Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of /git/ansible

Browse source
This commit is contained in:
David Gay 2014-12-06 21:06:26 +00:00
commit 6f62c81a4d
4 changed files with 80 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/fas_server/tasks/main.yml
View file

@ -41,10 +41,10 @@
tags: tags:
- config - config
- name: install $pythonsitelib/fas/config/log.cfg - name: install pythonsitelib/fas/config/log.cfg
copy: > copy: >
src="fas-log.cfg" src="fas-log.cfg"
dest="$pythonsitelib/fas/config/log.cfg" # $pythonsitelib=? dest="/usr/lib/python2.6/site-packages/fas/config/log.cfg"
owner=root owner=root
group=root group=root
mode=0644 mode=0644

14
roles/fas_server/templates/fas.cfg.j2
View file

@ -156,9 +156,9 @@ visit.cookie.httponly = True
# Database # Database
{% if env == "staging" %} {% if env == "staging" %}
sqlalchemy.dburi="postgres://fas:<%= fasDbPassword %>@db-fas.stg/fas2" sqlalchemy.dburi="postgres://fas:{{ fasDbPassword }}@db-fas.stg/fas2"
{% else %} {% else %}
sqlalchemy.dburi="postgres://fas:<%= fasDbPassword %>@db-fas/fas2" sqlalchemy.dburi="postgres://fas:{{ fasDbPassword }}@db-fas/fas2"
{% endif %} {% endif %}
sqlalchemy.echo=False sqlalchemy.echo=False
# When using wsgi, we want the pool to be very low (as a separate instance is # When using wsgi, we want the pool to be very low (as a separate instance is
@ -186,11 +186,11 @@ mail.manager = 'demand'
# Enable yubikeys # Enable yubikeys
yubi_server_prefix='http://localhost/yk-val/verify?id=' yubi_server_prefix='http://localhost/yk-val/verify?id='
{% if env == "staging" %} {% if env == "staging" %}
ykksm_db="postgres://ykksmimporter:<%= ykksmimporterPassword %>@db-fas01.stg/ykksm" ykksm_db="postgres://ykksmimporter:{{ ykksmimporterPassword }}@db-fas01.stg/ykksm"
ykval_db="postgres://ykval_verifier:<%= ykval_verifierPassword %>@db-fas01.stg/ykval" ykval_db="postgres://ykval_verifier:{{ ykval_verifierPassword }}@db-fas01.stg/ykval"
{% else %} {% else %}
ykksm_db="postgres://ykksmimporter:<%= ykksmimporterPassword %>@db-ykksm/ykksm" ykksm_db="postgres://ykksmimporter:{{ ykksmimporterPassword }}@db-ykksm/ykksm"
ykval_db="postgres://ykval_verifier:<%= ykval_verifierPassword %>@db-ykval/ykval" ykval_db="postgres://ykval_verifier:{{ ykval_verifierPassword }}@db-ykval/ykval"
{% endif %} {% endif %}
# Enable or disable generation of SSL certificates for users # Enable or disable generation of SSL certificates for users
@ -220,7 +220,7 @@ gpghome = "/etc/fas-gpg"
# Note: gpg_fingerprint and gpg_passphrase are for encrypting password reset mail if the user has # Note: gpg_fingerprint and gpg_passphrase are for encrypting password reset mail if the user has
# a gpg key registered. It's currently broken # a gpg key registered. It's currently broken
gpg_fingerprint = "7662 A6D3 4F21 A653 7BD4 BA64 20A0 8C45 4A0E 6255" gpg_fingerprint = "7662 A6D3 4F21 A653 7BD4 BA64 20A0 8C45 4A0E 6255"
gpg_passphrase = "<%= fasGpgPassphrase %>" gpg_passphrase = "{{ fasGpgPassphrase }}"
gpg_keyserver = "hkp://subkeys.pgp.net" gpg_keyserver = "hkp://subkeys.pgp.net"
[/fedora-server-ca.cert] [/fedora-server-ca.cert]

62
roles/fas_server/templates/yubikey-remove.py.j2 Executable file
View file

@ -0,0 +1,62 @@
#!/usr/bin/python -tt
import sys
import psycopg2
FAS_HOST = "db-fas"
YKKSM_HOST = "db-ykksm"
YKVAL_HOST = "db-ykksm"
FAS_USER = "fas"
FAS_PASS = "{{ fasDbPassword }}"
YKKSM_USER = "ykksmimporter"
YKKSM_PASS = "{{ ykksmimporterPassword }}"
YKVAL_USER = "ykval_verifier"
YKVAL_PASS = "{{ ykval_verifierPassword }}"
fasdb = None
yk_ksmdb = None
yk_valdb = None
def usage():
usage = '''
fas-yubiremove [USERNAME1 [USERNAME2 [...]]]
Remove existing yubikey for the listed USERNAMEs.
'''.strip()
print usage
def init():
global fasdb, yk_ksmdb, yk_valdb
fasdb = psycopg2.connect("user='%s' password='%s' host='%s' dbname='fas2'" % (FAS_USER, FAS_PASS, FAS_HOST))
yk_ksmdb = psycopg2.connect("user='%s' password='%s' host='%s' dbname='ykksm'" % (YKKSM_USER, YKKSM_PASS, YKKSM_HOST))
yk_valdb = psycopg2.connect("user='%s' password='%s' host='%s' dbname='ykval'" % (YKVAL_USER, YKVAL_PASS, YKVAL_HOST))
def main():
init()
# Get username from commandline
usernames = sys.argv[1:]
# get the yubikey for the user from the fas configs db
for username in usernames:
fas = fasdb.cursor()
fas.execute("select value from configs, people where people.id = configs.person_id and username=%s and application = 'yubikey' and attribute = 'prefix'", (username,))
prefix = fas.fetchall()[0]
# Remove the keys from the yubikey database
yk_ksm = yk_ksmdb.cursor()
yk_ksm.execute('delete from yubikeys where publicname=%s', (prefix[0],))
yk_val = yk_valdb.cursor()
yk_val.execute('delete from yubikeys where yk_publicname=%s', (prefix[0],))
# Remove the key from fas
fas.execute("delete from configs where person_id = (select id from people where username=%s) and application = 'yubikey'", (username,))
yk_valdb.commit()
yk_ksmdb.commit()
fasdb.commit()
if __name__ == '__main__':
sys.exit(main())

9
roles/fedimg/templates/fedmsg.d/fedimg.py
View file

@ -17,8 +17,17 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# #
# Authors: David Gay <dgay@redhat.com> # Authors: David Gay <dgay@redhat.com>
# Ralph Bean <rbean@redhat.com>
# #
config = dict( config = dict(
kojiconsumer=True, kojiconsumer=True,
{% if env == 'staging' %}
# Establish a loop from production back into the staging instance.
endpoints = {
"production-loopback": [
"tcp://hub.fedoraproject.org:9940",
],
},
{% endif %}
) )