ansible

Author	SHA1	Message	Date
Lenka Segura	cdf6c65af3	[ipaserver] Add toddlers tag to Get admin ticket Signed-off-by: Lenka Segura <lsegura@redhat.com>	2025-05-29 11:26:50 +02:00
Lenka Segura	82354291b6	[ipaserver] Include toddlers setup for prod Signed-off-by: Lenka Segura <lsegura@redhat.com>	2025-05-29 10:26:09 +02:00
Michal Konecny	c4948ba32e	[ipa] Add kra role to replicas As we were finally able to resolve the issue of replica installation failing when KRA role is enabled. We can now enable it by default in playbook. See https://pagure.io/fedora-infrastructure/issue/12158 for more info.	2025-05-22 15:11:06 +02:00
Aurélien Bompard	d884a0f8ba	Use the combined RabbitMQ CA cert in the clients Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-04-11 15:15:45 +02:00
Aurélien Bompard	46a8152c61	Deploy journal2fedmsg to prod Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-04-01 12:05:17 +02:00
Aurélien Bompard	394b92cb19	simplify the config file using a variable Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-04-01 11:47:42 +02:00
Michal Konecny	80adc4e729	[ipa/server] Don't ask for user input As the pause module is only executed on first machine in the group I decided to rather remove it completely. This means that the replica will only be reinstalled, if the machine isn't master node and the /var/log/ipainstall.log doesn't exist. If somebody wants to re-install the replica they just need to remove /var/log/ipainstall.log and the playbook will do the rest.	2025-03-31 15:44:16 +02:00
Michal Konecny	40136bda42	[ipa/server] Don't ask for reinstall in some cases Don't ask for reinstall when this is master node or the install log is already created.	2025-03-31 15:17:48 +02:00
Aurélien Bompard	17cd3edbc7	Create missing dir Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-03-28 14:50:37 +01:00
Aurélien Bompard	292c7f6c6e	Deploy journal-to-fedora-messaging on IPA (staging for now) Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-03-28 12:37:56 +01:00
David Kirwan	809c90e5da	IPA: add user zabbix to fedora-nss-ignore.conf Signed-off-by: David Kirwan <davidkirwanirl@gmail.com>	2025-03-21 16:25:30 +00:00
Kevin Fenzi	58bbbca299	ipa: make sure a bunch of calls do not log sensitive data Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-03-20 14:48:12 -07:00
Aurélien Bompard	097b8f9214	Give the clean packagers groups toddler access to the corresponding service's keytab Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-02-25 08:54:06 +01:00
Aurélien Bompard	a508708744	IPA: do the toddlers user setup before destroying the admin ticket Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-02-19 12:20:08 +01:00
Aurélien Bompard	b3c7a683e2	IPA: setup a toddlers service to remove users from groups Signed-off-by: Aurélien Bompard <aurelien@bompard.org>	2025-02-19 12:16:05 +01:00
Kevin Fenzi	d3975febbe	ipa/client: sssd drop in needs to be same permission as sssd.conf also Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-02-16 14:35:32 -08:00
Kevin Fenzi	258fa9fd14	ipa/client: sssd drop in needs to be owned by root, sssd changes it on restart Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-02-16 10:31:28 -08:00
Michal Konecny	2ec055db6f	Use first uppercase letter for all handlers This will unify all the handlers to use first uppercase letter for ansible-lint to stop complaining. I went through all `notify:` occurrences and fixed them by running ``` set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep -rlz "$TEXT" . \| xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g" ``` Then I went through all the changes and removed the ones that wasn't expected to be changed. Fixes https://pagure.io/fedora-infrastructure/issue/12391 Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2025-02-10 20:31:49 +00:00
Kevin Fenzi	9af79d19ee	handlers: fix another name change Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-01-24 14:11:11 -08:00
Kevin Fenzi	13266214d2	ipa / handlers: Fix call to 'restart sssd' that is now 'Restart sssd' Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-01-15 16:36:11 -08:00
Ryan Lerch	47c68f478d	ansiblelint fixes - fqcn[action-core] - template to ansible.builtin.template Replaces references to template: with ansible.builtin.template Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:30:29 +10:00
Ryan Lerch	3c41882bb0	ansiblelint fixes - fqcn[action-core] - shell to ansible.builtin.shell Replaces references to shell: with ansible.builtin.shell Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:29:10 +10:00
Ryan Lerch	25391e95b7	ansiblelint fixes - fqcn[action-core] - package to ansible.builtin.package Replaces many references to package: with ansible.builtin.package Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:28:00 +10:00
Ryan Lerch	462176464b	ansiblelint fixes-- fqcn[action-core] - command to ansible.builtin.command Replaces many references to command: with ansible.builtin.command Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 11:26:47 +10:00
