We removed this because it had some options we didn't like long ago.
However, now it's basically all stuff thats already in our base ssh
config.
It causes anoying, but harmless scriptlet messages on updates
and there's no need to remove it to only have it get re-added by
freeipa-client every update.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
On rhel the sssd dropin files (which need to be the same owner/group as
the main sssd.conf file) are root:root, but on fedora they are
root:sssd. So, split out this task to handle the two different cases.
Assisted-by: claude
(I had it generate this, and it actually did a reasonable job I think)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The pagure user needs to be uid 1000 because suexec won't let users with
uid under that suexec. ;(
Also, filter pagure user out in sssd so we get the local user.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
It seems that the issue https://github.com/dogtagpki/pki/issues/5133 we
are hitting now is because the limit on the newly deployed is set only
to 2000, which makes it reach the LDAP administrative limit.
When trying to debug RDU3 replication issue I found out that these two
parameters actually obfuscating any issues that could happen.
Let's remove them than.
As we were finally able to resolve the issue of replica installation
failing when KRA role is enabled. We can now enable it by default in
playbook.
See https://pagure.io/fedora-infrastructure/issue/12158 for more info.
As the pause module is only executed on first machine in the group I
decided to rather remove it completely.
This means that the replica will only be reinstalled, if the machine
isn't master node and the /var/log/ipainstall.log doesn't exist.
If somebody wants to re-install the replica they just need to remove
/var/log/ipainstall.log and the playbook will do the rest.
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
On rhel and f41+ there is a sssd user, so we should use that.
If we don't, sssd will change the ownership on restart, meaning we flip
it back and forth each time we run the playbook.
remember to remove this when fedora 40 is all gone from infra
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
