Merge branch 'master' of /git/ansible

2015-11-05 20:19:47 +00:00 · 2015-11-05 20:19:47 +00:00 · f97bcf9a00
commit f97bcf9a00
parent 7fc7fec7ec 334b033939
105 changed files with 404 additions and 193 deletions
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@ -33,9 +33,6 @@
 - name: restart fedmsg-relay
  command: /usr/local/bin/conditional-restart.sh fedmsg-relay fedmsg-relay
 - name: restart httpd
  command: /usr/local/bin/conditional-restart.sh httpd httpd
 - name: reload httpd
  action: service name=httpd state=reloaded
@ -87,14 +84,23 @@
 - name: restart openvpn (Fedora)
  when: ansible_distribution == "Fedora"
  action: service name=openvpn@openvpn state=restarted
  #notify:
  #- fix openvpn routing
 - name: restart openvpn (RHEL6)
  when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 6
  action: service name=openvpn state=restarted
  #notify:
  #- fix openvpn routing
 - name: restart openvpn (RHEL7)
  when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7
  action: service name=openvpn@openvpn state=restarted
  #notify:
  #- fix openvpn routing
 - name: fix openvpn routing
  action: shell /etc/openvpn/fix-routes.sh
 - name: restart postfix
  action: service name=postfix state=restarted
--- a/inventory/host_vars/db01.phx2.fedoraproject.org
+++ b/inventory/host_vars/db01.phx2.fedoraproject.org
@ -27,6 +27,7 @@ databases:
 - notifications
 - nuancier_lite
 - pkgdb2
 - statscache
 - summershum
 - tahrir
@ -47,6 +48,7 @@ dbs_to_backup:
 - notifications
 - nuancier_lite
 - pkgdb2
 - statscache
 - summershum
 - tahrir
--- a/playbooks/groups/logserver.yml
+++ b/playbooks/groups/logserver.yml
@ -21,12 +21,12 @@
  - collectd/server
  - sudo
  - epylog
  - openvpn/client
  tasks:
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"
  - include: "{{ tasks }}/openvpn_client_7.yml"
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/qa-stg.yml
+++ b/playbooks/groups/qa-stg.yml
@ -87,14 +87,14 @@
    - name: ensure ServerName is set in ssl.conf
      replace: dest=/etc/httpd/conf.d/ssl.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443'
      notify:
-        - restart httpd
+        - reload httpd
      tags:
        - qastaticsites
    - name: ensure ServerName is set in httpd.conf
      replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443'
      notify:
-        - restart httpd
+        - reload httpd
      tags:
        - qastaticsites
@ -108,7 +108,7 @@
      template:  src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644
      with_items: static_sites
      notify:
-        - restart httpd
+        - reload httpd
      tags:
        - qastaticsites
--- a/playbooks/groups/qadevel.yml
+++ b/playbooks/groups/qadevel.yml
@ -102,14 +102,14 @@
    - name: ensure ServerName is set in ssl.conf
      replace: dest=/etc/httpd/conf.d/ssl.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443'
      notify:
-        - restart httpd
+        - reload httpd
      tags:
        - qastaticsites
    - name: ensure ServerName is set in httpd.conf
      replace: dest=/etc/httpd/conf/httpd.conf regexp='^#ServerName .*$' replace='ServerName {{ external_hostname }}:443'
      notify:
-        - restart httpd
+        - reload httpd
      tags:
        - qastaticsites
@ -123,7 +123,7 @@
      template:  src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644
      with_items: static_sites
      notify:
-        - restart httpd
+        - reload httpd
      tags:
        - qastaticsites
--- a/playbooks/hosts/artboard.fedorainfracloud.org.yml
+++ b/playbooks/hosts/artboard.fedorainfracloud.org.yml
@ -109,7 +109,7 @@
    with_items:
    - artboard.conf
    - redirect.conf
-    notify: restart httpd
+    notify: reload httpd
    tags:
    - artboard
--- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
@ -516,10 +516,10 @@
  - lineinfile: dest=/etc/openstack-dashboard/local_settings regexp="^OPENSTACK_KEYSTONE_URL " line="OPENSTACK_KEYSTONE_URL = 'https://{{controller_publicname}}:5000/v2.0'"
    notify:
-      - restart httpd
+      - reload httpd
  - lineinfile: dest=/etc/openstack-dashboard/local_settings regexp="OPENSTACK_SSL_CACERT " line="OPENSTACK_SSL_CACERT = '/etc/pki/tls/certs/fedorainfracloud.org.digicert.pem'"
    notify:
-      - restart httpd
+      - reload httpd
  # configure cider with multi back-end
  # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/5/html/Cloud_Administrator_Guide/section_manage-volumes.html
@ -637,6 +637,8 @@
        copy_from: http://dl.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2
      - name: Fedora-Cloud-Base-22-20150521.x86_64
        copy_from: http://dl.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2
      - name: Fedora-Cloud-Base-23-20151030.x86_64
        copy_from: http://dl.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.qcow2
      - name: CentOS-7-x86_64-GenericCloud-1503
        copy_from: http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1503.qcow2
      - name: CentOS-6-x86_64-GenericCloud-20141129_01
@ -1171,5 +1173,5 @@
    always_run: true
    changed_when: false
    register: TENANT_ID
-  - shell: source /root/keystonerc_admin && nova quota-update --instances 45 --cores 100 --ram 288300 --security-groups 20 {{ TENANT_ID.stdout }}
+  - shell: source /root/keystonerc_admin && nova quota-update --instances 45 --cores 150 --ram 288300 --security-groups 20 {{ TENANT_ID.stdout }}
--- a/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
@ -49,13 +49,13 @@
    copy: src="{{ files }}/lists-dev/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf
          owner=root group=root mode=0644
    notify:
-    - restart httpd
+    - reload httpd
  - name: basic apache virtualhost config
    template: src="{{ files }}/lists-dev/apache.conf.j2" dest=/etc/httpd/conf.d/lists-dev.conf
              owner=root group=root mode=0644
    notify:
-    - restart httpd
+    - reload httpd
  # Database
  - name: install postgresql server packages
--- a/playbooks/include/proxies-fedora-web.yml
+++ b/playbooks/include/proxies-fedora-web.yml
@ -23,6 +23,8 @@
    website: boot.fedoraproject.org
  - role: fedora-web/mirrors
    website: mirrors.fedoraproject.org
  - role: fedora-web/communityblog
    website: communityblog.fedoraproject.org
  - role: fedora-web/community
    website: fedoracommunity.org
  - role: fedora-web/fudcon
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@ -273,7 +273,6 @@
    localpath: /statscache
    remotepath: /statscache
    proxyurl: http://localhost:10042
    when: env == "staging"
