Merge branch 'master' of /git/ansible

inventory/cloud

@@ -77,5 +77,4 @@ twisted-fedora25-1.fedorainfracloud.org
 twisted-fedora25-2.fedorainfracloud.org
 twisted-rhel7-1.fedorainfracloud.org
 twisted-rhel7-2.fedorainfracloud.org
-waiverdb-dev.fedorainfracloud.org
 upstreamfirst.fedorainfracloud.org

inventory/group_vars/all

@@ -203,7 +203,7 @@ env: production
 env_suffix:
 
 # nfs mount options, override at the group/host level
-nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4"
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4.0"
 
 # by default set become to false here We can override it as needed.
 # Note that if become is true, you need to unset requiretty for

inventory/group_vars/autosign

@@ -21,7 +21,7 @@ host_group: autosign
 fedmsg_error_recipients:
 - puiterwijk@fedoraproject.org
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 # For the MOTD
 csi_security_category: High

inventory/group_vars/batcave

@@ -12,7 +12,7 @@ fas_client_groups: sysadmin-ask,sysadmin-build,sysadmin-cvs,sysadmin-main,sysadm
 
 ansible_base: /srv/web/infra
 freezes: false
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 fedmsg_certs:
 - service: shell

inventory/group_vars/bodhi-backend

@@ -42,7 +42,7 @@ fedmsg_error_recipients:
 # happens instead at the inventory/host_vars/ level since bodhi-backend03 and
 # bodhi-backend02 have different roles and responsibilities.
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 fas_client_groups: sysadmin-releng,sysadmin-bodhi
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"

inventory/group_vars/buildvm-aarch64-stg

@@ -17,7 +17,7 @@ host_group: kojibuilder
 fas_client_groups: sysadmin-releng
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 datacenter: staging
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"

inventory/group_vars/buildvm-armv7-stg

@@ -17,7 +17,7 @@ host_group: kojibuilder
 fas_client_groups: sysadmin-releng
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 datacenter: staging
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"

inventory/group_vars/buildvm-ppc64-stg

@@ -17,7 +17,7 @@ host_group: kojibuilder
 fas_client_groups: sysadmin-releng
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 datacenter: staging
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"

inventory/group_vars/buildvm-ppc64le-stg

@@ -17,7 +17,7 @@ host_group: kojibuilder
 fas_client_groups: sysadmin-releng
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 datacenter: staging
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"

inventory/group_vars/buildvm-stg

@@ -17,7 +17,7 @@ host_group: kojibuilder
 fas_client_groups: sysadmin-releng
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 datacenter: staging
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 koji_hub_nfs: "fedora_koji"
 koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"

inventory/group_vars/download-phx2

@@ -8,6 +8,6 @@ nrpe_procs_crit: 1000
 host_group: download-phx2
 
 # nfs mount options, overrides the all/default
-nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=4"
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=4.0"
 
 blocked_ips: [ '8.39.100.100', '46.29.92.6', '69.47.68.211', '83.110.159.237', '103.193.116.147', '130.193.57.106', '130.193.60.205', '158.39.4.2', '169.53.165.245', '193.52.32.69', '195.23.131.253', '198.11.167.9', '202.202.43.41' ]

inventory/group_vars/koji

@@ -41,7 +41,7 @@ fedmsg_certs:
   - buildsys.task.state.change
   - buildsys.untag
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 virt_install_command: "{{ virt_install_command_two_nic }}"
 
 osbs_url: "osbs.fedoraproject.org"

inventory/group_vars/koji-stg

@@ -35,7 +35,7 @@ fedmsg_certs:
   - buildsys.untag
 
 # NOTE -- staging mounts read-only
-nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4"
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4.0"
 # This is for mizdebsk only in stg.  Put here by threebean.  Cleared with nirik.
 sudoers: "{{ private }}/files/sudo/koji01.stg.phx2.fedoraproject.org-sudoers"
 

inventory/group_vars/releng-compose

@@ -20,7 +20,7 @@ fas_client_groups: sysadmin-releng
 freezes: true
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 # For the mock config
 kojipkgs_url: kojipkgs.fedoraproject.org

inventory/group_vars/releng-secondary

@@ -11,7 +11,7 @@ dns: 10.5.126.21
 nrpe_procs_warn: 900
 nrpe_procs_crit: 1000
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 fas_client_groups: sysadmin-releng,sysadmin-secondary,sysadmin-noc,sysadmin-veteran
 sudoers: "{{ private }}/files/sudo/00releng-sudoers"

