system-config/playbooks
Jeremy Stanley f75191dbd4 Tighten permissions on Etherpad settings file
The file in which our Etherpad settings reside is templated with
sensitive data like an API key and DB password. Remove the world
readable bit from it, and also drop user/group write perms while
we're at it. Also switch the service's effective GID to match its
UID and make sure the config's ownership is set accordingly.

Change-Id: I65b70237b4bc8f4e63aa0b717702c124e01ed777
2024-05-01 19:18:59 +00:00
..
filter_plugins dns_[a|aaaa] filter; use host for lookup 2018-09-13 22:50:40 +10:00
group_vars Merge "Add openstack.org to certcheck domains" 2023-11-28 21:35:41 +00:00
k8s Add resources for deploying rook and xtradb to kuberenets 2019-02-05 18:52:21 +00:00
library Add inline_python module 2022-05-25 18:14:21 +00:00
module_utils/facts/system Ensure apt is used on ubuntu hosts with zypper 2018-08-20 20:45:13 +00:00
periodic Correct static known_hosts entry for goaccess jobs 2023-08-07 21:27:40 +00:00
roles Tighten permissions on Etherpad settings file 2024-05-01 19:18:59 +00:00
templates/clouds Switch rackspace clouds to api key auth 2024-03-07 09:05:12 -08:00
zuul Merge "Update etherpad to v2.0.3" 2024-05-01 16:08:38 +00:00
apply-package-updates.yaml launch: use apt to update packages 2023-04-13 14:14:58 +10:00
base.yaml infra-prod: run job against linaro 2023-03-15 12:00:25 +11:00
bootstrap-bridge.yaml install-ansible: overhaul install ansible requirements 2022-12-06 13:27:46 +11:00
bootstrap-k8s-nodes.yaml Stop running k8s-on-openstack nested 2019-02-12 18:17:46 +00:00
gitea-rename-setup-org.yaml Restore setup-org.yaml 2019-09-18 12:40:19 -07:00
gitea-rename-tasks.yaml Use the gitea api in the gitea renaming playbook 2021-08-03 08:47:16 -07:00
install_puppet.yaml Handle moved puppet repos 2019-05-15 16:03:07 -07:00
letsencrypt.yaml Refactor adns variables 2023-03-10 09:36:01 +11:00
manage-projects.yaml Add comments to manage-projects about project-config syncing 2021-10-21 11:44:02 -07:00
nodepool_pull.yaml Add pull tasks for nodepool/zuul 2021-02-19 15:42:40 -08:00
nodepool_restart.yaml Add stop and start playbooks for nodepool 2020-06-16 15:48:47 -05:00
nodepool_start.yaml Remove nodepool builder puppetry and nb03.openstack.org 2020-09-09 15:09:43 -07:00
nodepool_stop.yaml Remove nodepool builder puppetry and nb03.openstack.org 2020-09-09 15:09:43 -07:00
remote_puppet_adhoc.yaml Clean up puppet variables and playbooks 2018-08-17 09:41:12 -05:00
remote_puppet_else.yaml Cleanup eavesdrop puppet references 2021-06-10 09:02:23 +10:00
rename_repos.yaml Move gerrit replication waiting queue aside during project renames 2024-03-06 09:25:01 -08:00
run_cloud_launcher.yaml Use zuul checkouts of ansible roles from other repos 2020-04-30 12:39:12 -05:00
run-accessbot.yaml Sync project-config before deploying accessbot 2021-07-09 23:15:52 +00:00
service-afs.yaml Refactor AFS groups 2021-02-11 13:35:16 +11:00
service-borg-backup.yaml service-borg-backup: preload backup server facts 2021-02-23 13:04:20 +11:00
service-bridge.yaml bridge: switch OSC from container to local install 2022-11-25 09:37:40 +00:00
service-cloud-linaro.yaml infra-prod: run job against linaro 2023-03-15 12:00:25 +11:00
service-codesearch.yaml encrypt-logs: turn on for all prod playbooks 2022-02-24 09:57:55 +11:00
service-dstatlogger.yaml Use dstat to record performance of system-config-run hosts 2021-02-16 14:31:30 -08:00
