WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-01 14:02:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
29,743 Commits 9 Branches 0 Tags
e4e9866e044ce7a81e63145e24257002b2272002
Commit Graph

656 Commits

Author SHA1 Message Date
Stephen Smoogen
9d02ba6cf4 add proxy30 to config files 2020-04-24 21:34:21 +02:00
Kevin Fenzi
25160d44aa base / iptables: allow buildvm-s390x-17 to also access koji mount 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:21 +02:00
Kevin Fenzi
73ba1900e6 lock_wrapper: handle --silent with the argument passing 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:20 +02:00
Kevin Fenzi
09bbcdb68a scripts / lock-wrapper: actually pass script arguments as well to the script 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:20 +02:00
Kevin Fenzi
779fa01877 autocloud: fare well autocloud, you served long and well... 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:17 +02:00
Kevin Fenzi
18e16cbcfa base: forgot when conditional on last alternatives add 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
5af03fdec0 base: On rhel8 machines set /usr/bin/python to /usr/bin/python3 
The reason we do this is so we can use a few scripts (like nag-once)
as python2 on python2 hosts and python3 on rhel8 hosts.
Note that this depends on the script working on either.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Pierre-Yves Chibon
5a25802f9a base: First pass at making nag-once working with python3 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
5ecc8a9c4f base / postfix: also work around postfix/systemd bug on buildvmhost-s390x. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
e94fcbd825 iptables: fix group name, it's proxies_internal not proxies-internal. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
e1bea5fb6b postfix / base: also this is Service not service 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
cdeaa2558c base / postfix: reload systemd after changing the postfix service file. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
015df8dc65 postfix / base: work around s390x bug in private devices. 
https://bugzilla.redhat.com/show_bug.cgi?id=1769148

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:16 +02:00
Kevin Fenzi
75458a9252 base: further specify rootpw play hosts. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:15 +02:00
Kevin Fenzi
de7bef8146 base: adjust rootpw setting to cover current names 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:15 +02:00
Rick Elrod
0f9a591216 base: don't copy a bunch of postfix stuff for stg 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:15 +02:00
Rick Elrod
9b60967d7e base: add fix-ifcfg-mac-address.sh to common-scripts. Not my best code, but it should do the trick. 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:14 +02:00
Kevin Fenzi
f39ba30822 base: exclude this selinux policy for now since it causes a OOM crash on fedora-armv7-31 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:14 +02:00
Kevin Fenzi
fd1c7cf395 base: change conditional, perhaps ansible likes this one better? 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
53c3309269 base: Tweak conditionals to be much simpiler. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
8315ba9108 koji / buildvm-s390x-01.s390: Move this to a normal builder, remove from compose channel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:12 +02:00
Kevin Fenzi
1d68465ff2 base: set hostname on all hosts, not just rhel7. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:11 +02:00
Mikolaj Izdebski
12d3da3ebd base: Remove Koschei hosts from syncHttpLogs.sh 2020-04-24 21:34:11 +02:00
Stephen Smoogen
0a87de6e21 [proxies] remove proxy08 from ansible configs 2020-04-24 21:34:11 +02:00
Rick Elrod
e0fab09b47 base: collapse second uuid getter 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:10 +02:00
Rick Elrod
618752a6d6 base: debug 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:10 +02:00
Rick Elrod
3440a4ace6 base: try not using dot accessor notation here? 
Signed-off-by: Rick Elrod <relrod@redhat.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
cd22554d83 krb5: fix typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
a518f49c7b base: rework the conditional for nmcli controlled ifcfg files to be more readable. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
81fb4582e7 ansible: change when conditions to use == instead of is when checking strings. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Karsten Hopp
c9ed62ac32 update ansible_distribution_major_version conditionals 
Signed-off-by: Karsten Hopp <karsten@redhat.com>
 2020-04-24 21:34:10 +02:00
Stephen Smoogen
42bf78480e try again. run only against bastion02 to see what isnt happening 2020-04-24 21:34:10 +02:00
Stephen Smoogen
f158bfca8e undo the change to certs 2020-04-24 21:34:10 +02:00
Stephen Smoogen
92b2f4e805 fix matts problem 2020-04-24 21:34:09 +02:00
Kevin Fenzi
8618395ce6 base: syncHttpLogs: remove a bunch of things that have moved to openshift 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:09 +02:00
Kevin Fenzi
56e229734b kojibuilder / iptables: also allow buildvm-s390x 15 and 16 sshfs 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-07-16 15:59:28 +00:00
Kevin Fenzi
8ac70aee03 koji_builder: update iptables for new pagure.io ip address. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-07-13 05:26:00 +00:00
Stephen Smoogen
0d40cfcbad [rdu-cc] really add the resolv-conf this time idiot 2019-07-12 13:22:23 +00:00
Kevin Fenzi
ec17c4962a keytab: try and set python2 on all the deelegated tasks to ipa server. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-07-01 20:10:36 +00:00
Adam Williamson
1459a3fa5c Update rsyslog-audit SELinux policy with one more needed perm 
This one was dontaudit. Grr.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 16:00:23 -07:00
Stephen Smoogen
4020cec510 [storinator] make changes so that storinator can work in cloud 2019-05-29 22:55:28 +00:00
Adam Williamson
f4156c3db7 rsyslog-audit policy: also allow 'open' 
Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 10:21:10 -07:00
Adam Williamson
3eb406ccdb Update rsyslog-audit custom SELinux policy to allow dir reads 
This now seems to be necessary. This is the cause of the flood
of SELinux denials on F29+ hosts with the rsyslog stuff.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
 2019-05-29 09:49:03 -07:00
Stephen Smoogen
8611ab80ed put in proper checks like we have for other domains 2019-05-29 15:57:26 +00:00
Stephen Smoogen
1be05a2039 put in header checks postmap and restart 2019-05-29 14:59:43 +00:00
Stephen Smoogen
22fe4ad0a2 [postfix] and a file to put in drops. 2019-05-29 14:52:52 +00:00
Stephen Smoogen
77dcd8034f [postfix] change to header checks needs to be on both bastion and smtp-mm 2019-05-29 14:50:03 +00:00
Stephen Smoogen
0c6f35bf45 Allow postfix on gateway to do header checks 2019-05-29 14:37:23 +00:00
Kevin Fenzi
386d9a1d02 base/hosts: Clean up some depreciations. 
koji_builder/sudo: Clean up some more depreciations.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-28 20:47:54 +00:00
Patrick Uiterwijk
efabd7f30f Fix this defaulting to a /8 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-05-24 20:54:14 +02:00