Remove fedmsg and github2fedmsg from staging

The messaging bridges openshift project and github2fedmsg VM were already removed in staging. This is to clean the ansible playbooks. I will create a separate one for production after this one is merged. Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2025-02-03 14:39:13 +01:00 · 2025-02-03 14:39:13 +01:00 · 7b58dfdce8
commit 7b58dfdce8
parent 3b211105c9
40 changed files with 24 additions and 491 deletions
--- a/inventory/group_vars/bodhi_backend_stg
+++ b/inventory/group_vars/bodhi_backend_stg
@ -31,16 +31,13 @@ testing: True
 notes: |
  Run the Bodhi masher.
  The mashing of repos here happens as part of the 'fedmsg-hub' daemon.
  Check logs with 'journalctl -u fedmsg-hub'.
  Check the bodhi masher docs/code for more detail on what it does:
    https://github.com/fedora-infra/bodhi/blob/develop/bodhi/consumers/masher.py
  * This host relies on:
    * db01 for its database, which is shares with the bodhi2 frontend nodes.
    * An NFS mount of koji data in /mnt/koji/
-    * The fedmsg bus for triggering mashes.
+    * The fedora messaging for triggering mashes.
    * XMLRPC calls to koji for tagging and untagging updates.
    * bugzilla for posting comments about status changes
    * the wiki for getting information about QA "Test Cases"
--- a/inventory/group_vars/buildvm_aarch64_stg
+++ b/inventory/group_vars/buildvm_aarch64_stg
@ -33,6 +33,6 @@ volgroup: /dev/vg_guests
 notes: |
  Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging).
  * VMs built on top of buildvmhost
-  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
+  * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
--- a/inventory/group_vars/buildvm_ppc64le_stg
+++ b/inventory/group_vars/buildvm_ppc64le_stg
@ -32,6 +32,6 @@ volgroup: /dev/vg_guests
 notes: |
  Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging).
  * VMs built on top of buildvmhost
-  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
+  * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
--- a/inventory/group_vars/buildvm_s390x_stg
+++ b/inventory/group_vars/buildvm_s390x_stg
@ -12,6 +12,6 @@ virt_install_command: "{{ virt_install_command_s390x_one_nic_unsafe }}"
 notes: |
  Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders.
  * VMs built on top of a s390x LPAR
-  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
+  * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
--- a/inventory/group_vars/buildvm_stg
+++ b/inventory/group_vars/buildvm_stg
@ -32,6 +32,6 @@ volgroup: /dev/vg_guests
 notes: |
  Koji service employs a set of machines to build packages for the Fedora project. This playbook builds vm builders (staging).
  * VMs built on top of buildvmhost
-  * Relies on koji-hub, Packages, PkgDB, apache, fedmsg, fas, virthost, and is monitored by nagios
+  * Relies on koji-hub, Packages, PkgDB, apache, fedora messaging, fas, virthost, and is monitored by nagios
  * Several services rely on the builders, including koschei, Bodhi, Tagger, SCM, Darkserver.
  * Produces automated builds of packages for the architecture listed. Builders can be scaled by adding new
--- a/inventory/group_vars/busgateway_stg
+++ b/inventory/group_vars/busgateway_stg
@ -1,27 +0,0 @@
 ---
 # Define resources for this group of hosts here.
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
 ipa_client_shell_groups:
  - sysadmin-datanommer
  - sysadmin-noc
  - sysadmin-veteran
 ipa_client_sudo_groups:
  - sysadmin-datanommer
 ipa_host_group: busgateway
 ipa_host_group_desc: Bridge between fedmsg and fedora-messaging
 lvm_size: 20000
 mem_size: 4096
 num_cpus: 1
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
 tcp_ports: [3999, # The fedmsg-relay republishes here.  Listeners need to connect.
  9941, # The fedmsg-relay listens here.  Ephemeral producers connect.
  9940, # The fedmsg-gateway republishes here.  Proxies need to connect.
  9919, # The websocket server publishes here.  Proxies need to connect.
