Merge branch 'master' of /git/ansible

2014-01-29 01:10:40 +00:00 · 2014-01-29 01:10:40 +00:00 · 3dad76a61e
commit 3dad76a61e
parent 14dc12d5c9 eb66da624b
105 changed files with 702 additions and 530 deletions
--- a/callback_plugins/logdetail.py
+++ b/callback_plugins/logdetail.py
@ -93,7 +93,7 @@ class LogMech(object):
        if self.playbook_id == 'ansible-cmd':
            res['task_userid'] = getlogin()
        for k in ("delegate_to", "environment", "first_available_file",
-                  "local_action", "notified_by", "notify", "only_if",
+                  "local_action", "notified_by", "notify",
                  "register", "sudo", "sudo_user", "tags",
                  "transport", "when"):
            v = getattr(task, k, None)
--- a/files/copr/provision/files/mock/epel-5-i386.cfg
+++ b/files/copr/provision/files/mock/epel-5-i386.cfg
@ -5,6 +5,7 @@ config_opts['chroot_setup_cmd'] = 'install buildsys-build'
 config_opts['dist'] = 'el5'  # only useful for --resultdir variable subst
 if not config_opts.has_key('macros'):  config_opts['macros'] = {}
 config_opts['macros']['%__arch_install_post'] = '%{nil}'
+config_opts['releasever'] = '5'

 config_opts['yum.conf'] = """
 [main]
--- a/files/copr/provision/files/mock/epel-5-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-5-x86_64.cfg
@ -5,6 +5,7 @@ config_opts['chroot_setup_cmd'] = 'install buildsys-build'
 config_opts['dist'] = 'el5'  # only useful for --resultdir variable subst
 if not config_opts.has_key('macros'):  config_opts['macros'] = {}
 config_opts['macros']['%__arch_install_post'] = '%{nil}'
+config_opts['releasever'] = '5'

 config_opts['yum.conf'] = """
 [main]
--- a/files/copr/provision/files/mock/epel-7-x86_64.cfg
+++ b/files/copr/provision/files/mock/epel-7-x86_64.cfg
@ -11,6 +11,7 @@ config_opts['macros']['%rhel'] = '7'
 config_opts['macros']['%el7'] = '1'
 config_opts['macros']['%_topdir'] = '/builddir/build'
 config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'
+config_opts['releasever'] = '7'

 config_opts['plugin_conf']['root_cache_enable'] = False
 config_opts['plugin_conf']['yum_cache_enable'] = False
--- a/files/copr/provision/files/mock/fedora-20-i386.cfg
+++ b/files/copr/provision/files/mock/fedora-20-i386.cfg
@ -3,6 +3,7 @@ config_opts['target_arch'] = 'i686'
 config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
 config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
 config_opts['dist'] = 'fc20'  # only useful for --resultdir variable subst
+config_opts['releasever'] = '20'

 config_opts['yum.conf'] = """
 [main]
--- a/files/copr/provision/files/mock/fedora-20-x86_64.cfg
+++ b/files/copr/provision/files/mock/fedora-20-x86_64.cfg
@ -3,6 +3,7 @@ config_opts['target_arch'] = 'x86_64'
 config_opts['legal_host_arches'] = ('x86_64',)
 config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build'
 config_opts['dist'] = 'fc20'  # only useful for --resultdir variable subst
+config_opts['releasever'] = '20'

 config_opts['yum.conf'] = """
 [main]
--- a/files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-backend01.phx2.fedoraproject.org-hosts
@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-backend01.stg.phx2.fedoraproject.org-hosts
@ -9,3 +9,4 @@
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg

 10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/notifs-web01.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web01.phx2.fedoraproject.org-hosts
@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web01.stg.phx2.fedoraproject.org-hosts
@ -9,3 +9,4 @@
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg

 10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
--- a/files/hosts/notifs-web02.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web02.phx2.fedoraproject.org-hosts
@ -0,0 +1,6 @@
+127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+10.5.126.52     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy5 proxy01 proxy02 proxy03 proxy04 proxy05 fedoraproject.org
+10.5.126.23     infrastructure.fedoraproject.org
+10.5.126.71     db-notifs       db-notifs
+10.5.126.109    db-datanommer   db-datanommer
--- a/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
+++ b/files/hosts/notifs-web02.stg.phx2.fedoraproject.org-hosts
@ -9,3 +9,4 @@
 10.5.126.81     memcached03 memcached03.stg app01 app01.stg

 10.5.126.85     db-notifs       db-notifs
+10.5.126.85     db-datanommer       db-datanommer
--- a/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml
+++ b/files/jenkins/master/hudson.plugins.warnings.WarningsPublisher.xml
@ -0,0 +1,24 @@
+hudson.plugins.warnings.WarningsPublisher.xml
+=============================================
+<?xml version='1.0' encoding='UTF-8'?>
+<!-- plugin requested by user rholy (ticket #4175) -->
+<hudson.plugins.warnings.WarningsDescriptor plugin="warnings@4.38">
+  <groovyParsers>
+    <hudson.plugins.warnings.GroovyParser>
+      <name>pyflakes</name>
+      <regexp>^(.*):([0-9]*):(.*)$</regexp>
+      <script>import hudson.plugins.warnings.parser.Warning
+      import hudson.plugins.analysis.util.model.Priority
+
+      String fileName = matcher.group(1)
+      String category = &quot;PyFlakes Error&quot;
+      String lineNumber = matcher.group(2)
+      String message = matcher.group(3)
+
+      return new Warning(fileName, Integer.parseInt(lineNumber), category, &quot;PyFlakes Parser&quot;, message, Priority.NORMAL);</script>
+      <example></example>
+      <linkName>https://pypi.python.org/pypi/pyflakes</linkName>
+      <trendName>pyflakes errors</trendName>
+    </hudson.plugins.warnings.GroovyParser>
+  </groovyParsers>
+</hudson.plugins.warnings.WarningsDescriptor>
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@ -29,6 +29,9 @@
 - name: restart jenkins
  action: service name=jenkins state=restarted

+- name: restart kojid
+  action: service name=kojid state=restarted
+
 - name: restart libvirtd
  action: service name=libvirtd state=restarted

