WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-13 12:49:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
28,350 Commits 9 Branches 0 Tags
492a724eecfa557dcd5665f024b2b07eefe00917
Commit Graph

633 Commits

Author SHA1 Message Date
Stephen Smoogen
0a87de6e21 [proxies] remove proxy08 from ansible configs 2020-04-24 21:34:11 +02:00
Rick Elrod
e0fab09b47 base: collapse second uuid getter 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:10 +02:00
Rick Elrod
618752a6d6 base: debug 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:10 +02:00
Rick Elrod
3440a4ace6 base: try not using dot accessor notation here? 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
cd22554d83 krb5: fix typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
a518f49c7b base: rework the conditional for nmcli controlled ifcfg files to be more readable. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
81fb4582e7 ansible: change when conditions to use == instead of is when checking strings. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Karsten Hopp
c9ed62ac32 update ansible_distribution_major_version conditionals 
Signed-off-by: Karsten Hopp <karsten@redhat.com>
 2020-04-24 21:34:10 +02:00
Stephen Smoogen
42bf78480e try again. run only against bastion02 to see what isnt happening 2020-04-24 21:34:10 +02:00
Stephen Smoogen
f158bfca8e undo the change to certs 2020-04-24 21:34:10 +02:00
Stephen Smoogen
92b2f4e805 fix matts problem 2020-04-24 21:34:09 +02:00
Kevin Fenzi
8618395ce6 base: syncHttpLogs: remove a bunch of things that have moved to openshift 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:09 +02:00
Kevin Fenzi
56e229734b kojibuilder / iptables: also allow buildvm-s390x 15 and 16 sshfs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-07-16 15:59:28 +00:00
Kevin Fenzi
8ac70aee03 koji_builder: update iptables for new pagure.io ip address. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-07-13 05:26:00 +00:00
Stephen Smoogen
0d40cfcbad [rdu-cc] really add the resolv-conf this time idiot 2019-07-12 13:22:23 +00:00
Kevin Fenzi
ec17c4962a keytab: try and set python2 on all the deelegated tasks to ipa server. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-07-01 20:10:36 +00:00
Adam Williamson
1459a3fa5c Update rsyslog-audit SELinux policy with one more needed perm 
This one was dontaudit. Grr.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 16:00:23 -07:00
Stephen Smoogen
4020cec510 [storinator] make changes so that storinator can work in cloud 2019-05-29 22:55:28 +00:00
Adam Williamson
f4156c3db7 rsyslog-audit policy: also allow 'open' 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:21:10 -07:00
Adam Williamson
3eb406ccdb Update rsyslog-audit custom SELinux policy to allow dir reads 
This now seems to be necessary. This is the cause of the flood
of SELinux denials on F29+ hosts with the rsyslog stuff.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 09:49:03 -07:00
Stephen Smoogen
8611ab80ed put in proper checks like we have for other domains 2019-05-29 15:57:26 +00:00
Stephen Smoogen
1be05a2039 put in header checks postmap and restart 2019-05-29 14:59:43 +00:00
Stephen Smoogen
22fe4ad0a2 [postfix] and a file to put in drops. 2019-05-29 14:52:52 +00:00
Stephen Smoogen
77dcd8034f [postfix] change to header checks needs to be on both bastion and smtp-mm 2019-05-29 14:50:03 +00:00
Stephen Smoogen
0c6f35bf45 Allow postfix on gateway to do header checks 2019-05-29 14:37:23 +00:00
Kevin Fenzi
386d9a1d02 base/hosts: Clean up some depreciations. 
koji_builder/sudo: Clean up some more depreciations.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 20:47:54 +00:00
Patrick Uiterwijk
efabd7f30f Fix this defaulting to a /8 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-24 20:54:14 +02:00
Stephen Smoogen
658a22035b remove fas03 from inventory and a LOT of config files where it was hard-coded 2019-05-23 22:53:51 +00:00
Kevin Fenzi
4b31ac5152 ansible: Change all our group names from foo-bar to foo_bar or foo-bar-baz to foo_bar_baz 
In ansible 2.8 the - character isn't supposed to be valid in group names.
While we could override this, might has well just bite the bullet and change it.
So, just switch all group names to use _ instead of -

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-20 17:38:09 +00:00
Kevin Fenzi
984f012358 sundries/virthost/base: fix a nummber of cases of a variable being used as a boot (now a warning) 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-18 00:00:15 +00:00
Kevin Fenzi
83c4734c43 fedorainfracloud / resolv.conf: remove old tummy unbound ip and replace with rdu2. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-10 18:48:48 +00:00
Kevin Fenzi
7e18ec152d mm-frontend-checkin01: add totpci to iptables so sudo will work. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-09 16:48:11 +00:00
Kevin Fenzi
80f5658820 base: Fix syntax on dnf command, it should just be the name in this case 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-01 22:40:28 +00:00
Kevin Fenzi
b86e4987b8 compose-x86_64-02: Drop compose-x86-02, it's not used for anything anymore. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-12 22:14:58 +00:00
Kevin Fenzi
4e51f101be base: Just change this to run on rhel7 and rhel6 only with yum. The next task works for fedora hosts. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:55:09 +00:00
Kevin Fenzi
fef0fcbc0e base: fix initial libselinux task to not run on python3 hosts as package: doesn't work there. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 20:51:14 +00:00
Kevin Fenzi
b6a8c7d5e5 base: only install policycoreutils-python-utils on f28+ 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-05 22:42:43 +00:00
Kevin Fenzi
4cd704e5fc syncHttpLogs.sh: remove also proxy07, which no longer exists. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-04 22:04:38 +00:00
Patrick Uiterwijk
c7debaf72d Add proxy101/110 to syncHttpLogs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-04 23:46:02 +02:00
Patrick Uiterwijk
d7fa58f05c Allow nagios to proxy-only ports as well 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:59:47 +01:00
Patrick Uiterwijk
418c704a49 iptables: Use correct interface for correct side 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:32:15 +01:00
Patrick Uiterwijk
03f9a74f8d iptables: use datacenter==phx2 for vpn-detection 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:31:26 +01:00
Patrick Uiterwijk
a8ab545e11 iptables: also remove ansible_facts in prod iptables template 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:25:04 +01:00
Patrick Uiterwijk
63489a3ccb iptables: Try without ansible_facts 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:24:16 +01:00
Patrick Uiterwijk
661e5866c6 Proxy group in staging is named differently 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:19:16 +01:00
Patrick Uiterwijk
2a932db784 Add proxy-only ports to staging iptables 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:18:04 +01:00
Patrick Uiterwijk
030ea6df33 Allow adding proxy-only TCP ports to groups 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 00:15:05 +01:00
Patrick Uiterwijk
99eee653cc Capture internal proxies in synced HTTP logs 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-28 23:52:58 +01:00
Jakub Kadlčík
fee9bd85b7 Add smtpd_recipient_restrictions for copr according to main.cf 2019-03-11 21:18:25 +01:00
Stephen Smoogen
bb8924bf88 [rsyslog systemd] make the file conformant with larger file settings 2019-03-04 19:02:16 +00:00