 ]
--- a/inventory/group_vars/github2fedmsg_stg
+++ b/inventory/group_vars/github2fedmsg_stg
@ -1,73 +0,0 @@
 ---
 # Define resources for this group of hosts here.
 # Neeed for rsync from log01 for logs.
 custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
 nft_custom_rules:
  - 'add rule ip filter INPUT ip saddr 10.3.163.39  tcp dport 873 counter accept'
  - 'add rule ip filter INPUT ip saddr 192.168.1.59 tcp dport 873 counter accept'
 deployment_type: stg
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - github.commit_comment
      - github.create
      - github.delete
      - github.fork
      - github.gollum
      - github.issue.assigned
      - github.issue.closed
      - github.issue.comment
      - github.issue.edited
      - github.issue.labeled
      - github.issue.milestone
      - github.issue.opened
      - github.issue.reopened
      - github.issue.unassigned
      - github.issue.unlabeled
      - github.label
      - github.member
      - github.page_build
      - github.pull_request.assigned
      - github.pull_request.closed
      - github.pull_request.edited
      - github.pull_request.labeled
      - github.pull_request.opened
      - github.pull_request_review
      - github.pull_request_review_comment
      - github.pull_request.review_requested
      - github.pull_request.synchronize
      - github.pull_request.unlabeled
      - github.push
      - github.release
      - github.repository_vulnerability_alert
      - github.star
      - github.status
      - github.team_add
      - github.webhook
    group: apache
    owner: root
    service: github2fedmsg
 ipa_client_shell_groups:
  - sysadmin-noc
  - sysadmin-veteran
 ipa_host_group: github2fedmsg
 ipa_host_group_desc: Bridge select GitHub repo events into bus messages
 lvm_size: 20000
 mem_size: 4096
 num_cpus: 1
 tcp_ports: [80]
 # for fedora-messaging
 username: "github2fedmsg{{ env_suffix }}"
 user_sent_topics: ^org\.fedoraproject\.{{ env_short }}\.github\..*
 # Definining these vars has a number of effects
 # 1) mod_wsgi is configured to use the vars for its own setup
 # 2) iptables opens enough ports for all threads for fedmsg
 # 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
 wsgi_fedmsg_service: github2fedmsg
 wsgi_procs: 2
 wsgi_threads: 2
--- a/inventory/group_vars/greenwave_stg
+++ b/inventory/group_vars/greenwave_stg
@ -1,10 +0,0 @@
 ---
 # XXX - this is not really a group of real hosts.
 # Instead, it represents an application in openshift.
 # See playbooks/openshift-apps/greenwave.yml
 fedmsg_certs:
  - can_send:
      - logger.log
      - greenwave.decision.update
    service: greenwave
 fedmsg_env: stg
--- a/inventory/group_vars/koji_stg
+++ b/inventory/group_vars/koji_stg
@ -1,25 +1,6 @@
 ---
 # Define resources for this group of hosts here.
 docker_registry: "candidate-registry.stg.fedoraproject.org"
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - buildsys.build.state.change
      - buildsys.package.list.change
      - buildsys.repo.done
      - buildsys.repo.init
      - buildsys.rpm.sign
      - buildsys.tag
      - buildsys.task.state.change
      - buildsys.untag
    group: apache
    owner: root
    service: koji
 ipa_client_shell_groups:
  - fi-apprentice
  - sysadmin-noc
@ -42,7 +23,5 @@ num_cpus: 8
 source_registry: "registry.stg.fedoraproject.org"
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
-tcp_ports: [80, 443, 111, 2049,
+tcp_ports: [80, 443, 111, 2049]
  # These 8 ports are used by fedmsg.  One for each wsgi thread.
  3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007]
 udp_ports: [111, 2049]
--- a/inventory/group_vars/mailman_stg
+++ b/inventory/group_vars/mailman_stg
@ -1,18 +1,6 @@
 ---
 # common items for the releng-* boxes
 deployment_type: prod
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - mailman.receive
    group: mailman
    owner: mailman
    service: mailman
 ipa_client_shell_groups:
  - sysadmin-tools
 ipa_client_sudo_groups:
@ -59,9 +47,7 @@ num_cpus: 4
 # Postfix main.cf
 postfix_group: mailman-stg
-tcp_ports: [25, 80, 443,
+tcp_ports: [25, 80, 443]
  # For outbound fedmsg
  3000, 3001, 3002, 3003]
