WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-24 22:11:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
17,068 Commits 9 Branches 0 Tags
a8cb95ecaf94de7a9e2a46432e91ccaa57909574
Commit Graph

429 Commits

Author SHA1 Message Date
Kevin Fenzi
1516393f04 ipv4 on phx2 bastion hosts 2017-02-14 21:29:33 +00:00
Kevin Fenzi
02ca818720 and now have gateway use the milter 2017-02-14 19:46:08 +00:00
Patrick Uiterwijk
ec68c3ce39 Make it not match autocloud01 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-08 14:31:56 +00:00
Patrick Uiterwijk
a90e9070cd No stg ip override in cloud 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-02-08 14:07:25 +00:00
Stephen Smoogen
8c90ef6064 ok this should allow smtp to send to bastion for fedorahosted. 2017-02-02 19:26:19 +00:00
Stephen Smoogen
3c9b0e4654 make fedorahosted on baston 2017-02-02 18:01:26 +00:00
Kevin Fenzi
0456dd002c drop any relayhost for copr mails, mx1.redhat.com will not relay for it 2017-01-31 17:14:58 +00:00
Kevin Fenzi
484ab27f17 for some reason postfix wants this fqdn 2017-01-19 20:39:41 +00:00
Kevin Fenzi
a24c859d9a koji builders only should have to deal with ipv4 mail 2017-01-19 19:46:58 +00:00
Stephen Smoogen
2f92b9777a we need to add a larger limits for file coverage 2017-01-18 19:34:08 +00:00
Kevin Fenzi
4588fedfb2 also allow tcp dns for builders 2017-01-16 16:41:44 +00:00
Stephen Smoogen
4fe0981401 we need to do all this stuff in templates. 2017-01-16 01:01:45 +00:00
Stephen Smoogen
d35ef94142 no reverse klingon logic in which files to fix 2017-01-10 23:48:57 +00:00
Patrick Uiterwijk
cd50a3c55d Disable rdns on masters 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-22 16:51:57 +00:00
Patrick Uiterwijk
d8b121b2df Make sure all machines know which realm to use 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-20 08:26:18 +00:00
Tim Flink
cb0ef0b2fd adding new qa-prod01.qa host to replace qadevel.qa 2016-12-15 18:02:29 +00:00
Kevin Fenzi
7e9d4e4700 more s390 move changes 2016-12-07 15:58:41 +00:00
Kevin Fenzi
3163d7fdd5 Fix missing ) 2016-12-05 17:33:53 +00:00
Kevin Fenzi
0ee9865961 Simplify this conditional for iptables. 2016-12-05 17:31:45 +00:00
Kevin Fenzi
77ff2a473b Set NM_CONTROLLED=yes in our hosts that are in fact NM_CONTROLLED. 2016-12-05 17:21:47 +00:00
Kevin Fenzi
d195bae51a Exclude the osbs hosts from our default iptables template as they have their own more complex one. 2016-12-05 17:21:06 +00:00
Kevin Fenzi
6c9392f89a fix missing close in jinja template for ipa masters config 2016-12-05 17:06:17 +00:00
Patrick Uiterwijk
1652f6776c Only apply on stg for now 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-04 03:13:26 +00:00
Patrick Uiterwijk
793fe47fec No canonicalization or rdns 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-12-04 03:12:45 +00:00
Kevin Fenzi
1effd347df Setup a proxyreload for httpd that looks for the ticketkey. If it's not there, assume the proxy is just being configured and don't reload httpd. 2016-12-01 21:36:07 +00:00
Stephen Smoogen
12a7979213 update files to put basics for proxy13/proxy14 into being 2016-12-01 17:46:58 +00:00
Kevin Fenzi
8ca5c772e4 policycoreutils-python is what we want for semanage on rhel 2016-11-30 19:14:06 +00:00
Tim Flink
068b4fe49a Revert "adding default for sshd_port in base role" 
This reverts commit ecd13fdfa2.
 2016-11-30 17:22:06 +00:00
Tim Flink
ecd13fdfa2 adding default for sshd_port in base role 2016-11-30 17:16:42 +00:00
Tim Flink
3c69cdbe10 adding check for non-standard ssh and semanage adjustment if found 2016-11-30 16:51:18 +00:00
Patrick Uiterwijk
9d2343a72d RHEL6 doesn't have the https proxy 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-29 16:19:34 +00:00
Patrick Uiterwijk
39672c66f2 Use id.fp.o for krb everywhere 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-28 08:57:20 +00:00
Patrick Uiterwijk
0bc8c56f06 This is also env-dependant 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-23 18:17:29 +00:00
Patrick Uiterwijk
b88c5c4da6 Seems IPA masters need a different krb5 conf 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-23 18:13:24 +00:00
Patrick Uiterwijk
ea1f97809a Make builders use the https proxy for krb 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-03 13:02:48 +00:00
Patrick Uiterwijk
d058565b3f Apply krb5 no_canonicalize on all stg buildvms 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 23:00:07 +00:00
Kevin Fenzi
b1a2d105c9 In ansible 2.2 always_run is depreciated. Switch to check_mode. 2016-11-01 16:29:49 +00:00
Patrick Uiterwijk
7f7c00e47e Temporarily wrap it in an if to prevent this on a day of freeze start 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 09:55:19 +00:00
Patrick Uiterwijk
b34735d83e Disable hostname canoncalization 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-01 09:55:19 +00:00
Patrick Uiterwijk
7304a32dd8 Use kdcproxy outside of PHX2 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-31 07:36:43 +00:00
Patrick Uiterwijk
2a6e8a5e25 Revert "Enable GSSAPI for ssh" 
This reverts commit b4f1088938.
 2016-10-27 18:53:24 +00:00
Patrick Uiterwijk
d058b58136 Allow specifying additionally needed host keytabs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 15:23:31 +00:00
Patrick Uiterwijk
b4f1088938 Enable GSSAPI for ssh 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 09:19:14 +00:00
Patrick Uiterwijk
1f7efb27cb Move keytab stuff into the base role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 09:06:47 +00:00
Patrick Uiterwijk
1f3883d58d Create role for host keytab to test before putting in base 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 08:47:41 +00:00
Kevin Fenzi
fa360b080c Move some things around to get resolv.conf right on pgbdr 2016-10-20 16:26:58 +00:00
Kevin Fenzi
ad51691c60 fix syntax error 2016-10-17 19:57:42 +00:00
Kevin Fenzi
b462a78248 use correct group name 2016-10-17 19:55:42 +00:00
Kevin Fenzi
6d6f6635d6 Attempt to limit pg access to clients that need it only. 2016-10-17 19:53:05 +00:00
Patrick Uiterwijk
c24963b18c Set domain realm for krb5 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-14 20:45:03 +00:00