From de1c4695d4d73dbc65ae21e2b03be974546a4d41 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 23 Jan 2014 16:25:27 +0000
Subject: [PATCH 01/58] Fix syntax errors in copr-be playbook

---
 playbooks/hosts/copr-be.cloud.fedoraproject.org.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
index 4cd9919400..89236956df 100644
--- a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
@@ -122,10 +122,10 @@
     - restart lighttpd
 
   - name: start webserver
-    action: service state=running enabled=yes name=lighttpd
+    service: state=running enabled=yes name=lighttpd
 
   - name: start fail2ban
-    action: service state=running enabled=yes name=fail2ban
+    service: state=running enabled=yes name=fail2ban
 
   # setup dirs for the ansible execution off of provisioning
   - name: dirs from provision
@@ -209,6 +209,6 @@
   - name: chmod_key
     action: file path=/etc/lighttpd/coprs-be.fedoraproject.org.pem owner=root group=root mode=0600
   - name: restart copr-backend
-    action: service: name=copr-backend state=restarted
+    service: name=copr-backend state=restarted
   - name: restart lighttpd
-    action: service: name=lighttpd state=restarted
+    service: name=lighttpd state=restarted

From dfbd43862b7898a7b378a34587627e5d80627c2c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 23 Jan 2014 16:39:26 +0000
Subject: [PATCH 02/58] Disable releng01 for now, since we have no branched.

---
 inventory/inventory         | 2 +-
 playbooks/groups/releng.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/inventory/inventory b/inventory/inventory
index bcd63b9e6d..95877edcde 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -158,7 +158,7 @@ collab03.fedoraproject.org
 collab04.fedoraproject.org
 
 [releng]
-releng01.phx2.fedoraproject.org
+#releng01.phx2.fedoraproject.org
 releng02.phx2.fedoraproject.org
 releng04.phx2.fedoraproject.org
 relepel01.phx2.fedoraproject.org
diff --git a/playbooks/groups/releng.yml b/playbooks/groups/releng.yml
index 9773c70560..6ed915b0a7 100644
--- a/playbooks/groups/releng.yml
+++ b/playbooks/groups/releng.yml
@@ -4,7 +4,7 @@
 # NOTE: most of these vars_path come from group_vars/releng or from hostvars
 
 - name: make releng systems
-  hosts: releng01.phx2.fedoraproject.org:releng02.phx2.fedoraproject.org
+  hosts: releng02.phx2.fedoraproject.org
   user: root
   gather_facts: False
   accelerate: True
@@ -23,7 +23,7 @@
 # Once the instance exists, configure it. 
 
 - name: make releng server system
-  hosts: releng01.phx2.fedoraproject.org:releng02.phx2.fedoraproject.org
+  hosts: releng02.phx2.fedoraproject.org
   user: root
   gather_facts: True
   accelerate: True

From 406474a3743cce0dc5a41b08c40775005a74643c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 23 Jan 2014 17:00:26 +0000
Subject: [PATCH 03/58] Move the kernel-qa playbook to manual. The kernel team
 manages those day to day.

---
 playbooks/{groups => manual}/kernel-qa.yml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename playbooks/{groups => manual}/kernel-qa.yml (100%)

diff --git a/playbooks/groups/kernel-qa.yml b/playbooks/manual/kernel-qa.yml
similarity index 100%
rename from playbooks/groups/kernel-qa.yml
rename to playbooks/manual/kernel-qa.yml

From 206ed3f7764f1ffd463e2e6c320e976ef1fd550e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 23 Jan 2014 17:12:40 +0000
Subject: [PATCH 04/58] Now that we have roles_path, drop the long path on all
 the roles.

---
 playbooks/groups/arm-packager.yml                |  8 ++++----
 playbooks/groups/arm-qa.yml                      |  8 ++++----
 playbooks/groups/arm-releng.yml                  | 10 +++++-----
 playbooks/groups/ask.yml                         | 14 +++++++-------
 playbooks/groups/backup-server.yml               | 10 +++++-----
 playbooks/groups/badges-backend.yml              | 16 ++++++++--------
 playbooks/groups/badges-web.yml                  | 14 +++++++-------
 playbooks/groups/beaker.yml                      | 10 +++++-----
 playbooks/groups/bkernel.yml                     |  2 +-
 playbooks/groups/buildhw.yml                     |  4 ++--
 playbooks/groups/buildvm.yml                     |  2 +-
 playbooks/groups/docs-backend.yml                | 12 ++++++------
 playbooks/groups/elections.yml                   | 10 +++++-----
 playbooks/groups/fedocal.yml                     | 14 +++++++-------
 playbooks/groups/gallery.yml                     | 14 +++++++-------
 playbooks/groups/jenkins-cloud.yml               |  2 +-
 playbooks/groups/keyserver.yml                   | 12 ++++++------
 playbooks/groups/koji-hub.yml                    | 12 ++++++------
 playbooks/groups/lockbox.yml                     | 12 ++++++------
 playbooks/groups/mailman.yml                     | 16 ++++++++--------
 playbooks/groups/mirrorlist.yml                  | 14 +++++++-------
 playbooks/groups/notifs-backend.yml              | 16 ++++++++--------
 playbooks/groups/notifs-web.yml                  | 14 +++++++-------
 playbooks/groups/nuancier.yml                    | 14 +++++++-------
 playbooks/groups/postgresl-server.yml            | 12 ++++++------
 playbooks/groups/releng.yml                      |  4 ++--
 playbooks/groups/taskotron.yml                   | 12 ++++++------
 playbooks/groups/virthost.yml                    | 12 ++++++------
 .../hosts/copr-be.cloud.fedoraproject.org.yml    |  2 +-
 .../hosts/lists-dev.cloud.fedoraproject.org.yml  |  2 +-
 playbooks/manual/kernel-qa.yml                   | 10 +++++-----
 playbooks/manual/sign.yml                        |  4 ++--
 32 files changed, 159 insertions(+), 159 deletions(-)

diff --git a/playbooks/groups/arm-packager.yml b/playbooks/groups/arm-packager.yml
index 4d44c54b75..969c4cbdf1 100644
--- a/playbooks/groups/arm-packager.yml
+++ b/playbooks/groups/arm-packager.yml
@@ -12,10 +12,10 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - fas_client
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml
index 4193d22a47..68e7de91ec 100644
--- a/playbooks/groups/arm-qa.yml
+++ b/playbooks/groups/arm-qa.yml
@@ -12,10 +12,10 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - fas_client
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/groups/arm-releng.yml b/playbooks/groups/arm-releng.yml
index 85ea2804ff..6c9190c663 100644
--- a/playbooks/groups/arm-releng.yml
+++ b/playbooks/groups/arm-releng.yml
@@ -12,11 +12,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
+  - base
+  - fas_client
+  - rkhunter
+  - denyhosts
+  - nagios_client
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml
index dd36b743d0..faaedeec76 100644
--- a/playbooks/groups/ask.yml
+++ b/playbooks/groups/ask.yml
@@ -28,13 +28,13 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
-  - /srv/web/infra/ansible/roles/ask
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base
+  - ask
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml
index a0fa56af28..500c08d860 100644
--- a/playbooks/groups/backup-server.yml
+++ b/playbooks/groups/backup-server.yml
@@ -15,11 +15,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/badges-backend.yml b/playbooks/groups/badges-backend.yml
index db6c80fafe..022e3e4769 100644
--- a/playbooks/groups/badges-backend.yml
+++ b/playbooks/groups/badges-backend.yml
@@ -32,12 +32,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
@@ -58,8 +58,8 @@
   accelerate: True
 
   roles:
-  - /srv/web/infra/ansible/roles/fedmsg-hub
-  - /srv/web/infra/ansible/roles/badges-backend
+  - fedmsg-hub
+  - badges-backend
 
   vars_files: 
    - /srv/web/infra/ansible/vars/global.yml
diff --git a/playbooks/groups/badges-web.yml b/playbooks/groups/badges-web.yml
index 737dcbbb74..fa0dec9b81 100644
--- a/playbooks/groups/badges-web.yml
+++ b/playbooks/groups/badges-web.yml
@@ -32,13 +32,13 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/badges-frontend
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - badges-frontend
+  - fedmsg_base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/beaker.yml b/playbooks/groups/beaker.yml
index 8f55210b19..d3d6e9d3c4 100644
--- a/playbooks/groups/beaker.yml
+++ b/playbooks/groups/beaker.yml
@@ -29,11 +29,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/groups/bkernel.yml b/playbooks/groups/bkernel.yml
index bad914e36c..0d0ce58017 100644
--- a/playbooks/groups/bkernel.yml
+++ b/playbooks/groups/bkernel.yml
@@ -13,7 +13,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
+  - base
 
   tasks:
   - include: "{{ tasks }}/koji/base_builder.yml"
diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index 0dc109d973..c15f185e47 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -14,7 +14,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
+  - base
 
   tasks:
   - include: "{{ tasks }}/yumrepos.yml"
@@ -39,7 +39,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
+  - base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index aa3191e0d5..3402bf0003 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -32,7 +32,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
+  - base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/docs-backend.yml b/playbooks/groups/docs-backend.yml
index f0cb73d20e..657784627c 100644
--- a/playbooks/groups/docs-backend.yml
+++ b/playbooks/groups/docs-backend.yml
@@ -25,12 +25,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/yum-cron
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - yum-cron
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/groups/elections.yml b/playbooks/groups/elections.yml
index 5cf4819fb6..0e44193cab 100644
--- a/playbooks/groups/elections.yml
+++ b/playbooks/groups/elections.yml
@@ -27,11 +27,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/fedocal.yml b/playbooks/groups/fedocal.yml
index 91ffcf861e..cb9ba4e356 100644
--- a/playbooks/groups/fedocal.yml
+++ b/playbooks/groups/fedocal.yml
@@ -32,11 +32,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
@@ -64,7 +64,7 @@
    - "{{ vars_path }}/{{ ansible_distribution }}.yml"
 
   roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - fedmsg_base
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
@@ -81,7 +81,7 @@
    - "{{ vars_path }}/{{ ansible_distribution }}.yml"
 
   roles:
-  - /srv/web/infra/ansible/roles/fedocal
+  - fedocal
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
diff --git a/playbooks/groups/gallery.yml b/playbooks/groups/gallery.yml
index d41f03c520..ef8cff1588 100644
--- a/playbooks/groups/gallery.yml
+++ b/playbooks/groups/gallery.yml
@@ -32,12 +32,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
@@ -62,7 +62,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/gallery
+  - gallery
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
diff --git a/playbooks/groups/jenkins-cloud.yml b/playbooks/groups/jenkins-cloud.yml
index 595b9aa481..21d55b87b8 100644
--- a/playbooks/groups/jenkins-cloud.yml
+++ b/playbooks/groups/jenkins-cloud.yml
@@ -28,7 +28,7 @@
    - resolvconf: resolv.conf/jenkins-cloud
 
   roles:
-   - /srv/web/infra/ansible/roles/base
+   - base
 
   tasks:
   - include: "{{ tasks }}/cloud_setup_basic.yml"
diff --git a/playbooks/groups/keyserver.yml b/playbooks/groups/keyserver.yml
index ec57825d4b..860f82475c 100644
--- a/playbooks/groups/keyserver.yml
+++ b/playbooks/groups/keyserver.yml
@@ -32,12 +32,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/koji-hub.yml b/playbooks/groups/koji-hub.yml
index 425f374cd2..ef648fb73d 100644
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@@ -31,12 +31,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/koji_hub
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - koji_hub
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/lockbox.yml b/playbooks/groups/lockbox.yml
index 979dd682bc..4fa95b640e 100644
--- a/playbooks/groups/lockbox.yml
+++ b/playbooks/groups/lockbox.yml
@@ -25,12 +25,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/ansible-server
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - ansible-server
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml
index 81e65904a4..7ea296d239 100644
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@@ -32,12 +32,12 @@
   - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/yum-cron
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - yum-cron
 
   tasks:
   # this is how you include other task lists
@@ -97,8 +97,8 @@
   - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
 
   roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
-  - role: /srv/web/infra/ansible/roles/mailman
+  - fedmsg_base
+  - role: mailman
     mailman_dbserver: db02.stg.phx2.fedoraproject.org
     mailman_postfix_mydestination: "lists.fedoraproject.org, lists.stg.fedoraproject.org"
     mailman_mm_db_pass: "{{ mailman_mm_db_pass }}"
diff --git a/playbooks/groups/mirrorlist.yml b/playbooks/groups/mirrorlist.yml
index c389d92f20..c3a7d891e6 100644
--- a/playbooks/groups/mirrorlist.yml
+++ b/playbooks/groups/mirrorlist.yml
@@ -32,13 +32,13 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/geoip
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/mirrorlist
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - geoip
+  - fas_client
+  - mirrorlist
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml
index 4d2dac3e2d..413689868f 100644
--- a/playbooks/groups/notifs-backend.yml
+++ b/playbooks/groups/notifs-backend.yml
@@ -32,12 +32,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
@@ -58,8 +58,8 @@
   accelerate: True
 
   roles:
-  - /srv/web/infra/ansible/roles/fedmsg-hub
-  - /srv/web/infra/ansible/roles/notifs-backend
+  - fedmsg-hub
+  - notifs-backend
 
   vars_files: 
    - /srv/web/infra/ansible/vars/global.yml
diff --git a/playbooks/groups/notifs-web.yml b/playbooks/groups/notifs-web.yml
index 01458e3038..d51c7e7738 100644
--- a/playbooks/groups/notifs-web.yml
+++ b/playbooks/groups/notifs-web.yml
@@ -32,13 +32,13 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
-  - /srv/web/infra/ansible/roles/notifs-frontend
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base
+  - notifs-frontend
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/nuancier.yml b/playbooks/groups/nuancier.yml
index 5a86f0673b..d2600f20cf 100644
--- a/playbooks/groups/nuancier.yml
+++ b/playbooks/groups/nuancier.yml
@@ -32,11 +32,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
@@ -64,7 +64,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - fedmsg_base
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
@@ -81,7 +81,7 @@
    - "{{ vars_path }}/{{ ansible_distribution }}.yml"
 
   roles:
-  - /srv/web/infra/ansible/roles/nuancier
+  - nuancier
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
diff --git a/playbooks/groups/postgresl-server.yml b/playbooks/groups/postgresl-server.yml
index 371a1453e9..fcf27859ea 100644
--- a/playbooks/groups/postgresl-server.yml
+++ b/playbooks/groups/postgresl-server.yml
@@ -33,12 +33,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/postgresql_server
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - postgresql_server
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/releng.yml b/playbooks/groups/releng.yml
index 6ed915b0a7..da0286713a 100644
--- a/playbooks/groups/releng.yml
+++ b/playbooks/groups/releng.yml
@@ -34,8 +34,8 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/nagios_client
+  - base
+  - nagios_client
 
   tasks:
   - include: "{{ tasks }}/koji/releng_config.yml"
diff --git a/playbooks/groups/taskotron.yml b/playbooks/groups/taskotron.yml
index d79490fb26..7f0ca7e227 100644
--- a/playbooks/groups/taskotron.yml
+++ b/playbooks/groups/taskotron.yml
@@ -29,12 +29,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/yum-cron
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - yum-cron
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml
index 08c2b71411..444e748a00 100644
--- a/playbooks/groups/virthost.yml
+++ b/playbooks/groups/virthost.yml
@@ -14,12 +14,12 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/iscsi_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - iscsi_client
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
index 89236956df..24ae5ec033 100644
--- a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
@@ -23,7 +23,7 @@
 