  - role: httpd/reverseproxy
    website: admin.fedoraproject.org
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -295,6 +295,12 @@
    - www.uk.fedoracommunity.org
    cert_name: "{{wildcard_cert_name}}"
  - role: httpd/website
    name: communityblog.fedoraproject.org
    server_aliases: [communityblog.fedoraproject.org]
    sslonly: true
    cert_name: "{{wildcard_cert_name}}"
  - role: httpd/website
    name: people.fedoraproject.org
    server_aliases: [people.fedoraproject.org]
--- a/playbooks/manual/upgrade/statscache.yml
+++ b/playbooks/manual/upgrade/statscache.yml
@ -0,0 +1,100 @@
 - name: push packages out
  hosts: statscache-backend;statscache-backend-stg;statscache-web;statscache-web-stg
  user: root
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  vars:
    testing: False
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
  tasks:
  - name: clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
    command: yum clean all {%if testing%} --enablerepo=infrastructure-testing {%endif%}
    always_run: yes
  - name: yum update statscache packages from main repo
    yum: name="statscache*" state=latest
    when: not testing
  - name: yum update statscache packages from testing repo
    yum: name="statscache*" state=latest enablerepo=infrastructure-testing
    when: testing
 - name: verify the frontend and stop it
  hosts: statscache-web;statscache-web-stg
  user: root
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
  pre_tasks:
  - name: tell nagios to shush w.r.t. the frontend
    nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }}
    delegate_to: noc01.phx2.fedoraproject.org
    ignore_errors: true
  roles:
  - statscache/frontend
  post_tasks:
  - service: name="httpd" state=stopped
 - name: verify the backend, stop it, and then upgrade the db
  hosts: statscache-backend;statscache-backend-stg
  user: root
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
  pre_tasks:
  - name: tell nagios to shush w.r.t. the backend
    nagios: action=downtime minutes=15 service=host host={{ inventory_hostname_short }}{{ env_suffix }}
    delegate_to: noc01.phx2.fedoraproject.org
    ignore_errors: true
  roles:
  - statscache/backend
  tasks:
  - name: Stop the statscache backend
    service: name="fedmsg-hub" state=stopped
  #- name: Upgrade the database
  #  command: /usr/bin/alembic -c /usr/share/statscache/alembic.ini upgrade head
  #  args:
  #    chdir: /usr/share/statscache/
  - name: And... start the backend again
    service: name="fedmsg-hub" state=started
  post_tasks:
  - name: tell nagios to unshush w.r.t. the backend
    nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }}
    delegate_to: noc01.phx2.fedoraproject.org
    ignore_errors: true
 - name: restart the frontend
  hosts: statscache-web;statscache-web-stg
  user: root
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  handlers:
  - include: "{{ handlers }}/restart_services.yml"
  tasks:
  - service: name="httpd" state=started
  post_tasks:
  - name: tell nagios to unshush w.r.t. the frontend
    nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }}
    delegate_to: noc01.phx2.fedoraproject.org
    ignore_errors: true
--- a/roles/anitya/fedmsg/tasks/main.yml
+++ b/roles/anitya/fedmsg/tasks/main.yml
@ -54,7 +54,7 @@
  - fedmsgdconfig
  - anitya/fedmsg
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-relay
 - name: Remove unwanted files
@ -66,7 +66,7 @@
  - fedmsgdconfig
  - anitya/fedmsg
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-relay
 - name: setup /etc/pki/fedmsg directory
--- a/roles/apps-fp-o/tasks/main.yml
+++ b/roles/apps-fp-o/tasks/main.yml
@ -8,7 +8,7 @@
    src=apps.fp.o.conf dest=/etc/httpd/conf.d/{{website}}/apps.fp.o.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - apps-fp-o
--- a/roles/ask/tasks/main.yml
+++ b/roles/ask/tasks/main.yml
@ -87,7 +87,7 @@
  - ask
  - files
  notify:
-  - restart httpd
+  - reload httpd
 #
 # we add this wsgi to handle ssl issues in stg
@ -100,7 +100,7 @@
  - ask
  - files
  notify:
-  - restart httpd
+  - reload httpd
 - name: Install askbot cron jobs
  copy: >
@ -156,7 +156,7 @@
  - files
  - celery
  notify:
-  - restart httpd
+  - reload httpd
 - name: HOTFIX askbot backends.py
  copy: >
@ -167,7 +167,7 @@
  - files
  - hotfix
  notify:
-  - restart httpd
+  - reload httpd
 #
 # fedora favicon
@ -194,7 +194,7 @@
  - files
  - hotfix
  notify:
-  - restart httpd
+  - reload httpd
 #
 # fix for feedback
@ -209,4 +209,4 @@
  - files
  - hotfix
  notify:
-  - restart httpd
+  - reload httpd
--- a/roles/batcave/files/ticketkey.cron
+++ b/roles/batcave/files/ticketkey.cron
@ -1,4 +1,4 @@
 #!/bin/bash
 # Roll over the proxy SSL ticketkey
-/usr/bin/ansible /srv/web/infra/ansible/playbooks/update_ticketkey.yml | mailx -s "TickeyKey rollover" puiterwijk@fedoraproject.org
+/usr/bin/ansible-playbook /srv/web/infra/ansible/playbooks/update_ticketkey.yml | mailx -s "TickeyKey rollover" puiterwijk@fedoraproject.org
--- a/roles/beaker/labcontroller/tasks/main.yml
+++ b/roles/beaker/labcontroller/tasks/main.yml
@ -25,7 +25,7 @@
    force: yes
  register: configure_result
  notify:
-    - restart httpd
+    - reload httpd
    - restart beaker lab controller
  tags:
    - beaker_lab_controller
--- a/roles/beaker/server/tasks/main.yml
+++ b/roles/beaker/server/tasks/main.yml
@ -25,7 +25,7 @@
    group: root
    mode: 0644
  notify:
-    - restart httpd
+    - reload httpd
  tags:
    - beaker-server
@ -41,7 +41,7 @@
  register: setup_beaker_conf
  notify:
    - restart beaker server
-    - restart httpd
+    - reload httpd
  tags:
    - beaker-server
--- a/roles/blockerbugs/tasks/main.yml
+++ b/roles/blockerbugs/tasks/main.yml
@ -24,7 +24,7 @@
 - name: setup blockerbugs apache conf
  copy: src=blockerbugs.conf dest=/etc/httpd/conf.d/blockerbugs.conf mode=644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - httpd
@ -33,7 +33,7 @@
 - name: setup blockerbugs app settings file
  template: src=blockerbugs-settings.py.j2 dest=/etc/blockerbugs/settings.py mode=644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - httpd
--- a/roles/bodhi/backend/tasks/main.yml
+++ b/roles/bodhi/backend/tasks/main.yml
@ -33,7 +33,7 @@
    group=root
    mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
@ -116,7 +116,7 @@
    mode=0600
  when: inventory_hostname.startswith('bodhi-backend02')
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
@ -131,7 +131,7 @@
    mode=0600
  when: inventory_hostname.startswith('bodhi-backend01')
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
