WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-27 03:52:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,500 Commits 9 Branches 0 Tags
012447730e5696794deac2deb741bab16d2f28b2
Commit Graph

218 Commits

Author SHA1 Message Date
Adam Williamson
1459a3fa5c Update rsyslog-audit SELinux policy with one more needed perm 
This one was dontaudit. Grr.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 16:00:23 -07:00
Adam Williamson
f4156c3db7 rsyslog-audit policy: also allow 'open' 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:21:10 -07:00
Adam Williamson
3eb406ccdb Update rsyslog-audit custom SELinux policy to allow dir reads 
This now seems to be necessary. This is the cause of the flood
of SELinux denials on F29+ hosts with the rsyslog stuff.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 09:49:03 -07:00
Stephen Smoogen
8611ab80ed put in proper checks like we have for other domains 2019-05-29 15:57:26 +00:00
Stephen Smoogen
22fe4ad0a2 [postfix] and a file to put in drops. 2019-05-29 14:52:52 +00:00
Stephen Smoogen
77dcd8034f [postfix] change to header checks needs to be on both bastion and smtp-mm 2019-05-29 14:50:03 +00:00
Stephen Smoogen
0c6f35bf45 Allow postfix on gateway to do header checks 2019-05-29 14:37:23 +00:00
Stephen Smoogen
658a22035b remove fas03 from inventory and a LOT of config files where it was hard-coded 2019-05-23 22:53:51 +00:00
Kevin Fenzi
83c4734c43 fedorainfracloud / resolv.conf: remove old tummy unbound ip and replace with rdu2. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-10 18:48:48 +00:00
Kevin Fenzi
4cd704e5fc syncHttpLogs.sh: remove also proxy07, which no longer exists. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-04 22:04:38 +00:00
Patrick Uiterwijk
c7debaf72d Add proxy101/110 to syncHttpLogs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-04 23:46:02 +02:00
Jakub Kadlčík
fee9bd85b7 Add smtpd_recipient_restrictions for copr according to main.cf 2019-03-11 21:18:25 +01:00
Stephen Smoogen
bb8924bf88 [rsyslog systemd] make the file conformant with larger file settings 2019-03-04 19:02:16 +00:00
Kevin Fenzi
6a0a3994ce base/postfix: fix typo. It's regexp not regex. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-13 17:58:36 +00:00
Kevin Fenzi
8cd9d8750b base/postfix: convert sender map to a regex so we can reject emails with two @'s in From. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-13 17:54:47 +00:00
Patrick Uiterwijk
74adf3d61e Add maptype 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-02-07 09:12:11 +00:00
Patrick Uiterwijk
648c238cfe Add sender_access for mailman 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-02-07 09:03:51 +00:00
Kevin Fenzi
eba72381f8 drop some mirrorlist related logs from rsyslog entirely 2018-12-14 20:09:36 +00:00
Miroslav Suchý
5f1f04a417 rsyslog: replace obsolete syntax 
addressing:
error during parsing file /etc/rsyslog.d/rsyslog-limits.conf, on or before line 1: invalid character '[' - is there an invalid escape sequence somewhere?
 2018-12-13 11:25:41 +01:00
Miroslav Suchý
03aa9734f5 do not deploy rsyslog-audit.conf in cloud environment 
addressing: https://pagure.io/fedora-infrastructure/issue/7438
 2018-12-13 11:25:41 +01:00
Kevin Fenzi
4e20955cf7 fix postfix config on builders to fix dnf-automatic hangs 2018-12-01 22:31:12 +00:00
Kevin Fenzi
2d7ac321c7 a few tagger stragglers 2018-10-03 17:56:00 +00:00
Kevin Fenzi
72ddd973f0 clean up main.cf files, add recipient restrictions to more 2018-10-02 00:50:40 +00:00
Kevin Fenzi
ab303a3ae1 adjust postfix config for 3.3.0 and later that has to set smtpd_recipient_restrictions 2018-10-02 00:47:11 +00:00
Aurélien Bompard
1d6932fe86 Add lists.pagure.org to Mailman 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2018-09-22 13:53:06 +02:00
Mikolaj Izdebski
259ac6a466 Cleanup some Jenkins leftovers 2018-08-06 19:02:47 +00:00
Jason Tibbitts
73de9829d0 Add a -maintainers alias file. 
The current scripting generates aliases of the form
foo-owner@fedoraproject.org.  But this conflicts with our messaging
which says that the project "owns" packages and people "maintain" them.
Plus, "owner" is singular while we really want to have more than one
maintainer.

