WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 03:04:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
43,966 Commits 9 Branches 0 Tags
04dcafe578f9cd6d98ad525529341b35f424ad4e
Commit Graph

360 Commits

Author SHA1 Message Date
Nils Philippsen
6c85fda0c9 Mass remove/replace iad2 -> rdu3, 10.3. -> 10.16. 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2025-07-03 20:05:02 +02:00
Kevin Fenzi
846638ba2c postfix: fix some relayhosts that were still trying to use iad2 in rdu3 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-07-02 10:04:54 -07:00
James Antill
99d4f5215b rsyslog: Copy over log01.iad2 rsyslog.conf to log01.rdu3 
Signed-off-by: James Antill <james@and.org>
 2025-06-30 16:19:32 -04:00
Francois Andrieu
3fea252fd8 use rsyslogd v8 conf as the default 2025-06-28 01:41:02 +00:00
Francois Andrieu
a19fa50f32 add rsyslogd/rhel9 conf 2025-06-26 17:41:36 +00:00
Kevin Fenzi
2095058e53 bastion / rdu3: allow relay from rdu3 hosts 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-06-25 20:16:06 -07:00
Greg Sutcliffe
11fb7208ad postfix: Set relayhost correctly for rdu3 hosts 
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
 2025-06-24 10:17:51 +01:00
Kevin Fenzi
25fd560e86 base: add new ed25519 ssh key 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-06-11 10:19:43 -07:00
Kevin Fenzi
835a7156c1 rdu3: fix ps1 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 16:05:48 -07:00
Kevin Fenzi
b9518cd6cd rdu3: set root prompt for rdu3 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-21 15:40:38 -07:00
Kevin Fenzi
17c8094c2f log01 / rsyslog / splunk: adjust ip again as the previous one was not desired 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-03-12 14:20:27 -07:00
Andrew Heath
d616fa6c6c Update Splunk syslog address 
Update Splunk syslog address per Red Hat's Monitoring and Loging team.
The old address will be decomed in about a week per their
communications.
 2025-03-11 18:30:47 +00:00
Kevin Fenzi
759ee55f18 bastion: fix delivering non contributors emails locally 
Should fix:
https://pagure.io/fedora-infrastructure/issue/12361

Basically postfix default is:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
so if the user is a local user or an alias, it's valid.
However, sssd and ipa show all users (even ones with no
access to that host). This means we were accepting and delivering
(locally) emails for anyuser@fedoraproject.org.

Setting this to just $alias_maps will just treat aliases as valid
and ignore all the local users. This should be fine as we use
aliases to send even to root or other system users.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-01-17 15:31:21 -08:00
James Antill
dc56eb16c8 Fix % to \% for cron CMD format. 
Signed-off-by: James Antill <james@and.org>
 2024-07-19 19:11:36 +00:00
James Antill
602723ed45 Compress fedora_stats *.log files automatically with xz. 
Signed-off-by: James Antill <james@and.org>
 2024-07-17 19:17:40 +00:00
Michal Konecny
61330941e4 [base/postfix] Set the missing required configuration value 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-06-27 14:55:31 +02:00
Michal Konecny
40c0408acd [base/postfix] Redirect back to mx1.redhat.com relay 
The firewall rules are now updated.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-06-20 13:20:42 +02:00
Michal Konecny
c775045ede [base/postfix] Change the relay to something that is still in RDU 2 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-06-18 17:06:39 +02:00
Michal Konecny
2ff451ae80 [base/postfix] Use smtp.corp.redhat.com instead mxX.redhat.com servers 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-06-18 16:53:12 +02:00
Michal Konecny
649ede2f89 [base/postfix] Change the Red Hat relay to mx1.redhat.com 
The relay changed the IP it points to, let's try this and see if that helps.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-06-18 16:17:15 +02:00
Michal Konecny
c3a169c08e [postfix] Move destinations to staging mailman configuration 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-06-10 14:26:38 +02:00
Michal Konecny
438979a996 [postfix] Add mailman staging lists 
I followed the instruction from
https://pagure.io/fedora-infrastructure/issue/8455#comment-913675, but this is
my first time I actually doing anything in postfix configuration, so I'm not
sure if everything I did is correct.

