September 2016 - sysadmin-notify

by Nicolas Chauvet

commit 1142cfd7cfd1a7490e25230b4430a1558d69e2c6 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Sat Sep 10 12:31:24 2016 +0200 Add cleaned auth-logo-white roles/ipsilon/files/ui-fedora/authn-logo-white.png | Bin 0 -> 8331 bytes 1 files changed, 0 insertions(+), 0 deletions(-) --- diff --git a/roles/ipsilon/files/ui-fedora/authn-logo-white.png b/roles/ipsilon/files/ui-fedora/authn-logo-white.png new file mode 100644 index 0000000..9a6084e Binary files /dev/null and b/roles/ipsilon/files/ui-fedora/authn-logo-white.png differ

7 years, 7 months

1
0
0 / 0

[ansible] Disable saml2 for us

by Nicolas Chauvet

commit 97449e97f4a40f5167d9d612ef9e671abe1d41d1 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Sat Sep 10 12:23:36 2016 +0200 Disable saml2 for us roles/ipsilon/tasks/main.yml | 25 ------------------------- 1 files changed, 0 insertions(+), 25 deletions(-) --- diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index c6f3451..0da93b0 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -7,7 +7,6 @@ - ipsilon - ipsilon-authfas - ipsilon-openid - - ipsilon-saml2 - ipsilon-persona - python-psycopg2 - libsemanage-python @@ -74,30 +73,6 @@ owner=ipsilon group=ipsilon mode=0644 when: env == "staging" -- name: create SAML2 dir - file: path=/etc/ipsilon/saml2 state=directory mode=0700 - owner=ipsilon group=ipsilon setype=httpd_var_lib_t - -- name: copy SAML2 private key - copy: src={{ private }}/files/ipsilon/saml2.key dest=/etc/ipsilon/saml2/certificate.key - owner=ipsilon group=ipsilon mode=0600 - when: env != "staging" - -- name: copy SAML2 public key - copy: src=saml2.pem dest=/etc/ipsilon/saml2/certificate.pem - owner=ipsilon group=ipsilon mode=0644 - when: env != "staging" - -- name: copy SAML2 STG private key - copy: src={{ private }}/files/ipsilon/saml2.stg.key dest=/etc/ipsilon/saml2/certificate.stg.key - owner=ipsilon group=ipsilon mode=0600 - when: env == "staging" - -- name: copy SAML STG public key - copy: src=saml2.stg.pem dest=/etc/ipsilon/saml2/certificate.stg.pem - owner=ipsilon group=ipsilon mode=0644 - when: env == "staging" - - name: set sebooleans so ipsilon can talk to the db seboolean: name=httpd_can_network_connect_db state=true

7 years, 7 months

1
0
0 / 0

[ansible] Update ipsilon configuration

by Nicolas Chauvet

commit e4b6d4a710ab4bad6ded7f4bca07b7f5fa88f252 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Sat Sep 10 12:18:32 2016 +0200 Update ipsilon configuration roles/ipsilon/templates/configuration.conf | 28 ++++------------------------ roles/ipsilon/templates/ipsilon.conf | 4 ++-- 2 files changed, 6 insertions(+), 26 deletions(-) --- diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf index dd2bc0c..fc81907 100644 --- a/roles/ipsilon/templates/configuration.conf +++ b/roles/ipsilon/templates/configuration.conf @@ -12,11 +12,11 @@ fas FAS Insecure Auth=True [provider_config] -global enabled=persona,openid,saml2 +global enabled=persona,openid {% if env == 'staging' %} -persona allowed domains=stg.rpmfusion.org -persona issuer domain=id.stg.rpmfusion.org +persona allowed domains=stg.fedoraproject.org +persona issuer domain=id.stg.fedoraproject.org persona idp key file=/etc/ipsilon/persona.stg.key {% else %} persona allowed domains=fedoraproject.org @@ -30,30 +30,10 @@ openid identity url template=http://%(username)s.id.stg.rpmfusion.org/ openid trusted roots= {% else %} openid endpoint url=https://id.rpmfusion.org/openid/ -openid identity url template=http://%(username)s.id.rpmfusion.org/ +openid identity url template=http://id.rpmfusion.org/openid/id/%(username)s/ openid trusted roots=https://admin.rpmfusion.org/pkgdb/,https://admin.rpmfusion.org/voti... {% endif %} openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }} openid untrusted roots= openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API -saml2 idp storage path=/etc/ipsilon/saml2 -saml2 idp metadata file=metadata.xml -{% if env == 'staging' %} -saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }} -saml2 idp certificate file=certificate.stg.pem -saml2 idp key file=certificate.stg.key -{% else %} -saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }} -{% endif %} -saml2 allow self registration=False -saml2 default nameid=transient -saml2 default email domain=fedoraproject.org -saml2 session database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_saml2_name }} - -[saml2_data] -{% if env == 'staging' %} -{% include "saml2_data_stg" %} -{% else %} -{% include "saml2_data" %} -{% endif %} diff --git a/roles/ipsilon/templates/ipsilon.conf b/roles/ipsilon/templates/ipsilon.conf index 312dd4d..b972e53 100644 --- a/roles/ipsilon/templates/ipsilon.conf +++ b/roles/ipsilon/templates/ipsilon.conf @@ -10,8 +10,8 @@ user.prefs.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ips transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_transactions_name }}" tools.sessions.on = True -tools.sessions.name = "fedora_ipsilon_session_id" -tools.sessions.storage_type = "Sql" +tools.sessions.name = "rpmfusion_ipsilon_session_id" +tools.sessions.storage_type = "sql" tools.sessions.storage_dburi = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_sessions_name }}" tools.sessions.timeout = 60 tools.sessions.httponly = True

