WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 13:32:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
16,093 Commits 9 Branches 0 Tags
6f1bb2e025a069d376122160d17aa4fe052d7e01
Commit Graph

413 Commits

Author SHA1 Message Date
Kevin Fenzi
7e9d4e4700 more s390 move changes 2016-12-07 15:58:41 +00:00
Kevin Fenzi
3163d7fdd5 Fix missing ) 2016-12-05 17:33:53 +00:00
Kevin Fenzi
0ee9865961 Simplify this conditional for iptables. 2016-12-05 17:31:45 +00:00
Kevin Fenzi
77ff2a473b Set NM_CONTROLLED=yes in our hosts that are in fact NM_CONTROLLED. 2016-12-05 17:21:47 +00:00
Kevin Fenzi
d195bae51a Exclude the osbs hosts from our default iptables template as they have their own more complex one. 2016-12-05 17:21:06 +00:00
Kevin Fenzi
6c9392f89a fix missing close in jinja template for ipa masters config 2016-12-05 17:06:17 +00:00
Patrick Uiterwijk
1652f6776c Only apply on stg for now 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-04 03:13:26 +00:00
Patrick Uiterwijk
793fe47fec No canonicalization or rdns 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-04 03:12:45 +00:00
Kevin Fenzi
1effd347df Setup a proxyreload for httpd that looks for the ticketkey. If it's not there, assume the proxy is just being configured and don't reload httpd. 2016-12-01 21:36:07 +00:00
Stephen Smoogen
12a7979213 update files to put basics for proxy13/proxy14 into being 2016-12-01 17:46:58 +00:00
Kevin Fenzi
8ca5c772e4 policycoreutils-python is what we want for semanage on rhel 2016-11-30 19:14:06 +00:00
Tim Flink
068b4fe49a Revert "adding default for sshd_port in base role" 
This reverts commit ecd13fdfa2.
 2016-11-30 17:22:06 +00:00
Tim Flink
ecd13fdfa2 adding default for sshd_port in base role 2016-11-30 17:16:42 +00:00
Tim Flink
3c69cdbe10 adding check for non-standard ssh and semanage adjustment if found 2016-11-30 16:51:18 +00:00
Patrick Uiterwijk
9d2343a72d RHEL6 doesn't have the https proxy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-29 16:19:34 +00:00
Patrick Uiterwijk
39672c66f2 Use id.fp.o for krb everywhere 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-28 08:57:20 +00:00
Patrick Uiterwijk
0bc8c56f06 This is also env-dependant 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-23 18:17:29 +00:00
Patrick Uiterwijk
b88c5c4da6 Seems IPA masters need a different krb5 conf 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-23 18:13:24 +00:00
Patrick Uiterwijk
ea1f97809a Make builders use the https proxy for krb 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-03 13:02:48 +00:00
Patrick Uiterwijk
d058565b3f Apply krb5 no_canonicalize on all stg buildvms 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 23:00:07 +00:00
Kevin Fenzi
b1a2d105c9 In ansible 2.2 always_run is depreciated. Switch to check_mode. 2016-11-01 16:29:49 +00:00
Patrick Uiterwijk
7f7c00e47e Temporarily wrap it in an if to prevent this on a day of freeze start 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 09:55:19 +00:00
Patrick Uiterwijk
b34735d83e Disable hostname canoncalization 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 09:55:19 +00:00
Patrick Uiterwijk
7304a32dd8 Use kdcproxy outside of PHX2 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-31 07:36:43 +00:00
Patrick Uiterwijk
2a6e8a5e25 Revert "Enable GSSAPI for ssh" 
This reverts commit b4f1088938.
 2016-10-27 18:53:24 +00:00
Patrick Uiterwijk
d058b58136 Allow specifying additionally needed host keytabs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 15:23:31 +00:00
Patrick Uiterwijk
b4f1088938 Enable GSSAPI for ssh 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 09:19:14 +00:00
Patrick Uiterwijk
1f7efb27cb Move keytab stuff into the base role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 09:06:47 +00:00
Patrick Uiterwijk
1f3883d58d Create role for host keytab to test before putting in base 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 08:47:41 +00:00
Kevin Fenzi
fa360b080c Move some things around to get resolv.conf right on pgbdr 2016-10-20 16:26:58 +00:00
Kevin Fenzi
ad51691c60 fix syntax error 2016-10-17 19:57:42 +00:00
Kevin Fenzi
b462a78248 use correct group name 2016-10-17 19:55:42 +00:00
Kevin Fenzi
6d6f6635d6 Attempt to limit pg access to clients that need it only. 2016-10-17 19:53:05 +00:00
Patrick Uiterwijk
c24963b18c Set domain realm for krb5 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-14 20:45:03 +00:00
Patrick Uiterwijk
9164552f6f Put krb5.conf in base role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-13 17:57:17 +00:00
Kevin Fenzi
173902e4fc tweak base role interfaces for docker networks 2016-10-10 22:50:20 +00:00
Stephen Smoogen
e8bc82f0a7 remove the entries to noc02 that wont work because that hostnmae doesnt exist 2016-09-30 15:23:54 +00:00
Patrick Uiterwijk
1e9441af9b Install complete.crt into .crt 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-27 18:21:10 +00:00
Patrick Uiterwijk
905ef28ad2 Install gateway cert with intermediate cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-27 18:15:04 +00:00
Stephen Smoogen
e13358ccd8 push the tls change out to the smtp-mm boxes 2016-09-27 17:37:21 +00:00
Kevin Fenzi
41cee6c129 Fix the order of this handler 2016-09-27 16:35:29 +00:00
Kevin Fenzi
4302a23215 Swap the order of these handlers so it does the map, then the postfix restart. 2016-09-27 16:09:32 +00:00
Stephen Smoogen
a875430ac8 too much email still requires ipv4 only and our ipv6 reverse doesnt work here 2016-09-27 15:37:37 +00:00
Stephen Smoogen
39459ede7d rebuild then restart 2016-09-27 03:34:39 +00:00
Stephen Smoogen
626a00c257 tls_ssl_options not implemented in our postfix 2016-09-27 03:28:39 +00:00
Stephen Smoogen
865dc57de9 call it a crt not a csr 2016-09-27 03:25:37 +00:00
Stephen Smoogen
2c055ba46e and we need to have a trigger 2016-09-27 03:08:25 +00:00
Stephen Smoogen
379340b456 and put in the items kevin asked for. 2016-09-27 03:00:03 +00:00
Stephen Smoogen
6780736eb3 lets try another go at patching 2016-09-27 01:46:38 +00:00
Stephen Smoogen
d2764137e5 try this patch set on for size to get tls working with smtp 2016-09-27 01:10:46 +00:00