From 2b041d9cfd9b0c6da6abc2fcc7a657982e332c98 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Wed, 15 Feb 2017 08:20:28 -0800
Subject: [PATCH 01/11] openqa/dispatcher: more config fixing

goddamnit, adam, why'd you make so many options.
---
 roles/openqa/dispatcher/templates/schedule.conf.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/openqa/dispatcher/templates/schedule.conf.j2 b/roles/openqa/dispatcher/templates/schedule.conf.j2
index 92e13f9e41..f599284ff0 100644
--- a/roles/openqa/dispatcher/templates/schedule.conf.j2
+++ b/roles/openqa/dispatcher/templates/schedule.conf.j2
@@ -13,6 +13,8 @@ prod_rdb_report: true
 resultsdb_url: http://resultsdb-stg01.qa.fedoraproject.org/resultsdb_api/api/v2.0/
 wiki_hostname: stg.fedoraproject.org
 [consumers]
+# as we use the production scheduler
+prod_oqa_hostname: localhost
 stg_oqa_hostname: localhost
 stg_oqa_baseurl: https://{{ external_hostname|default(ansible_nodename) }}
 stg_wiki_hostname: stg.fedoraproject.org

From 81961f7ccd4978711aa98332bfd111867c6ddabf Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 16:39:55 +0000
Subject: [PATCH 02/11] mbs/frontend needs httpd_can_network_connect to query
 dist-git for validation.

---
 roles/mbs/frontend/tasks/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/mbs/frontend/tasks/main.yml b/roles/mbs/frontend/tasks/main.yml
index 1d24257955..92edf75aaa 100644
--- a/roles/mbs/frontend/tasks/main.yml
+++ b/roles/mbs/frontend/tasks/main.yml
@@ -41,6 +41,7 @@
   with_items:
   - httpd_can_network_connect_db
   - httpd_can_network_memcache
+  - httpd_can_network_connect
   - httpd_can_sendmail
   tags:
   - mbs

From 5e452622a260605bfb94b2f26cd764d3e96661c1 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 17:19:39 +0000
Subject: [PATCH 03/11] fedmsg config for mbs.

---
 roles/mbs/common/tasks/main.yml          | 11 +++++++++++
 roles/mbs/common/templates/mbs-fedmsg.py |  4 ++++
 2 files changed, 15 insertions(+)
 create mode 100644 roles/mbs/common/templates/mbs-fedmsg.py

diff --git a/roles/mbs/common/tasks/main.yml b/roles/mbs/common/tasks/main.yml
index d7ecb0437e..d1807900e6 100644
--- a/roles/mbs/common/tasks/main.yml
+++ b/roles/mbs/common/tasks/main.yml
@@ -26,6 +26,17 @@
   - mbs
   - mbs/common
 
+- name: copy fedmsg configuration
+  template: >
+    src=mbs-fedmsg.py dest=/etc/fedmsg.d/mbs-fedmsg.py
+    owner=root group=fedmsg mode=0644
+  notify:
+  - restart apache
+  - restart fedmsg-hub
+  tags:
+  - mbs
+  - mbs/common
+
 - name: copy client secrets
   template: >
     src=client_secrets.json.{{env}} dest=/etc/module-build-service/client_secrets.json
diff --git a/roles/mbs/common/templates/mbs-fedmsg.py b/roles/mbs/common/templates/mbs-fedmsg.py
new file mode 100644
index 0000000000..709fd2cb98
--- /dev/null
+++ b/roles/mbs/common/templates/mbs-fedmsg.py
@@ -0,0 +1,4 @@
+config = {
+    # So that the MBS can find it's cert in /etc/fedmsg.d/ssl.py
+    'name': 'mbs',
+}

From d7f9660ced9eb46686c22ddb8802284b330ea986 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 17:22:23 +0000
Subject: [PATCH 04/11] Fix permissions.

---
 roles/mbs/frontend/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/mbs/frontend/tasks/main.yml b/roles/mbs/frontend/tasks/main.yml
index 92edf75aaa..761318c437 100644
--- a/roles/mbs/frontend/tasks/main.yml
+++ b/roles/mbs/frontend/tasks/main.yml
@@ -4,7 +4,7 @@
 - name: disable the scheduler on the frontend
   copy: >
     src={{ item }} dest=/etc/fedmsg.d/{{ item }}
-    owner=apache group=apache mode=0600
+    owner=fedmsg group=fedmsg mode=0644
   with_items:
   - mbs-scheduler.py
   notify:

From a8f17c9cd4ad6dd1fd21ba5a7d9ba219ec3a1b2d Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 17:25:35 +0000
Subject: [PATCH 05/11] Remove unwanted file from mbs rpm.

---
 roles/mbs/common/tasks/main.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/roles/mbs/common/tasks/main.yml b/roles/mbs/common/tasks/main.yml
index d1807900e6..7e46835ff8 100644
--- a/roles/mbs/common/tasks/main.yml
+++ b/roles/mbs/common/tasks/main.yml
@@ -15,6 +15,15 @@
   - mbs
   - mbs/common
 
+- name: kill development config
+  file: path=/etc/fedmsg.d/module_build_service.py state=absent
+  notify:
+  - restart apache
+  - restart fedmsg-hub
+  tags:
+  - mbs
+  - mbs/common
+
 - name: copy app configuration
   template: >
     src=config.py dest=/etc/module-build-service/config.py

From a59ac60311ccafd614c0833fb54deeeb1b3e1b77 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 17:28:33 +0000
Subject: [PATCH 06/11] Wrong value.

