Merge pull request #14961 from rocky-linux/develop

Develop - Small fixes for prep and rollout
2024-06-02 11:50:15 +00:00 · 2021-01-04 12:33:10 -07:00 · 2021-01-04 12:33:10 -07:00 · 2149224162
commit 2149224162
parent 46001435e5 786be11457
4 changed files with 14 additions and 10 deletions
--- a/ansible/playbooks/vars/common.yml
+++ b/ansible/playbooks/vars/common.yml
@ -6,4 +6,4 @@ rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
 # Requires jinja 2.9+
 rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
 # This will need to be vaulted
-# rocky_ldap_bind_pw: "ThisIsNotThePassword!"
+rocky_ldap_bind_pw: "{{ ipa_binder_password }}"
--- a/ansible/playbooks/vars/gitlab.yml
+++ b/ansible/playbooks/vars/gitlab.yml
@ -63,7 +63,7 @@ gitlab_nginx_listen_https: "false"

 gitlab_default_theme: 2

-gitlab_external_db: false
+gitlab_external_db: true
 gitlab_external_db_host: db.rockylinux.org
 gitlab_external_db_user: gitlab
-gitlab_external_db_password: gitlab
+gitlab_external_db_password: "{{ gitlab_db_pass }}"
--- a/ansible/playbooks/vars/ipsilon.yml
+++ b/ansible/playbooks/vars/ipsilon.yml
@ -1,5 +1,6 @@
 ---
 # Vars for ipsilon
+ipsilon_fqdn: idp.rockylinux.org
 ipsilon_databases:
  - name: rockyipsilon

@ -24,12 +25,12 @@ apache_ssl_cipher_suite: "PROFILE=SYSTEM"
 # be certificate_file, certificate_key_file, and certificate_chain_file
 apache_ignore_missing_ssl_certificate: true
 apache_vhosts:
-  - servername: "{{ inventory_hostname }}"
+  - servername: "{{ ipsilon_fqdn }}"
    documentroot: /var/www/html
    serveradmin: identitymanagement@rockylinux.org
    extra_parameters: |
-      CustomLog logs/{{ inventory_hostname }}_access.log combined
-      ErrorLog logs/{{ inventory_hostname }}_error.log
+      CustomLog logs/{{ ipsilon_fqdn }}_access.log combined
+      ErrorLog logs/{{ ipsilon_fqdn }}_error.log
      AccessFileName .htaccess
      Header always set X-Frame-Options "SAMEORIGIN"
      Header always set X-Xss-Protection "1; mode=block"
@ -38,8 +39,8 @@ apache_vhosts:
      RewriteEngine On
      RewriteCond $1 !^.well-known
      RewriteCond %{HTTPS} !=on
-      RewriteRule ^/?(.*) https://{{ inventory_hostname }}/$1 [R,L]
-  - servername: "{{ inventory_hostname }}"
+      RewriteRule ^/?(.*) https://{{ ipsilon_fqdn }}/$1 [R,L]
+  - servername: "{{ ipsilon_fqdn }}"
    documentroot: /var/www/html
    serveradmin: identitymanagement@rockylinux.org
    extra_parameters: |
@ -50,8 +51,8 @@ apache_vhosts:
      Header always set X-Xss-Protection "1; mode=block"
      Header always set X-Content-Type-Options "nosniff"
      Header always set Referrer-Policy "same-origin"
-      ErrorLog logs/ssl-{{ inventory_hostname }}_error.log
-      TransferLog logs/ssl-{{ inventory_hostname }}_access.log
+      ErrorLog logs/ssl-{{ ipsilon_fqdn }}_error.log
+      TransferLog logs/ssl-{{ ipsilon_fqdn }}_access.log
      LogLevel warn
      <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
--- a/ansible/playbooks/vars/vaults/encpass.yml
+++ b/ansible/playbooks/vars/vaults/encpass.yml
@ -22,3 +22,6 @@ koji_db_pass: !vault |
 pubsub_federation_pass: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          REDACTED
+gitlab_db_pass: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          REDACTED