Fare thee well s390x alternative arch. We are now one big happy single koji family.

Also, no need for secondary sigul anymore.
2018-05-30 18:42:05 +00:00 · 2018-05-30 18:42:05 +00:00 · 061ae15638
commit 061ae15638
parent 45f8499eea
21 changed files with 6 additions and 403 deletions
--- a/inventory/builders
+++ b/inventory/builders
@ -106,9 +106,6 @@ buildvm-armv7-22.arm.fedoraproject.org
 buildvm-armv7-23.arm.fedoraproject.org
 buildvm-armv7-24.arm.fedoraproject.org

-[buildvm-s390]
-buildvm-s390-01.s390.fedoraproject.org
-
 [buildvm-s390x]
 buildvm-s390x-01.s390.fedoraproject.org
 buildvm-s390x-02.s390.fedoraproject.org
@ -302,7 +299,6 @@ buildvm-aarch64
 buildvm-armv7
 buildvm-ppc64
 buildvm-ppc64le
-buildvm-s390
 buildvm-s390x
 bkernel

--- a/inventory/group_vars/buildvm-s390
+++ b/inventory/group_vars/buildvm-s390
@ -1,17 +0,0 @@
---
-# common items for the buildvm-s390* koji builders
-host_group: kojibuilder
-fas_client_groups: sysadmin-releng,sysadmin-secondary
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
-
-koji_hub_nfs: "fedora_s390/data"
-koji_server_url: "https://s390.koji.fedoraproject.org/kojihub"
-koji_weburl: "https://s390.koji.fedoraproject.org/koji"
-koji_topurl: "https://s390pkgs.fedoraproject.org/"
-
-# These variables are for koji-containerbuild/osbs
-osbs_url: "osbs.fedoraproject.org"
-docker_registry: "candidate-registry.fedoraproject.org"
-source_registry: "registry.fedoraproject.org"
-koji_root: "koji.fedoraproject.org/koji"
-koji_hub: "koji.fedoraproject.org/kojihub"
--- a/inventory/group_vars/nagios
+++ b/inventory/group_vars/nagios
@ -108,7 +108,6 @@ phx2_management_hosts:
  - vhcloud01.mgmt.fedoraproject.org
  - virthost-comm03.mgmt.fedoraproject.org
  - virthost-comm04.mgmt.fedoraproject.org
-  - virthost-s390.mgmt.fedoraproject.org
  - virthost01-stg.mgmt.fedoraproject.org
  - virthost02.mgmt.fedoraproject.org
  - virthost03.mgmt.fedoraproject.org
--- a/inventory/group_vars/releng-secondary
+++ b/inventory/group_vars/releng-secondary
@ -1,33 +0,0 @@
---
-# common items for the releng-* boxes
-lvm_size: 100000
-mem_size: 8196
-max_mem_size: "{{ mem_size }}"
-num_cpus: 16
-nm: 255.255.255.0
-dns: 10.5.126.21
-
-# With 16 cpus, theres a bunch more kernel threads
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
-
-nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,sec=sys,nfsvers=3"
-
-fas_client_groups: sysadmin-releng,sysadmin-secondary,sysadmin-noc,sysadmin-veteran
-sudoers: "{{ private }}/files/sudo/00releng-sudoers"
-
-host_group: releng
-
-fedmsg_certs:
- service: releng
-  owner: root
-  group: sysadmin-releng
-  can_send:
-  # pungi-koji stuff (ask dgilmore)
-  - pungi.compose.phase.start
-  - pungi.compose.phase.stop
-  - pungi.compose.status.change
-  - pungi.compose.createiso.targets
-  - pungi.compose.createiso.imagefail
-  - pungi.compose.createiso.imagedone
-
--- a/inventory/hardware
+++ b/inventory/hardware
@ -40,7 +40,6 @@ fed-cloud12.cloud.fedoraproject.org
 fed-cloud13.cloud.fedoraproject.org
 fed-cloud14.cloud.fedoraproject.org
 fed-cloud15.cloud.fedoraproject.org
-virthost-s390.s390.fedoraproject.org
 osuosl03.fedoraproject.org
 # ssh often disabled
 #autosign01.phx2.fedoraproject.org
--- a/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org
+++ b/inventory/host_vars/buildvm-s390-01.s390.fedoraproject.org
@ -1,19 +0,0 @@
---
-vmhost: virthost-s390.s390.fedoraproject.org
-eth0_ip: 10.5.129.81
-nm: 255.255.255.0
-gw: 10.5.129.254
-dns: 10.5.126.21
-main_bridge: br0
-
-# common items for the buildvm-* koji builders
-volgroup: /dev/vg_guests
-lvm_size: 150000
-mem_size: 10240
-max_mem_size: "{{ mem_size }}"
-num_cpus: 4
-ks_url: http://10.5.126.23/repo/rhel/ks/buildvm-fedora-25
-ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Everything/x86_64/os/
-
-virt_install_command: "{{ virt_install_command_one_nic }}"
-sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
--- a/inventory/host_vars/compose-s390-01.s390.fedoraproject.org
+++ b/inventory/host_vars/compose-s390-01.s390.fedoraproject.org
@ -1,24 +0,0 @@
---
-vmhost: virthost-s390.s390.fedoraproject.org
-volgroup: /dev/vg_guests
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-fedora-25
-ks_repo: http://10.5.126.23/pub/fedora/linux/releases/25/Everything/x86_64/os/
