Kevin Fenzi
191149f391
fas_server / staging: adjust yubikey uri in staging fas
...
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2020-04-24 21:34:26 +02:00
Aurélien Bompard
ea1c8eabd2
fas_client / fas_server: update package command to not use items
...
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2019-06-11 15:07:12 +00:00
Patrick Uiterwijk
18709a7689
FAS: Disable sessions (and thus translations)
...
This will disable translations, but is required to get a score of B or higher from oberservatory.
This is because CherryPY 2.3.0 just does not support setting HttpOnly for the session_filter.
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-30 22:08:15 +02:00
Patrick Uiterwijk
d451116939
fas: set multiple gunicorn workers per pod
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-25 02:26:30 +02:00
Patrick Uiterwijk
657354d5cb
Set a longer gunicorn timeout
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-25 02:18:12 +02:00
Stephen Smoogen
658a22035b
remove fas03 from inventory and a LOT of config files where it was hard-coded
2019-05-23 22:53:51 +00:00
Patrick Uiterwijk
0f1606ad25
Use tempoary, writable directory
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-14 19:22:48 +02:00
Patrick Uiterwijk
e4435b1153
This is one deeper
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-13 17:31:02 +02:00
Patrick Uiterwijk
a27ec1a637
https: was added in EL7
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-13 17:24:11 +02:00
Patrick Uiterwijk
bc93a73536
Fix path to IPA CA cert
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-13 17:12:55 +02:00
Patrick Uiterwijk
ff38e38570
fas: update yubikey val URL
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-12 12:07:05 +02:00
Patrick Uiterwijk
43de4c3d7f
fas: update yk url for openshift
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 13:31:55 +02:00
Patrick Uiterwijk
27e4136913
Add backport for really annoying bug to cherrypy
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 02:38:42 +02:00
Patrick Uiterwijk
f81afda358
Attempt to set up gunicorn
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 01:29:07 +02:00
Patrick Uiterwijk
67a0f616b2
fas: some static fixes
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 00:40:42 +02:00
Patrick Uiterwijk
f35c7220f5
fas: separate static from non-static
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 00:28:39 +02:00
Patrick Uiterwijk
02320458d1
fas: move to worker MPM
...
This reverts commit 159d5e5a6f
.
2019-05-10 23:04:27 +02:00
Patrick Uiterwijk
159d5e5a6f
Sync httpd config with el6
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 22:52:54 +02:00
Patrick Uiterwijk
a4332d2d86
fas: remove rhel7-isms
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 22:40:57 +02:00
Patrick Uiterwijk
3288e5fd8c
Sync out keytab as secret
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:55:29 +02:00
Patrick Uiterwijk
266eecc0fe
Revert concat changes - {{}} does work
...
This reverts commit 3c493feba9
.
2019-05-10 21:45:21 +02:00
Patrick Uiterwijk
3c493feba9
Fix one more string
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:25:47 +02:00
Patrick Uiterwijk
d386e0e14d
fas: Attempt string concaT
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:23:55 +02:00
Patrick Uiterwijk
a391d85161
fas: add all config files
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:16:40 +02:00
Patrick Uiterwijk
f269baad46
Add initial FAS openshift objects - still WIP
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 10:38:59 +02:00
Pierre-Yves Chibon
3dd0a134ad
Blacklist paguremirroring in FAS
...
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2018-10-09 20:06:06 +02:00
Rick Elrod
4a60ddc875
Nuke pkgdb some more... and probably break everything.
...
Signed-off-by: Rick Elrod <relrod@redhat.com>
2018-07-19 20:40:14 +00:00
Patrick Uiterwijk
da1d16de1b
Reserve the username 'anonymous'. Almost disappointed nobody took it yet
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-05-28 12:48:23 +02:00
Patrick Uiterwijk
ea755f5a7c
Rather than deploying a script, just run echo from the command line
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-05-18 16:48:50 +02:00
Patrick Uiterwijk
62190d66af
Add FAS 'sar' script and deploy
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-05-18 10:30:08 +02:00
Nick Bebout
62ffac5b61
Add bexelbie to username blacklist
2018-03-06 16:54:41 +00:00
Patrick Uiterwijk
e4baec55e4
Blacklist username 'pagure'
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2018-02-08 00:34:02 +01:00
Patrick Uiterwijk
b9b720043b
Mark the username 'git' as blacklisted
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2018-02-07 20:12:22 +01:00
Kevin Fenzi
f57b9808a4
switch to a grokmirror unpriv user for mirroring
2017-10-16 19:56:35 +00:00
Patrick Uiterwijk
936e8b261a
yum accepted pkg=, package calls it name=
...
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2017-10-09 00:38:26 +02:00
Patrick Uiterwijk
039b08354a
Yum allowed state=installed. Lets use state=present consistently
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-10-08 22:31:03 +00:00
Patrick Uiterwijk
adcbf72f03
Packageize this, packageize that, packageize the world
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-10-08 22:25:52 +00:00
Patrick Uiterwijk
b21fe5ce7c
Temporary workaround: use internal hostname
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-08-10 10:44:17 +00:00
Patrick Uiterwijk
d71f544247
Sign with sha256
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-05-16 19:37:01 +02:00
Ralph Bean
9a8ab4f357
Add "freshmaker" to the FAS username blacklist.
2017-05-15 13:15:20 +00:00
e09d02cc5f
Add alias to give me email matching irc nick and blacklist it as FAS user per nb
2017-05-02 18:08:38 +00:00
Kevin Fenzi
0acfaa2a7e
Fix handlers, roles, and tasks to be handlers_path, roles_path and tasks_path so as not to conflict with ansible variables.
...
Fix duplicate definition of become default that was in group_vars/all as well as vars/global.
2017-04-13 15:46:14 +00:00
Patrick Uiterwijk
b29f5a76be
Allow ECDSA and ED25519 SSH keys for non-infra
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-04-12 18:24:40 +00:00
Patrick Uiterwijk
8c61c34b32
Rekey FAS Captcha
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-03-03 19:19:34 +00:00
Nick Bebout
dc50ea60be
Add jwf to fas blacklist in prod also
2017-02-27 15:15:20 +00:00
Nick Bebout
3384117c24
Add jwf -> jflory7 alias, add jwf to FAS username blacklist
2017-02-27 14:48:00 +00:00
Patrick Uiterwijk
376b5d1098
Use id.fp.o
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 08:27:58 +00:00
Patrick Uiterwijk
7b223b6ea4
Ipa01
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-13 19:14:18 +00:00
Patrick Uiterwijk
d03729de0d
Fix ipa config in stg
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-13 19:08:54 +00:00
Patrick Uiterwijk
d2f89d192a
Use proxy for fas sync
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-04 03:06:31 +00:00