WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 05:51:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
43,966 Commits 9 Branches 0 Tags
04dcafe578f9cd6d98ad525529341b35f424ad4e
Commit Graph

42 Commits

Author SHA1 Message Date
Nils Philippsen
6c85fda0c9 Mass remove/replace iad2 -> rdu3, 10.3. -> 10.16. 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2025-07-03 20:05:02 +02:00
Kevin Fenzi
07837f83a7 sigul / server: modernize playbook 
This had a bunch of old rhel7 stuff in it, we are on 9 now and using
gnupg2.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-20 11:29:39 -07:00
Ryan Lerch
47c68f478d ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template 
Replaces references to template: with ansible.builtin.template

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:30:29 +10:00
Ryan Lerch
25391e95b7 ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package 
Replaces many references to  package: with ansible.builtin.package

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:28:00 +10:00
Ryan Lerch
6a3816dfdc ansiblelint fixes-- fqcn[action-core] - copy to ansible.builtin.copy 
Replaces many references to 'copy' with ansible.builtin.copy

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:43:31 +10:00
Ryan Lerch
62952df107 ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file 
Replaces many references to  file: with ansible.builtin.file

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:41:52 +10:00
Ryan Lerch
691adee6ee Fix name[casing] ansible-lint issues 
fix 1900 failures of the following case issue:

`name[casing]: All names should start with an uppercase letter.`

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 20:20:07 +10:00
Ryan Lerch
89f6f1fc32 Fix majority of remaining yamllint warnings and errors 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-11-28 17:31:45 +10:00
Kevin Fenzi
4f60681d63 sigul: do not use datacenter variable 
Turns out we set datacenter to 'staging' in staging, and that is not
really a hostname/certname we want to use. So, since nothing is outside
of iad2 here, just hardcode iad2.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-25 17:17:27 -07:00
Patrick Uiterwijk
b7ebbdd6af Push sv06-bits to sv01.iad2 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-09 19:38:47 +02:00
Patrick Uiterwijk
833af2bc2e Replace hardcoded phx2 with datacenter fir sigul server conf 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-09 19:38:17 +02:00
Patrick Uiterwijk
8f78142cb3 Uncomment yubico-piv-tool for now 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-09 18:59:48 +02:00
Kevin Fenzi
81fb4582e7 ansible: change when conditions to use == instead of is when checking strings. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Karsten Hopp
c9ed62ac32 update ansible_distribution_major_version conditionals 
Signed-off-by: Karsten Hopp <karsten@redhat.com>
 2020-04-24 21:34:10 +02:00
Patrick Uiterwijk
37f295d947 Deal with the 01 I accidentally added in staging bridge cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-07-03 11:44:35 +00:00
Patrick Uiterwijk
5d5300020f Set up staging sigul in ansible 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-07-03 10:30:24 +00:00
Patrick Uiterwijk
7b1b8b68e3 Define the 05/06 yubikeys in the binding list 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-10 00:26:47 +01:00
Patrick Uiterwijk
8ce164c3b9 I did the import with another nickname... silly me 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-10 00:10:35 +01:00
Patrick Uiterwijk
d599582e65 Jinja2 wants elif... 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:59:38 +01:00
Patrick Uiterwijk
002011cdeb Fill in p11 serials for sv05 and 06 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:52:21 +01:00
Patrick Uiterwijk
739d63e63b Add sv05 and 06 keys to the config 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:46:02 +01:00
Patrick Uiterwijk
e9f0047575 Also sync out the keys for vault 05 and 06 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:44:06 +01:00
Patrick Uiterwijk
490d1785ea Use the new package for pkcs11 in openssl 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:20:22 +01:00
Kevin Fenzi
4fea617129 need name here 2018-11-09 21:09:50 +00:00
Patrick Uiterwijk
b8ce5b232d Update sigul config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-18 11:34:23 +00:00
Kevin Fenzi
6e63d49c01 increase the sigul max rpm size again 2017-06-18 19:50:07 +00:00
Kevin Fenzi
6b20d863a3 some last sign vault fixes 2017-03-03 20:09:53 +00:00
Patrick Uiterwijk
a8cb95ecaf Make both sigul vaults know their counterparts public key 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-20 23:17:56 +00:00
Patrick Uiterwijk
90628ec565 Add public yubikey stuff 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-19 21:04:57 +00:00
Patrick Uiterwijk
77e0fb600b Remove lenient username check in sigul 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-19 20:38:29 +00:00
Kevin Fenzi
4b297e330d this is a copy, not a file 2016-10-19 19:17:26 +00:00
Kevin Fenzi
36f621bc48 texlive src.rpm is over 2GB now, bump signing size to 4GB until it passes that 2016-10-05 18:03:09 +00:00
Kevin Fenzi
b704d6b898 Add polkit rules to allow sigul user to access smartcard/yubikey for autosign binding. 2016-09-24 17:54:28 +00:00
Patrick Uiterwijk
46ced0ed73 Add yubikey tooling 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-23 11:41:45 +00:00
Kevin Fenzi
4b60d56915 link gpg1 only on rhel 2016-09-21 20:54:47 +00:00
Kevin Fenzi
c3502f1463 and install gnupg on fedora 2016-09-21 20:53:04 +00:00
Kevin Fenzi
d2b4b8ca30 this is just p11kit 2016-09-21 20:51:04 +00:00
Kevin Fenzi
cdba42510f gnupg1 only exists in our rhel7 repo 2016-09-21 20:48:30 +00:00
Kevin Fenzi
93351f9b5d this needs to be package to work on both fedora and rhel 2016-09-21 20:44:45 +00:00
Patrick Uiterwijk
a0b92a81b0 For yubikeys, we will also need engine_pkcs11 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-16 20:04:40 +00:00
Patrick Uiterwijk
c9d150a4db Add rhel7ah to sigul server 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-13 16:44:29 +00:00
Patrick Uiterwijk
08b2be4a61 Make roles out of sigul, and update configs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-12 23:18:17 +00:00