,7 @@
 ---
 nm: 255.255.255.0
 gw: 10.3.166.254
-dns: 10.3.163.64
+dns: 10.3.163.33
 ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-8-iad2
 ks_repo: http://10.3.163.35/repo/rhel/RHEL8-x86_64/
 volgroup: /dev/vg_guests

From ac9750d6a0cf759d214d874b947c6877e8ce0cf1 Mon Sep 17 00:00:00 2001
From: seddikalaouiismaili <seddikalaouiismaili@gmail.com>
Date: Tue, 8 Jun 2021 01:29:05 +0200
Subject: [PATCH 149/189] correct output message for nagios check

---
 roles/nagios_client/files/scripts/check_systemd_units | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/nagios_client/files/scripts/check_systemd_units b/roles/nagios_client/files/scripts/check_systemd_units
index 098a53f892..a20003cb75 100644
--- a/roles/nagios_client/files/scripts/check_systemd_units
+++ b/roles/nagios_client/files/scripts/check_systemd_units
@@ -39,9 +39,9 @@ done
 
 # check the lenght of array and print result/exit code for nagios
 if [ ${#failed_array[@]} -ne "0" ]; then
-  echo -e "WARNING - Failed systemd units after restart : ${failed_array[@]}"
+  echo -e "UNITS WARNING: Failed systemd units after restart : ${failed_array[@]}"
   exit ${warning_exit}
 elif [ ${#failed_array[@]} -eq "0" ]; then
-  echo -e "OK - Systemd units are active"
+  echo -e "UNITS OK: Systemd units are active"
   exit ${ok_exit}
 fi

From a11316642418abe823d210880a6a7fa6dff9ce93 Mon Sep 17 00:00:00 2001
From: seddikalaouiismaili <seddikalaouiismaili@gmail.com>
Date: Tue, 8 Jun 2021 01:44:58 +0200
Subject: [PATCH 150/189] enable sebool for nagios

---
 roles/pagure/tasks/selinux.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/pagure/tasks/selinux.yml b/roles/pagure/tasks/selinux.yml
index 4378cb3dce..37d6772a02 100644
--- a/roles/pagure/tasks/selinux.yml
+++ b/roles/pagure/tasks/selinux.yml
@@ -95,3 +95,11 @@
   - selinux
   - pagure
 
+- name: set sebooleans so allow nagios/nrpe to call sudo from NRPE utils Args:                # optional, list of String
+  seboolean: name=nagios_run_sudo
+                    state=true
+                    persistent=true
+   tags:
+     - config
+     - selinux
+     - pagure

From e52a69042c745a5e1b0214f2cc1a554bb7deadc3 Mon Sep 17 00:00:00 2001
From: Ryan Lerch <rlerch@redhat.com>
Date: Tue, 8 Jun 2021 09:57:07 +1000
Subject: [PATCH 151/189] value02.stg: update packages installed

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
---
 roles/supybot/tasks/main.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/roles/supybot/tasks/main.yml b/roles/supybot/tasks/main.yml
index 497f93be38..183884d99d 100644
--- a/roles/supybot/tasks/main.yml
+++ b/roles/supybot/tasks/main.yml
@@ -9,6 +9,19 @@
   - supybot-fedmsg
   - packagedb-cli
   - python-simplejson
+  when: env == "production"
+  tags: supybot
+
+- name: install limnoria package
+  package: name={{ item }} state=present enablerepo=epel-testing
+  with_items:
+  - limnoria
+  - supybot-fedora
+  - supybot-koji
+  - supybot-notify
+  - supybot-meetbot
+  - python3-sgmllib3k
+  when: env == "staging"
   tags: supybot
 
 - set_fact: botname={{ botnames[env] }}
@@ -112,4 +125,3 @@
   - supybot
   - SAR
   - GDPR
-

From 7478f3fb9871fd476fd18a039d18874fcb085f67 Mon Sep 17 00:00:00 2001
From: seddikalaouiismaili <seddikalaouiismaili@gmail.com>
Date: Tue, 8 Jun 2021 02:02:00 +0200
Subject: [PATCH 152/189] correct task name nagios sebool

---
 roles/pagure/tasks/selinux.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/pagure/tasks/selinux.yml b/roles/pagure/tasks/selinux.yml
index 37d6772a02..0ed4517efc 100644
--- a/roles/pagure/tasks/selinux.yml
+++ b/roles/pagure/tasks/selinux.yml
@@ -95,11 +95,11 @@
   - selinux
   - pagure
 
-- name: set sebooleans so allow nagios/nrpe to call sudo from NRPE utils Args:                # optional, list of String
+- name: set sebooleans so allow nagios/nrpe to call sudo from NRPE utils scripts
   seboolean: name=nagios_run_sudo
                     state=true
                     persistent=true
-   tags:
-     - config
-     - selinux
-     - pagure
+  tags:
+  - config
+  - selinux
+  - pagure

From 9f64d96615e1b2dbf2c99a5789eac58757e545a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Mon, 7 Jun 2021 16:16:06 +0200
Subject: [PATCH 153/189] retrace: Manage FAF repositories on staging as well

* Drop the `not devel` flag on FAF repository management tasks.
* Ignore errors when deleting repositories -- they might be gone already
  when repodel is run.
---
 roles/abrt/faf-post/tasks/main.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/roles/abrt/faf-post/tasks/main.yml b/roles/abrt/faf-post/tasks/main.yml
index 8b99924ac5..a8c897b746 100644
--- a/roles/abrt/faf-post/tasks/main.yml
+++ b/roles/abrt/faf-post/tasks/main.yml
@@ -5,7 +5,6 @@
   become: yes
   become_user: faf
   ignore_errors: yes
-  when: not devel|bool
   tags: add_repo
   loop: "{{ faf_repos }}"
 
@@ -13,7 +12,6 @@
   command: faf repoassign "{{ item.name }}" "{{ item.opsys }}" "{{ item.arch }}"
   become: yes
   become_user: faf
-  when: not devel|bool
   tags: add_repo
   loop: "{{ faf_repos }}"
 
@@ -32,11 +30,11 @@
   command: faf repodel "{{ item }}"
   become: yes
   become_user: faf
+  ignore_errors: yes
   loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}"
 
 - name: cleanup packages from EOLed fedora release
   command: "faf cleanup-packages Fedora '{{ item }}' "
   become: yes
   become_user: faf
-  when: not devel|bool
   loop: "{{ rs_internal_fedora_vers_removed }}"

From 4cfe740fc6ca980b14df6f6e8c1f722241a876de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Mon, 7 Jun 2021 16:17:11 +0200
Subject: [PATCH 154/189] retrace: Improve code style

* Capitalise task names.
* Wrap shell commands in quotes.
* Use folded strings where appropriate.
* Wrap tasks with the same condition in a block.
---
 inventory/group_vars/retrace           |  5 ++-
 inventory/group_vars/retrace_stg_aws   |  2 +-
 roles/abrt/faf-post/tasks/cron.yml     | 57 ++++++++++++++------------
 roles/abrt/faf-post/tasks/main.yml     | 19 +++++----
 roles/abrt/retrace-post/tasks/cron.yml |  9 ++--
 5 files changed, 48 insertions(+), 44 deletions(-)

diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace
index 0801ea3e69..4672b4c485 100644
--- a/inventory/group_vars/retrace
+++ b/inventory/group_vars/retrace
@@ -14,8 +14,9 @@ ansible_ifcfg_blocklist: true
 
 tcp_ports: [ 80, 443 ]
 
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT',
-                '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 5432 -j ACCEPT' ]
+custom_rules:
+- '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 2049 -j ACCEPT'
+- '-A INPUT -p tcp -m tcp -s 10.5.78.11 --dport 5432 -j ACCEPT'
 
 
 nrpe_procs_warn: 1800
diff --git a/inventory/group_vars/retrace_stg_aws b/inventory/group_vars/retrace_stg_aws
index 517c696e9f..5e53a6c9ba 100644
--- a/inventory/group_vars/retrace_stg_aws
+++ b/inventory/group_vars/retrace_stg_aws
@@ -9,7 +9,7 @@ devel: true
 
 vpn: true
 
-tcp_ports: [22, 80, 443 ]
+tcp_ports: [ 22, 80, 443 ]
 
 sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers"
 root_auth_users: msuchy mfabik mgrabovs mzidek
diff --git a/roles/abrt/faf-post/tasks/cron.yml b/roles/abrt/faf-post/tasks/cron.yml
index 5bcb86b444..2903c3ed6b 100644
--- a/roles/abrt/faf-post/tasks/cron.yml
+++ b/roles/abrt/faf-post/tasks/cron.yml
@@ -1,24 +1,25 @@
 ---
-
-- name: backup database
-  cron:
-    name: "backup database"
-    user: faf
-    job: "( pg_dump -Fc faf > /srv/faf/db-backup/backup-$(date '+\\%F').dump ) >> /var/log/faf/db_backup.log 2>&1"
-    special_time: daily
-    state: present
-
-- name: delete old database backups
-  cron:
-    name: "delete database backups older than X days"
-    user: faf
-    job: "find /srv/faf/db-backup/ -mtime +14 -type f -delete"
-    special_time: daily
-    state: present
-
-- name: Run crons when not devel
+- name: Cron jobs for production machines
   block:
-  - name: pull associates
+  - name: Backup database daily
+    cron:
+      name: "backup database"
+      user: faf
+      job: >
+        ( pg_dump --format=custom --file={{ faf_backup_dir }}/backup-$(date '+\%F').dump faf )
+          >> /var/log/faf/db_backup.log 2>&1
+      special_time: daily
+      state: present
+
+  - name: Delete old database backups
+    cron:
+      name: "delete database backups older than {{ faf_old_backup_age }} days"
+      user: faf
+      job: "find {{ faf_backup_dir }} -mtime {{ faf_old_backup_age }} -type f -delete"
+      special_time: daily
+      state: present
+
+  - name: Pull associates
     cron:
       name: "cron for pull associates"
       user: faf
@@ -34,11 +35,13 @@
       special_time: daily
       state: present
 
-  - name: probable fixes
+  - name: Job for probable fixes in active Fedora releases
     cron:
       name: "cron for probable fixes for f{{ item }}"
       user: faf
-      job: "faf mark-probably-fixed -o fedora --opsys-release {{ item }} >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1"
+      job: >
+        faf mark-probably-fixed -o fedora --opsys-release {{ item }}
+          >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1
       special_time: daily
       state: present
     loop:
@@ -46,7 +49,7 @@
       - "32"
       - "33"
 
-  - name: remove obsolete probable fixes
+  - name: Remove job for probable fixes in removed Fedora releases
     cron:
       name: "cron for probable fixes for f{{ item }}"
       user: faf
@@ -62,7 +65,7 @@
       - "29"
       - "30"
 
-  - name: update BZ bugs fedora
+  - name: Update BZ bugs fedora
     cron:
       name: "cron for update BZ bugs fedora"
       user: faf
@@ -70,7 +73,7 @@
       special_time: daily
       state: present
 
-  - name: update BZ bugs centos
+  - name: Update BZ bugs centos
     cron:
       name: "cron for update BZ bugs centos"
       user: faf
@@ -78,7 +81,7 @@
       special_time: daily
       state: present
 
-  - name: attach BZ bugs centos
+  - name: Attach BZ bugs centos
     cron:
       name: "cron for attach BZ bugs centos"
       user: faf
@@ -86,7 +89,7 @@
       special_time: daily
       state: present
 
-  - name: archive reports and attachments
+  - name: Archive reports and attachments
     cron:
       name: "faf archive reports and attachments"
       user: faf
@@ -95,7 +98,7 @@
       state: present
   when: not devel|bool
 
-- name: install cron for deleting old archives
+- name: Cron job for deleting old archives
   cron:
     name: "rotate_faf_archives"
     special_time: "daily"
diff --git a/roles/abrt/faf-post/tasks/main.yml b/roles/abrt/faf-post/tasks/main.yml
index a8c897b746..6fe73db7ab 100644
--- a/roles/abrt/faf-post/tasks/main.yml
+++ b/roles/abrt/faf-post/tasks/main.yml
@@ -1,15 +1,16 @@
 ---
 # the magic with ! is that it return exit code 1 if 'already defined' is not present in output
-- name: add repositories
-  shell: ! faf repoadd --nogpgcheck "{{ item.name }}" dnf "{{ item.url | join('" "') }}" 2>&1 | grep 'already defined'
+- name: Add package repositories
+  shell: >
+    ! faf repoadd --nogpgcheck "{{ item.name }}" dnf "{{ item.url | join('" "') }}" 2>&1 | grep 'already defined'
   become: yes
   become_user: faf
   ignore_errors: yes
   tags: add_repo
   loop: "{{ faf_repos }}"
 