inventory/group_vars/releng-stg

@@ -3,7 +3,7 @@ koji_server_url: "https://koji.stg.fedoraproject.org/kojihub"
 koji_weburl: "https://koji.stg.fedoraproject.org/koji"
 koji_topurl: "https://kojipkgs.fedoraproject.org/"
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 mem_size: 8192
 num_cpus: 4

inventory/group_vars/runroot

@@ -3,4 +3,4 @@
 # We need to mount koji storage rw here so run_root can work. 
 # The rest of the group can be ro, it's only builders in the 
 # compose channel that need a rw mount
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"

inventory/group_vars/secondary

@@ -6,7 +6,7 @@ nrpe_procs_warn: 900
 nrpe_procs_crit: 1000
 
 # nfs mount options, overrides the all/default
-nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=4"
+nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=4.0"
 
 fas_client_groups: sysadmin-noc,alt-sugar,alt-k12linux,altvideos,hosted-content,mips-content,s390_content,fi-apprentice,qa-deltaisos,sysadmin-veteran
 

inventory/group_vars/wiki

@@ -31,7 +31,7 @@ fedmsg_certs:
   - wiki.article.edit
   - wiki.upload.complete
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4,minorversion=0"
 
 csi_security_category: Moderate
 csi_primary_contact: "#fedora-admin"

inventory/group_vars/wiki-stg

@@ -29,4 +29,4 @@ fedmsg_certs:
   - wiki.article.edit
   - wiki.upload.complete
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"

inventory/host_vars/data-analysis01.phx2.fedoraproject.org

@@ -5,7 +5,7 @@ freezes: false
 # this box mounts a large share from the netapp to store combined http
 # logs from the proxies.
 
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 # general configs
 nrpe_procs_warn: 900

inventory/host_vars/mm-backend01.phx2.fedoraproject.org

@@ -13,7 +13,7 @@ vmhost: virthost03.phx2.fedoraproject.org
 datacenter: phx2
 
 # nfs mount options, overrides the all/default
-nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=4"
+nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=4.0"
 
 # We define this here to override the global one because we need eth1
 virt_install_command: "{{ virt_install_command_two_nic }}"

inventory/host_vars/mm-backend01.stg.phx2.fedoraproject.org

@@ -14,7 +14,7 @@ vmhost: virthost16.phx2.fedoraproject.org
 datacenter: phx2
 
 # nfs mount options, overrides the all/default
-nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=4"
+nfs_mount_opts: "ro,hard,bg,intr,nodev,nosuid,nfsvers=4.0"
 
 # We define this here to override the global one because we need eth1
 virt_install_command: "{{ virt_install_command_two_nic }}"

inventory/host_vars/pkgs02.phx2.fedoraproject.org

@@ -17,7 +17,7 @@ num_cpus: 8
 virt_install_command: "{{ virt_install_command_two_nic }}"
 
 host_backup_targets: ['/srv']
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
 
 ssh_hostnames:
 - pkgs.fedoraproject.org

inventory/host_vars/upstreamfirst.fedorainfracloud.org

@@ -30,6 +30,8 @@ cloud_networks:
 ############################################################
 
 tcp_ports: [ 22, 25, 80, 443, 9418,
+    # this is used for postgres access from docker
+    5432,
     # Used for the eventsource server
     8088,
     # This is for the pagure public fedmsg relay

inventory/inventory

@@ -1155,8 +1155,6 @@ iddev.fedorainfracloud.org
 commops.fedorainfracloud.org
 # respins
 respins.fedorainfracloud.org
-# waiverdb-dev - ticket 6009
-waiverdb-dev.fedorainfracloud.org
 # hubs-dev
 hubs-dev.fedorainfracloud.org
 # upstreamfirst - ticket 6066

master.yml

@@ -156,4 +156,3 @@
 - include: /srv/web/infra/ansible/playbooks/hosts/taigastg.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/testdays.fedorainfracloud.org.yml
 - include: /srv/web/infra/ansible/playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml
-- include: /srv/web/infra/ansible/playbooks/hosts/waiverdb-dev.fedorainfracloud.org.yml

playbooks/groups/backup-server.yml

@@ -23,7 +23,7 @@
   - collectd/base
   - { role: nfs/client,
       mnt_dir: '/fedora_backups',
-      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
+      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0",
       nfs_src_dir: 'fedora_backups' }
   - openvpn/client
 

playbooks/groups/gnome-backups.yml

@@ -21,7 +21,7 @@
   - gnome_backups
   - { role: nfs/client,
       mnt_dir: '/gnome_backups',
-      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
+      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0",
       nfs_src_dir: 'gnome_backups' }
 
   tasks:

playbooks/groups/logserver.yml

@@ -59,7 +59,7 @@
   - cloudstats
   - role: nfs/client
     mnt_dir: '/mnt/fedora_stats'
-    nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+    nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
     nfs_src_dir: 'fedora_stats'
 
