Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
34596 commits 9 branches 0 tags 111 MiB
Commit graph

34596 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kevin Fenzi
5b1b2c403d nagios: fix ipsilon check to look for something in the new theme 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 18:13:37 -07:00
Nils Philippsen
72b940d31a ipa/client: stopgap for shell groups on bastion 
Evaluating ipa_client_shell_group from another group won't work this
way. Hardcode the list until we have a better solution.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 23:56:14 +01:00
Kevin Fenzi
5f8274ff6c ircbot: clean up additional typo in fedmsg-irc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 15:55:48 -07:00
Kevin Fenzi
3ac327e4ff ircbot: clean up typo in fedmsg-irc 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 15:54:27 -07:00
Stephen Smoogen
16ee589eee up the number of cpus for the systems in the group. add 2GB more ram also 2021-03-24 18:36:48 -04:00
Stephen Smoogen
a3fd2875c2 attempt to add sysadmin-qa so that adamw can get some f*ing work done 2021-03-24 15:10:14 -04:00
Kevin Fenzi
fadfa83427 inventory / group / oci_registry: clear out duplicate variables 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 11:49:22 -07:00
Kevin Fenzi
f88bdf2c78 mediawiki: drop old fas cla and use agreements in prod now 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 11:39:11 -07:00
Nils Philippsen
0ad057a285 VPN hosts: Don't enroll with ipa03 for now 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:33:09 +01:00
Nils Philippsen
2d4ec8d259 Apply openvpn/client role before ipa/client 
This is so hosts on the Fedora VPN are able to talk to IPA before they
try to enroll.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:19:11 +01:00
Nils Philippsen
bcfe96b710 ipa/client: Enable VPN hosts to talk to IPA 
This requires the canonical names of IPA servers to be mapped to their
IP addresses on the VPN as well as specifying the IPA server explicitly
when enrolling clients.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:19:11 +01:00
Nils Philippsen
28cc2e8d93 ipa/client: specify ipa server when enrolling VPN hosts 
This is needed for clients that cannot access the internal DNS
where IPA servers are announced.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 18:18:55 +01:00
Aurélien Bompard
2c04966b51
Adjust the location of the service keytab in ipsilon 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 17:58:12 +01:00
Aurélien Bompard
4c5e2d605b
Fix the sssd config file 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 17:31:55 +01:00
Aurélien Bompard
be8535cf05
Fix ipsilon config 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 17:03:58 +01:00
Aurélien Bompard
327de7debe
Disable the openshift instances of ipsilon 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 16:59:26 +01:00
Stephen Coady
1f20f3556d add a note saying fas is readonly. patch the docker image. 
Signed-off-by: Stephen Coady <scoady@redhat.com>
 2021-03-24 15:13:14 +00:00
Mark O'Brien
7f2e8d750a fas2: turn mail on to false to avoid mail being sent 2021-03-24 15:11:25 +00:00
Mark O'Brien
49473da360 Avoid mail being sent from fas server while in read only mode 2021-03-24 15:11:25 +00:00
Nils Philippsen
7bbc061b41 Actually find the script file 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 15:24:05 +01:00
Nils Philippsen
f710f4102a use script file instead of inline shell 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 15:19:37 +01:00
Nils Philippsen
97e389f73f fix-home-fedora-ownerships: fix syntax errors 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 15:08:12 +01:00
Kevin Fenzi
56cbb0beb8 ipa: make sure we open ports 88 and 464 UDP 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-03-24 06:32:49 -07:00
Aurélien Bompard
e5a5ba6a86
Switch the proxies to point to the new Ipsilon VM 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 14:25:57 +01:00
Aurélien Bompard
7b2c578983
Ipsilon in prod is now on a VM like in staging 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
 2021-03-24 13:49:33 +01:00
Nils Philippsen
ad78542ff5 ipa/client: enable for zabbix in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
717b89b8ad ipa/client: enable for wiki in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
a706cd8459 ipa/client: enable for vmhost_copr in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
65e0ea5d96 ipa/client: enable for virthost in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
fa72446395 ipa/client: enable for value in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
36cb1aaba7 ipa/client: enable for unbound in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
29aa38add0 ipa/client: enable for torrent in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
286af1a769 ipa/client: enable for tang in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
c0a7ba202b ipa/client: enable for sundries in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
6c5b779488 ipa/client: enable for smtp_mm in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
06ec929ead ipa/client: enable for sign_bridge in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
8463ae106f ipa/client: enable for retrace in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
d34b4ff501 ipa/client: enable for resultsdb in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
e3ee5d6da8 ipa/client: enable for releng_compose in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
6b419af83e ipa/client: enable for rabbitmq in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
6275b90b0d ipa/client: enable for proxies in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
9195c2d39a ipa/client: enable for pkgs in prod 
...and grant shell access to the packager group.

Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
8b6c9a19cf ipa/client: enable for pdc_web in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
a4061e6bbc ipa/client: enable for pagure in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
bd01967b92 ipa/client: enable for packages in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
bc6c2d4edd ipa/client: enable for osbs in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
fd76ec07a2 ipa/client: enable for open shift in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
6fcbc946ee ipa/client: enable for openqa in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
202715dbc8 ipa/client: enable for odcs in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00
Nils Philippsen
40a5fed45e ipa/client: enable for oci_registry in prod 
Signed-off-by: Nils Philippsen <nils@redhat.com>
 2021-03-24 13:44:33 +01:00