Commit graph

126 commits

Author SHA1 Message Date
Kevin Fenzi
191149f391 fas_server / staging: adjust yubikey uri in staging fas
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2020-04-24 21:34:26 +02:00
Aurélien Bompard
ea1c8eabd2 fas_client / fas_server: update package command to not use items
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2019-06-11 15:07:12 +00:00
Patrick Uiterwijk
18709a7689 FAS: Disable sessions (and thus translations)
This will disable translations, but is required to get a score of B or higher from oberservatory.
This is because CherryPY 2.3.0 just does not support setting HttpOnly for the session_filter.

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-30 22:08:15 +02:00
Patrick Uiterwijk
d451116939 fas: set multiple gunicorn workers per pod
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-25 02:26:30 +02:00
Patrick Uiterwijk
657354d5cb Set a longer gunicorn timeout
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-25 02:18:12 +02:00
Stephen Smoogen
658a22035b remove fas03 from inventory and a LOT of config files where it was hard-coded 2019-05-23 22:53:51 +00:00
Patrick Uiterwijk
0f1606ad25 Use tempoary, writable directory
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-14 19:22:48 +02:00
Patrick Uiterwijk
e4435b1153 This is one deeper
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-13 17:31:02 +02:00
Patrick Uiterwijk
a27ec1a637 https: was added in EL7
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-13 17:24:11 +02:00
Patrick Uiterwijk
bc93a73536 Fix path to IPA CA cert
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-13 17:12:55 +02:00
Patrick Uiterwijk
ff38e38570 fas: update yubikey val URL
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-12 12:07:05 +02:00
Patrick Uiterwijk
43de4c3d7f fas: update yk url for openshift
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 13:31:55 +02:00
Patrick Uiterwijk
27e4136913 Add backport for really annoying bug to cherrypy
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 02:38:42 +02:00
Patrick Uiterwijk
f81afda358 Attempt to set up gunicorn
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 01:29:07 +02:00
Patrick Uiterwijk
67a0f616b2 fas: some static fixes
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 00:40:42 +02:00
Patrick Uiterwijk
f35c7220f5 fas: separate static from non-static
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-11 00:28:39 +02:00
Patrick Uiterwijk
02320458d1 fas: move to worker MPM
This reverts commit 159d5e5a6f.
2019-05-10 23:04:27 +02:00
Patrick Uiterwijk
159d5e5a6f Sync httpd config with el6
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 22:52:54 +02:00
Patrick Uiterwijk
a4332d2d86 fas: remove rhel7-isms
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 22:40:57 +02:00
Patrick Uiterwijk
3288e5fd8c Sync out keytab as secret
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:55:29 +02:00
Patrick Uiterwijk
266eecc0fe Revert concat changes - {{}} does work
This reverts commit 3c493feba9.
2019-05-10 21:45:21 +02:00
Patrick Uiterwijk
3c493feba9 Fix one more string
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:25:47 +02:00
Patrick Uiterwijk
d386e0e14d fas: Attempt string concaT
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:23:55 +02:00
Patrick Uiterwijk
a391d85161 fas: add all config files
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 21:16:40 +02:00
Patrick Uiterwijk
f269baad46 Add initial FAS openshift objects - still WIP
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2019-05-10 10:38:59 +02:00
Pierre-Yves Chibon
3dd0a134ad Blacklist paguremirroring in FAS
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2018-10-09 20:06:06 +02:00
Rick Elrod
4a60ddc875 Nuke pkgdb some more... and probably break everything.
Signed-off-by: Rick Elrod <relrod@redhat.com>
2018-07-19 20:40:14 +00:00
Patrick Uiterwijk
da1d16de1b Reserve the username 'anonymous'. Almost disappointed nobody took it yet
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-05-28 12:48:23 +02:00
Patrick Uiterwijk
ea755f5a7c Rather than deploying a script, just run echo from the command line
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-05-18 16:48:50 +02:00
Patrick Uiterwijk
62190d66af Add FAS 'sar' script and deploy
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-05-18 10:30:08 +02:00
Nick Bebout
62ffac5b61 Add bexelbie to username blacklist 2018-03-06 16:54:41 +00:00
Patrick Uiterwijk
e4baec55e4 Blacklist username 'pagure'
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2018-02-08 00:34:02 +01:00
Patrick Uiterwijk
b9b720043b Mark the username 'git' as blacklisted
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2018-02-07 20:12:22 +01:00
Kevin Fenzi
f57b9808a4 switch to a grokmirror unpriv user for mirroring 2017-10-16 19:56:35 +00:00
Patrick Uiterwijk
936e8b261a yum accepted pkg=, package calls it name=
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2017-10-09 00:38:26 +02:00
Patrick Uiterwijk
039b08354a Yum allowed state=installed. Lets use state=present consistently
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-10-08 22:31:03 +00:00
Patrick Uiterwijk
adcbf72f03 Packageize this, packageize that, packageize the world
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-10-08 22:25:52 +00:00
Patrick Uiterwijk
b21fe5ce7c Temporary workaround: use internal hostname
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-08-10 10:44:17 +00:00
Patrick Uiterwijk
d71f544247 Sign with sha256
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-05-16 19:37:01 +02:00
Ralph Bean
9a8ab4f357 Add "freshmaker" to the FAS username blacklist. 2017-05-15 13:15:20 +00:00
e09d02cc5f Add alias to give me email matching irc nick and blacklist it as FAS user per nb 2017-05-02 18:08:38 +00:00
Kevin Fenzi
0acfaa2a7e Fix handlers, roles, and tasks to be handlers_path, roles_path and tasks_path so as not to conflict with ansible variables.
Fix duplicate definition of become default that was in group_vars/all as well as vars/global.
2017-04-13 15:46:14 +00:00
Patrick Uiterwijk
b29f5a76be Allow ECDSA and ED25519 SSH keys for non-infra
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-04-12 18:24:40 +00:00
Patrick Uiterwijk
8c61c34b32 Rekey FAS Captcha
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2017-03-03 19:19:34 +00:00
Nick Bebout
dc50ea60be Add jwf to fas blacklist in prod also 2017-02-27 15:15:20 +00:00
Nick Bebout
3384117c24 Add jwf -> jflory7 alias, add jwf to FAS username blacklist 2017-02-27 14:48:00 +00:00
Patrick Uiterwijk
376b5d1098 Use id.fp.o
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-20 08:27:58 +00:00
Patrick Uiterwijk
7b223b6ea4 Ipa01
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-13 19:14:18 +00:00
Patrick Uiterwijk
d03729de0d Fix ipa config in stg
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-13 19:08:54 +00:00
Patrick Uiterwijk
d2f89d192a Use proxy for fas sync
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-04 03:06:31 +00:00