-- name: repoassign repositories
-  command: faf repoassign "{{ item.name }}" "{{ item.opsys }}" "{{ item.arch }}"
+- name: Assign repositories to releases
+  command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'"
   become: yes
   become_user: faf
   tags: add_repo
@@ -18,7 +19,7 @@
 - import_tasks: cron.yml
   tags: cron
 
-- name: get repolist of EOL releases
+- name: List repositories of EOL releases
   shell: "faf repolist | grep fedora-{{ item }} || true"
   become: yes
   become_user: faf
@@ -26,15 +27,15 @@
   loop: "{{ rs_internal_fedora_vers_removed }}"
   changed_when: eol_repolist.stdout
 
-- name: remove repos of EOLed releases
-  command: faf repodel "{{ item }}"
+- name: Remove repositories of EOL releases
+  command: "faf repodel '{{ item }}'"
   become: yes
   become_user: faf
   ignore_errors: yes
   loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}"
 
-- name: cleanup packages from EOLed fedora release
-  command: "faf cleanup-packages Fedora '{{ item }}' "
+- name: Clean up packages from EOL Fedora releases
+  command: "faf cleanup-packages Fedora '{{ item }}'"
   become: yes
   become_user: faf
   loop: "{{ rs_internal_fedora_vers_removed }}"
diff --git a/roles/abrt/retrace-post/tasks/cron.yml b/roles/abrt/retrace-post/tasks/cron.yml
index b0b5f36949..0613f9b4bb 100644
--- a/roles/abrt/retrace-post/tasks/cron.yml
+++ b/roles/abrt/retrace-post/tasks/cron.yml
@@ -1,6 +1,5 @@
 ---
-
-- name: Create cron job for retrace-server
+- name: Create retrace-server reposync cron jobs for active Fedora versions
   cron:
     name: "rs reposync fedora {{ item[0] }} {{ item[1] }}"
     user: retrace
@@ -10,7 +9,7 @@
   loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}"
   when: not devel|bool
 
-- name: Remove obsolete cron job for retrace-server
+- name: Remove retrace-server reposync cron jobs of removed Fedora versions
   cron:
     name: "rs reposync fedora {{ item[0] }} {{ item[1] }}"
     user: retrace
@@ -20,7 +19,7 @@
   loop: "{{ rs_internal_fedora_vers_removed | product(rs_internal_arch_list) | list}}"
   when: not devel|bool
 
-- name: Create cron job for retrace-server
+- name: Create retrace-server reposync cron job for CentOS 7
   cron:
     name: "rs reposync centos 7 x86_64"
     user: retrace
@@ -29,7 +28,7 @@
     state: present
   when: not devel|bool
 
-- name: Create cron job for retrace-server
+- name: Create retrace-server cleanup cron job
   cron:
     name: "retrace-server-cleanup"
     user: retrace

From 2ce5a4b91bde365b819945140d73f6d5f0220e15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Tue, 8 Jun 2021 14:18:41 +0200
Subject: [PATCH 155/189] retrace: Drop `devel` variable in favour of `env`

`env` seems to be the prevailing method of specifying production vs.
staging environments across groups and hosts.
---
 inventory/group_vars/retrace                    | 4 ++--
 inventory/group_vars/retrace_stg_aws            | 3 ++-
 roles/abrt/faf-post/tasks/cron.yml              | 2 +-
 roles/abrt/retrace-post/tasks/cron.yml          | 5 -----
 roles/abrt/retrace-post/tasks/main.yml          | 3 ++-
 roles/abrt/retrace-post/tasks/retrace_setup.yml | 4 ++--
 6 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/inventory/group_vars/retrace b/inventory/group_vars/retrace
index 4672b4c485..8f8e854e1d 100644
--- a/inventory/group_vars/retrace
+++ b/inventory/group_vars/retrace
@@ -1,4 +1,6 @@
 ---
+env: production
+
 primary_auth_source: ipa
 ipa_host_group: retrace
 ipa_host_group_desc: Retrace servers
@@ -22,8 +24,6 @@ custom_rules:
 nrpe_procs_warn: 1800
 nrpe_procs_crit: 2000
 
-devel: false
-
 # Since retrace is on the qa network, it needs to actively connect to our
 # inbound relay.
 fedmsg_active: True
diff --git a/inventory/group_vars/retrace_stg_aws b/inventory/group_vars/retrace_stg_aws
index 5e53a6c9ba..b5c737874e 100644
--- a/inventory/group_vars/retrace_stg_aws
+++ b/inventory/group_vars/retrace_stg_aws
@@ -1,11 +1,12 @@
 ---
+env: staging
+
 ipa_host_group: retrace
 ipa_host_group_desc: Retrace servers
 ipa_client_shell_groups:
 - retrace
 ipa_client_sudo_groups:
 - retrace
-devel: true
 
 vpn: true
 
diff --git a/roles/abrt/faf-post/tasks/cron.yml b/roles/abrt/faf-post/tasks/cron.yml
index 2903c3ed6b..69867dceeb 100644
--- a/roles/abrt/faf-post/tasks/cron.yml
+++ b/roles/abrt/faf-post/tasks/cron.yml
@@ -96,7 +96,7 @@
       job: "faf archive-reports -d >> /var/log/faf/archive-reports.log 2>&1"
       special_time: daily
       state: present
-  when: not devel|bool
+  when: env != 'staging'
 
 - name: Cron job for deleting old archives
   cron:
diff --git a/roles/abrt/retrace-post/tasks/cron.yml b/roles/abrt/retrace-post/tasks/cron.yml
index 0613f9b4bb..f8b585797a 100644
--- a/roles/abrt/retrace-post/tasks/cron.yml
+++ b/roles/abrt/retrace-post/tasks/cron.yml
@@ -7,7 +7,6 @@
     special_time: daily
     state: present
   loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}"
-  when: not devel|bool
 
 - name: Remove retrace-server reposync cron jobs of removed Fedora versions
   cron:
@@ -17,7 +16,6 @@
     special_time: daily
     state: absent
   loop: "{{ rs_internal_fedora_vers_removed | product(rs_internal_arch_list) | list}}"
-  when: not devel|bool
 
 - name: Create retrace-server reposync cron job for CentOS 7
   cron:
@@ -26,7 +24,6 @@
     job: "/usr/bin/retrace-server-reposync centos 7 x86_64 >> /var/log/retrace-server/reposync_error.log 2>&1"
     special_time: daily
     state: present
-  when: not devel|bool
 
 - name: Create retrace-server cleanup cron job
   cron:
@@ -35,7 +32,6 @@
     job: "/usr/bin/retrace-server-cleanup >> /var/log/retrace-server/cleanup_error.log 2>&1"
     special_time: daily
     state: present
-  when: not devel|bool
 
 - name: Create cron job for retrace-server
   cron:
@@ -44,4 +40,3 @@
     job: "/usr/bin/podman system prune --all --force >> /var/log/retrace-server/podman_prune.log 2>&1"
     special_time: daily
     state: present
-  when: not devel|bool
diff --git a/roles/abrt/retrace-post/tasks/main.yml b/roles/abrt/retrace-post/tasks/main.yml
index 1b06bcbe42..3c905f5d7a 100644
--- a/roles/abrt/retrace-post/tasks/main.yml
+++ b/roles/abrt/retrace-post/tasks/main.yml
@@ -3,6 +3,7 @@
 # Setup retrace-server
 - import_tasks: retrace_setup.yml
 
-# Set up cron jobs for retrace-server
+# Set up production cron jobs for retrace-server
 - import_tasks: cron.yml
   tags: cron
+  when: env != 'staging'
diff --git a/roles/abrt/retrace-post/tasks/retrace_setup.yml b/roles/abrt/retrace-post/tasks/retrace_setup.yml
index edac160c78..c7692b12e9 100644
--- a/roles/abrt/retrace-post/tasks/retrace_setup.yml
+++ b/roles/abrt/retrace-post/tasks/retrace_setup.yml
@@ -7,14 +7,14 @@
   become: yes
   become_user: retrace
   tags: [rs_reposync, rs_fedora]
-  when: not devel|bool
+  when: env != 'staging'
 
 - name: reposync for centos
   shell: nohup retrace-server-reposync centos 7 x86_64 </dev/null >$(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) &
   become: yes
   become_user: retrace
   tags: [rs_reposync, rs_fedora]
-  when: not devel|bool
+  when: env != 'staging'
 
 - file:
     path: /srv/retrace/repos

From 6b57d23220fdc5c97f3ecd45766aa520cb338ffc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Tue, 8 Jun 2021 14:25:34 +0200
Subject: [PATCH 156/189] retrace: Fix faf db backup job

The job was broken before because the backup directory
(`/srv/faf/db-backup`) might not have existed.

Also, factor out some magic values into variables.
---
 roles/abrt/faf-post/defaults/main.yml | 6 ++++++
 roles/abrt/faf-post/tasks/main.yml    | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/roles/abrt/faf-post/defaults/main.yml b/roles/abrt/faf-post/defaults/main.yml
index 61d58e18e0..f16bf90d57 100644
--- a/roles/abrt/faf-post/defaults/main.yml
+++ b/roles/abrt/faf-post/defaults/main.yml
@@ -4,3 +4,9 @@ archive_age: '+14'
 
 # Delete deferred reports
 deferred_age: '+7'
+
+# Directory for saving FAF database backups.
+faf_backup_dir: /srv/faf/db-backup
+
+# Delete FAF database backups older than this period.
+faf_old_backup_age: '+7'
diff --git a/roles/abrt/faf-post/tasks/main.yml b/roles/abrt/faf-post/tasks/main.yml
index 6fe73db7ab..167758208c 100644
--- a/roles/abrt/faf-post/tasks/main.yml
+++ b/roles/abrt/faf-post/tasks/main.yml
@@ -16,6 +16,15 @@
   tags: add_repo
   loop: "{{ faf_repos }}"
 
+- name: Ensure directory for FAF database backups exists
+  file:
+    path: "{{ faf_backup_dir }}"
+    state: directory
+    owner: faf
+    group: faf
+    mode: 0750
+  when: env != 'staging'
+
 - import_tasks: cron.yml
   tags: cron
 

From 0505e365dab013b75fd96f3fa470ae4555727c52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Tue, 8 Jun 2021 14:27:04 +0200
Subject: [PATCH 157/189] retrace: Use variables for list of Fedora versions

---
 roles/abrt/faf-post/tasks/cron.yml | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/roles/abrt/faf-post/tasks/cron.yml b/roles/abrt/faf-post/tasks/cron.yml
index 69867dceeb..a09af1c584 100644
--- a/roles/abrt/faf-post/tasks/cron.yml
+++ b/roles/abrt/faf-post/tasks/cron.yml
@@ -44,10 +44,7 @@
           >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1
       special_time: daily
       state: present
-    loop:
-      - "31"
-      - "32"
-      - "33"
+    loop: "{{ rs_internal_fedora_vers }}"
 
   - name: Remove job for probable fixes in removed Fedora releases
     cron:
@@ -56,14 +53,7 @@
       job: "faf mark-probably-fixed -o fedora --opsys-release {{ item }} >> /var/log/faf/mark-probably-fixed-f{{ item }}.log 2>&1"
       special_time: daily
       state: absent
-    loop:
-      - "24"
-      - "25"
-      - "26"
-      - "27"
-      - "28"
-      - "29"
-      - "30"
+    loop: "{{ rs_internal_fedora_vers_removed }}"
 
   - name: Update BZ bugs fedora
     cron:

From 07c182538bb44d783b3a86f1cc0f5a8cd70505a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Mon, 7 Jun 2021 15:37:36 +0200
Subject: [PATCH 158/189] retrace: Do not run ipa/client role on
 retrace_stg_aws