--- a/inventory/group_vars/buildvm
+++ b/inventory/group_vars/buildvm
@ -3,8 +3,8 @@
 lvm_size: 150000
 mem_size: 6144
 num_cpus: 5
-ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora
-ks_repo: http://10.5.126.23/pub/fedora/linux/releases/19/Fedora/x86_64/os/
+ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-20
+ks_repo: http://10.5.126.23/pub/fedora/linux/releases/20/Fedora/x86_64/os/
 nm: 255.255.255.0
 gw: 10.5.125.254
 eth1_gw: 10.5.127.254
--- a/inventory/group_vars/kernel-qa
+++ b/inventory/group_vars/kernel-qa
@ -1,6 +1,5 @@
 ---
 freezes: true
 resolvconf: "{{ files }}/resolv.conf/phx2"
-rsyslogconf: "{{ files }}/rsyslog/rsyslog.conf.phx2"
 fas_client_groups: sysadmin-kernel
 sudoers: "{{ private }}/files/sudo/kernel-qa"
--- a/inventory/group_vars/notifs-backend
+++ b/inventory/group_vars/notifs-backend
@ -0,0 +1,10 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
--- a/inventory/group_vars/notifs-web
+++ b/inventory/group_vars/notifs-web
@ -0,0 +1,12 @@
+---
+# Define resources for this group of hosts here. 
+lvm_size: 20000
+mem_size: 1024
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443 ]
+
+fas_client_groups: sysadmin-noc,sysadmin-datanommer
--- a/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org
+++ b/inventory/host_vars/notifs-backend01.phx2.fedoraproject.org
@ -0,0 +1,14 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+
+eth0_ip: 10.5.126.168
+
+volgroup: /dev/vg_virthost09
+vmhost: virthost09.phx2.fedoraproject.org
+
+datacenter: phx2
--- a/inventory/host_vars/notifs-web01.phx2.fedoraproject.org
+++ b/inventory/host_vars/notifs-web01.phx2.fedoraproject.org
@ -0,0 +1,14 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+
+eth0_ip: 10.5.126.103
+
+volgroup: /dev/vg_virthost04
+vmhost: virthost04.phx2.fedoraproject.org
+
+datacenter: phx2
--- a/inventory/host_vars/notifs-web02.phx2.fedoraproject.org
+++ b/inventory/host_vars/notifs-web02.phx2.fedoraproject.org
@ -0,0 +1,14 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+
+eth0_ip: 10.5.126.119
+
+volgroup: /dev/vg_virthost06
+vmhost: virthost06.phx2.fedoraproject.org
+
+datacenter: phx2
--- a/inventory/inventory
+++ b/inventory/inventory
@ -158,7 +158,7 @@ collab03.fedoraproject.org
 collab04.fedoraproject.org

 [releng]
-releng01.phx2.fedoraproject.org
+#releng01.phx2.fedoraproject.org
 releng02.phx2.fedoraproject.org
 releng04.phx2.fedoraproject.org
 relepel01.phx2.fedoraproject.org
@ -258,9 +258,16 @@ lockbox-comm01.qa.fedoraproject.org
 noc01.phx2.fedoraproject.org
 noc02.fedoraproject.org

+[notifs-backend]
+notifs-backend01.phx2.fedoraproject.org
+
 [notifs-backend-stg]
 notifs-backend01.stg.phx2.fedoraproject.org

+[notifs-web]
+notifs-web01.phx2.fedoraproject.org
+notifs-web02.phx2.fedoraproject.org
+
 [notifs-web-stg]
 notifs-web01.stg.phx2.fedoraproject.org
 notifs-web02.stg.phx2.fedoraproject.org
--- a/playbooks/groups/arm-packager.yml
+++ b/playbooks/groups/arm-packager.yml
@ -12,10 +12,10 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - fas_client

  tasks:
  # this is how you include other task lists
--- a/playbooks/groups/arm-qa.yml
+++ b/playbooks/groups/arm-qa.yml
@ -12,10 +12,10 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - fas_client

  tasks:
  # this is how you include other task lists
--- a/playbooks/groups/arm-releng.yml
+++ b/playbooks/groups/arm-releng.yml
@ -12,11 +12,11 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
+  - base
+  - fas_client
+  - rkhunter
+  - denyhosts
+  - nagios_client

  tasks:
  # this is how you include other task lists
--- a/playbooks/groups/ask.yml
+++ b/playbooks/groups/ask.yml
@ -28,13 +28,13 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
-  - /srv/web/infra/ansible/roles/ask
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - ask
+  - fedmsg_base

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/backup-server.yml
+++ b/playbooks/groups/backup-server.yml
@ -15,11 +15,11 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/badges-backend.yml
+++ b/playbooks/groups/badges-backend.yml
@ -32,12 +32,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base

  tasks:
  - include: "{{ tasks }}/hosts.yml"
@ -58,8 +58,8 @@
  accelerate: True

  roles:
-  - /srv/web/infra/ansible/roles/fedmsg-hub
-  - /srv/web/infra/ansible/roles/badges-backend
+  - fedmsg-hub
+  - badges-backend

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
--- a/playbooks/groups/badges-web.yml
+++ b/playbooks/groups/badges-web.yml
@ -32,13 +32,13 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/badges-frontend
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - badges-frontend
+  - fedmsg_base

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/beaker.yml
+++ b/playbooks/groups/beaker.yml
@ -29,11 +29,11 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client

  tasks:
  # this is how you include other task lists
--- a/playbooks/groups/bkernel.yml
+++ b/playbooks/groups/bkernel.yml
@ -13,10 +13,10 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
+  - base
+  - koji_builder

  tasks:
-  - include: "{{ tasks }}/koji/base_builder.yml"
  - include: "{{ tasks }}/koji/builder_kernel_config.yml"
  - include: "{{ tasks }}/koji/bkernel-setup.yml"

--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@ -6,7 +6,6 @@
  hosts: buildhw;buildppc;buildarm
  user: root
  gather_facts: True
-  accellerate: True

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
@ -14,24 +13,20 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
+  - base
+  - koji_builder

  tasks:
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/hosts.yml"
-  - include: "{{ tasks }}/koji/base_builder.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

-  - name: restart kojid
-    action: service name=kojid state=restarted
-  
 - name: make koji builder(s) on raw hw
  hosts: buildhw
  user: root
  gather_facts: True
-  accellerate: True

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
@ -39,7 +34,7 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
+  - base

  tasks:
  - include: "{{ tasks }}/hosts.yml"
@ -47,6 +42,3 @@

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
-
-  - name: restart kojid
-    action: service name=kojid state=restarted
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@ -32,15 +32,16 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
+  - base
+  - koji_builder

  tasks:
  - include: "{{ tasks }}/hosts.yml"
-  - include: "{{ tasks }}/koji/base_builder.yml"
+  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/koji/builder_kernel_config.yml"

+  - name: make sure kojid is running
+    action: service name=kojid state=running
+
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
-
-  - name: restart kojid
-    action: service name=kojid state=restarted
--- a/playbooks/groups/docs-backend.yml
+++ b/playbooks/groups/docs-backend.yml
@ -25,12 +25,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/yum-cron
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - yum-cron

  tasks:
  # this is how you include other task lists
--- a/playbooks/groups/elections.yml
+++ b/playbooks/groups/elections.yml
@ -27,11 +27,11 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/fedocal.yml
+++ b/playbooks/groups/fedocal.yml
@ -32,11 +32,11 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client

  tasks:
  - include: "{{ tasks }}/hosts.yml"
@ -64,7 +64,7 @@
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - fedmsg_base