   handlers:

playbooks/groups/pkgs.yml

@@ -32,11 +32,11 @@
   - { role: nfs/client,
       when: env != "staging",
       mnt_dir: '/srv/cache/lookaside',
-      nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4' }
+      nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0' }
   - { role: nfs/client,
       when: env == "staging" and inventory_hostname.startswith('pkgs02'),
       mnt_dir: '/srv/cache/lookaside_prod',
-      nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4' }
+      nfs_src_dir: 'fedora_sourcecache', nfs_mount_opts='ro,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0' }
   - role: distgit/pagure
   - role: distgit
     tags: distgit

playbooks/groups/secondary.yml

@@ -25,11 +25,11 @@
       nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/archive' }
   - { role: nfs/client,
       mnt_dir: '/srv/pub/alt',
-      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
+      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0",
       nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/alt' }
   - { role: nfs/client,
       mnt_dir: '/srv/pub/fedora-secondary',
-      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4",
+      nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0",
       nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub/fedora-secondary' }
 
   - role: apache

playbooks/groups/taskotron.yml

@@ -49,9 +49,9 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   roles:
-   - { role: nfs/client, mnt_dir: '/srv/taskotron/',  nfs_src_dir: 'fedora_taskotron_dev', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4,sec=sys', when: deployment_type == 'dev' }
-   - { role: nfs/client, mnt_dir: '/srv/taskotron/',  nfs_src_dir: 'fedora_taskotron_stg', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4,sec=sys', when: deployment_type == 'stg' }
-   - { role: nfs/client, mnt_dir: '/srv/taskotron/',  nfs_src_dir: 'fedora_taskotron_prod', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4,sec=sys', when: deployment_type == 'prod' }
+   - { role: nfs/client, mnt_dir: '/srv/taskotron/',  nfs_src_dir: 'fedora_taskotron_dev', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4.0,sec=sys', when: deployment_type == 'dev' }
+   - { role: nfs/client, mnt_dir: '/srv/taskotron/',  nfs_src_dir: 'fedora_taskotron_stg', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4.0,sec=sys', when: deployment_type == 'stg' }
+   - { role: nfs/client, mnt_dir: '/srv/taskotron/',  nfs_src_dir: 'fedora_taskotron_prod', nfs_mount_opts: 'rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=4.0,sec=sys', when: deployment_type == 'prod' }
    - { role: taskotron/grokmirror, tags: ['grokmirror'] }
 #   - { role: taskotron/cgit, tags: ['cgit'] }
    - { role: taskotron/buildmaster, tags: ['buildmaster'] }

playbooks/hosts/data-analysis01.phx2.fedoraproject.org.yml

@@ -51,7 +51,7 @@
   roles:
    - role: nfs/client
      mnt_dir: '/mnt/fedora_stats'
-     nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4"
+     nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=4.0"
      nfs_src_dir: 'fedora_stats'
    - geoip
 

playbooks/hosts/upstreamfirst.fedorainfracloud.org.yml

@@ -71,3 +71,19 @@
 
   handlers:
   - include: "{{ handlers_path }}/restart_services.yml"
+
+- name: deploy ufmonitor
+  hosts: upstreamfirst.fedorainfracloud.org
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
+
+  roles:
+      - { role: ufmonitor, tags: ['ufmonitor'] }
+
+  handlers:
+  - include: "{{ handlers_path }}/restart_services.yml"

playbooks/hosts/waiverdb-dev.fedorainfracloud.org.yml

@@ -1,37 +0,0 @@
-- name: check/create instance
-  hosts: waiverdb-dev.fedorainfracloud.org
-  gather_facts: False
-
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/web/infra/ansible/vars/fedora-cloud.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-
-  tasks:
-  - include: "{{ tasks_path }}/persistent_cloud.yml"
-
-  handlers:
-  - include: "{{ handlers_path }}/restart_services.yml"
-
-- name: setup all the things
-  hosts: waiverdb-dev.fedorainfracloud.org
-  gather_facts: True
-  vars_files:
-   - /srv/web/infra/ansible/vars/global.yml
-   - /srv/private/ansible/vars.yml
-   - /srv/private/ansible/files/openstack/passwords.yml
-   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
-
-  pre_tasks:
-  - include: "{{ tasks_path }}/cloud_setup_basic.yml"
-  - name: set hostname (required by some services, at least postfix need it)
-    hostname: name="{{inventory_hostname}}"
-
-  handlers:
-  - include: "{{ handlers_path }}/restart_services.yml"
-
-  roles:
-  - basessh
-  - nginx
-  - waiverdb