   # Roles are run first, before tasks, regardless of where you place them here.
   roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - fedmsg_base
 
   tasks:
   - include: "{{ tasks }}/cloud_setup_basic.yml"
diff --git a/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml b/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml
index 5ca0caf0be..d8b44ec6d4 100644
--- a/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml
@@ -117,7 +117,7 @@
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
 
   roles:
-  - role: /srv/web/infra/ansible/roles/mailman
+  - role: mailman
     mailman_dbserver: localhost
     mailman_postfix_mydestination: lists-dev.cloud.fedoraproject.org
     mailman_mm_db_pass: "{{ lists_dev_mm_db_pass }}"
diff --git a/playbooks/manual/kernel-qa.yml b/playbooks/manual/kernel-qa.yml
index aadf88aba9..07d59fed40 100644
--- a/playbooks/manual/kernel-qa.yml
+++ b/playbooks/manual/kernel-qa.yml
@@ -13,11 +13,11 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
 
   tasks:
   # this is how you include other task lists
diff --git a/playbooks/manual/sign.yml b/playbooks/manual/sign.yml
index d696be8f6b..deadb217bf 100644
--- a/playbooks/manual/sign.yml
+++ b/playbooks/manual/sign.yml
@@ -17,8 +17,8 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
+  - base
+  - rkhunter
 
   tasks:
   - include: "{{ tasks }}/serialgetty.yml"

From 58b8b85ef0b2e07e639fd7affe40351b1aa91690 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Thu, 23 Jan 2014 18:15:18 +0000
Subject: [PATCH 05/58] Move fedmsg_base role to the last one to allow
 ownership of keys files to work right hopefully.

---
 playbooks/groups/ask.yml     | 2 +-
 playbooks/groups/mailman.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml
index faaedeec76..8de5586f27 100644
--- a/playbooks/groups/ask.yml
+++ b/playbooks/groups/ask.yml
@@ -33,8 +33,8 @@
   - denyhosts
   - nagios_client
   - fas_client
-  - fedmsg_base
   - ask
+  - fedmsg_base
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml
index 7ea296d239..7826f1447b 100644
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@@ -97,7 +97,6 @@
   - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"
 
   roles:
-  - fedmsg_base
   - role: mailman
     mailman_dbserver: db02.stg.phx2.fedoraproject.org
     mailman_postfix_mydestination: "lists.fedoraproject.org, lists.stg.fedoraproject.org"
@@ -106,6 +105,7 @@
     mailman_hk_db_pass: "{{ mailman_hk_db_pass }}"
     mailman_ks_admin_db_pass: "{{ mailman_ks_admin_db_pass }}"
     mailman_ks_db_pass: "{{ mailman_ks_db_pass }}"
+  - fedmsg_base
 
   tasks:
   - name: install more needed packages

From 1a791a6e0ea96b075a2d4d59a65a6b1f48a80cd5 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 23 Jan 2014 21:06:02 +0000
Subject: [PATCH 06/58] Point the fmn frontend at datanommer.

---
 files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts | 1 +
 roles/notifs-frontend/templates/fmn.web.py                    | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts b/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
index 39a889c3e2..6ba829d3d2 100644
--- a/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
@@ -9,3 +9,4 @@
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 
 10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
diff --git a/roles/notifs-frontend/templates/fmn.web.py b/roles/notifs-frontend/templates/fmn.web.py
index 8697214a7f..6edc02f884 100644
--- a/roles/notifs-frontend/templates/fmn.web.py
+++ b/roles/notifs-frontend/templates/fmn.web.py
@@ -1,3 +1,6 @@
 config = {
+    # This is for *our* database
     "fmn.sqlalchemy.uri": "postgresql://{{notifs_db_user}}:{{notifs_db_password}}@db-notifs/notifications",
+    # And this is for the datanommer database
+    "datanommer.sqlalchemy.url": "postgresql://{{datanommerDBUser}}:{{datanommerDBPassword}}@db-datanommer/datanommer",
 }

From 75d3b045fca4aa5bed7f491ff55ce861ae01e51f Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 23 Jan 2014 21:08:59 +0000
Subject: [PATCH 07/58] Add these two, too.

---
 files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts | 1 +
 files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts b/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
index 39a889c3e2..6ba829d3d2 100644
--- a/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
@@ -9,3 +9,4 @@
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 
 10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
diff --git a/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts b/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
index 39a889c3e2..6ba829d3d2 100644
--- a/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
@@ -9,3 +9,4 @@
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg
 
 10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer

From d40a72f7f572a9255384ac21def4f47d8cd4c450 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 23 Jan 2014 21:23:53 +0000
Subject: [PATCH 08/58] Initialize fmn logging.

---
 roles/notifs-frontend/files/fmn.web.wsgi | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/notifs-frontend/files/fmn.web.wsgi b/roles/notifs-frontend/files/fmn.web.wsgi
index 358d4b695e..3a2612b419 100644
--- a/roles/notifs-frontend/files/fmn.web.wsgi
+++ b/roles/notifs-frontend/files/fmn.web.wsgi
@@ -10,6 +10,9 @@ import pkg_resources
 import os
 os.environ['FMN_WEB_CONFIG'] = '/etc/fmn.web.cfg'
 
+import logging
+logging.basicConfig()
+
 # The most import line to make the wsgi working
 from fmn.web.app import app as application
 # Dangerous.. only use when testing.

From 3b179a2ce6c08edfd687de767e5f8eb694fda904 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 23 Jan 2014 21:34:32 +0000
Subject: [PATCH 09/58] Remove bogus config.

---
 roles/notifs-frontend/tasks/main.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/notifs-frontend/tasks/main.yml b/roles/notifs-frontend/tasks/main.yml
index ef16ea38be..900b285be7 100644
--- a/roles/notifs-frontend/tasks/main.yml
+++ b/roles/notifs-frontend/tasks/main.yml
@@ -17,6 +17,11 @@
   notify:
   - restart apache
 
+- name: destroy a bogus config file brought in by python-datanommer-models
+  file: dest=/etc/fedmsg.d/datanommer.py state=absent
+  notify:
+  - restart apache
+
 - name: copy fmn httpd config
   copy: >
     src=fmn.web.conf dest=/etc/httpd/conf.d/fmn.web.conf

From 324721e3f32791949f6227f39aa35fb9097a3829 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 23 Jan 2014 21:41:59 +0000
Subject: [PATCH 10/58] Disable alternative openids for fmn for now.

---
 roles/notifs-frontend/templates/fmn.web.cfg | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/notifs-frontend/templates/fmn.web.cfg b/roles/notifs-frontend/templates/fmn.web.cfg
index 89eeb400b3..55d78bc080 100644
--- a/roles/notifs-frontend/templates/fmn.web.cfg
+++ b/roles/notifs-frontend/templates/fmn.web.cfg
@@ -13,6 +13,6 @@ FMN_FEDORA_OPENID = 'https://id.fedoraproject.org'
 {% endif %}
 
 FMN_ALLOW_FAS_OPENID = True
-FMN_ALLOW_GOOGLE_OPENID = True
-FMN_ALLOW_YAHOO_OPENID = True
-FMN_ALLOW_GENERIC_OPENID = True
+FMN_ALLOW_GOOGLE_OPENID = False
+FMN_ALLOW_YAHOO_OPENID = False
+FMN_ALLOW_GENERIC_OPENID = False

From 89a74383d7da812bc1376a9797eff703dc88393c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20Such=C3=BD?= <msuchy@redhat.com>
Date: Fri, 24 Jan 2014 08:39:32 +0000
Subject: [PATCH 11/58] add releasever - BZ 1056039

---
 files/copr/provision/files/mock/epel-5-i386.cfg      | 1 +
 files/copr/provision/files/mock/epel-5-x86_64.cfg    | 1 +
 files/copr/provision/files/mock/epel-7-x86_64.cfg    | 1 +
 files/copr/provision/files/mock/fedora-20-i386.cfg   | 1 +
 files/copr/provision/files/mock/fedora-20-x86_64.cfg | 1 +
 5 files changed, 5 insertions(+)

diff --git a/files/copr/provision/files/mock/epel-5-i386.cfg b/files/copr/provision/files/mock/epel-5-i386.cfg
index a8b03edf3f..38a425aba6 100644
--- a/files/copr/provision/files/mock/epel-5-i386.cfg
+++ b/files/copr/provision/files/mock/epel-5-i386.cfg
@@ -5,6 +5,7 @@ config_opts['chroot_setup_cmd'] = 'install buildsys-build'
 config_opts['dist'] = 'el5'  # only useful for --resultdir variable subst
 if not config_opts.has_key('macros'):  config_opts['macros'] = {}
 config_opts['macros']['%__arch_install_post'] = '%{nil}'
+config_opts['releasever'] = '5'
 
 config_opts['yum.conf'] = """
 [main]
diff --git a/files/copr/provision/files/mock/epel-5-x86_64.cfg b/files/copr/provision/files/mock/epel-5-x86_64.cfg
index 0f59da54f6..2f26af0ba5 100644
--- a/files/copr/provision/files/mock/epel-5-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-5-x86_64.cfg
@@ -5,6 +5,7 @@ config_opts['chroot_setup_cmd'] = 'install buildsys-build'
 config_opts['dist'] = 'el5'  # only useful for --resultdir variable subst
 if not config_opts.has_key('macros'):  config_opts['macros'] = {}
 config_opts['macros']['%__arch_install_post'] = '%{nil}'
+config_opts['releasever'] = '5'
 
 config_opts['yum.conf'] = """
 [main]
diff --git a/files/copr/provision/files/mock/epel-7-x86_64.cfg b/files/copr/provision/files/mock/epel-7-x86_64.cfg
index eeee2d831e..91b72b8260 100644
--- a/files/copr/provision/files/mock/epel-7-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-7-x86_64.cfg
@@ -11,6 +11,7 @@ config_opts['macros']['%rhel'] = '7'
 config_opts['macros']['%el7'] = '1'
 config_opts['macros']['%_topdir'] = '/builddir/build'
 config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'
+config_opts['releasever'] = '7'
 
 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['plugin_conf']['yum_cache_enable'] = False
diff --git a/files/copr/provision/files/mock/fedora-20-i386.cfg b/files/copr/provision/files/mock/fedora-20-i386.cfg
index d04d180320..fde3c2754f 100644
--- a/files/copr/provision/files/mock/fedora-20-i386.cfg
+++ b/files/copr/provision/files/mock/fedora-20-i386.cfg
@@ -3,6 +3,7 @@ config_opts['target_arch'] = 'i686'
 config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
 config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
 config_opts['dist'] = 'fc20'  # only useful for --resultdir variable subst
+config_opts['releasever'] = '20'
 
 config_opts['yum.conf'] = """
 [main]
diff --git a/files/copr/provision/files/mock/fedora-20-x86_64.cfg b/files/copr/provision/files/mock/fedora-20-x86_64.cfg
index 0f56311e0b..fa7f6d4c42 100644
--- a/files/copr/provision/files/mock/fedora-20-x86_64.cfg
+++ b/files/copr/provision/files/mock/fedora-20-x86_64.cfg
@@ -3,6 +3,7 @@ config_opts['target_arch'] = 'x86_64'
 config_opts['legal_host_arches'] = ('x86_64',)
 config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
 config_opts['dist'] = 'fc20'  # only useful for --resultdir variable subst
+config_opts['releasever'] = '20'
 
 config_opts['yum.conf'] = """
 [main]

From 76951c0b1d0674090b9821e1dccb902ac739a0d3 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:25:53 +0000
Subject: [PATCH 12/58] Test a roles_path idea.

---
 inventory/group_vars/ask-stg | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inventory/group_vars/ask-stg b/inventory/group_vars/ask-stg
index d9b898de11..8929c5cc21 100644
--- a/inventory/group_vars/ask-stg
+++ b/inventory/group_vars/ask-stg
@@ -16,3 +16,5 @@ fedmsg_certs:
 - service: askbot
   owner: root
   group: apache
+
+roles_path: /home/fedora/kevin/ansible/roles:{{ roles_path }}

From 76eb4b0f04f68684e0b984cd4770f86995b3f574 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:30:23 +0000
Subject: [PATCH 13/58] Sadly, this will not work. :(

---
 inventory/group_vars/ask-stg | 2 --
 1 file changed, 2 deletions(-)

diff --git a/inventory/group_vars/ask-stg b/inventory/group_vars/ask-stg
index 8929c5cc21..d9b898de11 100644
--- a/inventory/group_vars/ask-stg
+++ b/inventory/group_vars/ask-stg
@@ -16,5 +16,3 @@ fedmsg_certs:
 - service: askbot
   owner: root
   group: apache
-
-roles_path: /home/fedora/kevin/ansible/roles:{{ roles_path }}

From 4e127e63eda5f258fa3e05fc7e50103002455fb5 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:31:33 +0000
Subject: [PATCH 14/58] Add debug_env role for debugging needs down the road.

