More downloadXX fun

2014-05-15 03:29:43 +00:00 · 2014-05-15 03:29:43 +00:00 · 989f4f1e6b
commit 989f4f1e6b
parent e5ed01f1ae
11 changed files with 384 additions and 2 deletions
--- a/playbooks/groups/download.yml
+++ b/playbooks/groups/download.yml
@ -26,6 +26,9 @@
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

+  vars:
+  - rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
+
  roles:
  - base
  - rkhunter
--- a/roles/download/files/httpd/dl.fedoraproject.org.conf
+++ b/roles/download/files/httpd/dl.fedoraproject.org.conf
@ -0,0 +1,30 @@
+<VirtualHost *:80>
+  ServerName dl.fedoraproject.org
+  ServerAlias alt.fedoraproject.org archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org
+  ServerAdmin webmaster@fedoraproject.org
+  TraceEnable Off
+
+
+  Include "conf.d/dl.fedoraproject.org/*.conf"
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName dl.fedoraproject.org
+  ServerAlias alt.fedoraproject.org archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org
+  ServerAdmin webmaster@fedoraproject.org
+
+
+  SSLEngine on
+  SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
+  SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
+  SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
+  SSLHonorCipherOrder On
+
+  # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
+  # If you change the protocols or cipher suites, you should probably update
+  # modules/squid/files/squid.conf-el6 too, to keep it in sync.
+  SSLProtocol +SSLv3 +TLSv1
+  SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-SEED-SHA:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:CAMELLIA256-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:SEED-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA
+
+  Include "conf.d/dl.fedoraproject.org/*.conf"
+</VirtualHost>
--- a/roles/download/files/httpd/logs.conf
+++ b/roles/download/files/httpd/logs.conf
@ -0,0 +1,2 @@
+CustomLog "logs/dl.fedoraproject.org-access.log" combined
+ErrorLog "logs/dl.fedoraproject.org-error.log"
--- a/roles/download/files/httpd/rewrite.conf
+++ b/roles/download/files/httpd/rewrite.conf
@ -0,0 +1,2 @@
+RewriteEngine On
+RewriteRule ^/$ /pub [R=302,L]
--- a/roles/download/files/httpd/robots.conf
+++ b/roles/download/files/httpd/robots.conf
@ -0,0 +1 @@
+Alias /robots.txt /srv/web/robots.txt.dl.fedoraproject.org
--- a/roles/download/files/httpd/secondary.conf
+++ b/roles/download/files/httpd/secondary.conf
@ -0,0 +1,13 @@
+Alias /pub /srv/pub
+
+DocumentRoot /srv/web
+
+<Directory /srv/pub>
+  Options Indexes FollowSymLinks
+  HeaderName /HEADER.html
+  ReadmeName /FOOTER.html
+</Directory>
+
+<Directory /srv/pub/archive>
+  ReadmeName /pub/archive/README.html
+</Directory>
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@ -29,4 +29,16 @@

 - name: NFS mount points (rdu)
  mount: name=/srv/pub src=172.31.1.10:/vol/fedora_ftp/fedora.redhat.com/pub fstype=nfs opts=defaults,ro,noatime,nodev,nosuid,hard,intr,nfsvers=3 state=mounted
-  when: datacenter == 'phx2'
+  when: datacenter == 'rdu'
+
+- name: Copy wildcard cert from puppet private
+  copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
+
+- name: Copy wildcard key from puppet private
+  copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
+
+- name: Copy intermediate wildcard cert from puppet private
+  copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
+
+- name: Configure httpd
+  copy: src=httpd/ dest=/etc/httpd/conf.d/
--- a/roles/rsyncd/files/rsyncd.conf.download-ibiblio
+++ b/roles/rsyncd/files/rsyncd.conf.download-ibiblio
@ -0,0 +1,105 @@
+#download-rdu
+pid file = /var/run/rsyncd.pid
+syslog facility = daemon
+max connections = 15
+timeout = 600
+use chroot = yes
+uid = nobody
+gid = nobody
+#transfer logging = false
+motd file = /etc/motd_fedora
+log file = /var/log/rsyncd-fedora.log
+
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
+exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
+ignore nonreadable = yes
+list = true
+read only = yes
+refuse options = checksum
+
+[ fedora-alt ]
+        comment = non-Fedora Alternative Content
+        path = /srv/pub/alt
+
+# [fedora-archive]
+#         comment = Fedora Release Archives
+#         path = /srv/pub/archive
+     
+[ fedora-enchilada ]
+        comment = Fedora - The whole enchilada
+        path = /srv/pub/fedora
+
+[ fedora-buffet ]
+        comment = Fedora - The whole buffet. All you can eat.
