fedora-infra_ansible

mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-29 13:01:36 +08:00

Author	SHA1	Message	Date
Michal Konecny	446e63e6c6	[ipsilon] Check if the variable is defined first Check if the openid variabled defined first, otherwise the playbook will fail. Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2025-10-03 13:53:06 +02:00
Michal Konecny	6cbcc82f53	[ipsilon] Add OpenID banner This will add OpenID banner to ipsilon instance that is set as OpenID only. Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2025-10-03 13:24:55 +02:00
Michal Konecny	b8a41de30e	[ipsilon] Fix ansible-lint errors Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2025-10-02 10:09:22 +02:00
Michal Konecny	ca04c6d41a	[ipsilon] Use different repo URL The current repo URL was evaluated as https://pagure.io/fedora-infra/ipsilon-fedora.git/ which returns 404 on pagure.io. Let's use just the https://pagure.io/fedora-infra/ipsilon-fedora, which works even with the added / at the end. Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2025-10-02 07:40:48 +00:00
Adam Williamson	a23c9df05a	Make ipsilon static config file public (staging), clean it up The only secrets in this file, AFAIK, are the client secrets. Most of those are already defined as secret variables for the plays in this repo that deploy the services to use. So instead of duplicating most of the secrets, and keeping this file in the private repo where we can't do PRs and editing it is awkward, let's just make all the client secrets be variables, and make this file public. For all the cases where a secret wasn't already defined as a variable, I've added it, so this should work as-is. Note that the use of `flask_oidc_dev_stg_oidc_client_secret` twice is not an error in this PR; that secret was reused for the staging community blog client config. I have reported this at https://pagure.io/fedora-infrastructure/issue/12161#comment-963303 . This also removes the client configurations for several services which no longer exist. Signed-off-by: Adam Williamson <awilliam@redhat.com>	2025-03-31 23:07:01 +00:00
Kevin Fenzi	58bbbca299	ipa: make sure a bunch of calls do not log sensitive data Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-03-20 14:48:12 -07:00
Michal Konecny	2ec055db6f	Use first uppercase letter for all handlers This will unify all the handlers to use first uppercase letter for ansible-lint to stop complaining. I went through all `notify:` occurrences and fixed them by running ``` set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep -rlz "$TEXT" . \| xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g" ``` Then I went through all the changes and removed the ones that wasn't expected to be changed. Fixes https://pagure.io/fedora-infrastructure/issue/12391 Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2025-02-10 20:31:49 +00:00
Kevin Fenzi	13266214d2	ipa / handlers: Fix call to 'restart sssd' that is now 'Restart sssd' Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-01-15 16:36:11 -08:00
Ryan Lerch	47c68f478d	ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template Replaces references to template: with ansible.builtin.template Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:30:29 +10:00
Ryan Lerch	3c41882bb0	ansiblelint fixes - fqcn[action-core] - shell to ansible.builtin.shell Replaces references to shell: with ansible.builtin.shell Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:29:10 +10:00
Ryan Lerch	25391e95b7	ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package Replaces many references to package: with ansible.builtin.package Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:28:00 +10:00
Ryan Lerch	462176464b	ansiblelint fixes-- fqcn[action-core] - command to ansible.builtin.command Replaces many references to command: with ansible.builtin.command Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:26:47 +10:00
Ryan Lerch	6a3816dfdc	ansiblelint fixes-- fqcn[action-core] - copy to ansible.builtin.copy Replaces many references to 'copy' with ansible.builtin.copy Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 10:43:31 +10:00
Ryan Lerch	62952df107	ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file Replaces many references to file: with ansible.builtin.file Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 10:41:52 +10:00
Ryan Lerch	691adee6ee	Fix name[casing] ansible-lint issues fix 1900 failures of the following case issue: `name[casing]: All names should start with an uppercase letter.` Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-14 20:20:07 +10:00
Kevin Fenzi	6d3a53901d	ipsilon: just copy the awx metadata in for now since get uri doesnt work for this Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2024-12-02 11:42:52 -08:00
Kevin Fenzi	417343b113	ipsilon: switch away from broken get_url to a local file with hotfix Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2024-12-02 10:03:08 -08:00
