Patrick Uiterwijk
d8b121b2df
Make sure all machines know which realm to use
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 08:26:18 +00:00
Patrick Uiterwijk
c4721201a4
Fix indentation
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 08:09:11 +00:00
Patrick Uiterwijk
2192db58db
Allow id.fp.o use
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 08:06:46 +00:00
Patrick Uiterwijk
5ced2ec87a
Make IPA API available from external
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 08:04:23 +00:00
Patrick Uiterwijk
1e9775a1be
ipa01 is also available in stg
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 06:01:34 +00:00
Patrick Uiterwijk
ab8a83c4b8
Also limit prod to ipa01
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:53:16 +00:00
Patrick Uiterwijk
795c659f7a
Only use IPA01 for API access since sessions are not synchronized
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:50:43 +00:00
Patrick Uiterwijk
658cad48e2
Fix IPA reverse cookie domain
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:33:05 +00:00
Patrick Uiterwijk
0464676294
Force combined keytab ownership
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:26:30 +00:00
Patrick Uiterwijk
a3203b9950
Record original
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:24:11 +00:00
Patrick Uiterwijk
78261c632c
Make IPA use the combined keytab
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:21:37 +00:00
Patrick Uiterwijk
ab40af84d1
Make it a task
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:16:52 +00:00
Patrick Uiterwijk
a16153d7ad
Combine keytabs together
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 05:13:49 +00:00
Patrick Uiterwijk
d9adca0c1b
Revert "When a response is too big, also send it via FORM encoding"
...
This reverts commit e2a1822525
.
2016-12-19 20:27:47 +00:00
Patrick Uiterwijk
e2a1822525
When a response is too big, also send it via FORM encoding
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-19 20:05:49 +00:00
Patrick Uiterwijk
192fb8d7bc
Secondary-bridge can proxy on secondary hubs
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-19 02:51:49 +00:00
Patrick Uiterwijk
1bb27419cb
Fix secondary bridge
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-19 02:44:24 +00:00
Kevin Fenzi
742e91e5d0
increase the max request limit on koji
2016-12-18 16:05:17 +00:00
Till Maas
7c5a3b7730
Apply changes for koji-gc hotfix
2016-12-18 10:45:49 +01:00
Till Maas
15bc834f36
Prepare koji-gc hotfix
2016-12-18 10:43:33 +01:00
Patrick Uiterwijk
8c6162d9e6
Also update the filter rule
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-18 03:36:08 +00:00
Patrick Uiterwijk
1a91c9a91e
Deal with new RPMSign messages by koji v1.11.0 and maybe higher but who knows
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-18 03:34:53 +00:00
Patrick Uiterwijk
10490e8d92
Set serverca for koji and set default koji instance
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-17 23:54:30 +00:00
Patrick Uiterwijk
a7e0c3cf6b
Koji is now on https
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-17 23:40:42 +00:00
Patrick Uiterwijk
e049e86772
Seemingly koji-gc is run as apache
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-17 21:44:55 +00:00
Till Maas
5b6a193f04
Fix koji_weburl varname
2016-12-17 19:03:37 +01:00
Till Maas
2a4fa52c5f
Set krb_rdns to False
...
Signed-off-by: Till Maas <opensource@till.name>
2016-12-17 18:51:59 +01:00
Till Maas
3236ac3eae
Make koji-gc use kerberos
2016-12-17 18:47:31 +01:00
Till Maas
edbcae6000
Set serverca for koji-gc
2016-12-17 18:35:24 +01:00
Till Maas
13359adf4a
Create koji-gc.conf from a template
...
Signed-off-by: Till Maas <opensource@till.name>
2016-12-17 18:34:46 +01:00
Adam Williamson
32a1caf8c5
openqa: bump qa09 to 10 workers
2016-12-16 20:10:07 -08:00
Patrick Uiterwijk
93763b2c21
::1 is a trusted proxy
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-16 22:47:49 +00:00
Kevin Fenzi
e2b0e8b609
more epylog weed eating
2016-12-16 21:50:21 +00:00
6976392a8b
adding qa09 to openqa-stg-workers
2016-12-16 21:08:31 +00:00
6b7ff651c9
trying updates.img with f24 taskotron
2016-12-16 16:55:35 +00:00
Kevin Fenzi
4451aa8bd9
Adjust weed for another sshd log message
2016-12-16 16:41:55 +00:00
Kevin Fenzi
ca134e70b8
Pagure has a 250GB disk now.
2016-12-16 16:41:55 +00:00
Patrick Uiterwijk
e39d0146cf
Create koji_shadow user and give it the shadow/ keytab
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-16 15:43:49 +00:00
Patrick Uiterwijk
135b45fe5e
Try this
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-16 15:33:59 +00:00
Patrick Uiterwijk
bc31f44fcc
Issue shadow/ keytab
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-16 15:32:42 +00:00
Kevin Fenzi
6c0099fb21
Systemd wants service/unit files to get 644, not 755.
2016-12-16 14:50:22 +00:00
Pierre-Yves Chibon
4e06ab7f1a
The pagure cert is named .cert not .crt
2016-12-16 15:25:02 +01:00
Adam Miller
0a260d3ebc
Revert "override osbs default input.json to ensure secure comms everywhere"
...
This reverts commit 7f809c31fb
.
2016-12-16 06:39:35 +00:00
Adam Miller
a6747b056a
Revert "verify_ssl: true for osbs store metadata plugin"
...
This reverts commit dd3b55935f
.
This change is going to require a bit more work because the cert in
question is self-signed and auto-generated by the openshift-ansible
cluster bootstrapping since it's only internal to the cluster.
Patrick has an idea for how to handle this going forward, will
follow up later.
2016-12-16 06:37:50 +00:00
Adam Miller
dd3b55935f
verify_ssl: true for osbs store metadata plugin
...
Signed-off-by: Adam Miller <admiller@redhat.com>
2016-12-16 04:42:11 +00:00
677a978518
docs.qa-prod01.qa isn't just stg
2016-12-16 04:28:33 +00:00
b8bed91def
fixing reverseproxy on qa-prod01 to use vpn
2016-12-16 01:44:01 +00:00
67271dd51b
adding vpn config for qa-prod01.qa
2016-12-16 01:35:06 +00:00
a532447453
adding openvpn client to qa-prod01.qa
2016-12-16 01:35:06 +00:00
Adam Miller
7f809c31fb
override osbs default input.json to ensure secure comms everywhere
...
This reverts commit ab5bec7b8f
.
Signed-off-by: Adam Miller <admiller@redhat.com>
2016-12-15 23:32:25 +00:00