7 years, 7 months

1
0
0 / 0

[ansible] Revert "Fixup template"

by Nicolas Chauvet

commit 5f879d52bef7dce8582089485b84d3e7216c63ea Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Sat Sep 10 12:15:04 2016 +0200 Revert "Fixup template" This reverts commit 9b5835f360ea6011e74841a26dd1b2fed50f3515. roles/ipsilon/templates/configuration.conf | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf index e2f1d2f..dd2bc0c 100644 --- a/roles/ipsilon/templates/configuration.conf +++ b/roles/ipsilon/templates/configuration.conf @@ -19,7 +19,7 @@ persona allowed domains=stg.rpmfusion.org persona issuer domain=id.stg.rpmfusion.org persona idp key file=/etc/ipsilon/persona.stg.key {% else %} -persona allowed domains=rpmfusion.org +persona allowed domains=fedoraproject.org persona issuer domain=id.rpmfusion.org persona idp key file=/etc/ipsilon/persona.key {% endif %} @@ -48,7 +48,7 @@ saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }} {% endif %} saml2 allow self registration=False saml2 default nameid=transient -saml2 default email domain=rpmfusion.org +saml2 default email domain=fedoraproject.org saml2 session database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_saml2_name }} [saml2_data]

7 years, 7 months

1
0
0 / 0

[ansible] Fixup template

by Nicolas Chauvet

commit 9b5835f360ea6011e74841a26dd1b2fed50f3515 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Sat Sep 10 10:21:34 2016 +0200 Fixup template roles/ipsilon/templates/configuration.conf | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf index dd2bc0c..e2f1d2f 100644 --- a/roles/ipsilon/templates/configuration.conf +++ b/roles/ipsilon/templates/configuration.conf @@ -19,7 +19,7 @@ persona allowed domains=stg.rpmfusion.org persona issuer domain=id.stg.rpmfusion.org persona idp key file=/etc/ipsilon/persona.stg.key {% else %} -persona allowed domains=fedoraproject.org +persona allowed domains=rpmfusion.org persona issuer domain=id.rpmfusion.org persona idp key file=/etc/ipsilon/persona.key {% endif %} @@ -48,7 +48,7 @@ saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }} {% endif %} saml2 allow self registration=False saml2 default nameid=transient -saml2 default email domain=fedoraproject.org +saml2 default email domain=rpmfusion.org saml2 session database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_saml2_name }} [saml2_data]

7 years, 7 months

1
0
0 / 0

[ansible] Remove fedora refs

by Nicolas Chauvet

commit 298e45183d51f32cd9c7339984fb9b4f8c7d0e2b Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Sat Sep 10 10:19:38 2016 +0200 Remove fedora refs roles/ipsilon/files/openid_server.py | 6 ++---- 1 files changed, 2 insertions(+), 4 deletions(-) --- diff --git a/roles/ipsilon/files/openid_server.py b/roles/ipsilon/files/openid_server.py index 34d45bb..e804edc 100644 --- a/roles/ipsilon/files/openid_server.py +++ b/roles/ipsilon/files/openid_server.py @@ -1043,10 +1043,8 @@ class OpenIDResponse(object): @change: 2.1.0 added the ENCODE_HTML_FORM response. """ if self.request.mode in BROWSER_REQUEST_MODES: - do_post_trusts = ['http://taigastg.cloud.fedoraproject.org/', - 'http://taiga.cloud.fedoraproject.org/', - 'http://taiga.fedorainfracloud.org/', - 'http://taigastg.fedorainfracloud.org/'] + do_post_trusts = ['http://admin.rpmfusion.org/', + 'http://fas.rpmfusion.org/'] if self.request.trust_root in do_post_trusts: # Workaround, since too many clients don't follow the spec return ENCODE_HTML_FORM