---
 roles/debug_env/tasks/main.yml       |  9 +++++++++
 roles/debug_env/templates/dumpall.j2 | 19 +++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 roles/debug_env/tasks/main.yml
 create mode 100644 roles/debug_env/templates/dumpall.j2

diff --git a/roles/debug_env/tasks/main.yml b/roles/debug_env/tasks/main.yml
new file mode 100644
index 0000000000..f67fe7227c
--- /dev/null
+++ b/roles/debug_env/tasks/main.yml
@@ -0,0 +1,9 @@
+#
+# This role can be added to a playbook to dump out all 
+# the env from ansible to see what variables and facts are.
+# Taken from https://coderwall.com/p/13lh6w
+#
+
+tasks:
+  - name: Dump all ansible vars
+    action: template src=templates/dumpall.j2 dest=/tmp/ansible.all
diff --git a/roles/debug_env/templates/dumpall.j2 b/roles/debug_env/templates/dumpall.j2
new file mode 100644
index 0000000000..470394828c
--- /dev/null
+++ b/roles/debug_env/templates/dumpall.j2
@@ -0,0 +1,19 @@
+Module Variables ("vars"):
+--------------------------------
+{{ vars | to_nice_json }}
+
+Environment Variables ("environment"):
+--------------------------------
+{{ environment | to_nice_json }}
+
+GROUP NAMES Variables ("group_names"):
+--------------------------------
+{{ group_names | to_nice_json }}
+
+GROUPS Variables ("groups"):
+--------------------------------
+{{ groups | to_nice_json }}
+
+HOST Variables ("hostvars"):
+--------------------------------
+{{ hostvars | to_nice_json }}

From 389600314b5e5b4f88817415b881fbfbccab1dd4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:34:05 +0000
Subject: [PATCH 15/58] only_if is going bye bye.

---
 callback_plugins/logdetail.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/callback_plugins/logdetail.py b/callback_plugins/logdetail.py
index 06c4bf8ccb..158b8ee45c 100644
--- a/callback_plugins/logdetail.py
+++ b/callback_plugins/logdetail.py
@@ -93,7 +93,7 @@ class LogMech(object):
         if self.playbook_id == 'ansible-cmd':
             res['task_userid'] = getlogin()
         for k in ("delegate_to", "environment", "first_available_file",
-                  "local_action", "notified_by", "notify", "only_if",
+                  "local_action", "notified_by", "notify",
                   "register", "sudo", "sudo_user", "tags",
                   "transport", "when"):
             v = getattr(task, k, None)

From 79bd4c3a211e65425bfe5bfedce2d2174f1474cc Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:35:42 +0000
Subject: [PATCH 16/58] Test debug_env

---
 playbooks/groups/ask.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml
index 8de5586f27..2537b26bf3 100644
--- a/playbooks/groups/ask.yml
+++ b/playbooks/groups/ask.yml
@@ -28,6 +28,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
+  - debug_env
   - base
   - rkhunter
   - denyhosts

From 49c42fc8b2f0a073a523107b077ec530960bf8d6 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:40:58 +0000
Subject: [PATCH 17/58] Adjust role

---
 roles/debug_env/tasks/main.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/roles/debug_env/tasks/main.yml b/roles/debug_env/tasks/main.yml
index f67fe7227c..33dc4ebb8e 100644
--- a/roles/debug_env/tasks/main.yml
+++ b/roles/debug_env/tasks/main.yml
@@ -3,7 +3,5 @@
 # the env from ansible to see what variables and facts are.
 # Taken from https://coderwall.com/p/13lh6w
 #
-
-tasks:
-  - name: Dump all ansible vars
-    action: template src=templates/dumpall.j2 dest=/tmp/ansible.all
+- name: Dump all ansible vars
+  template: src=dumpall.j2 dest=/tmp/debug_env.out

From 083b631c29186b3dd1cab45c97f33b0fad84a51a Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:43:57 +0000
Subject: [PATCH 18/58] Remove debug_env role from ask now.

---
 playbooks/groups/ask.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/playbooks/groups/ask.yml b/playbooks/groups/ask.yml
index 2537b26bf3..8de5586f27 100644
--- a/playbooks/groups/ask.yml
+++ b/playbooks/groups/ask.yml
@@ -28,7 +28,6 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-  - debug_env
   - base
   - rkhunter
   - denyhosts

From 0494a018a691d6966ca83b70075433299b6062b8 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 16:59:46 +0000
Subject: [PATCH 19/58] Add simple script that runs --check --diff playbook
 runs on all hosts/groups.

---
 scripts/ansible-playbook-check-diff | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100755 scripts/ansible-playbook-check-diff

diff --git a/scripts/ansible-playbook-check-diff b/scripts/ansible-playbook-check-diff
new file mode 100755
index 0000000000..72c0d78b1c
--- /dev/null
+++ b/scripts/ansible-playbook-check-diff
@@ -0,0 +1,25 @@
+#!/usr/bin/python -tt
+import os
+import os.path
+import subprocess
+
+rootpath = "/srv/web/infra/ansible/playbooks"
+
+#
+# Find all the .yml files under playbooks/groups and hosts and run ansible-playbook on them
+# With --check and --diff for now. We don't run the 'manual' subdir ones. 
+
+for dir in ("hosts", "groups"):
+    hostsplaybookspath = os.path.join(rootpath, dir)
+    for path, dirs, files in os.walk(hostsplaybookspath):
+        for file in files:
+            if not file.endswith(".yml"):
+                continue  
+            playbookpath = os.path.join(path, file)
+            cmd = ("ansible-playbook", playbookpath, "--check", "--diff")
+            ansibleprocess = subprocess.Popen(cmd)
+
+#
+# Add this if you want to run them one at a time instead of all forked off in a bunch.
+#            ansibleprocess.communicate() 
+#

From b7ff972cbd4976ab5ac6b38724b5f79df58be3e2 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 24 Jan 2014 19:47:07 +0000
Subject: [PATCH 20/58] Host definitions for the fmn prod nodes.

---
 inventory/group_vars/notifs-backend                | 10 ++++++++++
 inventory/group_vars/notifs-web                    | 12 ++++++++++++
 .../notifs-backend01.phx2.fedoraproject.org        | 14 ++++++++++++++
 .../host_vars/notifs-web01.phx2.fedoraproject.org  | 14 ++++++++++++++
 .../host_vars/notifs-web02.phx2.fedoraproject.org  | 14 ++++++++++++++
 inventory/inventory                                |  7 +++++++
 6 files changed, 71 insertions(+)
 create mode 100644 inventory/group_vars/notifs-backend
 create mode 100644 inventory/group_vars/notifs-web
 create mode 100644 inventory/host_vars/notifs-backend01.phx2.fedoraproject.org
 create mode 100644 inventory/host_vars/notifs-web01.phx2.fedoraproject.org
 create mode 100644 inventory/host_vars/notifs-web02.phx2.fedoraproject.org

diff --git a/inventory/group_vars/notifs-backend b/inventory/group_vars/notifs-backend
new file mode 100644
index 0000000000..25492830cb
--- /dev/null
+++ b/inventory/group_vars/notifs-backend
@@ -0,0 +1,10 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
diff --git a/inventory/group_vars/notifs-web b/inventory/group_vars/notifs-web
new file mode 100644
index 0000000000..bb20797c5f
--- /dev/null
+++ b/inventory/group_vars/notifs-web
@@ -0,0 +1,12 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
diff --git a/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org b/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org
new file mode 100644
index 0000000000..cfcc97757f
--- /dev/null
+++ b/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org
@@ -0,0 +1,14 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+
+eth0_ip: 10.5.126.168
+
+volgroup: /dev/vg_virthost09
+vmhost: virthost09.phx2.fedoraproject.org
+
+datacenter: phx2
diff --git a/inventory/host_vars/notifs-web01.phx2.fedoraproject.org b/inventory/host_vars/notifs-web01.phx2.fedoraproject.org
new file mode 100644
index 0000000000..416dc7e424
--- /dev/null
+++ b/inventory/host_vars/notifs-web01.phx2.fedoraproject.org
@@ -0,0 +1,14 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+
+eth0_ip: 10.5.126.103
+
+volgroup: /dev/vg_virthost04
+vmhost: virthost04.phx2.fedoraproject.org
+
+datacenter: phx2
diff --git a/inventory/host_vars/notifs-web02.phx2.fedoraproject.org b/inventory/host_vars/notifs-web02.phx2.fedoraproject.org
new file mode 100644
index 0000000000..e384071ea6
--- /dev/null
+++ b/inventory/host_vars/notifs-web02.phx2.fedoraproject.org
@@ -0,0 +1,14 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+
+eth0_ip: 10.5.126.119
+
+volgroup: /dev/vg_virthost06
+vmhost: virthost06.phx2.fedoraproject.org
+
+datacenter: phx2
diff --git a/inventory/inventory b/inventory/inventory
index 95877edcde..1e6f6241eb 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -258,9 +258,16 @@ lockbox-comm01.qa.fedoraproject.org
 noc01.phx2.fedoraproject.org
 noc02.fedoraproject.org
 
+[notifs-backend]
+notifs-backend01.phx2.fedoraproject.org
+
 [notifs-backend-stg]
 notifs-backend01.stg.phx2.fedoraproject.org
 
+[notifs-web]
+notifs-web01.phx2.fedoraproject.org
+notifs-web02.phx2.fedoraproject.org
+
 [notifs-web-stg]
 notifs-web01.stg.phx2.fedoraproject.org
 notifs-web02.stg.phx2.fedoraproject.org

From 060f9f2eb943c5c73b0638cd0e778a8713629ab7 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 24 Jan 2014 19:50:40 +0000
Subject: [PATCH 21/58] hosts files for fmn prod nodes.

---
 files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts | 6 ++++++
 files/hosts/notifs-web01.phx2.fedoraproject.org-hosts     | 6 ++++++
 files/hosts/notifs-web02.phx2.fedoraproject.org-hosts     | 6 ++++++
 3 files changed, 18 insertions(+)
 create mode 100644 files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts
 create mode 100644 files/hosts/notifs-web01.phx2.fedoraproject.org-hosts
 create mode 100644 files/hosts/notifs-web02.phx2.fedoraproject.org-hosts

diff --git a/files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts b/files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts
new file mode 100644
index 0000000000..23f9e40ac0
--- /dev/null
+++ b/files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
diff --git a/files/hosts/notifs-web01.phx2.fedoraproject.org-hosts b/files/hosts/notifs-web01.phx2.fedoraproject.org-hosts
new file mode 100644
index 0000000000..23f9e40ac0
--- /dev/null
+++ b/files/hosts/notifs-web01.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
diff --git a/files/hosts/notifs-web02.phx2.fedoraproject.org-hosts b/files/hosts/notifs-web02.phx2.fedoraproject.org-hosts
new file mode 100644
index 0000000000..23f9e40ac0
--- /dev/null
+++ b/files/hosts/notifs-web02.phx2.fedoraproject.org-hosts
@@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer

From d6afd943b298ac66cc453412b7f915d7c5570629 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 24 Jan 2014 20:04:18 +0000
Subject: [PATCH 22/58] No need for notifs backend to be on the vpn.

---
 playbooks/groups/notifs-backend.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/playbooks/groups/notifs-backend.yml b/playbooks/groups/notifs-backend.yml
index 413689868f..b3d159a144 100644
--- a/playbooks/groups/notifs-backend.yml
+++ b/playbooks/groups/notifs-backend.yml
@@ -45,8 +45,10 @@
   - include: "{{ tasks }}/2fa_client.yml"
   - include: "{{ tasks }}/motd.yml"
   - include: "{{ tasks }}/sudo.yml"
-  - include: "{{ tasks }}/openvpn_client.yml"
-    when: env != "staging"
+  # The proxies don't actually need to talk to these hosts so we won't bother
+  # putting them on the vpn.
+  #- include: "{{ tasks }}/openvpn_client.yml"
+  #  when: env != "staging"
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"

From 54d88840d5d7617b1d8ed2d841aa0194ab99a905 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 24 Jan 2014 20:55:33 +0000
Subject: [PATCH 23/58] Add an nrpe command definition for checking the
 presence of the fedmsg hub.

---
 roles/nagios_client/tasks/main.yml                         | 1 +
 roles/nagios_client/templates/check_fedmsg_hub_proc.cfg.j2 | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 roles/nagios_client/templates/check_fedmsg_hub_proc.cfg.j2

diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml
index da18f8bc5d..40d0e164f5 100644
--- a/roles/nagios_client/tasks/main.yml
+++ b/roles/nagios_client/tasks/main.yml
@@ -56,6 +56,7 @@
   - check_swap.cfg
   - check_postfix_queue.cfg
   - check_lock.cfg
+  - check_fedmsg_hub_proc.cfg
   notify:
   - restart nrpe
   tags:
diff --git a/roles/nagios_client/templates/check_fedmsg_hub_proc.cfg.j2 b/roles/nagios_client/templates/check_fedmsg_hub_proc.cfg.j2
new file mode 100644
index 0000000000..17ec341c4a
--- /dev/null
+++ b/roles/nagios_client/templates/check_fedmsg_hub_proc.cfg.j2
@@ -0,0 +1 @@
+command[check_fedmsg_hub_proc]={{ libdir }}/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-hub' -u fedmsg

From 03be7b46c9d187d0fcd16bf51f8eed6d91959fb7 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 24 Jan 2014 21:17:50 +0000
Subject: [PATCH 24/58] Add symlink for fmn.web fedora theme.

---
 roles/notifs-frontend/tasks/main.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/notifs-frontend/tasks/main.yml b/roles/notifs-frontend/tasks/main.yml
index 900b285be7..5bc5524772 100644
--- a/roles/notifs-frontend/tasks/main.yml
+++ b/roles/notifs-frontend/tasks/main.yml
@@ -22,6 +22,12 @@
   notify:
   - restart apache
 
+- name: setup symlink to fedora theme
+  file: >
+    src=/usr/share/fmn.web/static/bootstrap-3.0.2-fedora
+    dest=/usr/share/fmn.web/static/bootstrap
+    state=link
+
 - name: copy fmn httpd config
   copy: >
     src=fmn.web.conf dest=/etc/httpd/conf.d/fmn.web.conf

From de9c00f1ba8fcbb006f3b0d3a0d8456a0f385c49 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 21:34:24 +0000
Subject: [PATCH 25/58] Switch buildvm's over to f20 for reinstalling.