--- a/roles/bodhi/base/tasks/main.yml
+++ b/roles/bodhi/base/tasks/main.yml
@ -25,7 +25,7 @@
    mode=0600
  when: inventory_hostname.startswith('bodhi0')
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - bodhi
@ -39,7 +39,7 @@
    mode=0644
  when: inventory_hostname.startswith('bodhi0')
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - bodhi
--- a/roles/bodhi2/base/tasks/main.yml
+++ b/roles/bodhi2/base/tasks/main.yml
@ -39,7 +39,7 @@
    mode=0600
  when: inventory_hostname.startswith('bodhi') and env == 'staging'
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - bodhi
@ -53,7 +53,7 @@
    mode=0600
  when: inventory_hostname.startswith('bodhi') and env == 'production'
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - bodhi
@ -86,7 +86,7 @@
    mode=0644
  when: inventory_hostname.startswith('bodhi0')
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - bodhi
--- a/roles/copr/dist_git/handlers/main.yml
+++ b/roles/copr/dist_git/handlers/main.yml
@ -1,2 +1,2 @@
- name: restart httpd
+- name: reload httpd
  service: name="httpd" state="restarted"
--- a/roles/copr/dist_git/tasks/main.yml
+++ b/roles/copr/dist_git/tasks/main.yml
@ -63,7 +63,7 @@
  tags:
  - config
  notify:
-  - restart httpd
+  - reload httpd
 - copy: src="dist-git.conf" dest="/etc/dist-git/dist-git.conf" mode=0644
--- a/roles/copr/frontend/tasks/main.yml
+++ b/roles/copr/frontend/tasks/main.yml
@ -20,7 +20,7 @@
 - name: install copr configs
  template: src="copr.conf" dest=/etc/copr/copr.conf mode=600
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
--- a/roles/copr/keygen/tasks/main.yml
+++ b/roles/copr/keygen/tasks/main.yml
@ -15,7 +15,7 @@
 - name: put keygen vhost for httpd
  copy: src="httpd/copr-keygen.conf" dest="/etc/httpd/conf.d/copr-keygen.conf"
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
--- a/roles/darkserver/tasks/main.yml
+++ b/roles/darkserver/tasks/main.yml
@ -13,8 +13,8 @@
 - name: darkserverweb.conf
  template: src=darkserverweb.conf.j2 dest=/etc/darkserver/darkserverweb.conf owner=apache group=apache mode=0640
-  notify: restart httpd
+  notify: reload httpd
 - name: darkjobworker.conf
  template: src=darkjobworker.conf.j2 dest=/etc/darkserver/darkjobworker.conf owner=apache group=apache mode=640
-  notify: restart httpd
+  notify: reload httpd
--- a/roles/datagrepper/tasks/main.yml
+++ b/roles/datagrepper/tasks/main.yml
@ -44,7 +44,7 @@
 - name: setting up httpd config 
  template: src=datagrepper-app.conf dest=/etc/httpd/conf.d/datagrepper.conf owner=root group=root
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - datagrepper
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@ -17,17 +17,17 @@
 - name: install the httpd config file
  copy: src=pkgs.fedoraproject.org.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org.conf
  notify:
-  - restart httpd
+  - reload httpd
 - name: install the httpd config directory
  file: dest=/etc/httpd/conf.d/pkgs.fedoraproject.org state=directory
  notify:
-  - restart httpd
+  - reload httpd
 - name: install the mod_ssl configuration
  copy: src=ssl.conf dest=/etc/httpd/conf.d/ssl.conf
  notify:
-  - restart httpd
+  - reload httpd
 - name: allow httpd to access the files on NFS
  seboolean: name=httpd_use_nfs state=yes persistent=yes
@ -71,7 +71,7 @@
 - name: install the Dist Git-related httpd config
  copy: src=git-smart-http.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/git-smart-http.conf
  notify:
-  - restart httpd
+  - reload httpd
 - name: install the pkgdb_sync_git_branches.py scripts
  template: src={{item}} dest=/usr/local/bin/{{item}} owner=root group=root mode=0755
@ -211,19 +211,19 @@
  copy: src=cgitrc dest=/etc/cgitrc
  tags: distgit
  notify:
-  - restart httpd
+  - reload httpd
 - name: install our custom header for cgit
  template: src=cgit-header.html dest=/usr/share/cgit/cgit-header-fedora.html
  tags: distgit
  notify:
-  - restart httpd
+  - reload httpd
 - name: install the CGit-related httpd config
  copy: src=redirect.conf dest=/etc/httpd/conf.d/pkgs.fedoraproject.org/redirect.conf
  tags: distgit
  notify:
-  - restart httpd
+  - reload httpd
 # -- Lookaside Cache -------------------------------------
@ -234,7 +234,7 @@
  - lookaside.conf
  - lookaside-upload.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - distgit
@ -332,7 +332,7 @@
 - name: install the upload CGI script
  copy: src=dist-git-upload.cgi dest=/srv/web/upload.cgi owner=root group=root mode=0755
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - distgit
--- a/roles/dopr/tasks/main.yml
+++ b/roles/dopr/tasks/main.yml
@ -7,6 +7,7 @@
  - "bash-completion"
  - "dnf-plugins-core"
  - "yum-utils"
  - "libxslt-devel"
  tags:
  - packages
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@ -70,14 +70,14 @@
 - name: Configure httpd dl main conf
  copy: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf
  notify:
-  - restart httpd
+  - reload httpd
 - name: Make sure apache autoindex.conf is replaced with ours
  copy: src=httpd/dl.fedoraproject.org/autoindex.conf dest=/etc/httpd/conf.d/autoindex.conf
  notify:
-  - restart httpd
+  - reload httpd
 - name: Configure httpd dl sub conf
  copy: src=httpd/dl.fedoraproject.org/ dest=/etc/httpd/conf.d/dl.fedoraproject.org/
  notify:
-  - restart httpd
+  - reload httpd
--- a/roles/easyfix/proxy/tasks/main.yml
+++ b/roles/easyfix/proxy/tasks/main.yml
@ -10,7 +10,7 @@
    dest=/etc/httpd/conf.d/{{website}}/gather-easyfix.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - easyfix
  - easyfix/proxy
--- a/roles/epylog/tasks/main.yml
+++ b/roles/epylog/tasks/main.yml
@ -45,7 +45,7 @@
 - name: epylog httpd config
  copy: src=epylog-web.conf dest=/etc/httpd/conf.d/epylog-web.conf
  notify: 
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - apache
--- a/roles/fas_server/tasks/main.yml
+++ b/roles/fas_server/tasks/main.yml
@ -43,7 +43,7 @@
    group=root 
    mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - fas
@ -62,7 +62,7 @@
    group=root
    mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - fas
@ -132,7 +132,7 @@
    group=apache 
    mode=0640
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - fas
@ -159,7 +159,7 @@
    mode=0640
  when: master_fas_node == True
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - fas
--- a/roles/fedmsg/base/tasks/main.yml
+++ b/roles/fedmsg/base/tasks/main.yml
@ -95,7 +95,7 @@
  - fedmsgdconfig
  - fedmsg/base
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-gateway
  - restart fedmsg-hub
  - restart fedmsg-irc
@ -116,7 +116,7 @@
