commit 9efb56f29168855eaa8d320b4b25bb3f43178d9b Author: Nicolas Chauvet <kwizart(a)gmail.com&gt; Date: Fri Oct 18 14:19:32 2024 +0200 Update vars vars/Fedora.yml | 9 ++--- vars/RedHat.yml | 1 - vars/all/00-FedoraCycleNumber.yaml | 2 +- vars/global.yml | 54 ++++-------------------------------- 4 files changed, 11 insertions(+), 55 deletions(-) --- diff --git a/vars/Fedora.yml b/vars/Fedora.yml index 35e4b66..b4291a7 100644 --- a/vars/Fedora.yml +++ b/vars/Fedora.yml @@ -1,8 +1,7 @@ --- dist_tag: f{{ ansible_distribution_version }} -base_pkgs_inst: ['iptables-services' ] -base_pkgs_erase: ['firewalld', 'sendmail', 'at'] -service_disabled: [ ] -service_enabled: ['auditd','logrotate.timer'] +base_pkgs_inst: ['iptables-services', 'cronie'] +base_pkgs_erase: ['firewalld', 'sendmail', 'at', 'pam_sss'] +service_disabled: [] +service_enabled: ['auditd', 'logrotate.timer'] is_fedora: True -pythonsitelib: /usr/lib/python2.7/site-packages diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 67d7b27..f9a6f62 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -5,4 +5,3 @@ base_pkgs_erase: ['firstboot-tui','bluez-utils', 'sendmail','firewalld'] service_disabled: [] service_enabled: [] is_rhel: True -pythonsitelib: /usr/lib/python2.7/site-packages diff --git a/vars/all/00-FedoraCycleNumber.yaml b/vars/all/00-FedoraCycleNumber.yaml index d1ec27f..c0e54be 100644 --- a/vars/all/00-FedoraCycleNumber.yaml +++ b/vars/all/00-FedoraCycleNumber.yaml @@ -1 +1 @@ -FedoraCycleNumber: 34 +FedoraCycleNumber: 40 diff --git a/vars/global.yml b/vars/global.yml index bf5d18f..f28b757 100644 --- a/vars/global.yml +++ b/vars/global.yml @@ -9,64 +9,22 @@ tasks_path: /srv/web/infra/ansible/tasks vars_path: "/srv/web/infra/ansible/vars" dist_tag: unknown auth_keys_from_fas: '/srv/web/infra/ansible/scripts/auth-keys-from-fas' -# -# These are images in the old cloud using the ec2 interface -# -el6_qcow_id: ami-00000013 -f18_qcow_id: ami-00000016 -el6_ami_id: ami-0000000e -f17_qcow_id: ami-00000001 -# Fedora-19 -f19_qcow_id: ami-00000020 -# Fedora-20 -f20_qcow_id: ami-00000042 -# Fedora-21 -f21_qcow_id: ami-0000005a -# RHEL7beta -el7b_qcow_id: ami-0000003f -# RHEL7 -el7_qcow_id: ami-00000050 - -# -# These are the new images in the new cloud using the nova interface. -# -fedora20_x86_64: Fedora-x86_64-20-20140407 -fedora21_x86_64: Fedora-Cloud-Base-20141203-21.x86_64 -fedora22_alpha_x86_64: Fedora-Cloud-Base-22_Alpha-20150305.x86_64 -fedora22_beta_x86_64: Fedora-Cloud-Base-22_Beta-20150415.x86_64 -fedora22_x86_64: Fedora-Cloud-Base-22-20150521.x86_64 -fedora_atomic_22_alpha: Fedora-Cloud-Atomic-22_Alpha-20150305.x86_64 -fedora_atomic_22_beta: Fedora-Cloud-Atomic-22_Beta-20150415.x86_64 -fedora_atomic_22: Fedora-Cloud-Atomic-22-20150521.x86_64 -fedora23_x86_64: Fedora-Cloud-Base-23-20151030.x86_64 -fedora24_alpha_x86_64: Fedora-Cloud-Base-24_Alpha-7.x86_64.qcow2 -fedora24_x86_64: Fedora-Cloud-Base-24-1.2.x86_64.qcow2 -fedora25_x86_64: Fedora-Cloud-Base-25-1.3.x86_64 -fedora26_x86_64: Fedora-Cloud-Base-26-1.4.x86_64 -fedora27_x86_64: Fedora-Cloud-Base-27-1.2.x86_64 -fedora28_x86_64: Fedora-Cloud-Base-28-1.1.x86_64 -fedora29_x86_64: Fedora-Cloud-Base-29-1.2.x86_64 -fedora30_beta_x86_64: Fedora-Cloud-Base-30-20190329.n.0.x86_64 -fedora30_x86_64: Fedora-Cloud-Base-30-1.2.x86_64 -centos70_x86_64: CentOS-7-x86_64-GenericCloud-1503 -centos66_x86_64: CentOS-6-x86_64-GenericCloud-20141129_01 -rhel70_x86_64: rhel-guest-image-7.0-20140930.0.x86_64 -rhel66_x86_64: rhel-guest-image-6.6-20141222.0.x86_64 # Note: we do "+all -some" rather than "+some" to make sure we can use this # same list on both EL7 and Fedora and get new ciphers: on Fedora, at time of writing, # this includes TLSv1.3, which EL7 does not have. ssl_protocols: "+all -SSLv3 -TLSv1 -TLSv1.1" -ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!kDHE" -sslonly_hsts: true +ssl_ciphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK" + +httpd_maxrequestworkers: 2500 # Set a default hostname base to transient. Override in host vars or command line. hostbase: transient -global_pkgs_inst: ['bind-utils', 'mailx', 'nc', 'openssh-clients', +global_pkgs_inst: ['bind-utils', 'nc', 'openssh-clients', 'patch', 'postfix', 'rsync', 'strace', 'tmpwatch', 'traceroute', 'vim-enhanced', 'xz', 'zsh', - 'bash-completion', 'telnet', - 'atop', 'htop', 'rsyslog' ] + 'bash-completion', + 'atop', 'htop', 'rsyslog'] # Set up variables for various files to make sure we don't forget to use. repoSpanner_rpms_http: 8445 repoSpanner_ansible_http: 8443