 # mailman role variables
 mailman_log_level: debug
--- a/inventory/group_vars/notifs_backend_stg
+++ b/inventory/group_vars/notifs_backend_stg
@ -1,27 +1,6 @@
 ---
 # Define resources for this group of hosts here.
 deployment_type: stg
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - # The shell cert needs to be allowed to send these too so it can do alembic
    # upgrades that trigger messages.
    can_send:
      - fmn.filter.update
      - fmn.preference.update
      - fmn.rule.update
      - fmn.confirmation.update
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - fmn.filter.update
      - fmn.preference.update
      - fmn.rule.update
      - fmn.confirmation.update
    group: fedmsg
    owner: root
    service: fmn
 ipa_client_shell_groups:
  - fi-apprentice
  - sysadmin-noc
--- a/inventory/group_vars/notifs_web_stg
+++ b/inventory/group_vars/notifs_web_stg
@ -1,21 +1,6 @@
 ---
 # Define resources for this group of hosts here.
 deployment_type: stg
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - fmn.filter.update
      - fmn.preference.update
      - fmn.rule.update
      - fmn.confirmation.update
    group: apache
    owner: root
    service: fmn
 lvm_size: 20000
 mem_size: 1024
 num_cpus: 2
--- a/inventory/group_vars/pagure_stg
+++ b/inventory/group_vars/pagure_stg
@ -2,46 +2,6 @@
 # Define resources for this group of hosts here.
 # For the MOTD
 env: pagure-staging
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - pagure.git.receive
      - pagure.issue.assigned.added
      - pagure.issue.assigned.reset
      - pagure.issue.comment.added
      - pagure.issue.comment.edited
      - pagure.issue.dependency.added
      - pagure.issue.dependency.removed
      - pagure.issue.drop
      - pagure.issue.edit
      - pagure.issue.new
      - pagure.issue.tag.added
      - pagure.issue.tag.removed
      - pagure.project.deleted
      - pagure.project.edit
      - pagure.project.forked
      - pagure.project.group.added
      - pagure.project.new
      - pagure.project.tag.edited
      - pagure.project.tag.removed
      - pagure.project.user.access.updated
      - pagure.project.user.added
      - pagure.pull-request.closed
      - pagure.pull-request.comment.added
      - pagure.pull-request.flag.added
      - pagure.pull-request.flag.updated
      - pagure.pull-request.new
      - pagure.request.assigned.added
    group: apache
    owner: git
    service: pagure
 fedmsg_env: stg
 fedmsg_prefix: io.pagure
 freezes: false
 git_basepath: /srv/git/repositories
 git_daemon_user: git
@ -71,9 +31,7 @@ stunnel_source_port: :::8088
 # the host_vars/$hostname file
 tcp_ports: [22, 25, 80, 443, 9418,
  # Used for the eventsource server
-  8088,
+  8088]
  # This is for the pagure public fedmsg relay
  9940]
 vpn: true
 notes: |
--- a/inventory/group_vars/pkgs_stg
+++ b/inventory/group_vars/pkgs_stg
@ -20,61 +20,6 @@ clamscan_paths:
 # This host is externally reachable
 #
 external: true
 fedmsg_active: True
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
      - git.branch
      - git.mass_branch.complete
      - git.mass_branch.start
      - pagure.git.receive
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - git.branch
      - git.mass_branch.complete
      - git.mass_branch.start
      - git.receive
      - pagure.git.receive
    group: packager
    owner: root
    service: scm
  - can_send:
      - git.lookaside.new
    group: apache
    owner: root
    service: lookaside
  - can_send:
      - pagure.git.receive
      - pagure.issue.assigned.added
      - pagure.issue.assigned.reset
      - pagure.issue.comment.added
      - pagure.issue.dependency.added
      - pagure.issue.dependency.removed
      - pagure.issue.edit
      - pagure.issue.new
      - pagure.issue.tag.added
      - pagure.issue.tag.removed
      - pagure.project.edit
      - pagure.project.forked
      - pagure.project.group.added
      - pagure.project.new
      - pagure.project.tag.edited
      - pagure.project.tag.removed
      - pagure.project.user.added
      - pagure.project.user.removed
      - pagure.pull-request.closed
      - pagure.pull-request.comment.added
      - pagure.pull-request.comment.edited
      - pagure.pull-request.flag.added
      - pagure.pull-request.flag.updated
      - pagure.pull-request.new
      - pagure.request.assigned.added
    group: apache
    owner: pagure
    service: pagure
 ipa_client_shell_groups:
  - packager
  - sysadmin-cvs
--- a/inventory/group_vars/proxies_stg
+++ b/inventory/group_vars/proxies_stg
@ -9,10 +9,6 @@ custom_rules: [
  '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 127.0.0.1 --dport 6082 -j ACCEPT',
  # also allow varnish from internal for purge requests
  '-A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 6081 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 10.3.163.0/24 --dport 6081 -j ACCEPT',
  # Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
  # Contact cydrobolt about the status of this.  It hasn't hit prod status
  # yet as of 2015-04-27 (threebean).
  '-A INPUT -p tcp -m tcp --dport 9941 -s 104.207.133.220 -j ACCEPT',
  '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.115 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.116 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.117 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.118 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.119 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.120 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.121 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.122 -j ACCEPT', '-A INPUT -p tcp -m tcp --dport 22623 -s 10.3.166.123 -j ACCEPT']
 nft_custom_rules:
  # Need for rsync from log01 for logs.
@ -24,11 +20,6 @@ nft_custom_rules:
  # also allow varnish from internal for purge requests
  - 'add rule ip filter INPUT ip saddr 192.168.1.0/24 tcp dport 6081 counter accept'
  - 'add rule ip filter INPUT ip saddr 10.3.163.0/24  tcp dport 6081 counter accept'
  # Allow stg.fedoramagazine.org running at vultr.com to talk inbound fedmsg
  # Contact cydrobolt about the status of this.  It hasn't hit prod status
  # yet as of 2015-04-27 (threebean).
  #!# FIXME: Keep??
  - 'add rule ip filter INPUT ip saddr 104.207.133.220 tcp dport 9941 counter accept'
  - 'add rule ip filter INPUT ip saddr 10.3.166.115 tcp dport 22623 counter accept'
  - 'add rule ip filter INPUT ip saddr 10.3.166.116 tcp dport 22623 counter accept'
  - 'add rule ip filter INPUT ip saddr 10.3.166.117 tcp dport 22623 counter accept'
@ -80,12 +71,6 @@ tcp_ports: [
  15671,
  # This is for TOTP
  8443,
  # For fedmsg websocket server over stunnel
  9939,
  # For fedmsg raw zeromq socket (outbound)
  9940,
  # 9941 is closed generally, is for the inbound fedmsg and is covered in
  # custom_rules
 ]
 varnish_group: proxies
 zabbix_templates: "{{ [] }}" # For the moment we have no proxies external to IAD2, if this changes, put in the changes in the production group.
--- a/inventory/group_vars/staging
+++ b/inventory/group_vars/staging
@ -9,8 +9,6 @@ env_prefix: stg.
 env_short: stg
 env_suffix: .stg
 external: false
 fedmsg_env: stg
 fedmsg_prefix: org.fedoraproject
 freezes: false
 host_group: staging
 ipa_admin_password: "{{ ipa_stg_admin_password }}"
--- a/inventory/group_vars/value_stg
+++ b/inventory/group_vars/value_stg
@ -19,32 +19,6 @@ nft_custom_rules:
  # batcave01 also needs access to announce commits.
  - 'add rule ip filter INPUT ip saddr 10.3.163.35 tcp dport 5050 counter accept'
 deployment_type: stg
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      # cookies!
      - irc.karma
      # standard meetbot stuff
      - meetbot.meeting.complete
      - meetbot.meeting.start
      - meetbot.meeting.topic.update
      # meetbot line items
      - meetbot.meeting.item.agreed
      - meetbot.meeting.item.accepted
      - meetbot.meeting.item.rejected
      - meetbot.meeting.item.action
      - meetbot.meeting.item.info
      - meetbot.meeting.item.idea
      - meetbot.meeting.item.help
      - meetbot.meeting.item.link
    group: daemon
    owner: root
    service: supybot
 ipa_client_shell_groups:
  - fi-apprentice
  - sysadmin-mote
@ -61,9 +35,7 @@ mem_size: 6144
 num_cpus: 2
 # for systems that do not match the above - specify the same parameter in
 # the host_vars/$hostname file
-tcp_ports: [80, 443,
+tcp_ports: [80, 443]
  # These 16 ports are used by fedmsg.  One for each wsgi thread.
  3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007, 3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
 notes: |
  Hosts staging services which help facilitate communication over IRC and related mediums.