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
@ -81,7 +81,7 @@
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
-  - /srv/web/infra/ansible/roles/fedocal
+  - fedocal

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/gallery.yml
+++ b/playbooks/groups/gallery.yml
@ -32,12 +32,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base

  tasks:
  - include: "{{ tasks }}/hosts.yml"
@ -62,7 +62,7 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/gallery
+  - gallery

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/jenkins-cloud.yml
+++ b/playbooks/groups/jenkins-cloud.yml
@ -28,7 +28,7 @@
   - resolvconf: resolv.conf/jenkins-cloud

  roles:
-   - /srv/web/infra/ansible/roles/base
+   - base

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"
@ -224,6 +224,7 @@
    - asciidoc           # Required by javapackages-tools
    - xmlto              # Required by javapackages-tools
    - pycairo-devel      # Required by dogtail
+    - pyflakes           # Requested by user rholy (ticket #4175)
    tags:
    - packages

@ -299,6 +300,7 @@
    - lvm2
    - sshpass           # End requires for Cockpit
    - tito              # Requested by msrb for javapackages-tools and xmvn (ticket#4113)
+    - pyflakes          # Requested by user rholy (ticket #4175)
    tags:
    - packages

--- a/playbooks/groups/keyserver.yml
+++ b/playbooks/groups/keyserver.yml
@ -32,12 +32,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@ -31,12 +31,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/koji_hub
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - koji_hub

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/lockbox.yml
+++ b/playbooks/groups/lockbox.yml
@ -25,12 +25,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/ansible-server
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - ansible-server

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@ -32,12 +32,12 @@
  - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/yum-cron
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - yum-cron

  tasks:
  # this is how you include other task lists
@ -97,8 +97,7 @@
  - "/srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml"

  roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
-  - role: /srv/web/infra/ansible/roles/mailman
+  - role: mailman
    mailman_dbserver: db02.stg.phx2.fedoraproject.org
    mailman_postfix_mydestination: "lists.fedoraproject.org, lists.stg.fedoraproject.org"
    mailman_mm_db_pass: "{{ mailman_mm_db_pass }}"
@ -106,6 +105,7 @@
    mailman_hk_db_pass: "{{ mailman_hk_db_pass }}"
    mailman_ks_admin_db_pass: "{{ mailman_ks_admin_db_pass }}"
    mailman_ks_db_pass: "{{ mailman_ks_db_pass }}"
+  - fedmsg_base

  tasks:
  - name: install more needed packages
--- a/playbooks/groups/mirrorlist.yml
+++ b/playbooks/groups/mirrorlist.yml
@ -32,13 +32,13 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/geoip
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/mirrorlist
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - geoip
+  - fas_client
+  - mirrorlist

  tasks:
  # this is how you include other task lists
--- a/playbooks/groups/notifs-backend.yml
+++ b/playbooks/groups/notifs-backend.yml
@ -32,12 +32,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base

  tasks:
  - include: "{{ tasks }}/hosts.yml"
@ -45,8 +45,10 @@
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"
  - include: "{{ tasks }}/sudo.yml"
-  - include: "{{ tasks }}/openvpn_client.yml"
-    when: env != "staging"
+  # The proxies don't actually need to talk to these hosts so we won't bother
+  # putting them on the vpn.
+  #- include: "{{ tasks }}/openvpn_client.yml"
+  #  when: env != "staging"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
@ -58,8 +60,8 @@
  accelerate: True

  roles:
-  - /srv/web/infra/ansible/roles/fedmsg-hub
-  - /srv/web/infra/ansible/roles/notifs-backend
+  - fedmsg-hub
+  - notifs-backend

  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
--- a/playbooks/groups/notifs-web.yml
+++ b/playbooks/groups/notifs-web.yml
@ -32,13 +32,13 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/fedmsg_base
-  - /srv/web/infra/ansible/roles/notifs-frontend
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - fedmsg_base
+  - notifs-frontend

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/nuancier.yml
+++ b/playbooks/groups/nuancier.yml
@ -32,11 +32,11 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client

  tasks:
  - include: "{{ tasks }}/hosts.yml"
@ -64,7 +64,7 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - fedmsg_base

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
@ -81,7 +81,7 @@
   - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
-  - /srv/web/infra/ansible/roles/nuancier
+  - nuancier

  handlers:
  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/postgresl-server.yml
+++ b/playbooks/groups/postgresl-server.yml
@ -33,12 +33,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/postgresql_server
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - postgresql_server

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/groups/releng.yml
+++ b/playbooks/groups/releng.yml
@ -4,7 +4,7 @@
 # NOTE: most of these vars_path come from group_vars/releng or from hostvars

 - name: make releng systems
-  hosts: releng01.phx2.fedoraproject.org:releng02.phx2.fedoraproject.org
+  hosts: releng02.phx2.fedoraproject.org
  user: root
  gather_facts: False
  accelerate: True
@ -23,7 +23,7 @@
 # Once the instance exists, configure it. 

 - name: make releng server system
-  hosts: releng01.phx2.fedoraproject.org:releng02.phx2.fedoraproject.org
+  hosts: releng02.phx2.fedoraproject.org
  user: root
  gather_facts: True
  accelerate: True
@ -34,8 +34,8 @@
  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/nagios_client
+  - base
+  - nagios_client

  tasks:
  - include: "{{ tasks }}/koji/releng_config.yml"
--- a/playbooks/groups/taskotron.yml
+++ b/playbooks/groups/taskotron.yml
@ -29,12 +29,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/yum-cron
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - yum-cron

  tasks:
  # this is how you include other task lists
--- a/playbooks/groups/virthost.yml
+++ b/playbooks/groups/virthost.yml
@ -14,12 +14,12 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
-  - /srv/web/infra/ansible/roles/iscsi_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client
+  - iscsi_client

  tasks:
  - include: "{{ tasks }}/hosts.yml"
--- a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
@ -23,7 +23,7 @@

  # Roles are run first, before tasks, regardless of where you place them here.
  roles:
-  - /srv/web/infra/ansible/roles/fedmsg_base
+  - fedmsg_base

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"
@ -122,10 +122,10 @@
    - restart lighttpd

  - name: start webserver
-    action: service state=running enabled=yes name=lighttpd
+    service: state=running enabled=yes name=lighttpd

  - name: start fail2ban
-    action: service state=running enabled=yes name=fail2ban
+    service: state=running enabled=yes name=fail2ban