---
 inventory/group_vars/buildvm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm
index 251322ba18..7f16b47df6 100644
--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@@ -3,8 +3,8 @@
 lvm_size: 150000
 mem_size: 6144
 num_cpus: 5
-ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora
-ks_repo: http://10.5.126.23/pub/fedora/linux/releases/19/Fedora/x86_64/os/
+ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-20
+ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/
 nm: 255.255.255.0
 gw: 10.5.125.254
 eth1_gw: 10.5.127.254

From 588722a9e85021cb19e425e1838394b31bf52795 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 22:27:34 +0000
Subject: [PATCH 26/58] Cull global packages, add ansible accel mode to
 kojibuilders.

---
 roles/base/templates/iptables/iptables.kojibuilder | 6 ++++++
 vars/global.yml                                    | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/base/templates/iptables/iptables.kojibuilder b/roles/base/templates/iptables/iptables.kojibuilder
index 613dd5c516..b64e116551 100644
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@@ -47,6 +47,12 @@
 -A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT 
 -A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22  -j ACCEPT
 
+# for ansible accelerate mode - allow port 5099 from lockbox and it's ips
+-A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT
+
 # git to pkgs
 -A OUTPUT -m tcp -p tcp --dport 9418 -d 10.5.125.44 -j ACCEPT
 -A OUTPUT -m udp -p udp --dport 9418 -d 10.5.125.44 -j ACCEPT
diff --git a/vars/global.yml b/vars/global.yml
index fa760d29d6..49718f6d0f 100644
--- a/vars/global.yml
+++ b/vars/global.yml
@@ -24,8 +24,8 @@ f20_qcow_id: ami-00000038
 hostbase: transient
 # root_auth_users for cloud instances is '' by default
 root_auth_users: ''
-global_pkgs_inst: ['bind-utils', 'joe', 'mailx', 'nc', 'openssh-clients', 
-                   'patch', 'postfix', 'rsync', 'strace', 'telnet', 
+global_pkgs_inst: ['bind-utils', 'mailx', 'nc', 'openssh-clients', 
+                   'patch', 'postfix', 'rsync', 'strace',
                    'tmpwatch', 'traceroute', 'vim-enhanced', 'xz', 'zsh',
                    'libselinux-python', 'ntpdate' ]
 

From 31a46523a17dcf0363633feaa286571a947b9be4 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 22:49:01 +0000
Subject: [PATCH 27/58] Add yum repos setup to buildvm's

---
 playbooks/groups/buildvm.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index 3402bf0003..ad4f6cb8bb 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -36,6 +36,7 @@
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
+  - include: "{{ tasks }}/yumrepos.yml"
   - include: "{{ tasks }}/koji/base_builder.yml"
   - include: "{{ tasks }}/koji/builder_kernel_config.yml"
 

From d17fd8236a7fba12d274f500f084c640b09d3242 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 23:26:03 +0000
Subject: [PATCH 28/58] Work around this for now.

---
 tasks/yumrepos.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/yumrepos.yml b/tasks/yumrepos.yml
index 26fee37039..f3af6f7def 100644
--- a/tasks/yumrepos.yml
+++ b/tasks/yumrepos.yml
@@ -4,7 +4,7 @@
   with_items:
   - epel6.repo
   - rhel6.repo
-  when: is_rhel == 'True'
+  when: ansible_distribution == 'RedHat'
   tags:
   - config
   - packages
@@ -15,7 +15,7 @@
   - fedora.repo
   - fedora-updates.repo
   - fedora-updates-testing.repo
-  when: is_fedora == 'True' and ansible_architecture == 'x86_64'
+  when: ansible_distribution == 'Fedora' and ansible_architecture == 'x86_64'
   tags:
   - config
   - packages
@@ -26,7 +26,7 @@
   - fedora.repo
   - fedora-updates.repo
   - fedora-updates-testing.repo
-  when: is_fedora == 'True' and ansible_architecture == 'armv7l'
+  when: ansible_distribution == 'Fedora' and ansible_architecture == 'armv7l'
   tags:
   - config
   - packages

From dfa9e5339e24c6f950ca8890d07a67d856074641 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 23:37:08 +0000
Subject: [PATCH 29/58] More idempotent

---
 tasks/koji/base_builder.yml          | 17 ++++++++++++-----
 tasks/koji/builder_kernel_config.yml |  6 ++++++
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
index cc1a0d6110..be85caf170 100644
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@@ -89,8 +89,12 @@
   action: service name=kojid enabled=on
 #  action: service name=kojid enabled=on state=started
 
-- name: copy over authorized keys for root
-  action: copy src="{{ files }}/kojibuilder/root_auth_keys" dest=/root/.ssh/authorized_keys mode=644
+- name: add root ssh key
+  authorized_key: user=root key="{{ item }}"
+  with_file:
+  - "{{ files }}/kojibuilder/root_auth_keys"
+  tags:
+  - config
 
 # idmapd and make sure it's set to run
 - name: idmapd.conf
@@ -100,16 +104,19 @@
 - name: enable nfs-related services and run them
   action: service name={{ item }}  enabled=true state=started
   with_items:
-  - rpcidmapd
-  - rpcbind
   - nfs
-  - nfslock
 
 - name: route config for netapp network
   action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
 
+- name: check for netapp route
+  command: ip route show
+  register: netapproute
+  always_run: yes
+
 - name: run netapp route
   command: /etc/sysconfig/network-scripts/ifup-routes eth1
+  when: netapproute.stdout.find('10.5.88.0') != -1
 
 - name: nfs mount points
   action: mount name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
diff --git a/tasks/koji/builder_kernel_config.yml b/tasks/koji/builder_kernel_config.yml
index 239b4f16c9..94c10ae0a7 100644
--- a/tasks/koji/builder_kernel_config.yml
+++ b/tasks/koji/builder_kernel_config.yml
@@ -1,8 +1,14 @@
 #- name: set kernel params for loopback partitioning
 #  action: command /sbin/grubby --update-kernel=ALL --args=loop.max_part=256 
+#
+- name: check for max_loop
+  command: grep max_loop /etc/grub2.cfg
+  register: max_loop
+  always_run: yes
 
 - name: set kernel params for more loops
   action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64 
+  when: max_loop.stdout.find('max_loop=64') != -1
 
 - name: special pkgs for the x86_64 builders
   yum: state=installed pkg={{ item }}

From fd6119bd4d11018e5a52996ef3493943650e9185 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 23:39:35 +0000
Subject: [PATCH 30/58] Still ssh keys comments issues. :(

---
 files/kojibuilder/root_auth_keys | 1 -
 1 file changed, 1 deletion(-)

diff --git a/files/kojibuilder/root_auth_keys b/files/kojibuilder/root_auth_keys
index a3a005ac0f..a3ffc24818 100644
--- a/files/kojibuilder/root_auth_keys
+++ b/files/kojibuilder/root_auth_keys
@@ -1,2 +1 @@
-#ansible key
 from="10.5.126.23,10.5.126.12,10.5.126.11,209.132.181.6,192.168.1.58,152.19.134.140,192.168.1.42" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmS3g5fSXizcCqKMI1n5WPFrfMyu7BMrMkMYyck07rB/cf2orO8kKj5schjILA8NYJFStlv2CGRXmQlendj523FPzPmzxvTP/OT4qdywa4LKGvAxOkRGCMMxWzVFLdEMzsLUE/+FLX+xd1US9UPLGRsbMkdz4ORCc0G8gqTr835H56mQPI+/zPFeQjHoHGYtQA1wnJH/0LCuFFfU82IfzrXzFDIBAA5i2S+eEOk7/SA4Ciek1CthNtqPX27M6UqkJMBmVpnAdeDz2noWMvlzAAUQ7dHL84CiXbUnF3hhYrHDbmD+kEK+KiRrYh3PT+5YfEPVI/xiDJ2fdHGxY7Dr2TQ== root@lockbox01.phx2.fedoraproject.org

From 0f3395189ed574cfd1a98f640520556263b364f2 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 23:46:07 +0000
Subject: [PATCH 31/58] Another attempt

---
 tasks/koji/base_builder.yml          | 1 +
 tasks/koji/builder_kernel_config.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
index be85caf170..7fab2751f9 100644
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@@ -113,6 +113,7 @@
   command: ip route show
   register: netapproute
   always_run: yes
+  changed_when: "1 != 1"
 
 - name: run netapp route
   command: /etc/sysconfig/network-scripts/ifup-routes eth1
diff --git a/tasks/koji/builder_kernel_config.yml b/tasks/koji/builder_kernel_config.yml
index 94c10ae0a7..28f2c7d4a4 100644
--- a/tasks/koji/builder_kernel_config.yml
+++ b/tasks/koji/builder_kernel_config.yml
@@ -2,7 +2,7 @@
 #  action: command /sbin/grubby --update-kernel=ALL --args=loop.max_part=256 
 #
 - name: check for max_loop
-  command: grep max_loop /etc/grub2.cfg
+  command: cat /etc/grub2.cfg
   register: max_loop
   always_run: yes
 

From 899cff949281598458337c83d1dd9a61c1e045c8 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 24 Jan 2014 23:51:45 +0000
Subject: [PATCH 32/58] Some more cleanup.

---
 tasks/koji/base_builder.yml          | 10 +---------
 tasks/koji/builder_kernel_config.yml |  1 +
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
index 7fab2751f9..18dc8c656a 100644
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@@ -86,15 +86,7 @@
   action: copy src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600   
 
 - name: chkconfig kojid on and leave it running
-  action: service name=kojid enabled=on
-#  action: service name=kojid enabled=on state=started
-
-- name: add root ssh key
-  authorized_key: user=root key="{{ item }}"
-  with_file:
-  - "{{ files }}/kojibuilder/root_auth_keys"
-  tags:
-  - config
+  action: service name=kojid enabled=on state=started
 
 # idmapd and make sure it's set to run
 - name: idmapd.conf
diff --git a/tasks/koji/builder_kernel_config.yml b/tasks/koji/builder_kernel_config.yml
index 28f2c7d4a4..f9fc9aa5df 100644
--- a/tasks/koji/builder_kernel_config.yml
+++ b/tasks/koji/builder_kernel_config.yml
@@ -5,6 +5,7 @@
   command: cat /etc/grub2.cfg
   register: max_loop
   always_run: yes
+  changed_when: '1 != 1'
 
 - name: set kernel params for more loops
   action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64 

From 0844a05bf0a44c497c74174fac562d3e3e0211a2 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 17:45:38 +0000
Subject: [PATCH 33/58] Rework rsyslog stuff. Use default dist
 /etc/rsyslog.conf, add our stuff to /etc/rsyslog.d

---
 inventory/group_vars/kernel-qa                |  1 -
 roles/base/files/rsyslog/rsyslog-audit.conf   | 13 +++
 .../files/rsyslog/rsyslog-disablerate.conf    |  3 +
 roles/base/files/rsyslog/rsyslog-log02.conf   |  4 +
 roles/base/files/rsyslog/rsyslog.conf         | 55 ++++-------
 .../{rsyslog.conf.releng => rsyslog.conf.el6} | 41 ++++----
 ...slog.conf.kojibuilder => rsyslog.conf.f20} | 51 +++++-----
 roles/base/files/rsyslog/rsyslog.conf.phx2    | 97 -------------------
 roles/base/tasks/main.yml                     | 15 ++-
 9 files changed, 103 insertions(+), 177 deletions(-)
 create mode 100644 roles/base/files/rsyslog/rsyslog-audit.conf
 create mode 100644 roles/base/files/rsyslog/rsyslog-disablerate.conf
 create mode 100644 roles/base/files/rsyslog/rsyslog-log02.conf
 rename roles/base/files/rsyslog/{rsyslog.conf.releng => rsyslog.conf.el6} (60%)
 rename roles/base/files/rsyslog/{rsyslog.conf.kojibuilder => rsyslog.conf.f20} (59%)
 delete mode 100644 roles/base/files/rsyslog/rsyslog.conf.phx2

diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa
index 8e03331925..39e618921d 100644
--- a/inventory/group_vars/kernel-qa
+++ b/inventory/group_vars/kernel-qa
@@ -1,6 +1,5 @@
 ---
 freezes: true
 resolvconf: "{{ files }}/resolv.conf/phx2"
-rsyslogconf: "{{ files }}/rsyslog/rsyslog.conf.phx2"
 fas_client_groups: sysadmin-kernel
 sudoers: "{{ private }}/files/sudo/kernel-qa"
diff --git a/roles/base/files/rsyslog/rsyslog-audit.conf b/roles/base/files/rsyslog/rsyslog-audit.conf
new file mode 100644
index 0000000000..8e6c2f5b18
--- /dev/null
+++ b/roles/base/files/rsyslog/rsyslog-audit.conf
@@ -0,0 +1,13 @@
+# monitor auditd log and send out over local6 to central loghost
+$ModLoad imfile.so
+
+# auditd audit.log
+$InputFileName /var/log/audit/audit.log
+$InputFileTag tag_audit_log:
+$InputFileStateFile audit_log
+$InputFileSeverity info
+$InputFileFacility local6
+$InputRunFileMonitor
+
+:msg, !contains, "type=AVC"
+local6.*				@@log02:514
diff --git a/roles/base/files/rsyslog/rsyslog-disablerate.conf b/roles/base/files/rsyslog/rsyslog-disablerate.conf
new file mode 100644
index 0000000000..e7c93530c2
--- /dev/null
+++ b/roles/base/files/rsyslog/rsyslog-disablerate.conf
@@ -0,0 +1,3 @@
+# Disable rate limiting
+$IMUXSockRateLimitInterval 0
+$SystemLogRateLimitInterval 0
diff --git a/roles/base/files/rsyslog/rsyslog-log02.conf b/roles/base/files/rsyslog/rsyslog-log02.conf
new file mode 100644
index 0000000000..8338bfed72
--- /dev/null
+++ b/roles/base/files/rsyslog/rsyslog-log02.conf
@@ -0,0 +1,4 @@
+#
+# Send everything on to central log02 logger machines
+#
+cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none		@@log02:514
diff --git a/roles/base/files/rsyslog/rsyslog.conf b/roles/base/files/rsyslog/rsyslog.conf
index a1d425816f..36cea98f0e 100644
--- a/roles/base/files/rsyslog/rsyslog.conf
+++ b/roles/base/files/rsyslog/rsyslog.conf
@@ -1,20 +1,20 @@
-#rsyslog v3 config file
+# rsyslog v5 configuration file
 