---
 inventory/group_vars/retrace_stg_aws | 7 -------
 playbooks/groups/retrace.yml         | 1 +
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/inventory/group_vars/retrace_stg_aws b/inventory/group_vars/retrace_stg_aws
index b5c737874e..92290aacf7 100644
--- a/inventory/group_vars/retrace_stg_aws
+++ b/inventory/group_vars/retrace_stg_aws
@@ -1,13 +1,6 @@
 ---
 env: staging
 
-ipa_host_group: retrace
-ipa_host_group_desc: Retrace servers
-ipa_client_shell_groups:
-- retrace
-ipa_client_sudo_groups:
-- retrace
-
 vpn: true
 
 tcp_ports: [ 22, 80, 443 ]
diff --git a/playbooks/groups/retrace.yml b/playbooks/groups/retrace.yml
index 6e8a38a675..f7c631ca60 100644
--- a/playbooks/groups/retrace.yml
+++ b/playbooks/groups/retrace.yml
@@ -66,6 +66,7 @@
     - import_role: name=hosts
     - import_role: name=openvpn/client
     - import_role: name=ipa/client
+      when: env != 'staging'
     - import_role: name=rkhunter
     - import_role: name=nagios_client
     - import_role: name=sudo

From 9f273622e0e4ac709cec71ee8e19e580ab551e53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 9 Jun 2021 19:14:13 +0200
Subject: [PATCH 159/189] Blockerbugs: force to use local user instead of the
 ipa one

---
 roles/blockerbugs/tasks/main.yml                     | 10 ++++++++++
 roles/ipa/client/templates/fedora-nss-ignore.conf.j2 |  8 ++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/roles/blockerbugs/tasks/main.yml b/roles/blockerbugs/tasks/main.yml
index 8eecca479c..b01c1c67b0 100644
--- a/roles/blockerbugs/tasks/main.yml
+++ b/roles/blockerbugs/tasks/main.yml
@@ -20,6 +20,16 @@
   - httpd
   - blockerbugs
 
+- name: create the `blockerbugs` user
+  user:
+      name: blockerbugs
+      group: blockerbugs
+      shell: /bin/nologin
+      home: /usr/share/blockerbugs
+  tags:
+  - blockerbugs
+  - config
+
 - name: setup blockerbugs app settings file
   template: src=blockerbugs-settings.py.j2 dest=/etc/blockerbugs/settings.py mode=640
   notify:
diff --git a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2 b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
index b83c765706..1e4351d6cf 100644
--- a/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
+++ b/roles/ipa/client/templates/fedora-nss-ignore.conf.j2
@@ -6,13 +6,13 @@
 ## creating restricted accounts but we want to make sure the id in
 ## /etc/passwd and /etc/group are used.
 [nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,apache
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,apache
+filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,apache,blockerbugs
+filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,apache,blockerbugs
 {% else %}
 ## This file contains users who are in ipa to stop people from
 ## creating restricted accounts but we want to make sure the id in
 ## /etc/passwd and /etc/group are used.
 [nss]
-filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync
-filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache
+filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock,apache,bodhi,ftpsync,blockerbugs
+filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock,apache,blockerbugs
 {% endif %}

From daa7ad21c12ddcb40d638eb67348c147aa07b635 Mon Sep 17 00:00:00 2001
From: Tim Flink <tflink@fedoraproject.org>
Date: Wed, 9 Jun 2021 13:39:28 -0600
Subject: [PATCH 160/189] [blockerbugs] creating local blockerbugs group

This extends the last change that ensures a local "blockerbugs" user
exists on the sync machine. Unfortunately, that doesn't work unless the
group specified already exists.
---
 roles/blockerbugs/tasks/main.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/blockerbugs/tasks/main.yml b/roles/blockerbugs/tasks/main.yml
index b01c1c67b0..a834b35b8f 100644
--- a/roles/blockerbugs/tasks/main.yml
+++ b/roles/blockerbugs/tasks/main.yml
@@ -20,6 +20,11 @@
   - httpd
   - blockerbugs
 
+- name: Ensure group `blockerbugs` exists
+  group:
+    name: blockerbugs
+    state: present
+
 - name: create the `blockerbugs` user
   user:
       name: blockerbugs

From 7771e03285bfa650bbf59b30a89819a4154a1aa5 Mon Sep 17 00:00:00 2001
From: Tim Flink <tflink@fedoraproject.org>
Date: Wed, 9 Jun 2021 13:55:03 -0600
Subject: [PATCH 161/189] [blockerbugs] adding the tags I forgot

Sigh, I forgot to add the tags to the 'blockerbugs' group change so this
commit fixes the missing tags.
---
 roles/blockerbugs/tasks/main.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/blockerbugs/tasks/main.yml b/roles/blockerbugs/tasks/main.yml
index a834b35b8f..baee50490e 100644
--- a/roles/blockerbugs/tasks/main.yml
+++ b/roles/blockerbugs/tasks/main.yml
@@ -24,6 +24,9 @@
   group:
     name: blockerbugs
     state: present
+  tags:
+  - blockerbugs
+  - config
 
 - name: create the `blockerbugs` user
   user:

From 556a3b39a4e5aa8b6a326a156ffe6f712e0fdbce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Wed, 9 Jun 2021 15:43:18 +0200
Subject: [PATCH 162/189] abrt: Update retrace-server role from upstream

* podman: Improve pipeline for getting max subuid
---
 roles/abrt/retrace/tasks/podman.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml
index c0252c310e..4d3adcaf62 100644
--- a/roles/abrt/retrace/tasks/podman.yml
+++ b/roles/abrt/retrace/tasks/podman.yml
@@ -18,7 +18,7 @@
   - name: Get last subuid entry
     shell: |
       set -o pipefail
-      cut -d ':' -f2 /etc/subuid | sort | tail -1
+      sort -nrt: -k2 /etc/subuid | awk -F: 'NR == 1 { print $2 }'
     changed_when: false
     register: t_subuid
     args:

From cadbae81e1bcd9b61507bb6424eb92af6f89132c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Wed, 9 Jun 2021 15:45:35 +0200
Subject: [PATCH 163/189] abrt: Improve retrace user modification flow

We need to stop and restart the httpd service when modifying the retrace
user, otherwise we get errors like "user retrace is currently used by
process <PID>".

Also, factor out some magic values into role variables.
---
 roles/abrt/retrace-pre/defaults/main.yml |  3 ++
 roles/abrt/retrace-pre/tasks/main.yml    | 40 +++++++++++++++++++++---
 2 files changed, 38 insertions(+), 5 deletions(-)
 create mode 100644 roles/abrt/retrace-pre/defaults/main.yml

diff --git a/roles/abrt/retrace-pre/defaults/main.yml b/roles/abrt/retrace-pre/defaults/main.yml
new file mode 100644
index 0000000000..490f879e53
--- /dev/null
+++ b/roles/abrt/retrace-pre/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+retrace_user_home: /srv/retrace/home
+retrace_user_uid_gid: 174
diff --git a/roles/abrt/retrace-pre/tasks/main.yml b/roles/abrt/retrace-pre/tasks/main.yml
index dc80dd4acd..db33c5cd9c 100644
--- a/roles/abrt/retrace-pre/tasks/main.yml
+++ b/roles/abrt/retrace-pre/tasks/main.yml
@@ -1,12 +1,42 @@
 ---
-# create uid - this is normaly done by retrace package
-# but the package is not installed yet at this momement
-- name: Create retrace user
+- name: Make sure retrace user exists
   user:
     name: retrace
     group: retrace
-    uid: 174
-    home: /srv/retrace/home
+    system: yes
+    create_home: no
+  register: retrace_user_info
+
+- name: Ensure retrace user has correct UID and home directory
+  when: >
+    retrace_user_info.changed or
+    retrace_user_info.uid != retrace_user_uid_gid or
+    retrace_user_info.home != retrace_user_home
+  block:
+  - name: Stop httpd service before modifying user
+    service:
+      name: httpd
+      state: stopped
+
+  # create uid - this is normaly done by retrace package
+  # but the package is not installed yet at this momement
+  - name: Ensure correct UID and home directory
+    user:
+      name: retrace
+      uid: "{{ retrace_user_uid_gid }}"
+      gid: "{{ retrace_user_uid_gid }}"
+      home: "{{ retrace_user_home }}"
+      create_home: yes
+
+  - name: Ensure correct GID
+    group:
+      name: retrace
+      gid: "{{ retrace_user_uid_gid }}"
+
+  - name: Restart httpd service after modifications are done
+    service:
+      name: httpd
+      state: started
 
 - name: Create directory for repositories
   file:

From b53dc072928786349d3fb0c7d12e6d3986135d6c Mon Sep 17 00:00:00 2001
From: "Eddie Jennings, Jr" <eddie@eddiejennings.net>
Date: Wed, 9 Jun 2021 17:38:06 -0400
Subject: [PATCH 164/189] Remove phx2 mention.

---
 playbooks/vhost_reboot.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/playbooks/vhost_reboot.yml b/playbooks/vhost_reboot.yml
index ee072b33d4..22ce2f92f8 100644
--- a/playbooks/vhost_reboot.yml
+++ b/playbooks/vhost_reboot.yml
@@ -59,11 +59,6 @@
       os_delegate_via: os-master03
     when: hostvars['os-master03.iad2.fedoraproject.org'].vmhost and hostvars[inventory_hostname].datacenter == 'iad2'
 
-  - name: drain OS node if necessary
-    command: oc adm drain {{inventory_hostname }} --ignore-daemonsets --delete-local-data
-    delegate_to: "{{os_delegate_via}}{{env_suffix}}.phx2.fedoraproject.org"
-    when: inventory_hostname.startswith(('os-node', 'os-master')) and hostvars[inventory_hostname].datacenter == 'phx2'
-
   - name: drain OS node if necessary
     command: oc adm drain {{inventory_hostname }} --ignore-daemonsets --delete-local-data
     delegate_to: "{{os_delegate_via}}{{env_suffix}}.iad2.fedoraproject.org"

From f3cfba9646906c2399fb025c4269795e8c14eb52 Mon Sep 17 00:00:00 2001
From: lrossett <lrossett@redhat.com>
Date: Tue, 8 Jun 2021 12:12:00 -0300
Subject: [PATCH 165/189] adding resultsdb app

---
 playbooks/openshift-apps/resultsdb.yml        | 107 ++++++++++++++++++
 .../resultsdb/defaults/main.yml               |   8 ++
 .../resultsdb/templates/configmaps.yml        |  28 +++++
 .../resultsdb/templates/deploymentconfigs.yml |  87 ++++++++++++++
 .../resultsdb/templates/routes.yml            |  16 +++
 .../resultsdb/templates/secrets.yml           |  24 ++++
 .../resultsdb/templates/services.yml          |  16 +++
 7 files changed, 286 insertions(+)
 create mode 100644 playbooks/openshift-apps/resultsdb.yml
 create mode 100644 roles/openshift-apps/resultsdb/defaults/main.yml
 create mode 100644 roles/openshift-apps/resultsdb/templates/configmaps.yml
 create mode 100644 roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
 create mode 100644 roles/openshift-apps/resultsdb/templates/routes.yml
 create mode 100644 roles/openshift-apps/resultsdb/templates/secrets.yml
 create mode 100644 roles/openshift-apps/resultsdb/templates/services.yml

diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml
new file mode 100644
index 0000000000..78f0d300fc
--- /dev/null
+++ b/playbooks/openshift-apps/resultsdb.yml
@@ -0,0 +1,107 @@
+- name: setup the database
+  hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org
+  gather_facts: no
+  become: yes
+  become_user: postgres
+  vars_files:
+  - /srv/web/infra/ansible/vars/global.yml
+  - /srv/private/ansible/vars.yml
+  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  tasks:
+  - name: waiverdb DB user - prod
+    postgresql_user:
+      name: "resultsdb"
+      password: "{{ prod_resultsdb_db_password }}"
+    when: env != 'staging'
+  - name: resultsdb DB user - staging
+    postgresql_user:
+      name: "resultsdb"
+      password: "{{ stg_resultsdb_db_password }}"
+    when: env == 'staging'
+  - name: resultsdb database creation
+    postgresql_db:
+      name: "resultsdb"
+      owner: "resultsdb"
+      encoding: UTF-8
+
+
+- name: make the app be real
+  hosts: os_masters[0]:os_masters_stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+    - role: rabbit/user
+      username: "resultsdb{{ env_suffix }}"
+
+    # The openshift/project role breaks if the project already exists:
+    # https://pagure.io/fedora-infrastructure/issue/6404
+    - role: openshift/project
+      app: resultsdb
+      description: resultsdb
+      appowners:
+        - ralph
+        - mjia
+        - dcallagh
+        - gnaponie
+        - cverna
+        - pingou
+        - lholecek
+        - vmaljulin
+      tags:
+        - apply-appowners
+
+    - role: openshift/object
+      app: resultsdb
+      template: secrets.yml
+      objectname: secrets.yml
+
+    - role: openshift/secret-file
+      app: resultsdb
+      secret_name: resultsdb-fedora-messaging-key
+      key: resultsdb.key
+      privatefile: "rabbitmq/{{env}}/pki/private/resultsdb{{env_suffix}}.key"
+
+    - role: openshift/secret-file
+      app: resultsdb
+      secret_name: resultsdb-fedora-messaging-crt
+      key: resultsdb.crt
+      privatefile: "rabbitmq/{{env}}/pki/issued/resultsdb{{env_suffix}}.crt"
+
+    - role: openshift/secret-file
+      app: resultsdb
+      secret_name: resultsdb-fedora-messaging-ca
+      key: resultsdb.ca
+      privatefile: "rabbitmq/{{env}}/pki/ca.crt"
+
+    - role: openshift/object
+      app: resultsdb
+      template: configmaps.yml
+      objectname: configmaps.yml
+
+    - role: openshift/object
+      app: resultsdb
+      template: services.yml
+      objectname: services.yml
+
+    - role: openshift/route
+      app: resultsdb
+      routename: api-pretty
+      host: "resultsdb{{ env_suffix }}.fedoraproject.org"
+      serviceport: api
+      servicename: resultsdb-web
+
+    - role: openshift/object
+      app: resultsdb
+      template: deploymentconfigs.yml
+      objectname: deploymentconfigs.yml
+
+    - role: openshift/rollout
+      app: resultsdb
+      dcname: "resultsdb-test-{{ resultsdb_test_id }}-api"
\ No newline at end of file
diff --git a/roles/openshift-apps/resultsdb/defaults/main.yml b/roles/openshift-apps/resultsdb/defaults/main.yml
new file mode 100644
index 0000000000..3b924d0937
--- /dev/null
+++ b/roles/openshift-apps/resultsdb/defaults/main.yml
@@ -0,0 +1,8 @@
+resultsdb_database: true
+resultsdb_test_id: 'test'
+resultsdb_mod_wsgi_dir: '${MOD_WSGI_MODULES_DIRECTORY}'
+
+resultsdb_db_password: 'resultsdb'
+resultsdb_additional_result_outcomes: []
+
+resultsdb_image: quay.io/fedora/resultsdb:latest
\ No newline at end of file
diff --git a/roles/openshift-apps/resultsdb/templates/configmaps.yml b/roles/openshift-apps/resultsdb/templates/configmaps.yml
new file mode 100644
index 0000000000..b10748dc9a
--- /dev/null
+++ b/roles/openshift-apps/resultsdb/templates/configmaps.yml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "resultsdb-test-{{ resultsdb_test_id }}-httpd-config"
+  labels:
+    environment: "test-{{ resultsdb_test_id }}"
+    app: resultsdb
+data:
+  resultsdb.conf: |-
+    <IfModule !auth_basic_module>
+      LoadModule auth_basic_module '{{ resultsdb_mod_wsgi_dir }}/mod_auth_basic.so'
+    </IfModule>
+    <IfModule !authn_file_module>
+      LoadModule authn_file_module '{{ resultsdb_mod_wsgi_dir }}/mod_authn_file.so'
+    </IfModule>
+    <IfModule !authz_user_module>
+      LoadModule authz_user_module '{{ resultsdb_mod_wsgi_dir }}/mod_authz_user.so'
+    </IfModule>
+
+    <Location "/">
+      AuthType Basic
+      AuthName "Authentication Required"
+      AuthBasicProvider file
+      AuthUserFile "/etc/resultsdb/.htpasswd"
+      <LimitExcept GET>
+        Require valid-user
+      </LimitExcept>
+    </Location>
\ No newline at end of file
diff --git a/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml b/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
new file mode 100644
index 0000000000..648998a6e5
--- /dev/null
+++ b/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
@@ -0,0 +1,87 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  name: "resultsdb-test-{{ resultsdb_test_id }}-api"
+  labels:
+    environment: "test-{{ resultsdb_test_id }}"
+    service: api
+    app: resultsdb
+spec:
+  replicas: 2
+  selector:
+    app: resultsdb
+    environment: "test-{{ resultsdb_test_id }}"
+    service: api
+  strategy:
+    type: Rolling
+    rollingParams:
+      pre:
+        failurePolicy: Abort
+        execNewPod:  
+          containerName: api
+          command:
+            - /bin/sh
+            - -i
+            - -c
+            - |
+              # try for 10 minutes (600 seconds)
+              e=$(( $(date +%s) + 600 ))
+              i=0
+              while [ $(date +%s) -lt $e ]; do
+                echo 'TRY #'$((++i))
+                if resultsdb init_db ; then
+                  exit 0
+                fi
+              done
+              exit 1
+          volumes:
+            - config-volume
+            - httpd-config-volume
+  template:
+    metadata:
+      labels:
+        environment: "test-{{ resultsdb_test_id }}"
+        service: api
+        app: resultsdb
+    spec:
+      containers:
+        - name: api
+          image: "{{ resultsdb_image }}"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 5001
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/resultsdb
+              readOnly: true
+            - name: httpd-config-volume
+              mountPath: /etc/httpd/conf.d
+              readOnly: true
+          readinessProbe:
+            timeoutSeconds: 1
+            initialDelaySeconds: 5
+            httpGet:
+              path: /api/v2.0/
+              port: 5001
+          livenessProbe:
+            timeoutSeconds: 1
+            initialDelaySeconds: 30
+            httpGet:
+              path: /api/v2.0/
+              port: 5001
+          # Limit to 384MB memory. This is probably *not* enough but it is
+          # necessary in the current environment to allow for 2 replicas and
+          # rolling updates, without hitting the (very aggressive) memory quota.
+          resources:
+            limits:
+              memory: 384Mi
+              cpu: 0.3
+      volumes:
+        - name: config-volume
+          secret:
+            secretName: "resultsdb-test-{{ resultsdb_test_id }}-config"
+        - name: httpd-config-volume
+          configMap:
+            name: "resultsdb-test-{{ resultsdb_test_id }}-httpd-config"
+  triggers:
+    - type: ConfigChange
\ No newline at end of file
diff --git a/roles/openshift-apps/resultsdb/templates/routes.yml b/roles/openshift-apps/resultsdb/templates/routes.yml
new file mode 100644
index 0000000000..f66d28c0dd
--- /dev/null
+++ b/roles/openshift-apps/resultsdb/templates/routes.yml
@@ -0,0 +1,16 @@
+apiVersion: v1
+  kind: Route
+  metadata:
+    name: "resultsdb-test-{{ resultsdb_test_id }}-api"
+    labels:
+      environment: "test-{{ resultsdb_test_id }}"
+      app: resultsdb
+  spec:
+    port:
+      targetPort: api
+    to:
+      kind: Service
+      name: "resultsdb-test-{{ resultsdb_test_id }}-api"
+    tls:
+      termination: edge
+      insecureEdgeTerminationPolicy: Redirect
\ No newline at end of file
diff --git a/roles/openshift-apps/resultsdb/templates/secrets.yml b/roles/openshift-apps/resultsdb/templates/secrets.yml
new file mode 100644
index 0000000000..0f0609269b
--- /dev/null
+++ b/roles/openshift-apps/resultsdb/templates/secrets.yml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "resultsdb-test-{{ resultsdb_test_id }}-config"
+  labels:
+    environment: "test-{{ resultsdb_test_id }}"
+    app: resultsdb
+stringData:
+  settings.py: |-
+    SECRET_KEY = '{{ resultsdb_secret_key }}'
+    SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://resultsdb:{{ resultsdb_db_password }}@resultsdb-test-{{ resultsdb_test_id }}-database:5432/resultsdb'
+    FILE_LOGGING = False
+    LOGFILE = '/var/log/resultsdb/resultsdb.log'
+    SYSLOG_LOGGING = False
+    STREAM_LOGGING = True
+    RUN_HOST= '0.0.0.0'
+    RUN_PORT = 5001
+    MESSAGE_BUS_PUBLISH = False
+    MESSAGE_BUS_PLUGIN = 'fedmsg'
+    MESSAGE_BUS_KWARGS = {'modname': 'resultsdb'}
+    ADDITIONAL_RESULT_OUTCOMES = {{ resultsdb_additional_result_outcomes }}
+    # Credentials are resultsdb-updater:password
+  .htpasswd: |-
+    resultsdb-updater:{{ resultsdb_password }}
\ No newline at end of file
diff --git a/roles/openshift-apps/resultsdb/templates/services.yml b/roles/openshift-apps/resultsdb/templates/services.yml
new file mode 100644
index 0000000000..c1c53fdd9d
--- /dev/null
+++ b/roles/openshift-apps/resultsdb/templates/services.yml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata: 
+  name: "resultsdb-test-{{ resultsdb_test_id }}-api"
+  labels:
+    environment: "test-{{ resultsdb_test_id }}"
+    app: resultsdb
+spec:
+  selector:
+    app: resultsdb
+    environment: "test-{{ resultsdb_test_id }}"
+    service: api
+  ports:
+    - name: api
+      port: 5001
+      targetPort: 5001
\ No newline at end of file

From 0e50ad7e72d0fd555ea134ef3e6dc17d98c09371 Mon Sep 17 00:00:00 2001
From: lrossett <lrossett@redhat.com>
Date: Tue, 8 Jun 2021 12:32:21 -0300
Subject: [PATCH 166/189] fedora-messaging config

---
 .../resultsdb/defaults/main.yml               |  2 +-
 .../resultsdb/templates/configmaps.yml        | 23 +++++++++++++++++-
 .../resultsdb/templates/deploymentconfigs.yml | 24 +++++++++++++++++++
 .../resultsdb/templates/secrets.yml           |  2 +-
 4 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/roles/openshift-apps/resultsdb/defaults/main.yml b/roles/openshift-apps/resultsdb/defaults/main.yml
index 3b924d0937..008325479b 100644
--- a/roles/openshift-apps/resultsdb/defaults/main.yml
+++ b/roles/openshift-apps/resultsdb/defaults/main.yml
@@ -1,4 +1,4 @@
-resultsdb_database: true
+resultsdb_publish: true
 resultsdb_test_id: 'test'
 resultsdb_mod_wsgi_dir: '${MOD_WSGI_MODULES_DIRECTORY}'
 