-virt_install_command: "{{ virt_install_command_one_nic }}"
-
-eth0_ip: 10.5.129.16
-nm: 255.255.255.0
-gw: 10.5.129.254
-dns: 10.5.126.21
-main_bridge: br0
-
-koji_hub_nfs: "fedora_s390/data"
-
-kojipkgs_url: s390pkgs.fedoraproject.org
-kojihub_url: s390.koji.fedoraproject.org/kojihub
-kojihub_scheme: https
-
-koji_server_url: "https://s390.koji.fedoraproject.org/kojihub"
-koji_weburl: "https://s390.koji.fedoraproject.org/koji"
-koji_topurl: "https://s390pkgs.fedoraproject.org/"
-
-sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
--- a/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org
+++ b/inventory/host_vars/db-s390-koji01.s390.fedoraproject.org
@ -1,44 +0,0 @@
---
-nm: 255.255.255.0
-gw: 10.5.129.254
-dns: 10.5.126.21
-volgroup: /dev/vg_guests
-eth0_ip: 10.5.129.181
-vmhost: virthost-s390.s390.fedoraproject.org
-datacenter: phx2
-
-ks_url: http://infrastructure.phx2.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://infrastructure.phx2.fedoraproject.org/repo/rhel/RHEL7-x86_64/
-
-# This is a generic list, monitored by collectd
-databases:
- koji
-
-# This is a more strict list, to be made publicly available
-dbs_to_backup:
- koji
-
-# These are normally group variables, but in this case db servers are often different
-lvm_size: 500000
-mem_size: 25165
-num_cpus: 12
-fas_client_groups: sysadmin-dba,sysadmin-noc,sysadmin-secondary,sysadmin-veteran
-sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
-
-# kernel SHMMAX value
-kernel_shmmax: 68719476736
-
-#
-# Only allow postgresql access from the frontend node.
-#
-custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.5.129.180 --dport 5432 -j ACCEPT' ]
-
-#
-# Large updates pushes cause lots of db threads doing the tag moves, so up this from default. 
-# 
-nrpe_procs_warn: 600
-nrpe_procs_crit: 700
-
-db_backup_dir: ['/backups']
-shared_buffers: "6GB"
-effective_cache_size: "18GB"
--- a/inventory/host_vars/s390-koji01.s390.fedoraproject.org
+++ b/inventory/host_vars/s390-koji01.s390.fedoraproject.org
@ -1,32 +0,0 @@
---
-nm: 255.255.255.0
-gw: 10.5.129.254
-dns: 10.5.126.21
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
-volgroup: /dev/vg_guests
-eth0_ip: 10.5.129.180
-eth0_nm: 255.255.255.0
-vmhost: virthost-s390.s390.fedoraproject.org
-datacenter: phx2
-nrpe_procs_warn: 900
-nrpe_procs_crit: 1000
-
-fas_client_groups: sysadmin-releng,sysadmin-secondary
-sudoers: "{{ private }}/files/sudo/sysadmin-secondary-sudoers"
-
-fedmsg_fqdn: s390-koji01.qa.fedoraproject.org
-
-#
-# define this here because s390 koji only needs eth0, not eth1 also
-#
-virt_install_command: "{{ virt_install_command_one_nic }}"
-
-koji_topurl: "https://s390pkgs.fedoraproject.org/"
-koji_server_url: "https://s390.koji.fedoraproject.org/kojihub"
-koji_weburl: "https://s390.koji.fedoraproject.org/koji"
-
-fedmsg_koji_instance: s390
-
-# Set this to use the qa domain resolv.conf to make sure it can talk to it's db
-resolvconf: resolv.conf/qa
--- a/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org
+++ b/inventory/host_vars/secondary-bridge01.phx2.fedoraproject.org
@ -1,13 +0,0 @@
---
-nm: 255.255.255.0
-gw: 10.5.129.254
-dns: 10.5.126.21
-
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
-volgroup: /dev/VirtGuests
-vmhost: virthost-comm03.qa.fedoraproject.org
-datacenter: phx2
-
-eth0_ip: 10.5.129.248
-eth0_nm: 255.255.255.0
--- a/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org
+++ b/inventory/host_vars/secondary-vault01.phx2.fedoraproject.org
@ -1,13 +0,0 @@
---
-nm: 255.255.255.0
-gw: 10.5.129.254
-dns: 10.5.126.21
-
-ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-7
-ks_repo: http://10.5.126.23/repo/rhel/RHEL7-x86_64/
-volgroup: /dev/vg_guests
-vmhost: virthost-comm04.qa.fedoraproject.org
-datacenter: phx2
-
-eth0_ip: 10.5.129.249
-eth0_nm: 255.255.255.0
--- a/inventory/host_vars/virthost-s390.qa.fedoraproject.org
+++ b/inventory/host_vars/virthost-s390.qa.fedoraproject.org
@ -1,3 +0,0 @@
---
-# This virthost only has non release critical instances, so it doesn't freeze
-freezes: false
--- a/inventory/inventory
+++ b/inventory/inventory
@ -27,9 +27,6 @@ branched-composer.phx2.fedoraproject.org
 rawhide-composer.phx2.fedoraproject.org
 compose-iot-01.phx2.fedoraproject.org

-[releng-secondary]
-compose-s390-01.s390.fedoraproject.org
-
 [releng-stg]
 composer.stg.phx2.fedoraproject.org

@ -243,14 +240,12 @@ bodhi-backend01.stg.phx2.fedoraproject.org
 [sign-bridge]
 sign-bridge01.phx2.fedoraproject.org
 sign-bridge01.stg.phx2.fedoraproject.org
-secondary-bridge01.phx2.fedoraproject.org
 #
 # sign vault servers don't listen to ssh by default.
 #
 [sign-vault]
 #sign-vault03.phx2.fedoraproject.org
 #sign-vault04.phx2.fedoraproject.org
-#secondary-vault01.phx2.fedoraproject.org
 #sign-vault01.stg.phx2.fedoraproject.org

 [autocloud-web]
@ -293,7 +288,6 @@ db03.phx2.fedoraproject.org
 db-fas01.phx2.fedoraproject.org
 db-datanommer02.phx2.fedoraproject.org
 db-koji01.phx2.fedoraproject.org
-db-s390-koji01.s390.fedoraproject.org
 db-qa01.qa.fedoraproject.org
 db-qa02.qa.fedoraproject.org

@ -390,7 +384,6 @@ keys01.fedoraproject.org
 [koji]
 koji01.phx2.fedoraproject.org
 koji02.phx2.fedoraproject.org
-s390-koji01.s390.fedoraproject.org

 [koji-stg]
 koji01.stg.phx2.fedoraproject.org
@ -942,7 +935,6 @@ virthost-comm01.qa.fedoraproject.org
 virthost-comm02.qa.fedoraproject.org
 virthost-comm03.qa.fedoraproject.org
 virthost-comm04.qa.fedoraproject.org
-virthost-s390.s390.fedoraproject.org

