From 0c7449ea1d4539d73e24b3b7b03a27b3bc984f21 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Mon, 8 Apr 2019 21:41:17 +0200 Subject: [PATCH] Add sslciphers tags Signed-off-by: Patrick Uiterwijk --- roles/batcave/tasks/main.yml | 1 + roles/distgit/tasks/main.yml | 1 + roles/download/tasks/main.yml | 1 + roles/httpd/website/tasks/main.yml | 1 + roles/keyserver/tasks/main.yml | 2 ++ roles/koji_hub/tasks/main.yml | 2 ++ roles/nagios_server/tasks/main.yml | 1 + roles/pagure/frontend/tasks/main.yml | 1 + roles/pagure/upstreamfirst-frontend/tasks/main.yml | 1 + roles/people/tasks/main.yml | 1 + roles/planet/tasks/main.yml | 1 + roles/totpcgi/tasks/main.yml | 3 +++ 12 files changed, 16 insertions(+) diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index 7b7aca906e..2abfbe2461 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -286,6 +286,7 @@ - batcave - config - httpd + - sslciphers # # this cron job creates a json file from the rhel repos diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index 0753b109f2..4648f8ca4b 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -396,6 +396,7 @@ - reload httpd tags: - distgit + - sslciphers - name: create the Lookaside Cache root directory file: dest=/srv/cache/lookaside/pkgs state=directory diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index a73e6eca6b..799307b0e0 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -74,6 +74,7 @@ tags: - httpd - config + - sslciphers notify: - reload httpd diff --git a/roles/httpd/website/tasks/main.yml b/roles/httpd/website/tasks/main.yml index 62256571bf..58265fd17b 100644 --- a/roles/httpd/website/tasks/main.yml +++ b/roles/httpd/website/tasks/main.yml @@ -39,6 +39,7 @@ - httpd - httpd/website - h2 + - sslciphers - name: Copy over some subordinate templates for {{site_name}} template: > diff --git a/roles/keyserver/tasks/main.yml b/roles/keyserver/tasks/main.yml index 84db678059..4f855cdbce 100644 --- a/roles/keyserver/tasks/main.yml +++ b/roles/keyserver/tasks/main.yml @@ -51,11 +51,13 @@ template: src="sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644 tags: - config + - sslciphers - name: /etc/httpd/conf.d/ssl.conf template: src="ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644 tags: - config + - sslciphers - name: /etc/pki/tls/keys_fedoraproject_org.crt.pem copy: src="{{ private }}/files/httpd/keys_fedoraproject_org-2017.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600 diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index 65d6b1e746..539e837699 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -302,6 +302,7 @@ tags: - config - koji_hub + - sslciphers notify: reload httpd when: env == "staging" @@ -310,6 +311,7 @@ tags: - config - koji_hub + - sslciphers notify: reload httpd when: env != "staging" diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml index 53c3efea16..2d6d50c316 100644 --- a/roles/nagios_server/tasks/main.yml +++ b/roles/nagios_server/tasks/main.yml @@ -296,6 +296,7 @@ - 0_nagios-external.conf tags: - nagios_server + - sslciphers when: env == "production" and nagios_location == "external" - name: Template out the cgi.cfg diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml index 313f3c6249..a32481e769 100644 --- a/roles/pagure/frontend/tasks/main.yml +++ b/roles/pagure/frontend/tasks/main.yml @@ -326,6 +326,7 @@ - files - config - pagure + - sslciphers notify: - restart apache diff --git a/roles/pagure/upstreamfirst-frontend/tasks/main.yml b/roles/pagure/upstreamfirst-frontend/tasks/main.yml index 13df9370f9..dca2bc4a9c 100644 --- a/roles/pagure/upstreamfirst-frontend/tasks/main.yml +++ b/roles/pagure/upstreamfirst-frontend/tasks/main.yml @@ -267,6 +267,7 @@ - files - config - pagure + - sslciphers notify: - restart apache diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml index def501fdb7..35019e86e8 100644 --- a/roles/people/tasks/main.yml +++ b/roles/people/tasks/main.yml @@ -25,6 +25,7 @@ template: src=people.conf dest=/etc/httpd/conf.d/people.conf tags: - people + - sslciphers - name: install httpd config copy: src={{item}} dest=/etc/httpd/conf.d/{{item}} diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml index d4876e9e37..4f49ad7246 100644 --- a/roles/planet/tasks/main.yml +++ b/roles/planet/tasks/main.yml @@ -33,6 +33,7 @@ template: src=planet.conf dest=/etc/httpd/conf.d/planet.conf tags: - planet_server + - sslciphers - name: copy the run planet-config script into /usr/local/bin copy: src=pull-run-planet-config.sh dest=/usr/local/bin/pull-run-planet-config.sh mode=755 diff --git a/roles/totpcgi/tasks/main.yml b/roles/totpcgi/tasks/main.yml index 3939fe8fb4..cedaf28938 100644 --- a/roles/totpcgi/tasks/main.yml +++ b/roles/totpcgi/tasks/main.yml @@ -124,6 +124,7 @@ tags: - files - config + - sslciphers when: env == "staging" # prod certs @@ -166,6 +167,7 @@ tags: - files - config + - sslciphers notify: - reload httpd when: env == "production" @@ -208,6 +210,7 @@ tags: - files - config + - sslciphers when: env == "production" - name: copy ca cert over