diff --git a/roles/openshift-apps/resultsdb/templates/configmaps.yml b/roles/openshift-apps/resultsdb/templates/configmaps.yml
index b10748dc9a..6dd792a447 100644
--- a/roles/openshift-apps/resultsdb/templates/configmaps.yml
+++ b/roles/openshift-apps/resultsdb/templates/configmaps.yml
@@ -25,4 +25,25 @@ data:
       <LimitExcept GET>
         Require valid-user
       </LimitExcept>
-    </Location>
\ No newline at end of file
+    </Location>
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fedora-messaging-configmap
+  labels:
+    app: resultsdb
+data:
+  config.toml: |-
+    amqp_url = "amqps://resultsdb{{ env_suffix }}:@rabbitmq{{ env_suffix }}.fedoraproject.org/%2Fpubsub"
+
+{% if env == "staging" %}
+    topic_prefix = "org.fedoraproject.stg"
+{% else %}
+    topic_prefix = "org.fedoraproject.prod"
+{% endif %}
+
+    [tls]
+    ca_cert = "/etc/pki/rabbitmq/ca/resultsdb.ca"
+    keyfile = "/etc/pki/rabbitmq/key/resultsdb.key"
+    certfile = "/etc/pki/rabbitmq/crt/resultsdb.crt"
diff --git a/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml b/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
index 648998a6e5..5c7bd6525d 100644
--- a/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
+++ b/roles/openshift-apps/resultsdb/templates/deploymentconfigs.yml
@@ -57,6 +57,18 @@ spec:
             - name: httpd-config-volume
               mountPath: /etc/httpd/conf.d
               readOnly: true
+            - name: fedora-messaging-ca-volume
+              mountPath: /etc/pki/rabbitmq/ca
+              readOnly: true
+            - name: fedora-messaging-key-volume
+              mountPath: /etc/pki/rabbitmq/key
+              readOnly: true
+            - name: fedora-messaging-crt-volume
+              mountPath: /etc/pki/rabbitmq/crt
+              readOnly: true
+            - name: fedora-messaging-config-volume
+              mountPath: /etc/fedora-messaging
+              readOnly: true
           readinessProbe:
             timeoutSeconds: 1
             initialDelaySeconds: 5
@@ -83,5 +95,17 @@ spec:
         - name: httpd-config-volume
           configMap:
             name: "resultsdb-test-{{ resultsdb_test_id }}-httpd-config"
+        - name: fedora-messaging-config-volume
+          configMap:
+            name: fedora-messaging-configmap
+        - name: fedora-messaging-ca-volume
+          secret:
+            secretName: resultsdb-fedora-messaging-ca
+        - name: fedora-messaging-crt-volume
+          secret:
+            secretName: resultsdb-fedora-messaging-crt
+        - name: fedora-messaging-key-volume
+          secret:
+            secretName: resultsdb-fedora-messaging-key
   triggers:
     - type: ConfigChange
\ No newline at end of file
diff --git a/roles/openshift-apps/resultsdb/templates/secrets.yml b/roles/openshift-apps/resultsdb/templates/secrets.yml
index 0f0609269b..fe155ddf60 100644
--- a/roles/openshift-apps/resultsdb/templates/secrets.yml
+++ b/roles/openshift-apps/resultsdb/templates/secrets.yml
@@ -15,7 +15,7 @@ stringData:
     STREAM_LOGGING = True
     RUN_HOST= '0.0.0.0'
     RUN_PORT = 5001
-    MESSAGE_BUS_PUBLISH = False
+    MESSAGE_BUS_PUBLISH = {{ resultsdb_publish | bool }}
     MESSAGE_BUS_PLUGIN = 'fedmsg'
     MESSAGE_BUS_KWARGS = {'modname': 'resultsdb'}
     ADDITIONAL_RESULT_OUTCOMES = {{ resultsdb_additional_result_outcomes }}

From 5b2d2723c4fcc9fa6fcfc154045dc19ea468b4f6 Mon Sep 17 00:00:00 2001
From: lrossett <lrossett@redhat.com>
Date: Thu, 10 Jun 2021 13:28:40 -0300
Subject: [PATCH 167/189] removing prod hosts for now

---
 playbooks/openshift-apps/resultsdb.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml
index 78f0d300fc..dd260f0f7b 100644
--- a/playbooks/openshift-apps/resultsdb.yml
+++ b/playbooks/openshift-apps/resultsdb.yml
@@ -1,5 +1,6 @@
 - name: setup the database
-  hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org
+  # hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org
+  hosts: db01.stg.iad2.fedoraproject.org
   gather_facts: no
   become: yes
   become_user: postgres
@@ -27,7 +28,8 @@
 
 
 - name: make the app be real
-  hosts: os_masters[0]:os_masters_stg[0]
+  # hosts: os_masters[0]:os_masters_stg[0]
+  hosts: os_masters_stg[0]
   user: root
   gather_facts: False
 

From ae28c8964ac36fc8b3937fe38d00b96199f87996 Mon Sep 17 00:00:00 2001
From: Francois Andrieu <darknao@fedoraproject.org>
Date: Tue, 25 May 2021 17:24:52 +0200
Subject: [PATCH 168/189] docsbuilding: use emptyDir as /tmp for staging

---
 .../docsbuilding/templates/cron-translated.yml            | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/openshift-apps/docsbuilding/templates/cron-translated.yml b/roles/openshift-apps/docsbuilding/templates/cron-translated.yml
index 84b924f93e..fc644129d8 100644
--- a/roles/openshift-apps/docsbuilding/templates/cron-translated.yml
+++ b/roles/openshift-apps/docsbuilding/templates/cron-translated.yml
@@ -24,9 +24,17 @@ spec:
             - name: build-output
               mountPath: /antora/output
               readOnly: false
+{%          if env == 'staging' %}
+            - name: build-temp
+              mountPath: /tmp
+{%          endif %}
           restartPolicy: Never
           startingDeadlineSeconds: 600
           volumes:
           - name: build-output
             persistentVolumeClaim:
               claimName: docs-storage
+{%        if env == 'staging' %}
+          - name: build-temp
+            emptyDir: {}
+{%        endif %}

From ebc48747d5283db7206debd53d639fe862b3c099 Mon Sep 17 00:00:00 2001
From: Francois Andrieu <darknao@fedoraproject.org>
Date: Thu, 3 Jun 2021 08:27:19 +0200
Subject: [PATCH 169/189] fedora-web: add .gitconfig for translation updates

---
 roles/fedora-web/translation/tasks/main.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/roles/fedora-web/translation/tasks/main.yml b/roles/fedora-web/translation/tasks/main.yml
index 0c3a408812..aa217efda8 100644
--- a/roles/fedora-web/translation/tasks/main.yml
+++ b/roles/fedora-web/translation/tasks/main.yml
@@ -21,6 +21,21 @@
   debug:
     var: user_result.ssh_public_key
 
+- name: Create gitconfig for user
+  copy:
+    content: |
+      [user]
+        name = ♪ I'm a bot, bot, bot ♪
+        email = _update_web_trans@sundries
+      [push]
+        default = simple
+    dest: ~_update_web_trans/.gitconfig
+    owner: _update_web_trans
+    group: _update_web_trans
+    mode: 0644
+  tags:
+  - fedora-web-translation
+
 - copy:
     src: ssh_config
     dest: ~_update_web_trans/.ssh/config

From 269a0d738fae86cc6ac95246e6f2883413c814b2 Mon Sep 17 00:00:00 2001
From: Francois Andrieu <darknao@fedoraproject.org>
Date: Tue, 1 Jun 2021 19:37:42 +0200
Subject: [PATCH 170/189] websites_stg: fetch l10n updates before build

also add langtable-python dependency
---
 roles/fedora-web/build/files/syncStatic.stg.sh | 1 +
 roles/fedora-web/build/tasks/main.yml          | 1 +
 2 files changed, 2 insertions(+)

diff --git a/roles/fedora-web/build/files/syncStatic.stg.sh b/roles/fedora-web/build/files/syncStatic.stg.sh
index 6043243345..53bb2ad999 100644
--- a/roles/fedora-web/build/files/syncStatic.stg.sh
+++ b/roles/fedora-web/build/files/syncStatic.stg.sh
@@ -7,6 +7,7 @@ function build {
     err=$(
         {
             cd "$site" && \
+            make pullpos && \
             make && \
             rsync -qa --delete-after --delay-updates out/ "/srv/web/$site/"; \
         } 2>&1
diff --git a/roles/fedora-web/build/tasks/main.yml b/roles/fedora-web/build/tasks/main.yml
index 239c59b614..bf4ff9135e 100644
--- a/roles/fedora-web/build/tasks/main.yml
+++ b/roles/fedora-web/build/tasks/main.yml
@@ -7,6 +7,7 @@
     - python-feedparser
     - python-genshi
     - python-setuptools
+    - langtable-python
   tags:
   - packages
   - fedora-web

From 01ed5b118ac50fc9592a64cc5711f99f5a4051dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 11 Jun 2021 11:39:24 +0200
Subject: [PATCH 171/189] RabbitMQ: allow server-named queues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See: https://pagure.io/fedora-infrastructure/issue/9385

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/rabbitmq_cluster/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index 92e18615cc..733ea98f86 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -378,8 +378,8 @@
       - vhost: /public_pubsub
         # Matches, for example, de23804a-304a-4228-b239-35099c98bd1e
         # Regex is Erlang flavored: http://erlang.org/doc/man/re.html
-        configure_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
-        write_priv: "^(\\w{8}(-\\w{4}){3}-\\w{12})$"
+        configure_priv: "^((\\w{8}(-\\w{4}){3}-\\w{12})|amq\..*)$"
+        write_priv: "^((\\w{8}(-\\w{4}){3}-\\w{12})|amq\..*)$"
         read_priv: .*
     state: present
   tags:

From 9f2f798b9c389880229e4112407e00b8540432f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 11 Jun 2021 11:40:51 +0200
Subject: [PATCH 172/189] typo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/rabbitmq_cluster/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml
index 733ea98f86..d653d28a47 100644
--- a/roles/rabbitmq_cluster/tasks/main.yml
+++ b/roles/rabbitmq_cluster/tasks/main.yml
@@ -378,8 +378,8 @@
       - vhost: /public_pubsub
         # Matches, for example, de23804a-304a-4228-b239-35099c98bd1e
         # Regex is Erlang flavored: http://erlang.org/doc/man/re.html
-        configure_priv: "^((\\w{8}(-\\w{4}){3}-\\w{12})|amq\..*)$"
-        write_priv: "^((\\w{8}(-\\w{4}){3}-\\w{12})|amq\..*)$"
+        configure_priv: "^((\\w{8}(-\\w{4}){3}-\\w{12})|amq\\..*)$"
+        write_priv: "^((\\w{8}(-\\w{4}){3}-\\w{12})|amq\\..*)$"
         read_priv: .*
     state: present
   tags:

From 843ca03d7448cb368aade44d762e0fc9ece94050 Mon Sep 17 00:00:00 2001
From: lrossett <lrossett@redhat.com>
Date: Fri, 11 Jun 2021 12:57:50 -0300
Subject: [PATCH 173/189] moving defaults to vars

---
 roles/openshift-apps/resultsdb/{defaults => vars}/main.yml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename roles/openshift-apps/resultsdb/{defaults => vars}/main.yml (100%)

diff --git a/roles/openshift-apps/resultsdb/defaults/main.yml b/roles/openshift-apps/resultsdb/vars/main.yml
similarity index 100%
rename from roles/openshift-apps/resultsdb/defaults/main.yml
rename to roles/openshift-apps/resultsdb/vars/main.yml

From bd597e954d9d2b945a3d3a58170afcf9ef7cf21b Mon Sep 17 00:00:00 2001
From: lrossett <lrossett@redhat.com>
Date: Fri, 11 Jun 2021 13:47:29 -0300
Subject: [PATCH 174/189] adding role vars file

---
 playbooks/openshift-apps/resultsdb.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml
index dd260f0f7b..0b6de061b8 100644
--- a/playbooks/openshift-apps/resultsdb.yml
+++ b/playbooks/openshift-apps/resultsdb.yml
@@ -8,9 +8,11 @@
   - /srv/web/infra/ansible/vars/global.yml
   - /srv/private/ansible/vars.yml
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+  # TODO: change to vars/{{ env }}.yml
+  - /srv/web/infra/ansible/roles/openshift-apps/resultsdb/vars/main.yml
 
   tasks:
-  - name: waiverdb DB user - prod
+  - name: resultsdb DB user - prod
     postgresql_user:
       name: "resultsdb"
       password: "{{ prod_resultsdb_db_password }}"

From 12570f2a4a714eb64a706c000795ca5904f40cd5 Mon Sep 17 00:00:00 2001
From: lrossett <lrossett@redhat.com>
Date: Fri, 11 Jun 2021 13:53:49 -0300
Subject: [PATCH 175/189] fixing vars file location

