diff --git a/playbooks/groups/download.yml b/playbooks/groups/download.yml
index 226079e1e9..80d9d2ecaf 100644
--- a/playbooks/groups/download.yml
+++ b/playbooks/groups/download.yml
@@ -26,6 +26,9 @@
- "{{ private }}/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+ vars:
+ - rsyncd_conf: "rsyncd.conf.download-{{ datacenter }}"
+
roles:
- base
- rkhunter
diff --git a/roles/download/files/httpd/dl.fedoraproject.org.conf b/roles/download/files/httpd/dl.fedoraproject.org.conf
new file mode 100644
index 0000000000..b4ba2d4506
--- /dev/null
+++ b/roles/download/files/httpd/dl.fedoraproject.org.conf
@@ -0,0 +1,30 @@
+
+ ServerName dl.fedoraproject.org
+ ServerAlias alt.fedoraproject.org archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org
+ ServerAdmin webmaster@fedoraproject.org
+ TraceEnable Off
+
+
+ Include "conf.d/dl.fedoraproject.org/*.conf"
+
+
+
+ ServerName dl.fedoraproject.org
+ ServerAlias alt.fedoraproject.org archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org
+ ServerAdmin webmaster@fedoraproject.org
+
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.cert
+ SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
+ SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedoraproject.org.intermediate.cert
+ SSLHonorCipherOrder On
+
+ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14
+ # If you change the protocols or cipher suites, you should probably update
+ # modules/squid/files/squid.conf-el6 too, to keep it in sync.
+ SSLProtocol +SSLv3 +TLSv1
+ SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-SEED-SHA:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:CAMELLIA256-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:SEED-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA
+
+ Include "conf.d/dl.fedoraproject.org/*.conf"
+
diff --git a/roles/download/files/httpd/logs.conf b/roles/download/files/httpd/logs.conf
new file mode 100644
index 0000000000..8b5ac9cde2
--- /dev/null
+++ b/roles/download/files/httpd/logs.conf
@@ -0,0 +1,2 @@
+CustomLog "logs/dl.fedoraproject.org-access.log" combined
+ErrorLog "logs/dl.fedoraproject.org-error.log"
diff --git a/roles/download/files/httpd/rewrite.conf b/roles/download/files/httpd/rewrite.conf
new file mode 100644
index 0000000000..ac0c4f1000
--- /dev/null
+++ b/roles/download/files/httpd/rewrite.conf
@@ -0,0 +1,2 @@
+RewriteEngine On
+RewriteRule ^/$ /pub [R=302,L]
diff --git a/roles/download/files/httpd/robots.conf b/roles/download/files/httpd/robots.conf
new file mode 100644
index 0000000000..b4023906ca
--- /dev/null
+++ b/roles/download/files/httpd/robots.conf
@@ -0,0 +1 @@
+Alias /robots.txt /srv/web/robots.txt.dl.fedoraproject.org
diff --git a/roles/download/files/httpd/secondary.conf b/roles/download/files/httpd/secondary.conf
new file mode 100644
index 0000000000..15dd4f7822
--- /dev/null
+++ b/roles/download/files/httpd/secondary.conf
@@ -0,0 +1,13 @@
+Alias /pub /srv/pub
+
+DocumentRoot /srv/web
+
+
+ Options Indexes FollowSymLinks
+ HeaderName /HEADER.html
+ ReadmeName /FOOTER.html
+
+
+
+ ReadmeName /pub/archive/README.html
+
diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index 8a7f67efae..639701ae4c 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -29,4 +29,16 @@
- name: NFS mount points (rdu)
mount: name=/srv/pub src=172.31.1.10:/vol/fedora_ftp/fedora.redhat.com/pub fstype=nfs opts=defaults,ro,noatime,nodev,nosuid,hard,intr,nfsvers=3 state=mounted
- when: datacenter == 'phx2'
+ when: datacenter == 'rdu'
+
+- name: Copy wildcard cert from puppet private
+ copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.cert owner=root group=root mode=0600
+
+- name: Copy wildcard key from puppet private
+ copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.key owner=root group=root mode=0600
+
+- name: Copy intermediate wildcard cert from puppet private
+ copy: src="{{puppet_private}}/httpd/wildcard-2014.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
+
+- name: Configure httpd
+ copy: src=httpd/ dest=/etc/httpd/conf.d/
diff --git a/roles/rsyncd/files/rsyncd.conf.download-ibiblio b/roles/rsyncd/files/rsyncd.conf.download-ibiblio
new file mode 100644
index 0000000000..ac4e5e0b03
--- /dev/null
+++ b/roles/rsyncd/files/rsyncd.conf.download-ibiblio
@@ -0,0 +1,105 @@
+#download-rdu
+pid file = /var/run/rsyncd.pid
+syslog facility = daemon
+max connections = 15
+timeout = 600
+use chroot = yes
+uid = nobody
+gid = nobody
+#transfer logging = false
+motd file = /etc/motd_fedora
+log file = /var/log/rsyncd-fedora.log
+
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
+exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
+ignore nonreadable = yes
+list = true
+read only = yes
+refuse options = checksum
+
+[ fedora-alt ]
+ comment = non-Fedora Alternative Content
+ path = /srv/pub/alt
+
+# [fedora-archive]
+# comment = Fedora Release Archives
+# path = /srv/pub/archive
+
+[ fedora-enchilada ]
+ comment = Fedora - The whole enchilada
+ path = /srv/pub/fedora
+
+[ fedora-buffet ]
+ comment = Fedora - The whole buffet. All you can eat.