  # setup dirs for the ansible execution off of provisioning
  - name: dirs from provision
@ -209,6 +209,6 @@
  - name: chmod_key
    action: file path=/etc/lighttpd/coprs-be.fedoraproject.org.pem owner=root group=root mode=0600
  - name: restart copr-backend
-    action: service: name=copr-backend state=restarted
+    service: name=copr-backend state=restarted
  - name: restart lighttpd
-    action: service: name=lighttpd state=restarted
+    service: name=lighttpd state=restarted
--- a/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml
@ -117,7 +117,7 @@
  - "{{ vars_path }}/{{ ansible_distribution }}.yml"

  roles:
-  - role: /srv/web/infra/ansible/roles/mailman
+  - role: mailman
    mailman_dbserver: localhost
    mailman_postfix_mydestination: lists-dev.cloud.fedoraproject.org
    mailman_mm_db_pass: "{{ lists_dev_mm_db_pass }}"
--- a/playbooks/manual/kernel-qa.yml
+++ b/playbooks/manual/kernel-qa.yml
@ -13,11 +13,11 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
-  - /srv/web/infra/ansible/roles/denyhosts
-  - /srv/web/infra/ansible/roles/nagios_client
-  - /srv/web/infra/ansible/roles/fas_client
+  - base
+  - rkhunter
+  - denyhosts
+  - nagios_client
+  - fas_client

  tasks:
  # this is how you include other task lists
--- a/playbooks/manual/sign.yml
+++ b/playbooks/manual/sign.yml
@ -17,8 +17,8 @@
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
-  - /srv/web/infra/ansible/roles/base
-  - /srv/web/infra/ansible/roles/rkhunter
+  - base
+  - rkhunter

  tasks:
  - include: "{{ tasks }}/serialgetty.yml"
--- a/roles/base/files/rsyslog/rsyslog-audit.conf
+++ b/roles/base/files/rsyslog/rsyslog-audit.conf
@ -0,0 +1,13 @@
+# monitor auditd log and send out over local6 to central loghost
+$ModLoad imfile.so
+
+# auditd audit.log
+$InputFileName /var/log/audit/audit.log
+$InputFileTag tag_audit_log:
+$InputFileStateFile audit_log
+$InputFileSeverity info
+$InputFileFacility local6
+$InputRunFileMonitor
+
+:msg, !contains, "type=AVC"
+local6.*				@@log02:514
--- a/roles/base/files/rsyslog/rsyslog-disablerate.conf
+++ b/roles/base/files/rsyslog/rsyslog-disablerate.conf
@ -0,0 +1,3 @@
+# Disable rate limiting
+$IMUXSockRateLimitInterval 0
+$SystemLogRateLimitInterval 0
--- a/roles/base/files/rsyslog/rsyslog-log02.conf
+++ b/roles/base/files/rsyslog/rsyslog-log02.conf
@ -0,0 +1,4 @@
+#
+# Send everything on to central log02 logger machines
+#
+cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none		@@log02:514
--- a/roles/base/files/rsyslog/rsyslog.conf.default
+++ b/roles/base/files/rsyslog/rsyslog.conf.default
@ -1,20 +1,20 @@
-#rsyslog v3 config file
+# rsyslog v5 configuration file

-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

 #### MODULES ####

-$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
-$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
+#$ModLoad immark  # provides --MARK-- message capability

 # Provides UDP syslog reception
-#$ModLoad imudp.so
+#$ModLoad imudp
 #$UDPServerRun 514

 # Provides TCP syslog reception
-#$ModLoad imtcp.so  
+#$ModLoad imtcp
 #$InputTCPServerRun 514


@ -23,6 +23,14 @@ $ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
 #### RULES ####

 # Log all kernel messages to the console.
@ -31,7 +39,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages

 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
@ -52,6 +60,7 @@ uucp,news.crit                                          /var/log/spooler
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log

+
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
 # rule. They belong together, do NOT split them. If you create multiple
@ -60,14 +69,12 @@ local7.*                                                /var/log/boot.log
 #
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
+#$WorkDirectory /var/lib/rsyslog # where to place spool files
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 #*.* @@remote-host:514
 # ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
--- a/roles/base/files/rsyslog/rsyslog.conf.kojibuilder
+++ b/roles/base/files/rsyslog/rsyslog.conf.kojibuilder
@ -1,38 +1,35 @@
-#rsyslog v3 config file
+# rsyslog v5 configuration file

-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

 #### MODULES ####

 $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
-$ModLoad imjournal      # provides access to the systemd journal
 $ModLoad imklog   # provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
+#$ModLoad immark  # provides --MARK-- message capability

 # Provides UDP syslog reception
-#$ModLoad imudp.so
+#$ModLoad imudp
 #$UDPServerRun 514

 # Provides TCP syslog reception
-#$ModLoad imtcp.so  
+#$ModLoad imtcp
 #$InputTCPServerRun 514


 #### GLOBAL DIRECTIVES ####

-# Include all config files in /etc/rsyslog.d/
-$IncludeConfig /etc/rsyslog.d/*.conf
-
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

-# Turn off message reception via local log socket;
-# local messages are retrieved through imjournal now.
-$OmitLocalLogging on
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf

-# File to store the position in the journal
-$StateFile imjournal.state

 #### RULES ####

@ -42,7 +39,7 @@ $StateFile imjournal.state

 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages

 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
@ -63,6 +60,7 @@ uucp,news.crit                                          /var/log/spooler
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log

+
 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
 # rule. They belong together, do NOT split them. If you create multiple
@ -71,14 +69,12 @@ local7.*                                                /var/log/boot.log
 #
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
+#$WorkDirectory /var/lib/rsyslog # where to place spool files
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 #*.* @@remote-host:514
 # ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
--- a/roles/base/files/rsyslog/rsyslog.conf.f20
+++ b/roles/base/files/rsyslog/rsyslog.conf.f20
@ -1,25 +1,30 @@
-#rsyslog v3 config file
+# rsyslog v5 configuration file

-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

 #### MODULES ####

-$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
-$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
+#$ModLoad immark  # provides --MARK-- message capability

 # Provides UDP syslog reception
-#$ModLoad imudp.so
+#$ModLoad imudp
 #$UDPServerRun 514

 # Provides TCP syslog reception
-#$ModLoad imtcp.so  
+#$ModLoad imtcp
 #$InputTCPServerRun 514


 #### GLOBAL DIRECTIVES ####

+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
+
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

@ -27,6 +32,16 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 # not useful and an extreme performance hit
 #$ActionFileEnableSync on

+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+

 #### RULES ####

@ -36,7 +51,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages

 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
@ -49,7 +64,7 @@ mail.*                                                  -/var/log/maillog
 cron.*                                                  /var/log/cron

 # Everybody gets emergency messages
-*.emerg                                                 *
+*.emerg                                                 :omusrmsg:*

 # Save news errors of level crit and higher in a special file.
 uucp,news.crit                                          /var/log/spooler
@ -57,16 +72,6 @@ uucp,news.crit                                          /var/log/spooler
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log