---
 playbooks/openshift-apps/resultsdb.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/openshift-apps/resultsdb.yml b/playbooks/openshift-apps/resultsdb.yml
index 0b6de061b8..b208ca3028 100644
--- a/playbooks/openshift-apps/resultsdb.yml
+++ b/playbooks/openshift-apps/resultsdb.yml
@@ -8,8 +8,6 @@
   - /srv/web/infra/ansible/vars/global.yml
   - /srv/private/ansible/vars.yml
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-  # TODO: change to vars/{{ env }}.yml
-  - /srv/web/infra/ansible/roles/openshift-apps/resultsdb/vars/main.yml
 
   tasks:
   - name: resultsdb DB user - prod
@@ -39,6 +37,8 @@
     - /srv/web/infra/ansible/vars/global.yml
     - "/srv/private/ansible/vars.yml"
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+    # TODO: change to vars/{{ env }}.yml
+    - /srv/web/infra/ansible/roles/openshift-apps/resultsdb/vars/main.yml
 
   roles:
     - role: rabbit/user

From 7b28302fae5eddb117f7a0f7ae60a9caee69de08 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 12 Jun 2021 13:23:54 -0700
Subject: [PATCH 176/189] fedocal: remove reverseproxy config for old app, it
 has moved to openshift

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/include/proxies-reverseproxy.yml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index e0c4b60ab4..7e5cdf48a9 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -233,14 +233,6 @@
     destname: badges
     proxyurl: http://localhost:10032
 
-  - role: httpd/reverseproxy
-    website: apps.fedoraproject.org
-    destname: fedocal
-    remotepath: /calendar
-    localpath: /calendar
-    header_scheme: true
-    proxyurl: "{{ varnish_url }}"
-
   - role: httpd/reverseproxy
     website: apps.fedoraproject.org
     destname: kerneltest

From ac751e42ef88ccecb4faa4c5912e185b2c9877ce Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Mon, 14 Jun 2021 11:24:33 +0200
Subject: [PATCH 177/189] retrace: Remove gid setting

`retrace` group is ensured above, gid is set below. We don't need to
duplicate code here.
---
 roles/abrt/retrace-pre/tasks/main.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/abrt/retrace-pre/tasks/main.yml b/roles/abrt/retrace-pre/tasks/main.yml
index db33c5cd9c..2b107da4d5 100644
--- a/roles/abrt/retrace-pre/tasks/main.yml
+++ b/roles/abrt/retrace-pre/tasks/main.yml
@@ -24,7 +24,6 @@
     user:
       name: retrace
       uid: "{{ retrace_user_uid_gid }}"
-      gid: "{{ retrace_user_uid_gid }}"
       home: "{{ retrace_user_home }}"
       create_home: yes
 

From b7a031c9fd2c945a2c42b23f080b2be6c2caf6a1 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 14 Jun 2021 12:49:11 -0700
Subject: [PATCH 178/189] fedoraloveskde.org: add site and pipeline to deploy
 it and dns zone

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/include/proxies-fedora-web.yml      |  3 ++
 playbooks/include/proxies-websites.yml        |  8 +++++
 playbooks/manual/rebuild/websites.yml         |  1 +
 roles/dns/files/zones.conf                    |  5 +++
 .../build/files/syncfedoraloveskde.cron       |  2 ++
 .../build/files/syncfedoraloveskde.sh         | 13 +++++++
 .../build/files/syncfedoraloveskde.stg.sh     | 13 +++++++
 roles/fedoraloveskde/build/tasks/main.yml     | 35 +++++++++++++++++++
 .../website/files/cron-sync-fedoraloveskde    |  1 +
 .../website/files/fedoraloveskde.conf         |  8 +++++
 roles/fedoraloveskde/website/tasks/main.yml   | 15 ++++++++
 roles/rsyncd/files/rsyncd.conf.sundries       |  8 +++++
 roles/rsyncd/files/rsyncd.conf.sundries-stg   |  8 +++++
 .../files/run-daily-awstats.sh                |  2 +-
 14 files changed, 121 insertions(+), 1 deletion(-)
 create mode 100644 roles/fedoraloveskde/build/files/syncfedoraloveskde.cron
 create mode 100644 roles/fedoraloveskde/build/files/syncfedoraloveskde.sh
 create mode 100644 roles/fedoraloveskde/build/files/syncfedoraloveskde.stg.sh
 create mode 100644 roles/fedoraloveskde/build/tasks/main.yml
 create mode 100644 roles/fedoraloveskde/website/files/cron-sync-fedoraloveskde
 create mode 100644 roles/fedoraloveskde/website/files/fedoraloveskde.conf
 create mode 100644 roles/fedoraloveskde/website/tasks/main.yml

diff --git a/playbooks/include/proxies-fedora-web.yml b/playbooks/include/proxies-fedora-web.yml
index 2e3b6384cb..8e60810751 100644
--- a/playbooks/include/proxies-fedora-web.yml
+++ b/playbooks/include/proxies-fedora-web.yml
@@ -60,3 +60,6 @@
 
   - role: developer/website
     website: developer.fedoraproject.org
+
+  - role: fedoraloveskde/website
+    website: fedoraloveskde.org
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 40771b6f43..2595ee883c 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -616,6 +616,14 @@
     sslonly: true
     cert_name: "{{wildcard_cert_name}}"
 
+  - role: httpd/website
+    site_name: fedoraloveskde.org
+    server_aliases: [stg.fedoraloveskde.org]
+    sslonly: true
+    certbot: true
+    tags:
+    - fedoraloveskde
+
   - role: httpd/website
     site_name: osbs.fedoraproject.org
     server_aliases: [osbs.stg.fedoraproject.org]
diff --git a/playbooks/manual/rebuild/websites.yml b/playbooks/manual/rebuild/websites.yml
index d1400ab7f4..74972d73fc 100644
--- a/playbooks/manual/rebuild/websites.yml
+++ b/playbooks/manual/rebuild/websites.yml
@@ -34,3 +34,4 @@
     - spins.fedoraproject.org
     - start.fedoraproject.org
     - budget.fedoraproject.org
+    - fedoraloveskde.org
diff --git a/roles/dns/files/zones.conf b/roles/dns/files/zones.conf
index b39a275c9d..3119c5b074 100644
--- a/roles/dns/files/zones.conf
+++ b/roles/dns/files/zones.conf
@@ -392,6 +392,11 @@ zone "fedoraplayground.com" {
         file "/var/named/master/built/fedoraplayground.com";
 };
 
+zone "fedoraloveskde.org" {
+    type master;
+    file "/var/named/master/built/fedoraloveskde.org";
+};
+
 zone "1.0.0.3.0.9.0.3.8.2.0.0.0.1.6.2.ip6.arpa" {
      type master;
      file "/var/named/master/built/1.0.0.3.0.9.0.3.8.2.0.0.0.1.6.2.ip6.arpa";
diff --git a/roles/fedoraloveskde/build/files/syncfedoraloveskde.cron b/roles/fedoraloveskde/build/files/syncfedoraloveskde.cron
new file mode 100644
index 0000000000..d846a52f61
--- /dev/null
+++ b/roles/fedoraloveskde/build/files/syncfedoraloveskde.cron
@@ -0,0 +1,2 @@
+MAILTO=web-members@fedoraproject.org
+25 * * * * apache /usr/local/bin/lock-wrapper synckdelovesfedora /usr/local/bin/synckdelovesfedora
diff --git a/roles/fedoraloveskde/build/files/syncfedoraloveskde.sh b/roles/fedoraloveskde/build/files/syncfedoraloveskde.sh
new file mode 100644
index 0000000000..7d8a065319
--- /dev/null
+++ b/roles/fedoraloveskde/build/files/syncfedoraloveskde.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ ! -d  /srv/web/fedoraloveskde.org/.git ]
+then
+    /usr/bin/git clone -q https://pagure.io/fedora-kde/fedoraloveskde.org /srv/web/fedoraloveskde.org
+fi
+
+cd /srv/web/fedoraloveskde.org
+
+/usr/bin/git clean -q -fdx || exit 1
+/usr/bin/git reset -q --hard || exit 1
+/usr/bin/git checkout -q production || exit 1
+/usr/bin/git pull -q --ff-only || exit 1
diff --git a/roles/fedoraloveskde/build/files/syncfedoraloveskde.stg.sh b/roles/fedoraloveskde/build/files/syncfedoraloveskde.stg.sh
new file mode 100644
index 0000000000..dda344add3
--- /dev/null
+++ b/roles/fedoraloveskde/build/files/syncfedoraloveskde.stg.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ ! -d  /srv/web/fedoraloveskde.org/.git ]
+then
+    /usr/bin/git clone -q https://pagure.io/fedora-kde/fedoraloveskde.org /srv/web/fedoraloveskde.org
+fi
+
+cd /srv/web/fedoraloveskde.org
+
+/usr/bin/git clean -q -fdx || exit 1
+/usr/bin/git reset -q --hard || exit 1
+/usr/bin/git checkout -q staging || exit 1
+/usr/bin/git pull -q --ff-only || exit 1
diff --git a/roles/fedoraloveskde/build/tasks/main.yml b/roles/fedoraloveskde/build/tasks/main.yml
new file mode 100644
index 0000000000..aa7c2539b3
--- /dev/null
+++ b/roles/fedoraloveskde/build/tasks/main.yml
@@ -0,0 +1,35 @@
+- name: Create directories
+  file: state=directory
+        path=/srv/web/{{item}}
+        owner=apache group=apache mode=0755
+        setype=httpd_sys_content_t seuser=system_u
+  with_items:
+  - fedoraloveskde.org
+  tags:
+  - fedoraloveskde
+
+- name: Copy syncfedoraloveskde script (stg)
+  when: env == "staging"
+  copy: >
+    src=syncfedoraloveskde.stg.sh dest=/usr/local/bin/syncfedoraloveskde owner=root group=root
+    mode=0755
+  tags:
+  - fedoraloveskde
+
+- name: Copy syncfedoraloveskde script (prod)
+  when: env == "production"
+  copy: >
+    src=syncfedoraloveskde.sh dest=/usr/local/bin/syncfedoraloveskde owner=root group=root
+    mode=0755
+  tags:
+  - fedoraloveskde
+
+- name: Install the syncfedoraloveskde cron job
+  copy: >
+    src={{item}}.cron dest=/etc/cron.d/{{item}}.cron
+    owner=root group=root mode=0644
+  with_items:
+  - syncfedoraloveskde
+  tags:
+  - fedoraloveskde
+  - cron
diff --git a/roles/fedoraloveskde/website/files/cron-sync-fedoraloveskde b/roles/fedoraloveskde/website/files/cron-sync-fedoraloveskde
new file mode 100644
index 0000000000..7641c246a8
--- /dev/null
+++ b/roles/fedoraloveskde/website/files/cron-sync-fedoraloveskde
@@ -0,0 +1 @@
+30 * * * *  root /usr/bin/rsync --delete -a --no-owner --no-group --delete-excluded --exclude='.git*' sundries01::fedoraloveskde.org/ /srv/web/fedoraloveskde.org/
diff --git a/roles/fedoraloveskde/website/files/fedoraloveskde.conf b/roles/fedoraloveskde/website/files/fedoraloveskde.conf
new file mode 100644
index 0000000000..a010e076a1
--- /dev/null
+++ b/roles/fedoraloveskde/website/files/fedoraloveskde.conf
@@ -0,0 +1,8 @@
+DocumentRoot /srv/web/fedoraloveskde.org
+
+AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
+
+FileETag MTime Size
+
+ExpiresActive On
+ExpiresDefault "access plus 30 minutes"
diff --git a/roles/fedoraloveskde/website/tasks/main.yml b/roles/fedoraloveskde/website/tasks/main.yml
new file mode 100644
index 0000000000..5a1317431d
--- /dev/null
+++ b/roles/fedoraloveskde/website/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: Copy in the sync-fedoraloveskde cronjob
+  copy: src=cron-sync-fedoraloveskde dest=/etc/cron.d/sync-fedoraloveskde
+  tags:
+  - fedoraloveskde
+
+- name: Copy some config files for {{website}}
+  copy: >
+    src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}}
+    owner=root group=root mode=0644
+  with_items:
+  - fedoraloveskde.conf
+  notify:
+  - reload proxyhttpd
+  tags:
+  - fedoraloveskde
diff --git a/roles/rsyncd/files/rsyncd.conf.sundries b/roles/rsyncd/files/rsyncd.conf.sundries
index e79a658f07..b9b8a09727 100644
--- a/roles/rsyncd/files/rsyncd.conf.sundries
+++ b/roles/rsyncd/files/rsyncd.conf.sundries
@@ -213,3 +213,11 @@ uid = root
 gid = root
 read only = yes
 hosts allow = 10.3.160.0/255.255.224.0 192.168.0.0/255.255.0.0
+
+[fedoraloveskde.org]
+comment = fedoraloveskde.org
+path = /srv/web/fedoraloveskde.org
+uid = root
+gid = root
+read only = yes
+hosts allow = 10.3.160.0/255.255.224.0 192.168.0.0/255.255.0.0
diff --git a/roles/rsyncd/files/rsyncd.conf.sundries-stg b/roles/rsyncd/files/rsyncd.conf.sundries-stg
index ae5172a79f..7b09707e09 100644
--- a/roles/rsyncd/files/rsyncd.conf.sundries-stg
+++ b/roles/rsyncd/files/rsyncd.conf.sundries-stg
@@ -213,3 +213,11 @@ uid = root
 gid = root
 read only = yes
 hosts allow = 10.5.126.0/255.255.255.0 192.168.0.0/255.255.0.0 10.5.128.0/255.255.255.0 10.3.160.0/255.255.224.0
+
+[fedoraloveskde.org]
+comment = fedoraloveskde.org
+path = /srv/web/fedoraloveskde.org
+uid = root
+gid = root
+read only = yes
+hosts allow = 10.3.160.0/255.255.224.0 192.168.0.0/255.255.0.0
diff --git a/roles/web-data-analysis/files/run-daily-awstats.sh b/roles/web-data-analysis/files/run-daily-awstats.sh
index dc3f2a79e5..522e716524 100644
--- a/roles/web-data-analysis/files/run-daily-awstats.sh
+++ b/roles/web-data-analysis/files/run-daily-awstats.sh
@@ -44,7 +44,7 @@ TREEDIR=${LOGDIR}/${YEAR}/${MONTH}/${DAY}
 AWSTATS=/usr/share/awstats/wwwroot/cgi-bin/awstats.pl
 HTMLDOC=/usr/bin/htmldoc
 