The SMTP port on the machine seems to be open according to group_vars for the
mailman_stg.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2024-06-10 14:25:30 +02:00
Andrew Heath
74e536d639 Update Rsyslog.conf file 
Update Rsyslog config file to use the Splunk LB for rsyslog rather than
one single host.
 2024-04-03 22:00:38 +00:00
Francois Andrieu
6f949fe3eb rsyslog: comment out splunk receiver to unblock rsyslog 
Splunk receiver seems unresponsive since Feb 12 and result in rsyslog on
log01 to stop logging.
I disabled it for now so we don't loose more logs.
 2024-02-15 19:11:29 +01:00
Kevin Fenzi
5fd49a0b20 smtp-mm: reject unauth pipelining. 
This should reject broken pipelining attempts.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-12-24 10:15:27 -08:00
Kevin Fenzi
ddd0913262 smtp-auth: rename this to explicit hostname 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-11-15 17:48:24 -08:00
Michael Scherer
bdd76ae138 Add master.cf with submission enabled 
Copied from base master.cf, fix #11623
 2023-11-16 01:38:59 +00:00
Andrew Heath
7260701e59 Remove unessary settings for Spunk Setup 2023-11-08 23:28:57 +00:00
Kevin Fenzi
11d2a789ba log01: bump queue size for splunk backlog 
I'm pushing this during freeze as it's required to avoid an outage of
our logs. For some reason we hit a large backlog and log01 rsyslog
stopped logging. Bumping this up seems to have fixed it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-15 10:39:06 -07:00
Andrew Heath
02046fdc0c Enable Splunk log fowarding 2023-08-21 17:36:17 -04:00
Kevin Fenzi
4527510448 log01: compress job: try escaping the %s for cron 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-07-17 16:31:12 -07:00
Kevin Fenzi
b7cecd3deb gateway: do not try and specify a local_recipient_maps 
This map wasn't there, causing bastion02 to basically reject emails.
So, instead just comment it out because we aren't using it anyhow.
We are luckly bastion01's postfix hasn't been restarted and breaking it
there.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-07-17 11:19:28 -07:00
Stephen Smoogen
19b500a5fd Remove chunking error messages in gateway systems 
RHEL turned off chunking in postfix for various reasons. This causes a
lot of logs from spam and other servers. Turning off logging this as
it is not supported.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2023-06-29 20:09:57 +00:00
Seddik Alaoui Ismaili
6b804b8b11 change archive format to xz for merged logs 2023-06-22 22:49:53 +00:00
Seddik Alaoui Ismaili
b79003cfda compress merged logs under /var/log/hosts 2023-06-22 20:50:46 +00:00
Pavel Raiskup
bee7b64fe5 main.cf files need to be moved before we claim they are templates 
Revert "postfix: install main.cf as template"

This reverts commit 57f75cbcab.
 2023-06-19 10:39:39 +02:00
Pavel Raiskup
82205131b7 smtp_auth_relay: new role, use by copr-dist-git-dev for now 2023-06-19 10:10:43 +02:00
Kevin Fenzi
abd52941ef smtp-mm: tweak tls options for rhel9 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-13 16:52:30 -07:00
Kevin Fenzi
14a3a6a2c1 smtp-mm / base / postfix: use gateway-chain cert 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-13 16:32:54 -07:00
Kevin Fenzi
ffbc4a001c base / smtp-auth: setup main.cf for smtp-auth host 
This host needs to have it's own self signed certs and needs some more
config to allow the auth and allow authenticated users to relay.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-05-22 10:58:18 -07:00
Seddik Alaoui Ismaili
6038999d66 fix proxy contitional reload typo 2023-05-19 23:24:18 +02:00
Kevin Fenzi
ddfd50de03 smtp-auth-cc-rdu01: create new smtp auth relay 
We need this to try and relay in emails.
It turns out to be bordering on impossible to do this sanely with our
current setup, so make a fedora vm that lets us use saslauthdb to have a
specific (small) list of users that can authenticate and relay emails
via bastion and out. We can't do this on rhel, because they don't build
the saslauthdb backend. We can't use any of the other backends because
they either don't work or would allow any fedora user to relay, which we
do not want.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-05-18 14:35:49 -07:00
Seddik Alaoui Ismaili
e0531fee72 fix httpd reload only for proxy hosts 2023-05-15 22:22:28 +02:00
Stephen Smoogen
03ea843648 Comment out splunk section as certs are still needed 
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2023-05-11 15:57:02 -04:00
Stephen Smoogen
d07ccd7b62 Use rsyslog omfwd format. 
Move above other rules because putting it at the bottom did not send
any packets.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2023-05-11 15:43:46 -04:00
Stephen Smoogen
e84065541f Put ip address in for host we don't have dns for. 
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2023-05-11 14:11:28 -04:00
Stephen Smoogen
7ea1509a2f Fix MaxOpenFiles declaration 
Limits.conf needs to have one type of declaration
Conf-file needs a different declaration.

Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
 2023-05-11 14:09:53 -04:00
Andrew Heath
85d5c21bcc updating syntax to follow documentation 2023-05-11 13:08:28 -04:00
Andrew Heath
cca326c270 changing from standard syslog port to syslog-tls 2023-05-11 11:41:49 -04:00
Kevin Fenzi
afb783d989 log01 / rsyslog: install the ca cert and use it in the file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-05-04 11:36:56 -07:00