-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
 
 #### MODULES ####
 
-$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
-$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
+#$ModLoad immark  # provides --MARK-- message capability
 
 # Provides UDP syslog reception
-#$ModLoad imudp.so
+#$ModLoad imudp
 #$UDPServerRun 514
 
 # Provides TCP syslog reception
-#$ModLoad imtcp.so  
+#$ModLoad imtcp
 #$InputTCPServerRun 514
 
 
@@ -23,10 +23,13 @@ $ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
-# File syncing capability is disabled by default. This feature is usually not required, 
+# File syncing capability is disabled by default. This feature is usually not required,
 # not useful and an extreme performance hit
 #$ActionFileEnableSync on
 
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
 
 #### RULES ####
 
@@ -36,7 +39,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
 
 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
@@ -57,16 +60,6 @@ uucp,news.crit                                          /var/log/spooler
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log
 
-# monitor auditd log and send out over local6 to central loghost
-$ModLoad imfile.so
-
-# auditd audit.log
-$InputFileName /var/log/audit/audit.log
-$InputFileTag tag_audit_log:
-$InputFileStateFile audit_log
-$InputFileSeverity info
-$InputFileFacility local6
-$InputRunFileMonitor
 
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
@@ -76,22 +69,12 @@ $InputRunFileMonitor
 #
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
-
-# Disable rate limiting
-$IMUXSockRateLimitInterval 0
-$SystemLogRateLimitInterval 0
-
+#$WorkDirectory /var/lib/rsyslog # where to place spool files
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 #*.* @@remote-host:514
 # ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
-:msg, !contains, "type=AVC" ~
-local6.*				@@log02:514
-
diff --git a/roles/base/files/rsyslog/rsyslog.conf.releng b/roles/base/files/rsyslog/rsyslog.conf.el6
similarity index 60%
rename from roles/base/files/rsyslog/rsyslog.conf.releng
rename to roles/base/files/rsyslog/rsyslog.conf.el6
index 2c2852ddd1..36cea98f0e 100644
--- a/roles/base/files/rsyslog/rsyslog.conf.releng
+++ b/roles/base/files/rsyslog/rsyslog.conf.el6
@@ -1,20 +1,20 @@
-#rsyslog v3 config file
+# rsyslog v5 configuration file
 
-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
 
 #### MODULES ####
 
-$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
-$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
+#$ModLoad immark  # provides --MARK-- message capability
 
 # Provides UDP syslog reception
-#$ModLoad imudp.so
+#$ModLoad imudp
 #$UDPServerRun 514
 
 # Provides TCP syslog reception
-#$ModLoad imtcp.so  
+#$ModLoad imtcp
 #$InputTCPServerRun 514
 
 
@@ -23,6 +23,14 @@ $ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
 #### RULES ####
 
 # Log all kernel messages to the console.
@@ -31,7 +39,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
 
 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
@@ -52,6 +60,7 @@ uucp,news.crit                                          /var/log/spooler
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log
 
+
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
 # rule. They belong together, do NOT split them. If you create multiple
@@ -60,14 +69,12 @@ local7.*                                                /var/log/boot.log
 #
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
+#$WorkDirectory /var/lib/rsyslog # where to place spool files
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 #*.* @@remote-host:514
 # ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
diff --git a/roles/base/files/rsyslog/rsyslog.conf.kojibuilder b/roles/base/files/rsyslog/rsyslog.conf.f20
similarity index 59%
rename from roles/base/files/rsyslog/rsyslog.conf.kojibuilder
rename to roles/base/files/rsyslog/rsyslog.conf.f20
index 9719770987..6972b4d369 100644
--- a/roles/base/files/rsyslog/rsyslog.conf.kojibuilder
+++ b/roles/base/files/rsyslog/rsyslog.conf.f20
@@ -1,38 +1,47 @@
-#rsyslog v3 config file
+# rsyslog v5 configuration file
 
-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
 
 #### MODULES ####
 
-$ModLoad imuxsock       # provides support for local system logging (e.g. via logger command)
-$ModLoad imjournal      # provides access to the systemd journal
-$ModLoad imklog   	# provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
+#$ModLoad immark  # provides --MARK-- message capability
 
 # Provides UDP syslog reception
-#$ModLoad imudp.so
+#$ModLoad imudp
 #$UDPServerRun 514
 
 # Provides TCP syslog reception
-#$ModLoad imtcp.so  
+#$ModLoad imtcp
 #$InputTCPServerRun 514
 
 
 #### GLOBAL DIRECTIVES ####
 
-# Include all config files in /etc/rsyslog.d/
-$IncludeConfig /etc/rsyslog.d/*.conf
+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
 
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
 # Turn off message reception via local log socket;
 # local messages are retrieved through imjournal now.
 $OmitLocalLogging on
 
 # File to store the position in the journal
-$StateFile imjournal.state
+$IMJournalStateFile imjournal.state
+
 
 #### RULES ####
 
@@ -42,7 +51,7 @@ $StateFile imjournal.state
 
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
 
 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
@@ -55,7 +64,7 @@ mail.*                                                  -/var/log/maillog
 cron.*                                                  /var/log/cron
 
 # Everybody gets emergency messages
-*.emerg                                                 *
+*.emerg                                                 :omusrmsg:*
 
 # Save news errors of level crit and higher in a special file.
 uucp,news.crit                                          /var/log/spooler
@@ -63,6 +72,7 @@ uucp,news.crit                                          /var/log/spooler
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log
 
+
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
 # rule. They belong together, do NOT split them. If you create multiple
@@ -71,14 +81,11 @@ local7.*                                                /var/log/boot.log
 #
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 #*.* @@remote-host:514
 # ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
diff --git a/roles/base/files/rsyslog/rsyslog.conf.phx2 b/roles/base/files/rsyslog/rsyslog.conf.phx2
deleted file mode 100644
index a1d425816f..0000000000
--- a/roles/base/files/rsyslog/rsyslog.conf.phx2
+++ /dev/null
@@ -1,97 +0,0 @@
-#rsyslog v3 config file
-
-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
-
-#### MODULES ####
-
-$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
-$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
-
-# Provides UDP syslog reception
-#$ModLoad imudp.so
-#$UDPServerRun 514
-
-# Provides TCP syslog reception
-#$ModLoad imtcp.so  
-#$InputTCPServerRun 514
-
-
-#### GLOBAL DIRECTIVES ####
-
-# Use default timestamp format
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-# File syncing capability is disabled by default. This feature is usually not required, 
-# not useful and an extreme performance hit
-#$ActionFileEnableSync on
-
-
-#### RULES ####
-
-# Log all kernel messages to the console.
-# Logging much else clutters up the screen.
-#kern.*                                                 /dev/console
-
-# Log anything (except mail) of level info or higher.
-# Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
-
-# The authpriv file has restricted access.
-authpriv.*                                              /var/log/secure
-
-# Log all the mail messages in one place.
-mail.*                                                  -/var/log/maillog
-
-
-# Log cron stuff
-cron.*                                                  /var/log/cron
-
-# Everybody gets emergency messages
-*.emerg                                                 *
-
-# Save news errors of level crit and higher in a special file.
-uucp,news.crit                                          /var/log/spooler
-
-# Save boot messages also to boot.log
-local7.*                                                /var/log/boot.log
-
-# monitor auditd log and send out over local6 to central loghost
-$ModLoad imfile.so
-
-# auditd audit.log
-$InputFileName /var/log/audit/audit.log
-$InputFileTag tag_audit_log:
-$InputFileStateFile audit_log
-$InputFileSeverity info
-$InputFileFacility local6
-$InputRunFileMonitor
-
-# ### begin forwarding rule ###
-# The statement between the begin ... end define a SINGLE forwarding
-# rule. They belong together, do NOT split them. If you create multiple
-# forwarding rules, duplicate the whole block!
-# Remote Logging (we use TCP for reliable delivery)
-#
-# An on-disk queue is created for this action. If the remote host is
-# down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
-
-# Disable rate limiting
-$IMUXSockRateLimitInterval 0
-$SystemLogRateLimitInterval 0
-
-# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
-#*.* @@remote-host:514
-# ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
-:msg, !contains, "type=AVC" ~
-local6.*				@@log02:514
-
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 4d11550d88..7eeac12ec9 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -106,10 +106,7 @@
 - name: rsyslog.conf
   copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
   first_available_file:
-    - "{{ rsyslogconf }}"
-    - rsyslog/rsyslog.conf.{{ ansible_fqdn }}
-    - rsyslog/rsyslog.conf.{{ host_group }}
-    - rsyslog/rsyslog.conf.{{ datacenter }}
+    - rsyslog/rsyslog.conf.{{ dist_tag }}
     - rsyslog/rsyslog.conf
 
   notify:
@@ -118,6 +115,16 @@
   - rsyslogd
   - config
 
+- name: add rsyslog config to /etc/rsyslog.d
+  copy: src={{ item }} dest=/etc/rsyslog.d/{{ item }} mode=644
+  with_items:
+   - rsyslog-audit.conf
+   - rsyslog-disablerate.conf
+   - rsyslog-log02.conf
+  tags:
+  - rsyslogd
+  - config
+
 - name: /etc/postfix/main.cf
   copy: src={{ item }} dest=/etc/postfix/main.cf
   first_available_file:

From 3dbc402ec48e3dc9319091af3551d6d58088fc23 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 17:50:43 +0000
Subject: [PATCH 34/58] These are in a subdir.

---
 roles/base/tasks/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 7eeac12ec9..de20946ed2 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -118,9 +118,9 @@
 - name: add rsyslog config to /etc/rsyslog.d
   copy: src={{ item }} dest=/etc/rsyslog.d/{{ item }} mode=644
   with_items:
-   - rsyslog-audit.conf
-   - rsyslog-disablerate.conf
-   - rsyslog-log02.conf
+   - rsyslog/rsyslog-audit.conf
+   - rsyslog/rsyslog-disablerate.conf
+   - rsyslog/rsyslog-log02.conf
   tags:
   - rsyslogd
   - config

From 9c0addf17c04b4fba5261733d1d4ba85e940c31c Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 17:57:18 +0000
Subject: [PATCH 35/58] More cleanup, use fileglob

---
 .../rsyslog/{rsyslog.conf => rsyslog.conf.default}     |  0
 roles/base/tasks/main.yml                              | 10 ++++------
 2 files changed, 4 insertions(+), 6 deletions(-)
 rename roles/base/files/rsyslog/{rsyslog.conf => rsyslog.conf.default} (100%)

diff --git a/roles/base/files/rsyslog/rsyslog.conf b/roles/base/files/rsyslog/rsyslog.conf.default
similarity index 100%
rename from roles/base/files/rsyslog/rsyslog.conf
rename to roles/base/files/rsyslog/rsyslog.conf.default
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index de20946ed2..2f934b61e3 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -107,7 +107,7 @@
   copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
   first_available_file:
     - rsyslog/rsyslog.conf.{{ dist_tag }}
-    - rsyslog/rsyslog.conf
+    - rsyslog/rsyslog.conf.default
 
   notify:
   - restart rsyslog
@@ -116,11 +116,9 @@
   - config
 
 - name: add rsyslog config to /etc/rsyslog.d
-  copy: src={{ item }} dest=/etc/rsyslog.d/{{ item }} mode=644
-  with_items:
-   - rsyslog/rsyslog-audit.conf
-   - rsyslog/rsyslog-disablerate.conf
-   - rsyslog/rsyslog-log02.conf
+  copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644
+  with_fileglob:
+   - rsyslog/*.conf
   tags:
   - rsyslogd
   - config

From 9d77ed603e5b900d00deebe80e6d574dd0611062 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 18:04:30 +0000
Subject: [PATCH 36/58] Notify rsyslog on adding new rsyslog.d snippets.

---
 roles/base/tasks/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 2f934b61e3..e99050fa91 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -119,6 +119,8 @@
   copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644
   with_fileglob:
    - rsyslog/*.conf
+  notify:
+  - restart rsyslog
   tags:
   - rsyslogd
   - config

From 0542974bab461012db26e87486b4f0df2e2b55c0 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 18:04:45 +0000
Subject: [PATCH 37/58] Try this on conditionals.

---
 tasks/koji/base_builder.yml          | 2 +-
 tasks/koji/builder_kernel_config.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
index 18dc8c656a..bf08f6aa9e 100644
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@@ -109,7 +109,7 @@
 
 - name: run netapp route
   command: /etc/sysconfig/network-scripts/ifup-routes eth1
-  when: netapproute.stdout.find('10.5.88.0') != -1
+  when: netapproute.stdout.find("10.5.88.0") != -1
 
 - name: nfs mount points
   action: mount name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
diff --git a/tasks/koji/builder_kernel_config.yml b/tasks/koji/builder_kernel_config.yml
index f9fc9aa5df..a16c7ea2fc 100644
--- a/tasks/koji/builder_kernel_config.yml
+++ b/tasks/koji/builder_kernel_config.yml
@@ -9,7 +9,7 @@
 
 - name: set kernel params for more loops
   action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64 
-  when: max_loop.stdout.find('max_loop=64') != -1
+  when: max_loop.stdout.find("max_loop=64") != -1
 
 - name: special pkgs for the x86_64 builders
   yum: state=installed pkg={{ item }}

From 5dd9b5f4a9440cc404555ae385e289b967b73b53 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 18:14:15 +0000
Subject: [PATCH 38/58] More tweaking to the buildvm tasks

---
 tasks/koji/base_builder.yml          | 7 +++++--
 tasks/koji/builder_kernel_config.yml | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
index bf08f6aa9e..82814f7625 100644
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@@ -96,7 +96,10 @@
 - name: enable nfs-related services and run them
   action: service name={{ item }}  enabled=true state=started
   with_items:
-  - nfs
+  - rpcbind
+  - nfs-lock
+  - nfs-idmap
+  - nfs-mountd
 
 - name: route config for netapp network
   action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
@@ -109,7 +112,7 @@
 
 - name: run netapp route
   command: /etc/sysconfig/network-scripts/ifup-routes eth1
-  when: netapproute.stdout.find("10.5.88.0") != -1
+  when: netapproute.stdout.find("10.5.88.0") == -1
 
 - name: nfs mount points
   action: mount name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
diff --git a/tasks/koji/builder_kernel_config.yml b/tasks/koji/builder_kernel_config.yml
index a16c7ea2fc..b2b1ca31fc 100644
--- a/tasks/koji/builder_kernel_config.yml
+++ b/tasks/koji/builder_kernel_config.yml
@@ -9,7 +9,7 @@
 
 - name: set kernel params for more loops
   action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64 
-  when: max_loop.stdout.find("max_loop=64") != -1
+  when: max_loop.stdout.find("max_loop=64") == -1
 
 - name: special pkgs for the x86_64 builders
   yum: state=installed pkg={{ item }}

From 2d9e1d1f10101cf3404678b8315a09e45784fe49 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 18:19:23 +0000
Subject: [PATCH 39/58] rpcbind is static in f20, no need to enable it.

