ipa/client: enable for pkgs in prod

...and grant shell access to the packager group. Signed-off-by: Nils Philippsen <nils@redhat.com>
2026-04-27 20:12:54 +08:00 · 2021-03-19 17:25:38 +01:00
parent 8b6c9a19cf
commit 9195c2d39a
3 changed files with 4 additions and 11 deletions
--- a/inventory/group_vars/pkgs
+++ b/inventory/group_vars/pkgs
@@ -16,15 +16,10 @@ wsgi_threads: 6

 pagure_static_uid: 600

-
-fas_client_groups: sysadmin-main,sysadmin-cvs,sysadmin-noc,sysadmin-veteran
-fas_client_restricted_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/libexec/pagure/aclchecker.py %(username)s
-fas_client_admin_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/libexec/pagure/aclchecker.py %(username)s
-fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran"
-admin_groups: "@sysadmin-cvs @sysadmin-releng"
-
+primary_auth_source: ipa
 ipa_host_group: pkgs
 ipa_client_shell_groups:
+- packager
 - sysadmin-cvs
 - sysadmin-main
 - sysadmin-noc
--- a/inventory/group_vars/pkgs_stg
+++ b/inventory/group_vars/pkgs_stg
@@ -20,6 +20,7 @@ fedmsg_active: True

 ipa_host_group: pkgs
 ipa_client_shell_groups:
+- packager
 - sysadmin-cvs
 - sysadmin-main
 - sysadmin-noc
--- a/playbooks/groups/pkgs.yml
+++ b/playbooks/groups/pkgs.yml
@@ -15,8 +15,7 @@
  - hosts
  - rkhunter
  - nagios_client
-  - { role: fas_client, when: env != "staging" }
-  - { role: ipa/client, when: env == "staging" }
+  - ipa/client
  - collectd/base
  - sudo
  - apache
@@ -31,8 +30,6 @@

  - import_tasks: "{{ tasks_path }}/yumrepos.yml"
  - import_tasks: "{{ tasks_path }}/motd.yml"
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: env != "staging"

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"