roles/bodhi2/backend/tasks/main.yml

@@ -31,6 +31,13 @@
   - packages
   - bodhi
 
+- name: install python3-ccolutils on fedora bodhi backends
+  package: pkg=python3-cccolutils state=present
+  when: inventory_hostname.startswith('bodhi-backend01')
+  tags:
+  - packages
+  - bodhi
+
 - name: install ostree
   package: pkg=ostree state=present
   when: inventory_hostname.startswith('bodhi-backend01')

roles/copr/backend/files/provision/files/mock/fedora-27-i386.cfg

@@ -0,0 +1,72 @@
+config_opts['root'] = 'fedora-27-i386'
+config_opts['target_arch'] = 'i686'
+config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
+config_opts['dist'] = 'fc27'  # only useful for --resultdir variable subst
+config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
+config_opts['releasever'] = '27'
+config_opts['package_manager'] = 'dnf'
+
+config_opts['yum.conf'] = """
+[main]
+keepcache=1
+debuglevel=2
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+install_weak_deps=0
+metadata_expire=0
+mdpolicy=group:primary
+best=1
+
+# repos
+
+[fedora]
+name=fedora
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+failovermethod=priority
+gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-27-primary
+gpgcheck=1
+
+[updates]
+name=updates
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
+failovermethod=priority
+gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-27-primary
+gpgcheck=1
+
+[updates-testing]
+name=updates-testing
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[local]
+name=local
+baseurl=https://kojipkgs.fedoraproject.org/repos/f27-build/latest/i386/
+cost=2000
+enabled=0
+
+[fedora-debuginfo]
+name=fedora-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-debuginfo]
+name=updates-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-testing-debuginfo]
+name=updates-testing-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+"""

roles/copr/backend/files/provision/files/mock/fedora-27-ppc64le.cfg

@@ -0,0 +1,72 @@
+config_opts['root'] = 'fedora-27-ppc64le'
+config_opts['target_arch'] = 'ppc64le'
+config_opts['legal_host_arches'] = ('ppc64le',)
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
+config_opts['dist'] = 'fc27'  # only useful for --resultdir variable subst
+config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
+config_opts['releasever'] = '27'
+config_opts['package_manager'] = 'dnf'
+
+config_opts['yum.conf'] = """
+[main]
+keepcache=1
+debuglevel=1
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+install_weak_deps=0
+metadata_expire=0
+mdpolicy=group:primary
+best=1
+
+# repos
+
+[fedora]
+name=fedora
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+failovermethod=priority
+gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-27-primary
+gpgcheck=1
+
+[updates]
+name=updates
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
+failovermethod=priority
+gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-27-primary
+gpgcheck=1
+
+[updates-testing]
+name=updates-testing
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[local]
+name=local
+baseurl=http://ppcpkgs.fedoraproject.org/repos/f27-build/latest/ppc64le/
+cost=2000
+enabled=0
+
+[fedora-debuginfo]
+name=fedora-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-debuginfo]
+name=updates-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-testing-debuginfo]
+name=updates-testing-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+"""

roles/copr/backend/files/provision/files/mock/fedora-27-x86_64.cfg

@@ -0,0 +1,72 @@
+config_opts['root'] = 'fedora-27-x86_64'
+config_opts['target_arch'] = 'x86_64'
+config_opts['legal_host_arches'] = ('x86_64',)
+config_opts['chroot_setup_cmd'] = 'install @buildsys-build'
+config_opts['dist'] = 'fc27'  # only useful for --resultdir variable subst
+config_opts['extra_chroot_dirs'] = [ '/run/lock', ]
+config_opts['releasever'] = '27'
+config_opts['package_manager'] = 'dnf'
+
+config_opts['yum.conf'] = """
+[main]
+keepcache=1
+debuglevel=2
+reposdir=/dev/null
+logfile=/var/log/yum.log
+retries=20
+obsoletes=1
+gpgcheck=0
+assumeyes=1
+syslog_ident=mock
+syslog_device=
+install_weak_deps=0
+metadata_expire=0
+mdpolicy=group:primary
+best=1
+
+# repos
+
+[fedora]
+name=fedora
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
+failovermethod=priority
+gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-27-primary
+gpgcheck=1
+
+[updates]
+name=updates
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
+failovermethod=priority
+gpgkey=file:///usr/share/distribution-gpg-keys/fedora/RPM-GPG-KEY-fedora-27-primary
+gpgcheck=1
+
+[updates-testing]
+name=updates-testing
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[local]
+name=local
+baseurl=https://kojipkgs.fedoraproject.org/repos/f27-build/latest/x86_64/
+cost=2000
+enabled=0
+
+[fedora-debuginfo]
+name=fedora-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-debuginfo]
+name=updates-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+
+[updates-testing-debuginfo]
+name=updates-testing-debuginfo
+metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch
+failovermethod=priority
+enabled=0
+"""

roles/copr/backend/files/provision/provision_builder_tasks.yml

@@ -47,6 +47,9 @@
   with_items:
     - site-defaults.cfg
     - fedora-26-ppc64le.cfg
+    - fedora-27-ppc64le.cfg
+    - fedora-27-i386.cfg
+    - fedora-27-x86_64.cfg
 