-# monitor auditd log and send out over local6 to central loghost
-$ModLoad imfile.so
-
-# auditd audit.log
-$InputFileName /var/log/audit/audit.log
-$InputFileTag tag_audit_log:
-$InputFileStateFile audit_log
-$InputFileSeverity info
-$InputFileFacility local6
-$InputRunFileMonitor

 # ### begin forwarding rule ###
 # The statement between the begin ... end define a SINGLE forwarding
@ -76,22 +81,11 @@ $InputRunFileMonitor
 #
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
-
-# Disable rate limiting
-$IMUXSockRateLimitInterval 0
-$SystemLogRateLimitInterval 0
-
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
 #*.* @@remote-host:514
 # ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
-:msg, !contains, "type=AVC" ~
-local6.*				@@log02:514
-
--- a/roles/base/files/rsyslog/rsyslog.conf.phx2
+++ b/roles/base/files/rsyslog/rsyslog.conf.phx2
@ -1,97 +0,0 @@
-#rsyslog v3 config file
-
-# if you experience problems, check
-# http://www.rsyslog.com/troubleshoot for assistance
-
-#### MODULES ####
-
-$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
-$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
-#$ModLoad immark.so	# provides --MARK-- message capability
-
-# Provides UDP syslog reception
-#$ModLoad imudp.so
-#$UDPServerRun 514
-
-# Provides TCP syslog reception
-#$ModLoad imtcp.so  
-#$InputTCPServerRun 514
-
-
-#### GLOBAL DIRECTIVES ####
-
-# Use default timestamp format
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-# File syncing capability is disabled by default. This feature is usually not required, 
-# not useful and an extreme performance hit
-#$ActionFileEnableSync on
-
-
-#### RULES ####
-
-# Log all kernel messages to the console.
-# Logging much else clutters up the screen.
-#kern.*                                                 /dev/console
-
-# Log anything (except mail) of level info or higher.
-# Don't log private authentication messages!
-*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
-
-# The authpriv file has restricted access.
-authpriv.*                                              /var/log/secure
-
-# Log all the mail messages in one place.
-mail.*                                                  -/var/log/maillog
-
-
-# Log cron stuff
-cron.*                                                  /var/log/cron
-
-# Everybody gets emergency messages
-*.emerg                                                 *
-
-# Save news errors of level crit and higher in a special file.
-uucp,news.crit                                          /var/log/spooler
-
-# Save boot messages also to boot.log
-local7.*                                                /var/log/boot.log
-
-# monitor auditd log and send out over local6 to central loghost
-$ModLoad imfile.so
-
-# auditd audit.log
-$InputFileName /var/log/audit/audit.log
-$InputFileTag tag_audit_log:
-$InputFileStateFile audit_log
-$InputFileSeverity info
-$InputFileFacility local6
-$InputRunFileMonitor
-
-# ### begin forwarding rule ###
-# The statement between the begin ... end define a SINGLE forwarding
-# rule. They belong together, do NOT split them. If you create multiple
-# forwarding rules, duplicate the whole block!
-# Remote Logging (we use TCP for reliable delivery)
-#
-# An on-disk queue is created for this action. If the remote host is
-# down, messages are spooled to disk and sent when it is up again.
-$WorkDirectory /var/lib/rsyslog # where to place spool files
-$ActionQueueFileName fwdRule1     # unique name prefix for spool files
-$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
-$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
-$ActionQueueType LinkedList       # run asynchronously
-$ActionResumeRetryCount -1        # infinite retries if host is down
-
-# Disable rate limiting
-$IMUXSockRateLimitInterval 0
-$SystemLogRateLimitInterval 0
-
-# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
-#*.* @@remote-host:514
-# ### end of the forwarding rule ###
-cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
-
-:msg, !contains, "type=AVC" ~
-local6.*				@@log02:514
-
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -32,7 +32,7 @@
  user: name=root password={{ rootpw }} state=present
  tags:
  - rootpw
-  when: not (inventory_hostname.startswith('build') or inventory_hostname.startswith('releng'))
+  when: not (inventory_hostname.startswith('build') or inventory_hostname.startswith('releng') or inventory_hostname.startswith('arm'))

 - name: add ansible root key 
  authorized_key: user=root key="{{ item }}"
@ -106,11 +106,8 @@
 - name: rsyslog.conf
  copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
  first_available_file:
-    - "{{ rsyslogconf }}"
-    - rsyslog/rsyslog.conf.{{ ansible_fqdn }}
-    - rsyslog/rsyslog.conf.{{ host_group }}
-    - rsyslog/rsyslog.conf.{{ datacenter }}
-    - rsyslog/rsyslog.conf
+    - rsyslog/rsyslog.conf.{{ dist_tag }}
+    - rsyslog/rsyslog.conf.default

  notify:
  - restart rsyslog
@ -118,6 +115,16 @@
  - rsyslogd
  - config

+- name: add rsyslog config to /etc/rsyslog.d
+  copy: src={{ item }} dest=/etc/rsyslog.d/ owner=root group=root mode=0644
+  with_fileglob:
+   - rsyslog/*.conf
+  notify:
+  - restart rsyslog
+  tags:
+  - rsyslogd
+  - config
+
 - name: /etc/postfix/main.cf
  copy: src={{ item }} dest=/etc/postfix/main.cf
  first_available_file:
--- a/roles/base/templates/iptables/iptables.kojibuilder
+++ b/roles/base/templates/iptables/iptables.kojibuilder
@ -47,6 +47,12 @@
 -A INPUT -p tcp -m tcp -s 10.5.0.0/16 --dport 22 -j ACCEPT 
 -A OUTPUT -p tcp -m tcp -d 10.5.0.0/16 --sport 22  -j ACCEPT