-SITES="admin.fedoraproject.org apps.fedoraproject.org arm.fedoraproject.org ask.fedoraproject.org badges.fedoraproject.org bodhi.fedoraproject.org budget.fedoraproject.org bugz.fedoraproject.org cloud.fedoraproject.org codecs.fedoraproject.org communityblog.fedoraproject.org copr.fedoraproject.org developer.fedoraproject.org developers.fedoraproject.org docs.fedoraproject.org docs-old.fedoraproject.org download.fedoraproject.org fas.fedoraproject.org fedora.my fedoracommunity.org fedoramagazine.org fedoraproject.com fedoraproject.org flocktofedora.net flocktofedora.org fonts.fedoraproject.org fpaste.org fudcon.fedoraproject.org get.fedoraproject.org getfedora.org help.fedoraproject.org id.fedoraproject.org it.fedoracommunity.org join.fedoraproject.org k12linux.org kde.fedoraproject.org l10n.fedoraproject.org labs.fedoraproject.org lists.fedorahosted.org lists.fedoraproject.org meetbot-raw.fedoraproject.org meetbot.fedoraproject.org mirrors.fedoraproject.org nightly.fedoraproject.org osbs.fedoraproject.org paste.fedoraproject.org pdc.fedoraproject.org people.fedoraproject.org port389.org qa.fedoraproject.org redirect.fedoraproject.org registry.fedoraproject.org smolts.org spins.fedoraproject.org src.fedoraproject.org start.fedoraproject.org store.fedoraproject.org translate.fedoraproject.org uk.fedoracommunity.org "
+SITES="admin.fedoraproject.org apps.fedoraproject.org arm.fedoraproject.org ask.fedoraproject.org badges.fedoraproject.org bodhi.fedoraproject.org budget.fedoraproject.org bugz.fedoraproject.org cloud.fedoraproject.org codecs.fedoraproject.org communityblog.fedoraproject.org copr.fedoraproject.org developer.fedoraproject.org developers.fedoraproject.org docs.fedoraproject.org docs-old.fedoraproject.org download.fedoraproject.org fas.fedoraproject.org fedora.my fedoracommunity.org fedoramagazine.org fedoraproject.com fedoraproject.org flocktofedora.net flocktofedora.org fonts.fedoraproject.org fpaste.org fudcon.fedoraproject.org get.fedoraproject.org getfedora.org help.fedoraproject.org id.fedoraproject.org it.fedoracommunity.org join.fedoraproject.org k12linux.org kde.fedoraproject.org l10n.fedoraproject.org labs.fedoraproject.org lists.fedorahosted.org lists.fedoraproject.org meetbot-raw.fedoraproject.org meetbot.fedoraproject.org mirrors.fedoraproject.org nightly.fedoraproject.org osbs.fedoraproject.org paste.fedoraproject.org pdc.fedoraproject.org people.fedoraproject.org port389.org qa.fedoraproject.org redirect.fedoraproject.org registry.fedoraproject.org smolts.org spins.fedoraproject.org src.fedoraproject.org start.fedoraproject.org store.fedoraproject.org translate.fedoraproject.org uk.fedoracommunity.org fedoraloveskde.org"
 
 pushd ${CONFDIR}
 for SITE in ${SITES}; do

From 22701344dd589e3a4126a87d47f80683c34b0c58 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 14 Jun 2021 12:56:17 -0700
Subject: [PATCH 179/189] fedoraloveskde: add role to sundries

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 playbooks/groups/sundries.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/playbooks/groups/sundries.yml b/playbooks/groups/sundries.yml
index 068d4b7999..f37f94d8b7 100644
--- a/playbooks/groups/sundries.yml
+++ b/playbooks/groups/sundries.yml
@@ -51,6 +51,8 @@
     when: master_sundries_node|bool
   - role: developer/build
     when: master_sundries_node|bool
+  - role: fedoraloveskde/build
+    when: master_sundries_node|bool
   - { role: rabbit/user,
       username: "sundries{{ env_suffix }}",
       when: master_sundries_node|bool and deployment_type == "stg" }

From 26a32f23d68d8f535baf046f8ef93788379af78f Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 14 Jun 2021 12:59:31 -0700
Subject: [PATCH 180/189] fedoraloveskde: fix dyslexic typos

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/fedoraloveskde/build/files/syncfedoraloveskde.cron | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/fedoraloveskde/build/files/syncfedoraloveskde.cron b/roles/fedoraloveskde/build/files/syncfedoraloveskde.cron
index d846a52f61..479ff818b4 100644
--- a/roles/fedoraloveskde/build/files/syncfedoraloveskde.cron
+++ b/roles/fedoraloveskde/build/files/syncfedoraloveskde.cron
@@ -1,2 +1,2 @@
 MAILTO=web-members@fedoraproject.org
-25 * * * * apache /usr/local/bin/lock-wrapper synckdelovesfedora /usr/local/bin/synckdelovesfedora
+25 * * * * apache /usr/local/bin/lock-wrapper syncfedoraloveskde /usr/local/bin/syncfedoraloveskde

From dfccf740bffef7e73cd1d47904ef741b668d197e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 14 Jun 2021 13:03:45 -0700
Subject: [PATCH 181/189] fedoraloveskde: add proxypass for certgetter

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/fedoraloveskde/website/files/fedoraloveskde.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/fedoraloveskde/website/files/fedoraloveskde.conf b/roles/fedoraloveskde/website/files/fedoraloveskde.conf
index a010e076a1..7569444c82 100644
--- a/roles/fedoraloveskde/website/files/fedoraloveskde.conf
+++ b/roles/fedoraloveskde/website/files/fedoraloveskde.conf
@@ -6,3 +6,5 @@ FileETag MTime Size
 
 ExpiresActive On
 ExpiresDefault "access plus 30 minutes"
+
+ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"

From ca6d94a6b570ff31531f18c2ebf0f20ea09b21fc Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 14 Jun 2021 13:20:52 -0700
Subject: [PATCH 182/189] f34 is released now, adjust repo location

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/buildvm_armv7     | 2 +-
 inventory/group_vars/buildvm_armv7_stg | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/buildvm_armv7 b/inventory/group_vars/buildvm_armv7
index c710a6bb26..4400a5e72e 100644
--- a/inventory/group_vars/buildvm_armv7
+++ b/inventory/group_vars/buildvm_armv7
@@ -7,7 +7,7 @@ max_mem_size: "{{ mem_size }}"
 num_cpus: 5
 max_cpu: "{{ num_cpus }}"
 ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-34-armv7
-ks_repo: http://10.3.163.35/pub/fedora/linux/development/34/Server/armhfp/os/
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/armhfp/os/
 nm: 255.255.255.0
 gw: 10.3.170.254
 dns: 10.3.163.33
diff --git a/inventory/group_vars/buildvm_armv7_stg b/inventory/group_vars/buildvm_armv7_stg
index c86a9dcc96..2999c07f00 100644
--- a/inventory/group_vars/buildvm_armv7_stg
+++ b/inventory/group_vars/buildvm_armv7_stg
@@ -7,7 +7,7 @@ max_mem_size: "{{ mem_size }}"
 num_cpus: 5
 max_cpu: "{{ num_cpus }}"
 ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-34-armv7
-ks_repo: http://10.3.163.35/pub/fedora/linux/development/34/Server/armhfp/os/
+ks_repo: http://10.3.163.35/pub/fedora/linux/releases/34/Server/armhfp/os/
 nm: 255.255.255.0
 gw: 10.3.167.254
 dns: 10.3.163.33

From 5841e7d40e1e14ad9cf60454fc6f0831b225c5c5 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 14 Jun 2021 13:57:15 -0700
Subject: [PATCH 183/189] fedoraloveskde: serve the public dir

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/fedoraloveskde/website/files/fedoraloveskde.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/fedoraloveskde/website/files/fedoraloveskde.conf b/roles/fedoraloveskde/website/files/fedoraloveskde.conf
index 7569444c82..e6d9a5e344 100644
--- a/roles/fedoraloveskde/website/files/fedoraloveskde.conf
+++ b/roles/fedoraloveskde/website/files/fedoraloveskde.conf
@@ -1,4 +1,4 @@
-DocumentRoot /srv/web/fedoraloveskde.org
+DocumentRoot /srv/web/fedoraloveskde.org/public
 
 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
 

From 6a107bc041ba9ceb9b761d707a2a092a045a2297 Mon Sep 17 00:00:00 2001
From: Francois Andrieu <darknao@fedoraproject.org>
Date: Tue, 1 Jun 2021 19:37:42 +0200
Subject: [PATCH 184/189] websites_prod: fetch l10n updates before build

---
 roles/fedora-web/build/files/syncStatic.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/fedora-web/build/files/syncStatic.sh b/roles/fedora-web/build/files/syncStatic.sh
index 52a6c93830..cbcff014dc 100644
--- a/roles/fedora-web/build/files/syncStatic.sh
+++ b/roles/fedora-web/build/files/syncStatic.sh
@@ -7,6 +7,7 @@ function build {
     err=$(
         {
             cd "$site" && \
+            make pullpos && \
             make && \
             rsync -qa --delete-after --delay-updates out/ "/srv/web/$site/"; \
         } 2>&1

From 304432fc88957820670b1d0e2665c77fbac1350a Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Tue, 15 Jun 2021 08:28:37 +0200
Subject: [PATCH 185/189] copr: use a correct %dist for fedora-34-armhfp chroot

Fixes: rhbz#1956111
---
 .../backend/files/provision/files/mock/fedora-34-armhfp.cfg    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg b/roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg
index 775999c80c..79fb53b64a 100644
--- a/roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg
+++ b/roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg
@@ -1,7 +1,8 @@
+config_opts['releasever'] = '34'
 config_opts['target_arch'] = 'armv7hl'
 config_opts['legal_host_arches'] = ('armv7l', 'armv8l', 'aarch64')
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=1895363
 config_opts['use_bootstrap'] = False
 
-include('templates/fedora-rawhide.tpl')
+include('templates/fedora-branched.tpl')

From 3de1d7fa0d85cf6e708d5ca9325f013a4d5dcca2 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Tue, 15 Jun 2021 08:31:02 +0200
Subject: [PATCH 186/189] copr: remove armhfp chroot config overrides