 - name: put copr-rpmbuild configuration file in the right place
   copy: src=files/main.ini dest=/etc/copr-rpmbuild/main.ini

roles/koschei/frontend/templates/config-frontend.cfg.j2

@@ -72,15 +72,9 @@ config = {
         "auth": {
             "user_re": "http://(.+)\\.id{{ env_prefix }}\\.fedoraproject\\.org/",
         },
-        {% if env == 'staging' %}
-        # Staging copies for fedmenu
-        "fedmenu_url": "https://apps.stg.fedoraproject.org/fedmenu",
-        "fedmenu_data_url": "https://apps.stg.fedoraproject.org/js/data.js",
-        {% else %}
-        # Production copies for fedmenu
-        "fedmenu_url": "https://apps.fedoraproject.org/fedmenu",
-        "fedmenu_data_url": "https://apps.fedoraproject.org/js/data.js",
-        {% endif %}
+        "fedora_assets_url": "/global",
+        "fedmenu_url": "/fedmenu",
+        "fedmenu_data_url": "/js/data.js",
     },
     "openid": {
         "openid_provider": "{{ koschei_openid_provider }}",

roles/openshift-apps/greenwave/templates/buildconfig.yml

@@ -19,7 +19,7 @@ spec:
           PyYAML \
           python2-flask
       RUN yum -y install --setopt=tsflags=nodocs \
-          https://kojipkgs.fedoraproject.org//packages/greenwave/0.1.1/4.3084808.fc26/noarch/greenwave-0.1.1-4.3084808.fc26.noarch.rpm
+          https://kojipkgs.fedoraproject.org//packages/greenwave/0.1.1/6.497594f.fc26/noarch/greenwave-0.1.1-6.497594f.fc26.noarch.rpm
       EXPOSE 8080
       ENTRYPOINT gunicorn --bind 0.0.0.0:8080 --access-logfile=- greenwave.wsgi:app
   strategy:

roles/ufmonitor/defaults/main.yml

@@ -0,0 +1,7 @@
+apiserver_container_image: "docker.io/fedoraqa/ufmonitor-apiserver:latest"
+updater_container_image: "docker.io/fedoraqa/ufmonitor-updater:latest"
+ufmonitor_db_name: "ufmonitor"
+ufmonitor_db_user: "ufmonitor"
+ufmonitor_db_password: "terribleinsecurepassword"
+ufmonitor_config_path: "/etc/sysconfig/ufmonitor"
+ufmonitor_home: "/var/www/ufmonitor"

