WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 19:42:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
27,500 Commits 9 Branches 0 Tags
012447730e5696794deac2deb741bab16d2f28b2
Commit Graph

53 Commits

Author SHA1 Message Date
Kevin Fenzi
d74c28a2c8 basessh: try and set /usr/bin/python for the delegations to batcave01 for python3 using hosts. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-06-16 20:01:10 +00:00
Karsten Hopp
a713ec2e71 basessh: dnf -> package 2019-06-11 14:55:11 +00:00
Stephen Smoogen
309677ee8a try to figure out which of the identical named jobs arent working on grobisplitter 2019-06-01 17:48:43 +00:00
Kevin Fenzi
59e3454683 basessh: Only use useprivseperation on rhel7 and add sftp on koji01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-13 21:56:57 +00:00
Mikolaj Izdebski
3cedc1366b basessh: Fix libselinux-python installation on Fedora >= 31 2019-04-11 15:24:49 +02:00
Mikolaj Izdebski
6680b25ef8 basessh: Fix conditionals for installing libselinux-python 2019-04-11 15:18:39 +02:00
Kevin Fenzi
41c92c2e9c Revert "basessh: We need a sftp server for ansible, so switch to the internal one." 
This reverts commit 0be4815020.

Instead, we will just switch ansible to scp
 2019-04-09 18:42:28 +00:00
Kevin Fenzi
0be4815020 basessh: We need a sftp server for ansible, so switch to the internal one. 
The external one won't start if it can't read /etc/ssh/sshd_config
and the internal one is likely faster and better anyhow.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-09 18:13:26 +00:00
Kevin Fenzi
321c458292 basessh: switch fedora to use dnf here (since package wants dnf-2) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:59:29 +00:00
Patrick Uiterwijk
5080bfbee2 basessh: sandbox privsep is not supported on el6 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:13:21 +02:00
Patrick Uiterwijk
9b09d4d5d0 basessh: Fix EL6 detection logic 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 19:11:40 +02:00
Patrick Uiterwijk
27a21881d4 basessh: Make keyhelper explicit 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:56:03 +02:00
Patrick Uiterwijk
4f3c609815 basessh: Migrate sshd config to single template and strengthen ciphers 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 18:51:31 +02:00
Kevin Fenzi
76789fc3be basessh: Fedora 30 also has no python3 version of libselinux, add conditionals. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-03-28 16:10:09 +00:00
Kevin Fenzi
abff8931f9 basessh: adjust for package names in rhel8beta 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-02-12 22:14:49 +00:00
Kevin Fenzi
8c5b02c072 Explicitly set Protocol 2 on sshd for pagure. 
This doesn't actually change anything for sshd (only proto 2 is default),
However, rkhunter complains about it not setting that explicitly.
So, this is just to get rkhunter to shut up about it.
 2018-10-20 19:19:17 +00:00
Patrick Uiterwijk
448b08dfe6 Add keyhelper to pagure.io 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-10-11 19:12:08 +02:00
Rick Elrod
f3a72d1039 remove all instances of bkernel01/02 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2018-08-22 21:15:17 +00:00
Patrick Uiterwijk
350110f769 Only run date once 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-20 17:35:01 +00:00
Patrick Uiterwijk
dcc9aa15d2 Use a date pipe lookup, since sometime ansible_date_Time seems to be undefined... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-20 17:33:42 +00:00
Patrick Uiterwijk
7cce79de07 Also integer-ize the epoch 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-16 17:42:17 +00:00
Patrick Uiterwijk
b35d4402e1 Try to convert this string to int 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-16 17:40:59 +00:00
Patrick Uiterwijk
9b48361d76 Do the loop 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-16 17:39:55 +00:00
Patrick Uiterwijk
d31019a444 Renew SSH cert if it was last modified more than 10 months ago 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-16 17:38:14 +00:00
Patrick Uiterwijk
03dc378215 Revert "For now, just renew all the certs" - they are renewed 
This reverts commit 36357599cf.
 2018-08-14 19:27:42 +00:00
Patrick Uiterwijk
36357599cf For now, just renew all the certs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-14 18:08:04 +00:00
Kevin Fenzi
e9c6cecd60 Nuke some mistakenly copied files. 2018-06-26 17:54:54 +00:00
Patrick Uiterwijk
8773b6d931 Silence lock wrapper if script is still running 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-17 16:30:21 +02:00
Kevin Fenzi
cb22afd4fe Look, ask has moved away. I'm sure it will write us back someday... 2018-05-09 02:00:45 +00:00
Ricky Elrod
550610d96f nuke bodhi01.stg and batcomputer01 
Signed-off-by: Ricky Elrod <relrod@redhat.com>
 2018-05-07 17:01:25 +00:00
Stephen Smoogen
59b547828d lets remove this bodhi stuff. its all in dockah now 2018-05-04 15:07:05 +00:00
Kevin Fenzi
37e54a718a f28 sshd config needs to be slightly different 2018-04-15 21:28:47 +00:00
Stephen Smoogen
c68cb601bf add the httpd logs from download-ib 2018-01-31 21:30:54 +00:00
Kevin Fenzi
c6bc13809a do not care that a tmp dir does not exist in basessh 2017-12-23 20:09:26 +00:00
Stephen Smoogen
02938f63ad we need to update this in 2 places and run it on logs and people 2017-12-20 21:37:46 +00:00
Kevin Fenzi
ac481b9a2c make sure we have libselinux-python here 2017-12-08 21:44:18 +00:00
Patrick Uiterwijk
2aeb91e62f Use a per-host keydir 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-05 01:44:30 +00:00
Stephen Smoogen
c53c0b2fc8 ok lets try and be smarterish 2017-12-01 22:37:06 +00:00
Stephen Smoogen
585b6ff82f why why why 2017-12-01 22:27:30 +00:00
Kevin Fenzi
8000aa8b76 Revert "see if we can defer facts gathering until after ssh host key setup is done" 
This reverts commit ff8f5e1930.
 2017-10-13 01:27:33 +00:00
Kevin Fenzi
ff8f5e1930 see if we can defer facts gathering until after ssh host key setup is done 2017-10-13 01:26:11 +00:00
Kevin Fenzi
2e0b111660 make this when defined 2017-10-10 19:39:36 +00:00
Kevin Fenzi
23aec06b82 try and handle provisioning a new hardware instance the first time 2017-10-10 19:24:24 +00:00
Patrick Uiterwijk
ed6687d319 Lets just use the .changed 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-09 00:30:32 +00:00
Patrick Uiterwijk
53f762b281 Try this if statement 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-09 00:23:46 +00:00
Patrick Uiterwijk
0eac85dcb2 Directly restart sshd after signing certs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:17:24 +00:00
Patrick Uiterwijk
67fc1384c4 Drop the cached keys after signing and copying 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-05 10:56:20 +00:00
Kevin Fenzi
6b1fc4d83f for initial installs use gathered ssh host key, then remove and use signed ones 2017-09-04 17:24:56 +00:00
Kevin Fenzi
9718d74c09 try this 2017-08-20 21:38:08 +00:00
Kevin Fenzi
9631bf1797 try this to remove {{}} from when 2017-08-20 21:26:25 +00:00