 [wiki-stg]
 wiki01.stg.phx2.fedoraproject.org
@ -966,7 +958,6 @@ zanata2fedmsg01.phx2.fedoraproject.org
 [fedmsg-qa-network]
 retrace01.qa.fedoraproject.org
 retrace02.qa.fedoraproject.org
-s390-koji01.s390.fedoraproject.org
 resultsdb01.qa.fedoraproject.org
 openqa01.qa.fedoraproject.org
 openqa-ppc64le-01.qa.fedoraproject.org
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@ -3,10 +3,10 @@
 # NOTE: make sure there is room/space for this builder on the buildvmhost
 # NOTE: most of these vars_path come from group_vars/buildvm or from hostvars

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg"

 - name: make koji builder(s)
-  hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-s390:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg:buildvm-s390x:buildvm-s390x-stg
+  hosts: buildvm:buildvm-stg:buildvm-aarch64:buildvm-armv7:buildvm-ppc64:buildvm-ppc64le:buildvm-ppc64-stg:buildvm-ppc64le-stg:buildvm-aarch64-stg:buildvm-armv7-stg:buildvm-s390x:buildvm-s390x-stg
  user: root
  gather_facts: True

--- a/playbooks/groups/postgresql-server.yml
+++ b/playbooks/groups/postgresql-server.yml
@ -2,12 +2,12 @@
 # NOTE: should be used with --limit most of the time
 # NOTE: most of these vars_path come from group_vars/backup_server or from hostvars

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org"

 # Once the instance exists, configure it.

 - name: configure postgresql server system
-  hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-s390-koji01.s390.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org
+  hosts: db-datanommer02.phx2.fedoraproject.org:db-qa01.qa.fedoraproject.org:db-koji01.phx2.fedoraproject.org:db-fas01.stg.phx2.fedoraproject.org:db-fas01.phx2.fedoraproject.org:db01.phx2.fedoraproject.org:db01.stg.phx2.fedoraproject.org:db-qa02.qa.fedoraproject.org:db-koji01.stg.phx2.fedoraproject.org
  user: root
  gather_facts: True

--- a/playbooks/groups/releng-compose.yml
+++ b/playbooks/groups/releng-compose.yml
@ -3,7 +3,7 @@
 # NOTE: make sure there is room/space for this instance on the buildvmhost
 # NOTE: most of these vars_path come from group_vars/releng or from hostvars

- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg:compose-s390-01.s390.fedoraproject.org"
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=releng-compose:releng-stg

 - name: Setup releng compose hosts
  hosts: releng-compose:releng-secondary:releng-stg
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@ -139,96 +139,6 @@
  - koji_hub
  when: env != 'staging' and ansible_hostname.startswith('koji')

-#
-# install production s390 certs and keys
-#
- name: install s390 kojiweb_cert_key.pem
-  copy: src={{ private }}/files/koji/s390.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('s390')
-
- name: install s390 production koji_cert.pem
-  copy: src={{ private }}/files/koji/s390_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('s390')
-
- name: install s390 production koji_key.pem
-  copy: src={{ private }}/files/koji/s390_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('s390')
-#
-# install production arm certs and keys
-#
- name: install arm kojiweb_cert_key.pem
-  copy: src={{ private }}/files/koji/arm.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('arm')
-
- name: install arm production koji_cert.pem
-  copy: src={{ private }}/files/koji/arm_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('arm')
-
- name: install arm production koji_key.pem
-  copy: src={{ private }}/files/koji/arm_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('arm')
-
-#
-# install production ppc certs and keys
-#
-
- name: install ppc kojiweb_cert_key.pem
-  copy: src={{ private }}/files/koji/ppc.koji.fedoraproject.org_key_and_cert.pem dest=/etc/pki/tls/private/kojiweb_cert_key.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('ppc')
-
- name: install ppc production koji_cert.pem
-  copy: src={{ private }}/files/koji/ppc_koji_cert.pem dest=/etc/pki/tls/certs/koji_cert.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('ppc')
-
- name: install ppc production koji_key.pem
-  copy: src={{ private }}/files/koji/ppc_koji_key.pem dest=/etc/pki/tls/private/koji_key.pem owner=apache mode=600
-  notify:
-  - reload httpd
-  tags:
-  - config
-  - koji_hub
-  when: ansible_hostname.startswith('ppc')
-
 #
 # install staging certs and keys
 #
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@ -3,7 +3,6 @@
 ## Basic options ##
 DBName = koji
 DBUser = koji
-{% if inventory_hostname.startswith('koji') %}
 {% if env == "staging" %}
 DBHost = db-koji01
 {% else %}
@ -16,22 +15,6 @@ ProxyPrincipals = modularity@STG.FEDORAPROJECT.ORG,HTTP/koji.stg.fedoraproject.o
 {% else %}
 ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/sign-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG
 {% endif %}
-{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %}
-DBHost = db-s390-koji01.s390.fedoraproject.org
-DBPass = {{ s390kojiPassword }}
-AuthPrincipal = host/s390.koji.fedoraproject.org
-ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG
-{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
-DBHost = db-arm-koji01.qa.fedoraproject.org
-DBPass = {{ armkojiPassword }}
-AuthPrincipal = host/arm.koji.fedoraproject.org
-ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG
-{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %}
-DBHost = db-ppc-koji01.ppc.fedoraproject.org
-DBPass = {{ ppckojiPassword }}
-AuthPrincipal = host/ppc.koji.fedoraproject.org
-ProxyPrincipals = HTTP/koji.fedoraproject.org@FEDORAPROJECT.ORG,sigul/secondary-bridge01.phx2.fedoraproject.org@FEDORAPROJECT.ORG
-{% endif %}
 KojiDir = /mnt/koji
 MemoryWarnThreshold = 10000
 MaxRequestLength = 167772160
@ -50,16 +33,8 @@ AuthKeytab = /etc/koji-hub/koji-hub.keytab

