From b6bc56e906324c2a6cf407945e94d377569aa620 Mon Sep 17 00:00:00 2001
From: Greg Szabo <greg@philosobear.com>
Date: Mon, 4 Sep 2017 14:55:46 -0400
Subject: [PATCH] Introduced cloudfront repository hosting

---
 ansible/roles/install/tasks/centos.yml | 16 ++++++----------
 ansible/roles/install/tasks/debian.yml |  8 ++++----
 ansible/roles/install/tasks/main.yml   | 14 ++++++++++++++
 build/Makefile                         |  3 ++-
 build/tendermint.list                  |  1 +
 build/tendermint.repo                  |  4 ++--
 6 files changed, 29 insertions(+), 17 deletions(-)
 create mode 100644 build/tendermint.list

diff --git a/ansible/roles/install/tasks/centos.yml b/ansible/roles/install/tasks/centos.yml
index 6d5800113..6829a67b1 100644
--- a/ansible/roles/install/tasks/centos.yml
+++ b/ansible/roles/install/tasks/centos.yml
@@ -1,23 +1,19 @@
 ---
 
-- name: Set timezone
-  when: timezone is defined
-  file: path=/etc/localtime state=link src=/usr/share/zoneinfo/{{timezone}} force=yes
-
 #Three commands to install a service on CentOS/RedHat
-#wget -O - http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint | rpm --import -
-#wget -O /etc/yum.repos.d/tendermint.repo http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/tendermint.repo
+#wget -O - https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint | rpm --import -
+#wget -O /etc/yum.repos.d/tendermint.repo https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/tendermint.repo
 #yum update && yum install basecoin
 
 #This has a bug in Ansible 2.3: https://github.com/ansible/ansible/issues/20711
 #- name: Add repository key on CentOS/RedHat
 #  when: ansible_os_family == "RedHat"
-#  rpm_key: key=http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
+#  rpm_key: key=https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
 
 #Workaround
 - name: Download repository key for CentOS/RedHat
   when: ansible_os_family == "RedHat"
-  get_url: "url=http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint dest=/root/RPM-GPG-KEY-Tendermint force=yes checksum=sha256:a8c61d4061697d2595562c703dbafbdfdcfa7f0c75a523ac84d5609d1b444abe"
+  get_url: "url=https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint dest=/root/RPM-GPG-KEY-Tendermint force=yes checksum=sha256:a8c61d4061697d2595562c703dbafbdfdcfa7f0c75a523ac84d5609d1b444abe"
 - name: Import repository key for CentOS/RedHat
   when: ansible_os_family == "RedHat"
   command: "rpm --import /root/RPM-GPG-KEY-Tendermint"
@@ -26,10 +22,10 @@
   when: ansible_os_family == "RedHat"
   yum_repository:
     name: tendermint
-    baseurl: http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64
+    baseurl: https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64
     description: "Tendermint repo"
     gpgcheck: yes
-    gpgkey: http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
+    gpgkey: https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
 #    repo_gpgcheck: yes
 
 - name: Install package on CentOS/RedHat
diff --git a/ansible/roles/install/tasks/debian.yml b/ansible/roles/install/tasks/debian.yml
index cf8cf9657..8c822f53c 100644
--- a/ansible/roles/install/tasks/debian.yml
+++ b/ansible/roles/install/tasks/debian.yml
@@ -1,20 +1,20 @@
 ---
 
 #Three commands to install a service on Debian/Ubuntu
-#wget -O - http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint | apt-key add -
-#echo "deb http://tendermint-packages.s3-website-us-west-1.amazonaws.com/debian stable main" > /etc/apt/sources.list.d/tendermint.list
+#wget -O - https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint | apt-key add -
+#wget -O /etc/apt/sources.list.d/tendermint.list https://do9rmxapsag1v.cloudfront.net/debian/tendermint.list
 #apt-get update && apt-get install basecoin
 
 - name: Add repository key on Debian/Ubuntu
   when: ansible_os_family == "Debian"
   apt_key:
-    url: http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
+    url: https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
     id: 2122CBE9
 
 - name: Install tendermint repository on Debian/Ubuntu
   when: ansible_os_family == "Debian"
   apt_repository:
-    repo: deb http://tendermint-packages.s3-website-us-west-1.amazonaws.com/debian stable main
+    repo: deb https://do9rmxapsag1v.cloudfront.net/debian stable main
 