roles/ufmonitor/files/media/css/c3.css

@@ -0,0 +1,167 @@
+/*-- Chart --*/
+.c3 svg {
+  font: 10px sans-serif;
+  -webkit-tap-highlight-color: transparent; }
+
+.c3 path, .c3 line {
+  fill: none;
+  stroke: #000; }
+
+.c3 text {
+  -webkit-user-select: none;
+  -moz-user-select: none;
+  user-select: none; }
+
+.c3-legend-item-tile,
+.c3-xgrid-focus,
+.c3-ygrid,
+.c3-event-rect,
+.c3-bars path {
+  shape-rendering: crispEdges; }
+
+.c3-chart-arc path {
+  stroke: #fff; }
+
+.c3-chart-arc text {
+  fill: #fff;
+  font-size: 13px; }
+
+/*-- Axis --*/
+/*-- Grid --*/
+.c3-grid line {
+  stroke: #aaa; }
+
+.c3-grid text {
+  fill: #aaa; }
+
+.c3-xgrid, .c3-ygrid {
+  stroke-dasharray: 3 3; }
+
+/*-- Text on Chart --*/
+.c3-text.c3-empty {
+  fill: #808080;
+  font-size: 2em; }
+
+/*-- Line --*/
+.c3-line {
+  stroke-width: 1px; }
+
+/*-- Point --*/
+.c3-circle._expanded_ {
+  stroke-width: 1px;
+  stroke: white; }
+
+.c3-selected-circle {
+  fill: white;
+  stroke-width: 2px; }
+
+/*-- Bar --*/
+.c3-bar {
+  stroke-width: 0; }
+
+.c3-bar._expanded_ {
+  fill-opacity: 0.75; }
+
+/*-- Focus --*/
+.c3-target.c3-focused {
+  opacity: 1; }
+
+.c3-target.c3-focused path.c3-line, .c3-target.c3-focused path.c3-step {
+  stroke-width: 2px; }
+
+.c3-target.c3-defocused {
+  opacity: 0.3 !important; }
+
+/*-- Region --*/
+.c3-region {
+  fill: steelblue;
+  fill-opacity: .1; }
+
+/*-- Brush --*/
+.c3-brush .extent {
+  fill-opacity: .1; }
+
+/*-- Select - Drag --*/
+/*-- Legend --*/
+.c3-legend-item {
+  font-size: 12px; }
+
+.c3-legend-item-hidden {
+  opacity: 0.15; }
+
+.c3-legend-background {
+  opacity: 0.75;
+  fill: white;
+  stroke: lightgray;
+  stroke-width: 1; }
+
+/*-- Title --*/
+.c3-title {
+  font: 14px sans-serif; }
+
+/*-- Tooltip --*/
+.c3-tooltip-container {
+  z-index: 10; }
+
+.c3-tooltip {
+  border-collapse: collapse;
+  border-spacing: 0;
+  background-color: #fff;
+  empty-cells: show;
+  -webkit-box-shadow: 7px 7px 12px -9px #777777;
+  -moz-box-shadow: 7px 7px 12px -9px #777777;
+  box-shadow: 7px 7px 12px -9px #777777;
+  opacity: 0.9; }
+
+.c3-tooltip tr {
+  border: 1px solid #CCC; }
+
+.c3-tooltip th {
+  background-color: #aaa;
+  font-size: 14px;
+  padding: 2px 5px;
+  text-align: left;
+  color: #FFF; }
+
+.c3-tooltip td {
+  font-size: 13px;
+  padding: 3px 6px;
+  background-color: #fff;
+  border-left: 1px dotted #999; }
+
+.c3-tooltip td > span {
+  display: inline-block;
+  width: 10px;
+  height: 10px;
+  margin-right: 6px; }
+
+.c3-tooltip td.value {
+  text-align: right; }
+
+/*-- Area --*/
+.c3-area {
+  stroke-width: 0;
+  opacity: 0.2; }
+
+/*-- Arc --*/
+.c3-chart-arcs-title {
+  dominant-baseline: middle;
+  font-size: 1.3em; }
+
+.c3-chart-arcs .c3-chart-arcs-background {
+  fill: #e0e0e0;
+  stroke: none; }
+
+.c3-chart-arcs .c3-chart-arcs-gauge-unit {
+  fill: #000;
+  font-size: 16px; }
+
+.c3-chart-arcs .c3-chart-arcs-gauge-max {
+  fill: #777; }
+
+.c3-chart-arcs .c3-chart-arcs-gauge-min {
+  fill: #777; }
+
+.c3-chart-arc .c3-gauge-value {
+  fill: #000;
+  /*  font-size: 28px !important;*/ }

roles/ufmonitor/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+# tasklist for setting up upstreamfirst-monitor (uf-monitor) on an el7 host
+
+
+- name: Install docker
+  package: name={{item}} state=present
+  with_items:
+  - docker
+  - python-docker-py
+
+- name: Run docker
+  service: name=docker state=started enabled=yes
+
+- name: Pull apiserver image
+  docker_image:
+    name: "{{ apiserver_container_image }}"
+    tls_verify: true
+
+- name: Pull updater image
+  docker_image:
+    name: "{{ apiserver_container_image }}"
+    tls_verify: true
+
+- name: ensure ufmonitor database is created
+  become: true
+  become_user: postgres
+  postgresql_db: db={{ ufmonitor_db_name }}
+
+- name: ensure ufmonitor db user has access to dev database
+  become: true
+  become_user: postgres
+  postgresql_user: db={{ ufmonitor_db_name }} user={{ ufmonitor_db_user }} password={{ ufmonitor_db_password }} role_attr_flags=NOSUPERUSER
+
+- name: generate environment file for apiserver
+  template: src=ufmonitor-envvars.j2 dest=/etc/sysconfig/ufmonitor
+
+- name: Deploy service file for apiserver
+  template: src=ufmonitor-apiserver.service.j2 dest=/etc/systemd/system/ufmonitor-apiserver.service
+  notify:
+  - reload systemd
+
+- name: Enable apiserver
+  service: name=ufmonitor-apiserver enabled=yes
+
+- name: install script to update ufmonitor database
+  template: src=update-ufmonitor.j2 dest=/usr/local/bin/update-ufmonitor mode=0755
+
+- name: Setup cron to update ufmonitor database
+  cron: name="update-ufmonitor-database" minute="15" user="root"
+        job="/usr/local/bin/update-ufmonitor"
+        cron_file=update-ufmonitor-database
+
+- name: ensure ufmonitor document root exists
+  file: path="{{ ufmonitor_home }}" state=directory owner=apache group=apache mode=0775
+
+- name: copy over index.html
+  template: src=index.html.j2 dest="{{ ufmonitor_home }}/index.html }}" owner=apache group=apache mode=0775
+
+- name: copy over static support files
+  copy: src=media dest="{{ ufmonitor_home }}/media }}" owner=apache group=apache mode=0775
+
+- name: generate httpd config
+  template: src=ufmonitor.conf.j2 dest=/etc/httpd/conf.d/ufmonitor.conf mode=0755
+