These are not needed as the bug 1895363 doesn't seem to bother us.
---
 .../files/provision/files/mock/fedora-32-armhfp.cfg       | 8 --------
 .../files/provision/files/mock/fedora-33-armhfp.cfg       | 8 --------
 .../files/provision/files/mock/fedora-34-armhfp.cfg       | 8 --------
 .../files/provision/files/mock/fedora-rawhide-armhfp.cfg  | 7 -------
 4 files changed, 31 deletions(-)
 delete mode 100644 roles/copr/backend/files/provision/files/mock/fedora-32-armhfp.cfg
 delete mode 100644 roles/copr/backend/files/provision/files/mock/fedora-33-armhfp.cfg
 delete mode 100644 roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg
 delete mode 100644 roles/copr/backend/files/provision/files/mock/fedora-rawhide-armhfp.cfg

diff --git a/roles/copr/backend/files/provision/files/mock/fedora-32-armhfp.cfg b/roles/copr/backend/files/provision/files/mock/fedora-32-armhfp.cfg
deleted file mode 100644
index 5b7454f9a8..0000000000
--- a/roles/copr/backend/files/provision/files/mock/fedora-32-armhfp.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-config_opts['releasever'] = '32'
-config_opts['target_arch'] = 'armv7hl'
-config_opts['legal_host_arches'] = ('armv7l', 'armv8l', 'aarch64')
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1895363
-config_opts['use_bootstrap'] = False
-
-include('templates/fedora-branched.tpl')
diff --git a/roles/copr/backend/files/provision/files/mock/fedora-33-armhfp.cfg b/roles/copr/backend/files/provision/files/mock/fedora-33-armhfp.cfg
deleted file mode 100644
index 1e2c20c373..0000000000
--- a/roles/copr/backend/files/provision/files/mock/fedora-33-armhfp.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-config_opts['releasever'] = '33'
-config_opts['target_arch'] = 'armv7hl'
-config_opts['legal_host_arches'] = ('armv7l', 'armv8l', 'aarch64')
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1895363
-config_opts['use_bootstrap'] = False
-
-include('templates/fedora-branched.tpl')
diff --git a/roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg b/roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg
deleted file mode 100644
index 79fb53b64a..0000000000
--- a/roles/copr/backend/files/provision/files/mock/fedora-34-armhfp.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-config_opts['releasever'] = '34'
-config_opts['target_arch'] = 'armv7hl'
-config_opts['legal_host_arches'] = ('armv7l', 'armv8l', 'aarch64')
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1895363
-config_opts['use_bootstrap'] = False
-
-include('templates/fedora-branched.tpl')
diff --git a/roles/copr/backend/files/provision/files/mock/fedora-rawhide-armhfp.cfg b/roles/copr/backend/files/provision/files/mock/fedora-rawhide-armhfp.cfg
deleted file mode 100644
index 775999c80c..0000000000
--- a/roles/copr/backend/files/provision/files/mock/fedora-rawhide-armhfp.cfg
+++ /dev/null
@@ -1,7 +0,0 @@
-config_opts['target_arch'] = 'armv7hl'
-config_opts['legal_host_arches'] = ('armv7l', 'armv8l', 'aarch64')
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1895363
-config_opts['use_bootstrap'] = False
-
-include('templates/fedora-rawhide.tpl')

From 91662a75280245131f1aea9d053417c69625a52e Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Tue, 15 Jun 2021 09:00:28 +0200
Subject: [PATCH 187/189] copr: drop centos-stream configs

We use the default centos-stream-8* configs from mock-core-configs now.
---
 .../files/mock/centos-stream-aarch64.cfg      |   5 -
 .../files/mock/centos-stream-ppc64le.cfg      |   5 -
 .../files/mock/centos-stream-x86_64.cfg       |   5 -
 .../files/mock/templates/centos-stream.tpl    | 120 ------------------
 4 files changed, 135 deletions(-)
 delete mode 100644 roles/copr/backend/files/provision/files/mock/centos-stream-aarch64.cfg
 delete mode 100644 roles/copr/backend/files/provision/files/mock/centos-stream-ppc64le.cfg
 delete mode 100644 roles/copr/backend/files/provision/files/mock/centos-stream-x86_64.cfg
 delete mode 100644 roles/copr/backend/files/provision/files/mock/templates/centos-stream.tpl

diff --git a/roles/copr/backend/files/provision/files/mock/centos-stream-aarch64.cfg b/roles/copr/backend/files/provision/files/mock/centos-stream-aarch64.cfg
deleted file mode 100644
index 81e52a64f2..0000000000
--- a/roles/copr/backend/files/provision/files/mock/centos-stream-aarch64.cfg
+++ /dev/null
@@ -1,5 +0,0 @@
-include('templates/centos-stream.tpl')
-
-config_opts['root'] = 'centos-stream-8-aarch64'
-config_opts['target_arch'] = 'aarch64'
-config_opts['legal_host_arches'] = ('aarch64',)
diff --git a/roles/copr/backend/files/provision/files/mock/centos-stream-ppc64le.cfg b/roles/copr/backend/files/provision/files/mock/centos-stream-ppc64le.cfg
deleted file mode 100644
index 7d9ea380fb..0000000000
--- a/roles/copr/backend/files/provision/files/mock/centos-stream-ppc64le.cfg
+++ /dev/null
@@ -1,5 +0,0 @@
-include('templates/centos-stream.tpl')
-
-config_opts['root'] = 'centos-stream-8-ppc64le'
-config_opts['target_arch'] = 'ppc64le'
-config_opts['legal_host_arches'] = ('ppc64le',)
diff --git a/roles/copr/backend/files/provision/files/mock/centos-stream-x86_64.cfg b/roles/copr/backend/files/provision/files/mock/centos-stream-x86_64.cfg
deleted file mode 100644
index 6d355b53ad..0000000000
--- a/roles/copr/backend/files/provision/files/mock/centos-stream-x86_64.cfg
+++ /dev/null
@@ -1,5 +0,0 @@
-include('templates/centos-stream.tpl')
-
-config_opts['root'] = 'centos-stream-8-x86_64'
-config_opts['target_arch'] = 'x86_64'
-config_opts['legal_host_arches'] = ('x86_64',)
diff --git a/roles/copr/backend/files/provision/files/mock/templates/centos-stream.tpl b/roles/copr/backend/files/provision/files/mock/templates/centos-stream.tpl
deleted file mode 100644
index ef39dd2f17..0000000000
--- a/roles/copr/backend/files/provision/files/mock/templates/centos-stream.tpl
+++ /dev/null
@@ -1,120 +0,0 @@
-config_opts['chroot_setup_cmd'] = 'install tar gcc-c++ redhat-rpm-config redhat-release which xz sed make bzip2 gzip gcc coreutils unzip shadow-utils diffutils cpio bash gawk rpm-build info patch util-linux findutils grep'
-config_opts['dist'] = 'el8'  # only useful for --resultdir variable subst
-config_opts['releasever'] = '8'
-config_opts['package_manager'] = 'dnf'
-config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
-config_opts['bootstrap_image'] = 'registry.centos.org/centos:8'
-config_opts['dnf_vars'] = { 'stream': '8-stream',
-                            'contentdir': 'centos',
-                          }
-
-config_opts['dnf.conf'] = """
-[main]
-keepcache=1
-debuglevel=2
-reposdir=/dev/null
-logfile=/var/log/yum.log
-retries=20
-obsoletes=1
-gpgcheck=0
-assumeyes=1
-syslog_ident=mock
-syslog_device=
-mdpolicy=group:primary
-best=1
-protected_packages=
-module_platform_id=platform:el8
-user_agent={{ user_agent }}
-
-[Stream-BaseOS]
-name=CentOS-Stream - Base
-baseurl=http://mirror.centos.org/centos/8-stream/BaseOS/$basearch/os/
-failovermethod=priority
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-gpgcheck=1
-skip_if_unavailable=False
-
-[Stream-AppStream]
-name=CentOS-Stream - AppStream
-baseurl=http://mirror.centos.org/centos/8-stream/AppStream/$basearch/os/
-gpgcheck=1
-enabled=1
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-centosplus]
-name=CentOS-Stream - Plus
-baseurl=http://mirror.centos.org/centos/8-stream/centosplus/$basearch/os/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[cr]
-name=CentOS-$releasever - cr
-baseurl=http://mirror.centos.org/centos/8/cr/$basearch/os/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-base-debuginfo]
-name=CentOS-Stream - Debuginfo
-baseurl=http://debuginfo.centos.org/8-stream/$basearch/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-extras]
-name=CentOS-Stream - Extras
-baseurl=http://mirror.centos.org/centos/8-stream/extras/$basearch/os/
-gpgcheck=1
-enabled=1
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-PowerTools]
-name=CentOS-Stream - PowerTools
-baseurl=http://mirror.centos.org/centos/8-stream/PowerTools/$basearch/os/
-gpgcheck=1
-enabled=1
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-Devel]
-name=CentOS-Stream - Devel WARNING! FOR BUILDROOT USE ONLY!
-baseurl=http://mirror.centos.org/centos/8-stream/Devel/$basearch/os/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-BaseOS-source]
-name=CentOS-Stream - BaseOS Sources
-baseurl=http://vault.centos.org/centos/8-stream/BaseOS/Source/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-AppStream-source]
-name=CentOS-Stream - AppStream Sources
-baseurl=http://vault.centos.org/centos/8-stream/AppStream/Source/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-PowerTools-source]
-name=CentOS-Stream - PowerTools Sources
-baseurl=http://vault.centos.org/centos/8-stream/PowerTools/Source/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-extras-source]
-name=CentOS-Stream - Extras Sources
-baseurl=http://vault.centos.org/centos/8-stream/extras/Source/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-
-[Stream-centosplus-source]
-name=CentOS-Stream - Plus Sources
-baseurl=http://vault.centos.org/centos/8-stream/centosplus/Source/
-gpgcheck=1
-enabled=0
-gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-"""

From e28a1cbbabe4c1714e25e71cb4cac50ec76ccd4c Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Tue, 15 Jun 2021 15:27:44 +0200
Subject: [PATCH 188/189] copr: enable vmhost-01, disable vmhost-04

01 was powered on again, but 04 died in the meantime - waiting for Dell
repair now.
---
 inventory/inventory | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inventory/inventory b/inventory/inventory
index 785e130a1a..2ba4865831 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -983,10 +983,10 @@ copr_aws
 copr_dev_aws
 
 [copr_hypervisor]
-#vmhost-x86-copr01.rdu-cc.fedoraproject.org
+vmhost-x86-copr01.rdu-cc.fedoraproject.org
 vmhost-x86-copr02.rdu-cc.fedoraproject.org
 vmhost-x86-copr03.rdu-cc.fedoraproject.org
-vmhost-x86-copr04.rdu-cc.fedoraproject.org
+#vmhost-x86-copr04.rdu-cc.fedoraproject.org
 
 [copr_db_all:children]
 copr_db_stg

From c9e91e369746772c1aa401f2ec1588fb1e67c020 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Tue, 15 Jun 2021 15:44:09 +0200
Subject: [PATCH 189/189] copr: re-enable vmhost 01

---
 inventory/group_vars/copr_aws     | 4 ++--
 inventory/group_vars/copr_dev_aws | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/inventory/group_vars/copr_aws b/inventory/group_vars/copr_aws
index f900576412..66c66b2346 100644
--- a/inventory/group_vars/copr_aws
+++ b/inventory/group_vars/copr_aws
@@ -34,8 +34,8 @@ builders:
         x86_64: [60, 10, 20]
         aarch64: [30, 4, 6]
 
-    #x86_hypervisor_01:
-    #    x86_64: [20, 4, 20]
+    x86_hypervisor_01:
+        x86_64: [20, 4, 20]
 
     x86_hypervisor_02:
         x86_64: [20, 4, 20]
diff --git a/inventory/group_vars/copr_dev_aws b/inventory/group_vars/copr_dev_aws
index ab1dc8978a..f69e7b664b 100644
--- a/inventory/group_vars/copr_dev_aws
+++ b/inventory/group_vars/copr_dev_aws
@@ -36,8 +36,8 @@ builders:
         x86_64: [5, 2, 3]
         aarch64: [5, 2, 2]
 
-    #x86_hypervisor_01:
-    #    x86_64: [2,1,1]
+    x86_hypervisor_01:
+        x86_64: [2,1,1]
 
     x86_hypervisor_02:
         x86_64: [2, 1, 1]