+ path = /srv/pub
+
+[ fedora-epel ]
+ comment = Extra Packages for Enterprise Linux
+ path = /srv/pub/epel
+
+[ fedora-linux-releases ]
+ comment = Fedora Linux Releases
+ path = /srv/pub/fedora/linux/releases
+
+[ fedora-linux-development ]
+ comment = Fedora Linux Development
+ path = /srv/pub/fedora/linux/development
+
+[ fedora-linux-updates ]
+ comment = Fedora Linux Updates
+ path = /srv/pub/fedora/linux/updates
+
+# [fedora-secondary]
+# comment = Fedora Secondary Archs
+# path = /srv/pub/fedora-secondary
+
+[ fedora-stage ]
+ comment = Staging directory
+ path = /srv/pub/alt/stage/
+
+##
+## The following are not seen and are limited by IP.
+##
+## All entries should be hostnames that resolve to the reverse dns not ips
+
+[fedora-enchilada0]
+ comment = Fedora Enchilada for Tier0|1 Mirrors
+ path = /srv/pub/fedora/
+ list = no
+ uid = 263
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-buffet0]
+ comment = Fedora Buffet for Tier0|1 Mirrors
+ path = /srv/pub/
+ list = no
+ uid = 263
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-epel0]
+ comment = Fedora EPEL for Tier0|1 Mirrors
+ path = /srv/pub/epel/
+ list = no
+ uid = 263
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-alt0]
+ comment = Fedora ALT for Tier0|1 Mirrors
+ path = /srv/pub/alt/
+ list = no
+ uid = 100103
+ gid = 101737
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+# For distributing applications
+[log]
+ comment = Server Logs
+ path = /var/log
+ uid = root
+ gid = root
+ read only = yes
+ hosts allow = 10.5.126.29 192.168.1.56
+ list = no
diff --git a/roles/rsyncd/files/rsyncd.conf.download-phx2 b/roles/rsyncd/files/rsyncd.conf.download-phx2
new file mode 100644
index 0000000000..b5ca03b507
--- /dev/null
+++ b/roles/rsyncd/files/rsyncd.conf.download-phx2
@@ -0,0 +1,109 @@
+#download-phx
+pid file = /var/run/rsyncd.pid
+syslog facility = daemon
+max connections = 20
+timeout = 600
+use chroot = yes
+uid = nobody
+gid = nobody
+#transfer logging = false
+motd file = /etc/motd_fedora
+log file = /var/log/rsyncd-fedora.log
+
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
+exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
+ignore nonreadable = yes
+list = true
+read only = yes
+refuse options = checksum
+
+[ fedora-alt ]
+ comment = non-Fedora Alternative Content
+ path = /srv/pub/alt
+
+[fedora-archive]
+ comment = Fedora Release Archives
+ path = /srv/pub/archive
+
+[ fedora-enchilada ]
+ comment = Fedora - The whole enchilada
+ path = /srv/pub/fedora
+
+[ fedora-buffet ]
+ comment = Fedora - The whole buffet. All you can eat.
+ path = /srv/pub
+
+[ fedora-epel ]
+ comment = Extra Packages for Enterprise Linux
+ path = /srv/pub/epel
+
+[ fedora-linux-releases ]
+ comment = Fedora Linux Releases
+ path = /srv/pub/fedora/linux/releases
+
+[ fedora-linux-development ]
+ comment = Fedora Linux Development
+ path = /srv/pub/fedora/linux/development
+
+[ fedora-linux-updates ]
+ comment = Fedora Linux Updates
+ path = /srv/pub/fedora/linux/updates
+
+[fedora-secondary]
+ comment = Fedora Secondary Archs
+ path = /srv/pub/fedora-secondary
+
+[ fedora-stage ]
+ comment = Staging directory
+ path = /srv/pub/alt/stage/
+
+[ deltaisos ]
+ comment = Delta isos
+ path = /srv/pub/alt/stage/deltaisos
+
+##
+## The following are not seen and are limited by IP.