roles/ufmonitor/templates/index.html.j2

@@ -0,0 +1,189 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <title>Upstream First - Monitoring</title>
+
+    <!-- Load c3.css -->
+    <link href="media/css/c3.css" rel="stylesheet">
+
+    <!-- Load d3.js (v4.9.1) and c3.js (v0.4.12) -->
+    <script src="media/js/d3.min.js" charset="utf-8"></script>
+    <script src="media/js/c3.min.js"></script>
+
+    <script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
+    <!-- Latest compiled and minified CSS -->
+
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
+
+    <!-- Optional theme -->
+    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous">
+
+    <!-- Latest compiled and minified JavaScript -->
+    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
+    <!-- Latest compiled and minified CSS -->
+    <link rel="stylesheet" href="http://cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.11.1/bootstrap-table.min.css">
+
+    <!-- Latest compiled and minified JavaScript -->
+    <script src="http://cdnjs.cloudflare.com/ajax/libs/bootstrap-table/1.11.1/bootstrap-table.min.js"></script>
+
+
+
+  </head>
+
+  <body>
+
+    <h1>Background</h1>
+
+    <p>The purpose of this page is to be a quick reference on how far along the "<a href="https://fedoraproject.org/wiki/UpstreamFirstTesting/HowToMoveTests" target="new">Upstream First"</a> initiative is. There are currently 410 packages that Red Hat has internal tests for, which are all being moved upstream to their respective packages. Packages that have a repo on our <a href="https://upstreamfirst.fedorainfracloud.org/">forge</a> are counted as "moved," packages with open issues are counted as "working on." If there is no repo on the forge for a package, it's counted in the "untouched" category.</p>
+
+    <h4>Raw Numbers:</h4>
+    <p>
+      <ul>
+    <li id="total-tests">Total Tests: Loading...</li>
+    <li id="migrated-tests">Migrated: Loading...</li>
+    <li id="working-on">Working on: Loading...</li>
+      </ul>
+    </p>
+
+    <h3>Current Status</h3>
+
+    <div id="chart"></div>
+
+    <div id="tables">
+
+      <h3>Package List</h3>
+      <table id='table' data-search='true'
+         data-show-refresh="true"
+         data-sort-name='name'
+         data-sort-desc='desc'
+         data-show-toggle="true"                                                                                 data-show-columns="true"></table>
+
+    </div> <!-- End of tables div -->
+
+    <p> <sub>(Updated every hour)</sub></p>
+
+    <script type="text/javascript">
+
+      apiRequest = new XMLHttpRequest();
+
+      apiRequest.onreadystatechange = getString;
+      apiRequest.open("GET", "https://status.{{ external_hostname }}/api/all", false);
+      apiRequest.send();
+
+      function getString() {
+          if (apiRequest.readyState === XMLHttpRequest.DONE) {
+              if (apiRequest.status === 200) {
+                 return apiRequest.responseText;
+              }
+          }
+      }
+
+      results = apiRequest.responseText;
+      results = JSON.parse(results);
+
+      $('#table').bootstrapTable({
+      data: results,
+      columns:[{
+        field: 'id',
+        title: 'id'
+      }, {
+        field: 'name',
+        title: 'Name'
+      }, {
+        field: 'status',
+        title: 'Status'
+      }, {
+        field: 'contact',
+        title: 'Contact'
+      }, {
+        field: 'pagure_link',
+        title: 'Forge Link'
+      }]
+      });
+
+
+    </script>
+
+    <script type="text/javascript">
+$(document).ready(function () {
+      var moved = "Moved to Forge";
+      var untouched = "Untouched";
+      var working_on = "Working On";
+
+      <!-- Write out our AJAX calls to update the page counts. -->
+      apiRequest = new XMLHttpRequest();
+
+      apiRequest.onreadystatechange = getString;
+      apiRequest.open("GET", "https://status.{{ external_hostname }}/api/counts", false);
+      apiRequest.send();
+
+      function getString() {
+          if (apiRequest.readyState === XMLHttpRequest.DONE) {
+              if (apiRequest.status === 200) {
+                 return apiRequest.responseText;
+              }
+          }
+      }
+
+      results = apiRequest.responseText;
+      results = JSON.parse(results);
+
+      var moved_number = results.total_moved.valueOf();
+      var working_on_number = results.WORKING.valueOf();
+      var untouched_number = results.UNKNOWN.valueOf();
+
+      // Fill out the actual values in the table
+      document.getElementById("total-tests").innerText = "Total Tests: " + results.total;
+      document.getElementById("migrated-tests").innerText = "Migrated: " + moved_number;
+      document.getElementById("working-on").innerText = "Working-on: " + working_on_number;
+
+
+
+      var chart = c3.generate({
+        data: {
+          columns: [
+              [moved, moved_number],
+              [working_on, working_on_number ],
+              [untouched, untouched_number],
+          ],
+          type : 'donut',
+          onclick: function (d, i) { console.log("onclick", d, i); },
+          onmouseover: function (d, i) { console.log("onmouseover", d, i); },
+          onmouseout: function (d, i) { console.log("onmouseout", d, i); }
+        },
+        donut: {
+          title: "Migration Status"
+        },
+    color: {
+      pattern: ['#0000ff', '#00ff00', '#ff0000']
+    }
+      });
+
+      setTimeout(function () {
+        chart.load({
+          columns: [
+            [moved, moved_number],
+            [untouched, untouched_number],
+          ]
+        });
+      }, 1500);
+
+      setTimeout(function () {
+        chart.unload({
+          ids: 'data1'
+        });
+        chart.unload({
+          ids: 'data2'
+        });
+      }, 2500);
+});
+    </script>
+
+  </body>
+
+</html>

