diff --git a/inventory/group_vars/bodhi b/inventory/group_vars/bodhi
new file mode 100644
index 0000000000..129f4ac3b9
--- /dev/null
+++ b/inventory/group_vars/bodhi
@@ -0,0 +1,27 @@
+---
+# Define resources for this group of hosts here.
+jobrunner: false
+epelmasher: false
+
+lvm_size: 40000
+mem_size: 4096
+num_cpus: 2
+
+# for systems that do not match the above - specify the same parameter in
+# the host_vars/$hostname file
+
+tcp_ports: [ 80, 443,
+ # These 16 ports are used by fedmsg. One for each wsgi thread.
+ 3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
+ 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
+
+fas_client_groups: sysadmin-noc
+
+# These are consumed by a task in roles/fedmsg_base/main.yml
+fedmsg_certs:
+- service: shell
+ owner: root
+ group: sysadmin
+- service: bodhi
+ owner: root
+ group: apache
diff --git a/inventory/host_vars/bodhi01.phx2.fedoraproject.org b/inventory/host_vars/bodhi01.phx2.fedoraproject.org
new file mode 100644
index 0000000000..44886f2969
--- /dev/null
+++ b/inventory/host_vars/bodhi01.phx2.fedoraproject.org
@@ -0,0 +1,10 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+volgroup: /dev/vg_virthost01
+eth0_ip: 10.5.126.110
+vmhost: virthost01.phx2.fedoraproject.org
+datacenter: phx2
diff --git a/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org b/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org
new file mode 100644
index 0000000000..0c22cb5f31
--- /dev/null
+++ b/inventory/host_vars/bodhi01.stg.phx2.fedoraproject.org
@@ -0,0 +1,10 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+volgroup: /dev/vg_guests
+eth0_ip: 10.5.126.166
+vmhost: virthost10.phx2.fedoraproject.org
+datacenter: phx2
diff --git a/inventory/host_vars/bodhi02.phx2.fedoraproject.org b/inventory/host_vars/bodhi02.phx2.fedoraproject.org
new file mode 100644
index 0000000000..5448d8befd
--- /dev/null
+++ b/inventory/host_vars/bodhi02.phx2.fedoraproject.org
@@ -0,0 +1,10 @@
+---
+nm: 255.255.255.0
+gw: 10.5.126.254
+dns: 10.5.126.21
+ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6
+ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/
+volgroup: /dev/vg_virthost03
+eth0_ip: 10.5.126.167
+vmhost: virthost03.phx2.fedoraproject.org
+datacenter: phx2
diff --git a/inventory/inventory b/inventory/inventory
index abe0a2ff11..cd2b4b59db 100644
--- a/inventory/inventory
+++ b/inventory/inventory
@@ -91,6 +91,13 @@ blockerbugs02.phx2.fedoraproject.org
blockerbugs01.stg.phx2.fedoraproject.org
blockerbugs-dev.cloud.fedoraproject.org
+[bodhi]
+boodhi01.phx2.fedoraproject.org
+boodhi02.phx2.fedoraproject.org
+
+[bodhi-stg]
+boodhi01.stg.phx2.fedoraproject.org
+
[bvirthost]
bvirthost01.phx2.fedoraproject.org
bvirthost02.phx2.fedoraproject.org
diff --git a/playbooks/groups/bodhi.yml b/playbooks/groups/bodhi.yml
new file mode 100644
index 0000000000..69d925e70e
--- /dev/null
+++ b/playbooks/groups/bodhi.yml
@@ -0,0 +1,53 @@
+- name: make bodhi
+ hosts: bodhi:bodhi-stg #machines: bodhi01, bodhi02, releng04, relepel01
+ user: root
+ gather_facts: False
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - "{{ private }}/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ tasks:
+ - include: "{{ tasks }}/virt_instance_create.yml"
+
+ handlers:
+ - include: "{{ handlers }}/restart_services.yml"
+
+- name: make the box be real
+ hosts: bodhi:bodhi-stg
+ user: root
+ gather_facts: True
+
+ vars_files:
+ - /srv/web/infra/ansible/vars/global.yml
+ - "{{ private }}/vars.yml"
+ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+ roles:
+ - base
+ - rkhunter
+ - denyhosts
+ - nagios_client
+ - fas_client
+ - fedmsg_base
+ - collectd
+ - nfs_client
+ - { role: bodhi/base, when: "inventory_hostname.startswith('bodhi01') or inventory_hostname.startswith('bodhi02')" }
+ - { role: bodhi/masher, jobrunner: true, when: "inventory_hostname.startswith('releng04')" }
+ - { role: bodhi/masher, epelmasher: true, when: "inventory_hostname.startswith('relepel01')" }
+
+ tasks:
+ - include: "{{ tasks }}/hosts.yml"
+ - include: "{{ tasks }}/yumrepos.yml"
+ - include: "{{ tasks }}/2fa_client.yml"
+ - include: "{{ tasks }}/motd.yml"
+ - include: "{{ tasks }}/sudo.yml"
+ - include: "{{ tasks }}/apache.yml"
+ - include: "{{ tasks }}/openvpn_client.yml"
+ when: env != "staging"
+ - include: "{{ tasks }}/iptables.yml"
+ - include: "{{ tasks }}/mod_wsgi.yml
+
+ handlers:
+ - include: "{{ handlers }}/restart_services.yml"
diff --git a/roles/bodhi/base/files/bodhi-app.conf b/roles/bodhi/base/files/bodhi-app.conf
new file mode 100644
index 0000000000..a62363aa1d
--- /dev/null
+++ b/roles/bodhi/base/files/bodhi-app.conf
@@ -0,0 +1,18 @@
+Alias /updates/static /usr/share/bodhi/static
+
+WSGISocketPrefix run/wsgi
+WSGIRestrictSignal Off
+
+WSGIDaemonProcess bodhi user=bodhi group=bodhi display-name=bodhi maximum-requests=1000 processes=4 threads=1
+WSGIPythonOptimize 1
+
+WSGIScriptAlias /updates /usr/share/bodhi/bodhi.wsgi/updates