  - fedmsgdconfig
  - fedmsg/base
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-gateway
  - restart fedmsg-hub
  - restart fedmsg-irc
@ -141,7 +141,7 @@
  - fedmsgdconfig
  - fedmsg/base
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-gateway
  - restart fedmsg-hub
  - restart fedmsg-irc
@ -154,7 +154,7 @@
  - fedmsg_loopback
  - fedmsg/base
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-gateway
  - restart fedmsg-hub
  - restart fedmsg-irc
@ -170,7 +170,7 @@
  - fedmsg_loopback
  - fedmsg/base
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-gateway
  - restart fedmsg-hub
  - restart fedmsg-irc
@ -183,7 +183,7 @@
  - fedmsg_loopback
  - fedmsg/base
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-gateway
  - restart fedmsg-hub
  - restart fedmsg-irc
--- a/roles/fedmsg/crl/tasks/main.yml
+++ b/roles/fedmsg/crl/tasks/main.yml
@ -37,7 +37,7 @@
    dest=/etc/httpd/conf.d/{{website}}/fedmsg.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedmsg
  - fedmsg/crl
--- a/roles/fedmsg/hub/tasks/main.yml
+++ b/roles/fedmsg/hub/tasks/main.yml
@ -21,6 +21,16 @@
  when: not enable_websocket_server
  notify: restart fedmsg-hub
 - name: set fedmsg ownership on /var/run/fedmsg
  file: >
    dest=/var/run/fedmsg/
    mode=0775
    owner=fedmsg
    group=fedmsg
    state=directory
  tags:
  - fedmsgmonitor
 - name: ensure that nrpe has rights to monitor us
  file: >
    dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket
--- a/roles/fedora-web/arm/tasks/main.yml
+++ b/roles/fedora-web/arm/tasks/main.yml
@ -12,7 +12,7 @@
  - arm.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/arm
--- a/roles/fedora-web/boot/tasks/main.yml
+++ b/roles/fedora-web/boot/tasks/main.yml
@ -12,7 +12,7 @@
  - boot.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/boot
--- a/roles/fedora-web/build/files/syncStatic.stg.sh
+++ b/roles/fedora-web/build/files/syncStatic.stg.sh
@ -45,7 +45,7 @@ cd /srv/web/fedora-web
 /usr/bin/git clean -q -fdx || exit 1
 /usr/bin/git reset -q --hard || exit 1
-/usr/bin/git checkout -q f23 || exit 1
+/usr/bin/git checkout -q two-week-atomic || exit 1
 /usr/bin/git pull -q --ff-only || exit 1
 build spins.fedoraproject.org
--- a/roles/fedora-web/community/tasks/main.yml
+++ b/roles/fedora-web/community/tasks/main.yml
@ -12,7 +12,7 @@
  - fedoracommunity.org-web.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/community
--- a/roles/fedora-web/communityblog/tasks/main.yml
+++ b/roles/fedora-web/communityblog/tasks/main.yml
@ -0,0 +1,11 @@
 - name: Copy some config files for {{website}}
  template: >
    src={{item}} dest=/etc/httpd/conf.d/{{website}}/{{item}}
    owner=root group=root mode=0644
  with_items:
  - communityblog-web.conf
  notify:
  - reload httpd
  tags:
  - fedora-web
  - fedora-web/communityblog
--- a/roles/fedora-web/communityblog/templates/communityblog-web.conf
+++ b/roles/fedora-web/communityblog/templates/communityblog-web.conf
@ -0,0 +1,2 @@
 ProxyPass / http://209.132.184.207/
 ProxyPassReverse / http://209.132.184.207/
--- a/roles/fedora-web/fudcon/tasks/main.yml
+++ b/roles/fedora-web/fudcon/tasks/main.yml
@ -12,7 +12,7 @@
  - fudcon.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/fudcon
--- a/roles/fedora-web/getfedora/tasks/main.yml
+++ b/roles/fedora-web/getfedora/tasks/main.yml
@ -12,7 +12,7 @@
  - getfedora.org.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/getfedora
--- a/roles/fedora-web/labs/tasks/main.yml
+++ b/roles/fedora-web/labs/tasks/main.yml
@ -12,7 +12,7 @@
  - labs.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/labs
--- a/roles/fedora-web/magazine/tasks/main.yml
+++ b/roles/fedora-web/magazine/tasks/main.yml
@ -5,7 +5,7 @@
  with_items:
  - fedoramagazine-web.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/magazine
--- a/roles/fedora-web/main/tasks/main.yml
+++ b/roles/fedora-web/main/tasks/main.yml
@ -16,7 +16,7 @@
  - expires.conf
  - deflate.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/main
@ -28,7 +28,7 @@
  with_items:
  - sponsor.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/main
@ -38,7 +38,7 @@
    src=browserid.fedoraproject.org dest=/srv/web/browserid.fedoraproject.org
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/main
--- a/roles/fedora-web/mirrors/tasks/main.yml
+++ b/roles/fedora-web/mirrors/tasks/main.yml
@ -11,7 +11,7 @@
  with_items:
  - mirrors.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/mirrors
--- a/roles/fedora-web/spins/tasks/main.yml
+++ b/roles/fedora-web/spins/tasks/main.yml
@ -12,7 +12,7 @@
  - spins.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/spins
--- a/roles/fedora-web/start/tasks/main.yml
+++ b/roles/fedora-web/start/tasks/main.yml
@ -12,7 +12,7 @@
  - start-web.conf
  - languages.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/start
--- a/roles/fedora-web/whatcanidoforfedora/tasks/main.yml
+++ b/roles/fedora-web/whatcanidoforfedora/tasks/main.yml
@ -5,7 +5,7 @@
  with_items:
  - whatcanidoforfedora-web.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fedora-web
  - fedora-web/whatcanidoforfedora
--- a/roles/freemedia/tasks/main.yml
+++ b/roles/freemedia/tasks/main.yml
@ -6,7 +6,7 @@
  with_items:
  - php
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - packages
@ -23,7 +23,7 @@
    group=root
    mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
--- a/roles/geoip-city-wsgi/app/tasks/main.yml
+++ b/roles/geoip-city-wsgi/app/tasks/main.yml
@ -19,7 +19,7 @@
        group=root
        mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - geoip_config
  - config
@ -47,7 +47,7 @@
        group=root
        mode=0775
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - geoip_config
  - config
--- a/roles/geoip-city-wsgi/proxy/tasks/main.yml
+++ b/roles/geoip-city-wsgi/proxy/tasks/main.yml
@ -4,7 +4,7 @@
    dest=/etc/httpd/conf.d/{{website}}/geoip-city-wsgi-proxy.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - geoip-city-wsgi
  - geoip-city-wsgi/proxy
--- a/roles/haproxy/rewrite/tasks/main.yml
+++ b/roles/haproxy/rewrite/tasks/main.yml
@ -1,6 +1,6 @@
 - template: src=rewrite.conf dest=/etc/httpd/conf.d/{{website}}/haproxy.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - haproxy
  - haproxy/rewrite
--- a/roles/haproxy/templates/haproxy.cfg
+++ b/roles/haproxy/templates/haproxy.cfg
@ -206,6 +206,12 @@ listen  autocloud 0.0.0.0:10041
    server  autocloud-web02 autocloud-web02:80 check inter 10s rise 1 fall 2
    option  httpchk GET /autocloud/
 listen  statscache 0.0.0.0:10042
    balance hdr(appserver)
