Merge branch 'main' of ssh://pagure.io/fedora-infra/ansible

2021-04-21 16:39:59 -05:00 · 2021-04-21 16:39:59 -05:00 · 832455904e
commit 832455904e
parent a5e8f0f6c0 2effdae9a7
81 changed files with 501 additions and 450 deletions
--- a/files/debuginfod/sysconfig.debuginfod
+++ b/files/debuginfod/sysconfig.debuginfod
@ -0,0 +1,16 @@
 #
 DEBUGINFOD_PORT="8002"
 DEBUGINFOD_VERBOSE="-vv"
 DEBUGINFOD_PATHS="--fdcache-fds=512 -t3600 -R /mnt/fedora_koji_prod/koji/packages -X /data/ -I \.(module_f|fc)(32|33|34|35)[.+].*\.rpm"
 # prefer reliability/durability over performance
 #DEBUGINFOD_PRAGMAS="-D 'pragma synchronous=full;'"
 # upstream debuginfods
 #DEBUGINFOD_URLS="http://secondhost:8002 http://thirdhost:8002"
 #DEBUGINFOD_TIMEOUT="5"
 #DEBUGINFOD_CACHE_DIR=""
 # Don't use tmpfs /tmp on scarce-RAM machine.
 TMPDIR=/var/tmp
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -91,7 +91,7 @@ virt_install_command_one_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
@ -101,7 +101,7 @@ virt_install_command_two_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
                  ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none'
@ -113,7 +113,7 @@ virt_install_command_one_nic_unsafe: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
@ -123,7 +123,7 @@ virt_install_command_two_nic_unsafe: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
@ -135,7 +135,7 @@ virt_install_command_ppc64le_one_nic_unsafe: virt-install -n {{ inventory_hostna
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
@ -145,7 +145,7 @@ virt_install_command_ppc64le_two_nic_unsafe: virt-install -n {{ inventory_hostna
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyS0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
                  ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none'
@ -157,7 +157,7 @@ virt_install_command_aarch64_one_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }}
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
@ -167,7 +167,7 @@ virt_install_command_aarch64_one_nic_unsafe: virt-install -n {{ inventory_hostna
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }}
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
@ -177,7 +177,7 @@ virt_install_command_aarch64_2nd_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }}
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ nfs_bridge }},model=virtio,mac={{ mac_address }}
@ -187,7 +187,7 @@ virt_install_command_aarch64_two_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }}
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none
                  ip={{ eth1_ip }}:::{{ nm }}:{{ inventory_hostname_short }}-nfs:eth1:none'
@ -199,7 +199,7 @@ virt_install_command_armv7_one_nic: virt-install -n {{ inventory_hostname }} --a
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }}
@ -209,7 +209,7 @@ virt_install_command_armv7_one_nic_unsafe: virt-install -n {{ inventory_hostname
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }} console=tty0 console=ttyAMA0
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }} console=tty0 console=ttyAMA0
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }}
@ -219,7 +219,7 @@ virt_install_command_s390x_one_nic: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }}
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
@ -229,7 +229,7 @@ virt_install_command_s390x_one_nic_unsafe: virt-install -n {{ inventory_hostname
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }} --memballoon virtio
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }},cache=unsafe,io=threads
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 'net.ifnames=0 ksdevice=eth0 ks={{ ks_url }}
+                 'net.ifnames=0 inst.ksdevice=eth0 inst.ks={{ ks_url }}
                  hostname={{ inventory_hostname }} nameserver={{ dns }}
                  ip={{ eth0_ip }}::{{ gw }}:{{ nm }}:{{ inventory_hostname }}:eth0:none'
                 --network bridge={{ main_bridge }},model=virtio,mac={{ mac_address }}
@ -239,7 +239,7 @@ virt_install_command_rhel6: virt-install -n {{ inventory_hostname }}
                 --memory={{ mem_size }},maxmemory={{ max_mem_size }}
                 --disk bus=virtio,path={{ volgroup }}/{{ inventory_hostname }}
                 --vcpus={{ num_cpus }},maxvcpus={{ max_cpu }} -l {{ ks_repo }} -x
-                 "ksdevice=eth0 ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }}
+                 "inst.ksdevice=eth0 inst.ks={{ ks_url }} ip={{ eth0_ip }} netmask={{ nm }}
                  gateway={{ gw }} dns={{ dns }} console=tty0 console=ttyS0
                  hostname={{ inventory_hostname }}"
                 --network=bridge=br0 --autostart --noautoconsole --watchdog default
@ -426,3 +426,6 @@ sshd_sftp: false
 # Autodetect python version
 #
 ansible_python_interpreter: auto
 # set no x-forward header by default
 x_forward: false
--- a/inventory/group_vars/buildvm_armv7_stg
+++ b/inventory/group_vars/buildvm_armv7_stg
@ -2,12 +2,12 @@
 # common items for the buildvm-* koji builders
 volgroup: /dev/vg_guests
 lvm_size: 140000
-mem_size: 24576
+mem_size: 40960
 max_mem_size: "{{ mem_size }}"
 num_cpus: 5
 max_cpu: "{{ num_cpus }}"
-ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-33-armv7
+ks_url: http://10.3.163.35/repo/rhel/ks/buildvm-fedora-34-armv7
-ks_repo: http://10.3.163.35/pub/fedora/linux/releases/33/Server/armhfp/os/
+ks_repo: http://10.3.163.35/pub/fedora/linux/development/34/Server/armhfp/os/
 nm: 255.255.255.0
 gw: 10.3.167.254
 dns: 10.3.163.33
--- a/inventory/group_vars/copr_hypervisor
+++ b/inventory/group_vars/copr_hypervisor
@ -1,6 +1,7 @@
 ---
 virthost: true
 vpn: true
 primary_auth_source: ipa
 ipa_host_group: vmhost-copr
 ipa_host_group_desc: VM hosts for COPR
@ -9,15 +10,10 @@ ipa_client_shell_groups:
 ipa_client_sudo_groups:
 - sysadmin-copr
 nrpe_procs_warn: 1400
 nrpe_procs_crit: 1500
-# These variables are pushed into /etc/system_identification by the base role.
+vpn: true
 # Groups and individual hosts should override them with specific info.
 # See http://infrastructure.fedoraproject.org/csi/security-policy/
 vpn: false
 postfix_group: copr
 postfix_maincf: "postfix/main.cf/main.cf.copr"
--- a/inventory/group_vars/maintainer_test
+++ b/inventory/group_vars/maintainer_test
@ -2,6 +2,15 @@
 freezes: false
 sudoers: "{{ private }}/files/sudo/arm-packager-sudoers"
 sudoers_main: nopasswd
 host_group: cloud
 datacenter: aws
 ansible_ifcfg_blocklist: true 
 vpn: true
 primary_auth_source: ipa
 ipa_host_group: maintainer_test
 ipa_host_group_desc: Test hosts for package maintainers
 ipa_client_shell_groups:
 - packager
 ipa_client_sudo_nopasswd_groups:
 - sysadmin-main
 - packager
--- a/inventory/group_vars/openqa
+++ b/inventory/group_vars/openqa
@ -6,7 +6,6 @@ external_hostname: openqa.fedoraproject.org
 openqa_dbname: openqa
 openqa_dbuser: openqa
 openqa_dbpassword: "{{ prod_openqa_dbpassword }}"
 openqa_assetsize: 500
 openqa_key: "{{ prod_openqa_apikey }}"
 openqa_secret: "{{ prod_openqa_apisecret }}"
--- a/inventory/group_vars/openqa_lab
+++ b/inventory/group_vars/openqa_lab
@ -17,9 +17,7 @@ external_hostname: openqa.stg.fedoraproject.org
 openqa_dbname: openqa-stg
 openqa_dbuser: openqastg
 openqa_dbpassword: "{{ stg_openqa_dbpassword }}"
-openqa_assetsize: 400
+openqa_assetsize_ppc: 300
 openqa_assetsize_ppc: 150
 openqa_assetsize_aarch64: 150
 openqa_key: "{{ stg_openqa_apikey }}"
 openqa_secret: "{{ stg_openqa_apisecret }}"
--- a/inventory/group_vars/openqa_servers_common
+++ b/inventory/group_vars/openqa_servers_common
@ -9,7 +9,9 @@ openqa_nickname: adamwill
 openqa_fullname: Adam Williamson
 openqa_userid: http://adamwill.id.fedoraproject.org/
-openqa_assetsize_updates: 100
+openqa_assetsize: 600
 openqa_assetsize_aarch64: 300
 openqa_assetsize_updates: 200
 # stg and prod use the same database server
 openqa_dbhost: db-openqa01.iad2.fedoraproject.org
--- a/inventory/group_vars/os_masters_stg
+++ b/inventory/group_vars/os_masters_stg
@ -11,5 +11,5 @@ nagios_Check_Services:
 # Set some bodhi variables here.
 # Since they are used when running playbooks against the master nodes.
 #
-bodhi_version: "5.6.1"
+bodhi_version: "5.7.0"
 bodhi_openshift_pods: 1
--- a/inventory/host_vars/aarch64-test01.fedorainfracloud.org
+++ b/inventory/host_vars/aarch64-test01.fedorainfracloud.org
@ -1,3 +1,2 @@
 datacenter: aws
 inventory_hostname: "aarch64-test01.fedorainfracloud.org"
--- a/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-a32-01.stg.iad2.fedoraproject.org
@ -6,13 +6,14 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 has_ipv4: yes
 eth0_ip: 10.3.167.46
 eth0_ipv4: 10.3.167.46
 eth0_ipv4_nm: 24
 eth0_ipv4_gw: 10.3.167.254
 has_ipv6: no
-mac0: 52:54:00:d7:04:aa
+mac0: 52:54:00:d4:6a:ca
 network_connections:
 - name: eth0
--- a/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-13.iad2.fedoraproject.org
@ -5,13 +5,14 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 has_ipv4: yes
 eth0_ip: 10.3.171.53
 eth0_ipv4: 10.3.171.53
 eth0_ipv4_nm: 24
 eth0_ipv4_gw: 10.3.171.254
 has_ipv6: no
-mac0: 52:54:00:f0:f0:eb
+mac0: 52:54:00:36:bc:34
 network_connections:
 - name: eth0
--- a/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-15.iad2.fedoraproject.org
@ -5,13 +5,14 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 has_ipv4: yes
 eth0_ip: 10.3.171.55
 eth0_ipv4: 10.3.171.55
 eth0_ipv4_nm: 24
 eth0_ipv4_gw: 10.3.171.254
 has_ipv6: no
-mac0: 52:54:00:1e:dc:92
+mac0: 52:54:00:68:64:dc
 network_connections:
 - name: eth0
--- a/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-16.iad2.fedoraproject.org
@ -5,13 +5,14 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 has_ipv4: yes
 eth0_ip: 10.3.171.56
 eth0_ipv4: 10.3.171.56
 eth0_ipv4_nm: 24
 eth0_ipv4_gw: 10.3.171.254
 has_ipv6: no
-mac0: 52:54:00:a0:6b:4f
+mac0: 52:54:00:cb:57:ef
 network_connections:
 - name: eth0
--- a/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
+++ b/inventory/host_vars/buildvm-ppc64le-20.iad2.fedoraproject.org
@ -5,13 +5,14 @@ dns1: 10.3.163.33
 dns2: 10.3.163.34
 has_ipv4: yes
 eth0_ip: 10.3.171.60
 eth0_ipv4: 10.3.171.60
 eth0_ipv4_nm: 24
 eth0_ipv4_gw: 10.3.171.254
 has_ipv6: no
-mac0: 52:54:00:1e:bf:c1
+mac0: 52:54:00:e0:0f:d5
 network_connections:
 - name: eth0
--- a/inventory/host_vars/el6-test.fedorainfracloud.org
+++ b/inventory/host_vars/el6-test.fedorainfracloud.org
@ -1,19 +0,0 @@
 ---
 tcp_ports: [22]
 datacenter: aws
 nagios_Check_Services:
  mail: false
  nrpe: false
  sshd: false
  named: false
  dhcpd: false
  httpd: false
  swap: false
  ping: false
  raid: false
 ansible_ssh_user: centos
 ansible_become: true
 ansible_become_user: root
 ansible_become_method: sudo
--- a/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org
+++ b/inventory/host_vars/ipa02.stg.iad2.fedoraproject.org
@ -0,0 +1,12 @@
 ---
 nm: 255.255.255.0
 gw: 10.3.166.254
 dns: 10.3.163.33
 ks_url: http://10.3.163.35/repo/rhel/ks/kvm-rhel-8-iad2
 ks_repo: http://10.3.163.35/repo/rhel/RHEL8-x86_64/
 volgroup: /dev/vg_guests
 eth0_ip: 10.3.166.63
 vmhost: vmhost-x86-02.stg.iad2.fedoraproject.org
 datacenter: iad2
 ## REMEMBER ONLY SET THIS TO TRUE WHEN WIPING SYSTEM TO MINIMUM
 ipa_initial: false
--- a/inventory/inventory
+++ b/inventory/inventory
@ -115,12 +115,6 @@ virthost-cc-rdu03.fedoraproject.org
 vmhost-x86-cc06.rdu-cc.fedoraproject.org
 vmhost-x86-cc05.rdu-cc.fedoraproject.org
 [vmhost_copr]
 vmhost-x86-copr01.rdu-cc.fedoraproject.org
 vmhost-x86-copr02.rdu-cc.fedoraproject.org
 vmhost-x86-copr03.rdu-cc.fedoraproject.org
 vmhost-x86-copr04.rdu-cc.fedoraproject.org
 [datagrepper]
 datagrepper01.iad2.fedoraproject.org
 datagrepper02.iad2.fedoraproject.org
@ -308,6 +302,7 @@ ipa03.iad2.fedoraproject.org
 [ipa_stg]
 ipa01.stg.iad2.fedoraproject.org
 ipa02.stg.iad2.fedoraproject.org
 [ipsilon_stg]
 ipsilon01.stg.iad2.fedoraproject.org
@ -669,6 +664,7 @@ oci-registry01.stg.iad2.fedoraproject.org
 # fedimg01.stg.iad2.fedoraproject.org
 github2fedmsg01.stg.iad2.fedoraproject.org
 ipa01.stg.iad2.fedoraproject.org
 ipa02.stg.iad2.fedoraproject.org
 ipsilon01.stg.iad2.fedoraproject.org
 koji01.stg.iad2.fedoraproject.org
 #mailman01.stg.iad2.fedoraproject.org
@ -998,6 +994,9 @@ copr_dev_aws
 [copr_hypervisor]
 vmhost-x86-copr01.rdu-cc.fedoraproject.org
 vmhost-x86-copr02.rdu-cc.fedoraproject.org
 vmhost-x86-copr03.rdu-cc.fedoraproject.org
 vmhost-x86-copr04.rdu-cc.fedoraproject.org
 [copr_db_all:children]
 copr_db_stg
--- a/playbooks/groups/bodhi-backend.yml
+++ b/playbooks/groups/bodhi-backend.yml
@ -68,6 +68,10 @@
    mnt_dir: '/pub/'
    nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/'
  - role: nfs/client
    mnt_dir: '/pub/archive'
    nfs_src_dir: 'fedora_ftp_archive'
  - role: keytab/service
    owner_user: apache
    owner_group: apache
--- a/playbooks/groups/copr-hypervisor.yml
+++ b/playbooks/groups/copr-hypervisor.yml
@ -14,13 +14,11 @@
  tasks:
    - import_role: name=base
    - import_role: name=hosts
    - import_role: name=fas_client
    - import_role: name=rkhunter
    - import_role: name=nagios_client
    - import_role: name=openvpn/client
-    - import_role: name=sudo
+    - import_role: name=ipa/client
    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
    - import_tasks: "{{ tasks_path }}/motd.yml"
  handlers:
--- a/playbooks/groups/debuginfod.yml
+++ b/playbooks/groups/debuginfod.yml
@ -29,5 +29,23 @@
  tasks:
  - import_tasks: "{{ tasks_path }}/motd.yml"
  - name: install debuginfod
    package: name=elfutils-debuginfod state=present
  - name: install sqlite for diagnostics
    package: name=sqlite state=present
  - name: install rsync for data backups
    package: name=rsync state=present
  - name: install debuginfod configuration
    copy: src="{{ files }}/debuginfod/sysconfig.debuginfod" dest=/etc/sysconfig/debuginfod owner=root group=root mode=644
  - name: ensure debuginfod is enabled and started
    service:
      name: debuginfod
      state: started
      enabled: yes
  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
--- a/playbooks/groups/download.yml
+++ b/playbooks/groups/download.yml
@ -38,6 +38,7 @@
  - download
  - rsyncd
  - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
  - { role: nfs/client, when: datacenter == "iad2" or datacenter == "rdu", mnt_dir: '/srv/pub/archive',  nfs_src_dir: 'fedora_ftp_archive' }
  - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/mnt/koji',  nfs_src_dir: 'fedora_koji/koji/' } # needed for internal sync and odcs
  - { role: nfs/client, when: datacenter == "iad2", mnt_dir: '/srv/odcs',  nfs_src_dir: 'fedora_odcs' } # needed for internal sync
  - sudo
--- a/playbooks/groups/maintainer-test.yml
+++ b/playbooks/groups/maintainer-test.yml
@ -1,58 +1,5 @@
 - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=aarch64_test:armv7_test"
 - name: Do some basic cloud setup on them
  hosts: maintainer_test:aarch64_test:armv7_test
  gather_facts: True
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - /srv/private/ansible/vars.yml
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  pre_tasks:
  - import_tasks: "{{ tasks_path }}/cloud_setup_basic.yml"
  - name: set hostname (required by some services, at least postfix need it)
    hostname: name="{{inventory_hostname}}"
 - name: setup second disk on aws maintainer-test instances
  hosts: maintainer_test:\!ppc64le-test.fedorainfracloud.org
  gather_facts: True
  tags:
   - maintainer-test
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
  - name: make a partition on first disk
    parted: device=/dev/nvme0n1 number=1 state=present
    tags:
     - maintainer-test
    when: inventory_hostname.startswith(('f30-test'))
  - name: format the partition if it's not already
    filesystem: dev=/dev/nvme0n1p1 fstype=ext4
    tags:
     - maintainer-test
    when: inventory_hostname.startswith(('f30-test'))
    ignore_errors: true
  - name: mount cache filesystem on /var/cache/mock
    mount: path=/var/cache/mock state=mounted src=/dev/nvme0n1p1 fstype=ext4
    tags:
     - maintainer-test
    when: inventory_hostname.startswith(('f30-test'))
  - name: bind mount cache filesystem on /var/lib/mock
    mount: path=/var/lib/mock state=mounted src=/var/cache/mock fstype=none opts=bind
    tags:
     - maintainer-test
    when: inventory_hostname.startswith(('f30-test'))
 - name: Setup maintainer test hosts
-  hosts: maintainer_test:aarch64_test:armv7_test
+  hosts: maintainer_test
  gather_facts: True
  tags:
   - maintainer-test
@ -70,8 +17,8 @@
  - base
  - rkhunter
  - hosts
-  - fas_client
+  - openvpn/client
-  - sudo
+  - ipa/client
  tasks:
  # this is how you include other task lists
@ -81,7 +28,7 @@
    dnf: state=present pkg={{ item }}
    with_items:
    - fedora-packager
-    when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
+    when: ansible_distribution == 'Fedora'
    tags:
    - packages
--- a/playbooks/groups/mirrormanager.yml
+++ b/playbooks/groups/mirrormanager.yml
@ -20,6 +20,7 @@
  - sudo
  - collectd/base
  - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub',  nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' }
  - { role: nfs/client, when: inventory_hostname.startswith('mm-backend01'), mnt_dir: '/srv/pub/archive',  nfs_src_dir: 'fedora_ftp_archive' }
  pre_tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
--- a/playbooks/groups/releng-compose.yml
+++ b/playbooks/groups/releng-compose.yml
@ -74,6 +74,11 @@
    mnt_dir: '/pub'
    nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub'
    when: "'releng_compose' in group_names"
  - role: nfs/client
    mnt_dir: '/srv/fedora_ftp_archive'
    nfs_src_dir: 'fedora_ftp_archive'
    when: inventory_hostname.startswith('compose-rawhide')
