Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
11764 commits 9 branches 0 tags 111 MiB
Commit graph

267 commits

Author SHA1 Message Date
Ricky Elrod
c89622c4b4 remove staging conditional on watchdog stuff, add conditionals for ensuring /dev/watchdog exists and that we are on a VM 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2016-01-18 16:47:12 +00:00
Kevin Fenzi
b467a264b2 Drop a extra line that causes a change 2016-01-08 16:32:47 +00:00
Kevin Fenzi
d55a3cb36f Setup a qa-isolated group in the qa net and have all other machines in that net reject anything from them. 
This helps us isolate higher risk qa hosts from lower risk ones without having to move everything to
a different network/vlan for now.
 2016-01-08 16:29:18 +00:00
Patrick Uiterwijk
aa377b10e3 Make smtp-mm accept email for lists.fh.o and forward 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-23 07:07:05 +00:00
Stephen Smoogen
b3d1236fff when adding a new proxy.. always remember to sync its httpd logs or they go byby 2015-12-18 00:07:50 +00:00
Kevin Fenzi
c779582362 Set sshd Protocol here to 2, this makes rkhunter happy hopefully. 2015-12-11 04:11:38 +00:00
Dennis Gilmore
1fb2627410 allow the builders to talk o kojipkgs on port 443 
Signed-off-by: Dennis Gilmore <ausil@fedoraproject.org>
 2015-12-09 20:08:09 +00:00
Kevin Fenzi
9066854b56 Drop backup for test 2015-12-09 19:20:25 +00:00
Kevin Fenzi
7b97a1246e Revert "Drop validate just for a test" 
This reverts commit 19ed9254b8.
 2015-12-09 19:19:51 +00:00
Kevin Fenzi
19ed9254b8 Drop validate just for a test 2015-12-09 19:19:10 +00:00
Kevin Fenzi
0bd796a739 This is /sbin on rhel6 hosts and should work on rhel7 too 2015-12-09 18:33:04 +00:00
Kevin Fenzi
82902fd1c0 Does this work now? 2015-12-09 18:27:01 +00:00
Kevin Fenzi
5e4bb96eb5 Lets sort staging hosts in iptables template too 2015-12-09 18:00:12 +00:00
Kevin Fenzi
8f7ef04c2a Add dnf-automatic as a required role for base. This will enable it on all Fedora machines. 2015-12-09 17:35:23 +00:00
Dennis Gilmore
312ac98ff5 fedorahosted server moved and we did not update the iptables rules 
Signed-off-by: Dennis Gilmore <ausil@fedoraproject.org>
 2015-12-09 04:26:45 +00:00
Kevin Fenzi
bd72a45ef0 Add closing conditional 2015-12-08 19:36:56 +00:00
Kevin Fenzi
4cbb6d909e Switch builders to use bastion01/02 for ntp 2015-12-08 19:34:58 +00:00
Kevin Fenzi
a5007ba910 Move ntp to a template. In phx2 non bastion01/02 hosts will use bastion01/02 and those will use the normal rhel pools. 2015-12-08 19:33:29 +00:00
Till Maas
be5c2eb707 Fix validate syntax 2015-12-07 20:15:23 +01:00
Till Maas
1b28aecdcf Validate iptables files before restoring 2015-12-07 20:10:09 +01:00
Patrick Uiterwijk
38effbb69b This hotfix is now reverted, and should be deleted 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-03 17:16:01 +00:00
Patrick Uiterwijk
ba2a83b96a Remove digicert hotfix 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-03 17:05:29 +00:00
Patrick Uiterwijk
ac05dd73f8 But rhel6 does not hae usr unification 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-03 15:08:23 +00:00
Patrick Uiterwijk
8b82bc20ef This also seems to exist on RHEL6 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-03 15:06:35 +00:00
Patrick Uiterwijk
0bf133caa3 Fix path 2015-12-03 15:03:24 +00:00
Patrick Uiterwijk
8deaa480b0 Jinja2-ize 2015-12-03 15:01:54 +00:00
Patrick Uiterwijk
10ec5b518f Add temporary digicert hotfix 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-12-03 14:59:57 +00:00
Kevin Fenzi
dcfc795f4e Hey look. Some new ntp servers. 2015-12-02 21:13:57 +00:00
Kevin Fenzi
5585dacf50 Add ceylon-lang.org to transports so it delivers correctly. 2015-12-02 00:17:27 +00:00
Kevin Fenzi
f64646fec2 Revert "install python-dnf on F22+" 
This reverts commit b1c890974c.
 2015-11-30 20:23:54 +00:00
Miroslav Suchý
b1c890974c install python-dnf on F22+ 2015-11-30 08:07:23 +01:00
Kevin Fenzi
17d96e5da9 Add a conditional-reload script and use it so we can not fail on hosts with no httpd installed. 2015-11-13 23:49:38 +00:00
Kevin Fenzi
352c1a2838 think we need and here. 2015-11-10 21:08:25 +00:00
Ricky Elrod
edc4b7067d watchdog-ify staging, hopefully 
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
 2015-11-10 20:11:11 +00:00
Peter Robinson
595c222baf kojibuilder: add ppc hub to firewall 2015-10-13 03:02:45 +00:00
Kevin Fenzi
f6722659e5 Switch sshd config for f22/f23 to explicitly say only v2 protocol, adjust rkhunter for this. 2015-10-09 19:32:51 +00:00
Kevin Fenzi
96d1784001 Adjust rkhunter and sshd config for releng so they stop alerting. 2015-10-08 16:42:13 +00:00
Kevin Fenzi
b03b871080 Drop *.info on the mirrorlist servers as that causes a ton of traffic to log01 2015-10-07 15:30:26 +00:00
Kevin Fenzi
981f1906a1 Add f22 and f23 sshd configs 2015-09-27 16:04:35 +00:00
Kevin Fenzi
1dd79c9801 Remove mentions of lockbox01. 2015-09-25 18:49:17 +00:00
Stephen Smoogen
3be0ca58fa and we have nagios-external 2015-09-01 23:05:58 +00:00
Stephen Smoogen
b74a402571 and we remove proxy09 2015-09-01 22:13:09 +00:00
Kevin Fenzi
096a7204a2 Fix out ntp setup to use 5 ip's from the rhel.pool.ntp.org pool. 2015-08-31 16:32:10 +00:00
Mikolaj Izdebski
80a2b5c6bb Remove configuration for old jenkins 2015-08-26 16:51:39 +00:00
Mikolaj Izdebski
11840759fa Add custom resolv.conf for jenknis in new cloud 2015-08-26 16:49:26 +00:00
Kevin Fenzi
eb61b06a56 Fix resolv.conf on s390 koji for good hopefully. 2015-08-23 19:33:49 +00:00
Kevin Fenzi
237a7113fd Take out releng04/relepel01/bodhi01/bodhi02. 2015-08-21 19:17:59 +00:00
Aurélien Bompard
278c215cce Rollback migration of lists.fedorahosted.org 2015-08-21 15:48:50 +00:00
Aurélien Bompard
5b5c83d4de Update the Mailman role after addition of fedorahosted 2015-08-21 10:43:32 +00:00
Kevin Fenzi
4d72631446 Make sure all hosts have at least 2 nameservers and rotate with 1 sec timeout. 2015-08-19 18:52:51 +00:00