WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-30 21:41:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
18,067 Commits 9 Branches 0 Tags
e3ecddfe2f7342cfb6fa3cedef2cf4e8bfe94847
Commit Graph

191 Commits

Author SHA1 Message Date
Kevin Fenzi
9f71fa2295 comment in rsyslog-audit module in base 2017-05-04 14:20:37 +00:00
Kevin Fenzi
fcf570d42e initial selinux module work for rsyslog to read audit 2017-05-04 14:02:02 +00:00
Kevin Fenzi
db328d7ac2 Revert "ansible tells me not to use {s in when, lets see if this works" 
This reverts commit 9b77ca729b.
 2017-04-20 17:03:09 +00:00
Kevin Fenzi
9b77ca729b ansible tells me not to use {s in when, lets see if this works 2017-04-20 16:57:07 +00:00
Kevin Fenzi
8a6e51a9a6 change state=running to start=started as the old one is going away in ansible 2.7 2017-04-13 01:37:21 +00:00
Patrick Uiterwijk
78a6c13010 Production key is generated 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 23:32:41 +00:00
Patrick Uiterwijk
09cd075108 Revert "Make explicitly invalid" 
This reverts commit b91d69d1ed.
 2017-04-09 23:24:08 +00:00
Patrick Uiterwijk
b91d69d1ed Make explicitly invalid 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 23:22:25 +00:00
Patrick Uiterwijk
d01c436580 SSH does not know years 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 23:18:54 +00:00
Patrick Uiterwijk
dc1664c8f3 Combine properly 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 23:17:58 +00:00
Patrick Uiterwijk
7a7054b34c Allow setting additional hostnames 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 23:15:16 +00:00
Patrick Uiterwijk
3ec28fa016 Use a static dir 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 22:50:25 +00:00
Patrick Uiterwijk
7ce0b12a42 Fix env tests 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 22:34:55 +00:00
Patrick Uiterwijk
c96d44b232 Add initial SSH certificates 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-04-09 22:29:14 +00:00
Kevin Fenzi
a0727e3fd2 do not apply iptables to any fed-cloud machine now 2017-04-07 19:23:42 +00:00
Kevin Fenzi
3743d7691c add tag for common scripts 2017-03-02 16:00:06 +00:00
Stephen Smoogen
2f92b9777a we need to add a larger limits for file coverage 2017-01-18 19:34:08 +00:00
Kevin Fenzi
3163d7fdd5 Fix missing ) 2016-12-05 17:33:53 +00:00
Kevin Fenzi
0ee9865961 Simplify this conditional for iptables. 2016-12-05 17:31:45 +00:00
Kevin Fenzi
d195bae51a Exclude the osbs hosts from our default iptables template as they have their own more complex one. 2016-12-05 17:21:06 +00:00
Kevin Fenzi
8ca5c772e4 policycoreutils-python is what we want for semanage on rhel 2016-11-30 19:14:06 +00:00
Tim Flink
3c69cdbe10 adding check for non-standard ssh and semanage adjustment if found 2016-11-30 16:51:18 +00:00
Patrick Uiterwijk
b88c5c4da6 Seems IPA masters need a different krb5 conf 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-11-23 18:13:24 +00:00
Kevin Fenzi
b1a2d105c9 In ansible 2.2 always_run is depreciated. Switch to check_mode. 2016-11-01 16:29:49 +00:00
Patrick Uiterwijk
d058b58136 Allow specifying additionally needed host keytabs 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 15:23:31 +00:00
Patrick Uiterwijk
1f7efb27cb Move keytab stuff into the base role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 09:06:47 +00:00
Patrick Uiterwijk
1f3883d58d Create role for host keytab to test before putting in base 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-27 08:47:41 +00:00
Patrick Uiterwijk
9164552f6f Put krb5.conf in base role 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-10-13 17:57:17 +00:00
Kevin Fenzi
173902e4fc tweak base role interfaces for docker networks 2016-10-10 22:50:20 +00:00
Patrick Uiterwijk
1e9441af9b Install complete.crt into .crt 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-27 18:21:10 +00:00
Patrick Uiterwijk
905ef28ad2 Install gateway cert with intermediate cert 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-27 18:15:04 +00:00
Stephen Smoogen
e13358ccd8 push the tls change out to the smtp-mm boxes 2016-09-27 17:37:21 +00:00
Kevin Fenzi
41cee6c129 Fix the order of this handler 2016-09-27 16:35:29 +00:00
Kevin Fenzi
4302a23215 Swap the order of these handlers so it does the map, then the postfix restart. 2016-09-27 16:09:32 +00:00
Stephen Smoogen
39459ede7d rebuild then restart 2016-09-27 03:34:39 +00:00
Stephen Smoogen
865dc57de9 call it a crt not a csr 2016-09-27 03:25:37 +00:00
Stephen Smoogen
2c055ba46e and we need to have a trigger 2016-09-27 03:08:25 +00:00
Stephen Smoogen
379340b456 and put in the items kevin asked for. 2016-09-27 03:00:03 +00:00
Stephen Smoogen
6780736eb3 lets try another go at patching 2016-09-27 01:46:38 +00:00
Stephen Smoogen
d2764137e5 try this patch set on for size to get tls working with smtp 2016-09-27 01:10:46 +00:00
Patrick Uiterwijk
ebf41c6366 Also delivery master.cf to noc02 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-09-24 00:51:05 +00:00
Stephen Smoogen
bf85ec58dd why? 2016-09-24 00:41:31 +00:00
Kevin Fenzi
42afc9a637 Fix a bunch of places that didn't use the full correct mode 2016-08-08 19:53:57 +00:00
Kevin Fenzi
04a52b8667 Death to all trailing whitespace. 2016-08-08 19:36:31 +00:00
Kevin Fenzi
90b8c96e6c remove debugging, set base to always set hostname 2016-07-18 21:48:09 +00:00
Kevin Fenzi
5623bc1967 ppc8-04 is a hw builder 2016-06-27 14:07:52 +00:00
Kevin Fenzi
9fe0726ddb Try this and see if it works any differently. 2016-05-14 17:49:50 +00:00
Aurélien Bompard
6d3d810683 Fixup activation of SpamAssassin on Mailman 2016-05-12 09:31:18 +00:00
Kevin Fenzi
a32f8b9e4a Change ansible_fqdn to inventory_hostname. This fixes some few hosts that have incorrect reverse dns 
and shouldn't break any others since we always use fully qualified in our inventory.
 2016-05-11 15:08:50 +00:00
Adam Williamson
59e76a7f37 add an 'ansible_ifcfg_whitelist' feature and use it for openqa 
semi-acked by nirik (but he'll deny it furiously and it's all
my fault if everything blows up): for openQA's openvswitch
stuff I need a 'br0' and a 'tap0' that I don't want the base
role to mess with, but I *do* want the base role to configure
eth0 for me. ansible_ifcfg_blacklist isn't granular enough. So
let's invent ansible_ifcfg_whitelist, which if defined is a
list of interface names you want the base role to configure.
Any interface not in the list is left alone.
 2016-04-27 18:38:57 -07:00