WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-27 03:52:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
12,726 Commits 9 Branches 0 Tags
c5d30c4ee6b7f802b1edbaed43b211add8f42657
Commit Graph

306 Commits

Author SHA1 Message Date
Stephen Smoogen
07623cfffa and put in items for the rules 2016-03-18 20:36:52 +00:00
Stephen Smoogen
1da4475134 make an iptables set for download-phx2 2016-03-18 20:31:07 +00:00
Kevin Fenzi
bfb071fabe Nuke old iptables task and files and drop it from blockerbugs-dev. Also kill old serverbeach templates. 2016-03-18 20:28:33 +00:00
Ralph Bean
4043d326b5 No more friends. 2016-03-10 20:21:02 +00:00
Ralph Bean
c31771d0de Also the osuosl proxies. 2016-03-10 18:54:44 +00:00
Ralph Bean
e36d15bbbe Distinguish between ipv4 and ipv6. 2016-03-10 18:32:28 +00:00
Ralph Bean
4fd88f61f4 Friends. 2016-03-10 18:28:18 +00:00
Stephen Smoogen
993b750c82 start off with an awstats for log01 2016-03-02 21:23:30 +00:00
Kevin Fenzi
3382864cee Switch this over to two ip's instead of a hostname so iptables will start on boot. 2016-03-02 16:27:30 +00:00
Kevin Fenzi
f85c389531 Add a custom iptables template for torrent02. We don't want to conntrack torrent tracker connections, there's too many. 2016-02-20 01:57:07 +00:00
Kevin Fenzi
1df91d33fd This should be the default perm: 2755 2016-02-12 15:50:07 +00:00
Kevin Fenzi
0281dc80fe Fix nagios and inventory to switch over to people02 2016-02-11 16:18:27 +00:00
Kevin Fenzi
65699b531d We need to tell systemd-journald that it should sync out to persist storage otherwise it won't work until next reboot 2016-02-10 00:03:09 +00:00
Kevin Fenzi
f105bfd616 Add buildhw eth config info, blacklist some groups and tweak when statement 2016-02-06 00:04:01 +00:00
Kevin Fenzi
064680d892 See if this logic works as I want it to. 2016-02-05 21:26:57 +00:00
Kevin Fenzi
3315549c66 Correctly tag this task so it runs with the rest of the ifcfg things. 2016-02-05 21:21:49 +00:00
Kevin Fenzi
ce59bc537e Debug this sucker 2016-02-05 21:15:19 +00:00
Kevin Fenzi
97af2c4313 Perhaps the (s are confusing it? 2016-02-05 20:53:19 +00:00
Stephen Smoogen
429781ddae and lo, a herald angel called forth and said let there be vlans, and there were vlans... and it was good. 2016-02-05 20:52:56 +00:00
Kevin Fenzi
a06f96f81a Pesky syntax. Try this. 2016-02-05 20:33:57 +00:00
Kevin Fenzi
f0374f5251 Rework the logic here a bit. 2016-02-05 20:27:31 +00:00
Kevin Fenzi
f62ab99cb1 Use some parens here to make things happy 2016-02-05 20:23:02 +00:00
Kevin Fenzi
d5a366b5f6 Add a test for nmcli and also a blacklist var we can set on hosts that shouldn't have ifcfg managed by ansible. 2016-02-05 20:17:28 +00:00
Kevin Fenzi
18f920701a Add the resolv.conf tasks to the ifcfg tag for now, as we want to make sure and do them at the same time. 2016-02-05 19:35:06 +00:00
doteast
6ed4a04306 filter virbr and deal with ansible iface name conv 2016-02-05 18:11:19 +00:00
Kevin Fenzi
ec285b1708 Re-add ansible network setup and split out virbr case. 2016-02-05 17:59:23 +00:00
Kevin Fenzi
0df3cf6312 Comment tasks for now until we can sort out whats going on with it on some staging hosts 2016-02-04 23:55:43 +00:00
Kevin Fenzi
635fd73d12 Some non virthosts still have virbr interfaces. 2016-02-04 22:55:49 +00:00
Kevin Fenzi
ce25adcfec Copy these handlers to base role handers to avoid include handers bug in ansible 2.0 2016-02-04 22:30:20 +00:00
doteast
872512c4fa rename handler for clearity 2016-02-04 20:58:30 +00:00
doteast
a2a887dff8 no need for restart. reload is enough 2016-02-04 20:50:11 +00:00
doteast
bd13e567f2 net iface config templating and decouple resolvconf from NM 2016-02-04 20:44:49 +00:00
Kevin Fenzi
f6640e2768 Blacklist cdc_ether on all virt hosts. 2016-02-02 20:49:53 +00:00
Kevin Fenzi
bcd3b5c6c0 Fix missing parens 2016-01-31 04:14:16 +00:00
Kevin Fenzi
18925baa5c Simplify 2016-01-31 04:10:13 +00:00
Kevin Fenzi
a54fb11f8e Drop log02 old stuff and drop some negatives from conditional 2016-01-31 04:05:11 +00:00
Kevin Fenzi
2f789b0e98 copr and jenkins use base but shouldn't try and log to log01 as they are in the cloud network. 2016-01-31 03:49:08 +00:00
Patrick Uiterwijk
f21c8e00b9 Also enable persistent journald on Fedora 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-01-30 23:38:20 +00:00
Patrick Uiterwijk
c9edc339a5 Enable rsyslog journald module and persistent journald 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-01-30 23:21:26 +00:00
Ricky Elrod
c89622c4b4 remove staging conditional on watchdog stuff, add conditionals for ensuring /dev/watchdog exists and that we are on a VM 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2016-01-18 16:47:12 +00:00
Kevin Fenzi
b467a264b2 Drop a extra line that causes a change 2016-01-08 16:32:47 +00:00
Kevin Fenzi
d55a3cb36f Setup a qa-isolated group in the qa net and have all other machines in that net reject anything from them. 
This helps us isolate higher risk qa hosts from lower risk ones without having to move everything to
a different network/vlan for now.
 2016-01-08 16:29:18 +00:00
Patrick Uiterwijk
aa377b10e3 Make smtp-mm accept email for lists.fh.o and forward 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-23 07:07:05 +00:00
Stephen Smoogen
b3d1236fff when adding a new proxy.. always remember to sync its httpd logs or they go byby 2015-12-18 00:07:50 +00:00
Kevin Fenzi
c779582362 Set sshd Protocol here to 2, this makes rkhunter happy hopefully. 2015-12-11 04:11:38 +00:00
Dennis Gilmore
1fb2627410 allow the builders to talk o kojipkgs on port 443 
Signed-off-by: Dennis Gilmore <ausil@fedoraproject.org>
 2015-12-09 20:08:09 +00:00
Kevin Fenzi
9066854b56 Drop backup for test 2015-12-09 19:20:25 +00:00
Kevin Fenzi
7b97a1246e Revert "Drop validate just for a test" 
This reverts commit 19ed9254b8.
 2015-12-09 19:19:51 +00:00
Kevin Fenzi
19ed9254b8 Drop validate just for a test 2015-12-09 19:19:10 +00:00
Kevin Fenzi
0bd796a739 This is /sbin on rhel6 hosts and should work on rhel7 too 2015-12-09 18:33:04 +00:00