--- a/inventory/group_vars/waiverdb_stg
+++ b/inventory/group_vars/waiverdb_stg
@ -1,10 +0,0 @@
 ---
 # XXX - this is not really a group of real hosts.
 # Instead, it represents an application in openshift.
 # See playbooks/openshift-apps/waiverdb.yml
 fedmsg_certs:
  - can_send:
      - logger.log
      - waiverdb.waiver.new
    service: waiverdb
 fedmsg_env: stg
--- a/inventory/group_vars/wiki_stg
+++ b/inventory/group_vars/wiki_stg
@ -1,19 +1,6 @@
 ---
 # Define resources for this group of hosts here.
 deployment_type: stg
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - wiki.article.edit
      - wiki.upload.complete
    group: apache
    owner: root
    service: mediawiki
 ipa_client_shell_groups:
  - fi-apprentice
  - sysadmin-noc
--- a/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/bodhi-backend01.stg.iad2.fedoraproject.org
@ -2,22 +2,6 @@
 # These are consumed by a task in roles/fedmsg/base/main.yml
 eth0_ipv4_gw: 10.3.167.254
 eth0_ipv4_ip: 10.3.167.32
 fedmsg_certs:
  # This first cert is used by the push-tool.   releng members run it and it fires
  # off a simple fedmsg message that the masher (running as fedmsg-hub) is
  # listening for.  It then does all the worker.
  # These are certs for pungi
  - can_send:
      # new school pungi-koji stuff (ask dgilmore)
      - pungi.compose.phase.start
      - pungi.compose.phase.stop
      - pungi.compose.status.change
      - pungi.compose.createiso.targets
      - releng.atomic.twoweek.begin
      - releng.atomic.twoweek.complete
    group: sysadmin-releng
    owner: apache
    service: releng
 ks_repo: https://infrastructure.fedoraproject.org/pub/fedora/linux/releases/40/Server/x86_64/os/
 ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-fedora
 vmhost: bvmhost-x86-03.stg.iad2.fedoraproject.org
--- a/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/compose-x86-01.stg.iad2.fedoraproject.org
@ -1,14 +1,6 @@
 datacenter: staging
 eth0_ipv4_gw: 10.3.167.254
 eth0_ipv4_ip: 10.3.167.33
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
  - group: root
    owner: root
    service: shell
  - group: root
    owner: root
    service: bodhi
 koji_hub_nfs: "fedora_koji"
 kojihub_scheme: http
 kojihub_url: koji.stg.fedoraproject.org/kojihub
--- a/inventory/host_vars/github2fedmsg01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/github2fedmsg01.stg.iad2.fedoraproject.org
@ -1,8 +0,0 @@
 ---
 datacenter: iad2
 eth0_ipv4_gw: 10.3.166.254
 eth0_ipv4_ip: 10.3.166.39
 ks_repo: https://infrastructure.fedoraproject.org/repo/rhel/RHEL7-x86_64/
 ks_url: https://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7-iad2
 vmhost: vmhost-x86-11.stg.iad2.fedoraproject.org
 volgroup: /dev/vg_guests
--- a/inventory/inventory
+++ b/inventory/inventory
@ -90,18 +90,12 @@ ibiblio05.fedoraproject.org
 [busgateway]
 busgateway01.iad2.fedoraproject.org
 [busgateway_stg]
 busgateway01.stg.iad2.fedoraproject.org
 [flatpak_cache]
 flatpak-cache01.iad2.fedoraproject.org
 [github2fedmsg]
 github2fedmsg01.iad2.fedoraproject.org
 [github2fedmsg_stg]
 github2fedmsg01.stg.iad2.fedoraproject.org
 [mailman]
 mailman01.iad2.fedoraproject.org
@ -161,7 +155,6 @@ db-datanommer01.stg.iad2.fedoraproject.org
 # clients that talk to the main postgres stg servers
 [postgres_clients_stg]
 bodhi-backend01.stg.iad2.fedoraproject.org