    server  statscache-web01 statscache-web01:80 check inter 10s rise 1 fall 2
    server  statscache-web02 statscache-web02:80 check inter 10s rise 1 fall 2
    option  httpchk GET /statscache/
 # Apache doesn't handle the initial connection here like the other proxy
 # entries.  This proxy also doesn't use the http mode like the others.
 # stunnel should be sitting on port 9939 (public) and redirecting
--- a/roles/hosts/files/statscache-backend01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/statscache-backend01.stg.phx2.fedoraproject.org-hosts
@ -0,0 +1,13 @@
 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 10.5.126.88     proxy01.phx2.fedoraproject.org proxy1 proxy2 proxy3 proxy4 proxy01 proxy02 proxy03 proxy04 proxy05 proxy06 proxy07 proxy08 proxy09 proxy10 proxy11 fedoraproject.org admin.fedoraproject.org admin.stg.fedoraproject.org apps.stg.fedoraproject.org
 10.5.126.51     apps.fedoraproject.org
 10.5.126.23     infrastructure.fedoraproject.org
 10.5.126.83     pkgs.fedoraproject.org
 10.5.126.210    memcached01.stg.phx2.fedoraproject.org memcached01 memcached02 memcached03 memcached04
 10.5.126.85     db02.stg.fedoraproject.org
 10.5.126.113    db05
 10.5.126.204    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir nuancier_db db-notifs db-blockerbugs db-kerneltest
 10.5.126.86     fas01.stg.phx2.fedoraproject.org fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
 10.5.126.87     koji01.stg.phx2.fedoraproject.org koji.stg.fedoraproject.org koji01 kojipkgs kojipkgs.stg.phx2.fedoraproject.org kojipkgs.stg.fedoraproject.org
--- a/roles/hosts/files/sundries01.stg.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/sundries01.stg.phx2.fedoraproject.org-hosts
@ -9,7 +9,10 @@
 10.5.126.113    db05
 10.5.126.204    db01.stg.phx2.fedoraproject.org db-ask db-elections db-koji01 db-datanommer db-datanommer01 db-datanommer02 db-datanommer02.phx2.fedoraproject.org db-github2fedmsg db-fedocal tagger_db db-pkgdb2 db-summershum db-tahrir nuancier_db db-notifs db-blockerbugs db-kerneltest
 10.5.126.86     fas01.stg.phx2.fedoraproject.org fas01.phx2.fedoraproject.org fas1 fas2 fas01 fas02 fas03 fas-all
-10.5.126.87     koji01.stg.phx2.fedoraproject.org koji.stg.fedoraproject.org koji01 kojipkgs kojipkgs.stg.phx2.fedoraproject.org kojipkgs.stg.fedoraproject.org
+10.5.126.87     koji01.stg.phx2.fedoraproject.org koji.stg.fedoraproject.org koji01 kojipkgs.stg.phx2.fedoraproject.org kojipkgs.stg.fedoraproject.org
 # For translations
 209.132.182.79	fedora.zanata.org
 # To get the size of isos automatically for two-week-atomic
 10.5.125.36  kojipkgs kojipkgs.fedoraproject.org
--- a/roles/httpd/certificate/tasks/main.yml
+++ b/roles/httpd/certificate/tasks/main.yml
@ -13,7 +13,7 @@
    mode=0644
  when: SSLCertificateChainFile is defined
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/certificate
@ -29,7 +29,7 @@
  - "{{private}}/files/httpd/{{cert}}.cert"
  - "{{private}}/files/httpd/{{name}}.cert"
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/certificate
@ -45,7 +45,7 @@
  - "{{private}}/files/httpd/{{key}}.key"
  - "{{private}}/files/httpd/{{name}}.key"
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/certificate
--- a/roles/httpd/domainrewrite/tasks/main.yml
+++ b/roles/httpd/domainrewrite/tasks/main.yml
@ -16,7 +16,7 @@
  - "{{roles}}/httpd/domainrewrite/templates/domainrewrite.{{destname}}.conf"
  - "{{roles}}/httpd/domainrewrite/templates/domainrewrite.conf"
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/domainrewrite
--- a/roles/httpd/fingerprints/tasks/main.yml
+++ b/roles/httpd/fingerprints/tasks/main.yml
@ -1,6 +1,6 @@
 - copy: src=fingerprints.html dest=/srv/web/fingerprints.html
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fingerprints
  - httpd
@ -8,7 +8,7 @@
 - copy: src=fingerprints.conf dest=/etc/httpd/conf.d/{{website}}/fingerprints.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - fingerprints
  - httpd
--- a/roles/httpd/mime-type/tasks/main.yml
+++ b/roles/httpd/mime-type/tasks/main.yml
@ -2,7 +2,7 @@
    src=mime-types.conf dest=/etc/httpd/conf.d/{{website}}/mime-types.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/mime-type
--- a/roles/httpd/mod_ssl/tasks/main.yml
+++ b/roles/httpd/mod_ssl/tasks/main.yml
@ -1,7 +1,7 @@
 - name: Install mod_ssl
  yum: name=mod_ssl state=installed
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/mod_ssl
@ -14,7 +14,7 @@
    group=root
    mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/certificate
--- a/roles/httpd/proxy/tasks/main.yml
+++ b/roles/httpd/proxy/tasks/main.yml
@ -3,7 +3,7 @@
    src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/proxy
@ -27,7 +27,7 @@
  - 02-ticketkey.conf
  - 03-reqtimeout.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/proxy
@ -35,7 +35,7 @@
 - name: set the apache mpm to use event MPM
  copy: src=00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/proxy
--- a/roles/httpd/redirect/tasks/main.yml
+++ b/roles/httpd/redirect/tasks/main.yml
@ -14,7 +14,7 @@
    owner=root
    group=root
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/redirect
--- a/roles/httpd/redirectmatch/tasks/main.yml
+++ b/roles/httpd/redirectmatch/tasks/main.yml
@ -14,7 +14,7 @@
    owner=root
    group=root
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/redirect
--- a/roles/httpd/website/tasks/main.yml
+++ b/roles/httpd/website/tasks/main.yml
@ -16,7 +16,7 @@
    group=root
    mode=0755
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/website
@ -31,7 +31,7 @@
    group=root
    mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/website
@ -47,7 +47,7 @@
  - logs
  - robots
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/website
@ -64,7 +64,7 @@
  - robots/robots.txt.{{name}}
  - robots/robots.txt
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - httpd
  - httpd/website
--- a/roles/ipsilon/files/templates/login/index.html
+++ b/roles/ipsilon/files/templates/login/index.html
@ -1,7 +1,7 @@
 {% extends "layout.html" %}
 {% block title %}Login{% endblock %}
 {% block toptext %}
-{{ login_target }} is asking to authenticate using FedOAuth
+{{ login_target }} is asking to authenticate using Ipsilon
 {% endblock %}
 {% block main %}
    <div>
--- a/roles/ipsilon/files/templates/openid/consent_form.html
+++ b/roles/ipsilon/files/templates/openid/consent_form.html
@ -1,6 +1,6 @@
 {% extends "layout.html" %}
 {% block toptext %}
-{{trustroot}} is asking to authenticate via OpenID using FedOAuth
+{{trustroot}} is asking to authenticate via OpenID using Ipsilon
 {% endblock %}
 {% block main %}
    Review the authorization details
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@ -33,7 +33,7 @@
 - name: fedmenu shim
  template: src=fedmenu-extra-footer.html dest=/usr/share/koji-web/static/extra-footer.html
