[ansible] Switch Admin email
by Nicolas Chauvet
commit 863f3be4fa454cc64b9c7a4e898c62de4ac9887a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:24:19 2023 +0200
Switch Admin email
roles/mailman/templates/settings.py.j2 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/mailman/templates/settings.py.j2 b/roles/mailman/templates/settings.py.j2
index 1d8df3e..6f64fe5 100644
--- a/roles/mailman/templates/settings.py.j2
+++ b/roles/mailman/templates/settings.py.j2
@@ -15,7 +15,7 @@ SECRET_KEY = '{{ mailman_hyperkitty_cookie_key }}'
DEBUG = False
ADMINS = (
- ('HyperKitty Admin', 'kwizart(a)gmail.com'),
+ ('HyperKitty Admin', 'kwizart+rfsystem(a)kwizart.net'),
)
SERVER_EMAIL = 'root(a)rpmfusion.org'
DEFAULT_FROM_EMAIL = "admin(a)rpmfusion.org"
1 year, 6 months
[ansible] Switch max-requests
by Nicolas Chauvet
commit f8b85b44c072ed009dfdd1bfa8b5c6c0dec62e9a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:23:58 2023 +0200
Switch max-requests
roles/mailman/templates/apache.conf.j2 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/mailman/templates/apache.conf.j2 b/roles/mailman/templates/apache.conf.j2
index 43a2c2b..1ff3f05 100644
--- a/roles/mailman/templates/apache.conf.j2
+++ b/roles/mailman/templates/apache.conf.j2
@@ -5,7 +5,7 @@ Alias /static {{ mailman_webui_basedir }}/static
#CustomLog /var/log/httpd/webui_access.log combined
WSGIScriptAlias / {{ mailman_webui_confdir }}/webui.wsgi
-WSGIDaemonProcess webui display-name=webui maximum-requests=1000 processes=4 threads=10
+WSGIDaemonProcess webui display-name=webui maximum-requests=100 processes=2 threads=4
WSGISocketPrefix run/wsgi
WSGIRestrictStdout On
WSGIRestrictSignal Off
1 year, 6 months
[ansible] Switch shebang
by Nicolas Chauvet
commit b170377944ffd378f9c3169e7ad5e8cd957a0d29
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:23:22 2023 +0200
Switch shebang
roles/mailman/files/periodic.py | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/mailman/files/periodic.py b/roles/mailman/files/periodic.py
index 73dcee0..09ae2b5 100755
--- a/roles/mailman/files/periodic.py
+++ b/roles/mailman/files/periodic.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/python3.4
import os
import sys
1 year, 6 months
[ansible] Switch CACHESIZE for mailman
by Nicolas Chauvet
commit 8a29726d5e11604c6c4b2cb46f71595446f84c88
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:22:50 2023 +0200
Switch CACHESIZE for mailman
roles/mailman/files/memcached.sysconfig | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/mailman/files/memcached.sysconfig b/roles/mailman/files/memcached.sysconfig
index 8987176..f722513 100644
--- a/roles/mailman/files/memcached.sysconfig
+++ b/roles/mailman/files/memcached.sysconfig
@@ -1,5 +1,5 @@
PORT="11211"
USER="memcached"
MAXCONN="1024"
-CACHESIZE="4096"
+CACHESIZE="128"
OPTIONS=""
1 year, 6 months
[ansible] Drop vars for mailman
by Nicolas Chauvet
commit eecea761e677765ffa6667aa6decc32fd1a819d6
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:21:24 2023 +0200
Drop vars for mailman
inventory/group_vars/mailman | 12 ------------
1 files changed, 0 insertions(+), 12 deletions(-)
---
diff --git a/inventory/group_vars/mailman b/inventory/group_vars/mailman
index 9921acd..a38c3f8 100644
--- a/inventory/group_vars/mailman
+++ b/inventory/group_vars/mailman
@@ -41,18 +41,6 @@ mailman_login:
github:
display_name: GitHub
provider: github
- twitter:
- display_name: Twitter
- provider: twitter
- google:
- display_name: Google
- provider: google
- facebook:
- display_name: Facebook
- provider: facebook
- stackexchange:
- display_name: StackExchange
- provider: stackexchange
# by default, the number of emails in queue before we whine
nrpe_check_postfix_queue_warn: 100
1 year, 6 months
[ansible] Add compat for dnf-5 until the default for builder
by Nicolas Chauvet
commit 79495c76275220b1dda70e9eb20b827422ea940b
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:20:33 2023 +0200
Add compat for dnf-5 until the default for builder