 #
 # mount archive volumes on composer so we can run the archiving script there.
 #
--- a/playbooks/groups/secondary.yml
+++ b/playbooks/groups/secondary.yml
@ -22,7 +22,7 @@
  - sudo
  - { role: nfs/client,
      mnt_dir: '/srv/pub/archive',
-      nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/archive' }
+      nfs_src_dir: 'fedora_ftp_archive' }
  - { role: nfs/client,
      mnt_dir: '/srv/pub/alt',
      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3",
--- a/playbooks/groups/sundries.yml
+++ b/playbooks/groups/sundries.yml
@ -39,6 +39,8 @@
    when: master_sundries_node|bool
  - role: fedora-web/build
    when: master_sundries_node|bool
  - role: fedora-web/translation
    when: master_sundries_node|bool
  - role: fedora-budget/build
    when: master_sundries_node|bool
  - role: fedora-docs/build
--- a/playbooks/groups/vmhost_copr.yml
+++ b/playbooks/groups/vmhost_copr.yml
@ -1,37 +0,0 @@
 # create a new virthost server system
 # This is a copy of the main one which is meant to be limited ONLY to vmhost_copr group for rbac
 # NOTE: should be used with --limit most of the time
 # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
 - import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=vmhost_copr:!buildvmhost-s390x-01.s390.fedoraproject.org"
 - name: make virthost server system
  hosts: vmhost_copr
  user: root
  gather_facts: True
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  pre_tasks:
  - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
  roles:
  - base
  - rkhunter
  - nagios_client
  - hosts
  - { role: openvpn/client, when: vpn|bool }
  - virthost
  - ipa/client
  - collectd/base
  - sudo
  tasks:
  - import_tasks: "{{ tasks_path }}/motd.yml"
  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
--- a/playbooks/include/proxies-redirects.yml
+++ b/playbooks/include/proxies-redirects.yml
@ -111,6 +111,12 @@
    regex: /voting
    target: https://elections.fedoraproject.org/
  - role: httpd/redirectmatch
    shortname: calendar
    website: apps.fedoraproject.org
    regex: /calendar
    target: https://calendar.fedoraproject.org/
  - role: httpd/redirectmatch
    shortname: mailman
    website: admin.fedoraproject.org
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@ -754,5 +754,6 @@
    remotepath: /
    localpath: /
    proxyurl: http://debuginfod01:8002
    proxyopts: "connectiontimeout=600 timeout=600 keepalive=on"
    tags: debuginfod
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -973,7 +973,9 @@
    site_name: debuginfod.fedoraproject.org
    sslonly: true
    server_aliases: [debuginfod.stg.fedoraproject.org]
    x_forward: true
    cert_name: "{{wildcard_cert_name}}"
    gzip: true
    tags: debuginfod
  - role: httpd/website
--- a/playbooks/manual/staging-sync/bodhi.yml
+++ b/playbooks/manual/staging-sync/bodhi.yml
@ -13,7 +13,7 @@
  - service: name=httpd state=stopped
 - name: bring staging services down (OpenShift web services)
-  hosts: os-master01.stg.phx2.fedoraproject.org
+  hosts: os-master01.stg.iad2.fedoraproject.org
  user: root
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
@ -43,7 +43,7 @@
 # Here's the meaty part in the middle
 - name: drop and re-create the staging db entirely
-  hosts: pgbdr01.stg.phx2.fedoraproject.org
+  hosts: pgbdr01.stg.iad2.fedoraproject.org
  user: root
  become: yes
  become_user: postgres
@ -68,7 +68,7 @@
  - file: path=/var/tmp/bodhi2.dump state=absent
 - name: bring staging services up (OpenShift web services)
-  hosts: os-master01.stg.phx2.fedoraproject.org
+  hosts: os-master01.stg.iad2.fedoraproject.org
  user: root
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
--- a/playbooks/manual/upgrade/bodhi.yml
+++ b/playbooks/manual/upgrade/bodhi.yml
@ -76,7 +76,7 @@
  tasks:
  - set_fact:
      # This will be a bool that indicates whether we need to run migrations or not.
-      migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.phx2.fedoraproject.org']['current_migration_version'].stdout"
+      migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.iad2.fedoraproject.org']['current_migration_version'].stdout"
  - name: Scale down to 0 pods
    command: oc -n bodhi scale dc/bodhi-web --replicas=0
    when: migrations
--- a/playbooks/openshift-apps/languages.yml
+++ b/playbooks/openshift-apps/languages.yml
@ -71,28 +71,28 @@
  post_tasks:
  - name: run initial f.10 import
-    command: "oc create job stats-10-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-10"
+    command: "oc -n languages create job stats-10-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-10"
    tags:
    - never
    - init
    - f10
  - name: run initial f.20 import
-    command: "oc create job stats-20-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-20"
+    command: "oc -n languages create job stats-20-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-20"
    tags:
    - never
    - init
    - f20
  - name: run initial f.30 import
-    command: "oc create job stats-30-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-30"
+    command: "oc -n languages create job stats-30-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-30"
    tags:
    - never
    - init
    - f30
  - name: run initial f.latest import
-    command: "oc create job stats-latest-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-latest"
+    command: "oc -n languages create job stats-latest-{{ lookup('pipe','date +%s') }}-init --from=cronjob/stats-latest"
    tags:
    - never
    - init
--- a/playbooks/openshift-apps/solr.yml
+++ b/playbooks/openshift-apps/solr.yml
@ -35,9 +35,21 @@
    file: service.yml
    objectname: service.yml
  - command: "oc adm pod-network join-projects --to=solr fedora-packages-static"
  - role: openshift/object
    app: solr
    file: deploymentconfig.yml
    objectname: deploymentconfig.yml
 - name: Link solr and fedora-packages-static networks
  hosts: os_masters_stg[0]
  user: root
  gather_facts: False
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
  - name: Run oc adm command to link solr to other projects
    command: "oc adm pod-network join-projects --to=solr fedora-packages-static"
--- a/roles/badges/frontend/templates/tahrir.ini
+++ b/roles/badges/frontend/templates/tahrir.ini
@ -31,7 +31,7 @@ sqlalchemy.url = postgresql://{{tahrirDBUser}}:{{tahrirDBPassword}}@db-tahrir/ta
 mako.directories=tahrir:templates
-tahrir.admin = ralph@fedoraproject.org, puiterwijk@fedoraproject.org, nb@fedoraproject.org, cydrobolt@fedoraproject.org, aikidouke@fedoraproject.org, sayanchowdhury@fedoraproject.org, kevin@fedoraproject.org, jflory7@fedoraproject.org, codeblock@fedoraproject.org, mleonova@fedoraproject.org, churchyard@fedoraproject.org, bex@fedoraproject.org, asamalik@fedoraproject.org, cverna@fedoraproject.org, misc@fedoraproject.org, nasirhm@fedoraproject.org, computerkid@fedoraproject.org
+tahrir.admin = nb@fedoraproject.org, sayanchowdhury@fedoraproject.org, kevin@fedoraproject.org, jflory7@fedoraproject.org, codeblock@fedoraproject.org, churchyard@fedoraproject.org, misc@fedoraproject.org, computerkid@fedoraproject.org
 tahrir.pngs.uri = /usr/share/badges/pngs
--- a/roles/base/templates/ifcfg.j2
+++ b/roles/base/templates/ifcfg.j2
@ -10,8 +10,10 @@ OPTIONS="layer2=1 portno=0"
 DEFROUTE=yes
 GATEWAY="{{ gw }}"
 {% endif %}
-{% if hostvars[inventory_hostname].datacenter == 'iad2' %}
+{% if hostvars[inventory_hostname].datacenter == 'iad2' and env == 'production' %}
 DOMAIN="iad2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org"
 {% elif hostvars[inventory_hostname].datacenter == 'iad2' and env == 'staging' %}
 DOMAIN="stg.iad2.fedoraproject.org iad2.fedoraproject.org vpn.fedoraproject.org fedoraproject.org"
 {% else %}
 DOMAIN="vpn.fedoraproject.org fedoraproject.org"
