diff --git a/playbooks/run_fasClient.yml b/playbooks/run_fasClient.yml index 53ea2f2e79..57d8696b35 100644 --- a/playbooks/run_fasClient.yml +++ b/playbooks/run_fasClient.yml @@ -4,7 +4,7 @@ # - name: run fasClient -a to make email aliases on bastion - hosts: bastion01.phx2.fedoraproject.org:bastion02.phx2.fedoraproject.org + hosts: bastion01.phx2.fedoraproject.org:bastion02.phx2.fedoraproject.org:bastion01.iad2.fedoraproject.org:bastion02.iad2.fedoraproject.org user: root gather_facts: False diff --git a/playbooks/run_fasClient_simple.yml b/playbooks/run_fasClient_simple.yml index 8176d978b6..f8212aa025 100644 --- a/playbooks/run_fasClient_simple.yml +++ b/playbooks/run_fasClient_simple.yml @@ -3,7 +3,7 @@ # - name: run fasClient -a to make email aliases on bastion - hosts: bastion01.phx2.fedoraproject.org:bastion02.phx2.fedoraproject.org + hosts: bastion01.phx2.fedoraproject.org:bastion02.phx2.fedoraproject.org:bastion01.iad2.fedoraproject.org:bastion02.iad2.fedoraproject.org user: root gather_facts: False diff --git a/roles/opendkim/files/SigningTable b/roles/opendkim/files/SigningTable index 118d0b9713..7b19117c33 100644 --- a/roles/opendkim/files/SigningTable +++ b/roles/opendkim/files/SigningTable @@ -12,10 +12,10 @@ # "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf. # Create additional lines for additional domains. -*@fedoraproject.org bastion._domainkey.fedoraproject.org -*@lists.fedoraproject.org bastion._domainkey.fedoraproject.org -*@stg.fedoraproject.org bastion._domainkey.fedoraproject.org -pagure@pagure.io bastion._domainkey.pagure.io +*@fedoraproject.org bastion-iad._domainkey.fedoraproject.org +*@lists.fedoraproject.org bastion-iad._domainkey.fedoraproject.org +*@stg.fedoraproject.org bastion-iad._domainkey.fedoraproject.org +pagure@pagure.io bastion-iad._domainkey.pagure.io # NON-WILDCARD EXAMPLE # If "file:" (instead of "refile:") is specified in /etc/opendkim.conf, then diff --git a/roles/opendkim/files/opendkim.conf b/roles/opendkim/files/opendkim.conf index 2997cbe6ce..77d878ed5f 100644 --- a/roles/opendkim/files/opendkim.conf +++ b/roles/opendkim/files/opendkim.conf @@ -88,14 +88,14 @@ Canonicalization relaxed/relaxed # Domain fedoraproject.org ## Defines the name of the selector to be used when signing messages. -Selector bastion +Selector bastion-iad ## Specifies the minimum number of key bits for acceptable keys and signatures. MinimumKeyBits 1024 ## Gives the location of a private key to be used for signing ALL messages. This ## directive is ignored if KeyTable is enabled. -KeyFile /etc/opendkim/keys/bastion.key +KeyFile /etc/opendkim/keys/bastion-iad.key ## Gives the location of a file mapping key names to signing keys. In simple terms, ## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile diff --git a/roles/opendkim/tasks/main.yml b/roles/opendkim/tasks/main.yml index c5cafd5b78..e6821bd6a6 100644 --- a/roles/opendkim/tasks/main.yml +++ b/roles/opendkim/tasks/main.yml @@ -39,6 +39,13 @@ - config - base +- name: install bastion-iad opendkim key from private + copy: src={{ private }}/files/opendkim/bastion-iad.key dest=/etc/opendkim/keys/bastion-iad.key mode=0600 owner=opendkim group=opendkim + tags: + - opendkim + - config + - base + - name: install pagure opendkim key from private copy: src={{ private }}/files/opendkim/pagure.key dest=/etc/opendkim/keys/pagure.key mode=0600 owner=opendkim group=opendkim tags: diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf index d274e72acf..2b8a1a7e4c 100644 --- a/roles/openvpn/client/files/client.conf +++ b/roles/openvpn/client/files/client.conf @@ -7,6 +7,7 @@ proto udp # Specify multiple vpn servers here remote gateway remote bastion02 +remote bastion-iad01 resolv-retry infinite diff --git a/roles/openvpn/client/templates/client.conf b/roles/openvpn/client/templates/client.conf index e2514316b0..100dc31683 100644 --- a/roles/openvpn/client/templates/client.conf +++ b/roles/openvpn/client/templates/client.conf @@ -12,6 +12,7 @@ proto udp # Specify multiple vpn servers here remote gateway remote bastion02 +remote bastion-iad01 resolv-retry infinite