+
+# Hack, to work around some weirdness with python-tgmochikit & TG1
+Alias /updates/tg_widgets/tgmochikit/packed/MochiKit/MochiKit.js /usr/lib/python2.6/site-packages/tgmochikit/static/javascript/1.4.2/packed/MochiKit/MochiKit.js
+
+
+ WSGIProcessGroup bodhi
+ Order deny,allow
+ Allow from all
+
diff --git a/roles/bodhi/base/tasks/main.yml b/roles/bodhi/base/tasks/main.yml
new file mode 100644
index 0000000000..b09015d623
--- /dev/null
+++ b/roles/bodhi/base/tasks/main.yml
@@ -0,0 +1,87 @@
+---
+# tasklist for setting up bodhi
+# This is the base set of files needed for bodhi
+
+- name: install needed packages
+ yum: pkg={{ item }} state=installed
+ with_items:
+ - bodhi-server
+ tags:
+ - packages
+
+- name: setup /etc/bodhi/ directory
+ file: path=/etc/bodhi owner=root group=root mode=0755 state=directory
+ tags:
+ - config
+
+- name: setup basic /etc/bodhi/ contents
+ template: >
+ src="bodhi-prod.cfg.j2"
+ dest="/etc/bodhi/bodhi.cfg"
+ owner=bodhi
+ group=bodhi
+ mode=0600
+ notify:
+ - restart httpd
+ tags:
+ - config
+
+- name: setup basic /etc/httpd/conf.d/ bodhi contents
+ copy: >
+ src="bodhi-app.conf"
+ dest="/etc/httpd/conf.d/bodhi.conf"
+ owner=root
+ group=root
+ mode=0644
+ notify:
+ - restart httpd
+ tags:
+ - config
+
+- name: setup /etc/pki/bodhi directory
+ file: path=/etc/pki/bodhi owner=root group=root mode=0755 state=directory
+ tags:
+ - config
+
+- name: install bodhi.pem file
+ copy: >
+ src="{{ puppet_private }}/bodhi_key_and_cert.pem"
+ dest="/etc/pki/bodhi/bodhi.pem"
+ owner=bodhi
+ group=bodhi
+ mode=0400
+ tags:
+ - config
+
+- name: install bodhi certificates
+ copy: >
+ src="{{ puppet_private }}/fedora-ca.cert"
+ dest="/etc/pki/bodhi/{{ item }}"
+ owner=root
+ group=root
+ mode=0644
+ with_items:
+ - fedora-server-ca.cert
+ - fedora-upload-ca.cert
+ tags:
+ - config
+
+- name: setup /var/log/bodhi directory
+ file: path=/var/log/bodhi owner=bodhi group=bodhi mode=0755 state=directory
+ tags:
+ - config
+
+- name: install /var/tmp/bodhi-bz.cookie file
+ file: >
+ path=/var/tmp/bodhi-bz.cookie
+ owner=bodhi
+ group=bodhi
+ mode=0600
+ state=file
+ tags:
+ - config
+
+- name: enable httpd_tmp_exec SELinux boolean
+ seboolean: name=httpd_tmp_exec state=yes persistent=yes
+ tags:
+ - config
diff --git a/roles/bodhi/base/templates/bodhi-prod.cfg.erb b/roles/bodhi/base/templates/bodhi-prod.cfg.erb
new file mode 100644
index 0000000000..11bde0bcdd
--- /dev/null
+++ b/roles/bodhi/base/templates/bodhi-prod.cfg.erb
@@ -0,0 +1,204 @@
+[global]
+
+##
+## Bodhi Production Configuration
+##
+## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
+##
+
+# Release status
+# pre-beta enforces the 'Pre Beta' policy defined here:
+# https://fedoraproject.org/wiki/Updates_Policy
+f21.status = 'pre_beta'
+
+f21.post_beta.mandatory_days_in_testing = 7
+f21.post_beta.critpath.num_admin_approvals = 0
+f21.post_beta.critpath.min_karma = 2
+f21.post_beta.critpath.stable_after_days_without_negative_karma = 14
+
+f21.pre_beta.mandatory_days_in_testing = 3
+f21.pre_beta.critpath.num_admin_approvals = 0
+f21.pre_beta.critpath.min_karma = 1
+
+# Bodhi Defaults:
+#
+# The number of admin approvals it takes to be able to push a critical path
+# # update to stable for a pending release.
+# critpath.num_admin_approvals = 0
+#
+# # The net karma required to submit a critial path update to a pending release)
+# critpath.min_karma = 2
+#
+# # Allow critpath to submit for stable after 2 weeks with no negative karma
+# critpath.stable_after_days_without_negative_karma = 14
+
+
+## A notice to flash on the front page
+#frontpage_notice = 'Bodhi is now enforcing the Package Update Acceptance Criteria across all Fedora releases.'
+
+## A notice to flash on the New Update page
+#newupdate_notice = 'Koji is currently down for a scheduled outage. Please see status.fedoraproject.org for more information'
+
+# Query the Fedora Package Database for the list of Critical Path Packages.
+{% if environment == "production" %}
+critpath.type = 'pkgdb'
+{% endif %}
+
+{% if environment == "production" %}
+deployment_type = "prod"
+{% endif %}
+{% if environment == "staging" %}
+deployment_type = "stg"
+{% endif %}
+{% if environment == "development" %}
+deployment_type = "dev"
+{% endif %}
+
+# We no longer require proventester karma for critpath approval
+# https://fedorahosted.org/bodhi/ticket/653
+critpath.num_admin_approvals = 0
+
+#f17.pre_beta.critpath.num_admin_approvals = 0
+
+query_wiki_test_cases = True
+
+sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
+
+masher = 'http://releng04/updates'
+
+# For the build auto-complete widget
+tg_mochikit.packed = True
+
+server.socket_port=8084
+server.environment="production"
+autoreload.on = False
+server.webpath="/updates"
+server.log_file = "server.log"
+server.log_to_screen = False
+server.thread_pool = 50
+server.socket_queue_size = 30
+
+# We probably want to have apache do this for us...