+# for ansible accelerate mode - allow port 5099 from lockbox and it's ips
+-A INPUT -p tcp -m tcp --dport 5099 -s 192.168.1.58 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.126.23 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 10.5.127.51 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 5099 -s 209.132.181.6 -j ACCEPT
+
 # git to pkgs
 -A OUTPUT -m tcp -p tcp --dport 9418 -d 10.5.125.44 -j ACCEPT
 -A OUTPUT -m udp -p udp --dport 9418 -d 10.5.125.44 -j ACCEPT
--- a/roles/debug_env/tasks/main.yml
+++ b/roles/debug_env/tasks/main.yml
@ -0,0 +1,7 @@
+#
+# This role can be added to a playbook to dump out all 
+# the env from ansible to see what variables and facts are.
+# Taken from https://coderwall.com/p/13lh6w
+#
+- name: Dump all ansible vars
+  template: src=dumpall.j2 dest=/tmp/debug_env.out
--- a/roles/debug_env/templates/dumpall.j2
+++ b/roles/debug_env/templates/dumpall.j2
@ -0,0 +1,19 @@
+Module Variables ("vars"):
+--------------------------------
+{{ vars | to_nice_json }}
+
+Environment Variables ("environment"):
+--------------------------------
+{{ environment | to_nice_json }}
+
+GROUP NAMES Variables ("group_names"):
+--------------------------------
+{{ group_names | to_nice_json }}
+
+GROUPS Variables ("groups"):
+--------------------------------
+{{ groups | to_nice_json }}
+
+HOST Variables ("hostvars"):
+--------------------------------
+{{ hostvars | to_nice_json }}
--- a/roles/fedmsg_base/files/selinux/fedmsg.mod
+++ b/roles/fedmsg_base/files/selinux/fedmsg.mod
--- a/roles/fedmsg_base/files/selinux/fedmsg.pp
+++ b/roles/fedmsg_base/files/selinux/fedmsg.pp
--- a/roles/fedmsg_base/files/selinux/fedmsg.te
+++ b/roles/fedmsg_base/files/selinux/fedmsg.te
@ -0,0 +1,11 @@
+
+module fedmsg 1.0;
+
+require {
+	type anon_inodefs_t;
+	type httpd_t;
+	class file write;
+}
+
+#============= httpd_t ==============
+allow httpd_t anon_inodefs_t:file write;
--- a/roles/fedmsg_base/tasks/main.yml
+++ b/roles/fedmsg_base/tasks/main.yml
@ -19,6 +19,7 @@
  with_items:
  - ssl.py
  - endpoints.py
+  - endpoints-fedocal.py
  - endpoints-fedbadges.py
  - endpoints-nuancier.py
  - endpoints-mailman.py
@ -69,3 +70,15 @@
  when: fedmsg_certs != []
  tags:
  - config
+
+# Three tasks for handling our custom selinux module
+- name: ensure a directory exists for our custom selinux module
+  file: dest=/usr/local/share/fedmsg state=directory
+
+- name: copy over our custom selinux module
+  copy: src=selinux/fedmsg.pp dest=/usr/local/share/fedmsg/fedmsg.pp
+  register: selinux_module
+
+- name: install our custom selinux module
+  command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
+  when: selinux_module|changed
--- a/roles/fedmsg_base/templates/endpoints-fedocal.py.j2
+++ b/roles/fedmsg_base/templates/endpoints-fedocal.py.j2
@ -0,0 +1,20 @@
+{% if env == 'staging' %}
+suffix  = 'stg.phx2.fedoraproject.org'
+{% else %}
+suffix = 'phx2.fedoraproject.org'
+{% endif %}
+
+config = dict(
+    endpoints={
+        "fedocal.fedocal01": [
+            "tcp://fedocal01.%s:30%02i" % (suffix, i)
+            for i in range(2)
+        ],
+{% if env != 'staging' %}
+        "fedocal.fedocal02": [
+            "tcp://fedocal02.%s:30%02i" % (suffix, i)
+            for i in range(2)
+        ],
+{% endif %}
+    },
+)
--- a/roles/koji_builder/files/arm-koji.conf
+++ b/roles/koji_builder/files/arm-koji.conf
--- a/roles/koji_builder/files/arm-kojid.conf
+++ b/roles/koji_builder/files/arm-kojid.conf
--- a/roles/koji_builder/files/builder-infrastructure.repo
+++ b/roles/koji_builder/files/builder-infrastructure.repo
--- a/roles/koji_builder/files/builders/bkernel-eth0-network
+++ b/roles/koji_builder/files/builders/bkernel-eth0-network
--- a/roles/koji_builder/files/builders/bkernel-site-defaults.cfg
+++ b/roles/koji_builder/files/builders/bkernel-site-defaults.cfg
--- a/roles/koji_builder/files/builders/fedora-branched-pungi-armhfp.cfg
+++ b/roles/koji_builder/files/builders/fedora-branched-pungi-armhfp.cfg
--- a/roles/koji_builder/files/builders/fedora-branched-pungi-i386.cfg
+++ b/roles/koji_builder/files/builders/fedora-branched-pungi-i386.cfg
--- a/roles/koji_builder/files/builders/fedora-branched-pungi-x86_64.cfg
+++ b/roles/koji_builder/files/builders/fedora-branched-pungi-x86_64.cfg
--- a/roles/koji_builder/files/builders/fedora-rawhide-pungi-armhfp.cfg
+++ b/roles/koji_builder/files/builders/fedora-rawhide-pungi-armhfp.cfg
--- a/roles/koji_builder/files/builders/fedora-rawhide-pungi-i386.cfg
+++ b/roles/koji_builder/files/builders/fedora-rawhide-pungi-i386.cfg
--- a/roles/koji_builder/files/builders/fedora-rawhide-pungi-x86_64.cfg
+++ b/roles/koji_builder/files/builders/fedora-rawhide-pungi-x86_64.cfg
--- a/roles/koji_builder/files/builders/site-defaults.cfg
+++ b/roles/koji_builder/files/builders/site-defaults.cfg
--- a/roles/koji_builder/files/ftbfs_auth_keys
+++ b/roles/koji_builder/files/ftbfs_auth_keys
--- a/roles/koji_builder/files/history_off.sh
+++ b/roles/koji_builder/files/history_off.sh
--- a/roles/koji_builder/files/idmapd.conf
+++ b/roles/koji_builder/files/idmapd.conf
--- a/roles/koji_builder/files/koji.conf
+++ b/roles/koji_builder/files/koji.conf
--- a/roles/koji_builder/files/kojid.conf
+++ b/roles/koji_builder/files/kojid.conf
--- a/roles/koji_builder/files/limits.conf
+++ b/roles/koji_builder/files/limits.conf
--- a/roles/koji_builder/files/mock_auth_keys
+++ b/roles/koji_builder/files/mock_auth_keys
--- a/roles/koji_builder/files/root_auth_keys
+++ b/roles/koji_builder/files/root_auth_keys
@ -1,2 +1 @@
-#ansible key
