786b8699ff
network: Fix disabling IPv6 address on RHEL
...
When setting IPv6 addr to none interfaces were still autoconfigured
using router advertisements. This is now fixed.
2021-03-23 16:30:57 +00:00
89eec4e1c5
nginx/site: Disable certificate check when we have multiple backends
...
Nginx requires that all backend certificates need to match name defined
in ProxyPass directive:
https://trac.nginx.org/nginx/ticket/1307
2021-03-23 15:55:01 +00:00
00088239fa
thinlinc-server: Use Let's Encrypt certs if available
2021-03-22 21:04:37 +00:00
ca3270d89b
nginx/server: Use SNI when connecting to backend servers
2021-03-22 20:59:03 +00:00
147c8d4db5
nginx/server: Add plaintext HTTP server support for cert validation
2021-03-22 20:35:38 +00:00
65e34954f0
thinlinc-server: Tighten up TLS settings
2021-03-22 19:51:52 +00:00
480db886ca
thinlinc-server: Add web access configuration
...
Still lacks support for real certificates.
2021-03-22 19:03:09 +00:00
aed88b417b
nginx/server: Verify backend cert when proxying web sites
2021-03-22 19:02:10 +00:00
fbb64c4fb0
nginx/server: Drop xslt module as it's not used anymore
2021-03-22 17:09:27 +00:00
c6a98151ba
cups-client: Initial version of role
2021-03-20 15:26:43 +00:00
730cf1ab09
nginx: Set hsts headers in proxy level and not in backend
2021-03-20 14:29:28 +00:00
d55c77c30f
postfix: Add relay support to specific domains
2021-03-20 14:17:14 +00:00
6f156a91fd
cups: Don't set keytab in role
2021-03-20 14:15:52 +00:00
5c1ff863c7
rsyslog: Add missing udp listener file
2021-03-19 23:52:15 +00:00
aa0f0d61dd
tftp: Initial version of tftp server role
...
Currently this is role allows writing to data directory.
2021-03-19 23:49:34 +00:00
c91db784e1
network: Use insecure password for keepalived
...
Using AH based authentication generates duplicate announces from master:
IPSEC-AH : sequence number 34831 already processed. Packet dropped.
Use insecure (unencrypted) authentication for announcement pakets until
this is sorted out.
2021-03-19 21:21:27 +00:00
31bb8d1158
rsyslog: Add optional UDP listener support
2021-03-19 20:02:24 +00:00
a17cb88c1e
iptables: Don't set empty defaults, check if var is defined
2021-03-19 18:36:48 +00:00
6acefc9178
pf: Don't set empty defaults, check if var is defined
2021-03-19 18:35:58 +00:00
87001613ed
network: Document network_vip_interfaces usage
2021-03-19 18:23:32 +00:00
43c4602ed4
iptables: Don't use ipv4 raw rules on ipv6 firewall
2021-03-19 18:22:19 +00:00
d63f828e8b
network: Move OpenBSD CARP to use network_vip_interfaces
...
This will also change advskew option to priority and inverse functionality
so greatest value wins instead of lowest.
2021-03-19 18:17:02 +00:00
f8fe21c4a1
network: Don't explicitly set network_carp_interfaces
2021-03-19 17:17:57 +00:00
d187472f27
network: Add keepalived support
2021-03-19 17:09:17 +00:00
675d7af7a4
base: Store date and time for bash history on RedHat hosts
2021-03-19 16:49:37 +00:00
d43e4bfbe3
munin-server: Move data directory to /export/munin
2021-03-19 08:28:20 +00:00
6c4d42341c
munin-server: Add all hosts to munin from inventory
2021-03-19 07:01:23 +00:00
58c1add726
Rename munin-master to munin-server
2021-03-19 06:35:24 +00:00
63f19f7d27
Open munin from all hosts firewll
2021-03-19 06:32:08 +00:00
f96f3f6789
base: Add munin-node and update policy
...
munin-node adds depency to external repos so also update package
policy.
2021-03-19 00:17:46 +00:00
d381e4f3b7
ldap_netdb: Fix warnings from cron job
2021-03-19 00:05:02 +00:00
ce17dfbe70
munin-node: Fix dependencies for CentOS 8
2021-03-18 23:55:26 +00:00
b4e1edbf5d
munin-node: Run munin-node-configure when needed
2021-03-18 23:45:35 +00:00
7e6d2e241a
munin-node: Add EPEL repo as depency for EL systems
2021-03-18 23:37:11 +00:00
2f72664231
munin-node: Add OpenBSD support
2021-03-18 23:20:50 +00:00
b287591b32
munin-node: Initial version of munin-node role
2021-03-18 22:35:11 +00:00
6ef17adfa2
munin-master: Fix graph generation from cgi script
2021-03-18 22:31:28 +00:00
f5782ad361
apache: Change admin contact address
2021-03-18 22:27:05 +00:00
5d83306491
munin-master: Force TLS when connecting to nodes
2021-03-18 16:55:34 +00:00
15fec6b391
munin-master: Start munin cron job not just enable
2021-03-18 11:29:56 +00:00
5752bed415
munin-master: Remove localhost node
2021-03-18 11:07:47 +00:00
9f3ff39286
mod_auth_gssapi: SELinux fixes for CentOS 8
2021-03-18 11:02:01 +00:00
5eda17494d
mod_auth_gssapi: Set keytab path in environment variables
2021-03-18 11:01:19 +00:00
5d9bc1608f
mod_auth_gssapi: Fix keytab path config for CentOS 8
...
CentOS 8 doesn't apache doesn't read /etc/sysconfig/httpd anymore so
try to set keytab path location in apache config files.
2021-03-18 00:28:33 +00:00
cab7f424d5
munin-master: Initial version of role, WIP
2021-03-18 00:00:01 +00:00
71d392a556
powertools: Initial version of module
2021-03-17 22:45:13 +00:00
9675485eda
git/server: Fix typo from task name
2021-03-17 21:32:34 +00:00
58de72e85a
git: Convert to CentOS 8 and Apache
...
* Update git hosts to CentOS 8
* Drop nslscd and use sssd instead
* Change nginx to apache for future GSSAPI support
* Fix SELinux contexts from git data directory
2021-03-17 21:29:47 +00:00
3d885de573
ifstated: Fix fireall problems when fsol-gw is booted
...
For some reason firewall rules are not correctly loaded during boot
so reload them when ifstated starts.
2021-03-17 20:31:41 +00:00
887d4872d9
ifstated: Cannot validate config during provisioning
...
Network is restarted at the end of play run so ifstated validation
fails due to missing interfaces.
2021-03-17 19:05:01 +00:00