+#gzipFilter.on = True
+
+session_filter.on = False
+base_url_filter.on = True
+base_url_filter.use_x_forwarded_host = False
+{% if environment == "staging" %}
+base_url_filter.base_url = 'https://admin.stg.fedoraproject.org'
+{% else %}
+base_url_filter.base_url = 'https://admin.fedoraproject.org'
+{% endif %}
+
+tg.strict_parameters = True
+tg.ignore_parameters = ["_csrf_token"]
+
+# Periodic jobs
+jobs = 'cache_release_data'
+
+# FAS2
+#sqlalchemy.dburi="sqlite:///"
+fas.url = 'https://admin.fedoraproject.org/accounts/'
+identity.provider='jsonfas2'
+identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
+visit.manager="jsonfas2"
+visit.saprovider.model="fedora.accounts.tgfas.Visit"
+visit.cookie.secure = True
+visit.cookie.httponly = True
+
+# Our identity that we use to fetch bugzilla details and such
+bodhi_password='{{ bodhiBugzillaPassword }}'
+bodhi_email = 'updates@fedoraproject.org'
+security_team = 'security_respons-members@fedoraproject.org'
+release_team_address = 'bodhiadmin-members@fedoraproject.org'
+fedora_announce_list = 'package-announce@lists.fedoraproject.org'
+fedora_test_announce_list = 'test@lists.fedoraproject.org'
+mashed_dir = '/mnt/koji/mash/updates'
+# TurboMail 3.0 settings
+{% if environment == "staging" %}
+mail.on = False
+{% else %}
+mail.on = True
+{% endif %}
+mail.transport = 'smtp'
+mail.smtp.server = 'bastion'
+# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
+# https://fedorahosted.org/bodhi/ticket/648
+mail.message.encoding = 'utf-8'
+notice_sender = 'updates@fedoraproject.org'
+#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
+bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
+bz_cookie = '/var/tmp/bodhi-bz.cookie'
+bz_products = 'Fedora,Fedora EPEL,oVirt'
+
+build_dir = '/mnt/koji/packages'
+{% if environment == "staging" %}
+base_address = 'https://admin.stg.fedoraproject.org'
+{% else %}
+base_address = 'https://admin.fedoraproject.org'
+{% endif %}
+
+acl_system = 'pkgdb'
+{% if environment == "staging" %}
+pkgdb_url = 'http://localhost/pkgdb'
+{% else %}
+pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
+{% endif %}
+
+{% if environment == "staging" %}
+buildsystem = 'dev'
+{% else %}
+buildsystem = 'koji'
+{% endif %}
+client_cert = '/etc/pki/bodhi/bodhi.pem'
+clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
+serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
+
+[logging]
+
+[[handlers]]
+
+[[[debug_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='DEBUG'
+formatter='full_content'
+
+[[[access_out]]]
+class='TimedRotatingFileHandler'
+level='INFO'
+args="('/var/log/bodhi/access.log', 'D', 7)"
+formatter='message_only'
+
+[[[error_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='ERROR'
+formatter='full_content'
+
+[[loggers]]
+[[[bodhi]]]
+level='DEBUG'
+qualname='bodhi'
+handlers=['debug_out']
+propagate=0
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+propagate=0
+
+#[[[access]]]
+#level='INFO'
+#qualname='turbogears.access'
+#handlers=['debug_out']
+
+[[[turbomail]]]
+level='INFO'
+qualname='turbomail'
+handlers=['debug_out']
+
+[[[urllib3]]]
+level='WARN'
+qualname='urllib3'
+handlers=['debug_out']
diff --git a/roles/bodhi/masher/defaults/main.yml b/roles/bodhi/masher/defaults/main.yml
new file mode 100644
index 0000000000..dcaf11527c
--- /dev/null
+++ b/roles/bodhi/masher/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+epelmasher: false
+jobrunner: false
diff --git a/roles/bodhi/masher/files/bodhi-masher.conf b/roles/bodhi/masher/files/bodhi-masher.conf
new file mode 100644
index 0000000000..1f962ed504
--- /dev/null
+++ b/roles/bodhi/masher/files/bodhi-masher.conf
@@ -0,0 +1,15 @@
+Alias /updates/static /usr/share/bodhi/static
+
+WSGISocketPrefix run/wsgi
+WSGIRestrictSignal Off
+
+WSGIDaemonProcess bodhi user=masher group=masher display-name=bodhi
+WSGIPythonOptimize 1
+
+WSGIScriptAlias /updates /usr/share/bodhi/bodhi.wsgi/updates
+
+
+ WSGIProcessGroup bodhi
+ Order deny,allow
+ Allow from all
+
diff --git a/roles/bodhi/masher/files/el6-epel-testing.mash b/roles/bodhi/masher/files/el6-epel-testing.mash
new file mode 100644
index 0000000000..cafc1568af
--- /dev/null
+++ b/roles/bodhi/masher/files/el6-epel-testing.mash
@@ -0,0 +1,17 @@
+# mash config file
+
+[el6-epel-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo_path = %(arch)s/debug
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = dist-6E-epel-testing
+inherit = False
+strict_keys = True
+keys = 0608b895
+use_repoview = True
+repoviewurl = http://download.fedoraproject.org/pub/epel/testing/6/%(arch)s/
+repoviewtitle = "Fedora EPEL Testing 6 - %(arch)s"
+arches = i386 x86_64 ppc64
diff --git a/roles/bodhi/masher/files/el6-epel.mash b/roles/bodhi/masher/files/el6-epel.mash
new file mode 100644
index 0000000000..72b209e36c
--- /dev/null
+++ b/roles/bodhi/masher/files/el6-epel.mash
@@ -0,0 +1,17 @@
+# mash config file
+
+[el6-epel]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo_path = %(arch)s/debug
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = dist-6E-epel
+inherit = False
+strict_keys = True
+keys = 0608b895
+use_repoview = True
+repoviewurl = http://download.fedoraproject.org/pub/epel/6/%(arch)s/
+repoviewtitle = "Fedora EPEL 6 - %(arch)s"
+arches = i386 x86_64 ppc64
diff --git a/roles/bodhi/masher/files/f13-updates.mash b/roles/bodhi/masher/files/f13-updates.mash
new file mode 100644
index 0000000000..97ef3ddca3
--- /dev/null
+++ b/roles/bodhi/masher/files/f13-updates.mash
@@ -0,0 +1,17 @@
+[f13-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = dist-f13-updates
+inherit = False
+strict_keys = True
+keys = E8E40FDE
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/13/%(arch)s/
+repoviewtitle = "Fedora 13 Updates - %(arch)s"
+arches = i386 x86_64
+delta = True
+# Enable this once F13 releases
+delta_dirs = /pub/fedora/linux/releases/13/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f13-updates/%(arch)s/
+#delta_dirs = /pub/fedora/linux/development/13/%(arch)s/os/
diff --git a/roles/bodhi/masher/files/f14-updates-testing.mash b/roles/bodhi/masher/files/f14-updates-testing.mash