 busgateway01.stg.iad2.fedoraproject.org
 koji01.stg.iad2.fedoraproject.org
 [download_iad2]
@ -532,7 +525,6 @@ buildvm-x86-02.stg.iad2.fedoraproject.org
 buildvm-x86-03.stg.iad2.fedoraproject.org
 buildvm-x86-04.stg.iad2.fedoraproject.org
 buildvm-x86-05.stg.iad2.fedoraproject.org
 busgateway01.stg.iad2.fedoraproject.org
 compose-x86-01.stg.iad2.fedoraproject.org
 copr-be-dev.aws.fedoraproject.org
 #copr-be-dev-temp.aws.fedoraproject.org
@ -549,7 +541,6 @@ db.stg.aws.fedoraproject.org
 debuginfod01.stg.iad2.fedoraproject.org
 oci-candidate-registry01.stg.iad2.fedoraproject.org
 oci-registry01.stg.iad2.fedoraproject.org
 github2fedmsg01.stg.iad2.fedoraproject.org
 ipa01.stg.iad2.fedoraproject.org
 ipa02.stg.iad2.fedoraproject.org
 ipa03.stg.iad2.fedoraproject.org
@ -667,46 +658,25 @@ wiki02.iad2.fedoraproject.org
 busgateway
 pkgs
 [fedmsg_hubs_stg:children]
 busgateway_stg
 pkgs_stg
 [fedmsg_ircs:children]
 value
 [fedmsg_ircs_stg:children]
 value_stg
 [fedmsg_relays:children]
 busgateway
 [fedmsg_relays_stg:children]
 busgateway_stg
 [fedmsg_gateways:children]
 busgateway
 proxies
 [fedmsg_gateways_stg:children]
 busgateway_stg
 proxies_stg
 [fedmsg_services:children]
 fedmsg_hubs
 fedmsg_ircs
 fedmsg_relays
 fedmsg_gateways
 [fedmsg_services_stg:children]
 fedmsg_hubs_stg
 fedmsg_ircs_stg
 fedmsg_relays_stg
 fedmsg_gateways_stg
 # These are groups that are using the python34 fedmsg stack.
 [python34_fedmsg:children]
 mailman
 mailman_stg
 ## END fedmsg services
@ -1038,10 +1008,8 @@ bodhi_backend_stg
 buildvm_stg
 buildvm_ppc64le_stg
 buildvm_aarch64_stg
 busgateway_stg
 dbserver_stg
 debuginfod_stg
 github2fedmsg_stg
 ipa_stg
 ipsilon_stg
 koji_stg
--- a/main.yml
+++ b/main.yml
@ -5,7 +5,6 @@
 ## over all machines.
 ##
 ## some common ones:
 ## -t fedmsgconfig -> runs fedmsg/base config over all playbooks
 ## -t apache -> run when tasks/apache.yml changes.
 ##
 ##
--- a/playbooks/groups/busgateway.yml
+++ b/playbooks/groups/busgateway.yml
@ -1,10 +1,10 @@
 ---
 - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
  vars:
-    myhosts: "busgateway:busgateway_stg"
+    myhosts: "busgateway"
 - name: Dole out the generic configuration
-  hosts: busgateway:busgateway_stg
+  hosts: busgateway
  user: root
  gather_facts: true
@ -32,7 +32,7 @@
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
 - name: Dole out the service-specific config
-  hosts: busgateway:busgateway_stg
+  hosts: busgateway
  user: root
  gather_facts: true
--- a/playbooks/groups/github2fedmsg.yml
+++ b/playbooks/groups/github2fedmsg.yml
@ -6,10 +6,10 @@
 ---
 - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
  vars:
-    myhosts: "github2fedmsg:github2fedmsg_stg"
+    myhosts: "github2fedmsg"
 - name: Make the box be real
-  hosts: github2fedmsg:github2fedmsg_stg
+  hosts: github2fedmsg
  user: root
  gather_facts: true
@ -39,7 +39,7 @@
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
 - name: Deploy service-specific config
-  hosts: github2fedmsg:github2fedmsg_stg
+  hosts: github2fedmsg
  user: root
  gather_facts: true
--- a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml
+++ b/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml
@ -1,6 +1,6 @@
 ---
 - name: Uninstall IPA client
-  hosts: bodhi_backend_stg:bugzilla2fedmsg_stg:github2fedmsg_stg:ipsilon_stg:buildvm_stg:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x_stg