 ## the client username is the common name of the subject of their client certificate
 DNUsernameComponent = CN
-{% if inventory_hostname.startswith('koji') %}
 ## separate multiple DNs with |
 ProxyDNs = emailAddress=buildsys@fedoraproject.org,CN=kojiweb,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US|emailAddress=releng@fedoraproject.org,CN=sign-bridge1,OU=Package Signing,O=Fedora Project,ST=North Carolina,C=US
-{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %}
-ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=s390.koji.fedoraproject.org/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US
-{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
-ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=arm.koji.fedoraproject.org/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US
-{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %}
-ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Buildsys/CN=ppc.koji.fedoraproject.org/emailAddress=ppc@fedoraproject.org|/C=US/ST=North Carolina/O=Fedora Project/OU=Fedora Builders/CN=secondary-signer/emailAddress=buildsys@fedoraproject.org|emailAddress=buildsys@fedoraproject.org,CN=secondary-signer,OU=Fedora Builders,O=Fedora Project,ST=North Carolina,C=US
-{% endif %}

 ## end SSL client certificate auth configuration

@ -67,15 +42,7 @@ ProxyDNs = /C=US/ST=North Carolina/O=Fedora Project/OU=Buildsys/CN=ppc.koji.fedo

 ##  Other options  ##
 LoginCreatesUser = On
-{% if inventory_hostname.startswith('koji') %}
 KojiWebURL = http://koji.fedoraproject.org/koji
-{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %}
-KojiWebURL = http://s390.koji.fedoraproject.org/koji
-{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
-KojiWebURL = http://arm.koji.fedoraproject.org/koji
-{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %}
-KojiWebURL = http://ppc.koji.fedoraproject.org/koji
-{% endif %}
 # The domain name that will be appended to Koji usernames
 # when creating email notifications
 EmailDomain = fedoraproject.org
--- a/roles/koji_hub/templates/kojihub.conf.j2
+++ b/roles/koji_hub/templates/kojihub.conf.j2
@ -12,28 +12,12 @@ Alias /kojihub /usr/share/koji-hub/kojixmlrpc.py
    Require all granted
 </Directory>

-{% if inventory_hostname == 'arm-koji01.qa.fedoraproject.org' or inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' or inventory_hostname == 's390-koji01.s390.fedoraproject.org' %}
-# Also serve /mnt/koji
-Alias /kojifiles "/mnt/koji/"
-
-<Directory "/mnt/koji">
-   Options Indexes FollowSymLinks
-   AllowOverride None
-   Order allow,deny
-   Allow from all
-</Directory>
-{% endif %}
-
 <Location /kojihub/ssllogin>
 	 AuthType GSSAPI
 	 GssapiSSLonly Off
         GssapiLocalName On
 	 AuthName "GSSAPI Single Sign On Login"
-	 {% if fedmsg_koji_instance == "primary" %}
-		GssapiCredStore keytab:/etc/koji-hub/gssapi.keytab
-         {% else %}
-		GssapiCredStore keytab:/etc/krb5.HTTP_{{ fedmsg_koji_instance }}.koji.fedoraproject.org.keytab
-	 {% endif %}
+	 GssapiCredStore keytab:/etc/koji-hub/gssapi.keytab
 	 Require valid-user
 </Location>

