WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 11:36:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
15,058 Commits 9 Branches 0 Tags
4b56744f76dd3e637e59e94dea7160d9f705c6d4
Commit Graph

377 Commits

Author SHA1 Message Date
Stephen Smoogen
e8bc82f0a7 remove the entries to noc02 that wont work because that hostnmae doesnt exist 2016-09-30 15:23:54 +00:00
Patrick Uiterwijk
1e9441af9b Install complete.crt into .crt 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-27 18:21:10 +00:00
Patrick Uiterwijk
905ef28ad2 Install gateway cert with intermediate cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-27 18:15:04 +00:00
Stephen Smoogen
e13358ccd8 push the tls change out to the smtp-mm boxes 2016-09-27 17:37:21 +00:00
Kevin Fenzi
41cee6c129 Fix the order of this handler 2016-09-27 16:35:29 +00:00
Kevin Fenzi
4302a23215 Swap the order of these handlers so it does the map, then the postfix restart. 2016-09-27 16:09:32 +00:00
Stephen Smoogen
a875430ac8 too much email still requires ipv4 only and our ipv6 reverse doesnt work here 2016-09-27 15:37:37 +00:00
Stephen Smoogen
39459ede7d rebuild then restart 2016-09-27 03:34:39 +00:00
Stephen Smoogen
626a00c257 tls_ssl_options not implemented in our postfix 2016-09-27 03:28:39 +00:00
Stephen Smoogen
865dc57de9 call it a crt not a csr 2016-09-27 03:25:37 +00:00
Stephen Smoogen
2c055ba46e and we need to have a trigger 2016-09-27 03:08:25 +00:00
Stephen Smoogen
379340b456 and put in the items kevin asked for. 2016-09-27 03:00:03 +00:00
Stephen Smoogen
6780736eb3 lets try another go at patching 2016-09-27 01:46:38 +00:00
Stephen Smoogen
d2764137e5 try this patch set on for size to get tls working with smtp 2016-09-27 01:10:46 +00:00
Patrick Uiterwijk
ebf41c6366 Also delivery master.cf to noc02 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-24 00:51:05 +00:00
Stephen Smoogen
bf85ec58dd why? 2016-09-24 00:41:31 +00:00
Stephen Smoogen
caa5411057 I broke it so I need to buy it. 2016-09-24 00:38:10 +00:00
Stephen Smoogen
2d05f9675d try to put in place smtp files for noc02 to use smtp-ipv4 vs ipv6 for google 2016-09-23 23:42:08 +00:00
Kevin Fenzi
42afc9a637 Fix a bunch of places that didn't use the full correct mode 2016-08-08 19:53:57 +00:00
Kevin Fenzi
04a52b8667 Death to all trailing whitespace. 2016-08-08 19:36:31 +00:00
Patrick Uiterwijk
9fbe49b3bc Make this really norelay 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-07-23 15:50:02 +00:00
Kevin Fenzi
90b8c96e6c remove debugging, set base to always set hostname 2016-07-18 21:48:09 +00:00
Kevin Fenzi
28f1b6427b drop no longer existant download-rdus from this script 2016-07-13 16:48:51 +00:00
Patrick Uiterwijk
6e0178e000 osbs-stg will use the normal iptables, and will get docker iptables via a script 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-07-05 19:16:59 +00:00
Kevin Fenzi
bca365bbf4 Until I can figure out this nameserver thing, don't track dns requests to keep conntrack tables not full 2016-06-30 16:19:38 +00:00
Kevin Fenzi
5623bc1967 ppc8-04 is a hw builder 2016-06-27 14:07:52 +00:00
Kevin Fenzi
2209cb5efa drop bodhost01 and proxy07 2016-05-31 16:48:17 +00:00
Kevin Fenzi
d59f480002 Update ip address for ppc hub. 2016-05-20 16:09:17 +00:00
Kevin Fenzi
8da3c329b9 Switch mm-smtp servers to send to mailman01 instead of relaying via collab03. 
Also, remove the old transports file which as far as I can tell is not used by anything.
 2016-05-18 20:45:12 +00:00
Kevin Fenzi
9fe0726ddb Try this and see if it works any differently. 2016-05-14 17:49:50 +00:00
Aurélien Bompard
c115f786ae Bypass spam checking for emails from Mailman 2016-05-12 12:11:23 +00:00