 {% endif %}
--- a/roles/batcave/files/retrieve-security-question.py
+++ b/roles/batcave/files/retrieve-security-question.py
@ -1,107 +0,0 @@
 #!/usr/bin/python -tt
 # -*- coding: utf-8 -*-
 # Use this script to retrieve the security_question and security_answer from FAS (requires FAS >= 0.8.14)
 # Author: Patrick Uiterwijk <puiterwijk@fedoraproject.org>
 #
 # Copyright 2012-2021 Patrick Uiterwijk. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 #
 # 1. Redistributions of source code must retain the above copyright notice,
 # this list of conditions and the following disclaimer.
 # 2. Redistributions in binary form must reproduce the above copyright notice,
 # this list of conditions and the following disclaimer in the documentation
 # and/or other materials provided with the distribution.
 #
 # THIS SOFTWARE IS PROVIDED BY THE FEDORA PROJECT ''AS IS'' AND ANY EXPRESS OR
 # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
 # EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
 # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 # The views and conclusions contained in the software and documentation are those
 # of the authors and should not be interpreted as representing official policies,
 # either expressed or implied, of the Fedora Project.
 import os
 import getpass
 import sys
 import gpg.core
 from fedora.client import AccountSystem
 from fedora.client import AuthError
 from fedora.client import ServerError
 import argparse
 from io import BytesIO
 parser = argparse.ArgumentParser()
 parser.add_argument('admin_user', help='The user as which to log in to retrieve the question and answer')
 parser.add_argument('target_user', help='The user of which to retrieve the security question and answer')
 parser.add_argument('--verbose', action='store_true')
 parser.add_argument('--no-answer', action='store_true', help='Only show the question, do not decrypt the answer')
 parser.add_argument('--site', help='The FAS URL to get the information from')
 parser.add_argument('--insecure', action='store_true', default=False,
        help='Do not check the certificate for the server.  *WARNING*: Only use this for testing')
 parser.add_argument('--gpg_home', help='The directory where secring.gpg and pubring.gpg reside')
 args = parser.parse_args()
 args.admin_pass = getpass.getpass()
 if args.site == None:
    args.site = 'https://admin.fedoraproject.org/accounts/'
 if args.verbose:
    print('Using site: %(site)s' % {'site': args.site})
 if args.verbose:
    if args.gpg_home == None:
        print('Using default gpg_home')
    else:
        print('Using gpg_home: %(gpghome)s' % {'gpghome': args.gpg_home})
 if args.gpg_home != None:
    os.putenv('GNUPGHOME', args.gpg_home)
 fas = AccountSystem(args.site, username=args.admin_user, password=args.admin_pass, insecure=args.insecure)
 if args.verbose:
    print('Getting user details...')
 try:
    details = fas.person_by_username(args.target_user)
 except AuthError:
    print('Failed to login to FAS. Please check admin_user and admin_pass!')
    sys.exit(2)
 except ServerError:
    print('Failed to retrieve user details: the server reported an error!')
    sys.exit(3)
 if not 'username' in list(details.keys()):
    print('Error: user %(username)s is not known on this FAS site!' % {'username': args.target_user})
    sys.exit(4)
 if not 'security_question' in list(details.keys()):
    print('Error: security_question was not retrieved by FAS! Are you sure you are using FAS >= 0.8.14, and that admin_user has the privileges to retrieve security_question?')
    sys.exit(5)
 if details.security_question == None or details.security_answer == None:
    print('Error: unable to retrieve security_question or security_answer. Are you sure you have privileges to return this information?')
    sys.exit(6)
 if not args.no_answer:
    if args.verbose:
        print('Decrypting answer...')
    cipher = BytesIO(details.security_answer.encode('utf-8'))
    ctx = gpg.core.Context()
    plain = ctx.decrypt(cipher)[0].decode('utf8')
    details.security_answer = plain
 print('Security question: %(question)s' % {'question': details.security_question})
 if not args.no_answer:
    print('Security answer: %(answer)s' % {'answer': details.security_answer})
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@ -238,17 +238,6 @@
  - config
 #
 # Script used to gather encrypted security questions from fas
 #
 - name: setup /usr/local/bin/retrieve-security-question.py
  copy: src=retrieve-security-question.py dest=/usr/local/bin/retrieve-security-question.py mode=0755
  tags:
  - batcave
  - config
 # The zodbot server must allow TCP on whatever port zodbot is listening on
 # for this to work (currently TCP port 5050).
 # Once that is done, you can symlink /usr/local/bin/zodbot-announce-commits.py
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@ -592,10 +592,7 @@ f{{ FedoraBranchedNumber }}.pre_beta.critpath.min_karma = 1
 f{{ FedoraBranchedNumber }}.pre_beta.critpath.stable_after_days_without_negative_karma = 14
 {% elif FedoraBranchedBodhi is defined and FedoraBranchedBodhi == 'postbeta' %}
 f{{ FedoraBranchedNumber }}.status = post_beta
-#f{{ FedoraBranchedNumber }}.post_beta.mandatory_days_in_testing = 7
+f{{ FedoraBranchedNumber }}.post_beta.mandatory_days_in_testing = 7
 #fesco has decided that since this cycle is so short, we will keep 3 days in testing until release.
 #This should change to 7 after release.
 f{{ FedoraBranchedNumber }}.post_beta.mandatory_days_in_testing = 3
 f{{ FedoraBranchedNumber }}.post_beta.critpath.min_karma = 2
 f{{ FedoraBranchedNumber }}.post_beta.critpath.stable_after_days_without_negative_karma = 14
 {% endif %}
--- a/roles/copr/backend/templates/lighttpd/dir-generator.php.j2
+++ b/roles/copr/backend/templates/lighttpd/dir-generator.php.j2
@ -244,7 +244,7 @@ if($path != "./") {
 // Print folder information
 foreach($folderlist as $folder) {
 	print "<tr><td class='n'><a href='" . addslashes($folder['name']). "'>" .htmlentities($folder['name']). "</a>/</td>";
-	print "<td class='m'>" . date('Y-M-d H:m:s', $folder['modtime']) . "</td>";
+	print "<td class='m'>" . date('Y-M-d H:i:s', $folder['modtime']) . "</td>";
 	print "<td class='s'>" . (($calculate_folder_size)?format_bytes($folder['size'], 2):'--') . "&nbsp;</td>";
 	print "<td class='t'>" . $folder['file_type']                    . "</td></tr>";
 }
@ -255,7 +255,7 @@ foreach($folderlist as $folder) {
 // Print file information
 foreach($filelist as $file) {
 	print "<tr><td class='n'><a href='" . addslashes($file['name']). "'>" .htmlentities($file['name']). "</a></td>";
-	print "<td class='m'>" . date('Y-M-d H:m:s', $file['modtime'])   . "</td>";
+	print "<td class='m'>" . date('Y-M-d H:i:s', $file['modtime'])   . "</td>";
 	print "<td class='s'>" . format_bytes($file['size'],2)           . "&nbsp;</td>";
 	print "<td class='t'>" . $file['file_type']                      . "</td></tr>";
 }
--- a/roles/copr/frontend-cloud/tasks/httpd.yml
+++ b/roles/copr/frontend-cloud/tasks/httpd.yml
@ -82,3 +82,11 @@
    regexp: '^LoadModule substitute_module modules/mod_substitute.so'
