Retrospective Freeze Break Request: enable moderator group
by Patrick Uiterwijk
Hi,
I had to apply the following patch to make Basset able to enable users: this removes the "if staging" conditional.
Could I get +1s please?
diff --git a/roles/fas_server/templates/fas.cfg.j2 b/roles/fas_server/templates/fas.cfg.j2
index 3f293dc..1c6bf8d 100644
--- a/roles/fas_server/templates/fas.cfg.j2
+++ b/roles/fas_server/templates/fas.cfg.j2
@@ -73,11 +73,7 @@ systemgroup = 'fas-system'
# Valid action :
# modo.allow.update_status, allow approved member to do related action.
modo.group = 'accounts-moderators'
-{% if env == "staging" %}
modo.allow.update_status = True
-{% else %}
-modo.allow.update_status = False
-{% endif %}
# thirdpartygroup is for thirdparties that also need group management
# via fas, but maintain their own actual account systems
With kind regards,
Patrick Uiterwijk
Fedora Infra
8 years, 1 month
Freeze break request: Block certain problematic rsync IPs
by Stephen John Smoogen
commit c83e3ef418abac30f3c25b93244150e138583c7d
Author: Stephen Smoogen <smooge(a)redhat.com>
Date: Fri Mar 18 19:26:37 2016 +0000
add in some rules.
diff --git a/inventory/group_vars/download-phx2
b/inventory/group_vars/download-phx2
index 111eeca..e44d0e0 100644
--- a/inventory/group_vars/download-phx2
+++ b/inventory/group_vars/download-phx2
@@ -7,3 +7,5 @@ nrpe_procs_crit: 1000
# nfs mount options, overrides the all/default
nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,actimeo=600,nfsvers=3"
+
+custom_rules: [ '-A INPUT -s 143.106.60.118 -j DROP', '-A INPUT -s
143.106.60.112 -j DROP', '-A INPUT -s 169.53.165.245 -j DROP', '-A
INPUT -s 46.29.92.6 -j DROP', '-A INPUT -s 198.11.167.9 -j DROP', '-A
INPUT -s 103.193.116.147 -j DROP', '-A INPUT -s 69.47.68.211 -j DROP'
]
--
Stephen J Smoogen.
8 years, 1 month
Freeze break: epylog rules update for log01
by Kevin Fenzi
Greetings.
I'd like to weed out some anoying high volume messages from epylog
reports.
diff --git a/roles/epylog/files/merged/weed_local.cf
b/roles/epylog/files/merged/weed_local.cf index 60613c8..83aae40 100644
--- a/roles/epylog/files/merged/weed_local.cf
+++ b/roles/epylog/files/merged/weed_local.cf
@@ -231,6 +231,7 @@ rsyncd.*: name lookup failed for.*
rsyncd.*: rsync: connection unexpectedly closed.*
rsyncd.*: rsync error: error in rsync protocol data stream.*
rsyncd.*: sent.*
+rsyncd.*: rsync: change_dir.*failed.*
#rsync.*: rsync on.*
rsyslogd-2163:epoll_ctl failed
#goofy-ass rsyslogd error :(
@@ -292,6 +293,8 @@ sshd.*: Disconnecting: Too many authentication
failures.* sshd.*: Disconnected from.*
sshd.*: Read error from remote host.*
sshd.*: error: maximum authentication attempts exceeded for.*
+sshd.*: Close session.*user root from 10.5.126.23 port 60755 id 0
+sshd.*: error: key_read: uudecode.*failed
stunnel:.*connected remote.*
stunnel:.*SSL_read.*
stunnel:.*Connection reset.*
+1s?
kevin
8 years, 1 month
Can't login into wiki
by Ronit Halder
Hi,
when i want to login into fas or wiki with my acc Leoryk i get error message:
Login error
You have entered an invalid username and password. If you are certain
that your username and password are correct, confirm that you can log
in to the Fedora Account System
(https://admin.fedoraproject.org/accounts/) and that you have signed
the CLA.
even if i reset my password. What can i do?
I am unable to submit my Gsoc proposal
regards,
Ronit
8 years, 1 month
Freeze break request: Upgrade FAS to 0.12.0 and open firewall on
db-fas01 from basset01
by Patrick Uiterwijk
Hi,
Could I get +1s for the following things:
1. Upgrade FAS to 0.12.0: this release includes hooks for spam checks, and is currently running in Staging.
2. Installation of basset01.phx2 prod (not per se freeze break as it's a new host).
3. Open the db-fas01 prod firewall for basset01.phx2 (see patch) so that it can import the prod data.
Note that this specifically does not include updating the FAS config to make use of the Basset calls,
I will open a new FBR when I'm ready for that.
This means that for the time being, there should be no visible changes to FAS until we enable this.
I could hold off on the FAS upgrade until we are ready, but I figured I could get it done now. (if I can get
at least +1s for nr 2/3, I can get started).
[master 36bd988] Enable access from basset01 to db-fas01
1 file changed, 3 insertions(+)
[puiterwijk@batcave01 host_vars]$ git show HEAD
commit 36bd9884fc2a846ebc784713be8d88a5c555018a
Author: Patrick Uiterwijk <puiterwijk(a)redhat.com>
Date: Thu Mar 17 21:20:58 2016 +0000
Enable access from basset01 to db-fas01
Signed-off-by: Patrick Uiterwijk <puiterwijk(a)redhat.com>
diff --git a/inventory/host_vars/db-fas01.phx2.fedoraproject.org b/inventory/host_vars/db-fas01.phx2.fedoraproject.or
index 83372cc..00b6fb1 100644
--- a/inventory/host_vars/db-fas01.phx2.fedoraproject.org
+++ b/inventory/host_vars/db-fas01.phx2.fedoraproject.org
@@ -37,6 +37,9 @@ custom_rules: [
'-A INPUT -p tcp -m tcp -s 10.5.126.46 --dport 5432 -j ACCEPT',
'-A INPUT -p tcp -m tcp -s 10.5.126.47 --dport 5432 -j ACCEPT' ,
+ # basset01
+ '-A INPUT -p tcp -m tcp -s 10.5.126.194 --dport 5432 -j ACCEPT',
+
# sundries02...
'-A INPUT -p tcp -m tcp -s 10.5.126.41 --dport 5432 -j ACCEPT',
With kind regards,
Patrick Uiterwijk
Fedora Infra
8 years, 1 month
Freeze break request: Update wiki captcha settings
by Patrick Uiterwijk
Hi,
Per request of Adam Williamsion (discussion about ticket #5140), I would
like to disable captchas for logged in people.
At the same time, I'm also disabling the on-login captcha that stopped
the spam cleanup script from working at times of heavy spam.
Could I get +1s, or would people suggest to wait with this?
8 years, 1 month