Aurélien Bompard
6d3d810683 Fixup activation of SpamAssassin on Mailman 2016-05-12 09:31:18 +00:00
Aurélien Bompard
5241b6f601 Add Spamassassin to Mailman 2016-05-12 09:08:58 +00:00
Kevin Fenzi
a32f8b9e4a Change ansible_fqdn to inventory_hostname. This fixes some few hosts that have incorrect reverse dns 
and shouldn't break any others since we always use fully qualified in our inventory.
 2016-05-11 15:08:50 +00:00
Patrick Uiterwijk
b015134235 OSBS needs prod kojipkgs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-10 22:08:35 +00:00
Patrick Uiterwijk
1777c84e0f Osbs needs access to kojipkgs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-10 16:01:27 +00:00
Patrick Uiterwijk
87b7aeca1e Nobody asked docker to override dns servers, yet it does 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 21:35:11 +00:00
Patrick Uiterwijk
d8b4efb68a Allow all traffic over the docker0 interface 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 21:16:22 +00:00
Patrick Uiterwijk
4ddee387ea Seems it tries to use koji stg over http... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:56:53 +00:00
Patrick Uiterwijk
4ffd3342d5 Allow https clone from pkgs.stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:45:12 +00:00
Patrick Uiterwijk
d1cecec937 Prod != stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:38:27 +00:00
Patrick Uiterwijk
44dad913e5 Add iptables for osbs build 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 19:45:37 +00:00
Adam Williamson
b0b7dc9b47 openqa/worker: give up on GRE, single tap host instead 
OK, this GRE crap ain't working. Let's give up! Instead let's
have one tap-capable host per openQA deployment, so all the
tap jobs will go to it. This...should achieve that. Let's see
what blows up.
 2016-05-05 14:10:46 -07:00
Adam Williamson
62dbe6e6dc openqa: fix iptables stuff 
apparently host_group is not the same thing as inventory group.
 2016-04-27 18:51:09 -07:00
Adam Williamson
59e76a7f37 add an 'ansible_ifcfg_whitelist' feature and use it for openqa 
semi-acked by nirik (but he'll deny it furiously and it's all
my fault if everything blows up): for openQA's openvswitch
stuff I need a 'br0' and a 'tap0' that I don't want the base
role to mess with, but I *do* want the base role to configure
eth0 for me. ansible_ifcfg_blacklist isn't granular enough. So
let's invent ansible_ifcfg_whitelist, which if defined is a
list of interface names you want the base role to configure.
Any interface not in the list is left alone.
 2016-04-27 18:38:57 -07:00
Adam Williamson
178bffc9d0 openqa: setup firewall rules for openqa openvswitch guests 
they need to talk to the bridge and to each other. their
traffic is not directly routed over the bridge, it is NAT'ed,
hence the masquerade rule.
 2016-04-27 17:20:25 -07:00
Michael Scherer
189260776c Move ntp setup in a role 
Since base install ntp on all platforms, we can skip the vars
and place it by default (next step is to convert the
few playbooks duplicating the role)
 2016-04-16 17:47:36 +00:00
Todd Zullinger
b374a0ff03 base: only set PS1 for prod/stage for interactive sessions 
Setting PS1 for non-interactive shells doesn't make sense.  Using tput
in the PS1 causes spurious errors to be logged:

    tput: No value for $TERM and no -T specified
    tput: No value for $TERM and no -T specified

Resolves: #5234
 2016-04-14 23:28:35 +00:00
Mikolaj Izdebski
e84a937620 Improve scripts for setting PS1 2016-04-13 23:15:42 +00:00
Kevin Fenzi
193bdc7ba1 Move bodhi02.stg to bodhi01.stg since it's not booting right anyhow. 2016-04-11 19:28:13 +00:00