  tags: koji_hub
-  notify: restart httpd
+  notify: reload httpd
  # XXX - we only want to do this in staging for now because it requires a patch
  # to koji itself to include the extra-footer.html file in a sufficiently
  # advanced way.
@ -45,14 +45,14 @@
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
 - name: kojiweb config
  template: src=web.conf.j2 dest=/etc/kojiweb/web.conf owner=apache group=apache mode=600
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
 - name: enable httpd_can_network_connect SELinux boolean for fedmsg
  seboolean: name=httpd_can_network_connect state=yes persistent=yes
@ -71,7 +71,7 @@
 - name: koji fedmsg plugin
  template: src=fedmsg-koji-plugin.py dest=/usr/lib/koji-hub-plugins/fedmsg-koji-plugin.py
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -82,7 +82,7 @@
 - name: install kojiweb_cert_key.pem
  copy: src={{ private }}/files/koji/kojiweb_cert_key.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -91,7 +91,7 @@
 - name: install production koji_cert.pem
  copy: src={{ private }}/files/koji/koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -100,7 +100,7 @@
 - name: install production koji_key.pem
  copy: src={{ private }}/files/koji/koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -112,7 +112,7 @@
 - name: install s390 kojiweb_cert_key.pem
  copy: src={{ private }}/files/koji/s390.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -121,7 +121,7 @@
 - name: install s390 production koji_cert.pem
  copy: src={{ private }}/files/koji/s390_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -130,7 +130,7 @@
 - name: install s390 production koji_key.pem
  copy: src={{ private }}/files/koji/s390_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -142,7 +142,7 @@
 - name: Install staging koji ssl cert
  copy: src={{ private }}/files/koji/koji.stg_cert.pem dest=/etc/pki/tls/certs/koji.stg_cert.pem
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -151,7 +151,7 @@
 - name: install staging koji ssl key
  copy: src={{ private }}/files/koji/koji.stg_key.pem dest=/etc/pki/tls/private/koji.stg_key.pem
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - koji_hub
@ -199,21 +199,21 @@
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
 - name: koji web hub specific config files
  template: src=kojiweb.conf.j2 dest=/etc/httpd/conf.d/kojiweb.conf owner=root group=root
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
 - name: koji web staging config files
  copy: src=kojiweb.conf.stg dest=/etc/httpd/conf.d/kojiweb-stg.conf owner=root group=root
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
  when: env == "staging"
 - name: koji staging ssl config
@ -221,7 +221,7 @@
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
  when: env == "staging"
 - name: koji ssl config
@ -229,7 +229,7 @@
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
  when: env != "staging"
 - name: koji robots.txt config
@ -237,7 +237,7 @@
  tags:
  - config
  - koji_hub
-  notify: restart httpd
+  notify: reload httpd
 - name: kojira log dir
  file: dest=/var/log/kojira owner=root group=root mode=0750 state=directory
@ -306,7 +306,7 @@
  service: name=httpd enabled=yes
  ignore_errors: true
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - service
  - koji_hub
--- a/roles/kojipkgs/tasks/main.yml
+++ b/roles/kojipkgs/tasks/main.yml
@ -58,21 +58,21 @@
  - kojipkgs.conf
  - infrastructure.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - kojipkgs
 - name: make sure httpd ssl.conf is not around (conflicts with squid)
  file: dest=/etc/httpd/conf.d/ssl.conf state=absent
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - kojipkgs
 - name: make sure httpd listens on port 8080
  lineinfile: dest=/etc/httpd/conf/httpd.conf state=present regexp="^Listen 80" line="Listen 8080"
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - kojipkgs
@ -84,7 +84,7 @@
  tags:
  - kojipkgs
  notify:
-  - restart httpd
+  - reload httpd
 - name: Copy squid ssl key from puppet private
  copy: >
@ -94,7 +94,7 @@
  tags:
  - kojipkgs
  notify:
-  - restart httpd
+  - reload httpd
 - name: set squid to start on boot
  service: name=squid enabled=true state=running
--- a/roles/koschei/tasks/main.yml
+++ b/roles/koschei/tasks/main.yml
@ -32,7 +32,7 @@
  - restart koschei-resolver
  - restart koschei-scheduler
  - restart koschei-watcher
-  - restart httpd
+  - reload httpd
  tags:
  - koschei
  - config
@ -74,7 +74,7 @@
  - restart koschei-resolver
  - restart koschei-scheduler
  - restart koschei-watcher
-  - restart httpd
+  - reload httpd
  tags:
  - koschei
  - config
@ -84,7 +84,7 @@
    src="httpd.conf.j2"
    dest="/etc/httpd/conf.d/koschei.conf"
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - koschei
  - config
@ -106,7 +106,7 @@
  - httpd_can_network_connect
  - httpd_can_network_connect_db
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - koschei
  - selinux
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@ -174,7 +174,7 @@
 #  - config
 #  - mailman
 #  notify:
-#    - restart httpd
+#    - reload httpd
 - name: set the mailman conffile
  template: src={{ item }} dest=/etc/mailman.cfg
--- a/roles/mediawiki/tasks/main.yml
+++ b/roles/mediawiki/tasks/main.yml
@ -88,13 +88,13 @@
 - name: install localsettings
  template: src=LocalSettings.php.{{wikiname}}.j2 dest=/srv/web/{{wikiname}}-wiki/LocalSettings.php owner=apache group=apache mode=600 setype=httpd_sys_content_t
-  notify: restart httpd
+  notify: reload httpd
  tags:
  - mediawiki
 - name: httpd conf
  template: src=mediawiki-app.conf.j2 dest=/etc/httpd/conf.d/{{wikiname}}.conf
-  notify: restart httpd
+  notify: reload httpd
  tags:
  - mediawiki
--- a/roles/membership-map/proxy/tasks/main.yml
+++ b/roles/membership-map/proxy/tasks/main.yml
@ -10,7 +10,7 @@
    dest=/etc/httpd/conf.d/{{website}}/membership-map.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - membership-map
  - membership-map/proxy
--- a/roles/mirrormanager/frontend2/tasks/main.yml
+++ b/roles/mirrormanager/frontend2/tasks/main.yml
@ -29,7 +29,7 @@
  - { file: alembic.ini, dest: /etc/mirrormanager/alembic.ini }
  - { file: mirrormanager2.wsgi, dest: /var/www/mirrormanager2.wsgi }
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - mm2_frontend
  - config
--- a/roles/nagios_server/files/plugins/restart_httpd
+++ b/roles/nagios_server/files/plugins/restart_httpd
@ -62,7 +62,7 @@ CRITICAL)
    # point (unless you disabled notifications for this service)
    HARD)
        echo -n "Restarting HTTP service..."
