e048e97abc
Fix Fedora installs and upgrade to version 33
2021-03-23 17:54:12 +00:00
1e69b21b08
Add db01.home.foo.sh
2021-03-23 17:15:02 +00:00
5282a19463
nfs-server: Add autocreate support for home/role directories
2021-03-23 17:01:39 +00:00
cc3f8748a0
Disable IPv6 on lan network for shell hosts
2021-03-23 16:32:10 +00:00
786b8699ff
network: Fix disabling IPv6 address on RHEL
...
When setting IPv6 addr to none interfaces were still autoconfigured
using router advertisements. This is now fixed.
2021-03-23 16:30:57 +00:00
89eec4e1c5
nginx/site: Disable certificate check when we have multiple backends
...
Nginx requires that all backend certificates need to match name defined
in ProxyPass directive:
https://trac.nginx.org/nginx/ticket/1307
2021-03-23 15:55:01 +00:00
90ccb41fd3
Allow CARP advertisemens from firewall on ns hosts
2021-03-23 06:55:44 +00:00
00088239fa
thinlinc-server: Use Let's Encrypt certs if available
2021-03-22 21:04:37 +00:00
ca3270d89b
nginx/server: Use SNI when connecting to backend servers
2021-03-22 20:59:03 +00:00
dd6fca4270
Add certificate validation support for shell hosts
2021-03-22 20:36:37 +00:00
147c8d4db5
nginx/server: Add plaintext HTTP server support for cert validation
2021-03-22 20:35:38 +00:00
65e34954f0
thinlinc-server: Tighten up TLS settings
2021-03-22 19:51:52 +00:00
67560714d8
Open HTTP and HTTPS ports from shell hosts.
2021-03-22 19:05:07 +00:00
480db886ca
thinlinc-server: Add web access configuration
...
Still lacks support for real certificates.
2021-03-22 19:03:09 +00:00
aed88b417b
nginx/server: Verify backend cert when proxying web sites
2021-03-22 19:02:10 +00:00
fbb64c4fb0
nginx/server: Drop xslt module as it's not used anymore
2021-03-22 17:09:27 +00:00
1f304aec10
Add CUPS client to shell hosts
2021-03-20 15:27:07 +00:00
c6a98151ba
cups-client: Initial version of role
2021-03-20 15:26:43 +00:00
40d5107898
Fix priority variable from carp interfaces on proxies
2021-03-20 15:25:54 +00:00
730cf1ab09
nginx: Set hsts headers in proxy level and not in backend
2021-03-20 14:29:28 +00:00
ad49c7f6b9
Add cups server to print hosts
2021-03-20 14:18:46 +00:00
a7035e9c38
Add mail relaying to foo.sh addresses for nms hosts
2021-03-20 14:18:05 +00:00
d55c77c30f
postfix: Add relay support to specific domains
2021-03-20 14:17:14 +00:00
bf39708fac
Fix warnings about integer value
2021-03-20 14:16:21 +00:00
6f156a91fd
cups: Don't set keytab in role
2021-03-20 14:15:52 +00:00
e62cad951c
Add print to master playbook
2021-03-20 13:59:51 +00:00
027dfc2a48
Add print01 host
2021-03-20 02:01:57 +00:00
c3c37d1b14
Add snmp tools to nms hosts
2021-03-20 01:23:00 +00:00
d0f89f2afc
Open tftp and ntp ports from firewall on nms hosts
2021-03-19 23:52:53 +00:00
5c1ff863c7
rsyslog: Add missing udp listener file
2021-03-19 23:52:15 +00:00
db8040d762
Add tftp server to nms hosts
2021-03-19 23:50:53 +00:00
aa0f0d61dd
tftp: Initial version of tftp server role
...
Currently this is role allows writing to data directory.
2021-03-19 23:49:34 +00:00
ec1121107a
Add RCS to nms hosts
2021-03-19 22:52:02 +00:00
e7a32718f4
Fix sssd/mkhomedir order from nms hosts
2021-03-19 22:23:02 +00:00
02d23a723c
Add unzip for nms hosts (to extract firmware packages)
2021-03-19 21:48:58 +00:00
07c8054e8b
Add RCS to shell hosts
2021-03-19 21:47:16 +00:00
11daf618fa
Add wget to nms hosts
2021-03-19 21:45:58 +00:00
c91db784e1
network: Use insecure password for keepalived
...
Using AH based authentication generates duplicate announces from master:
IPSEC-AH : sequence number 34831 already processed. Packet dropped.
Use insecure (unencrypted) authentication for announcement pakets until
this is sorted out.
2021-03-19 21:21:27 +00:00
ba97c88303
Add initial NTP server support to nms hosts
2021-03-19 20:54:04 +00:00
8f30553fd8
Add ssh config to shell hosts for connecting servers
2021-03-19 20:46:47 +00:00
b726e2e029
Add UDP logging support from oob network
2021-03-19 20:02:55 +00:00
31bb8d1158
rsyslog: Add optional UDP listener support
2021-03-19 20:02:24 +00:00
a17cb88c1e
iptables: Don't set empty defaults, check if var is defined
2021-03-19 18:36:48 +00:00
6acefc9178
pf: Don't set empty defaults, check if var is defined
2021-03-19 18:35:58 +00:00
5417be177a
Add nms group to master playbook
2021-03-19 18:27:59 +00:00
87001613ed
network: Document network_vip_interfaces usage
2021-03-19 18:23:32 +00:00
43c4602ed4
iptables: Don't use ipv4 raw rules on ipv6 firewall
2021-03-19 18:22:19 +00:00
1c9df4f36f
Add nms01/02 hosts
2021-03-19 18:21:38 +00:00
c7d8c1e677
Convert OpenBSD hosts with CARP to use new VIP interfaces
2021-03-19 18:19:03 +00:00
d63f828e8b
network: Move OpenBSD CARP to use network_vip_interfaces
...
This will also change advskew option to priority and inverse functionality
so greatest value wins instead of lowest.
2021-03-19 18:17:02 +00:00