.../koji_builder/files/builders/site-defaults.cfg | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/site-defaults.cfg b/roles/koji_builder/files/builders/site-defaults.cfg
index 0e0ff4c..cda270d 100644
--- a/roles/koji_builder/files/builders/site-defaults.cfg
+++ b/roles/koji_builder/files/builders/site-defaults.cfg
@@ -8,6 +8,9 @@ config_opts['environment']['LANG'] = 'C.UTF-8'
config_opts['use_bootstrap'] = True
config_opts['yum_install_command'] += " -x devtoolset*"
config_opts['dnf_warning'] = False
+config_opts['dnf_command'] = '/usr/bin/dnf-3'
+config_opts['system_dnf_command'] = '/usr/bin/dnf-3'
+config_opts['dnf_install_command'] = 'install python3-dnf dnf-plugins-core'
if '-cuda' in config_opts['chroot_name']:
config_opts['module_setup_commands'] = [
1 year, 6 months
[ansible] Update virthost
by Nicolas Chauvet
commit 3e832b597a6bdeea1acd24d8f6a7de6307986393
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:18:30 2023 +0200
Update virthost
playbooks/groups/virthost.yml | 37 +++++++++++++++++++------------------
1 files changed, 19 insertions(+), 18 deletions(-)
---
diff --git a/playbooks/groups/virthost.yml b/playbooks/groups/virthost.yml
index fcf2889..1e9b8d8 100644
--- a/playbooks/groups/virthost.yml
+++ b/playbooks/groups/virthost.yml
@@ -1,38 +1,39 @@
+---
# create a new virthost server system
# NOTE: should be used with --limit most of the time
# NOTE: most of these vars_path come from group_vars/backup_server or from hostvars
-- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=virthost:bvirthost:buildvmhost:virthost_comm:colo_virt:virthost_communishift
+- import_playbook: "/srv/web/infra/ansible/playbooks/include/happy_birthday.yml myhosts=virthost:bvirthost:buildvmhost:virthost_comm:colo_virt:virthost_communishift"
- name: make virthost server system
hosts: virthost:bvirthost:buildvmhost:virthost_comm:colo_virt:virthost_communishift
user: root
- gather_facts: True
+ gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- - "/srv/private/ansible/vars.yml"
+ - /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
pre_tasks:
- - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
- - import_tasks: "{{ tasks_path }}/yumrepos.yml"
+ - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
+ - import_tasks: "{{ tasks_path }}/yumrepos.yml"
roles:
- - base
- - rkhunter
- - nagios_client
- - hosts
- - fas_client
- - collectd/base
- - { role: iscsi_client, when: datacenter == "online" }
- - sudo
- - { role: openvpn/client, when: datacenter != "online" }
- - virthost
+ - base
+ - rkhunter
+ - nagios_client
+ - hosts
+ - fas_client
+ - collectd/base
+ - {role: iscsi_client, when: datacenter == "online"}
+ - sudo
+ - {role: openvpn/client, when: datacenter != "online"}
+ - virthost
tasks:
- - import_tasks: "{{ tasks_path }}/2fa_client.yml"
- - import_tasks: "{{ tasks_path }}/motd.yml"
+ - import_tasks: "{{ tasks_path }}/2fa_client.yml"
+ - import_tasks: "{{ tasks_path }}/motd.yml"
handlers:
- - import_tasks: "{{ handlers_path }}/restart_services.yml"
+ - import_tasks: "{{ handlers_path }}/restart_services.yml"
1 year, 6 months
[ansible] Update ssl_ciphers
by Nicolas Chauvet
commit 6da4e0a15630ee2dbf45474bc95c9a9e955ab9b1
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Jun 23 11:18:06 2023 +0200
Update ssl_ciphers
vars/global.yml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/vars/global.yml b/vars/global.yml
index f3ed1c8..bf5d18f 100644
--- a/vars/global.yml
+++ b/vars/global.yml
@@ -57,7 +57,7 @@ rhel66_x86_64: rhel-guest-image-6.6-20141222.0.x86_64
# same list on both EL7 and Fedora and get new ciphers: on Fedora, at time of writing,
# this includes TLSv1.3, which EL7 does not have.
ssl_protocols: "+all -SSLv3 -TLSv1 -TLSv1.1"
-ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
+ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!kDHE"
sslonly_hsts: true
# Set a default hostname base to transient. Override in host vars or command line.
1 year, 6 months