mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-03-30 08:50:55 +08:00
7984b46eb7
Since we no longer have any machines in phx2, I have tried to remove them from ansible. Note that there are still some places where we need to remove them still: nagios, dhcp, named were not touched, and in cases where it wasn't pretty clear what a conditional was doing I left it to be cleaned up later. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
28 lines
1.1 KiB
Django/Jinja
28 lines
1.1 KiB
Django/Jinja
pam_url:
|
|
{
|
|
settings:
|
|
{
|
|
{% if env == 'staging' %}
|
|
url = "https://fas-all.stg.phx2.fedoraproject.org:8443/"; # URI to fetch
|
|
{% elif datacenter == 'iad2' %}
|
|
url = "https://fas-all.iad2.fedoraproject.org:8443/"; # URI to fetch
|
|
{% else %}
|
|
url = "https://fas-all.vpn.fedoraproject.org:8443/"; # URI to fetch
|
|
{% endif %}
|
|
returncode = "OK"; # The remote script/cgi should return a 200 http code and this string as its only results
|
|
userfield = "user"; # userfield name to send
|
|
passwdfield = "token"; # passwdfield name to send
|
|
extradata = "&do=login"; # extradata to send
|
|
prompt = "Password+Token: "; # password prompt
|
|
};
|
|
|
|
ssl:
|
|
{
|
|
verify_peer = true; # Should we verify SSL ?
|
|
verify_host = true; # Should we verify the CN in the SSL cert?
|
|
client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
|
|
client_key = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
|
|
ca_cert = "/etc/pki/tls/private/totpcgi-ca.cert";
|
|
};
|
|
};
|