---
 tasks/koji/base_builder.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
index 82814f7625..85ea089454 100644
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@@ -96,7 +96,6 @@
 - name: enable nfs-related services and run them
   action: service name={{ item }}  enabled=true state=started
   with_items:
-  - rpcbind
   - nfs-lock
   - nfs-idmap
   - nfs-mountd

From 4ce16944b981ffdf968f421699e6141e25f891ef Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 18:45:57 +0000
Subject: [PATCH 40/58] More cleanup, audit and rsyslog

---
 tasks/koji/base_builder.yml | 4 ++--
 vars/Fedora.yml             | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
index 85ea089454..dd649a2614 100644
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@@ -40,7 +40,6 @@
 - name: clean up packages we do not need
   action: yum state=removed pkg={{ item }}
   with_items:
-    - audit
     - 'cronie\*'
 
 - name: add pkgs
@@ -54,6 +53,8 @@
     - kernel-firmware
     - ntp
     - ntpdate
+    - rsyslog
+    - audit
 
 - name: /etc/kojid/kojid.conf
   action: copy src="{{ files }}/kojibuilder/kojid.conf" dest=/etc/kojid/kojid.conf
@@ -61,7 +62,6 @@
   notify:
   - restart kojid
 
-
 - name: arm /etc/kojid/kojid.conf
   action: copy src="{{ files }}/kojibuilder/arm-kojid.conf" dest=/etc/kojid/kojid.conf
   when: inventory_hostname.startswith(('arm01','arm03'))
diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index 42f54a6837..14ebc4cab1 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -3,4 +3,4 @@ dist_tag: f{{ ansible_distribution_version }}
 base_pkgs_inst: ['iptables-services' ]
 base_pkgs_erase: ['firewalld', 'PackageKit*', 'sendmail', 'at']
 service_disabled: [ ]
-service_enabled: [ ]
+service_enabled: ['iptables','audit']

From cf270b1f6ed97e47cee85dc8f62cf6dfd02c5c84 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 18:47:42 +0000
Subject: [PATCH 41/58] d it's got a d

---
 vars/Fedora.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index 14ebc4cab1..616b06a3bd 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -3,4 +3,4 @@ dist_tag: f{{ ansible_distribution_version }}
 base_pkgs_inst: ['iptables-services' ]
 base_pkgs_erase: ['firewalld', 'PackageKit*', 'sendmail', 'at']
 service_disabled: [ ]
-service_enabled: ['iptables','audit']
+service_enabled: ['iptables','auditd']

From e1b256394020735f4d1eb54ca4aaf7f4c25ae26b Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 19:12:29 +0000
Subject: [PATCH 42/58] Move base_builder task over to a new koji_builder role
 and clean up.

---
 playbooks/groups/bkernel.yml                  |   2 +-
 playbooks/groups/buildhw.yml                  |   8 +-
 playbooks/groups/buildvm.yml                  |   5 +-
 .../koji_builder/files}/arm-koji.conf         |   0
 .../koji_builder/files}/arm-kojid.conf        |   0
 .../files}/builder-infrastructure.repo        |   0
 .../files}/builders/bkernel-eth0-network      |   0
 .../files}/builders/bkernel-site-defaults.cfg |   0
 .../builders/fedora-branched-pungi-armhfp.cfg |   0
 .../builders/fedora-branched-pungi-i386.cfg   |   0
 .../builders/fedora-branched-pungi-x86_64.cfg |   0
 .../builders/fedora-rawhide-pungi-armhfp.cfg  |   0
 .../builders/fedora-rawhide-pungi-i386.cfg    |   0
 .../builders/fedora-rawhide-pungi-x86_64.cfg  |   0
 .../files}/builders/site-defaults.cfg         |   0
 .../koji_builder/files}/ftbfs_auth_keys       |   0
 .../koji_builder/files}/history_off.sh        |   0
 .../koji_builder/files}/idmapd.conf           |   0
 .../koji_builder/files}/koji.conf             |   0
 .../koji_builder/files}/kojid.conf            |   0
 .../koji_builder/files}/limits.conf           |   0
 .../koji_builder/files}/mock_auth_keys        |   0
 .../koji_builder/files}/root_auth_keys        |   0
 .../koji_builder/files}/route-eth1            |   0
 roles/koji_builder/tasks/main.yml             | 146 +++++++++++++++++
 tasks/koji/base_builder.yml                   | 147 ------------------
 26 files changed, 149 insertions(+), 159 deletions(-)
 rename {files/kojibuilder => roles/koji_builder/files}/arm-koji.conf (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/arm-kojid.conf (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builder-infrastructure.repo (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/bkernel-eth0-network (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/bkernel-site-defaults.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/fedora-branched-pungi-armhfp.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/fedora-branched-pungi-i386.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/fedora-branched-pungi-x86_64.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/fedora-rawhide-pungi-armhfp.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/fedora-rawhide-pungi-i386.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/fedora-rawhide-pungi-x86_64.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/builders/site-defaults.cfg (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/ftbfs_auth_keys (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/history_off.sh (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/idmapd.conf (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/koji.conf (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/kojid.conf (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/limits.conf (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/mock_auth_keys (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/root_auth_keys (100%)
 rename {files/kojibuilder => roles/koji_builder/files}/route-eth1 (100%)
 create mode 100644 roles/koji_builder/tasks/main.yml
 delete mode 100644 tasks/koji/base_builder.yml

diff --git a/playbooks/groups/bkernel.yml b/playbooks/groups/bkernel.yml
index 0d0ce58017..663f6ef836 100644
--- a/playbooks/groups/bkernel.yml
+++ b/playbooks/groups/bkernel.yml
@@ -14,9 +14,9 @@
 
   roles:
   - base
+  - koji_builder
 
   tasks:
-  - include: "{{ tasks }}/koji/base_builder.yml"
   - include: "{{ tasks }}/koji/builder_kernel_config.yml"
   - include: "{{ tasks }}/koji/bkernel-setup.yml"
 
diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index c15f185e47..ec756b50b1 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -15,18 +15,15 @@
 
   roles:
   - base
+  - koji_builder
 
   tasks:
   - include: "{{ tasks }}/yumrepos.yml"
   - include: "{{ tasks }}/hosts.yml"
-  - include: "{{ tasks }}/koji/base_builder.yml"
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
 
-  - name: restart kojid
-    action: service name=kojid state=restarted
-  
 - name: make koji builder(s) on raw hw
   hosts: buildhw
   user: root
@@ -47,6 +44,3 @@
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
-
-  - name: restart kojid
-    action: service name=kojid state=restarted
diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index ad4f6cb8bb..a6aff106fc 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -33,15 +33,12 @@
 