 from="10.5.126.23,10.5.126.12,10.5.126.11,209.132.181.6,192.168.1.58,152.19.134.140,192.168.1.42" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAmS3g5fSXizcCqKMI1n5WPFrfMyu7BMrMkMYyck07rB/cf2orO8kKj5schjILA8NYJFStlv2CGRXmQlendj523FPzPmzxvTP/OT4qdywa4LKGvAxOkRGCMMxWzVFLdEMzsLUE/+FLX+xd1US9UPLGRsbMkdz4ORCc0G8gqTr835H56mQPI+/zPFeQjHoHGYtQA1wnJH/0LCuFFfU82IfzrXzFDIBAA5i2S+eEOk7/SA4Ciek1CthNtqPX27M6UqkJMBmVpnAdeDz2noWMvlzAAUQ7dHL84CiXbUnF3hhYrHDbmD+kEK+KiRrYh3PT+5YfEPVI/xiDJ2fdHGxY7Dr2TQ== root@lockbox01.phx2.fedoraproject.org
--- a/roles/koji_builder/files/route-eth1
+++ b/roles/koji_builder/files/route-eth1
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@ -0,0 +1,144 @@
+#
+# This is a base koji_builder role. 
+#
+- name: set root passwd
+  user: name=root password={{ builder_rootpw }} state=present
+
+- name: add mock user as 425
+  user: name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
+
+- name: make mock homedir perms
+  file: state=directory path=/var/lib/mock mode=2775 owner=root group=mock
+
+- name: add mock ssh dir
+  file: state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
+
+- name: add mock ssh keys
+  copy: src=mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
+
+- name: add kojibuilder
+  user: name=kojibuilder groups=mock 
+
+- name: add mockbuilder
+  user: name=mockbuilder groups=mock
+
+- name: mockbuilder .ssh dir
+  file: state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
+
+- name: mockbuilder ssh key
+  copy: src=ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
+
+- name: make a bunch of dirs
+  file: state=directory path={{ item }}
+  with_items:
+    - /pub
+    - /mnt/fedora_koji
+    - /pub/fedora
+    - /pub/epel
+
+- name: add builder infra yum repo
+  copy: src=builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
+
+- name: clean up packages we do not need
+  yum: state=removed pkg={{ item }}
+  with_items:
+    - 'cronie\*'
+
+- name: add pkgs
+  yum: state=installed pkg={{ item }}
+  with_items:
+    - yum-utils
+    - koji-builder
+    - strace
+    - mock
+    - nfs-utils
+    - kernel-firmware
+    - ntp
+    - ntpdate
+    - rsyslog
+    - audit
+
+- name: /etc/kojid/kojid.conf
+  copy: src=kojid.conf dest=/etc/kojid/kojid.conf
+  when: not inventory_hostname.startswith(('arm01','arm03'))
+  notify:
+  - restart kojid
+
+- name: arm /etc/kojid/kojid.conf
+  copy: src=arm-kojid.conf dest=/etc/kojid/kojid.conf
+  when: inventory_hostname.startswith(('arm01','arm03'))
+  notify:
+  - restart kojid
+
+- name: /etc/koji/koji.conf
+  copy: src=koji.conf dest=/etc/koji.conf
+  when: not inventory_hostname.startswith(('arm01','arm03'))
+
+- name: /etc/koji/koji.conf
+  copy: src=arm-koji.conf dest=/etc/koji.conf
+  when: inventory_hostname.startswith(('arm01','arm03'))
+
+- name: copy over koji ca cert
+  copy: src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
+
+- name: copy over /etc/security/limits.conf
+  copy: src=limits.conf dest=/etc/security/limits.conf
+
+- name: copy over builder cert to /etc/kojid/kojibuilder.pem
+  copy: src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600   
+
+# idmapd and make sure it's set to run
+- name: idmapd.conf
+  copy: src=idmapd.conf dest=/etc/idmapd.conf
+  tags:
+  - configs
+
+- name: route config for netapp network
+  copy: src=route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
+
+- name: check for netapp route
+  command: ip route show
+  register: netapproute
+  always_run: yes
+  changed_when: "1 != 1"
+
+- name: run netapp route
+  command: /etc/sysconfig/network-scripts/ifup-routes eth1
+  when: netapproute.stdout.find("10.5.88.0") == -1 and not inventory_hostname.startswith('arm')
+
+- name: nfs mount points
+  mount: name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
+  when: inventory_hostname.startswith('build')
+
+- name: make a mnt/koji link
+  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
+  when: inventory_hostname.startswith('build')
+
+# mock configs for pungify job
+- name: put extra special  mock configs in
+  copy: src=builders/{{ item }} dest="/etc/mock/{{ item }}" mode=644
+  with_items:
+    - fedora-branched-pungi-armhfp.cfg
+    - fedora-branched-pungi-i386.cfg
+    - fedora-branched-pungi-x86_64.cfg
+    - fedora-rawhide-pungi-i386.cfg
+    - fedora-rawhide-pungi-x86_64.cfg
+    - fedora-rawhide-pungi-armhfp.cfg
+
+- name: mock site-defaults.cfg
+  copy: src=builders/site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
+  when: not inventory_hostname.startswith('bkernel')
+
+- name: ntp steptickers
+  copy: src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
+
+- name: ntp.conf
+  copy: src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
+
+- name: enable services and start them
+  service: name={{ item }}  enabled=true state=started
+  with_items:
+  - ntpd
+  - nfs-lock
+  - nfs-idmap
+  - nfs-mountd
--- a/roles/nagios_client/tasks/main.yml
+++ b/roles/nagios_client/tasks/main.yml
@ -56,6 +56,7 @@
  - check_swap.cfg
  - check_postfix_queue.cfg
  - check_lock.cfg
+  - check_fedmsg_hub_proc.cfg
  notify:
  - restart nrpe
  tags:
--- a/roles/nagios_client/templates/check_fedmsg_hub_proc.cfg.j2
+++ b/roles/nagios_client/templates/check_fedmsg_hub_proc.cfg.j2
@ -0,0 +1 @@
+command[check_fedmsg_hub_proc]={{ libdir }}/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-hub' -u fedmsg
--- a/roles/notifs-frontend/files/fmn.web.wsgi
+++ b/roles/notifs-frontend/files/fmn.web.wsgi
@ -10,6 +10,9 @@ import pkg_resources
 import os
 os.environ['FMN_WEB_CONFIG'] = '/etc/fmn.web.cfg'