    line: '#LoadModule substitute_module modules/mod_substitute.so'
 - name: Keep httpd master running when child is OOM killed, rhbz#1947475
  ini_file:
    path: /usr/lib/systemd/system/httpd.service
    section: Service
    option: OOMPolicy
    value: continue
    backup: yes
  notify: restart apache
--- a/roles/copr/frontend-cloud/templates/httpd/coprs.conf
+++ b/roles/copr/frontend-cloud/templates/httpd/coprs.conf
@ -4,6 +4,7 @@ Alias "/db_dumps/" "/var/www/html/db_dumps/"
 WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe processes=4 threads=5 display-name=other maximum-requests=8000 restart-interval=300 graceful-timeout=20
 WSGIDaemonProcess api user=copr-fe group=copr-fe processes=2 threads=15 display-name=api maximum-requests=8000 graceful-timeout=20
 WSGIDaemonProcess api-memory-leak user=copr-fe group=copr-fe processes=2 threads=1 display-name=api-memory-leak maximum-requests=10 graceful-timeout=20
 WSGIDaemonProcess backend user=copr-fe group=copr-fe processes=2 threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20
 WSGIDaemonProcess stats user=copr-fe group=copr-fe processes=2 threads=15 display-name=stats maximum-requests=8000 graceful-timeout=20
 WSGIDaemonProcess tmp user=copr-fe group=copr-fe processes=2 threads=15 display-name=tmp maximum-requests=8000 graceful-timeout=20
@ -71,6 +72,9 @@ WSGIApplicationGroup %{GLOBAL}
    <LocationMatch "^/api.*upload.*">
        WSGIProcessGroup upload
    </LocationMatch>
    <LocationMatch "^/api_3/package/list.*">
        WSGIProcessGroup api-memory-leak
    </LocationMatch>
    <LocationMatch "^/coprs.*new_build_upload.*">
        WSGIProcessGroup upload
    </LocationMatch>
--- a/roles/dns/files/named.conf
+++ b/roles/dns/files/named.conf
@ -37,9 +37,11 @@ options {
        pid-file "/var/run/named/named.pid";
        statistics-file "/var/log/named.stats";
        provide-ixfr no;
 	tcp-clients 1000;
        version "cowbell++";
-        listen-on port 53 {
+
 	listen-on port 53 {
                any;
        };
        listen-on-v6 port 53 {
--- a/roles/fas_client/files/aliases.template
+++ b/roles/fas_client/files/aliases.template
@ -255,6 +255,7 @@ rbergeron: rbergero
 jwf: jflory7
 axk4545: abkahrs
 bexelbie: bex
 bt0dotninja: bt0
 # Mirror admin alias
 mirror-admin: mirror-admin@lists.fedoraproject.org
--- a/roles/fasjson/files/aliases.static
+++ b/roles/fasjson/files/aliases.static
@ -255,6 +255,7 @@ rbergeron: rbergero
 jwf: jflory7
 axk4545: abkahrs
 bexelbie: bex
 bt0dotninja: bt0
 # Mirror admin alias
 mirror-admin: mirror-admin@lists.fedoraproject.org
--- a/roles/fasjson/templates/fasjson-aliases.j2
+++ b/roles/fasjson/templates/fasjson-aliases.j2
@ -2,6 +2,7 @@
 import os
 import sys
 import tempfile
 import subprocess
 from fasjson_client import Client, errors
@ -17,7 +18,7 @@ def gen_all_aliases():
        client = Client(url=fasjson_url)
        try:
-            users = client.list_users().result
+            users = client.list_group_members(groupname="fedora-contributor").result
            groups = client.list_groups().result
            temporary_file = tempfile.NamedTemporaryFile(
                "w+", delete=False, dir=os.getcwd()
@ -29,26 +30,24 @@ def gen_all_aliases():
                        temp.write(line)
                    for user in users:
                        username = user['username']
-                        email = user['emails'][0]
+                        userinfo = client.get_user(username=username).result
                        email = userinfo['emails'][0]
                        temp.write(f'{username}: {email} \n')
                for group in groups:
                    groupname = group['groupname']
                    # even though there are no admins of groups anymore
                    # we should probably leave this here and just
                    # link to the sponsors list
                    temp.write(
                        f'{groupname}-administrators: {groupname}-sponsors \n'
                    )
                    sponsor_list = ','.join(
                        sponsor['username']
                        for sponsor in client.list_group_sponsors(
                            groupname=groupname).result
                    )
-                    temp.write(f"{groupname}-sponsors: {sponsor_list} \n")
+                    if sponsor_list:
                        temp.write(
                            f'{groupname}-administrators: {groupname}-sponsors \n'
                        )
                        temp.write(f"{groupname}-sponsors: {sponsor_list} \n")
                    member_list = ','.join(
                        member['username']
@ -56,7 +55,9 @@ def gen_all_aliases():
                            groupname=groupname).result
                    )
-                    temp.write(f"{groupname}-members: {member_list} \n")
+                    if member_list:
                        temp.write(f"{groupname}-members: {member_list} \n")
            rename(temporary_file.name, aliases_file)
        except errors.APIError as e:
            print(f"Something went wrong querying the fasjson API. {e}", file=sys.stderr)
@ -114,16 +115,18 @@ def main():
    # Use the system's keytab for authentication
    os.environ["KRB5_CLIENT_KTNAME"] = "/etc/krb5.keytab"
-    try:
+    if not args:
-        if not args:
+       gen_all_aliases()
-            gen_all_aliases()
+       # call newaliases script so postfix gets updated
-        elif len(args) == 2 and args[0] == "update":
+       subprocess.check_call(['/usr/bin/newaliases'])
-            update_user(args[1])
+    elif len(args) == 2 and args[0] == "update":
-        else:
+        update_user(args[1])
-            print(f"Usage: {sys.argv[0]} [update <username>]", file=sys.stderr)
+        # call newaliases script so postfix gets updated
-            raise RuntimeError()
+        subprocess.check_call(['/usr/bin/newaliases'])
-    except Exception:
+    else:
-        sys.exit(1)
+        print(f"Usage: {sys.argv[0]} [update <username>]", file=sys.stderr)
        exit(1)
 if __name__ == "__main__":
    main()
--- a/roles/httpd/reverseproxy/tasks/main.yml
+++ b/roles/httpd/reverseproxy/tasks/main.yml
@ -5,6 +5,7 @@
 # - proxyurl
 # - rewrite
 # - keephost
 # - proxyopts
 - name: Set OpenShift information if not preconfigured
  set_fact:
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf
@ -64,6 +64,6 @@ RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
 ProxyPass {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
 ProxyPassReverse {{ localpath }} "balancer://{{balancer_name}}{{remotepath}}"
 {% else %}
-ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}}
+ProxyPass {{ localpath }} {{ proxyurl }}{{remotepath}} {{ proxyopts }}
 ProxyPassReverse {{ localpath }} {{ proxyurl }}{{remotepath}}
 {% endif %}
--- a/roles/httpd/reverseproxy/vars/main.yml
+++ b/roles/httpd/reverseproxy/vars/main.yml
@ -7,3 +7,4 @@ header_scheme: false
 keephost: false
 targettype: plain
 http_not_https_yes_this_is_insecure_and_i_feel_bad: false
 proxyopts: ""
