Nils Philippsen
2d4ec8d259
Apply openvpn/client role before ipa/client
...
This is so hosts on the Fedora VPN are able to talk to IPA before they
try to enroll.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 18:19:11 +01:00
Nils Philippsen
bcfe96b710
ipa/client: Enable VPN hosts to talk to IPA
...
This requires the canonical names of IPA servers to be mapped to their
IP addresses on the VPN as well as specifying the IPA server explicitly
when enrolling clients.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 18:19:11 +01:00
Nils Philippsen
28cc2e8d93
ipa/client: specify ipa server when enrolling VPN hosts
...
This is needed for clients that cannot access the internal DNS
where IPA servers are announced.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 18:18:55 +01:00
Aurélien Bompard
2c04966b51
Adjust the location of the service keytab in ipsilon
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-03-24 17:58:12 +01:00
Aurélien Bompard
4c5e2d605b
Fix the sssd config file
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-03-24 17:31:55 +01:00
Aurélien Bompard
be8535cf05
Fix ipsilon config
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-03-24 17:03:58 +01:00
Aurélien Bompard
327de7debe
Disable the openshift instances of ipsilon
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-03-24 16:59:26 +01:00
Stephen Coady
1f20f3556d
add a note saying fas is readonly. patch the docker image.
...
Signed-off-by: Stephen Coady <scoady@redhat.com>
2021-03-24 15:13:14 +00:00
Mark O'Brien
7f2e8d750a
fas2: turn mail on to false to avoid mail being sent
2021-03-24 15:11:25 +00:00
Mark O'Brien
49473da360
Avoid mail being sent from fas server while in read only mode
2021-03-24 15:11:25 +00:00
Nils Philippsen
7bbc061b41
Actually find the script file
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 15:24:05 +01:00
Nils Philippsen
f710f4102a
use script file instead of inline shell
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 15:19:37 +01:00
Nils Philippsen
97e389f73f
fix-home-fedora-ownerships: fix syntax errors
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 15:08:12 +01:00
Kevin Fenzi
56cbb0beb8
ipa: make sure we open ports 88 and 464 UDP
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2021-03-24 06:32:49 -07:00
Aurélien Bompard
e5a5ba6a86
Switch the proxies to point to the new Ipsilon VM
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-03-24 14:25:57 +01:00
Aurélien Bompard
7b2c578983
Ipsilon in prod is now on a VM like in staging
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2021-03-24 13:49:33 +01:00
Nils Philippsen
ad78542ff5
ipa/client: enable for zabbix in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
717b89b8ad
ipa/client: enable for wiki in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
a706cd8459
ipa/client: enable for vmhost_copr in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
65e0ea5d96
ipa/client: enable for virthost in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
fa72446395
ipa/client: enable for value in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
36cb1aaba7
ipa/client: enable for unbound in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
29aa38add0
ipa/client: enable for torrent in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
286af1a769
ipa/client: enable for tang in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
c0a7ba202b
ipa/client: enable for sundries in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
6c5b779488
ipa/client: enable for smtp_mm in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
06ec929ead
ipa/client: enable for sign_bridge in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
8463ae106f
ipa/client: enable for retrace in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
d34b4ff501
ipa/client: enable for resultsdb in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
e3ee5d6da8
ipa/client: enable for releng_compose in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
6b419af83e
ipa/client: enable for rabbitmq in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
6275b90b0d
ipa/client: enable for proxies in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
9195c2d39a
ipa/client: enable for pkgs in prod
...
...and grant shell access to the packager group.
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
8b6c9a19cf
ipa/client: enable for pdc_web in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
a4061e6bbc
ipa/client: enable for pagure in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
bd01967b92
ipa/client: enable for packages in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
bc6c2d4edd
ipa/client: enable for osbs in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
fd76ec07a2
ipa/client: enable for open shift in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
6fcbc946ee
ipa/client: enable for openqa in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
202715dbc8
ipa/client: enable for odcs in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
40a5fed45e
ipa/client: enable for oci_registry in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
b0eb4e6c82
ipa/client: enable for nuancier in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
49cafcccf4
ipa/client: enable for notifs in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
77c3daa9b7
ipa/client: enable for nagios in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
4d216bf165
ipa/client: enable for nfs-servers in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
79a6fe36da
ipa/client: enable for mirrormanager in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
5ca0478f55
ipa/client: enable for memcached in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
7cf64ad1f6
ipa/client: enable for mbs in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
3fd14610c6
ipa/client: enable for mailman in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
Nils Philippsen
323cec75df
ipa/client: enable for logging in prod
...
Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-24 13:44:33 +01:00