Ryan Lerch	62952df107	ansiblelint fixes-- fqcn[action-core] - file to ansible.builtin.file Replaces many references to file: with ansible.builtin.file Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-15 10:41:52 +10:00
Ryan Lerch	691adee6ee	Fix name[casing] ansible-lint issues fix 1900 failures of the following case issue: `name[casing]: All names should start with an uppercase letter.` Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2025-01-14 20:20:07 +10:00
Kevin Fenzi	ce1f5b02e6	ipa_client: on f40 there is no sssd user, so files are owned by root On rhel and f41+ there is a sssd user, so we should use that. If we don't, sssd will change the ownership on restart, meaning we flip it back and forth each time we run the playbook. remember to remove this when fedora 40 is all gone from infra Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2024-12-10 14:43:47 -08:00
Kevin Fenzi	df36530d00	ipa_client: add tag for nss ignore file to allow globally updating it. Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2024-12-10 14:01:54 -08:00
Kevin Fenzi	aaa29839fa	ipa_client: the fedora-sss-ignore.conf file should be owned by sssd user/group We change this to root/root and then restart sssd and it changes it back. So, lets do this right and let it be sssd/sssd. Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2024-12-09 17:54:13 -08:00
Ryan Lerch	89f6f1fc32	Fix majority of remaining yamllint warnings and errors Signed-off-by: Ryan Lerch <rlerch@redhat.com>	2024-11-28 17:31:45 +10:00
Kevin Fenzi	3a2623218d	ipa client: filer out mysql user from ipa/ldap Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2024-11-20 16:48:40 -08:00
Kevin Fenzi	ae7be1e4e0	ipa: add a tag to fix the ipa re-writes Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2024-11-20 12:42:36 -08:00
Michal Konecny	3860204d34	[ipa/server] Add tags to logrotate config Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-07 14:15:35 +01:00
Michal Konecny	d85e39b488	[ipa/server] Correctly format the failure condition Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-07 14:07:38 +01:00
Michal Konecny	f1eae89e18	[ipa/server] Move the files to separate line It seems that the command module in argv is adding space at the start of file name when it's not on it's own line. Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-07 13:41:57 +01:00
Michal Konecny	a40c051f55	[ipa/server] Use full path to ldapmodify binary Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-07 13:26:43 +01:00
Michal Konecny	e2ca17657a	[ipa/server] Wrap jinja2 parameter in string This should hopefully fix the "No such file or directory" error Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-07 11:54:45 +01:00
Michal Konecny	a1aaa3183c	[ipa/server] Fix ipa_user for noggin user Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-07 11:54:45 +01:00
Michal Konecny	f21a270008	[ipa/server] Try to fix the deployment errors The answer from ipa03 is ignored, let's hope this will fix it. The ipa_user module is returning "response user_mod: no modifications to be performed", which should be OK, but it's treated like fatal error. Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 19:46:48 +01:00
Michal Konecny	3883563303	[ipa/server] Disable yamllint checks We already checking yaml related errors with yamllint. Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 19:25:06 +01:00
Michal Konecny	b86cb7dd7c	[ipa/server] Add ipa_host to corresponding ipa roles Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 18:46:41 +01:00
Michal Konecny	e5b2f1afae	[ipa/server] Split the long string Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 18:15:32 +01:00
Michal Konecny	c19563b3db	[ipa/server] Use the correct parameters for ipa_user Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 18:09:14 +01:00
Michal Konecny	5bca4dcea3	[ipa/server] Use correct parameters for ipa_user module Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 16:56:13 +01:00
Michal Konecny	4a39c39740	[ipa/server] Don't split prompt for pause module Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 16:54:10 +01:00
Michal Konecny	2f94e51c2e	[ipa/server] Fix another typo in module name Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 16:40:29 +01:00
Michal Konecny	606d446bd0	[ipa/server] Fix the module name typo Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 16:35:08 +01:00
Michal Konecny	5f6ad93f4f	[ipa/server] Use the correct ipa module Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 16:22:45 +01:00
Michal Konecny	792bc60a8a	[ipa/server] Fix ansible-lint errors Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 15:12:16 +00:00
Michal Konecny	b3a22d9049	[ipa/server] Add logrotate config for krb5kdc The log files for krb5kdc had around 1 GB each on ipa01.stg. To prevent this in future let us replace the original config with one that is compressing the old logs. Signed-off-by: Michal Konecny <mkonecny@redhat.com>	2024-11-06 15:12:16 +00:00

1 2 3 4 5 ...

329 commits