+  hosts: bodhi_backend_stg:bugzilla2fedmsg_stg:ipsilon_stg:buildvm_stg:buildvm_ppc64le_stg:buildvm_aarch64_stg:buildvm_armv7_stg:buildvm_s390x_stg
  user: root
  vars_files:
  - /srv/web/infra/ansible/vars/global.yml
--- a/playbooks/manual/restart-fedmsg-services.yml
+++ b/playbooks/manual/restart-fedmsg-services.yml
@ -7,7 +7,7 @@
 ---
 - name: Restart fedmsg-gateway instances
-  hosts: fedmsg_gateways:fedmsg_gateways_stg
+  hosts: fedmsg_gateways
  user: root
  gather_facts: false
@ -21,7 +21,7 @@
    service: name=fedmsg-gateway state=restarted
 - name: Restart fedmsg-relay instances
-  hosts: fedmsg_relays:fedmsg_relays_stg
+  hosts: fedmsg_relays
  user: root
  gather_facts: false
@ -35,7 +35,7 @@
    service: name=fedmsg-relay state=restarted
 - name: Restart fedmsg-irc instances
-  hosts: fedmsg_ircs:fedmsg_ircs_stg
+  hosts: fedmsg_ircs
  user: root
  gather_facts: false
@ -49,7 +49,7 @@
    service: name=fedmsg-irc state=restarted
 - name: Tell nagios to be quiet about FMN for the moment
-  hosts: notifs_backend:notifs_backend_stg
+  hosts: notifs_backend
  user: root
  gather_facts: false
@ -67,7 +67,7 @@
 #    service: name=fmn-digests@1 state=restarted
 - name: Restart fedmsg-hub instances
-  hosts: fedmsg_hubs:fedmsg_hubs_stg
+  hosts: fedmsg_hubs
  user: root
  gather_facts: false
@ -81,7 +81,7 @@
    service: name=fedmsg-hub state=restarted
 - name: Restart moksha-hub instances
-  hosts: moksha_hubs:moksha_hubs_stg
+  hosts: moksha_hubs
  user: root
  gather_facts: false
--- a/playbooks/manual/upgrade/fedmsg.yml
+++ b/playbooks/manual/upgrade/fedmsg.yml
@ -2,22 +2,16 @@
 - name: Push packages out
  hosts:
  - fedmsg-hubs
  - fedmsg-hubs-stg
  - fedmsg-relays
  - fedmsg-relays-stg
  - fedmsg-ircs
  - fedmsg-ircs-stg
  - fedmsg-gateways
  - fedmsg-gateways-stg
  - moksha-hubs
  - moksha-hubs-stg
  - datagrepper
  - datagrepper-stg
  user: root
  vars_files:
--- a/roles/base/templates/iptables/iptables.staging
+++ b/roles/base/templates/iptables/iptables.staging
@ -29,13 +29,6 @@
 -A INPUT -p tcp -m tcp --dport 10050 -s 10.3.166.61 -j ACCEPT
 # if the host declares a fedmsg-enabled wsgi app, open ports for it
 {% if wsgi_fedmsg_service is defined %}
 {% for i in range(wsgi_procs * wsgi_threads) %}
 -A INPUT -p tcp -m tcp --dport 30{{ '%02d' % i }} -j ACCEPT
 {% endfor %}
 {% endif %}
 # if the host/group defines incoming tcp_ports - allow them
 {% for port in tcp_ports %}
 -A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT
--- a/roles/base/templates/nftables/nftables.staging
+++ b/roles/base/templates/nftables/nftables.staging
@ -29,13 +29,6 @@ add rule ip filter INPUT tcp dport 10051 counter accept
 add rule ip filter INPUT ip saddr 10.3.166.61 tcp dport 10050 counter accept
 # if the host declares a fedmsg-enabled wsgi app, open ports for it
 {% if wsgi_fedmsg_service is defined %}
 {% for i in range(wsgi_procs * wsgi_threads) %}
 add rule ip filter INPUT tcp dport 30{{ '%02d' % i }} counter accept
 {% endfor %}
 {% endif %}
 # if the host/group defines incoming tcp_ports - allow them
 {% for port in tcp_ports %}
 add rule ip filter INPUT tcp dport {{ port }} counter accept
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@ -201,7 +201,7 @@
  - zodbot