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@ -6,7 +6,11 @@
  ServerAdmin {{ server_admin }}
  TraceEnable Off
 {% if x_forward %}
 #  RequestHeader unset X-Forwarded-For
 {% else %}
  RequestHeader unset X-Forwarded-For
 {% endif %}
 {% if gzip %}
  SetOutputFilter DEFLATE
@ -46,7 +50,11 @@
 {% endif %}
  ServerAdmin {{ server_admin }}
 {% if x_forward %}
 #  RequestHeader unset X-Forwarded-For
 {% else %}
  RequestHeader unset X-Forwarded-For
 {% endif %}
 {% if ansible_distribution == 'Fedora' and use_h2 %}
  Protocols h2 http/1.1
--- a/roles/ipa/client/files/fedora-nss-ignore.conf.staging
+++ b/roles/ipa/client/files/fedora-nss-ignore.conf.staging
@ -0,0 +1,6 @@
 ## This file contains users who are in ipa to stop people from
 ## creating restricted accounts but we want to make sure the id in
 ## /etc/passwd and /etc/group are used.
 [nss]
 filter_users = root,bin,daemon,adm,lp,sync,shutdown,halt,mail,operator,games,ftp,nobody,avahi-autoipd,dbus,polkitd,rpc,tss,ntp,rpcuser,nfsnobody,postfix,sshd,nagios,nrpe,openvpn,,chrony,sssd,named,mock
 filter_groups = root,bin,daemon,sys,adm,tty,disk,lp,mem,kmem,wheel,cdrom,mail,man,dialout,floppy,games,tape,video,ftp,lock,audio,nobody,users,utmp,utempter,avahi-autoipd,ssh_keys,systemd-journal,dbus,rpc,tss,ntp,dip,rpcuser,nfsnobody,postdrop,postfix,sshd,screen,nagios,nrpe,openvpn,input,systemd-bus-proxy,systemd-network,cgred,chrony,printadmin,sssd,named,mock
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@ -79,3 +79,14 @@
  notify:
    - restart sssd
    - clean sss caches
  when: env == "production"
 - name: Ensure that nss knows to skip certain users
  copy: src=fedora-nss-ignore.conf.staging dest=/etc/sssd/conf.d/fedora-nss-ignore.conf mode=600 owner=root group=root
  tags:
  - ipa/client
  - config
  notify:
    - restart sssd
    - clean sss caches
  when: env == "staging"
--- a/roles/ipa/client/tasks/prepare-ipa-info.yml
+++ b/roles/ipa/client/tasks/prepare-ipa-info.yml
@ -40,6 +40,7 @@
 #       "host_group_1": {
 #         "shell_groups": [...],
 #         "sudo_groups": [...],
 #         "sudo_nopasswd_groups": [...],
 #         "hosts": {        # <-- This could be a list with Ansible >= 2.10
 #           "host_1": true,
 #           ...,
@ -85,6 +86,8 @@
                  (ipa_hosts_combined_shell_groups_dict[item] | length > 0)
                  | ternary(ipa_hosts_combined_shell_groups_dict[item], omit),
                'sudo_groups': hostvars[item]['ipa_client_sudo_groups'] | default(omit),
                'sudo_nopasswd_groups':
                    hostvars[item]['ipa_client_sudo_nopasswd_groups'] | default(omit),
                'hosts': {item: true},
              }
            }
@ -99,6 +102,8 @@
            hostvars[item]['ipa_server']: {
              'groups': ipa_hosts_combined_shell_groups_dict[item] | union(
                hostvars[item]['ipa_client_sudo_groups'] | default([])
              ) | union(
                hostvars[item]['ipa_client_sudo_nopasswd_groups'] | default([])
              ),
              'hosts': {item: True},
            }
--- a/roles/ipa/client/tasks/sudo.yml
+++ b/roles/ipa/client/tasks/sudo.yml
@ -34,3 +34,20 @@
  notify: clean sss caches
  loop: "{{ ipa_server_host_groups }}"
  when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] is defined
 - name: Give certain groups passwordless sudo access to anything per host group
  delegate_to: "{{ item[0] }}"
  ipasudorule:
    name: "hostgroup/{{ item[1] }}/nopasswd"
    description: "Grant passwordless sudo access to anything on host group {{ item[1] }}"
    ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}"
    state: present
    group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['sudo_nopasswd_groups'] }}"
    hostgroup: "{{ item[1] }}"
    cmdcategory: "all"
    runasusercategory: "all"
    runasgroupcategory: "all"
    options: "!authenticate"
  notify: clean sss caches
  loop: "{{ ipa_server_host_groups }}"
  when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_nopasswd_groups'] is defined
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@ -629,3 +629,20 @@
  copy:
    src: data-only-backup
    dest: "/etc/cron.d/data-only-backup"
 - name: Ensure python dep is present
  pip:
    name: python-freeipa
  tags:
  - ipa/server
  - otp_script
 - name: Copy file for checking if sysadmins have otp set
  template:
    src: check_sysadmin_otp.py.j2
    dest: /root/check_sysadmin_otp.py
    owner: root
    group: root
  tags:
  - ipa/server
  - otp_script
--- a/roles/ipa/server/templates/check_sysadmin_otp.py.j2
+++ b/roles/ipa/server/templates/check_sysadmin_otp.py.j2
@ -0,0 +1,80 @@
 import argparse
 import json
 from python_freeipa import ClientMeta
 def login(args):
    client = ClientMeta(host=args.server_address, verify_ssl=args.cert_path)
    client.login(args.username, args.password)
    return client
 def get_sysadmins(client):
    groups = client.group_find('sysadmin-')
    sysadmins = []
    print('Gethering all members from sysadmin-* groups')
    for group in groups['result']:
        try:
            sysadmins = sysadmins + list(set(group['member_user']) - set(sysadmins))
        except KeyError:
            print('No members of group: ' + group['cn'][0])
    return sysadmins
 def checkotp_tokens(client):
    sysadmins = get_sysadmins(client)
    print("There is " + str(len(sysadmins)) + " sysadmins in the system")
    tokenless = []
    print('Checking which users have an otp token assigned')
    for sysadmin in sysadmins:
         is_token = client.otptoken_find(o_ipatokenowner=sysadmin)
         if len(is_token['result']) == 0:
             tokenless.append(sysadmin)
    print("There are " + str(len(tokenless)) + " sysadmins without otptokens")
    return tokenless
 def get_email(client, users):
    print('Gathering emails of the users with no tokens')
    user_details = []
    for user in users:
        email = client.user_show(user)['result']['mail'][0]
        user_details.append({'user': user, 'email': email})
    return user_details
 def parse_args():
    parser = argparse.ArgumentParser(description="Check for sysadmin users with no otp token set, admin credentials are required to run script")
    parser.add_argument("-u", "--username", default="admin", help="ipa user to use")
    parser.add_argument("-c", "--cert-path", default="/etc/ipa/ca.crt", help="location of ipa cert")
    parser.add_argument("-s", "--server-address", default="ipa01{{ env_suffix }}.iad2.fedoraproject.org", help="server to run against")
    parser.add_argument("-p", "--password", help="ipa user password", required=True)
    args = parser.parse_args()
    return args
 def do_it(client):
    tokenless_sysadmins = checkotp_tokens(client)
    user_details = get_email(client, tokenless_sysadmins)
    print("Details are in the file tokenless_users.json")
    with open('tokenless_users.json', 'w') as outfile:
            json.dump(user_details, outfile)
 if __name__ == "__main__":
    args = parse_args()
    client = login(args)
    do_it(client)
--- a/roles/koji_builder/tasks/main.yml
+++ b/roles/koji_builder/tasks/main.yml
@ -62,7 +62,7 @@
  tags:
  - koji_builder
- name: add pkgs
+- name: add pkgs (production)
  package:
    state: present
    name:
@ -93,9 +93,42 @@
    - imagefactory-plugins-RHEVM
    - pykickstart
    - nosync
  when: env == "production"
  tags:
  - koji_builder
 - name: add pkgs (staging)
  package:
    state: present
    name:
    - koji-builder
    - koji-builder-plugins
    - python3-koji
    - koji-containerbuild-builder
    - strace
    - mock
    - kernel-firmware
    - kernel-modules
    - rsyslog
    - audit
    - pycdio
    - python3-kickstart
    - libvirt-client
    - oz
    - imagefactory
    - imagefactory-plugins-TinMan
    - imagefactory-plugins-Docker
    - imagefactory-plugins-GCE
    - imagefactory-plugins-vSphere
    - imagefactory-plugins-ovfcommon
    - imagefactory-plugins
    - imagefactory-plugins-OVA
    - imagefactory-plugins-RHEVM
    - pykickstart
    - nosync
  when: env == "staging"
  tags:
  - koji_builder
 #
 # rpmautospec plugin
 #
--- a/roles/openqa/server/templates/openqa.ini.j2
+++ b/roles/openqa/server/templates/openqa.ini.j2
@ -1,4 +1,5 @@
 [global]
 audit_enabled = 0
 branding = plain
 base_url = https://{{ external_hostname }}
 download_domains = fedoraproject.org
@ -13,12 +14,26 @@ topic_prefix = {{ openqa_amqp_publisher_prefix }}
 url = {{ openqa_amqp_publisher_url }}
 exchange = {{ openqa_amqp_publisher_exchange }}
 [audit/storage_duration]
 startup = 7
 jobgroup = 7
 jobtemplate = 7
 table = 7
 iso = 7
 user = 7
 asset = 7
 needle = 7
 other = 7
 [auth]
 method=OpenID
 [logging]
 level=info
 [misc_limits]
 asset_cleanup_max_free_percentage = 20
 [openid]
 provider = https://id.fedoraproject.org/
 httpsonly = 1
--- a/roles/openshift-apps/fedocal/templates/buildconfig.yml
+++ b/roles/openshift-apps/fedocal/templates/buildconfig.yml
@ -14,7 +14,7 @@ spec:
    git:
      uri: https://pagure.io/fedocal.git
 {% if env == 'staging' %}
-      ref: "debug"
+      ref: "staging"
 {% else %}
      ref: "production"
 {% endif %}
--- a/roles/openshift-apps/noggin/templates/noggin.cfg.py
+++ b/roles/openshift-apps/noggin/templates/noggin.cfg.py
@ -25,7 +25,7 @@ SESSION_COOKIE_SECURE = True
 FREEIPA_ADMIN_USER = "noggin"
 # How many minutes before a password reset request expires
-PASSWORD_RESET_EXPIRATION = 10
+PASSWORD_RESET_EXPIRATION = 30
 # Email
 MAIL_FROM = "Fedora Account System <fas@fedoraproject.org>"
--- a/roles/openshift-apps/oraculum/templates/deploymentconfig.yml
+++ b/roles/openshift-apps/oraculum/templates/deploymentconfig.yml
@ -77,18 +77,20 @@ spec:
 {% else %}
          value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;"
 {% endif %}
        - name: BZ_API_KEY
          value: "{{ oraculum_bz_api_key }}"
        volumeMounts:
        - name: oraculum-secret-volume
          mountPath: /opt/app-root/secret/
          readOnly: true