new file mode 100644
index 0000000000..cf58def23d
--- /dev/null
+++ b/roles/bodhi/masher/files/f14-updates-testing.mash
@@ -0,0 +1,20 @@
+# mash config file
+
+[f14-updates-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = dist-f14-updates-testing
+inherit = False
+strict_keys = True
+keys = 97A1071F
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/14/%(arch)s/
+repoviewtitle = "Fedora 14 Updates Testing - %(arch)s"
+arches = i386 x86_64
+delta = True
+# Enable this once F14 releases
+#delta_dirs = /pub/fedora/linux/releases/14/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f14-updates/%(arch)s/
+delta_dirs = /pub/fedora/linux/development/14/%(arch)s/os/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/14/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/14/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f14-updates.mash b/roles/bodhi/masher/files/f14-updates.mash
new file mode 100644
index 0000000000..2cfe76facf
--- /dev/null
+++ b/roles/bodhi/masher/files/f14-updates.mash
@@ -0,0 +1,16 @@
+[f14-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = dist-f14-updates
+inherit = False
+strict_keys = True
+keys = 97A1071F
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/14/%(arch)s/
+repoviewtitle = "Fedora 14 Updates - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/14/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f14-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/14/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f15-updates-testing.mash b/roles/bodhi/masher/files/f15-updates-testing.mash
new file mode 100644
index 0000000000..d464b96ece
--- /dev/null
+++ b/roles/bodhi/masher/files/f15-updates-testing.mash
@@ -0,0 +1,20 @@
+# mash config file
+
+[f15-updates-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = dist-f15-updates-testing
+inherit = False
+strict_keys = True
+keys = 069C8460
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/15/%(arch)s/
+repoviewtitle = "Fedora 15 Updates Testing - %(arch)s"
+arches = i386 x86_64
+delta = True
+# Enable this once F15 releases
+#delta_dirs = /pub/fedora/linux/releases/15/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f15-updates/%(arch)s/
+delta_dirs = /pub/fedora/linux/development/15/%(arch)s/os/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/15/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/15/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f15-updates.mash b/roles/bodhi/masher/files/f15-updates.mash
new file mode 100644
index 0000000000..94384ba409
--- /dev/null
+++ b/roles/bodhi/masher/files/f15-updates.mash
@@ -0,0 +1,16 @@
+[f15-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = dist-f15-updates
+inherit = False
+strict_keys = True
+keys = 069C8460
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/15/%(arch)s/
+repoviewtitle = "Fedora 15 Updates - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/15/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f15-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/15/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f16-updates-testing.mash b/roles/bodhi/masher/files/f16-updates-testing.mash
new file mode 100644
index 0000000000..7d7d85948e
--- /dev/null
+++ b/roles/bodhi/masher/files/f16-updates-testing.mash
@@ -0,0 +1,20 @@
+# mash config file
+
+[f16-updates-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f16-updates-testing
+inherit = False
+strict_keys = True
+keys = A82BA4B7
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/16/%(arch)s/
+repoviewtitle = "Fedora 16 Updates Testing - %(arch)s"
+arches = i386 x86_64
+delta = True
+# Enable this once F16 releases
+delta_dirs = /pub/fedora/linux/releases/16/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f16-updates/%(arch)s/
+#delta_dirs = /pub/fedora/linux/development/16/%(arch)s/os/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/16/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/16/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f16-updates.mash b/roles/bodhi/masher/files/f16-updates.mash
new file mode 100644
index 0000000000..fb2f688911
--- /dev/null
+++ b/roles/bodhi/masher/files/f16-updates.mash
@@ -0,0 +1,16 @@
+[f16-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f16-updates
+inherit = False
+strict_keys = True
+keys = A82BA4B7
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/16/%(arch)s/
+repoviewtitle = "Fedora 16 Updates - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/16/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f16-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/16/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f17-updates-testing.mash b/roles/bodhi/masher/files/f17-updates-testing.mash
new file mode 100644
index 0000000000..1733239cd9
--- /dev/null
+++ b/roles/bodhi/masher/files/f17-updates-testing.mash
@@ -0,0 +1,18 @@
+# mash config file
+
+[f17-updates-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f17-updates-testing
+inherit = False
+strict_keys = True
+keys = 1ACA3465
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/17/%(arch)s/
+repoviewtitle = "Fedora 17 Updates Testing - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/17/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f17-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/17/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/17/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f17-updates.mash b/roles/bodhi/masher/files/f17-updates.mash
new file mode 100644
index 0000000000..fcb31e7c11
--- /dev/null
+++ b/roles/bodhi/masher/files/f17-updates.mash
@@ -0,0 +1,16 @@
+[f17-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f17-updates
+inherit = False
+strict_keys = True
+keys = 1ACA3465
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/17/%(arch)s/
+repoviewtitle = "Fedora 17 Updates - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/17/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f17-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/17/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f18-updates-testing.mash b/roles/bodhi/masher/files/f18-updates-testing.mash