-        echo "#fedora-noc $hostalias - Attempting to restart httpd. $servicedesc is $servicestate" | /usr/bin/nc -w 1 value01 5050
+        echo "#fedora-noc $hostalias - Attempting to reload httpd. $servicedesc is $servicestate" | /usr/bin/nc -w 1 value01 5050
        # Call the init script to restart the HTTPD server
        /usr/lib64/nagios/plugins/check_nrpe -H $remotehost -c service_httpd_restart
        ;;
--- a/roles/nagios_server/templates/nagios/checkcommands.cfg
+++ b/roles/nagios_server/templates/nagios/checkcommands.cfg
@ -33,7 +33,7 @@
 #
 ################################################################################
-# 'restart httpd'
+# 'reload httpd'
 define command {
        command_name    restart_httpd
        command_line    $USER1$/restart_httpd $SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$ $HOSTADDRESS$ "$HOSTALIAS$" "$SERVICEDESC$" "$SERVICESTATE$"
--- a/roles/openvpn/client/files/fix-routes.sh
+++ b/roles/openvpn/client/files/fix-routes.sh
--- a/roles/openvpn/base/tasks/main.yml
+++ b/roles/openvpn/base/tasks/main.yml
@ -20,3 +20,9 @@
  - restart openvpn (RHEL7)
  - restart openvpn (RHEL6)
 - name: install fix-routes.sh script
  copy: src=fix-routes.sh
        dest=/etc/openvpn/fix-routes.sh
        owner=root group=root mode=0755
  tags:
  - openvpn
--- a/roles/openvpn/client/tasks/main.yml
+++ b/roles/openvpn/client/tasks/main.yml
@ -17,9 +17,6 @@
  - { file: client.conf,
      dest: /etc/openvpn/openvpn.conf,
      mode: '0644' }
  - { file: fix-routes.sh,
      dest: /etc/openvpn/fix-routes.sh,
      mode: '0755' }
  - { file: "{{ private }}/files/vpn/openvpn/keys/{{ inventory_hostname }}.crt",
      dest: "/etc/openvpn/client.crt",
      mode: '0600' }
--- a/roles/packages/bugz.fp.o/tasks/main.yml
+++ b/roles/packages/bugz.fp.o/tasks/main.yml
@ -2,7 +2,7 @@
    src=bugz.conf dest=/etc/httpd/conf.d/{{website}}/bugz.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - packages
  - packages/proxy
--- a/roles/packages/web/tasks/main.yml
+++ b/roles/packages/web/tasks/main.yml
@ -38,7 +38,7 @@
    dest=/etc/fedoracommunity/production.ini
    owner=apache group=apache mode=0600
  notify:
-  - restart httpd
+  - reload httpd
  - restart fcomm-cache-worker
  tags:
  - packages
@ -50,7 +50,7 @@
    dest=/etc/httpd/conf.d/fedora-packages.conf
    owner=root group=root mode=644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - packages
  - packages/web
@ -61,7 +61,7 @@
    dest=/etc/fedoracommunity/yum-repo.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  - restart fcomm-cache-worker
  tags:
  - packages
@ -87,7 +87,7 @@
    dest="{{pythonsitelib}}/fedoracommunity/search/distmappings.py"
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  - restart fcomm-cache-worker
  tags:
  - packages
--- a/roles/pager_server/tasks/main.yml
+++ b/roles/pager_server/tasks/main.yml
@ -2,7 +2,7 @@
 - name: setup pager app config
  copy: src=pager-app.conf dest=/etc/httpd/conf.d/pager-app.conf mode=644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  - pager_server
--- a/roles/pagure/fedmsg/tasks/main.yml
+++ b/roles/pagure/fedmsg/tasks/main.yml
@ -59,7 +59,7 @@
  - pagure
  - pagure/fedmsg
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-relay
 - name: Remove unwanted files
@ -72,7 +72,7 @@
  - pagure
  - pagure/fedmsg
  notify:
-  - restart httpd
+  - reload httpd
  - restart fedmsg-relay
 - name: setup /etc/pki/fedmsg directory
--- a/roles/paste/tasks/main.yml
+++ b/roles/paste/tasks/main.yml
@ -27,21 +27,21 @@
  copy: src=sticky-notes.conf dest=/etc/httpd/conf.d/sticky-notes.conf owner=root group=root mode=644
  tags:
  - config
-  notify: restart httpd
+  notify: reload httpd
 - name: sticky-notes php config
  template: src=config.php dest=/etc/sticky-notes/config.php owner=apache group=apache mode=600
  tags:
  - config
-  notify: restart httpd
+  notify: reload httpd
 - name: php post limit config
  copy: src=sticky-notes.ini dest=/etc/php.d/sticky-notes.ini owner=root group=root mode=644
-  notify: restart httpd
+  notify: reload httpd
 - name: timeout in case url.ca goes down
  copy: src=class_urlshort.php dest=/usr/share/sticky-notes/classes/class_urlshort.php owner=root group=root mode=644
-  notify: restart httpd
+  notify: reload httpd
 - name: set sebooleans so paste can talk to the db
  seboolean: name=httpd_can_network_connect_db state=true persistent=true
--- a/roles/pdc/tasks/main.yml
+++ b/roles/pdc/tasks/main.yml
@ -30,13 +30,13 @@
 - name: Copy over settings_local.py
  template: src=settings_local.py dest=/usr/lib/python2.7/site-packages/pdc/settings_local.py
-  notify: restart httpd
+  notify: reload httpd
  tags:
  - pdc
 - name: Copy over httpd config
  template: src=pdc.conf dest=/etc/httpd/conf.d/pdc.conf
-  notify: restart httpd
+  notify: reload httpd
  tags:
  - pdc
--- a/roles/phabricator/tasks/main.yml
+++ b/roles/phabricator/tasks/main.yml
@ -64,7 +64,7 @@
 - name: update php.ini
  copy: src=php.ini dest=/etc/php.d/php.ini owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
 - name: update php-opcache config
  copy:
@ -93,6 +93,12 @@
  notify:
   - restart phd
 - name: copy phabricator custom login plugin
  when: deployment_type == 'qa-stg'
  template: src=CustomLoginHandler.php.j2 dest={{ phabroot }}/phabricator/src/extensions/CustomLoginHandler.php owner=apache group=apache mode=0644
  notify:
   - restart phd
 # this isn't well supported upstream right now, disabling
 #- name: generate chatbot config
 #  template: src=chatbot-config.json.j2 dest={{ phabroot }}/phabricator/resources/chatbot/config.json owner=apache group=apache mode=0644
@ -162,6 +168,6 @@
 - name: copy phabricator httpd config
  template: src=phabricator.conf.j2 dest=/etc/httpd/conf.d/phabricator.conf owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
--- a/roles/phabricator/templates/CustomLoginHandler.php.j2
+++ b/roles/phabricator/templates/CustomLoginHandler.php.j2
@ -0,0 +1,19 @@
 <?php
 final class CustomLoginHandler
    extends PhabricatorAuthLoginHandler {
    public function getAuthLoginHeaderContent() {
        return phutil_safe_html("
 <center><h1>Logging in to Fedora QA Devel Phabricator</h1></center>
 <p style='max-width: 508px;margin: 16px auto;'>
  This phabricator instance is only setup for authentication with <a href='https://admin.fedoraproject.org/accounts'>the Fedora Accounts System</a>. If you have previously logged in to this instance, click o    n the 'Login or Register' button to log in again. If you are new to this system, please follow the follow
  ing guidelines:
  <ul style='list-style-type: disc; margin: auto; max-width:508px;'>
    <li style='list-style-type: disc;'>When you login with Persona, make sure to use your <b>fasusername@fedoraproject.org</b> email alias (replacing 'fasusername' with your FAS user)</li>
    <li>When creating a phabricator user account, please match the account name with your FAS username for less confusion on everyone elses' part</li>
    <li>If you have any questions, come find us in #fedora-qa on Freenode or on the <a href='https://admin.fedoraproject.org/mailman/listinfo/qa-devel'>Fedora QA Devel mailing list</a>.</li>
  </ul>
 </p>");
    }
 }
--- a/roles/phabricator/templates/local.json.j2
+++ b/roles/phabricator/templates/local.json.j2
@ -25,6 +25,7 @@
  "metamta.mail-adapter" : "{{ "PhabricatorMailImplementationPHPMailerAdapter" if phabricator_mail_enabled else "PhabricatorMailImplementationTestAdapter"}}",
  "phpmailer.smtp-host" : "bastion.phx2.fedoraproject.org",
  "auth.email-domains" : ["fedoraproject.org"],
 {% if deployment_type == 'qadevel-prod' %}
  "auth.login-message" : "<center><h1>Logging in to Fedora QA Devel Phabricator</h1></center>
 <p style='max-width: 508px;margin: 16px auto;'>
  This phabricator instance is only setup for authentication with <a href='https://admin.fedoraproject.org/accounts'>the Fedora Accounts System</a>. If you have previously logged in to this instance, click on the 'Login or Register' button to log in again. If you are new to this system, please follow the follow
@ -35,6 +36,7 @@ ing guidelines:
    <li>If you have any questions, come find us in #fedora-qa on Freenode or on the <a href='https://admin.fedoraproject.org/mailman/listinfo/qa-devel'>Fedora QA Devel mailing list</a>.</li>
  </ul>
 </p>",
 {% endif %}
  "phabricator.uninstalled-applications" : {
        "PhabricatorApplicationPhame" : true,
        "PhabricatorApplicationDiviner" : true,
--- a/roles/releng-dash/tasks/main.yml
+++ b/roles/releng-dash/tasks/main.yml
@ -10,6 +10,6 @@
  with_items:
  - fedora-releng-dash.conf
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - releng-dash
--- a/roles/releng/tasks/main.yml
+++ b/roles/releng/tasks/main.yml
@ -147,7 +147,7 @@
    group=root
    mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - config
  when: inventory_hostname.startswith('compose-x86-01')
--- a/roles/review-stats/proxy/tasks/main.yml
+++ b/roles/review-stats/proxy/tasks/main.yml
@ -10,7 +10,7 @@
    dest=/etc/httpd/conf.d/{{website}}/review-stats.conf
    owner=root group=root mode=0644
  notify:
-  - restart httpd
+  - reload httpd
  tags:
  - review-stats
  - review-stats/proxy
--- a/roles/statscache/backend/templates/statscache.py
+++ b/roles/statscache/backend/templates/statscache.py
@ -3,6 +3,20 @@ import datetime
 config = {
    "statscache.datagrepper.profile": False,
    {% if env == 'staging' %}
    #"statscache.datagrepper.endpoint": "https://apps.stg.fedoraproject.org/datagrepper/raw",