   roles:
   - base
+  - koji_builder
 
   tasks:
   - include: "{{ tasks }}/hosts.yml"
   - include: "{{ tasks }}/yumrepos.yml"
-  - include: "{{ tasks }}/koji/base_builder.yml"
   - include: "{{ tasks }}/koji/builder_kernel_config.yml"
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
-
-  - name: restart kojid
-    action: service name=kojid state=restarted
diff --git a/files/kojibuilder/arm-koji.conf b/roles/koji_builder/files/arm-koji.conf
similarity index 100%
rename from files/kojibuilder/arm-koji.conf
rename to roles/koji_builder/files/arm-koji.conf
diff --git a/files/kojibuilder/arm-kojid.conf b/roles/koji_builder/files/arm-kojid.conf
similarity index 100%
rename from files/kojibuilder/arm-kojid.conf
rename to roles/koji_builder/files/arm-kojid.conf
diff --git a/files/kojibuilder/builder-infrastructure.repo b/roles/koji_builder/files/builder-infrastructure.repo
similarity index 100%
rename from files/kojibuilder/builder-infrastructure.repo
rename to roles/koji_builder/files/builder-infrastructure.repo
diff --git a/files/kojibuilder/builders/bkernel-eth0-network b/roles/koji_builder/files/builders/bkernel-eth0-network
similarity index 100%
rename from files/kojibuilder/builders/bkernel-eth0-network
rename to roles/koji_builder/files/builders/bkernel-eth0-network
diff --git a/files/kojibuilder/builders/bkernel-site-defaults.cfg b/roles/koji_builder/files/builders/bkernel-site-defaults.cfg
similarity index 100%
rename from files/kojibuilder/builders/bkernel-site-defaults.cfg
rename to roles/koji_builder/files/builders/bkernel-site-defaults.cfg
diff --git a/files/kojibuilder/builders/fedora-branched-pungi-armhfp.cfg b/roles/koji_builder/files/builders/fedora-branched-pungi-armhfp.cfg
similarity index 100%
rename from files/kojibuilder/builders/fedora-branched-pungi-armhfp.cfg
rename to roles/koji_builder/files/builders/fedora-branched-pungi-armhfp.cfg
diff --git a/files/kojibuilder/builders/fedora-branched-pungi-i386.cfg b/roles/koji_builder/files/builders/fedora-branched-pungi-i386.cfg
similarity index 100%
rename from files/kojibuilder/builders/fedora-branched-pungi-i386.cfg
rename to roles/koji_builder/files/builders/fedora-branched-pungi-i386.cfg
diff --git a/files/kojibuilder/builders/fedora-branched-pungi-x86_64.cfg b/roles/koji_builder/files/builders/fedora-branched-pungi-x86_64.cfg
similarity index 100%
rename from files/kojibuilder/builders/fedora-branched-pungi-x86_64.cfg
rename to roles/koji_builder/files/builders/fedora-branched-pungi-x86_64.cfg
diff --git a/files/kojibuilder/builders/fedora-rawhide-pungi-armhfp.cfg b/roles/koji_builder/files/builders/fedora-rawhide-pungi-armhfp.cfg
similarity index 100%
rename from files/kojibuilder/builders/fedora-rawhide-pungi-armhfp.cfg
rename to roles/koji_builder/files/builders/fedora-rawhide-pungi-armhfp.cfg
diff --git a/files/kojibuilder/builders/fedora-rawhide-pungi-i386.cfg b/roles/koji_builder/files/builders/fedora-rawhide-pungi-i386.cfg
similarity index 100%
rename from files/kojibuilder/builders/fedora-rawhide-pungi-i386.cfg
rename to roles/koji_builder/files/builders/fedora-rawhide-pungi-i386.cfg
diff --git a/files/kojibuilder/builders/fedora-rawhide-pungi-x86_64.cfg b/roles/koji_builder/files/builders/fedora-rawhide-pungi-x86_64.cfg
similarity index 100%
rename from files/kojibuilder/builders/fedora-rawhide-pungi-x86_64.cfg
rename to roles/koji_builder/files/builders/fedora-rawhide-pungi-x86_64.cfg
diff --git a/files/kojibuilder/builders/site-defaults.cfg b/roles/koji_builder/files/builders/site-defaults.cfg
similarity index 100%
rename from files/kojibuilder/builders/site-defaults.cfg
rename to roles/koji_builder/files/builders/site-defaults.cfg
diff --git a/files/kojibuilder/ftbfs_auth_keys b/roles/koji_builder/files/ftbfs_auth_keys
similarity index 100%
rename from files/kojibuilder/ftbfs_auth_keys
rename to roles/koji_builder/files/ftbfs_auth_keys
diff --git a/files/kojibuilder/history_off.sh b/roles/koji_builder/files/history_off.sh
similarity index 100%
rename from files/kojibuilder/history_off.sh
rename to roles/koji_builder/files/history_off.sh
diff --git a/files/kojibuilder/idmapd.conf b/roles/koji_builder/files/idmapd.conf
similarity index 100%
rename from files/kojibuilder/idmapd.conf
rename to roles/koji_builder/files/idmapd.conf
diff --git a/files/kojibuilder/koji.conf b/roles/koji_builder/files/koji.conf
similarity index 100%
rename from files/kojibuilder/koji.conf
rename to roles/koji_builder/files/koji.conf
diff --git a/files/kojibuilder/kojid.conf b/roles/koji_builder/files/kojid.conf
similarity index 100%
rename from files/kojibuilder/kojid.conf
rename to roles/koji_builder/files/kojid.conf
diff --git a/files/kojibuilder/limits.conf b/roles/koji_builder/files/limits.conf
similarity index 100%
rename from files/kojibuilder/limits.conf
rename to roles/koji_builder/files/limits.conf
diff --git a/files/kojibuilder/mock_auth_keys b/roles/koji_builder/files/mock_auth_keys
similarity index 100%
rename from files/kojibuilder/mock_auth_keys
rename to roles/koji_builder/files/mock_auth_keys
diff --git a/files/kojibuilder/root_auth_keys b/roles/koji_builder/files/root_auth_keys
similarity index 100%
rename from files/kojibuilder/root_auth_keys
rename to roles/koji_builder/files/root_auth_keys
diff --git a/files/kojibuilder/route-eth1 b/roles/koji_builder/files/route-eth1
similarity index 100%
rename from files/kojibuilder/route-eth1
rename to roles/koji_builder/files/route-eth1
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
new file mode 100644
index 0000000000..faaa6cc6e7
--- /dev/null
+++ b/roles/koji_builder/tasks/main.yml
@@ -0,0 +1,146 @@
+#
+# This is a base koji_builder role. 
+#
+- name: set root passwd
+  user: name=root password={{ builder_rootpw }} state=present
+
+- name: add mock user as 425
+  used: name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
+
+- name: make mock homedir perms
+  file: state=directory path=/var/lib/mock mode=2775 owner=root group=mock
+
+- name: add mock ssh dir
+  file: state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
+
+- name: add mock ssh keys
+  copy: src=mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
+
+- name: add kojibuilder
+  user: name=kojibuilder groups=mock 
+
+- name: add mockbuilder
+  user: name=mockbuilder groups=mock
+
+- name: mockbuilder .ssh dir
+  file: state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
+
+- name: mockbuilder ssh key
+  copy: src=ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
+
+- name: make a bunch of dirs
+  file: state=directory path={{ item }}
+  with_items:
+    - /pub
+    - /mnt/fedora_koji
+    - /pub/fedora
+    - /pub/epel
+
+- name: add builder infra yum repo
+  copy: src=builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
+
+- name: clean up packages we do not need
+  yum: state=removed pkg={{ item }}
+  with_items:
+    - 'cronie\*'
+
+- name: add pkgs
+  yum: state=installed pkg={{ item }}
+  with_items:
+    - yum-utils
+    - koji-builder
+    - strace
+    - mock
+    - nfs-utils
+    - kernel-firmware
+    - ntp
+    - ntpdate
+    - rsyslog
+    - audit
+
+- name: /etc/kojid/kojid.conf
+  copy: src=kojid.conf dest=/etc/kojid/kojid.conf
+  when: not inventory_hostname.startswith(('arm01','arm03'))
+  notify:
+  - restart kojid
+
+- name: arm /etc/kojid/kojid.conf
+  copy: src=arm-kojid.conf dest=/etc/kojid/kojid.conf
+  when: inventory_hostname.startswith(('arm01','arm03'))
+  notify:
+  - restart kojid
+
+- name: /etc/koji/koji.conf
+  copy: src=koji.conf dest=/etc/koji.conf
+  when: not inventory_hostname.startswith(('arm01','arm03'))
+
+- name: /etc/koji/koji.conf
+  copy: src=arm-koji.conf dest=/etc/koji.conf
+  when: inventory_hostname.startswith(('arm01','arm03'))
+
+- name: copy over koji ca cert
+  copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
+
+- name: copy over /etc/security/limits.conf
+  copy: src=limits.conf dest=/etc/security/limits.conf
+
+- name: copy over builder cert to /etc/kojid/kojibuilder.pem
+  copy: src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600   
+
+# idmapd and make sure it's set to run
+- name: idmapd.conf
+  copy: src=idmapd.conf dest=/etc/idmapd.conf
+  tags:
+  - configs
+
+- name: route config for netapp network
+  copy: src=route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
+
+- name: check for netapp route
+  command: ip route show
+  register: netapproute
+  always_run: yes
+  changed_when: "1 != 1"
+
+- name: run netapp route
+  command: /etc/sysconfig/network-scripts/ifup-routes eth1
+  when: netapproute.stdout.find("10.5.88.0") == -1
+
+- name: nfs mount points
+  mount: name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
+  when: inventory_hostname.startswith('build')
+
+- name: make a mnt/koji link
+  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
+  when: inventory_hostname.startswith('build')
+
+# mock configs for pungify job
+- name: put extra special  mock configs in
+  copy: src=builders/{{ item }} dest="/etc/mock/{{ item }}" mode=644
+  with_items:
+    - fedora-branched-pungi-armhfp.cfg
+    - fedora-branched-pungi-i386.cfg
+    - fedora-branched-pungi-x86_64.cfg
+    - fedora-rawhide-pungi-i386.cfg
+    - fedora-rawhide-pungi-x86_64.cfg
+    - fedora-rawhide-pungi-armhfp.cfg
+
+- name: mock site-defaults.cfg
+  copy: src=builders/site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
+  when: not inventory_hostname.startswith('bkernel')
+
+- name: ntp steptickers
+  copy: src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
+
+- name: ntp.conf
+  copy: src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
+
+- name: enable services and start them
+  service: name={{ item }}  enabled=true state=started
+  with_items:
+  - iptables
+  - kojid
+  - ntpd
+  - nfs-lock
+  - nfs-idmap
+  - nfs-mountd
diff --git a/tasks/koji/base_builder.yml b/tasks/koji/base_builder.yml
deleted file mode 100644
index dd649a2614..0000000000
--- a/tasks/koji/base_builder.yml
+++ /dev/null
@@ -1,147 +0,0 @@
-- name: set root passwd
-  action: user name=root password={{ builder_rootpw }} state=present
-
-- name: add mock user as 425
-  action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
-
-- name: make mock homedir perms
-  action: file state=directory path=/var/lib/mock mode=2775 owner=root group=mock
-
-- name: add mock ssh dir
-  action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
-
-- name: add mock ssh keys
-  action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
-
-- name: add kojibuilder
-  action: user name=kojibuilder groups=mock 
-
-- name: add mockbuilder
-  action: user name=mockbuilder groups=mock
-
-- name: mockbuilder .ssh dir
-  action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
-
-- name: mockbuilder ssh key
-  action: copy src="{{ files }}/kojibuilder/ftbfs_auth_keys" dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
-
-- name: make a bunch of dirs
-  action: file state=directory path={{ item }}
-  with_items:
-    - /pub
-    - /mnt/fedora_koji
-    - /pub/fedora
-    - /pub/epel
-    - /var/spool/rsyslog
-
-- name: add builder infra yum repo
-  action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
-
-- name: clean up packages we do not need
-  action: yum state=removed pkg={{ item }}
-  with_items:
-    - 'cronie\*'
-
-- name: add pkgs
-  action: yum  state=installed pkg={{ item }}
-  with_items:
-    - yum-utils
-    - koji-builder
-    - strace
-    - mock
-    - nfs-utils
-    - kernel-firmware
-    - ntp
-    - ntpdate
-    - rsyslog
-    - audit
-
-- name: /etc/kojid/kojid.conf
-  action: copy src="{{ files }}/kojibuilder/kojid.conf" dest=/etc/kojid/kojid.conf
-  when: not inventory_hostname.startswith(('arm01','arm03'))
-  notify:
-  - restart kojid
-
-- name: arm /etc/kojid/kojid.conf
-  action: copy src="{{ files }}/kojibuilder/arm-kojid.conf" dest=/etc/kojid/kojid.conf
-  when: inventory_hostname.startswith(('arm01','arm03'))
-  notify:
-  - restart kojid
-
-- name: /etc/koji/koji.conf
-  action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
-  when: not inventory_hostname.startswith(('arm01','arm03'))
-
-- name: /etc/koji/koji.conf
-  action: copy src="{{ files }}/kojibuilder/arm-koji.conf" dest=/etc/koji.conf
-  when: inventory_hostname.startswith(('arm01','arm03'))
-
-- name: copy over koji ca cert
-  action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
-
-- name: copy over /etc/security/limits.conf
-  action: copy src="{{ files }}/kojibuilder/limits.conf" dest=/etc/security/limits.conf
-
-- name: copy over builder cert to /etc/kojid/kojibuilder.pem
-  action: copy src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600   
-
-- name: chkconfig kojid on and leave it running
-  action: service name=kojid enabled=on state=started
-
-# idmapd and make sure it's set to run
-- name: idmapd.conf
-  action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
-  tags:
-  - configs
-- name: enable nfs-related services and run them
-  action: service name={{ item }}  enabled=true state=started
-  with_items:
-  - nfs-lock
-  - nfs-idmap
-  - nfs-mountd
-
-- name: route config for netapp network
-  action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
-
-- name: check for netapp route
-  command: ip route show
-  register: netapproute
-  always_run: yes
-  changed_when: "1 != 1"
-
-- name: run netapp route
-  command: /etc/sysconfig/network-scripts/ifup-routes eth1
-  when: netapproute.stdout.find("10.5.88.0") == -1
-
-- name: nfs mount points
-  action: mount name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
-  when: inventory_hostname.startswith('build')
-
-- name: make a mnt/koji link
-  action: file state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
-  when: inventory_hostname.startswith('build')
-
-# mock configs for pungify job
-# TODO: restore this to "copy:", this is a temporary "fix" for https://github.com/ansible/ansible/issues/4377
-- name: put extra special  mock configs in
-  template: src="{{ files }}/kojibuilder/builders/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
-  with_items:
-    - fedora-branched-pungi-armhfp.cfg
-    - fedora-branched-pungi-i386.cfg
-    - fedora-branched-pungi-x86_64.cfg
-    - fedora-rawhide-pungi-i386.cfg
-    - fedora-rawhide-pungi-x86_64.cfg
-    - fedora-rawhide-pungi-armhfp.cfg
-
-- name: mock site-defaults.cfg
-  action: copy src="{{ files }}/kojibuilder/builders/site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
-  when: not inventory_hostname.startswith('bkernel')
-
-- name: ntp steptickers
-  action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
-
-- name: ntp.conf
-  action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
-
-- name: enable ntpd
-  action: service name=ntpd enabled=true state=started

From 18a98f6ed150c19887b96736ad8cd2e01405f311 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 19:14:03 +0000
Subject: [PATCH 43/58] FIx typo

---
 roles/koji_builder/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index faaa6cc6e7..94e23d31b2 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -5,7 +5,7 @@
   user: name=root password={{ builder_rootpw }} state=present
 
 - name: add mock user as 425
-  used: name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
+  user: name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
 
 - name: make mock homedir perms
   file: state=directory path=/var/lib/mock mode=2775 owner=root group=mock

From 0c3a84f8417b5485e94667b74ce30c57fda04900 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 19:24:19 +0000
Subject: [PATCH 44/58] Add kojid handler

---
 handlers/restart_services.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml
index 5fdb70786d..d0d895aa63 100644
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@@ -29,6 +29,9 @@
 - name: restart jenkins
   action: service name=jenkins state=restarted
 
+- name: restart kojid
+  action: service name=kojid state=restarted
+
 - name: restart libvirtd
   action: service name=libvirtd state=restarted
 

From 1ec4410d432e4411fb753cb299e3361c42315a83 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 19:29:37 +0000
Subject: [PATCH 45/58] Drop some iptables restarting thats not needed.

---
 roles/koji_builder/tasks/main.yml | 1 -
 vars/Fedora.yml                   | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index 94e23d31b2..a191d9e521 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -138,7 +138,6 @@
 - name: enable services and start them
   service: name={{ item }}  enabled=true state=started
   with_items:
-  - iptables
   - kojid
   - ntpd
   - nfs-lock
diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index 616b06a3bd..f60970d117 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -3,4 +3,4 @@ dist_tag: f{{ ansible_distribution_version }}
 base_pkgs_inst: ['iptables-services' ]
 base_pkgs_erase: ['firewalld', 'PackageKit*', 'sendmail', 'at']
 service_disabled: [ ]
-service_enabled: ['iptables','auditd']
+service_enabled: ['auditd']

From f1e5089967699352c5297748141bc4e9628c1654 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 19:39:56 +0000
Subject: [PATCH 46/58] Move kojid restart to after hosts file setup task

---
 playbooks/groups/buildvm.yml      | 3 +++
 roles/koji_builder/tasks/main.yml | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index a6aff106fc..cf6db7997e 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -40,5 +40,8 @@
   - include: "{{ tasks }}/yumrepos.yml"
   - include: "{{ tasks }}/koji/builder_kernel_config.yml"
 
+  - name: restart kojid
+    action: service name=kojid state=restarted
+
   handlers:
   - include: "{{ handlers }}/restart_services.yml"
diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index a191d9e521..b83b3c9861 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -138,7 +138,6 @@
 - name: enable services and start them
   service: name={{ item }}  enabled=true state=started
   with_items:
-  - kojid
   - ntpd
   - nfs-lock
   - nfs-idmap

From f2799983ecdb2c2cd54bfc8457e41840b06b78cc Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sat, 25 Jan 2014 19:42:21 +0000
Subject: [PATCH 47/58] Change this to just running.

---
 playbooks/groups/buildvm.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/playbooks/groups/buildvm.yml b/playbooks/groups/buildvm.yml
index cf6db7997e..0222f61859 100644
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@@ -40,8 +40,8 @@
   - include: "{{ tasks }}/yumrepos.yml"
   - include: "{{ tasks }}/koji/builder_kernel_config.yml"
 
-  - name: restart kojid
-    action: service name=kojid state=restarted
+  - name: make sure kojid is running
+    action: service name=kojid state=running
 
   handlers:
   - include: "{{ handlers }}/restart_services.yml"

From 1a7fefbe68bd9a1f6f41fd00d51aa0e066483043 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 26 Jan 2014 01:10:38 +0000
Subject: [PATCH 48/58] Fix typo with arm repos

---
 tasks/yumrepos.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/yumrepos.yml b/tasks/yumrepos.yml
index f3af6f7def..f92af0a840 100644
--- a/tasks/yumrepos.yml
+++ b/tasks/yumrepos.yml
@@ -21,7 +21,7 @@
   - packages
 
 - name: put fedora repos on arm systems
-  action: copy src="{{ files }}/common/{{ item-arm }}" dest="/etc/yum.repos.d/{{ item }}"
+  action: copy src="{{ files }}/common/{{ item }}-arm" dest="/etc/yum.repos.d/{{ item }}"
   with_items:
   - fedora.repo
   - fedora-updates.repo

From 28c71b250103092c1b5e0d41f779aeac4baf2866 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 26 Jan 2014 01:30:36 +0000
Subject: [PATCH 49/58] Exclude arm here too.

---
 roles/base/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index e99050fa91..1f1e39948c 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -32,7 +32,7 @@
   user: name=root password={{ rootpw }} state=present
   tags:
   - rootpw
-  when: not (inventory_hostname.startswith('build') or inventory_hostname.startswith('releng'))
+  when: not (inventory_hostname.startswith('build') or inventory_hostname.startswith('releng')) or inventory_hostname.startswith('arm')
 
 - name: add ansible root key 
   authorized_key: user=root key="{{ item }}"

From b02fc093b264a170ecb4e9c98484aa4fd05ea828 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 26 Jan 2014 01:36:43 +0000
Subject: [PATCH 50/58] Move ) to the right place.

