WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,334 Commits 9 Branches 0 Tags
0d56b527a6ce27e428d0538052ad4454e67eb7c8
Commit Graph

63 Commits

Author SHA1 Message Date
Nils Philippsen
6c85fda0c9 Mass remove/replace iad2 -> rdu3, 10.3. -> 10.16. 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2025-07-03 20:05:02 +02:00
Kevin Fenzi
07837f83a7 sigul / server: modernize playbook 
This had a bunch of old rhel7 stuff in it, we are on 9 now and using
gnupg2.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-05-20 11:29:39 -07:00
Ryan Lerch
47c68f478d ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template 
Replaces references to template: with ansible.builtin.template

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:30:29 +10:00
Ryan Lerch
25391e95b7 ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package 
Replaces many references to  package: with ansible.builtin.package

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 11:28:00 +10:00
Ryan Lerch
6a3816dfdc ansiblelint fixes-- fqcn[action-core] - copy to ansible.builtin.copy 
Replaces many references to 'copy' with ansible.builtin.copy

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:43:31 +10:00
Ryan Lerch
62952df107 ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file 
Replaces many references to  file: with ansible.builtin.file

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-15 10:41:52 +10:00
Ryan Lerch
691adee6ee Fix name[casing] ansible-lint issues 
fix 1900 failures of the following case issue:

`name[casing]: All names should start with an uppercase letter.`

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2025-01-14 20:20:07 +10:00
Ryan Lerch
89f6f1fc32 Fix majority of remaining yamllint warnings and errors 
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
 2024-11-28 17:31:45 +10:00
Kevin Fenzi
4f60681d63 sigul: do not use datacenter variable 
Turns out we set datacenter to 'staging' in staging, and that is not
really a hostname/certname we want to use. So, since nothing is outside
of iad2 here, just hardcode iad2.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-09-25 17:17:27 -07:00
Kevin Fenzi
abd4523cac sigul / bridge: drop fas group check so we can drop fas 
Right now this is the last thing (That we know of)
thats using fas2. If we disable this for now we can drop fas2. :)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-01-24 13:34:46 -08:00
Patrick Uiterwijk
b7ebbdd6af Push sv06-bits to sv01.iad2 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-09 19:38:47 +02:00
Patrick Uiterwijk
833af2bc2e Replace hardcoded phx2 with datacenter fir sigul server conf 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-09 19:38:17 +02:00
Patrick Uiterwijk
8f78142cb3 Uncomment yubico-piv-tool for now 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-09 18:59:48 +02:00
Kevin Fenzi
81fb4582e7 ansible: change when conditions to use == instead of is when checking strings. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Karsten Hopp
c9ed62ac32 update ansible_distribution_major_version conditionals 
Signed-off-by: Karsten Hopp <karsten@redhat.com>
 2020-04-24 21:34:10 +02:00
Patrick Uiterwijk
5eeb159ed2 Add sigul ccache path 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-07-03 13:43:51 +00:00
Patrick Uiterwijk
37f295d947 Deal with the 01 I accidentally added in staging bridge cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-07-03 11:44:35 +00:00
Patrick Uiterwijk
959b875542 Use ipa_realm 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-07-03 10:34:06 +00:00
Patrick Uiterwijk
5d5300020f Set up staging sigul in ansible 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2019-07-03 10:30:24 +00:00
Patrick Uiterwijk
7b1b8b68e3 Define the 05/06 yubikeys in the binding list 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-10 00:26:47 +01:00
Patrick Uiterwijk
8ce164c3b9 I did the import with another nickname... silly me 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-10 00:10:35 +01:00
Patrick Uiterwijk
d599582e65 Jinja2 wants elif... 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:59:38 +01:00
Patrick Uiterwijk
002011cdeb Fill in p11 serials for sv05 and 06 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:52:21 +01:00
Patrick Uiterwijk
739d63e63b Add sv05 and 06 keys to the config 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:46:02 +01:00
Patrick Uiterwijk
e9f0047575 Also sync out the keys for vault 05 and 06 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:44:06 +01:00
Patrick Uiterwijk
490d1785ea Use the new package for pkcs11 in openssl 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2018-11-09 23:20:22 +01:00
Kevin Fenzi
4fea617129 need name here 2018-11-09 21:09:50 +00:00
Patrick Uiterwijk
de90a8214c Update cert nickname 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-18 12:30:59 +00:00
Patrick Uiterwijk
f1c8ecc125 Add sigul tags 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-18 12:25:55 +00:00
Patrick Uiterwijk
b8ce5b232d Update sigul config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-08-18 11:34:23 +00:00
Patrick Uiterwijk
adcbf72f03 Packageize this, packageize that, packageize the world 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:25:52 +00:00
Kevin Fenzi
e95bdbccac change the max rpm payload size on the bridge 2017-06-18 21:00:36 +00:00
Kevin Fenzi
6e63d49c01 increase the sigul max rpm size again 2017-06-18 19:50:07 +00:00
Patrick Uiterwijk
8e235ef3ab Add krb_rdns options 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-05-03 00:13:01 +00:00
Patrick Uiterwijk
004197d7de Add koji realms to config 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-05-03 00:12:19 +00:00
Kevin Fenzi
6b20d863a3 some last sign vault fixes 2017-03-03 20:09:53 +00:00
Patrick Uiterwijk
a8cb95ecaf Make both sigul vaults know their counterparts public key 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-20 23:17:56 +00:00
Patrick Uiterwijk
1bb27419cb Fix secondary bridge 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-19 02:44:24 +00:00
Patrick Uiterwijk
10490e8d92 Set serverca for koji and set default koji instance 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-17 23:54:30 +00:00
Patrick Uiterwijk
a7e0c3cf6b Koji is now on https 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-17 23:40:42 +00:00
Patrick Uiterwijk
fe53b28fd7 Fix var name 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-11 21:37:49 +00:00
Patrick Uiterwijk
2edbba61db This is ipa_realm 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-11 20:40:41 +00:00
Patrick Uiterwijk
cf95545631 Move sigul bridge to krb 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-11 20:33:12 +00:00
Patrick Uiterwijk
90628ec565 Add public yubikey stuff 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-19 21:04:57 +00:00
Patrick Uiterwijk
77e0fb600b Remove lenient username check in sigul 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-19 20:38:29 +00:00
Kevin Fenzi
4b297e330d this is a copy, not a file 2016-10-19 19:17:26 +00:00
Kevin Fenzi
5b9c8f180e fix name of secondary bridge cert 2016-10-13 22:34:21 +00:00
Kevin Fenzi
36f621bc48 texlive src.rpm is over 2GB now, bump signing size to 4GB until it passes that 2016-10-05 18:03:09 +00:00
Kevin Fenzi
b704d6b898 Add polkit rules to allow sigul user to access smartcard/yubikey for autosign binding. 2016-09-24 17:54:28 +00:00
Patrick Uiterwijk
46ced0ed73 Add yubikey tooling 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-23 11:41:45 +00:00