 - name: Install package on Debian/Ubuntu
   when: ansible_os_family == "Debian"
diff --git a/ansible/roles/install/tasks/main.yml b/ansible/roles/install/tasks/main.yml
index 60c83bfb7..4838d7e05 100644
--- a/ansible/roles/install/tasks/main.yml
+++ b/ansible/roles/install/tasks/main.yml
@@ -1,4 +1,18 @@
 ---
+
+- name: Set timezone
+  when: timezone is defined
+  file: path=/etc/localtime state=link src=/usr/share/zoneinfo/{{timezone}} force=yes
+
+- name: Disable journald rate-limiting
+  lineinfile: "path=/etc/systemd/journald.conf regexp={{item.regexp}} line='{{item.line}}'"
+  with_items:
+  - { regexp: "^#RateLimitInterval", line: "RateLimitInterval=0s" }
+  - { regexp: "^#RateLimitBurst", line: "RateLimitBurst=0" }
+
+- name: Restart journald
+  system: name=systemd-journald state=restarted
+
 - include: debian.yml
   when: ansible_os_family == "Debian"
 
diff --git a/build/Makefile b/build/Makefile
index 862f7401c..2632f13e1 100644
--- a/build/Makefile
+++ b/build/Makefile
@@ -195,7 +195,7 @@ install-rpm-%: version-%
 	cp ./RPM-GPG-KEY-Tendermint tmp/s3/7/os/x86_64/
 	cp ./tendermint.repo tmp/s3/7/os/x86_64/
 	rm -f tmp/s3/7/os/x86_64/repodata/*.bz2 tmp/s3/7/os/x86_64/repodata/*.gz tmp/s3/7/os/x86_64/repodata/repomd.xml.asc
-	createrepo tmp/s3/7/os/x86_64/Packages -u http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/Packages -o tmp/s3/7/os/x86_64 --update -S --repo Tendermint --content tendermint --content basecoin --content ethermint
+	createrepo tmp/s3/7/os/x86_64/Packages -u https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/Packages -o tmp/s3/7/os/x86_64 --update -S --repo Tendermint --content tendermint --content basecoin --content ethermint
 	gpg --batch --passphrase "$(GPG_PASSPHRASE)" --detach-sign -a tmp/s3/7/os/x86_64/repodata/repomd.xml
 	aws s3 sync tmp/s3/ s3://tendermint-packages/centos/ --delete --acl public-read
 	@echo "*** Uploaded $* to AWS CentOS repository"
@@ -207,6 +207,7 @@ install-deb-%: version-%
 	aws s3 sync s3://tendermint-packages/debian/ tmp/debian-s3/ --delete
 	@echo "Testing if $*-$($*_version)-$(BUILD_NUMBER)_amd64.deb is already uploaded"
 	test ! -f tmp/debian-s3/pool/$*-$($*_version)-$(BUILD_NUMBER)_amd64.deb
+	cp ./tendermint.list tmp/debian-s3/
 	mkdir -p tmp/debian-s3/pool tmp/debian-s3/dists/stable/main/binary-amd64
 	cp RPMS/$*-$($*_version)-$(BUILD_NUMBER)_amd64.deb tmp/debian-s3/pool
 	cp ./Release_amd64 tmp/debian-s3/dists/stable/main/binary-amd64/Release
diff --git a/build/tendermint.list b/build/tendermint.list
new file mode 100644
index 000000000..bba521af5
--- /dev/null
+++ b/build/tendermint.list
@@ -0,0 +1 @@
+deb http://tendermint-packages.s3-website-us-west-1.amazonaws.com/debian stable main
diff --git a/build/tendermint.repo b/build/tendermint.repo
index efaa7274c..439f98ecb 100644
--- a/build/tendermint.repo
+++ b/build/tendermint.repo
@@ -4,9 +4,9 @@
 
 [tendermint]
 name=Tendermint stable releases repository
-baseurl=http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64
+baseurl=https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64
 gpgcheck=1
-gpgkey=http://tendermint-packages.s3-website-us-west-1.amazonaws.com/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
+gpgkey=https://do9rmxapsag1v.cloudfront.net/centos/7/os/x86_64/RPM-GPG-KEY-Tendermint
 enabled=1
 #sslverify = 1