9:20 a.m.
commit 2d9b80e1cb24d97bd519653db7c9eb47e2c362b9
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 11:20:42 2019 +0200
Update varsz
vars/Fedora.yml | 2 +-
vars/RedHat.yml | 4 ++--
vars/global.yml | 21 ++++++++++++++++++---
3 files changed, 21 insertions(+), 6 deletions(-)
---
diff --git a/vars/Fedora.yml b/vars/Fedora.yml
index 9372c10..affe407 100644
--- a/vars/Fedora.yml
+++ b/vars/Fedora.yml
@@ -1,7 +1,7 @@
---
dist_tag: f{{ ansible_distribution_version }}
base_pkgs_inst: ['iptables-services' ]
-base_pkgs_erase: ['firewalld', 'PackageKit*', 'sendmail',
'at']
+base_pkgs_erase: ['firewalld', 'sendmail', 'at']
service_disabled: [ ]
service_enabled: ['auditd']
is_fedora: True
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index d2c0b2b..d5e7621 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -2,7 +2,7 @@
dist_tag: el{{ ansible_distribution_version[0] }}
base_pkgs_inst: ['iptables-services']
base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail',
'firewalld']
-service_disabled: [ ]
-service_enabled: [ ]
+service_disabled: []
+service_enabled: []
is_rhel: True
pythonsitelib: /usr/lib/python2.7/site-packages
diff --git a/vars/global.yml b/vars/global.yml
index d30f65f..4f16050 100644
--- a/vars/global.yml
+++ b/vars/global.yml
@@ -39,13 +39,25 @@ fedora_atomic_22_alpha: Fedora-Cloud-Atomic-22_Alpha-20150305.x86_64
fedora_atomic_22_beta: Fedora-Cloud-Atomic-22_Beta-20150415.x86_64
fedora_atomic_22: Fedora-Cloud-Atomic-22-20150521.x86_64
fedora23_x86_64: Fedora-Cloud-Base-23-20151030.x86_64
+fedora24_alpha_x86_64: Fedora-Cloud-Base-24_Alpha-7.x86_64.qcow2
+fedora24_x86_64: Fedora-Cloud-Base-24-1.2.x86_64.qcow2
+fedora25_x86_64: Fedora-Cloud-Base-25-1.3.x86_64
+fedora26_x86_64: Fedora-Cloud-Base-26-1.4.x86_64
+fedora27_x86_64: Fedora-Cloud-Base-27-1.2.x86_64
+fedora28_x86_64: Fedora-Cloud-Base-28-1.1.x86_64
+fedora29_x86_64: Fedora-Cloud-Base-29-1.2.x86_64
+fedora30_beta_x86_64: Fedora-Cloud-Base-30-20190329.n.0.x86_64
+fedora30_x86_64: Fedora-Cloud-Base-30-1.2.x86_64
centos70_x86_64: CentOS-7-x86_64-GenericCloud-1503
centos66_x86_64: CentOS-6-x86_64-GenericCloud-20141129_01
rhel70_x86_64: rhel-guest-image-7.0-20140930.0.x86_64
rhel66_x86_64: rhel-guest-image-6.6-20141222.0.x86_64
-ssl_protocols: "-All +TLSv1 +TLSv1.1 +TLSv1.2"
-ssl_ciphers:
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
+# Note: we do "all and blacklist" rather than whitelist to make sure we can use
this
+# same list on both EL7 and Fedora and get new ciphers: on Fedora, at time of writing,
+# this includes TLSv1.3, which EL7 does not have.
+ssl_protocols: "+all -SSLv3 -TLSv1 -TLSv1.1"
+ssl_ciphers:
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
sslonly_hsts: true
# Set a default hostname base to transient. Override in host vars or command line.
@@ -54,4 +66,7 @@ global_pkgs_inst: ['bind-utils', 'mailx', 'nc',
'openssh-clients',
'patch', 'postfix', 'rsync',
'strace',
'tmpwatch', 'traceroute', 'vim-enhanced',
'xz', 'zsh',
'libselinux-python', 'ntpdate',
'bash-completion', 'telnet',
- 'htop', 'rsyslog' ]
+ 'atop', 'htop', 'rsyslog' ]
+# Set up variables for various files to make sure we don't forget to use.
+repoSpanner_rpms_http: 8445
+repoSpanner_ansible_http: 8443