new file mode 100644
index 0000000000..d552aca992
--- /dev/null
+++ b/roles/bodhi/masher/files/f18-updates-testing.mash
@@ -0,0 +1,18 @@
+# mash config file
+
+[f18-updates-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f18-updates-testing
+inherit = False
+strict_keys = True
+keys = DE7F38BD
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/18/%(arch)s/
+repoviewtitle = "Fedora 18 Updates Testing - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/18/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f18-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/18/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/18/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f18-updates.mash b/roles/bodhi/masher/files/f18-updates.mash
new file mode 100644
index 0000000000..11c8d550b1
--- /dev/null
+++ b/roles/bodhi/masher/files/f18-updates.mash
@@ -0,0 +1,18 @@
+[f18-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f18-updates
+inherit = False
+strict_keys = True
+keys = DE7F38BD
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/18/%(arch)s/
+repoviewtitle = "Fedora 18 Updates - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/18/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f18-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/18/Everything/%(arch)s/os
+
+
diff --git a/roles/bodhi/masher/files/f19-updates-testing.mash b/roles/bodhi/masher/files/f19-updates-testing.mash
new file mode 100644
index 0000000000..6eb8fd88a4
--- /dev/null
+++ b/roles/bodhi/masher/files/f19-updates-testing.mash
@@ -0,0 +1,21 @@
+# mash config file
+
+[f19-updates-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f19-updates-testing
+inherit = False
+strict_keys = True
+keys = FB4b18E6
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/19/%(arch)s/
+repoviewtitle = "Fedora 19 Updates Testing - %(arch)s"
+arches = i386 x86_64
+delta = True
+delta_dirs = /pub/fedora/linux/releases/19/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f19-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/19/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/19/Everything/%(arch)s/os
+# point to branched till we release then use above
+#delta_dirs = /pub/fedora/linux/development/19/%(arch)s/os/
+#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/19/%(arch)s/os/
diff --git a/roles/bodhi/masher/files/f19-updates.mash b/roles/bodhi/masher/files/f19-updates.mash
new file mode 100644
index 0000000000..4a216e5fca
--- /dev/null
+++ b/roles/bodhi/masher/files/f19-updates.mash
@@ -0,0 +1,18 @@
+[f19-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f19-updates
+inherit = False
+strict_keys = True
+keys = FB4B18E6
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/19/%(arch)s/
+repoviewtitle = "Fedora 19 Updates - %(arch)s"
+arches = i386 x86_64
+delta = True
+#delta_dirs = /pub/fedora/linux/development/19/%(arch)s/os/,/mnt/koji/mash/updates/f19-updates/%(arch)s/
+#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/19/%(arch)s/os
+delta_dirs = /pub/fedora/linux/releases/19/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f19-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/19/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/files/f20-updates-testing.mash b/roles/bodhi/masher/files/f20-updates-testing.mash
new file mode 100644
index 0000000000..7d6b0f1911
--- /dev/null
+++ b/roles/bodhi/masher/files/f20-updates-testing.mash
@@ -0,0 +1,21 @@
+# mash config file
+
+[f20-updates-testing]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f20-updates-testing
+inherit = False
+strict_keys = True
+keys = 246110C1
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/testing/20/%(arch)s/
+repoviewtitle = "Fedora 20 Updates Testing - %(arch)s"
+arches = armhfp i386 x86_64
+delta = True
+#delta_dirs = /pub/fedora/linux/releases/20/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
+#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/updates/20/%(arch)s, http://download.fedoraproject.org/pub/fedora/linux/releases/20/Everything/%(arch)s/os
+# point to branched till we release then use above
+delta_dirs = /pub/fedora/linux/development/20/%(arch)s/os/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/20/%(arch)s/os/
diff --git a/roles/bodhi/masher/files/f20-updates.mash b/roles/bodhi/masher/files/f20-updates.mash
new file mode 100644
index 0000000000..894123947e
--- /dev/null
+++ b/roles/bodhi/masher/files/f20-updates.mash
@@ -0,0 +1,20 @@
+[f20-updates]
+rpm_path = %(arch)s/
+source_path = SRPMS/
+debuginfo = True
+multilib = True
+multilib_method = devel
+tag = f20-updates
+inherit = False
+strict_keys = True
+keys = 246110C1
+repoviewurl = http://download.fedoraproject.org/pub/fedora/linux/updates/20/%(arch)s/
+repoviewtitle = "Fedora 20 Updates - %(arch)s"
+arches = armhfp i386 x86_64
+delta = True
+#generate deltas against branched
+delta_dirs = /pub/fedora/linux/development/20/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
+parent_repos = http://download.fedoraproject.org/pub/fedora/linux/development/20/%(arch)s/os
+# Bellow needs enabling at GA
+#delta_dirs = /pub/fedora/linux/releases/20/Everything/%(arch)s/os/,/mnt/koji/mash/updates/f20-updates/%(arch)s/
+#parent_repos = http://download.fedoraproject.org/pub/fedora/linux/releases/20/Everything/%(arch)s/os
diff --git a/roles/bodhi/masher/meta/main.yml b/roles/bodhi/masher/meta/main.yml
new file mode 100644
index 0000000000..9f7f541ae1
--- /dev/null
+++ b/roles/bodhi/masher/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - { role: bodhi/base }
diff --git a/roles/bodhi/masher/tasks/main.yml b/roles/bodhi/masher/tasks/main.yml
new file mode 100644
index 0000000000..707609d609
--- /dev/null
+++ b/roles/bodhi/masher/tasks/main.yml
@@ -0,0 +1,134 @@
+---
+# tasklist for setting up bodhi/masher (requires bodhi/base)
+# This is the base set of files needed for bodhi/masher
+
+- name: install needed packages
+ yum: pkg={{ item }} state=installed
+ with_items:
+ - python-fedora-turbogears
+ tags:
+ - packages
+
+- name: install bodhi-masher /etc/bodhi/bodhi.cfg file
+ template: >
+ src="bodhi-masher.cfg.j2"
+ dest="/etc/bodhi/bodhi.cfg"
+ owner=masher
+ group=masher
+ mode=0600
+ notify:
+ - restart httpd
+ tags:
+ - config
+
+- name: install bodhi-masher /etc/httpd/conf.d/bodhi.conf file
+ copy: >
+ src="bodhi-masher.conf"
+ dest="/etc/httpd/conf.d/bodhi.conf"
+ owner=root
+ group=root
+ mode=0644
+ notify:
+ - restart httpd
+ tags:
+ - config
+
+- name: change owner and group attributes of bodhi.pem file
+ file: >
+ path="/etc/pki/bodhi/bodhi.pem"
+ owner=masher
+ group=masher
+ tags:
+ - config
+
+- name: change owner and group attributes of /var/log/bodhi directory
+ file: path=/var/log/bodhi owner=masher group=masher
+ tags:
+ - config
+
+- name: setup /etc/bodhi/mash.conf directory
+ file: path=/etc/bodhi/mash.conf owner=masher group=masher mode=0755 state=directory
+ tags:
+ - config
+
+- name: change type part of SELinux file context
+ file: path="/home/masher/.cvspass" setype=httpd_sys_script_rw_t state=file
+ tags:
+ - config
+
+- name: change type part of SELinux file context
+ file: path="/var/tmp/bodhi/comps/" setype=httpd_sys_script_rw_t state=directory recurse=yes
+ tags:
+ - config
+
+- name: change owner attribute of /var/tmp/bodhi-bz.cookie file
+ file: >
+ path=/var/tmp/bodhi-bz.cookie
+ owner=masher
+ tags:
+ - config
+
+- name: install /etc/bodhi/*.mash files
+ copy: >
+ src="{{ item }}"
+ dest="/etc/bodhi/{{ item }}"
+ owner=masher
+ mode=0640
+ with_items:
+ - f13-updates.mash
+ - f14-updates.mash
+ - f14-updates-testing.mash
+ - f15-updates.mash
+ - f15-updates-testing.mash
+ - f16-updates.mash
+ - f16-updates-testing.mash
+ - f17-updates.mash
+ - f17-updates-testing.mash
+ - f18-updates.mash
+ - f18-updates-testing.mash
+ - f19-updates.mash
+ - f19-updates-testing.mash
+ - f20-updates.mash
+ - f20-updates-testing.mash
+ - el6-epel.mash
+ - el6-epel-testing.mash
+ tags:
+ - config
+
+# tasks for setting up epelmasher
+
+- name: install needed packages
+ yum: pkg={{ item }} state=installed
+ with_items:
+ - repoview
+ when: epelmasher
+ tags:
+ - packages
+
+- name: install bodhi-epel-masher /etc/bodhi/bodhi.cfg file
+ template: >
+ src="bodhi-epel-masher.cfg.j2"
+ dest="/etc/bodhi/bodhi.cfg"
+ owner=masher
+ group=masher
+ mode=0600
+ when: epelmasher
+ notify:
+ - restart httpd
+ tags:
+ - config
+
+# tasklist for setting up jobrunner
+
+- name: install bodhi-masher-jobrunner /etc/bodhi/bodhi.cfg file
+ template: >
+ src="bodhi-masher-jobrunner.cfg.j2"
+ dest="/etc/bodhi/bodhi.cfg"
+ owner=masher
+ group=masher
+ mode=0600
+ when: jobrunner
+ notify:
+ - restart httpd
+ tags:
+ - config
diff --git a/roles/bodhi/masher/templates/bodhi-epel-masher.cfg.j2 b/roles/bodhi/masher/templates/bodhi-epel-masher.cfg.j2
new file mode 100644
index 0000000000..8b7a14ad4f
--- /dev/null
+++ b/roles/bodhi/masher/templates/bodhi-epel-masher.cfg.j2
@@ -0,0 +1,143 @@
+[global]
+
+##
+## Bodhi Production Masher Configuration
+##
+## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
+##
+
+arches = 'i386 x86_64 ppc/ppc64'
+
+# For pushing EPEL updates from the masher
+bodhi_url = 'http://localhost/updates'
+
+sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
+
+masher = None # we are the masher
+
+server.socket_port=8084
+server.environment="production"
+autoreload.on = False
+server.webpath="/updates"
+server.log_file = "server.log"
+server.log_to_screen = False
+server.thread_pool = 50
+server.socket_queue_size = 30
+
+# We probably want to have apache do this for us...
+#gzipFilter.on = True
+
+session_filter.on = False
+base_url_filter.on = True
+base_url_filter.use_x_forwarded_host = False
+base_url_filter.base_url = 'https://admin.fedoraproject.org'
+
+tg.strict_parameters = True
+tg.ignore_parameters = ["_csrf_token"]
+
+# Periodic jobs
+jobs = ''
+
+# Query the Fedora Package Database for the list of Critical Path Packages.
+critpath.type = 'pkgdb'
+
+# FAS2
+#sqlalchemy.dburi="sqlite:///"
+fas.url = 'https://admin.fedoraproject.org/accounts/'
+identity.provider='jsonfas2'
+identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
+visit.manager="jsonfas2"
+visit.saprovider.model="fedora.accounts.tgfas.Visit"
+visit.cookie.secure = True
+
+# Our identity that we use to fetch bugzilla details and such
+bodhi_password='{{ bodhiBugzillaPassword }}'
+bodhi_email = 'updates@fedoraproject.org'
+
+# TurboMail 3.0 settings
+mail.on = True
+mail.transport = 'smtp'
+mail.smtp.server = 'bastion'
+# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
+# https://fedorahosted.org/bodhi/ticket/648
+mail.message.encoding = 'utf-8'
+
+notice_sender = 'updates@fedoraproject.org'
+security_team = 'security_respons-members@fedoraproject.org'
+release_team_address = 'bodhiadmin-members@fedoraproject.org'
+fedora_announce_list = 'package-announce@lists.fedoraproject.org'
+fedora_test_announce_list = 'test@lists.fedoraproject.org'
+fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
+fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
+
+build_dir = '/mnt/koji/packages'
+mashed_dir = '/mnt/koji/mash/updates/'
+mashed_stage_dir = '/mnt/koji/mash/updates/'
+mash_conf = '/etc/bodhi/mash.conf'
+
+comps_dir = '/var/tmp/bodhi/comps'
+
+base_address = 'https://admin.fedoraproject.org'
+#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
+bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
+bz_cookie = '/var/tmp/bodhi-bz.cookie'
+bz_products = 'Fedora,Fedora EPEL,oVirt'
+
+acl_system = 'pkgdb'
+pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
+
+buildsystem = 'koji'
+client_cert = '/etc/pki/bodhi/bodhi.pem'
+clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
+serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
+
+masher_lock_id = 'FEDORA-EPEL'
+
+master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml'
+fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml'
+fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/i386/repodata/repomd.xml'
+
+[logging]
+
+[[handlers]]
+