---
 roles/mbs/common/templates/mbs-fedmsg.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/mbs/common/templates/mbs-fedmsg.py b/roles/mbs/common/templates/mbs-fedmsg.py
index 709fd2cb98..7a3823d48b 100644
--- a/roles/mbs/common/templates/mbs-fedmsg.py
+++ b/roles/mbs/common/templates/mbs-fedmsg.py
@@ -1,4 +1,4 @@
 config = {
     # So that the MBS can find it's cert in /etc/fedmsg.d/ssl.py
-    'name': 'mbs',
+    'cert_prefix': 'mbs',
 }

From 89ea6230aba97941ed19a730b166a32c06bdca6d Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 17:39:11 +0000
Subject: [PATCH 07/11] Change owner to match the apache process.

---
 inventory/group_vars/mbs-frontend     | 4 ++--
 inventory/group_vars/mbs-frontend-stg | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/inventory/group_vars/mbs-frontend b/inventory/group_vars/mbs-frontend
index 34e3981f0a..b84a047deb 100644
--- a/inventory/group_vars/mbs-frontend
+++ b/inventory/group_vars/mbs-frontend
@@ -24,8 +24,8 @@ fas_client_groups: sysadmin-noc,sysadmin-releng
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: mbs
-  owner: root
-  group: apache 
+  owner: fedmsg
+  group: fedmsg
   can_send:
   - mbs.module.state.change
   # Only the backend sends this message..
diff --git a/inventory/group_vars/mbs-frontend-stg b/inventory/group_vars/mbs-frontend-stg
index 1c104763c7..0b692933c7 100644
--- a/inventory/group_vars/mbs-frontend-stg
+++ b/inventory/group_vars/mbs-frontend-stg
@@ -24,8 +24,8 @@ fas_client_groups: sysadmin-noc,sysadmin-releng
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: mbs
-  owner: root
-  group: apache 
+  owner: fedmsg
+  group: fedmsg
   can_send:
   - mbs.module.state.change
   # Only the backend sends this message..

From 01a57debe5815864d1292bc320932c029520f864 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 17:42:20 +0000
Subject: [PATCH 08/11] Apparently we need both.

---
 roles/mbs/common/templates/mbs-fedmsg.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/mbs/common/templates/mbs-fedmsg.py b/roles/mbs/common/templates/mbs-fedmsg.py
index 7a3823d48b..3485e012de 100644
--- a/roles/mbs/common/templates/mbs-fedmsg.py
+++ b/roles/mbs/common/templates/mbs-fedmsg.py
@@ -1,4 +1,5 @@
 config = {
     # So that the MBS can find it's cert in /etc/fedmsg.d/ssl.py
     'cert_prefix': 'mbs',
+    'name': 'mbs',
 }

From 87c3a80974a0dafd84767b6ec3b1b2862a2d3485 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 17:58:09 +0000
Subject: [PATCH 09/11] Name is longer than just the prefix.

---
 roles/mbs/common/templates/mbs-fedmsg.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/mbs/common/templates/mbs-fedmsg.py b/roles/mbs/common/templates/mbs-fedmsg.py
index 3485e012de..3715f21b0e 100644
--- a/roles/mbs/common/templates/mbs-fedmsg.py
+++ b/roles/mbs/common/templates/mbs-fedmsg.py
@@ -1,5 +1,7 @@
+import socket
+
 config = {
     # So that the MBS can find it's cert in /etc/fedmsg.d/ssl.py
     'cert_prefix': 'mbs',
-    'name': 'mbs',
+    'name': 'mbs-%s' % socket.gethostname(),
 }

From 9db908833369a2d6365d00a25b3ef56cae6a451f Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Wed, 15 Feb 2017 18:00:19 +0000
Subject: [PATCH 10/11] increase opendkim header size

---
 roles/opendkim/files/opendkim.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/opendkim/files/opendkim.conf b/roles/opendkim/files/opendkim.conf
index 03353770c0..c50d1d1692 100644
--- a/roles/opendkim/files/opendkim.conf
+++ b/roles/opendkim/files/opendkim.conf
@@ -131,3 +131,7 @@ OversignHeaders	From
 ##  caching service. Useful if the nameserver being used by the filter is
 ##  not local.
 # QueryCache	yes
+#
+# We need to increase the default header size because notifs adds a X-fedmsg header for
+# each message in a digest.
+MaximumHeaders 262144

From eab08ddbd65a8f9bdeabefe73d070e42e4f281e9 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Wed, 15 Feb 2017 18:48:01 +0000
Subject: [PATCH 11/11] Playbook should work in both prod and stg, thank you.

---
 playbooks/clear_memcached.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/clear_memcached.yml b/playbooks/clear_memcached.yml
index fe913c3656..eaae858dad 100644
--- a/playbooks/clear_memcached.yml
+++ b/playbooks/clear_memcached.yml
@@ -1,5 +1,5 @@
 - name: clear memcache
-  hosts: memcached
+  hosts: memcached:memcached-stg
   serial: 1
 
   tasks: