We need vpn to reach the ipa servers.
Instead lets try and fix this by not specifying the group in
nagios/client.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now this task makes the ccd dir as 0755 and root.root, but then a
later task syncs this from batcave01 and it gets 2755 and
root.sysadmin-main. Just change this to match so we are more idempotent.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
There is a new ks in the repo that isn't tied to a specific version of
Fedora. Changing blockerbugs-stg to use that instead of the older style
version-fixed kickstart
Most of our vpn hosts are on a 192.168.1.0/24 network.
However we have a small number on a 'less secure' 'less trusted' subnet:
192.168.100.0/24. This change adds in logic to:
* on log01, allow rsyslog from 192.168.100.x hosts
* on ipa servers, allow ipa ports for 192.168.100.x hosts
* then reject everything else.
This will make sure 192.168.100.x hosts can only hit ssh and the two
above items, otherwise all vpn hosts will reject their traffic. This
should add a bit of security to having those hosts on the vpn.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
There's a actual legit person with a fas account of 'mock'
We don't want to use their account, we want to use the local mock user
instead.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Normally it's just a nitpick to not have trailing spaces on variables.
However, for some things like mac address, it really matters.
Bunches of buildhw's were failing ansibile because they were passing
"mac address " to linux-system-roles networking and ansible was going
'huh, nope, I can't find that mac address here at all'.
So, just blow all the tailing spaces away to avoid any other variables
that hit this.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The important change here is to retry to connect when we lose our connection
to rabbitmq.fedoraproject.org. (https://pagure.io/fedora-infrastructure/issue/9794)
be75c716bae720c45e720f8e1cecab01f4355bd3..98645617cd8529c042f1c398b283264a66a4bea5
Owen W. Taylor (6):
run-redis.sh: bind only to localhost and set a (trivial) password
release_info.py: Fix typo in the release name for F35
bodhi_change_monitor: handle exceptions when talking to fedora-messaging
bodhi_change_monitor: Don't just retry on stream lost, retry on connection refused
bodhi_change_monitor: Retry on ssl.SSLError
bodhi_change_monitor: Improve logging of exceptions
Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
