Merge pull request #14961 from rocky-linux/develop

Develop - Small fixes for prep and rollout
This commit is contained in:
Louis Abel 2021-01-04 12:33:10 -07:00 committed by GitHub
commit 2149224162
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 14 additions and 10 deletions

View File

@ -6,4 +6,4 @@ rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
# Requires jinja 2.9+ # Requires jinja 2.9+
rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}" rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
# This will need to be vaulted # This will need to be vaulted
# rocky_ldap_bind_pw: "ThisIsNotThePassword!" rocky_ldap_bind_pw: "{{ ipa_binder_password }}"

View File

@ -63,7 +63,7 @@ gitlab_nginx_listen_https: "false"
gitlab_default_theme: 2 gitlab_default_theme: 2
gitlab_external_db: false gitlab_external_db: true
gitlab_external_db_host: db.rockylinux.org gitlab_external_db_host: db.rockylinux.org
gitlab_external_db_user: gitlab gitlab_external_db_user: gitlab
gitlab_external_db_password: gitlab gitlab_external_db_password: "{{ gitlab_db_pass }}"

View File

@ -1,5 +1,6 @@
--- ---
# Vars for ipsilon # Vars for ipsilon
ipsilon_fqdn: idp.rockylinux.org
ipsilon_databases: ipsilon_databases:
- name: rockyipsilon - name: rockyipsilon
@ -24,12 +25,12 @@ apache_ssl_cipher_suite: "PROFILE=SYSTEM"
# be certificate_file, certificate_key_file, and certificate_chain_file # be certificate_file, certificate_key_file, and certificate_chain_file
apache_ignore_missing_ssl_certificate: true apache_ignore_missing_ssl_certificate: true
apache_vhosts: apache_vhosts:
- servername: "{{ inventory_hostname }}" - servername: "{{ ipsilon_fqdn }}"
documentroot: /var/www/html documentroot: /var/www/html
serveradmin: identitymanagement@rockylinux.org serveradmin: identitymanagement@rockylinux.org
extra_parameters: | extra_parameters: |
CustomLog logs/{{ inventory_hostname }}_access.log combined CustomLog logs/{{ ipsilon_fqdn }}_access.log combined
ErrorLog logs/{{ inventory_hostname }}_error.log ErrorLog logs/{{ ipsilon_fqdn }}_error.log
AccessFileName .htaccess AccessFileName .htaccess
Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block" Header always set X-Xss-Protection "1; mode=block"
@ -38,8 +39,8 @@ apache_vhosts:
RewriteEngine On RewriteEngine On
RewriteCond $1 !^.well-known RewriteCond $1 !^.well-known
RewriteCond %{HTTPS} !=on RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://{{ inventory_hostname }}/$1 [R,L] RewriteRule ^/?(.*) https://{{ ipsilon_fqdn }}/$1 [R,L]
- servername: "{{ inventory_hostname }}" - servername: "{{ ipsilon_fqdn }}"
documentroot: /var/www/html documentroot: /var/www/html
serveradmin: identitymanagement@rockylinux.org serveradmin: identitymanagement@rockylinux.org
extra_parameters: | extra_parameters: |
@ -50,8 +51,8 @@ apache_vhosts:
Header always set X-Xss-Protection "1; mode=block" Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff" Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin" Header always set Referrer-Policy "same-origin"
ErrorLog logs/ssl-{{ inventory_hostname }}_error.log ErrorLog logs/ssl-{{ ipsilon_fqdn }}_error.log
TransferLog logs/ssl-{{ inventory_hostname }}_access.log TransferLog logs/ssl-{{ ipsilon_fqdn }}_access.log
LogLevel warn LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$"> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars SSLOptions +StdEnvVars

View File

@ -22,3 +22,6 @@ koji_db_pass: !vault |
pubsub_federation_pass: !vault | pubsub_federation_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
REDACTED REDACTED
gitlab_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
REDACTED