WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-27 12:03:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,487 Commits 9 Branches 0 Tags
ccbda978113c4e2dacdb5eccc2ef5a7b8f70013a
Commit Graph

20432 Commits

Author SHA1 Message Date
Pierre-Yves Chibon
964fd00a7e toddlers: Try creating a keytab for toddlers 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-26 16:03:34 +01:00
Mark O'Brien
9b29115930 fmn: add missing comma 2021-03-26 12:34:51 +00:00
Stephen Coady
533ba99068 add missing v1 to fasjson url for fmn 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-26 11:34:53 +00:00
Aurélien Bompard
196d20086c Some Ipsilon fixes for the new openid api extension 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-26 12:11:07 +01:00
Stephen Coady
e66217f737 add forgotten keytab var 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-26 09:43:38 +00:00
Francois Andrieu
06796caabf languages: rework extract & stats jobs 2021-03-25 22:14:50 +00:00
Aurélien Bompard
ee65c1dbf0 fasjson-aliases: set the keytab env var 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 22:36:31 +01:00
Kevin Fenzi
740109a295 nagios_client / check_systemd_units: remove old debugging output 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 14:25:17 -07:00
Kevin Fenzi
cebb78ed82 nagios_client: the check_systemd_units is in scripts, not script 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:58:20 -07:00
Kevin Fenzi
5a915ea8ea fasjson: adjust script (no .py) and use nag-once 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:53:57 -07:00
Kevin Fenzi
341862e436 fasjson: This is a template, not a file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 13:44:00 -07:00
Michael Scherer
f50cad1870 Since zanata is down, this cron job no longer work 2021-03-25 20:26:05 +00:00
Michael Scherer
8548f299ca Add cronjob to update the website translation 2021-03-25 20:26:05 +00:00
Nils Philippsen
f9abb293c0 ipa/client: only warn about essential vars missing 
If either `ipa_client_shell_groups` and `ipa_client_sudo_groups` are
unset or empty, sysadmin-main will still be able to login and sudo.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-25 20:22:30 +00:00
seddikalaouiismaili
eae91f0d2b install nrpe check for systemd units 2021-03-25 20:16:48 +00:00
Francois Andrieu
35664e9159 cleanup: remove phx2 from ansible-ansible-openshift-ansible 2021-03-25 20:14:10 +00:00
Pavel Raiskup
0793a1e9b3 copr-be-dev: increase quota for one user 
Nobody is using devel stack except for Copr Team, and we run heavily
parallelized unit tests so we enjoy more concurrent VMs.  In case there
are no task processed, the VM count anyways goes down to the setup in
pool.yaml.  So this change actually doesn't mean more VMs is going to be
wasted in normal situations.
 2021-03-25 21:10:06 +01:00
Stephen Smoogen
9e3b72a519 Make sure playbook is using ipa/client as a tag versus ipsilon 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 15:29:21 -04:00
Stephen Smoogen
791ab33d1c This should tune sssd on people02 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 15:28:54 -04:00
Stephen Coady
4cc5f3d8f0 remove v1 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 18:01:18 +00:00
Stephen Coady
821209cb26 hotpatch fmn to work with fasjson 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 18:01:18 +00:00
Stephen Coady
7e7cef94ad update config to use fasjson and give it the address 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-25 17:56:23 +00:00
Aurélien Bompard
94b32cee08 Use our custom info plugin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 18:56:08 +01:00
Kevin Fenzi
7e207f9119 fasjson / aliases: adjust kernel-team to just Justin per request 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 10:34:58 -07:00
Kevin Fenzi
6bf8552e7f base / iptables / kojibuilder: add ipa ports for koji builder ipa clients 
Note that this will not yet work, it needs the RHIT firewall between
vlans opened on these ports first, but after that this is needed to
allow them to use those ports.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-25 10:10:55 -07:00
Stephen Smoogen
a781368708 Add a --no-ssh to the ipa-client-install so that sshconfigs on clients are not altered. 
Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-25 11:37:24 -04:00
Nils Philippsen
46b3fb9390 ipa/client: Revamp combining shell groups 
The previous implementation didn't work because of a chicken-and-egg
problem: To add the batcave shell groups to those specifically for
bastion, it needs to look them up, but they aren't set yet (probably
because `batcave` comes after `bastion`).

Now, one can (optionally) set `ipa_client_shell_groups_inherit_from`, a
list of Ansible group names whose `ipa_client_shell_groups` will be
combined with that of the host itself. This is more robust because it's
done late, after variables are set from the inventory.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-25 13:53:21 +01:00
Stephen Smoogen
34728c85cd put in clean up scripts to remove fas-client cron job which bollocks systems 2021-03-25 07:17:53 -04:00
Mark O'Brien
b80eb0b4d3 fas: remove trailing slash 2021-03-25 11:01:04 +00:00
Mark O'Brien
5000466350 fas: remove infra-tags repo 2021-03-25 10:54:42 +00:00
Aurélien Bompard
6e68f8fe4f Fix the mediawiki auth plugin 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 11:15:29 +01:00
Aurélien Bompard
fc759fd447 Add the ipsilon script to generate the metadata 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-25 11:15:29 +01:00
Kevin Fenzi
5b1b2c403d nagios: fix ipsilon check to look for something in the new theme 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 18:13:37 -07:00
Kevin Fenzi
5f8274ff6c ircbot: clean up additional typo in fedmsg-irc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 15:55:48 -07:00
Kevin Fenzi
3ac327e4ff ircbot: clean up typo in fedmsg-irc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 15:54:27 -07:00
Kevin Fenzi
f88bdf2c78 mediawiki: drop old fas cla and use agreements in prod now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 11:39:11 -07:00
Nils Philippsen
bcfe96b710 ipa/client: Enable VPN hosts to talk to IPA 
This requires the canonical names of IPA servers to be mapped to their
IP addresses on the VPN as well as specifying the IPA server explicitly
when enrolling clients.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:19:11 +01:00
Nils Philippsen
28cc2e8d93 ipa/client: specify ipa server when enrolling VPN hosts 
This is needed for clients that cannot access the internal DNS
where IPA servers are announced.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:18:55 +01:00
Aurélien Bompard
2c04966b51 Adjust the location of the service keytab in ipsilon 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 17:58:12 +01:00
Aurélien Bompard
4c5e2d605b Fix the sssd config file 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 17:31:55 +01:00
Aurélien Bompard
be8535cf05 Fix ipsilon config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 17:03:58 +01:00
Aurélien Bompard
327de7debe Disable the openshift instances of ipsilon 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 16:59:26 +01:00
Stephen Coady
1f20f3556d add a note saying fas is readonly. patch the docker image. 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-24 15:13:14 +00:00
Mark O'Brien
7f2e8d750a fas2: turn mail on to false to avoid mail being sent 2021-03-24 15:11:25 +00:00
Mark O'Brien
49473da360 Avoid mail being sent from fas server while in read only mode 2021-03-24 15:11:25 +00:00
Aurélien Bompard
7b2c578983 Ipsilon in prod is now on a VM like in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 13:49:33 +01:00
Nils Philippsen
23e6678997 ipa/client: cease masking tasks for prod hosts 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:32 +01:00
Stephen Smoogen
5deff9066d somehow pagure says I merged this commit but it also says it never happened. This was PR 447 2021-03-24 08:40:34 -04:00
Nils Philippsen
a4b5dfce5b ipa/client: only install sudoers on FAS clients 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 11:06:44 +00:00
Nils Philippsen
0fde62b23c GNOME backups: Be gone 
This hasn't been a thing since the colo move.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 10:52:25 +00:00