WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
45,353 Commits 9 Branches 0 Tags
6706723eea466bc9ffedc00a2fc86a0797279113
Commit Graph

14 Commits

Author SHA1 Message Date
Kevin Fenzi
c567d80f3f ipa / client: block paguremirroring user in ipa 
We want to use a local version of this user, not the ipa one.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-11-21 12:51:46 -08:00
Kevin Fenzi
17fb5e7e3a ipa / client: filter the git user 
We want to use the local git user, not the ipa one on pagure.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-11-18 18:30:06 -08:00
Kevin Fenzi
1b67cfcf3b releng-compose: filter some more users that should be local 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-07-03 13:58:56 -07:00
Kevin Fenzi
90ed0a38e0 pkgs: change the pagure user to uid 1000 for suexec, block in sssd 
The pagure user needs to be uid 1000 because suexec won't let users with
uid under that suexec. ;(

Also, filter pagure user out in sssd so we get the local user.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-07-02 15:25:17 -07:00
David Kirwan
809c90e5da IPA: add user zabbix to fedora-nss-ignore.conf 
Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>
 2025-03-21 16:25:30 +00:00
Kevin Fenzi
3a2623218d ipa client: filer out mysql user from ipa/ldap 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-11-20 16:48:40 -08:00
Kevin Fenzi
aa5c7bac75 ipa / client / sssd: add rawhide to filter and fix syntax error 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-07-17 18:05:41 -07:00
Kevin Fenzi
cf5ca54701 ipa: exclude the ipa postgres user in favor of local one 
We have a postgres user in ipa to prevent people from making an account
with that name, but we need/want to use a local version of this on
database servers, not the ipa one. We need the local one because the ipa
one is locked and this prevents database backups from working.
(Locked accounts can't run cron jobs).

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-06-07 16:52:25 -07:00
Kevin Fenzi
527d8cda18 sssd: exclude rabbitmq user also 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-10-03 16:12:55 -07:00
Kevin Fenzi
1a069052f0 ipa/client: add mirrormanager user/group to ipa excludes 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-07-16 08:15:15 -07:00
František Zatloukal
9f273622e0 Blockerbugs: force to use local user instead of the ipa one 2021-06-09 19:14:13 +02:00
Kevin Fenzi
52a197735b ipa/client: split out these groups 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-22 10:36:20 -07:00
Kevin Fenzi
1c6dfc82fd ipa/client: no comment in this jinja2 sadly, just make this a normal comment 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-22 10:26:50 -07:00
Kevin Fenzi
24ae7d3d16 ipa / client: rework the excluded local users from sssd 
There's a real user 'mock' who we want to allow on ipsilon (so they can
login to anything) and people02 (so they can get to their people space),
but no where else, since we ened the local mock user on places like
builders, etc.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-05-21 12:51:32 -07:00