        readinessProbe:
-          timeoutSeconds: 1
+          timeoutSeconds: 5
          initialDelaySeconds: 5
          httpGet:
            path: /
            port: 8080
        livenessProbe:
-          timeoutSeconds: 1
+          timeoutSeconds: 15
          initialDelaySeconds: 30
          httpGet:
            path: /
@ -176,6 +178,8 @@ spec:
 {% else %}
          value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;"
 {% endif %}
        - name: BZ_API_KEY
          value: "{{ oraculum_bz_api_key }}"
        volumeMounts:
        - name: oraculum-secret-volume
          mountPath: /opt/app-root/secret/
@ -259,6 +263,8 @@ spec:
 {% else %}
          value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;"
 {% endif %}
        - name: BZ_API_KEY
          value: "{{ oraculum_bz_api_key }}"
        volumeMounts:
        - name: oraculum-secret-volume
          mountPath: /opt/app-root/secret/
@ -344,6 +350,8 @@ spec:
 {% else %}
          value: "bastion.iad2.fedoraproject.org;;;watchdog@packager-dashboard.fedoraproject.org;"
 {% endif %}
        - name: BZ_API_KEY
          value: "{{ oraculum_bz_api_key }}"
        volumeMounts:
        - name: oraculum-secret-volume
          mountPath: /opt/app-root/secret/
--- a/roles/openshift-apps/testdays/templates/buildconfig.yml
+++ b/roles/openshift-apps/testdays/templates/buildconfig.yml
@ -44,11 +44,7 @@ spec:
    type: Git
    git:
      uri: https://pagure.io/taskotron/resultsdb.git
-{% if env == 'staging' %}
+      ref: "develop"
      ref: "openshift_WIP"
 {% else %}
      ref: "openshift_WIP"
 {% endif %}
  strategy:
    type: Source
    sourceStrategy:
--- a/roles/openshift-apps/toddlers/templates/fedora-messaging.toml
+++ b/roles/openshift-apps/toddlers/templates/fedora-messaging.toml
@ -91,7 +91,7 @@ dist_git_token = "private random string to change"
 email_overrides_file = "/etc/fedora-messaging/email_overrides.toml"
 # List of accounts we do not want to report about
-ignorable_accounts = ["packagerbot", "zuul"]
+ignorable_accounts = ["packagerbot", "zuul", "cockpit"]
 # Temp folder to use for toddlers temp files
 temp_folder = "/var/tmp"
--- a/roles/openvpn/base/tasks/main.yml
+++ b/roles/openvpn/base/tasks/main.yml
@ -9,30 +9,8 @@
  tags:
  - openvpn
  - packages
  when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat'
- name: Install needed package (dnf)
+- name: Install ca for client
  package:
    state: present
    name:
    - openvpn
  tags:
  - openvpn
  - packages
  when: ansible_distribution_major_version|int > 7 and ansible_cmdline.ostree is not defined
 - name: Install certificate and key (rhel6)
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (RHEL6)
  when: ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat'
 - name: Install certificate and key (rhel7+) for client
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/client/ca.crt
        owner=root group=root mode=0600
@ -41,20 +19,8 @@
  - openvpn
  #notify:
  #- restart openvpn (RHEL7+)
  when: ( ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' ) and ansible_cmdline.ostree is not defined
- name: Install certificate and key (Fedora) for client
+- name: Install ca for server
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/client/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (Fedora)
  when: ( ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' ) and ansible_cmdline.ostree is not defined
 - name: Install certificate and key (fedora) for server
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/server/ca.crt
        owner=root group=root mode=0600
@ -63,18 +29,6 @@
  - openvpn
  #notify:
  #- restart openvpn (Fedora)
  when: ( ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' ) and ansible_cmdline.ostree is not defined
 - name: Install certificate and key (rhel7+) for server
  copy: src={{ private }}/files/vpn/pki/ca.crt
        dest=/etc/openvpn/server/ca.crt
        owner=root group=root mode=0600
  tags:
  - install
  - openvpn
  #notify:
  #- restart openvpn (RHEL7+)
  when: ( ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat' ) and ansible_cmdline.ostree is not defined
 - name: Install certificate and key (rhel7 or fedora) for server
  copy: src={{ private }}/files/vpn/pki/ca.crt
--- a/roles/openvpn/client/tasks/main.yml
+++ b/roles/openvpn/client/tasks/main.yml
@ -9,29 +9,8 @@
  tags:
  - packages
  - openvpn
  when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat'
- name: Install needed packages
+- name: Install main config file
  package:
    state: present
    name:
    - openvpn
  tags:
  - packages
  - openvpn
  when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined
 - name: Install needed packages
  package:
    state: present
    name:
    - openvpn
  tags:
  - packages
  - openvpn
  when: ansible_distribution_major_version|int > 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined
 - name: Install main config file (rhel7 and fedora)
  template: src=client.conf
            dest=/etc/openvpn/client/openvpn.conf
            owner=root group=root mode=0644
@ -41,7 +20,6 @@
 #  notify:
 #  - restart openvpn (Fedora)
 #  - restart openvpn (RHEL6+)
  when: (ansible_distribution == 'RedHat' or ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined
 - name: Install configuration files (rhel7 and fedora)
  copy: src={{ item.file }}
@ -60,46 +38,9 @@
 #  notify:
 #  - restart openvpn (Fedora)
 #  - restart openvpn (RHEL7)
  when: (ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat') or (ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora') and ansible_cmdline.ostree is not defined
 - name: Install configuration files (rhel6)
  copy: src={{ item.file }}
        dest={{ item.dest }}
        owner=root group=root mode={{ item.mode }}
  with_items:
  - { file: client.conf,
      dest: /etc/openvpn/openvpn.conf,
      mode: '0644' }
  - { file: "{{ private }}/files/vpn/pki/issued/{{ inventory_hostname }}.crt",
      dest: "/etc/openvpn/client.crt",
      mode: '0600' }
  - { file: "{{ private }}/files/vpn/pki/private/{{ inventory_hostname }}.key",
      dest: "/etc/openvpn/client.key",
      mode: '0600' }
  tags:
  - install
  - openvpn
 #  notify:
 #  - restart openvpn (RHEL6)
  when: (ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat') and ansible_cmdline.ostree is not defined
 - name: enable openvpn service for rhel 6
  service: name=openvpn state=started enabled=true
  when: ansible_distribution_major_version|int == 6 and ansible_distribution == 'RedHat'
  tags:
  - service
  - openvpn
 - name: Make sure old openvpn is not running in rhel 7
  service: name=openvpn@openvpn state=stopped enabled=false
  when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat'
  tags:
  - service
  - openvpn
 - name: Make sure openvpn is running in rhel 7+
  service: name=openvpn-client@openvpn state=started enabled=true
  when: ansible_distribution_major_version|int >= 7 and ansible_distribution == 'RedHat'
  tags:
  - service
  - openvpn
--- a/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/aarch64-test01.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.21 192.168.100.21
--- a/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/el7-test.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.18 192.168.100.18
--- a/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/el8-test.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.19 192.168.100.19
--- a/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/f32-test.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.14 192.168.100.14
--- a/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/f33-test.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.15 192.168.100.15
--- a/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/f34-test.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.16 192.168.100.16
--- a/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/ppc64le-test.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.20 192.168.100.20
--- a/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org
+++ b/roles/openvpn/server/files/ccd/rawhide-test.fedorainfracloud.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.17 192.168.100.17
--- a/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr01.rdu-cc.fedoraproject.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.22 192.168.100.22
--- a/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr02.rdu-cc.fedoraproject.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.23 192.168.100.23
--- a/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr03.rdu-cc.fedoraproject.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.24 192.168.100.24
--- a/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org
+++ b/roles/openvpn/server/files/ccd/vmhost-x86-copr04.rdu-cc.fedoraproject.org
@ -0,0 +1,2 @@
 # ifconfig-push actualIP PtPIP
 ifconfig-push 192.168.100.25 192.168.100.25
--- a/roles/people/files/make-people-page.py
+++ b/roles/people/files/make-people-page.py
@ -178,8 +178,14 @@ for hdir in homedirs:
        continue
    user["name"] = pwentry.pw_gecos
-    user["has_public_html"] = (hdir / "public_html").is_dir()
+    try:
-    user["has_public_git"] = (hdir / "public_git").is_dir()
+        user["has_public_html"] = (hdir / "public_html").is_dir()
    except PermissionError:
        user["has_public_html"] = False
    try:
        user["has_public_git"] = (hdir / "public_git").is_dir()
    except PermissionError:
        user["has_public_git"] = False
    user["email_hash"] = hashlib.md5(
        f"{user['name'].lower()}@fedoraproject.org".encode("utf-8")
    ).hexdigest()
@ -201,11 +207,16 @@ out_file_grp = grp.getgrnam("web").gr_gid
 with open(out_file, "w", encoding="utf-8") as handle:
    handle.write(page_output)
-# keep current owner uid
+# The code below was present originally, however the cron job is ran under the
-st = out_file.stat()
+# `apache` user so it is not clear what this was meant to do.