roles/ufmonitor/templates/ufmonitor-apiserver.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=ufmonitor apiserver
+After=docker.service
+Requires=docker.service
+
+[Service]
+TimeoutStartSec=0
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=-{{ ufmonitor_config_path }}
+ExecStart=/usr/bin/docker run --detach --log-driver none --name %n -p 8000:8000 --add-host=postgres:{{ public_ip }} {{ apiserver_container_image }}
+ExecStop=/usr/bin/docker rm --force %n
+TimeoutStopSec=180
+
+[Install]
+WantedBy=multi-user.target

roles/ufmonitor/templates/ufmonitor-envvars.j2

@@ -0,0 +1 @@
+POSTGRES_DB_PASSWORD='{{ ufmonitor_db_password }}'

roles/ufmonitor/templates/ufmonitor.conf.j2

@@ -0,0 +1,39 @@
+## Redirects http -> https
+<VirtualHost *:80>
+  RewriteEngine on
+  RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
+  ServerName {{ external_hostname }}
+  Redirect permanent / https://{{ external_hostname }}/
+</VirtualHost>
+
+## End of redirects http -> https
+
+<VirtualHost *:443>
+  ServerName status.{{ external_hostname }}
+
+  Alias "/robots.txt" "/var/www/html/robots.txt"
+
+  ServerAdmin admin@fedoraproject.org
+
+  SSLEngine on
+  SSLProtocol {{ ssl_protocols }}
+  SSLCipherSuite {{ ssl_ciphers }}
+  # Use secure TLSv1.1 and TLSv1.2 ciphers
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+  SSLCertificateFile    /etc/letsencrypt/live/{{ external_hostname }}/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/{{ external_hostname }}/privkey.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/{{ external_hostname }}/fullchain.pem
+  SSLHonorCipherOrder On
+  SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
+  SSLProtocol ALL -SSLv2
+
+  DocumentRoot "{{ ufmonitor_home }}"
+
+  # proxy the docker containers running the actual api process
+  <Location /api/ >
+    ProxyPass http://127.0.0.1:8000/
+    ProxyPassReverse http://127.0.0.1:8000/
+  </Location>
+
+</VirtualHost>

roles/ufmonitor/templates/update-ufmonitor.j2

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+#
+# This job handles updating the ufmonitor database with new data from a pagure instance
+#
+
+source {{ ufmonitor_config_path }}
+docker run --add-host=postgres:{{ public_ip }} {{ updater_container_image }} -l /var/log/ufmonitor/updater.log

roles/ufmonitor/vars/main.yml

@@ -0,0 +1,4 @@
+mirrormanager_uid: 441
+mirrormanager_gid: 441
+mirrors_gid: 263
+mirrors2_gid: 529