WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-28 12:32:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,487 Commits 9 Branches 0 Tags
ccbda978113c4e2dacdb5eccc2ef5a7b8f70013a
Commit Graph

79 Commits

Author SHA1 Message Date
Mark O'Brien
e32c6c21b9 create daily data only backups of ipa 2021-03-23 18:06:38 +00:00
Aurélien Bompard
2269f0ece1 Prepare Noggin & FASJSON for prod 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-22 17:53:42 +00:00
Aurélien Bompard
f17dc57b43 Create the sysadmin-main group in IPA 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-22 10:26:01 -05:00
Aurélien Bompard
ab94dc42eb IPA: until we get the ipaselfservice module, we need the admin ticket 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:42:23 +01:00
Aurélien Bompard
f29bd5f92c Cut'n'paste is the root of all evil 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:39:01 +01:00
Aurélien Bompard
8f9076c6d7 IPA: fix commands for nis and compat 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-11 13:05:25 +01:00
Aurélien Bompard
d520072024 IPA: disable the compat tree and the NIS tree 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-10 16:41:54 +01:00
Aurélien Bompard
6606399bbc Allow users to change some of their attributes 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-02-05 16:47:02 +01:00
Nils Philippsen
502b3d48b0 ipa: More ansible_fqdn -> inventory_hostname 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-02-02 16:33:07 +01:00
Aurélien Bompard
60ed2dabd5 Fix login_kerberos on the IPA API 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-11-19 11:38:21 +01:00
Stephen Smoogen
1f1f75b198 ipa_initial needs to be false or we reset the environment to scratch every ansible run 2020-11-13 10:41:40 -05:00
Aurélien Bompard
6185f038b6 IPA: don't start httpd with systemd 
The httpd service should not be started with systemd, the ipa service will
start it. If systemd starts it, it will run before IPA is available and
KdcProxy will be disabled because it can't reach LDAP.

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-11-10 11:40:54 +01:00
Kevin Fenzi
66c94678e1 ipa: try and fix the popup auth window that comes up on windows 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-11-04 16:31:42 -08:00
Aurélien Bompard
5be417c997 Try to fix an error in a module 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 17:00:46 +02:00
Aurélien Bompard
96bc8300f1 Adjust output parsing... :-/ 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:57:42 +02:00
Aurélien Bompard
dc9ad4da3f Revert "Use the new modules" 
The version of ansible-freeipa we have does not have the new modules
yet.

This reverts commit dad2290c7f.
 2020-10-21 16:39:40 +02:00
Aurélien Bompard
dad2290c7f Use the new modules 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:33:16 +02:00
Aurélien Bompard
77b9de661e Adjust conditions 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:21:20 +02:00
Aurélien Bompard
db06d34bfd Use the new IPA module 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 16:06:39 +02:00
Aurélien Bompard
d9cda33f98 IPA: missing rewrite 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 15:52:25 +02:00
Aurélien Bompard
33452ed8f9 IPA: set the expiration date for the admin user 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-21 11:59:43 +02:00
Aurélien Bompard
e97aa82fc0 IPA: Don't allow all users to log into all hosts 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-14 14:44:45 +02:00
Aurélien Bompard
5868f77c53 IPA: fix the new tasks 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-13 17:02:18 +02:00
Aurélien Bompard
cd2e75bc4f IPA: syntax 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-13 16:50:08 +02:00
Aurélien Bompard
d208e3a087 IPA: attempt to create a certificate profile & ACL 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-10-13 16:27:07 +02:00
Kevin Fenzi
9a080eae0f ipa / server: add pynag on ipa servers to allow nagios replication check to work 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-10-05 17:11:55 -07:00
Aurélien Bompard
103f2f4653 IPA: don't disallow users to read other users' profile 
Reason for removing this: we don't store so much private information
anymore, and we can't disallow people from seeing other people's email
address on a case-by-case basis, it's either everyone or hand-picked
services, but users can't choose to let other users see their info or
not (as with the "private" FAS boolean).

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-09-17 17:03:55 +02:00
Aurélien Bompard
9717fadb44 Ansible modules for IPA: don't validate the certs 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-09-01 15:43:49 +02:00
Aurélien Bompard
daf96efd15 IPA: use ansible modules and tasks wherever possible 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-09-01 15:34:07 +02:00
Aurélien Bompard
944431bf59 IPA: Allow users to read their own data 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-09-01 00:11:45 +02:00
Aurélien Bompard
b2cdf5dc62 Now that IPA is the reference, allow users to change their own attributes 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-08-31 22:59:00 +02:00
Aurélien Bompard
28ae976ab2 Add permissions to the noggin user to activate stageusers 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-08-31 19:12:54 +02:00
Aurélien Bompard
05ea33bf84 Workaround for colon-spaces in commands 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-08-19 15:39:42 +02:00
Aurélien Bompard
5bd655d335 Noggin: workaround the spaces in the commands 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-08-19 14:45:40 +02:00
Aurélien Bompard
6e1873ce1b First try at Noggin deployment 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2020-08-19 12:54:21 +02:00
Kevin Fenzi
665964a79f ipa / server: fix files to have correct suffix 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-24 13:23:05 -07:00
Patrick Uiterwijk
7cdcbb5880 Make all ldif files apply on all IPA boxes. Not everything gets synced 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-07-24 22:09:18 +02:00
Kevin Fenzi
856b5512b4 ipa server: adjust forwarders for iad2. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-07-20 13:37:06 -07:00
Kevin Fenzi
7984b46eb7 The great phx2 pruning run (1st cut). 
Since we no longer have any machines in phx2, I have tried to remove
them from ansible. Note that there are still some places where we need
to remove them still: nagios, dhcp, named were not touched, and in cases
where it wasn't pretty clear what a conditional was doing I left it to
be cleaned up later.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-14 14:14:31 -07:00
Patrick Uiterwijk
9766bd053d Move force-join to replca-install 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-02 20:51:45 +02:00
Patrick Uiterwijk
1db0ee0fee Add force-join 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-02 20:44:47 +02:00
Patrick Uiterwijk
b1fbff5b1c Add LDIF file to fix SASL limits 
We keep hitting this otherwise because of our directory size

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-02 20:38:49 +02:00
Patrick Uiterwijk
8fba1c1f4c Skip using host DNS for IPA replica install 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-02 20:36:16 +02:00
Patrick Uiterwijk
a77ef673cc Fix replica command 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-02 15:35:13 +02:00
Patrick Uiterwijk
1d84857c6d Add rhel8 ipa-replica-install 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-06-02 15:28:23 +02:00
Patrick Uiterwijk
b122c66f2f Remove ip-address arg for replica-prepare 2020-05-26 20:12:24 +02:00
Kevin Fenzi
1e509172ed ipa / drop pynag for now until we can sort it on rhel/epel8. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-20 09:30:22 -07:00
Patrick Uiterwijk
a9e9411c56 Move IPA hostname checks to ipa_initial variable 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2020-05-20 16:03:18 +00:00
Kevin Fenzi
8745e9f102 add ipa01/02 for iad2 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-19 19:28:50 -07:00
Patrick Uiterwijk
936e8b261a yum accepted pkg=, package calls it name= 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2017-10-09 00:38:26 +02:00