WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-02 06:20:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
17,222 Commits 9 Branches 0 Tags
9523dadd164dfd82f33bbf8564d5deffc6a9ddbe
Commit Graph

128 Commits

Author SHA1 Message Date
Patrick Uiterwijk
ec68c3ce39 Make it not match autocloud01 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-08 14:31:56 +00:00
Patrick Uiterwijk
a90e9070cd No stg ip override in cloud 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-08 14:07:25 +00:00
Kevin Fenzi
4588fedfb2 also allow tcp dns for builders 2017-01-16 16:41:44 +00:00
Stephen Smoogen
d35ef94142 no reverse klingon logic in which files to fix 2017-01-10 23:48:57 +00:00
Patrick Uiterwijk
cd50a3c55d Disable rdns on masters 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-22 16:51:57 +00:00
Patrick Uiterwijk
d8b121b2df Make sure all machines know which realm to use 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-20 08:26:18 +00:00
Kevin Fenzi
7e9d4e4700 more s390 move changes 2016-12-07 15:58:41 +00:00
Kevin Fenzi
77ff2a473b Set NM_CONTROLLED=yes in our hosts that are in fact NM_CONTROLLED. 2016-12-05 17:21:47 +00:00
Kevin Fenzi
6c9392f89a fix missing close in jinja template for ipa masters config 2016-12-05 17:06:17 +00:00
Patrick Uiterwijk
1652f6776c Only apply on stg for now 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-04 03:13:26 +00:00
Patrick Uiterwijk
793fe47fec No canonicalization or rdns 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-04 03:12:45 +00:00
Patrick Uiterwijk
9d2343a72d RHEL6 doesn't have the https proxy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-29 16:19:34 +00:00
Patrick Uiterwijk
39672c66f2 Use id.fp.o for krb everywhere 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-28 08:57:20 +00:00
Patrick Uiterwijk
0bc8c56f06 This is also env-dependant 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-23 18:17:29 +00:00
Patrick Uiterwijk
b88c5c4da6 Seems IPA masters need a different krb5 conf 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-23 18:13:24 +00:00
Patrick Uiterwijk
ea1f97809a Make builders use the https proxy for krb 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-03 13:02:48 +00:00
Patrick Uiterwijk
d058565b3f Apply krb5 no_canonicalize on all stg buildvms 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 23:00:07 +00:00
Patrick Uiterwijk
7f7c00e47e Temporarily wrap it in an if to prevent this on a day of freeze start 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 09:55:19 +00:00
Patrick Uiterwijk
b34735d83e Disable hostname canoncalization 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 09:55:19 +00:00
Patrick Uiterwijk
7304a32dd8 Use kdcproxy outside of PHX2 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-31 07:36:43 +00:00
Kevin Fenzi
fa360b080c Move some things around to get resolv.conf right on pgbdr 2016-10-20 16:26:58 +00:00
Kevin Fenzi
ad51691c60 fix syntax error 2016-10-17 19:57:42 +00:00
Kevin Fenzi
b462a78248 use correct group name 2016-10-17 19:55:42 +00:00
Kevin Fenzi
6d6f6635d6 Attempt to limit pg access to clients that need it only. 2016-10-17 19:53:05 +00:00
Patrick Uiterwijk
c24963b18c Set domain realm for krb5 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-14 20:45:03 +00:00
Patrick Uiterwijk
9164552f6f Put krb5.conf in base role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-13 17:57:17 +00:00
Patrick Uiterwijk
6e0178e000 osbs-stg will use the normal iptables, and will get docker iptables via a script 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-07-05 19:16:59 +00:00
Kevin Fenzi
bca365bbf4 Until I can figure out this nameserver thing, don't track dns requests to keep conntrack tables not full 2016-06-30 16:19:38 +00:00
Kevin Fenzi
d59f480002 Update ip address for ppc hub. 2016-05-20 16:09:17 +00:00
Patrick Uiterwijk
b015134235 OSBS needs prod kojipkgs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-10 22:08:35 +00:00
Patrick Uiterwijk
1777c84e0f Osbs needs access to kojipkgs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-10 16:01:27 +00:00
Patrick Uiterwijk
87b7aeca1e Nobody asked docker to override dns servers, yet it does 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 21:35:11 +00:00
Patrick Uiterwijk
d8b4efb68a Allow all traffic over the docker0 interface 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 21:16:22 +00:00
Patrick Uiterwijk
4ddee387ea Seems it tries to use koji stg over http... 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:56:53 +00:00
Patrick Uiterwijk
4ffd3342d5 Allow https clone from pkgs.stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:45:12 +00:00
Patrick Uiterwijk
d1cecec937 Prod != stg 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 20:38:27 +00:00
Patrick Uiterwijk
44dad913e5 Add iptables for osbs build 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-05-09 19:45:37 +00:00
Adam Williamson
b0b7dc9b47 openqa/worker: give up on GRE, single tap host instead 
OK, this GRE crap ain't working. Let's give up! Instead let's
have one tap-capable host per openQA deployment, so all the
tap jobs will go to it. This...should achieve that. Let's see
what blows up.
 2016-05-05 14:10:46 -07:00
Adam Williamson
62dbe6e6dc openqa: fix iptables stuff 
apparently host_group is not the same thing as inventory group.
 2016-04-27 18:51:09 -07:00
Adam Williamson
178bffc9d0 openqa: setup firewall rules for openqa openvswitch guests 
they need to talk to the bridge and to each other. their
traffic is not directly routed over the bridge, it is NAT'ed,
hence the masquerade rule.
 2016-04-27 17:20:25 -07:00
Michael Scherer
189260776c Move ntp setup in a role 
Since base install ntp on all platforms, we can skip the vars
and place it by default (next step is to convert the
few playbooks duplicating the role)
 2016-04-16 17:47:36 +00:00
Peter Robinson
e1b4ecc674 koji builder: add s390 hub to firewall 2016-04-08 15:52:21 +00:00
aikidouke
01bca326b1 Merge branch 'prodprompt' 
Conflicts:
	roles/base/tasks/main.yml
 2016-04-05 18:49:16 +00:00
Kevin Fenzi
8a9e586794 A whitespace change 2016-04-04 21:19:11 +00:00
Kevin Fenzi
dd37aa4965 Fix typo 2016-04-04 21:06:40 +00:00
Dennis Gilmore
4dd019ffb9 allow the builders to access pagure.io on port 443 
Signed-off-by: Dennis Gilmore <ausil@fedoraproject.org>
 2016-04-04 17:12:56 +00:00
Kevin Fenzi
dc775203ae We also don't want to track the torrent connections the other direction either. 2016-03-30 14:51:12 +00:00
Stephen Smoogen
e542e889e3 and we are now monday to push change 2016-03-21 18:41:12 +00:00
Stephen Smoogen
134036a9b0 And we have lots of iptables changes so we can block things when we want 2016-03-18 22:57:28 +00:00
Stephen Smoogen
07623cfffa and put in items for the rules 2016-03-18 20:36:52 +00:00