+import logging
+logging.basicConfig()
+
 # The most import line to make the wsgi working
 from fmn.web.app import app as application
 # Dangerous.. only use when testing.
--- a/roles/notifs-frontend/tasks/main.yml
+++ b/roles/notifs-frontend/tasks/main.yml
@ -17,6 +17,17 @@
  notify:
  - restart apache

+- name: destroy a bogus config file brought in by python-datanommer-models
+  file: dest=/etc/fedmsg.d/datanommer.py state=absent
+  notify:
+  - restart apache
+
+- name: setup symlink to fedora theme
+  file: >
+    src=/usr/share/fmn.web/static/bootstrap-3.0.2-fedora
+    dest=/usr/share/fmn.web/static/bootstrap
+    state=link
+
 - name: copy fmn httpd config
  copy: >
    src=fmn.web.conf dest=/etc/httpd/conf.d/fmn.web.conf
--- a/roles/notifs-frontend/templates/fmn.web.cfg
+++ b/roles/notifs-frontend/templates/fmn.web.cfg
@ -13,6 +13,6 @@ FMN_FEDORA_OPENID = 'https://id.fedoraproject.org'
 {% endif %}

 FMN_ALLOW_FAS_OPENID = True
-FMN_ALLOW_GOOGLE_OPENID = True
-FMN_ALLOW_YAHOO_OPENID = True
-FMN_ALLOW_GENERIC_OPENID = True
+FMN_ALLOW_GOOGLE_OPENID = False
+FMN_ALLOW_YAHOO_OPENID = False
+FMN_ALLOW_GENERIC_OPENID = False
--- a/roles/notifs-frontend/templates/fmn.web.py
+++ b/roles/notifs-frontend/templates/fmn.web.py
@ -1,3 +1,6 @@
 config = {
+    # This is for *our* database
    "fmn.sqlalchemy.uri": "postgresql://{{notifs_db_user}}:{{notifs_db_password}}@db-notifs/notifications",
+    # And this is for the datanommer database
+    "datanommer.sqlalchemy.url": "postgresql://{{datanommerDBUser}}:{{datanommerDBPassword}}@db-datanommer/datanommer",
 }
--- a/scripts/ansible-playbook-check-diff
+++ b/scripts/ansible-playbook-check-diff
@ -0,0 +1,25 @@
+#!/usr/bin/python -tt
+import os
+import os.path
+import subprocess
+
+rootpath = "/srv/web/infra/ansible/playbooks"
+
+#
+# Find all the .yml files under playbooks/groups and hosts and run ansible-playbook on them
+# With --check and --diff for now. We don't run the 'manual' subdir ones. 
+
+for dir in ("hosts", "groups"):
+    hostsplaybookspath = os.path.join(rootpath, dir)
+    for path, dirs, files in os.walk(hostsplaybookspath):
+        for file in files:
+            if not file.endswith(".yml"):
+                continue  
+            playbookpath = os.path.join(path, file)
+            cmd = ("ansible-playbook", playbookpath, "--check", "--diff")
+            ansibleprocess = subprocess.Popen(cmd)
+
+#
+# Add this if you want to run them one at a time instead of all forked off in a bunch.
+#            ansibleprocess.communicate() 
+#
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@ -1,145 +0,0 @@
- name: set root passwd
-  action: user name=root password={{ builder_rootpw }} state=present
-
- name: add mock user as 425
-  action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
-
- name: make mock homedir perms
-  action: file state=directory path=/var/lib/mock mode=2775 owner=root group=mock
-
- name: add mock ssh dir
-  action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
-
- name: add mock ssh keys
-  action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
-
- name: add kojibuilder
-  action: user name=kojibuilder groups=mock 
-
- name: add mockbuilder
-  action: user name=mockbuilder groups=mock
-
- name: mockbuilder .ssh dir
-  action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
-
- name: mockbuilder ssh key
-  action: copy src="{{ files }}/kojibuilder/ftbfs_auth_keys" dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
-
- name: make a bunch of dirs
-  action: file state=directory path={{ item }}
-  with_items:
-    - /pub
-    - /mnt/fedora_koji
-    - /pub/fedora
-    - /pub/epel
-    - /var/spool/rsyslog
-
- name: add builder infra yum repo
-  action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
-
- name: clean up packages we do not need
-  action: yum state=removed pkg={{ item }}
-  with_items:
-    - audit
-    - 'cronie\*'
-
- name: add pkgs
-  action: yum  state=installed pkg={{ item }}
-  with_items:
-    - yum-utils
-    - koji-builder
-    - strace
-    - mock
-    - nfs-utils
-    - kernel-firmware
-    - ntp
-    - ntpdate
-
- name: /etc/kojid/kojid.conf
-  action: copy src="{{ files }}/kojibuilder/kojid.conf" dest=/etc/kojid/kojid.conf
-  when: not inventory_hostname.startswith(('arm01','arm03'))
-  notify:
-  - restart kojid
-
-
- name: arm /etc/kojid/kojid.conf
-  action: copy src="{{ files }}/kojibuilder/arm-kojid.conf" dest=/etc/kojid/kojid.conf
-  when: inventory_hostname.startswith(('arm01','arm03'))
-  notify:
-  - restart kojid
-
- name: /etc/koji/koji.conf
-  action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
-  when: not inventory_hostname.startswith(('arm01','arm03'))
-
- name: /etc/koji/koji.conf
-  action: copy src="{{ files }}/kojibuilder/arm-koji.conf" dest=/etc/koji.conf
-  when: inventory_hostname.startswith(('arm01','arm03'))
-
- name: copy over koji ca cert
-  action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
-
- name: copy over /etc/security/limits.conf
-  action: copy src="{{ files }}/kojibuilder/limits.conf" dest=/etc/security/limits.conf
-
- name: copy over builder cert to /etc/kojid/kojibuilder.pem
-  action: copy src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600   
-
- name: chkconfig kojid on and leave it running
-  action: service name=kojid enabled=on
-#  action: service name=kojid enabled=on state=started
-
- name: copy over authorized keys for root
-  action: copy src="{{ files }}/kojibuilder/root_auth_keys" dest=/root/.ssh/authorized_keys mode=644
-
-# idmapd and make sure it's set to run
- name: idmapd.conf
-  action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
-  tags:
-  - configs
- name: enable nfs-related services and run them
-  action: service name={{ item }}  enabled=true state=started
-  with_items:
-  - rpcidmapd
-  - rpcbind
-  - nfs
-  - nfslock
-
- name: route config for netapp network
-  action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
-
- name: run netapp route
-  command: /etc/sysconfig/network-scripts/ifup-routes eth1
-
- name: nfs mount points
-  action: mount name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
-  when: inventory_hostname.startswith('build')
-
- name: make a mnt/koji link
-  action: file state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
-  when: inventory_hostname.startswith('build')
-
-# mock configs for pungify job
-# TODO: restore this to "copy:", this is a temporary "fix" for https://github.com/ansible/ansible/issues/4377
- name: put extra special  mock configs in
-  template: src="{{ files }}/kojibuilder/builders/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
-  with_items:
-    - fedora-branched-pungi-armhfp.cfg
-    - fedora-branched-pungi-i386.cfg
-    - fedora-branched-pungi-x86_64.cfg
-    - fedora-rawhide-pungi-i386.cfg
-    - fedora-rawhide-pungi-x86_64.cfg
-    - fedora-rawhide-pungi-armhfp.cfg
-
- name: mock site-defaults.cfg
-  action: copy src="{{ files }}/kojibuilder/builders/site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
-  when: not inventory_hostname.startswith('bkernel')
-
- name: ntp steptickers
-  action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
-
- name: ntp.conf
-  action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
-
- name: enable ntpd
-  action: service name=ntpd enabled=true state=started
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				`command[check_fedmsg_hub_proc]={{ libdir }}/nagios/plugins/check_procs -c 1:1 -C 'fedmsg-hub' -u fedmsg`