 #
-# This is another script to announce commits, this time to the fedmsg bus
+# This is another script to announce commits, this time to the fedora messaging
 #
 - name: Install packages needed
--- a/roles/bugzilla2fedmsg/tasks/main.yml
+++ b/roles/bugzilla2fedmsg/tasks/main.yml
@ -1,6 +1,4 @@
 ---
 # Setup a fedmsg-hub
 - name: Install needed packages
  ansible.builtin.package: name={{ item }} state=present
  with_items:
--- a/roles/bugzilla2fedmsg/templates/bugzilla2fedmsg.ini
+++ b/roles/bugzilla2fedmsg/templates/bugzilla2fedmsg.ini
@ -5,8 +5,6 @@
 # Some configuration for our workers
 bugzilla.products = Fedora, Fedora EPEL
 # If you have 8 worker threads you *also* need 8 fedmsg endpoints in fedmsg.d/
 # and 8 open holes in the firewall
 bugzilla.num_workers = 1
 moksha.workers_per_consumer = 2
 moksha.threadpool_size = 5
--- a/roles/collectd/base/tasks/main.yml
+++ b/roles/collectd/base/tasks/main.yml
@ -184,9 +184,6 @@
 # each of the below should move to a separate task list
 # since they are odd-balls and one-offs
 # fedmsg - busgateway## only
  # add /usr/share/collectd/fedmsg-types.db
 # memcached - memcached only
 # postgres - this is a conn check
--- a/roles/copr/backend/templates/copr-be.conf.j2
+++ b/roles/copr/backend/templates/copr-be.conf.j2
@ -77,10 +77,6 @@ builds_max_workers_sandbox=4
 # actions.
 actions_max_workers={% if env == 'production' %}20{% else %}4{% endif %}
 # publish fedmsg notifications from workers if true
 # default is false
 #fedmsg_enabled=false
 # enable package signing, require configured
 # signer host and correct /etc/sign.conf
 do_sign={{ do_sign }}
--- a/roles/hosts/files/koji01.stg.iad2.fedoraproject.org-hosts
+++ b/roles/hosts/files/koji01.stg.iad2.fedoraproject.org-hosts
@ -1,4 +1,4 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_dbdb-summershum db-tahrir db-notifs db-kerneltest
+10.5.128.120    db01.stg.phx2.fedoraproject.org db-ask db-elections db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-fedocal tagger_dbdb-summershum db-tahrir db-notifs db-kerneltest
--- a/roles/openshift-apps/firmitas/templates/certlist.yml.j2
+++ b/roles/openshift-apps/firmitas/templates/certlist.yml.j2
@ -463,22 +463,6 @@ git-hooks:
    time: null
  path: production/git-hooks.crt
  user: firmitas-automata
 github2fedmsg.stg:
  certstat:
    cstarted: true
    cstopped: false
    daystobt: -2055
    daystodd: 1595
    issuauth: RabbitMQ STAGING CA
    serialno: 307862844954847146655560450394425008564
    stopdate: 2029-02-18 18:33:59
    strtdate: 2019-02-21 18:33:59
  notistat:
    done: false
    link: null
    time: null
  path: github2fedmsg.stg.crt
  user: firmitas-automata
 gitlab-centos.stg:
  certstat:
    cstarted: true
--- a/roles/openshift-apps/release-monitoring/templates/anitya.toml
+++ b/roles/openshift-apps/release-monitoring/templates/anitya.toml
@ -219,11 +219,6 @@ level = "INFO"
 propagate = false
 handlers = ["console"]
 [anitya_log_config.loggers.fedmsg]
 level = "INFO"
 propagate = false
 handlers = ["console"]
 [anitya_log_config.root]
 level = "INFO"
 handlers = ["console"]
--- a/roles/pagure/tasks/main.yml
+++ b/roles/pagure/tasks/main.yml
@ -483,7 +483,6 @@
 #  - pagure_api_key_expire_mail.timer
  - pagure_mirror_project_in
  - pagure_mirror_project_in.timer
 #  - fedmsg-relay
  - haveged
  ignore_errors: true
  tags: