WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-28 04:22:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
37,299 Commits 9 Branches 0 Tags
42e930e97f22ca75a3e7fbbf6658d8d5efe27f2e
Commit Graph

102 Commits

Author SHA1 Message Date
Aurélien Bompard
adf5af64bc Not so idempotent after all. 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-21 17:47:19 +02:00
Aurélien Bompard
a5be08dab3 Most tasks in the ipa playbook are actually idempotent 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-21 17:36:14 +02:00
Kevin Fenzi
a42bb9e383 ipa/server: fix typo: yess to yes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-08 09:45:41 -07:00
Aurélien Bompard
7b650d56c9 Allow people in the sysadmin-main group to manage stage users in Noggin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-02 18:04:30 +02:00
Aurélien Bompard
d0ccea03f2 Add the new collectd plugin for IPA 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-07-02 17:37:54 +02:00
Kevin Fenzi
7b93c69d29 ipa / server: fix delegations 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-10 11:51:16 -07:00
Kevin Fenzi
6b1feadf4f ipa / server: only install the stage user cleanup on 01 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-10 11:43:00 -07:00
Aurélien Bompard
86567270dc The keytab path is hostname-dependant 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 10:12:11 +02:00
Aurélien Bompard
bfe6cf9d02 Only run the cron job on one server 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 09:34:27 +02:00
Aurélien Bompard
abaf67b66c Adjust the keytab location to the service 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-07 09:16:16 +02:00
Aurélien Bompard
551ba9bd39 Oops. 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 19:04:34 +02:00
Aurélien Bompard
f1e9387759 Finally, use a service for the stage users cleanup script 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 19:02:38 +02:00
Aurélien Bompard
3ddc3934da Add a periodic cleanup script for stage users 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 13:59:21 +02:00
Aurélien Bompard
3719dff88e Add some missing tags 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-05-06 13:58:40 +02:00
Mark O'Brien
2649c23c52 ipa: add env_suffix for stg 2021-05-06 12:30:29 +01:00
Aurélien Bompard
809635c923 Improve the IPA backup process 
Fixes: https://pagure.io/fedora-infrastructure/issue/9916

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-04-30 10:35:33 +02:00
Mark O'Brien
b51c4a5c7b ipa: need more modules enabled 2021-04-23 15:33:35 +01:00
Mark O'Brien
7952914916 ipa: enable correct idm module stg 2021-04-23 12:30:13 +01:00
Mark O'Brien
cba637c5c2 ipa: otp script fix dest name 2021-04-15 21:01:46 +01:00
Mark O'Brien
d3927bb3c9 ipa: otp script add tags 2021-04-15 20:29:58 +01:00
Mark O'Brien
ecf0dadc3b add script 2021-04-15 18:23:12 +00:00
Mark O'Brien
b8515e6bce ipa: add script to check which sysadmins do not have otp tokens 2021-04-15 18:23:12 +00:00
Kevin Fenzi
85ac490787 ipa / server / backups: only send errors to cron emails 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-27 10:42:40 -07:00
Mark O'Brien
e32c6c21b9 create daily data only backups of ipa 2021-03-23 18:06:38 +00:00
Aurélien Bompard
2269f0ece1 Prepare Noggin & FASJSON for prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-22 17:53:42 +00:00
Aurélien Bompard
f17dc57b43 Create the sysadmin-main group in IPA 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-22 10:26:01 -05:00
Aurélien Bompard
ab94dc42eb IPA: until we get the ipaselfservice module, we need the admin ticket 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:42:23 +01:00
Aurélien Bompard
f29bd5f92c Cut'n'paste is the root of all evil 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:39:01 +01:00
Aurélien Bompard
8f9076c6d7 IPA: fix commands for nis and compat 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:05:25 +01:00
Aurélien Bompard
d520072024 IPA: disable the compat tree and the NIS tree 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-10 16:41:54 +01:00
Aurélien Bompard
6606399bbc Allow users to change some of their attributes 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-05 16:47:02 +01:00
Nils Philippsen
502b3d48b0 ipa: More ansible_fqdn -> inventory_hostname 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:33:07 +01:00
Aurélien Bompard
60ed2dabd5 Fix login_kerberos on the IPA API 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-11-19 11:38:21 +01:00
Stephen Smoogen
1f1f75b198 ipa_initial needs to be false or we reset the environment to scratch every ansible run 2020-11-13 10:41:40 -05:00
Aurélien Bompard
6185f038b6 IPA: don't start httpd with systemd 
The httpd service should not be started with systemd, the ipa service will
start it. If systemd starts it, it will run before IPA is available and
KdcProxy will be disabled because it can't reach LDAP.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-11-10 11:40:54 +01:00
Kevin Fenzi
66c94678e1 ipa: try and fix the popup auth window that comes up on windows 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 16:31:42 -08:00
Aurélien Bompard
5be417c997 Try to fix an error in a module 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 17:00:46 +02:00
Aurélien Bompard
96bc8300f1 Adjust output parsing... :-/ 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:57:42 +02:00
Aurélien Bompard
dc9ad4da3f Revert "Use the new modules" 
The version of ansible-freeipa we have does not have the new modules
yet.

This reverts commit dad2290c7f.
 2020-10-21 16:39:40 +02:00
Aurélien Bompard
dad2290c7f Use the new modules 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:33:16 +02:00
Aurélien Bompard
77b9de661e Adjust conditions 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:21:20 +02:00
Aurélien Bompard
db06d34bfd Use the new IPA module 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:06:39 +02:00
Aurélien Bompard
d9cda33f98 IPA: missing rewrite 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 15:52:25 +02:00
Aurélien Bompard
33452ed8f9 IPA: set the expiration date for the admin user 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 11:59:43 +02:00
Aurélien Bompard
e97aa82fc0 IPA: Don't allow all users to log into all hosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-14 14:44:45 +02:00
Aurélien Bompard
5868f77c53 IPA: fix the new tasks 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-13 17:02:18 +02:00
Aurélien Bompard
cd2e75bc4f IPA: syntax 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-13 16:50:08 +02:00
Aurélien Bompard
d208e3a087 IPA: attempt to create a certificate profile & ACL 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-13 16:27:07 +02:00
Kevin Fenzi
9a080eae0f ipa / server: add pynag on ipa servers to allow nagios replication check to work 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-10-05 17:11:55 -07:00
Aurélien Bompard
103f2f4653 IPA: don't disallow users to read other users' profile 
Reason for removing this: we don't store so much private information
anymore, and we can't disallow people from seeing other people's email
address on a case-by-case basis, it's either everyone or hand-picked
services, but users can't choose to let other users see their info or
not (as with the "private" FAS boolean).

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-09-17 17:03:55 +02:00