    # Consume production fedmsg data in staging for now.
    "statscache.datagrepper.endpoint": "https://apps.fedoraproject.org/datagrepper/raw",
    "endpoints": {
        "production-loopback": [
            "tcp://10.5.126.51:9940",
        ],
    },
    {% else %}
    "statscache.datagrepper.endpoint": "https://apps.fedoraproject.org/datagrepper/raw",
    {% endif %}
    # Consumer stuff
    "statscache.consumer.enabled": True,
@ -10,7 +24,11 @@ config = {
    "statscache.sqlalchemy.uri": "postgres://statscache:{{statscache_db_password}}@db01/statscache",
    # stats models will go back at least this far (current value arbitrary)
-    "statscache.consumer.epoch": datetime.datetime(year=2015, month=8, day=8),
+    {% if env == 'staging' %}
    "statscache.consumer.epoch": datetime.datetime(year=2015, month=10, day=1),
    {% else %}
    "statscache.consumer.epoch": datetime.datetime(year=2014, month=1, day=1),
    {% endif %}
    # stats models are updated at this frequency
    "statscache.producer.frequency": datetime.timedelta(seconds=1),
--- a/roles/taskotron/buildmaster-configure/templates/taskotron.master.cfg.j2
+++ b/roles/taskotron/buildmaster-configure/templates/taskotron.master.cfg.j2
@ -161,7 +161,7 @@ factory.addStep(ShellCommand(command=["rm", "-f", "/var/log/taskotron/taskotron.
 {% if deployment_type == 'dev' %}
 # clean out /var/tmp/taskotron (see T253)
-factory.addStep(ShellCommand(command=["rm", "-rf", Interpolate("/var/tmp/taskotron/%(prop:slavename)s/*")], name="rm_tmp", descriptionDone=['Clean tmp']))
+factory.addStep(ShellCommand(command=Interpolate("rm -rf /var/tmp/taskotron/%(prop:slavename)s/*"), name="rm_tmp", descriptionDone=['Clean tmp']))
 {% endif %}
 # check out the source
--- a/roles/taskotron/buildmaster/tasks/main.yml
+++ b/roles/taskotron/buildmaster/tasks/main.yml
@ -43,13 +43,13 @@
 - name: copy httpd config
  template: src=buildmaster.conf.j2 dest=/etc/httpd/conf.d/buildmaster.conf owner=root group=root
  notify:
-    - restart httpd
+    - reload httpd
 - name: copy artifacts httpd config
  template: src=artifacts.conf.j2 dest=/etc/httpd/conf.d/artifacts.conf owner=root group=root
  when: deployment_type == 'prod' or deployment_type == 'stg' or deployment_type == 'dev' or deployment_type == 'local'
  notify:
-    - restart httpd
+    - reload httpd
 - name: create artifacts directory
  file: path={{ item }} state=directory owner=buildmaster group=buildmaster mode=0775 setype=httpd_sys_content_t
--- a/roles/taskotron/execdb/tasks/main.yml
+++ b/roles/taskotron/execdb/tasks/main.yml
@ -57,12 +57,12 @@
 - name: generate execdb config
  template: src=settings.py.j2 dest=/etc/execdb/settings.py owner=root group=root mode=0644
  notify:
-    - restart httpd
+    - reload httpd
 - name: generate execdb apache config
  template: src=execdb.conf.j2 dest=/etc/httpd/conf.d/execdb.conf owner=root group=root mode=0644
  notify:
-    - restart httpd
+    - reload httpd
 - name: generate alembic.ini
  template: src=alembic.ini.j2 dest=/usr/share/execdb/alembic.ini owner=root group=root mode=0644
--- a/roles/taskotron/fake_fedorainfra/tasks/main.yml
+++ b/roles/taskotron/fake_fedorainfra/tasks/main.yml
@ -42,9 +42,9 @@
 - name: generate fakefedorainfra config
  template: src=settings.py.j2 dest=/etc/fake_fedorainfra/settings.py owner=root group=root mode=0644
  notify:
-    - restart httpd
+    - reload httpd
 - name: generate fakefedorainfra apache config
  template: src=fake_fedorainfra.conf.j2 dest=/etc/httpd/conf.d/fakefedorainfra.conf owner=root group=root mode=0644
  notify:
-    - restart httpd
+    - reload httpd
--- a/roles/taskotron/resultsdb-backend/tasks/main.yml
+++ b/roles/taskotron/resultsdb-backend/tasks/main.yml
@ -50,12 +50,12 @@
 - name: generate resultsdb config
  template: src=settings.py.j2 dest=/etc/resultsdb/settings.py owner=root group=root mode=0644
  notify:
-    - restart httpd
+    - reload httpd
 - name: generate resultsdb apache config
  template: src=resultsdb.conf.j2 dest=/etc/httpd/conf.d/resultsdb.conf owner=root group=root mode=0644
  notify:
-    - restart httpd
+    - reload httpd
 # this command will clear the exising database and it's now being run every time, regardless of whether
 # /etc/resultsdb-is-init exists or not. We've already lost a lot of data, so commenting this command out
--- a/Show more
+++ b/Show more
`@ -1,2 +1,2 @@`
	`- name: restart httpd`	`- name: reload httpd`
	`service: name="httpd" state="restarted"`	`service: name="httpd" state="restarted"`
		`@ -0,0 +1,2 @@`
							`ProxyPass / http://209.132.184.207/`
							`ProxyPassReverse / http://209.132.184.207/`