+        path = /srv/pub
+
+[ fedora-epel ]
+        comment = Extra Packages for Enterprise Linux
+        path = /srv/pub/epel
+
+[ fedora-linux-releases ]
+        comment = Fedora Linux Releases
+        path = /srv/pub/fedora/linux/releases
+
+[ fedora-linux-development ]
+        comment = Fedora Linux Development
+        path = /srv/pub/fedora/linux/development
+
+[ fedora-linux-updates ]
+        comment = Fedora Linux Updates
+        path = /srv/pub/fedora/linux/updates
+
+# [fedora-secondary]
+#         comment = Fedora Secondary Archs
+#         path = /srv/pub/fedora-secondary
+
+[ fedora-stage ]
+        comment = Staging directory
+	path = /srv/pub/alt/stage/
+
+##
+## The following are not seen and are limited by IP.
+##
+## All entries should be hostnames that resolve to the reverse dns not ips
+
+[fedora-enchilada0]
+       comment = Fedora Enchilada for Tier0|1 Mirrors
+       path = /srv/pub/fedora/
+       list = no
+       uid = 263
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-buffet0]
+       comment = Fedora Buffet for Tier0|1 Mirrors
+       path = /srv/pub/
+       list = no
+       uid = 263
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-epel0]
+       comment = Fedora EPEL for Tier0|1 Mirrors
+       path = /srv/pub/epel/
+       list = no
+       uid = 263
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18  mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-alt0]
+       comment = Fedora ALT for Tier0|1 Mirrors
+       path = /srv/pub/alt/
+       list = no 
+       uid = 100103
+       gid = 101737
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18  mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+# For distributing applications
+[log]
+       comment = Server Logs
+       path = /var/log
+       uid = root
+       gid = root
+       read only = yes
+       hosts allow = 10.5.126.29 192.168.1.56
+       list = no
--- a/roles/rsyncd/files/rsyncd.conf.download-phx2
+++ b/roles/rsyncd/files/rsyncd.conf.download-phx2
@ -0,0 +1,109 @@
+#download-phx
+pid file = /var/run/rsyncd.pid
+syslog facility = daemon
+max connections = 20
+timeout = 600
+use chroot = yes
+uid = nobody
+gid = nobody
+#transfer logging = false
+motd file = /etc/motd_fedora
+log file = /var/log/rsyncd-fedora.log
+
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
+exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
+ignore nonreadable = yes
+list = true
+read only = yes
+refuse options = checksum
+
+[ fedora-alt ]
+        comment = non-Fedora Alternative Content
+        path = /srv/pub/alt
+
+[fedora-archive]
+        comment = Fedora Release Archives
+        path = /srv/pub/archive
+     
+[ fedora-enchilada ]
+        comment = Fedora - The whole enchilada
+        path = /srv/pub/fedora
+
+[ fedora-buffet ]
+        comment = Fedora - The whole buffet. All you can eat.
+        path = /srv/pub
+
+[ fedora-epel ]
+        comment = Extra Packages for Enterprise Linux
+        path = /srv/pub/epel
+
+[ fedora-linux-releases ]
+        comment = Fedora Linux Releases
+        path = /srv/pub/fedora/linux/releases
+
+[ fedora-linux-development ]
+        comment = Fedora Linux Development
+        path = /srv/pub/fedora/linux/development
+
+[ fedora-linux-updates ]
+        comment = Fedora Linux Updates
+        path = /srv/pub/fedora/linux/updates
+
+[fedora-secondary]
+        comment = Fedora Secondary Archs
+        path = /srv/pub/fedora-secondary
+
+[ fedora-stage ]
+        comment = Staging directory
+	path = /srv/pub/alt/stage/
+
+[ deltaisos ]
+        comment = Delta isos
+        path = /srv/pub/alt/stage/deltaisos
+
+##
+## The following are not seen and are limited by IP.
