Patrick Uiterwijk
|
29bfd4c6ed
|
Fix totpcgi TLS path
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-29 17:06:03 +02:00 |
|
Patrick Uiterwijk
|
e65ed43d82
|
Remove extra endif
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
2019-05-29 14:58:55 +00:00 |
|
Patrick Uiterwijk
|
5690551a35
|
Add vpn configmap
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-29 16:57:00 +02:00 |
|
Patrick Uiterwijk
|
2b6e906b70
|
Add VPN vhost
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-29 16:31:49 +02:00 |
|
Patrick Uiterwijk
|
74ec5252cf
|
Point pam_url to port 443, since it's going to openshift
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 23:50:35 +02:00 |
|
Patrick Uiterwijk
|
9fe880305b
|
totpcgi: fix logging config
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 23:26:40 +02:00 |
|
Patrick Uiterwijk
|
95a6bdc936
|
Fix httpd homedir
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 23:07:14 +02:00 |
|
Patrick Uiterwijk
|
736fb8a8a9
|
totpcgi shebang fix
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 22:47:51 +02:00 |
|
Patrick Uiterwijk
|
919e6c71c2
|
totpcgi: ignore deprecation warnings
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 22:46:57 +02:00 |
|
Patrick Uiterwijk
|
6f37b16639
|
totpcgi: documentroot
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 22:29:36 +02:00 |
|
Patrick Uiterwijk
|
e898e9a320
|
Make totpcgi log errors
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 22:23:01 +02:00 |
|
Patrick Uiterwijk
|
639bbc3e0f
|
Fix more db server names
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 22:18:41 +02:00 |
|
Patrick Uiterwijk
|
c03d2a0d87
|
Fix servername
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 22:14:23 +02:00 |
|
Patrick Uiterwijk
|
4c9ea62953
|
Modify totpcgi verify for openshift
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-23 18:25:02 +02:00 |
|
Patrick Uiterwijk
|
ca8cbe37be
|
totp: load cgi
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 19:10:47 +02:00 |
|
Patrick Uiterwijk
|
6cb91282d2
|
fas totp: set cgi handler
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 19:07:40 +02:00 |
|
Patrick Uiterwijk
|
3a9bea0e9d
|
fas: totp: add config files
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 19:06:42 +02:00 |
|
Patrick Uiterwijk
|
90eaaa17f3
|
Map totp path
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 19:01:06 +02:00 |
|
Patrick Uiterwijk
|
04281d554d
|
Fix file suffix
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 17:58:52 +02:00 |
|
Patrick Uiterwijk
|
3d73e079e5
|
fas: don't forget o indent
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 17:56:35 +02:00 |
|
Patrick Uiterwijk
|
5ef4d3c6fe
|
fas: ship totpcgi ca and update paths
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 17:55:38 +02:00 |
|
Patrick Uiterwijk
|
411468936f
|
Make totpcgi use db-fas.stg in stg
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 14:15:29 +02:00 |
|
Patrick Uiterwijk
|
53ca5f9882
|
Load auth pgsql
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 14:07:59 +02:00 |
|
Patrick Uiterwijk
|
c41eb5b828
|
Add initial totpcgi configmap
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-05-11 14:01:34 +02:00 |
|
Patrick Uiterwijk
|
0c7449ea1d
|
Add sslciphers tags
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2019-04-08 21:41:17 +02:00 |
|
Kevin Fenzi
|
8df1499ee9
|
Rename these to be more clear
|
2018-10-01 23:35:05 +00:00 |
|
Kevin Fenzi
|
b0fac77859
|
all these should be templates
|
2018-10-01 23:18:16 +00:00 |
|
Kevin Fenzi
|
f90e226545
|
also sync ssl stuff for these other places
|
2018-10-01 23:03:50 +00:00 |
|
Kevin Fenzi
|
63719a1fd8
|
standardize ssl stuff
|
2018-10-01 19:44:52 +00:00 |
|
Kevin Fenzi
|
32fc8a626a
|
fix totpcgi role to put templates in the right place
|
2017-11-27 17:25:01 +00:00 |
|
Patrick Uiterwijk
|
936e8b261a
|
yum accepted pkg=, package calls it name=
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
|
2017-10-09 00:38:26 +02:00 |
|
Patrick Uiterwijk
|
adcbf72f03
|
Packageize this, packageize that, packageize the world
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
2017-10-08 22:25:52 +00:00 |
|
Patrick Uiterwijk
|
b812173dd6
|
Increase TOTP window size to 60 seconds at each end of the moment
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
2016-06-22 20:02:36 +00:00 |
|
Kevin Fenzi
|
0b857ac02e
|
Install ca on all nodes, not just the non master ones.
|
2016-03-03 20:10:20 +00:00 |
|
Patrick Uiterwijk
|
08568865fe
|
Replace all restart httpd with reload httpd
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
|
2015-11-04 23:40:01 +00:00 |
|
Kevin Fenzi
|
2873cdd427
|
Move all puppet_private stuff to ansible private so we can stop using puppet private.
|
2015-09-25 18:16:23 +00:00 |
|
Kevin Fenzi
|
ee27bc5155
|
environment is a reserved word in ansible, we use env.
|
2015-02-28 22:43:23 +00:00 |
|
Kevin Fenzi
|
9b8aecd3c3
|
Try and clean up the logic here some more.
|
2015-02-22 15:25:39 +00:00 |
|
Kevin Fenzi
|
10a22183c0
|
Fix up idempotency on fas master hopefully
|
2015-02-22 15:17:39 +00:00 |
|
Kevin Fenzi
|
9e315b9d4e
|
Simply this and hopefully fix it for idempotency
|
2015-02-22 14:26:30 +00:00 |
|
Kevin Fenzi
|
153aa57dfc
|
Fix incorrect path with totpcgi in prod
|
2015-02-20 15:00:22 +00:00 |
|
Kevin Fenzi
|
f21ae3da0d
|
Another place where we need to fix.
|
2015-01-25 17:30:49 +00:00 |
|
Kevin Fenzi
|
a7a07bfedc
|
Try this to not cause double changes on fas servers.
|
2015-01-25 17:26:43 +00:00 |
|
Patrick Uiterwijk
|
63e55aab5d
|
Restart httpd after installing totpcgi-vpn stuff
|
2014-12-19 14:12:07 +00:00 |
|
Patrick Uiterwijk
|
c6df88306c
|
Deploy the 2fa VPN certs
|
2014-12-19 14:08:57 +00:00 |
|
Pierre-Yves Chibon
|
cdabbd4d24
|
Move install the totpcgi key and cert to the totpcgi role
|
2014-12-07 21:04:17 +01:00 |
|
Pierre-Yves Chibon
|
0c82987108
|
No need to repeat /etc/httpd/conf.d...
|
2014-12-07 20:00:54 +01:00 |
|
Pierre-Yves Chibon
|
96fc973c0e
|
Fix the name of the totpcgi-provisioning apache configuration file
|
2014-12-07 19:58:00 +01:00 |
|
Pierre-Yves Chibon
|
7ffc7ca5b8
|
In totpcgi, create the totpcgi user before we install the rpm
|
2014-12-07 17:03:45 +01:00 |
|
Pierre-Yves Chibon
|
f3ad2606fc
|
Adjust uid
|
2014-12-07 16:31:42 +01:00 |
|