Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
6226 commits 9 branches 0 tags 111 MiB
Commit graph

6226 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
f8155af5d5 Minor tweak for new squid syntax 2015-02-04 21:02:10 +00:00
Kevin Fenzi
eedd7d91f5 Install needed ssl keys and certs 2015-02-04 20:55:47 +00:00
Kevin Fenzi
71b2178046 Drop jstanley from pager setup for now due to bouncing 2015-02-04 19:22:34 +00:00
Patrick Uiterwijk
997db6c6ba Handle deprecation of old config flag for FedOAuth 2015-02-04 16:50:59 +00:00
Kevin Fenzi
959e9b9f51 Add store redirect. ticket 4653 2015-02-04 16:44:36 +00:00
Miroslav Suchý
ce6fb32e56 do not change swift, it listen just on public IP 2015-02-04 16:09:32 +00:00
Miroslav Suchý
f4f43dc3c6 add ceilometer port 2015-02-04 15:59:37 +00:00
Miroslav Suchý
8d8b6cdf75 no keystone endpoint, no keystone interaction 
use ADMIN_TOKEN to get in
 2015-02-04 15:40:00 +00:00
Till Maas
82ad4ba5ca fedocal: Set APPLICATION_ROOT 2015-02-04 16:27:03 +01:00
Till Maas
1a5e7d694c Use https for links to apps.fpo 2015-02-04 15:57:10 +01:00
Pierre-Yves Chibon
f05af51730 Make the remaining flask applications send the cookie over https only 2015-02-04 15:42:44 +01:00
Till Maas
73b1222f6b Make other flask session cookies secure 2015-02-04 15:34:31 +01:00
Till Maas
4a2e0ab67b sync getfedora with puppet/modules/fedora-web/files/getfedora.org.conf 2015-02-04 15:26:04 +01:00
Till Maas
50521629f0 Make pkgdb2 session cookie secure 2015-02-04 15:24:01 +01:00
Till Maas
bd5407d679 Add HSTS header to bodhi, elections, fas, pkgdb 
Seems like this needs to be configured in the reverse proxy config as it
is done for id.
 2015-02-04 15:24:01 +01:00
Miroslav Suchý
ec8b1d7891 change keystone internal endpoint to internal ip 2015-02-04 14:20:54 +00:00
Miroslav Suchý
de6231cf0b try this 2015-02-04 13:42:03 +00:00
Miroslav Suchý
fa1ad51ca9 try this 2015-02-04 13:30:28 +00:00
Till Maas
e67081afe1 Improve HSTS header 
- always set the header to make it hopefully appear on redirect as well
  (https://fedorahosted.org/fedora-infrastructure/ticket/2888#comment:11)
- set preload, to make it more likely that subdomains can be
  added to preload list
 2015-02-04 11:49:05 +01:00
Miroslav Suchý
49e1e87d10 try this 2015-02-04 10:30:35 +00:00
Miroslav Suchý
28979a6b76 first try to redefine keystone endpoints 2015-02-04 10:05:55 +00:00
Robert Mayr
ffd77b6d7f add redirects for sponsors and code-of-conduct also to ansible 2015-02-03 17:13:49 +00:00
Miroslav Suchý
513ecd83ec open httpd ports 2015-02-03 16:31:57 +00:00
Miroslav Suchý
65dedbe5b7 fix service name 2015-02-03 16:14:32 +00:00
Kevin Fenzi
cc6e024318 Switch plugins back to copy 2015-02-03 14:59:53 +00:00
Kevin Fenzi
6dff446eb8 Drop delete=yes for now. 2015-02-03 14:52:11 +00:00
Kevin Fenzi
837ac67c86 Fix up this sync call 2015-02-03 14:45:27 +00:00
Kevin Fenzi
38a1fbc592 We need this checkcommands.cfg template too. 2015-02-03 14:42:22 +00:00
Kevin Fenzi
f559c54683 Don't disable mirrormanager web interface on sundries01.stg 2015-02-03 14:30:21 +00:00
Kevin Fenzi
53af225e74 Put datacenter here. 2015-02-03 14:10:07 +00:00
Kevin Fenzi
412bc77533 This should be in datacenter cloud. 2015-02-03 14:07:43 +00:00
Kevin Fenzi
59e3569deb Switch this conditional to handle fedora instances as well. 2015-02-03 13:46:32 +00:00
Valentin Gologuzov
086d297f50 [copr] backend: set acl for nrpe to read /etc/copr/copr-be.conf 2015-02-03 11:10:34 +01:00
Valentin Gologuzov
e039d762f8 [copr] frontend: set acl on /var/log/httpd to be accesable by logstash 2015-02-03 10:57:14 +01:00
Miroslav Suchý
5aad95061a use rabbit_host instead of rabbit_hostname 2015-02-03 09:36:12 +00:00
Miroslav Suchý
0bacd2fc7d add swift storage and rsync ports 2015-02-03 08:46:40 +00:00
Miroslav Suchý
e40b363b2d add nova qemu migration ports 2015-02-03 08:45:44 +00:00
Miroslav Suchý
1ca2b65eba add nova compute ports 2015-02-03 08:45:06 +00:00
Miroslav Suchý
0f5d2e6b87 add mongodb port for swift storage 2015-02-03 08:43:31 +00:00
Miroslav Suchý
f827d2c61d add mariadb port 2015-02-03 08:42:57 +00:00
Miroslav Suchý
d439587896 add cinder port 2015-02-03 08:30:14 +00:00
Miroslav Suchý
c13bb98766 add ssl of amqp port 2015-02-03 08:29:35 +00:00
Miroslav Suchý
79540de8fd move to "with_item" 
so we are prepared to add more ports
 2015-02-03 08:28:24 +00:00
Valentin Gologuzov
f64c4b1c44 [copr] backend: add custom selinux policy for nrpe checks 2015-02-03 01:54:04 +01:00
Kevin Fenzi
6a4e823ce3 Add restart squid 2015-02-03 00:46:51 +00:00
Kevin Fenzi
833bde6832 Add sebool requirement here. 2015-02-02 22:27:56 +00:00
Ricky Elrod
6d7c9d1e4a actually do it 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2015-02-02 22:00:53 +00:00
Ricky Elrod
af373f0ba7 Nuke a bunch of commented out files and add delete=yes 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2015-02-02 22:00:18 +00:00
Kevin Fenzi
04b00f4d5c Adjust volume group for kojipkgs 2015-02-02 21:54:21 +00:00
Valentin Gologuzov
92729c1ae5 Revert "[copr] open 5666 port for nrpe checks" 
This reverts commit f0250441bd.
 2015-02-02 22:04:40 +01:00