+##
+## All entries should be hostnames that resolve to the reverse dns not ips
+
+[fedora-enchilada0]
+ comment = Fedora Enchilada for Tier0|1 Mirrors
+ path = /srv/pub/fedora/
+ list = no
+ uid = nobody
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-buffet]
+ comment = Fedora Buffet for Tier0|1 Mirrors
+ path = /srv/pub/
+ list = no
+ uid = nobody
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-epel0]
+ comment = Fedora EPEL for Tier0|1 Mirrors
+ path = /srv/pub/epel/
+ list = no
+ uid = nobody
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-alt0]
+ comment = Fedora ALT for Tier0|1 Mirrors
+ path = /srv/pub/alt/
+ list = no
+ uid = 100103
+ gid = 101737
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+# For distributing applications
+[log]
+ comment = Server Logs
+ path = /var/log
+ uid = root
+ gid = root
+ read only = yes
+ hosts allow = 10.5.126.29
+ list = no
diff --git a/roles/rsyncd/files/rsyncd.conf.download-rdu b/roles/rsyncd/files/rsyncd.conf.download-rdu
new file mode 100644
index 0000000000..1c27580502
--- /dev/null
+++ b/roles/rsyncd/files/rsyncd.conf.download-rdu
@@ -0,0 +1,105 @@
+#download-rdu
+pid file = /var/run/rsyncd.pid
+syslog facility = daemon
+max connections = 15
+timeout = 600
+use chroot = yes
+uid = nobody
+gid = nobody
+#transfer logging = false
+motd file = /etc/motd_fedora
+log file = /var/log/rsyncd-fedora.log
+
+dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
+exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
+ignore nonreadable = yes
+list = true
+read only = yes
+refuse options = checksum
+
+[ fedora-alt ]
+ comment = non-Fedora Alternative Content
+ path = /srv/pub/alt
+
+[fedora-archive]
+ comment = Fedora Release Archives
+ path = /srv/pub/archive
+
+[ fedora-enchilada ]
+ comment = Fedora - The whole enchilada
+ path = /srv/pub/fedora
+
+[ fedora-buffet ]
+ comment = Fedora - The whole buffet. All you can eat.
+ path = /srv/pub
+
+[ fedora-epel ]
+ comment = Extra Packages for Enterprise Linux
+ path = /srv/pub/epel
+
+[ fedora-linux-releases ]
+ comment = Fedora Linux Releases
+ path = /srv/pub/fedora/linux/releases
+
+[ fedora-linux-development ]
+ comment = Fedora Linux Development
+ path = /srv/pub/fedora/linux/development
+
+[ fedora-linux-updates ]
+ comment = Fedora Linux Updates
+ path = /srv/pub/fedora/linux/updates
+
+[fedora-secondary]
+ comment = Fedora Secondary Archs
+ path = /srv/pub/fedora-secondary
+
+[ fedora-stage ]
+ comment = Staging directory
+ path = /srv/pub/alt/stage/
+
+##
+## The following are not seen and are limited by IP.
+##
+## All entries should be hostnames that resolve to the reverse dns not ips
+
+[fedora-enchilada0]
+ comment = Fedora Enchilada for Tier0|1 Mirrors
+ path = /srv/pub/fedora/
+ list = no
+ uid = nobody
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-buffet0]
+ comment = Fedora Buffet for Tier0|1 Mirrors
+ path = /srv/pub/
+ list = no
+ uid = nobody
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-che mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-epel0]
+ comment = Fedora EPEL for Tier0|1 Mirrors
+ path = /srv/pub/epel/
+ list = no
+ uid = nobody
+ gid = 263
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 129.101.198.59 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+[fedora-alt0]
+ comment = Fedora ALT for Tier0|1 Mirrors
+ path = /srv/pub/alt/
+ list = no
+ uid = 100103
+ gid = 101737
+ hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 mirrors.mit.edu solar-one.mit.edu mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com
+
+# For distributing applications
+[log]
+ comment = Server Logs
+ path = /var/log
+ uid = root
+ gid = root
+ read only = yes
+ hosts allow = 10.5.126.29 192.168.1.56
+ list = no
diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml
index a7acb0466c..ea195925d9 100644
--- a/roles/rsyncd/tasks/main.yml
+++ b/roles/rsyncd/tasks/main.yml
@@ -16,7 +16,7 @@
- name: rsyncd.conf file
copy: src={{ item }} dest=/etc/rsyncd.conf mode=644
with_first_found:
- - "{{ rsyncd.conf }}"
+ - "{{ rsyncd_conf }}"
- rsyncd.conf.{{ ansible_fqdn }}
- rsyncd.conf.{{ host_group }}
- rsyncd.conf.default