+[[[debug_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='DEBUG'
+formatter='full_content'
+
+[[[access_out]]]
+class='TimedRotatingFileHandler'
+level='INFO'
+args="('/var/log/bodhi/access.log', 'D', 7)"
+formatter='message_only'
+
+[[[error_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='ERROR'
+formatter='full_content'
+
+
+[[loggers]]
+[[[bodhi]]]
+level='DEBUG'
+qualname='bodhi'
+handlers=['debug_out']
+propagate=0
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+propagate=0
+
+#[[[access]]]
+#level='INFO'
+#qualname='turbogears.access'
+#handlers=['debug_out']
+
+[[[turbomail]]]
+level='INFO'
+qualname='turbomail'
+handlers=['debug_out']
diff --git a/roles/bodhi/masher/templates/bodhi-masher-jobrunner.cfg.j2 b/roles/bodhi/masher/templates/bodhi-masher-jobrunner.cfg.j2
new file mode 100644
index 0000000000..919af68b63
--- /dev/null
+++ b/roles/bodhi/masher/templates/bodhi-masher-jobrunner.cfg.j2
@@ -0,0 +1,159 @@
+[global]
+
+##
+## Bodhi Production Masher Configuration
+##
+## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
+##
+
+# Release status
+# pre-beta enforces the 'Pre Beta' policy defined here:
+# https://fedoraproject.org/wiki/Updates_Policy
+f21.status = 'pre_beta'
+
+f21.post_beta.mandatory_days_in_testing = 7
+f21.post_beta.critpath.num_admin_approvals = 0
+f21.post_beta.critpath.min_karma = 2
+f21.post_beta.critpath.stable_after_days_without_negative_karma = 14
+
+f21.pre_beta.mandatory_days_in_testing = 3
+f21.pre_beta.critpath.num_admin_approvals = 0
+f21.pre_beta.critpath.min_karma = 1
+
+sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
+
+masher = None # we are the masher
+
+server.socket_port=8084
+server.environment="production"
+autoreload.on = False
+server.webpath="/updates"
+server.log_file = "server.log"
+server.log_to_screen = False
+server.thread_pool = 50
+server.socket_queue_size = 30
+
+# We probably want to have apache do this for us...
+#gzipFilter.on = True
+
+session_filter.on = False
+base_url_filter.on = True
+base_url_filter.use_x_forwarded_host = False
+base_url_filter.base_url = 'https://admin.fedoraproject.org'
+
+tg.strict_parameters = True
+tg.ignore_parameters = ["_csrf_token"]
+
+# Periodic jobs
+jobs = 'nagmail cache_release_data refresh_metrics approve_testing_updates expire_buildroot_overrides clean_pending_tags'
+
+# Query the Fedora Package Database for the list of Critical Path Packages.
+critpath.type = 'pkgdb'
+
+# FAS2
+#sqlalchemy.dburi="sqlite:///"
+fas.url = 'https://admin.fedoraproject.org/accounts/'
+identity.provider='jsonfas2'
+identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
+visit.manager="jsonfas2"
+visit.saprovider.model="fedora.accounts.tgfas.Visit"
+visit.cookie.secure = True
+
+# Our identity that we use to fetch bugzilla details and such
+bodhi_password='{{ bodhiBugzillaPassword }}'
+bodhi_email = 'updates@fedoraproject.org'
+
+# TurboMail 3.0 settings
+mail.on = True
+mail.transport = 'smtp'
+mail.smtp.server = 'bastion'
+# The 'utf-8-qp' encoding causes problems with TurboMail 3.x
+# https://fedorahosted.org/bodhi/ticket/648
+mail.message.encoding = 'utf-8'
+
+notice_sender = 'updates@fedoraproject.org'
+security_team = 'security_respons-members@fedoraproject.org'
+release_team_address = 'bodhiadmin-members@fedoraproject.org'
+fedora_announce_list = 'package-announce@lists.fedoraproject.org'
+fedora_test_announce_list = 'test@lists.fedoraproject.org'
+fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
+fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
+
+build_dir = '/mnt/koji/packages'
+mashed_dir = '/mnt/koji/mash/updates/'
+mashed_stage_dir = '/mnt/koji/mash/updates/'
+mash_conf = '/etc/bodhi/mash.conf'
+
+comps_dir = '/var/tmp/bodhi/comps'
+
+base_address = 'https://admin.fedoraproject.org'
+#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
+bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
+bz_cookie = '/var/tmp/bodhi-bz.cookie'
+bz_products = 'Fedora,Fedora EPEL,oVirt'
+
+acl_system = 'pkgdb'
+pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
+
+buildsystem = 'koji'
+client_cert = '/etc/pki/bodhi/bodhi.pem'
+clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
+serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
+
+masher_lock_id = 'FEDORA'
+
+master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml'
+fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml'
+fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/i386/repodata/repomd.xml'
+
+arches = 'i386 x86_64'
+
+[logging]
+
+[[handlers]]
+
+[[[debug_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='DEBUG'
+formatter='full_content'
+
+[[[access_out]]]
+class='TimedRotatingFileHandler'
+level='INFO'
+args="('/var/log/bodhi/access.log', 'D', 7)"
+formatter='message_only'
+
+[[[error_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='ERROR'
+formatter='full_content'
+
+
+[[loggers]]
+[[[bodhi]]]
+level='DEBUG'
+qualname='bodhi'
+handlers=['debug_out']
+propagate=0
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+propagate=0
+
+#[[[access]]]
+#level='INFO'
+#qualname='turbogears.access'
+#handlers=['debug_out']
+
+[[[turbomail]]]
+level='INFO'
+qualname='turbomail'
+handlers=['debug_out']
+
+[[[urllib3]]]
+level='WARN'
+qualname='urllib3'
+handlers=['debug_out']
diff --git a/roles/bodhi/masher/templates/bodhi-masher.cfg.j2 b/roles/bodhi/masher/templates/bodhi-masher.cfg.j2
new file mode 100644
index 0000000000..81c85dfdff
--- /dev/null
+++ b/roles/bodhi/masher/templates/bodhi-masher.cfg.j2
@@ -0,0 +1,142 @@
+[global]
+
+##
+## Bodhi Production Masher Configuration
+##
+## $Id: bodhi-prod.cfg.erb,v 1.8 2008/05/21 23:38:07 lmacken Exp $
+##
+
+sqlobject.dburi="notrans_postgres://bodhi:{{ bodhiPassword }}@db-bodhi/bodhi"
+
+masher = None # we are the masher
+
+server.socket_port=8084
+server.environment="production"
+autoreload.on = False
+server.webpath="/updates"
+server.log_file = "server.log"
+server.log_to_screen = False
+server.thread_pool = 50
+server.socket_queue_size = 30
+
+# We probably want to have apache do this for us...