---
 roles/base/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 1f1e39948c..b46dca12bc 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -32,7 +32,7 @@
   user: name=root password={{ rootpw }} state=present
   tags:
   - rootpw
-  when: not (inventory_hostname.startswith('build') or inventory_hostname.startswith('releng')) or inventory_hostname.startswith('arm')
+  when: not (inventory_hostname.startswith('build') or inventory_hostname.startswith('releng') or inventory_hostname.startswith('arm'))
 
 - name: add ansible root key 
   authorized_key: user=root key="{{ item }}"

From 46e456de79dac087ce279c0847eb8ef54661c0ef Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Sun, 26 Jan 2014 01:57:30 +0000
Subject: [PATCH 51/58] Dont add netapp route on arm machines.

---
 roles/koji_builder/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/koji_builder/tasks/main.yml b/roles/koji_builder/tasks/main.yml
index b83b3c9861..ffa95265d9 100644
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@@ -104,7 +104,7 @@
 
 - name: run netapp route
   command: /etc/sysconfig/network-scripts/ifup-routes eth1
-  when: netapproute.stdout.find("10.5.88.0") == -1
+  when: netapproute.stdout.find("10.5.88.0") == -1 and not inventory_hostname.startswith('arm')
 
 - name: nfs mount points
   mount: name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted

From 7461ae98702edc7f7ad48ad58d55ac7e8b30cac7 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 27 Jan 2014 16:37:42 +0000
Subject: [PATCH 52/58] Gross hack for now until I figure a better way to share
 this

---
 tasks/koji/releng_config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/koji/releng_config.yml b/tasks/koji/releng_config.yml
index 34ece6ad82..7a5cb3f087 100644
--- a/tasks/koji/releng_config.yml
+++ b/tasks/koji/releng_config.yml
@@ -8,7 +8,7 @@
 - name: add mock ssh dir
   action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
 - name: add mock ssh keys
-  action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
+  action: copy src="{{ files }}/../roles/koji_builder/files//mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
 
 - name: add ftpsync group
   action: group name=ftpsync gid=263 system=yes state=present

From 5e73d51832a124922a9748af9e0788e7110a9576 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 27 Jan 2014 16:57:37 +0000
Subject: [PATCH 53/58] More hackery

---
 tasks/koji/releng_config.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tasks/koji/releng_config.yml b/tasks/koji/releng_config.yml
index 7a5cb3f087..9f20f0433d 100644
--- a/tasks/koji/releng_config.yml
+++ b/tasks/koji/releng_config.yml
@@ -67,7 +67,7 @@
   action: file src=/mnt/fedora_koji/compose/cache dest=/srv/pungi/cache  state=link
 
 - name: add builder infra yum repo
-  action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
+  action: copy src="{{ files }}/../roles/koji_builder/files/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
   tags:
   - configs
 
@@ -93,7 +93,7 @@
     - pykickstart
 
 - name: /etc/koji/koji.conf
-  action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
+  action: copy src="{{ files }}//../roles/koji_builder/files/koji.conf" dest=/etc/koji.conf
 
 
 # mock configs
@@ -109,7 +109,7 @@
 
 # idmapd and make sure it's set to run
 - name: idmapd.conf
-  action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
+  action: copy src="{{ files }}/../roles/koji_builder/files//idmapd.conf" dest=/etc/idmapd.conf
   tags:
   - configs
 
@@ -123,7 +123,7 @@
 
 
 - name: route to netapp network
-  action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
+  action: copy src="{{ files }}/../roles/koji_builder/files/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
   notify:
   - restart netapproute
 

From 68be0f0f3c361e0c247608dcf46c781933152680 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 27 Jan 2014 23:57:45 +0000
Subject: [PATCH 54/58] Drop accel from buildhw, the arm network isn't allowing
 it.

---
 playbooks/groups/buildhw.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/playbooks/groups/buildhw.yml b/playbooks/groups/buildhw.yml
index ec756b50b1..be85d288d8 100644
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@@ -6,7 +6,6 @@
   hosts: buildhw;buildppc;buildarm
   user: root
   gather_facts: True
-  accellerate: True
 
   vars_files: 
    - /srv/web/infra/ansible/vars/global.yml
@@ -28,7 +27,6 @@
   hosts: buildhw
   user: root
   gather_facts: True
-  accellerate: True
 
   vars_files: 
    - /srv/web/infra/ansible/vars/global.yml

From 79773578b5d9f613dec53721d676dd80803af344 Mon Sep 17 00:00:00 2001
From: "janez.nemanic" <janez.nemanic@gmail.com>
Date: Mon, 27 Jan 2014 19:55:41 +0000
Subject: [PATCH 55/58] Add pyflakes parser to jenkins

---
 ...son.plugins.warnings.WarningsPublisher.xml | 24 +++++++++++++++++++
 playbooks/groups/jenkins-cloud.yml            |  2 ++
 2 files changed, 26 insertions(+)
 create mode 100644 files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml

diff --git a/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml b/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml
new file mode 100644
index 0000000000..130e516828
--- /dev/null
+++ b/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml
@@ -0,0 +1,24 @@
+hudson.plugins.warnings.WarningsPublisher.xml
+=============================================
+<?xml version='1.0' encoding='UTF-8'?>
+<!-- plugin requested by user rholy (ticket #4175) -->
+<hudson.plugins.warnings.WarningsDescriptor plugin="warnings@4.38">
+  <groovyParsers>
+    <hudson.plugins.warnings.GroovyParser>
+      <name>pyflakes</name>
+      <regexp>^(.*):([0-9]*):(.*)$</regexp>
+      <script>import hudson.plugins.warnings.parser.Warning
+      import hudson.plugins.analysis.util.model.Priority
+
+      String fileName = matcher.group(1)
+      String category = &quot;PyFlakes Error&quot;
+      String lineNumber = matcher.group(2)
+      String message = matcher.group(3)
+
+      return new Warning(fileName, Integer.parseInt(lineNumber), category, &quot;PyFlakes Parser&quot;, message, Priority.NORMAL);</script>
+      <example></example>
+      <linkName>https://pypi.python.org/pypi/pyflakes</linkName>
+      <trendName>pyflakes errors</trendName>
+    </hudson.plugins.warnings.GroovyParser>
+  </groovyParsers>
+</hudson.plugins.warnings.WarningsDescriptor>
diff --git a/playbooks/groups/jenkins-cloud.yml b/playbooks/groups/jenkins-cloud.yml
index 21d55b87b8..7b6b5e748c 100644
--- a/playbooks/groups/jenkins-cloud.yml
+++ b/playbooks/groups/jenkins-cloud.yml
@@ -224,6 +224,7 @@
     - asciidoc           # Required by javapackages-tools
     - xmlto              # Required by javapackages-tools
     - pycairo-devel      # Required by dogtail
+    - pyflakes           # Requested by user rholy (ticket #4175)
     tags:
     - packages
 
@@ -299,6 +300,7 @@
     - lvm2
     - sshpass           # End requires for Cockpit
     - tito              # Requested by msrb for javapackages-tools and xmvn (ticket#4113)
+    - pyflakes          # Requested by user rholy (ticket #4175)
     tags:
     - packages
 

From e05439c3c657de6b68464cadc0244ec0cd8efd6d Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 28 Jan 2014 18:51:52 +0000
Subject: [PATCH 56/58] Add fedocal fedmsg endpoints.

---
 roles/fedmsg_base/tasks/main.yml              |  1 +
 .../templates/endpoints-fedocal.py.j2         | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 roles/fedmsg_base/templates/endpoints-fedocal.py.j2

diff --git a/roles/fedmsg_base/tasks/main.yml b/roles/fedmsg_base/tasks/main.yml
index e2d73fca73..9b47e9f28b 100644
--- a/roles/fedmsg_base/tasks/main.yml
+++ b/roles/fedmsg_base/tasks/main.yml
@@ -19,6 +19,7 @@
   with_items:
   - ssl.py
   - endpoints.py
+  - endpoints-fedocal.py
   - endpoints-fedbadges.py
   - endpoints-nuancier.py
   - endpoints-mailman.py
diff --git a/roles/fedmsg_base/templates/endpoints-fedocal.py.j2 b/roles/fedmsg_base/templates/endpoints-fedocal.py.j2
new file mode 100644
index 0000000000..f213dcc25d
--- /dev/null
+++ b/roles/fedmsg_base/templates/endpoints-fedocal.py.j2
@@ -0,0 +1,20 @@
+{% if env == 'staging' %}
+suffix  = 'stg.phx2.fedoraproject.org'
+{% else %}
+suffix = 'phx2.fedoraproject.org'
+{% endif %}
+
+config = dict(
+    endpoints={
+        "fedocal.fedocal01": [
+            "tcp://fedocal01.%s:30%02i" % (suffix, i)
+            for i in range(2)
+        ],
+{% if env != 'staging' %}
+        "fedocal.fedocal02": [
+            "tcp://fedocal02.%s:30%02i" % (suffix, i)
+            for i in range(2)
+        ],
+{% endif %}
+    },
+)

From 091a117c4f63e9655a7f3dafefa3868b855ffa6a Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 28 Jan 2014 19:51:26 +0000
Subject: [PATCH 57/58] A custom selinux module for fedmsg.

---
 roles/fedmsg_base/files/selinux/fedmsg.mod | Bin 0 -> 903 bytes
 roles/fedmsg_base/files/selinux/fedmsg.pp  | Bin 0 -> 919 bytes
 roles/fedmsg_base/files/selinux/fedmsg.te  |  11 +++++++++++
 roles/fedmsg_base/tasks/main.yml           |  12 ++++++++++++
 4 files changed, 23 insertions(+)
 create mode 100644 roles/fedmsg_base/files/selinux/fedmsg.mod
 create mode 100644 roles/fedmsg_base/files/selinux/fedmsg.pp
 create mode 100644 roles/fedmsg_base/files/selinux/fedmsg.te

diff --git a/roles/fedmsg_base/files/selinux/fedmsg.mod b/roles/fedmsg_base/files/selinux/fedmsg.mod
new file mode 100644
index 0000000000000000000000000000000000000000..13953aa520e4f9bdb87bf6f34c71cda5aec5b365
GIT binary patch
literal 903
zcmb`F%?`mp6orp}vEUUvf$#=4cC0)=gHEZ?icZ7AD|lcla+s5hM#aLHOlErTxp!_e
z=X$@~dI08={xnYVbAOhG`OZ`UbO2NUwDF<|ATr@TTh{=L2E(yS_^^Ph?t=Q}PNH~c
z8cuUM#@0x{TO>-CTeGsk(Z8VVOgJr9*Y!|O;@2&bGzsD)4Na5<w&kkI)EjFLVPKzK
zzMygqPZT2@fJ=D}s<=;4C%yjzM7@<4zV4S^MGYU76#Iy>IOiz#(rjfl|BC+$&P&JA
cojm)C#*`uXcFM_c@1|0gI}PSc<cB};07gAAc>n+a

literal 0
HcmV?d00001

diff --git a/roles/fedmsg_base/files/selinux/fedmsg.pp b/roles/fedmsg_base/files/selinux/fedmsg.pp
new file mode 100644
index 0000000000000000000000000000000000000000..7620bdf0fd5e285f11443040ad35d048a52801cd
GIT binary patch
literal 919
zcmb_aOAY}+6fA$Sz!984xPgrwD+ichdKh6wXkp<B;=ER*=t|neh=ocz-Sb|(>Y8+2
z@8??q09PBp<$k`k08ECRQJfr3opBl-)}{!c;b?WdPz4Z~aI;^O0Q9@Pfou4XcG(s6
z&7FwiwW&Da<1V&F1l}T2I$N2!4R-zod1r!dxtdNxnuI?$P0}QYlQcBZKCm@6mB(IM
zyA1>TRQUpp%RHePK?7Xs)2Qk`vOMwqA0VWyzToqI(aLi8s6<vr$g9&wR!iRUX8u+G
h7wDIXWjcBG7lWxl^6k`9;NC-}E_VjZg~%^|!UIvKG>!lO

literal 0
HcmV?d00001

diff --git a/roles/fedmsg_base/files/selinux/fedmsg.te b/roles/fedmsg_base/files/selinux/fedmsg.te
new file mode 100644
index 0000000000..ba2a3c12ff
--- /dev/null
+++ b/roles/fedmsg_base/files/selinux/fedmsg.te
@@ -0,0 +1,11 @@
+
+module fedmsg 1.0;
+
+require {
+	type anon_inodefs_t;
+	type httpd_t;
+	class file write;
+}
+
+#============= httpd_t ==============
+allow httpd_t anon_inodefs_t:file write;
diff --git a/roles/fedmsg_base/tasks/main.yml b/roles/fedmsg_base/tasks/main.yml
index 9b47e9f28b..d97e30cd16 100644
--- a/roles/fedmsg_base/tasks/main.yml
+++ b/roles/fedmsg_base/tasks/main.yml
@@ -70,3 +70,15 @@
   when: fedmsg_certs != []
   tags:
   - config
+
+# Three tasks for handling our custom selinux module
+- name: ensure a directory exists for our custom selinux module
+  file: dest=/usr/local/share/fedmsg state=directory
+
+- name: copy over our custom selinux module
+  copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
+  register: selinux_module
+
+- name: install our custom selinux module
+  command: semanage -i /usr/local/share/fedmsg/fedmsg.pp
+  when: selinux_module|changed

From eb66da624b10f9c58f0d65e4700daf20b6894bf2 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Tue, 28 Jan 2014 19:57:21 +0000
Subject: [PATCH 58/58] s/semanage/semodule/

---
 roles/fedmsg_base/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/fedmsg_base/tasks/main.yml b/roles/fedmsg_base/tasks/main.yml
index d97e30cd16..11afc58fc7 100644
--- a/roles/fedmsg_base/tasks/main.yml
+++ b/roles/fedmsg_base/tasks/main.yml
@@ -80,5 +80,5 @@
   register: selinux_module
 
 - name: install our custom selinux module
-  command: semanage -i /usr/local/share/fedmsg/fedmsg.pp
+  command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
   when: selinux_module|changed