+##
+## All entries should be hostnames that resolve to the reverse dns not ips
+
+[fedora-enchilada0]
+       comment = Fedora Enchilada for Tier0|1 Mirrors
+       path = /srv/pub/fedora/
+       list = no
+       uid = nobody
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-buffet]
+       comment = Fedora Buffet for Tier0|1 Mirrors
+       path = /srv/pub/
+       list = no
+       uid = nobody
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-epel0]
+       comment = Fedora EPEL for Tier0|1 Mirrors
+       path = /srv/pub/epel/
+       list = no
+       uid = nobody
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-alt0]
+       comment = Fedora ALT for Tier0|1 Mirrors
+       path = /srv/pub/alt/
+       list = no
+       uid = 100103
+       gid = 101737
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+# For distributing applications
+[log]
+       comment = Server Logs
+       path = /var/log
+       uid = root
+       gid = root
+       read only = yes
+       hosts allow = 10.5.126.29
+       list = no
--- a/roles/rsyncd/files/rsyncd.conf.download-rdu
+++ b/roles/rsyncd/files/rsyncd.conf.download-rdu
@ -0,0 +1,105 @@
+#download-rdu
+pid file = /var/run/rsyncd.pid
+syslog facility = daemon
+max connections = 15
+timeout = 600
+use chroot = yes
+uid = nobody
+gid = nobody
+#transfer logging = false
+motd file = /etc/motd_fedora
+log file = /var/log/rsyncd-fedora.log
+
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
+exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
+ignore nonreadable = yes
+list = true
+read only = yes
+refuse options = checksum
+
+[ fedora-alt ]
+        comment = non-Fedora Alternative Content
+        path = /srv/pub/alt
+
+[fedora-archive]
+        comment = Fedora Release Archives
+        path = /srv/pub/archive
+     
+[ fedora-enchilada ]
+        comment = Fedora - The whole enchilada
+        path = /srv/pub/fedora
+
+[ fedora-buffet ]
+        comment = Fedora - The whole buffet. All you can eat.
+        path = /srv/pub
+
+[ fedora-epel ]
+        comment = Extra Packages for Enterprise Linux
+        path = /srv/pub/epel
+
+[ fedora-linux-releases ]
+        comment = Fedora Linux Releases
+        path = /srv/pub/fedora/linux/releases
+
+[ fedora-linux-development ]
+        comment = Fedora Linux Development
+        path = /srv/pub/fedora/linux/development
+
+[ fedora-linux-updates ]
+        comment = Fedora Linux Updates
+        path = /srv/pub/fedora/linux/updates
+
+[fedora-secondary]
+        comment = Fedora Secondary Archs
+        path = /srv/pub/fedora-secondary
+
+[ fedora-stage ]
+        comment = Staging directory
+	path = /srv/pub/alt/stage/
+
+##
+## The following are not seen and are limited by IP.
+##
+## All entries should be hostnames that resolve to the reverse dns not ips
+
+[fedora-enchilada0]
+       comment = Fedora Enchilada for Tier0|1 Mirrors
+       path = /srv/pub/fedora/
+       list = no
+       uid = nobody
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-buffet0]
+       comment = Fedora Buffet for Tier0|1 Mirrors
+       path = /srv/pub/
+       list = no
+       uid = nobody
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-epel0]
+       comment = Fedora EPEL for Tier0|1 Mirrors
+       path = /srv/pub/epel/
+       list = no
+       uid = nobody
+       gid = 263
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-alt0]
+       comment = Fedora ALT for Tier0|1 Mirrors
+       path = /srv/pub/alt/
+       list = no 
+       uid = 100103
+       gid = 101737
+       hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+# For distributing applications
+[log]
+       comment = Server Logs
+       path = /var/log
+       uid = root
+       gid = root
+       read only = yes
+       hosts allow = 10.5.126.29 192.168.1.56
+       list = no
--- a/roles/rsyncd/tasks/main.yml
+++ b/roles/rsyncd/tasks/main.yml
@ -16,7 +16,7 @@
 - name: rsyncd.conf file
  copy: src={{ item }} dest=/etc/rsyncd.conf mode=644
  with_first_found:
-    - "{{ rsyncd.conf }}"
+    - "{{ rsyncd_conf }}"
    - rsyncd.conf.{{ ansible_fqdn }}
    - rsyncd.conf.{{ host_group }}
    - rsyncd.conf.default
				`@ -0,0 +1 @@`
				`Alias /robots.txt /srv/web/robots.txt.dl.fedoraproject.org`