+#gzipFilter.on = True
+
+session_filter.on = False
+base_url_filter.on = True
+base_url_filter.use_x_forwarded_host = False
+base_url_filter.base_url = 'https://admin.fedoraproject.org'
+
+tg.strict_parameters = True
+tg.ignore_parameters = ["_csrf_token"]
+
+# Periodic jobs
+jobs = ''
+
+# Query the Fedora Package Database for the list of Critical Path Packages.
+# This pkgdb feature is currently broken in staging.
+{% if environment == "production" %}
+critpath.type = 'pkgdb'
+{% endif %}
+
+# FAS2
+#sqlalchemy.dburi="sqlite:///"
+fas.url = 'https://admin.fedoraproject.org/accounts/'
+identity.provider='jsonfas2'
+identity.saprovider.model.visit="fedora.accounts.tgfas.VisitIdentity"
+visit.manager="jsonfas2"
+visit.saprovider.model="fedora.accounts.tgfas.Visit"
+visit.cookie.secure = True
+
+# Our identity that we use to fetch bugzilla details and such
+bodhi_password='{{ bodhiBugzillaPassword }}'
+bodhi_email = 'updates@fedoraproject.org'
+
+mail.on = True
+mail.server = 'bastion'
+notice_sender = 'updates@fedoraproject.org'
+security_team = 'security_respons-members@fedoraproject.org'
+release_team_address = 'bodhiadmin-members@fedoraproject.org'
+fedora_announce_list = 'package-announce@lists.fedoraproject.org'
+fedora_test_announce_list = 'test@lists.fedoraproject.org'
+fedora_epel_announce_list = 'epel-package-announce@lists.fedoraproject.org'
+fedora_epel_test_announce_list = 'epel-devel@lists.fedoraproject.org'
+
+build_dir = '/mnt/koji/packages'
+mashed_dir = '/mnt/koji/mash/updates/'
+mashed_stage_dir = '/mnt/koji/mash/updates/'
+mash_conf = '/etc/bodhi/mash.conf'
+
+comps_dir = '/var/tmp/bodhi/comps'
+
+base_address = 'https://admin.fedoraproject.org'
+#bz_server = 'https://bzprx.vip.phx.redhat.com/xmlrpc.cgi'
+bz_server = 'https://bugzilla.redhat.com/xmlrpc.cgi'
+bz_cookie = '/var/tmp/bodhi-bz.cookie'
+bz_products = 'Fedora,Fedora EPEL,oVirt'
+
+acl_system = 'pkgdb'
+pkgdb_url = 'https://admin.fedoraproject.org/pkgdb'
+
+buildsystem = 'koji'
+client_cert = '/etc/pki/bodhi/bodhi.pem'
+clientca_cert = '/etc/pki/bodhi/fedora-upload-ca.cert'
+serverca_cert = '/etc/pki/bodhi/fedora-server-ca.cert'
+
+masher_lock_id = 'FEDORA'
+
+master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml'
+fedora_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml'
+fedora_epel_master_repomd = 'http://download01.phx2.fedoraproject.org/pub/epel/%d/i386/repodata/repomd.xml'
+
+arches = 'armhfp i386 x86_64'
+
+[logging]
+
+[[handlers]]
+
+[[[debug_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='DEBUG'
+formatter='full_content'
+
+[[[access_out]]]
+class='TimedRotatingFileHandler'
+level='INFO'
+args="('/var/log/bodhi/access.log', 'D', 7)"
+formatter='message_only'
+
+[[[error_out]]]
+class='TimedRotatingFileHandler'
+args="('/var/log/bodhi/server.log', 'D', 7)"
+level='ERROR'
+formatter='full_content'
+
+
+[[loggers]]
+[[[bodhi]]]
+level='DEBUG'
+qualname='bodhi'
+handlers=['debug_out']
+propagate=0
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+propagate=0
+
+#[[[access]]]
+#level='INFO'
+#qualname='turbogears.access'
+#handlers=['debug_out']
+
+[[[turbomail]]]
+level='INFO'
+qualname='turbomail'
+handlers=['debug_out']
+
+[[[urllib3]]]
+level='WARN'
+qualname='urllib3'
+handlers=['debug_out']
diff --git a/roles/nfs_client/files/route-eth1 b/roles/nfs_client/files/route-eth1
new file mode 100644
index 0000000000..b94a496bfc
--- /dev/null
+++ b/roles/nfs_client/files/route-eth1
@@ -0,0 +1 @@
+10.5.88.0/24 via 10.5.127.254 dev eth1
diff --git a/roles/nfs_client/tasks/main.yml b/roles/nfs_client/tasks/main.yml
new file mode 100644
index 0000000000..cd4e52865a
--- /dev/null
+++ b/roles/nfs_client/tasks/main.yml
@@ -0,0 +1,25 @@
+- name: route config for netapp network
+ copy: src=route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
+
+- name: check for netapp route
+ command: ip route show
+ register: netapproute
+ always_run: yes
+ changed_when: "1 != 1"
+
+- name: run netapp route
+ command: /etc/sysconfig/network-scripts/ifup-routes eth1
+# when: netapproute.stdout.find("10.5.88.0") == -1 and not inventory_hostname.startswith('arm')
+
+- name: nfs mount points
+ mount: >
+ name=/mnt/{{ mnt_dir }}
+ src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/{{ nfs_src_dir }}
+ fstype=nfs
+ opts=ro,hard,bg,intr,noatime,nodev,nosuid
+ passno=0
+ dump=0
+ state=mounted
+
+- name: make a mnt/ link
+ file: state=link src=/mnt/{{ mnt_dir }}/{{ mnt_link }} dest=/mnt/{{ mnt_link }}