Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34634 commits 9 branches 0 tags 111 MiB
Commit graph

428 commits

Author SHA1 Message Date
Stephen Smoogen
2adb66f4d5 General cleanup of aliases and add mobrien to various places. 
Remove old smooge lines
Remove centos box which is no longer existant.

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-23 16:52:20 +00:00
Pierre-Yves Chibon
d0f112f435 pagure: make ADMIN_GROUP be None, this works fine 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-17 16:01:17 +01:00
Pierre-Yves Chibon
deee7e9b9f pagure: define ADMIN_GROUP to a group that do not exists 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-16 22:41:32 +01:00
Pierre-Yves Chibon
9ce8e6eac3 pagure: explicitely undefine the ADMIN_GROUP variable 
Otherwise it goes back to using sysadmin-main which is the default
value, while here we want to rely on a list of users, not a group.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-16 20:12:38 +01:00
Pierre-Yves Chibon
30336150a8 pagure: add another tag 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
eba9565e3b pagure: make the instance-wide admins be a list of users rather than a group 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-11 10:58:55 +01:00
Pierre-Yves Chibon
7d29b2fbf7 pagure: allow the commit ACL on API token to not be project-specific 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-04 17:40:18 +01:00
Pierre-Yves Chibon
63437cbb4a pagure: add the lock permission on file 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 16:50:04 +01:00
Pierre-Yves Chibon
6969128d11 pagure: give selinux a little more permissions 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 16:48:06 +01:00
Pierre-Yves Chibon
8b0ec42622 pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:38 +01:00
Pierre-Yves Chibon
e8e25afce5 pagure: fix the path to the new location of the intermediate cert 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 10:06:45 +01:00
Pierre-Yves Chibon
5d18697e9c pagure: add a couple of tags 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 10:53:11 +01:00
Pierre-Yves Chibon
677e20cf5d pagure: install python3-pagure-messages on the host 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 10:38:51 +01:00
Pierre-Yves Chibon
467113e65d pagure: fix the path to the ssl cert in the stunnel config 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 10:29:46 +01:00
Pierre-Yves Chibon
78ecdfe13d pagure: the hotfix to the stream server needs to restart the pagure_ev service, not httpd 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 09:58:07 +01:00
Pierre-Yves Chibon
7142c188a0 pagure: hotfix the stream server with the py3-only version 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 09:56:39 +01:00
Kevin Fenzi
d6244f86ef pagure / production: fix a key path in prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:44:21 -08:00
Kevin Fenzi
8316535c1a pagure / production: fix typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:36:05 -08:00
Kevin Fenzi
c0025e4cce pagure / production: add letsencrypt config for pagure.io ssl certs. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:34:24 -08:00
Kevin Fenzi
467731347d pagure / staging: fix path to cert in 2 places. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:33:53 -08:00
Kevin Fenzi
5d8fd0a764 pagure / staging: www and lists do not exist in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:07:00 -08:00
Kevin Fenzi
6866165646 pagure / staging: try a different format for aliases 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:04:42 -08:00
Kevin Fenzi
b31730d841 pagure / staging: combine certs to 1, clean up logic 
There's no reason to not just use one letsencrypt cert for stg.pagure.
Also clean up logic in the web config and make sure all the servernames
are handled correctly.

Once this works, will roll this to production.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 11:52:09 -08:00
Pierre-Yves Chibon
eba4430b1c pagure: typo in the selinux policy ioctl != ioctrl 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-17 15:26:11 +01:00
Pierre-Yves Chibon
c025a442eb pagure: expand the SELinux pagure policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-17 15:24:35 +01:00
Pierre-Yves Chibon
3351fbd3b4 drop run_once when install selinux policies 
Otherwise the policy doesn't get installed everywhere...

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 16:48:42 +01:00
Pierre-Yves Chibon
cb2a947479 pagure: fix path to the selinux policy file 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:59:32 +01:00
Pierre-Yves Chibon
033c798d6e pagure: make use of the new selinux/module role to install/compile selinux policies 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:55:10 +01:00
Pierre-Yves Chibon
cb018f088b distgit/pagure: fix debug calls, msg is not for variables 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-09 16:22:24 +01:00
Pierre-Yves Chibon
e63f2d99ad pagure: use staging ipsilon in staging pagure 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-09 10:30:32 +01:00
Pierre-Yves Chibon
85bbe256df distgit/pagure: add names to the tasks 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:19:42 +01:00
Pierre-Yves Chibon
3babdf5ff9 distgit/pagure: indentation fix 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:06:43 +01:00
Pierre-Yves Chibon
9e50494ac9 distgit/pagure: add some debugging to understand why it mis-behaves 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:05:48 +01:00
Pierre-Yves Chibon
8a8b1731b3 pagure: add a publish_exchange variable to the fedora-messaging config 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-05 14:58:58 +02:00
Pierre-Yves Chibon
dc59446b99 pagure: drop the frontend sub-directory 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 16:14:06 +02:00
Pierre-Yves Chibon
c9c2a6158e pagure: clean up the pagure role as pagure01 is no longer real 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 16:09:14 +02:00
Mark O'Brien
f605f83ad6 pagure - remove refs to sslv1/2 as no longer supported 2020-10-01 12:35:01 +01:00
Pierre-Yves Chibon
ce56359d70 pagure: missed a type in the selinux policy... 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 12:53:54 +02:00
Pierre-Yves Chibon
9df0fc6b33 pagure: adjust the selinux policy some more 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 12:50:44 +02:00
Pierre-Yves Chibon
11c31a9fe1 pagure: fix typo in selinux boolean 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 12:44:33 +02:00
Pierre-Yves Chibon
317be2fa93 pagure: Add missing permission in the pagure policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 12:43:24 +02:00
Pierre-Yves Chibon
c4431d0a21 pagure: update the selinux configuration for pagure 
Split all the selinux tasks in a different file so it's easier to
read/find.
Adjust the custom policy based on our latest findings.
Build and compile the policy directly on the host.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 12:35:30 +02:00
Pierre-Yves Chibon
aaf335d680 pagure: enable the nis_enabled selinux boolean 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 11:45:59 +02:00
Pierre-Yves Chibon
20f901f337 pagure: enable the httpd_execmem selinux boolean 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 11:39:31 +02:00
Pierre-Yves Chibon
0bf1f7ed0d pagure: increase the apache timeout to 1 minute 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-25 15:37:00 +02:00
Pierre-Yves Chibon
32a778a584 pagure: ensure mod_wsgi is installed 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-25 11:50:14 +02:00
Pierre-Yves Chibon
f7de81d5e5 pagure: adjust the playbook so it support pagure02 which is rhel8/py3 based 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-25 11:27:51 +02:00
Pierre-Yves Chibon
a081e5c0d2 pagure: turns out we have two pagure DB users 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-24 21:52:43 +02:00
Pierre-Yves Chibon
f75d677b56 pagure: remove an invalid closing bracket 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-24 21:49:14 +02:00
Pierre-Yves Chibon
f08c16184b pagure: create the db and its user as the postgres user 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-09-24 21:47:56 +02:00