Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34634 commits 9 branches 0 tags 111 MiB
Commit graph

64 commits

Author SHA1 Message Date
Stephen Smoogen
2adb66f4d5 General cleanup of aliases and add mobrien to various places. 
Remove old smooge lines
Remove centos box which is no longer existant.

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-23 16:52:20 +00:00
Kevin Fenzi
af0253afe5 clean up some more openqa_stg vs openqa_lab 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-09-21 15:24:03 -07:00
Kevin Fenzi
20b1b72e56 rkhunter: Adjust template to work with current database servers. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-06-16 15:07:02 -07:00
Stephen Smoogen
e2a8626eee start standing up openqa for iad2 2020-05-29 11:42:14 -04:00
Tim Flink
77adf20745 rkhunter: removing taskotron group references 2020-05-22 15:02:17 -06:00
Kevin Fenzi
74866ebb8b rkhunter: drop the extra endif here that was breaking the template 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 10:58:39 -07:00
Kevin Fenzi
2882e32341 rkhunter: pagure-stg01 also now has a postgresql shm file 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-05-13 10:49:05 -07:00
Kevin Fenzi
abc8a2ad85 two last small scraps leftover from ci-cc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:19 +02:00
Kevin Fenzi
9b14a4aaf5 proxies: adjust rkhunter for new non root mirrorlist pods 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:14 +02:00
Kevin Fenzi
738779a150 rkhunter: just install on all machines that include the role. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:13 +02:00
Kevin Fenzi
03aff34bd2 rkhunter: fix the fact that f30+ don't install ifup/ifdown from network-scripts anymore. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:11 +02:00
Kevin Fenzi
81fb4582e7 ansible: change when conditions to use == instead of is when checking strings. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Karsten Hopp
c9ed62ac32 update ansible_distribution_major_version conditionals 
Signed-off-by: Karsten Hopp <karsten@redhat.com>
 2020-04-24 21:34:10 +02:00
Kevin Fenzi
ddad0d396c rkhunter / osbs: newest fedora doesn't use network-scripts by default, so don't check ifup/ifdown. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:09 +02:00
Kevin Fenzi
e729cd4fb0 rkhunter: also drop promic test on buildvmhost-s390x as the birdge has to be in that mode. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-07-10 18:28:00 +00:00
Kevin Fenzi
5a79337b8c rkhunter: Fix some over changed _s back to -s 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-06-20 16:20:04 +00:00
Karsten Hopp
0516df54c1 rkhunter: dnf->package 2019-06-11 16:08:43 +00:00
Kevin Fenzi
4b31ac5152 ansible: Change all our group names from foo-bar to foo_bar or foo-bar-baz to foo_bar_baz 
In ansible 2.8 the - character isn't supposed to be valid in group names.
While we could override this, might has well just bite the bullet and change it.
So, just switch all group names to use _ instead of -

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-20 17:38:09 +00:00
Kevin Fenzi
b8d73fde1e proxies: allow another shm file that apache seems to make now. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-11 04:36:10 +00:00
Kevin Fenzi
18ca69b231 just globally allow .java 2018-12-03 16:28:25 +00:00
Kevin Fenzi
4e59394183 more machines have .java now 2018-12-02 20:38:10 +00:00
Kevin Fenzi
b3a9cb6df6 add new fips junk that just landed in f28 for some reason 2018-07-14 18:28:57 +00:00
Kevin Fenzi
23335a4eb5 fix false positive on db-qa03 2018-07-01 18:42:29 +00:00
Kevin Fenzi
aabe4115b5 try and simplify 2018-04-06 05:38:25 +00:00
Kevin Fenzi
6699d4ed8e fix space 2018-04-06 05:34:04 +00:00
Kevin Fenzi
180cc21c6a fix typo 2018-04-06 05:31:38 +00:00
Kevin Fenzi
52c43d2148 adjust shm size check for postgres servers 2018-04-06 05:26:20 +00:00
Kevin Fenzi
2622dea3c4 drop db-koji02.stg from inventory 2018-03-21 17:44:36 +00:00
Tim Flink
91e384d3e9 removing db-qa-stg01.qa from ansible 2018-03-05 16:25:51 +00:00
Kevin Fenzi
178509d30c adjust and fix typo in rkhunter config 2018-03-04 18:02:42 +00:00
Kevin Fenzi
0b5895d664 add 2 more machines to allow rkhunter shm file 2018-03-02 18:32:47 +00:00
Patrick Uiterwijk
0a06c5bb6d Also send the spam to me 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-12-04 19:55:30 +00:00
Patrick Uiterwijk
adcbf72f03 Packageize this, packageize that, packageize the world 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-08 22:25:52 +00:00
Kevin Fenzi
86cd6f5b0e add db-qa-01 to postgresql server exceptions in rkhunter config 2017-08-21 20:12:37 +00:00
Kevin Fenzi
c3324c8883 Also allow postgres shm file on ci-cc-rdu01. 2017-05-19 22:13:13 +00:00
Kevin Fenzi
f57fc5fde4 add some exceptions for kojipkgs squid and rkhunter 2016-12-30 16:17:15 +00:00
Kevin Fenzi
d255f19374 add a exclude for the bdr postgres shm segments 2016-10-18 16:23:30 +00:00
Kevin Fenzi
f532d96366 turns out we need both of these 2016-10-18 16:20:14 +00:00
Kevin Fenzi
0982a1a72b adjust rkhunter for new ipa path 2016-10-18 16:12:15 +00:00
Kevin Fenzi
556d638ee6 adjust rkhunter for taskotron client hosts 2016-10-17 14:45:02 +00:00
Kevin Fenzi
b7b8d26004 also allow /etc/.java for freeipa 2016-09-07 15:44:50 +00:00
clime
8de8e4d99c rkhunter exceptions for ipa servers 2016-09-07 15:34:31 +00:00
Kevin Fenzi
23683f3d59 Use inventory_hostname instead of ansible_fqdn, which has some bad effects in some cases due to reverse dns. 2016-04-19 23:21:41 +00:00
Kevin Fenzi
e3bfa45201 Well, that didn't work, lets try this 2015-12-23 17:28:26 +00:00
Kevin Fenzi
10552179ff Try this to also tell rkhunter to allow spice files on openqa worker hosts 2015-12-23 17:24:34 +00:00
Kevin Fenzi
8e989c4e39 This should be the fqdn to match whats in inventory 2015-12-10 04:07:56 +00:00
Kevin Fenzi
d7c07d6cf5 Apply this to all virtservers 2015-12-09 04:24:01 +00:00
Kevin Fenzi
9a3056a891 Allow /dev/shm/spice files on virthosts/openqa boxes. 2015-12-09 04:10:19 +00:00
Kevin Fenzi
4639bc617f Adjust rkhunter template 2015-10-10 13:03:57 +00:00
Kevin Fenzi
f6722659e5 Switch sshd config for f22/f23 to explicitly say only v2 protocol, adjust rkhunter for this. 2015-10-09 19:32:51 +00:00