7 years, 7 months

1
0
0 / 0

[ansible] Update osuosl builders

by Nicolas Chauvet

commit 5111c9e97338d5983cd80169f14dc775700f667b Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Sep 9 18:10:12 2016 +0200 Update osuosl builders inventory/builders | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) --- diff --git a/inventory/builders b/inventory/builders index 34aed58..4e448c8 100644 --- a/inventory/builders +++ b/inventory/builders @@ -3,6 +3,14 @@ buildvm-01.online.rpmfusion.net buildvm-02.online.rpmfusion.net +[buildvm-ppc64] +buildvm-ppc64-01.osuosl.rpmfusion.net +buildvm-ppc64-02.osuosl.rpmfusion.net + +[buildvm-ppc64le] +buildvm-ppc64le-01.osuosl.rpmfusion.net +buildvm-ppc64le-02.osuosl.rpmfusion.net + [buildvmhost] [buildhw] @@ -19,4 +27,6 @@ arm-builder04.scaleway.rpmfusion.net [builders:children] buildhw buildvm +buildvm-ppc64 +buildvm-ppc64le buildarm

7 years, 7 months

1
0
0 / 0

[ansible] Add perl-Encode-Detect for bugzilla

by Nicolas Chauvet

commit 9514fad16c10f9d7598a3037a2214f3e35814281 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Fri Sep 9 08:35:27 2016 +0200 Add perl-Encode-Detect for bugzilla roles/bugzilla/tasks/main.yml | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) --- diff --git a/roles/bugzilla/tasks/main.yml b/roles/bugzilla/tasks/main.yml index 5607cdc..46b0415 100644 --- a/roles/bugzilla/tasks/main.yml +++ b/roles/bugzilla/tasks/main.yml @@ -13,6 +13,7 @@ with_items: - bugzilla - bugzilla-contrib + - perl-Encode-Detect - perl-Test-Taint - perl-XMLRPC-Lite tags:

7 years, 7 months

1
0
0 / 0

[puppet] Update bugzilla to bugzilla02

by Nicolas Chauvet

commit 09b3b303f6d26ad5560b7f8770e532bb732e25de Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Thu Sep 1 17:13:58 2016 +0200 Update bugzilla to bugzilla02 files/dns/rpmfusion.org | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- diff --git a/files/dns/rpmfusion.org b/files/dns/rpmfusion.org index d1e58a5..60d3c93 100644 --- a/files/dns/rpmfusion.org +++ b/files/dns/rpmfusion.org @@ -1,6 +1,6 @@ $TTL 5M @ IN SOA ns1.rpmfusion.net. matthias.saou.eu. ( - 2016071601 ; Serial + 2016090101 ; Serial 6H ; Refresh 1H ; Retry 5W ; Expire @@ -24,7 +24,7 @@ lists IN A 46.105.55.71 ; se01.ovh IN AAAA 2001:41d0:2:ad32::1 ; se01.ovh IN MX 10 mx1.rpmfusion.net. -bugzilla IN A 188.165.226.50 ; hv02.ovh / bugzilla.ovh +bugzilla IN A 212.129.31.198 ; hv01.online / bugzilla02 ;fas IN A 195.10.6.64 ; se02.es ;cvs IN A 195.10.6.64 ; se02.es ;ldap IN A 195.10.6.64 ; se02.es

7 years, 7 months

1
0
0 / 0

[ansible] Disable extra_enablerepos

by Nicolas Chauvet

commit c805b58f9e236dcf4bb5859e6010c62b32727bc0 Author: Nicolas Chauvet <kwizart(a)gmail.com> Date: Thu Sep 1 14:06:08 2016 +0200 Disable extra_enablerepos roles/mariadb_server/tasks/main.yml | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) --- diff --git a/roles/mariadb_server/tasks/main.yml b/roles/mariadb_server/tasks/main.yml index 6eb3bb7..f11e22b 100644 --- a/roles/mariadb_server/tasks/main.yml +++ b/roles/mariadb_server/tasks/main.yml @@ -1,12 +1,12 @@ - name: ensure packages required for mariadb are installed - yum: name={{ item }} state=present enablerepo={{ extra_enablerepos }} + yum: name={{ item }} state=present with_items: - mariadb-server - MySQL-python when: ansible_distribution_major_version|int < 22 - name: ensure packages required for mariadb are installed - dnf: name={{ item }} state=present enablerepo={{ extra_enablerepos }} + dnf: name={{ item }} state=present with_items: - mariadb-server - MySQL-python

7 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

sysadmin-notify September 2016