Ryan Lerch	89f6f1fc32	Fix majority of remaining yamllint warnings and errors Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2024-11-28 17:31:45 +10:00
Aurélien Bompard	726778e6ea	Fixup last ipsilon commit Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2024-08-20 15:14:35 +02:00
Aurélien Bompard	9e17fd1f37	Fixup last ipsilon commit Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2024-08-20 15:02:30 +02:00
Aurélien Bompard	4ffa70b0e0	Fixup last ipsilon commit Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2024-08-20 14:42:22 +02:00
Aurélien Bompard	622cefeca1	Add a system to deploy ipsilon patches Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2024-08-20 14:24:25 +02:00
Michal Konecny	3415ff33ff	Remove PDC call from ipsilon playbook Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-08-01 13:05:22 +02:00
Aurélien Bompard	bf79279ff3	Add a tag to update ipsilon's OIDC config Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2024-06-13 08:28:23 +02:00
Francois Andrieu	d86babdfe9	AWX: Initial configuration	2023-07-26 13:34:08 +02:00
Aurélien Bompard	b080195aea	Ipsilon: restart apache if the code changes Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2023-05-10 18:06:20 +02:00
Aurélien Bompard	af40d62193	Ipsilon: make sure the ipsilon-fedora addons are installed Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2023-05-10 17:51:43 +02:00
Aurélien Bompard	7949f778d9	Ipsilon: make the package module call faster Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2023-04-20 13:54:41 +02:00
Aurélien Bompard	577ba916be	Ipsilon: add missing tags Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2023-04-20 13:52:32 +02:00
Aurélien Bompard	aa0fbcad18	Ipsilon: automatically load the SAML2 metadata for PDC Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2023-04-20 12:43:24 +02:00
Aurélien Bompard	293cf34e8d	Adapt to Ipsilon 3.0.3 Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2022-07-05 17:36:03 +02:00
Aurélien Bompard	6b9d639421	ipsilon: add sebooleans on f36 Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2022-06-03 09:55:25 +02:00
Kevin Fenzi	b68200e0bc	ipsilon: make sure /etc/ipsilon/root is owned by ipsilon Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2022-06-02 15:25:22 -07:00
Aurélien Bompard	c030ab4c77	Ipsilon needs an SELinux boolean to use python-pam Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2022-05-25 11:32:57 +02:00
Aurélien Bompard	cd277a01d8	We now use PAM auth in Ipsilon Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2022-05-25 11:21:07 +02:00
Aurélien Bompard	61821fb1ba	Update ipsilon to 3.0.1 in prod Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2022-05-25 10:27:02 +02:00
Kevin Fenzi	cc0f507a2c	ipsilon: run the saml2 script as ipsilon user Right now it runs as root which means ipsilon can't read it. Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2021-11-30 07:34:16 -08:00
Ryan Lerch	ff1395d99c	ipsilon: clean up ipsilon role This cleans up the ipsilon role, removing a bunch of old, commented out lines, and removes files and templates that are no longer used. Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2021-07-08 10:13:41 +00:00
Aurélien Bompard	0c845843c4	Update ipsilon-fedora on the Ipsilon servers Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2021-04-30 10:37:31 +02:00
Aurélien Bompard	196d20086c	Some Ipsilon fixes for the new openid api extension Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2021-03-26 12:11:07 +01:00
Aurélien Bompard	fc759fd447	Add the ipsilon script to generate the metadata Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2021-03-25 11:15:29 +01:00
Aurélien Bompard	b8e6754f97	Use a VM for Ipsilon in prod too Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2021-03-23 16:55:38 +00:00
Aurélien Bompard	95ca01284a	Use a template for ipsilon's sssd.conf instead of replacing lines Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2021-01-20 10:32:33 +01:00
Aurélien Bompard	a2f74a447e	Ipsilon: fix attribute mapping for GPG & SSH Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-10-21 11:59:43 +02:00
Aurélien Bompard	157f1d2d52	Ipsilon: improve the HBAC rule Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-10-15 18:46:51 +02:00
Aurélien Bompard	35f2aeb15d	Actually those tasks must be run on the IPA server Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-10-15 18:04:21 +02:00
Aurélien Bompard	2cc20bb1af	Ipsilon: create a HBAC rule Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-10-15 17:51:21 +02:00
Aurélien Bompard	1ca3aff8f1	Ipsilon: configure SSSd Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-10-08 12:29:37 +02:00
Aurélien Bompard	f4684a1f07	Ipsilon: fix config files Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-10-08 10:11:36 +02:00
Aurélien Bompard	3a1885bcc9	Ipsilon in staging: deploy config files Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2020-10-08 09:48:31 +02:00

1 2 3

122 Commits