-out_file_uid = st.st_uid
+# This is being kept here for convenience in case we need to re-activate this
 # code, down the line this should just be removed.
 # keep current owner uid
 #st = out_file.stat()
 #out_file_uid = st.st_uid
 #
 # give write permissions to group
-out_file.chmod(st.st_mode | stat.S_IWGRP)
+#out_file.chmod(st.st_mode | stat.S_IWGRP)
 # chown out file to group
-os.chown(out_file, out_file_uid, out_file_grp)
+#os.chown(out_file, out_file_uid, out_file_grp)
--- a/roles/web-data-analysis/files/mirrorlist.py
+++ b/roles/web-data-analysis/files/mirrorlist.py
@ -214,6 +214,12 @@ repo_dict = {
    "31" : "f31",
    "32" : "f32",
    "33" : "f33",
    "34" : "f34",
    "35" : "f35",
    "36" : "f36",
    "37" : "f37",
    "38" : "f38",
    "39" : "f39",
    "6.89" : "f07",
    "6.90" : "f07",
    "6.91" : "f07",
@ -320,6 +326,12 @@ repo_dict = {
    'f31'       : 'f31',
    'f32'       : 'f32',
    'f33'       : 'f33',
    'f34'       : 'f34',
    'f35'       : 'f35',
    'f36'       : 'f36',
    'f37'       : 'f37',
    'f38'       : 'f38',
    'f39'       : 'f39',
    'fmodular27' : 'modular_f27',
    'fmodular28' : 'modular_f28',
    'fmodular29' : 'modular_f29',
@ -334,6 +346,12 @@ repo_dict = {
    'modularf31' : 'modular_f31',
    'modularf32' : 'modular_f32',
    'modularf33' : 'modular_f33',
    'modularf34' : 'modular_f34',
    'modularf35' : 'modular_f35',
    'modularf36' : 'modular_f36',
    'modularf37' : 'modular_f37',
    'modularf38' : 'modular_f38',
    'modularf39' : 'modular_f39',
    'rhel4'     : 'rhel4',
    'rhel5'     : 'rhel5',
    'rhel6'     : 'rhel6',
--- a/roles/web-data-analysis/files/mirrors-data.awk
+++ b/roles/web-data-analysis/files/mirrors-data.awk
@ -7,6 +7,7 @@ BEGIN{
    epel6=0;
    epel7=0;
    epel8=0;
    epel9=0;
    f03=0;
    f04=0;
    f05=0;
@ -38,6 +39,12 @@ BEGIN{
    f31=0;
    f32=0;
    f33=0;
    f34=0;
    f35=0;
    f36=0;
    f37=0;
    f38=0;
    f39=0;
    rawhide=0;
    rawhide_modular=0;
    modular_f27=0;
@ -47,6 +54,12 @@ BEGIN{
    modular_f31=0;
    modular_f32=0;
    modular_f33=0;
    modular_f34=0;
    modular_f35=0;
    modular_f36=0;
    modular_f37=0;
    modular_f38=0;
    modular_f39=0;
    modular=0;
    unknown_release = 0;
    # arch
@ -73,7 +86,7 @@ BEGIN{
    unknown_arch = 0;
    centos = 0;
    rhel = 0;
-    print olddate ",02-epel4,03-epel5,04-epel6,05-epel7,06-f03,07-f04,08-f05,09-f06,10-f07,11-f08,12-f09,13-f10,14-f11,15-f12,16-f13,17-f14,18-f15,19-f16,20-f17,21-f18,22-f19,23-f20,24-f21,25-f22,26-f23,27-f24,28-f25,29-f26,30-f27,31-f28,32-f29,33-rawhide,34-unk_rel,35-epel,36-fedora,37-alpha,38-arm,39-arm64,40-ia64,41-mips,42-ppc,43-s390,44-sparc,45-tilegx,46-x86_32,47-x86_64,48-x86_32_e,49-x86_32_f,50-x86_64_e,51-x86_64_f,52-ppc_e,53-ppc_f,54-unk_arc,55-centos,56-rhel,57-ppc64,58-ppc64le,59-modular,60-modular_rawhide,61-modular_f27,62-modular_f28,63-modular_f29,64-modular_f30,65-f30,66-f31,67-f32,68-f33,69-modular_f31,70-modular_f32,71-modular_f33,72-epel8";
+    print olddate ",02-epel4,03-epel5,04-epel6,05-epel7,06-f03,07-f04,08-f05,09-f06,10-f07,11-f08,12-f09,13-f10,14-f11,15-f12,16-f13,17-f14,18-f15,19-f16,20-f17,21-f18,22-f19,23-f20,24-f21,25-f22,26-f23,27-f24,28-f25,29-f26,30-f27,31-f28,32-f29,33-rawhide,34-unk_rel,35-epel,36-fedora,37-alpha,38-arm,39-arm64,40-ia64,41-mips,42-ppc,43-s390,44-sparc,45-tilegx,46-x86_32,47-x86_64,48-x86_32_e,49-x86_32_f,50-x86_64_e,51-x86_64_f,52-ppc_e,53-ppc_f,54-unk_arc,55-centos,56-rhel,57-ppc64,58-ppc64le,59-modular,60-modular_rawhide,61-modular_f27,62-modular_f28,63-modular_f29,64-modular_f30,65-f30,66-f31,67-f32,68-f33,69-modular_f31,70-modular_f32,71-modular_f33,72-epel8,73-epel9,74-f34,75-f35,76-f36,77-f37,78-f38,79-f39,80-modular_f34,81-modular_f35,82-modular_f36,83-modular_f37,84-modular_f38,85-modular_f39";
    olddate="1970-01-02";
 }
@ -84,6 +97,7 @@ BEGIN{
 	else if ($3 ~"epel6")  { epel6=epel6+1; epel=epel+1}
 	else if ($3 ~"epel7")  { epel7=epel7+1; epel=epel+1}
 	else if ($3 ~"epel8")  { epel8=epel8+1; epel=epel+1}
 	else if ($3 ~"epel9")  { epel9=epel9+1; epel=epel+1}
 	else if ($3 ~"modular_f27") { modular_f27=modular_f27+1; modular=modular+1; }
 	else if ($3 ~"modular_f28") { modular_f28=modular_f28+1; modular=modular+1; }
 	else if ($3 ~"modular_f29") { modular_f29=modular_f29+1; modular=modular+1; }
@ -91,6 +105,12 @@ BEGIN{
 	else if ($3 ~"modular_f31") { modular_f31=modular_f31+1; modular=modular+1; }
 	else if ($3 ~"modular_f32") { modular_f32=modular_f32+1; modular=modular+1; }
 	else if ($3 ~"modular_f33") { modular_f33=modular_f33+1; modular=modular+1; }
 	else if ($3 ~"modular_f34") { modular_f34=modular_f34+1; modular=modular+1; }
 	else if ($3 ~"modular_f35") { modular_f35=modular_f35+1; modular=modular+1; }
 	else if ($3 ~"modular_f36") { modular_f36=modular_f36+1; modular=modular+1; }
 	else if ($3 ~"modular_f37") { modular_f37=modular_f37+1; modular=modular+1; }
 	else if ($3 ~"modular_f38") { modular_f38=modular_f38+1; modular=modular+1; }
 	else if ($3 ~"modular_f39") { modular_f39=modular_f39+1; modular=modular+1; }
 	else if ($3 ~"f03")     { f03=f03+1; fedora=fedora+1}
 	else if ($3 ~"f04")     { f04=f04+1; fedora=fedora+1}
 	else if ($3 ~"f05")     { f05=f05+1; fedora=fedora+1}
@ -122,6 +142,12 @@ BEGIN{
 	else if ($3 ~"f31")     { f31=f31+1; fedora=fedora+1}
 	else if ($3 ~"f32")     { f32=f32+1; fedora=fedora+1}
 	else if ($3 ~"f33")     { f33=f33+1; fedora=fedora+1}
 	else if ($3 ~"f34")     { f34=f34+1; fedora=fedora+1}
 	else if ($3 ~"f35")     { f35=f35+1; fedora=fedora+1}
 	else if ($3 ~"f36")     { f36=f36+1; fedora=fedora+1}
 	else if ($3 ~"f37")     { f37=f37+1; fedora=fedora+1}
 	else if ($3 ~"f38")     { f38=f38+1; fedora=fedora+1}
 	else if ($3 ~"f39")     { f39=f39+1; fedora=fedora+1}
 	else if ($3 ~"rawhide_modular") { rawhide_modular=rawhide_modular+1; rawhide=rawhide+1; modular=modular+1; fedora=fedora+1}
 	else if ($3 ~"rawhide") { rawhide=rawhide+1; fedora=fedora+1}
 	else if ($3 ~"modular") { modular=modular+1; fedora=fedora+1 }
@ -165,7 +191,7 @@ BEGIN{
 	else                   {unknown_arch = unknown_arch +1; };
    } else {
 	if ( olddate !~ "1970-01-01" ) {
-	  print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29  "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 ;
+	  print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29  "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 "," epel9 "," f34 "," f35 "," f36 "," f37 "," f38 "," f39 "," modular_f34 "," modular_f35 "," modular_f36 "," modular_f37 "," modular_f38 "," modular_f39 ;
 	};
 	olddate=$1
    epel=0;
@ -246,7 +272,7 @@ BEGIN{
 }
 END {
-	  print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29  "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 ;
+	  print olddate "," epel4 "," epel5 "," epel6 "," epel7 "," f03 "," f04 "," f05 "," f06 "," f07 "," f08 "," f09 "," f10 "," f11 "," f12 "," f13 "," f14 "," f15 "," f16 "," f17 "," f18 "," f19 "," f20 "," f21 "," f22 "," f23 "," f24 "," f25 "," f26 "," f27 "," f28 "," f29 "," rawhide "," unknown_release "," epel "," fedora "," alpha "," arm "," arm64 "," ia64 "," mips "," ppc "," s390 "," sparc "," tilegx "," x86_32 "," x86_64 "," x86_32_e "," x86_32_f "," x86_64_e "," x86_64_f "," ppc_e "," ppc_f "," unknown_arch "," centos "," rhel "," ppc64 "," ppc64le "," modular "," rawhide_modular "," modular_f27 "," modular_f28 "," modular_f29  "," modular_f30 "," f30 "," f31 "," f32 "," f33 "," modular_f31 "," modular_f32 "," modular_f33 "," epel8 "," epel9 "," f34 "," f35 "," f36 "," f37 "," f38 "," f39 "," modular_f34 "," modular_f35 "," modular_f36 "," modular_f37 "," modular_f38 "," modular_f39 ;
 }
`@ -1,3 +1,2 @@`
	`datacenter: aws`	`datacenter: aws`
	`inventory_hostname: "aarch64-test01.fedorainfracloud.org"`	`inventory_hostname: "aarch64-test01.fedorainfracloud.org"`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.21 192.168.100.21`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.18 192.168.100.18`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.19 192.168.100.19`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.14 192.168.100.14`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.15 192.168.100.15`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.16 192.168.100.16`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.20 192.168.100.20`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.17 192.168.100.17`
		`@ -0,0 +1,2 @@`
							`# ifconfig-push actualIP PtPIP`
							`ifconfig-push 192.168.100.22 192.168.100.22`