--- a/roles/koji_hub/templates/kojiweb.conf.j2
+++ b/roles/koji_hub/templates/kojiweb.conf.j2
@ -65,42 +65,6 @@ Alias /buildgroups "/mnt/koji/buildgroups/"
    Require all granted
 </Directory>

-{% if inventory_hostname.startswith('koji') and env == "production"  %}
 # use redirects for compose and packages locations
 RewriteRule ^/compose(.+) https://kojipkgs.fedoraproject.org/compose$1  [R=301,L]
 RewriteRule ^/packages(.+) https://kojipkgs.fedoraproject.org/packages$1  [R=301,L]
-{% else %}
-Alias /compose "/mnt/koji/compose/"
-
-<Directory "/mnt/koji/compose/">
-    Options Indexes FollowSymLinks
-    Require all granted
-</Directory>
-
-Alias /packages "/mnt/koji/packages/"
-
-<Directory "/mnt/koji/packages/">
-    Options Indexes FollowSymLinks
-    Require all granted
-</Directory>
-
-# use redirects for compose and packages locations to be consistent with primary hub
-{% if inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
-# Disable these for now since there's a cert issue and no virtual host definition to redirect to
-# We need to either add a apache virthost and a proper cert or a seperate vm for packages.
-#RewriteRule ^/compose(.+) http://arm.koji.fedoraproject.org/compose$1  [R=301,L]
-#RewriteRule ^/packages(.+) http://arm.koji.fedoraproject.org/packages$1  [R=301,L]
-{% endif %}
-{% if inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %}
-# Disable these for now since there's a cert issue and no virtual host definition to redirect to
-# We need to either add a apache virthost and a proper cert or a seperate vm for packages.
-#RewriteRule ^/compose(.+) http://ppc.koji.fedoraproject.org/compose$1  [R=301,L]
-#RewriteRule ^/packages(.+) http://ppc.koji.fedoraproject.org/packages$1  [R=301,L]
-{% endif %}
-{% if inventory_hostname == 's390-koji01.qa.fedoraproject.org' %}
-# Disable these for now since there's a cert issue and no virtual host definition to redirect to
-# We need to either add a apache virthost and a proper cert or a seperate vm for packages.
-#RewriteRule ^/compose(.+) https://s390pkgs.fedoraproject.org/compose$1  [R=301,L]
-#RewriteRule ^/packages(.+) https://s390pkgs.fedoraproject.org/packages$1  [R=301,L]
-{% endif %}
-{% endif %}
--- a/roles/koji_hub/templates/web.conf.j2
+++ b/roles/koji_hub/templates/web.conf.j2
@ -6,15 +6,6 @@ SiteName = koji
 {% if env == 'staging' %}
 KojiHubURL = https://koji.stg.fedoraproject.org/kojihub
 KojiFilesURL = https://kojipkgs.stg.fedoraproject.org/
-{% elif inventory_hostname == 's390-koji01.s390.fedoraproject.org' %}
-KojiHubURL = https://s390.koji.fedoraproject.org/kojihub
-KojiFilesURL = https://s390.koji.fedoraproject.org/kojifiles
-{% elif inventory_hostname == 'arm-koji01.qa.fedoraproject.org' %}
-KojiHubURL = https://arm.koji.fedoraproject.org/kojihub
-KojiFilesURL = https://arm.koji.fedoraproject.org/kojifiles
-{% elif inventory_hostname == 'ppc-koji01.ppc.fedoraproject.org' %}
-KojiHubURL = https://ppc.koji.fedoraproject.org/kojihub
-KojiFilesURL = https://ppc.koji.fedoraproject.org/kojifiles
 {% else %}
 KojiHubURL = https://koji.fedoraproject.org/kojihub
 KojiFilesURL = https://kojipkgs.fedoraproject.org/