This simply adds a second alias file generated from the original file.
 2018-07-25 22:00:13 +00:00
Aurélien Bompard
ef8ca5d767 Fixup previous commit 2018-06-15 16:06:29 +00:00
Aurélien Bompard
1a03ecd659 Mailman: next step in adding lists.pagure.io 2018-06-15 15:49:19 +00:00
Kevin Fenzi
04bd0e1ea1 try and make the lock wrapper silent option actually silent 2018-05-19 02:13:47 +00:00
Patrick Uiterwijk
51ec022933 Make silent an option 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-17 16:34:38 +02:00
Patrick Uiterwijk
8773b6d931 Silence lock wrapper if script is still running 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-17 16:30:21 +02:00
Kevin Fenzi
cb22afd4fe Look, ask has moved away. I'm sure it will write us back someday... 2018-05-09 02:00:45 +00:00
Ricky Elrod
550610d96f nuke bodhi01.stg and batcomputer01 
Signed-off-by: Ricky Elrod <relrod@redhat.com>
 2018-05-07 17:01:25 +00:00
Stephen Smoogen
59b547828d lets remove this bodhi stuff. its all in dockah now 2018-05-04 15:07:05 +00:00
Patrick Uiterwijk
5171e61866 Do not allow inbound sslv2/sslv3 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-04 03:04:21 +02:00
Patrick Uiterwijk
8fa2c2e77e Use public DNS from cloud 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-04 00:53:16 +00:00
Jan Kaluža
f5760b6f5e Do exit with 1 in case service is not present while running conditional-restart.sh. 2018-03-07 08:57:58 +00:00
Mikolaj Izdebski
120fc846c5 Check if service unit is present before trying to restart it 2018-02-22 09:35:29 +00:00
Kevin Fenzi
e621c76c8f Fix up the fedmsg handler. Ticket https://pagure.io/fedora-infrastructure/issue/6550 
Just change the conditional script to use systemctl try-restart and hopefully it will do what we want.
 2018-02-20 00:24:11 +00:00
Stephen Smoogen
c68cb601bf add the httpd logs from download-ib 2018-01-31 21:30:54 +00:00
Stephen Smoogen
02938f63ad we need to update this in 2 places and run it on logs and people 2017-12-20 21:37:46 +00:00
Patrick Uiterwijk
c9817d2b47 Add selinux to allow map for pamdatabase from unix_chkpwd 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-12 15:42:02 +00:00
Stephen Smoogen
c53c0b2fc8 ok lets try and be smarterish 2017-12-01 22:37:06 +00:00
Stephen Smoogen
585b6ff82f why why why 2017-12-01 22:27:30 +00:00
Patrick Uiterwijk
e43e0e06b1 Move SSH setup to its own role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-08-16 17:39:23 +00:00
Patrick Uiterwijk
778272ed90 Update sshd_config everywhere to present cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-08-15 16:41:48 +00:00
Patrick Uiterwijk
1fad80a314 We no longer have any <Fedora24 boxes 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-08-15 16:38:11 +00:00
Patrick Uiterwijk
7a5346019b Create a sender_access file 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-08-04 16:20:13 +00:00
Ricky Elrod
6e6239051a add resolv.conf for internetx 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2017-06-20 21:03:40 +00:00