service-eavesdrop.yaml ptgbot: setup web interface 2021-10-06 15:39:25 +11:00
service-etherpad.yaml Make etherpad configuration more generic for multiple hosts 2023-04-05 08:36:27 -07:00
service-gitea-lb.yaml Make haproxy role more generic 2021-12-01 09:55:45 +11:00
service-gitea.yaml Use the apache-ua-filter role on Gitea servers 2020-10-16 17:45:19 +00:00
service-grafana.yaml Cleanup grafana.openstack.org 2020-10-29 07:59:42 +11:00
service-graphite.yaml Cleanup graphite01 2020-09-30 11:55:24 +10:00
service-kerberos.yaml kerberos-kdc: role to manage Kerberos KDC servers 2021-03-17 08:30:52 +11:00
service-keycloak.yaml Add a keycloak server 2021-12-03 14:17:23 -08:00
service-lists3.yaml Add a mailman3 list server 2022-11-11 23:20:19 +00:00
service-meetpad.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-mirror-update.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-mirror.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-nameserver.yaml Refactor adns variables 2023-03-10 09:36:01 +11:00
service-nodepool.yaml Auto update nodepool launchers 2022-06-16 08:23:17 -07:00
service-paste.yaml Remove paste01.openstack.org 2021-07-15 23:25:10 +00:00
service-refstack.yaml refstack: cleanup old puppet 2021-03-17 07:06:53 +11:00
service-registry.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-review.yaml Switch router addresses for review02 to global 2021-12-17 16:32:59 +01:00
service-static.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
service-tracing.yaml Add Jaeger tracing server 2022-09-15 19:21:33 -07:00
service-zookeeper.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-zuul-db.yaml Add a standalone zuul db server 2024-04-04 12:25:23 -07:00
service-zuul-lb.yaml Add Zuul load balancer 2022-02-10 13:24:42 -08:00
service-zuul-preview.yaml Run iptables in service playbooks instead of base 2020-06-04 07:44:22 -05:00
service-zuul.yaml Add kerberos-client group 2021-03-18 11:59:30 +11:00
set-hostnames.yaml Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00
start-mergers-executors.yaml Update zuul-executor stop/start playbook 2020-07-17 16:18:26 -07:00
stop-mergers-executors.yaml Update zuul-executor stop/start playbook 2020-07-17 16:18:26 -07:00
sync-gitea-projects.yaml Revert "Allow gitea_create_repos always_update to be list" 2021-10-15 13:03:59 -07:00
test-borg-backup.yaml borg-backup: implement saving a stream, use for database backups 2021-02-03 11:43:12 +11:00
test-codesearch.yaml hound: enable detect-ref 2022-02-25 17:27:35 +11:00
test-gitea.yaml Reapply "Switch Gerrit replication to a larger RSA key" 2023-12-06 09:02:17 -08:00
test-grafana.yaml grafana: take some screenshots during testing 2021-02-17 10:43:26 +11:00
test-inline-python.yaml Add inline_python module 2022-05-25 18:14:21 +00:00
test-kerberos.yaml kerberos-kdc: role to manage Kerberos KDC servers 2021-03-17 08:30:52 +11:00
test-manage-projects.yaml Don't always update gitea project descriptions 2021-03-16 13:06:16 -07:00
test-paste.yaml Remove paste01.openstack.org 2021-07-15 23:25:10 +00:00
test-update-zuul-description.yaml Abstract name of bastion host for testing path 2022-10-20 09:00:43 +11:00
unattended_upgrades.yml Rename attended_upgrades playbook to unattended_upgrades 2016-07-19 10:41:09 +02:00
update_puppet_version.yaml Fix URLs after OpenDev rename 2020-03-18 18:23:17 +01:00
zuul_pull.yaml Add pull tasks for nodepool/zuul 2021-02-19 15:42:40 -08:00
zuul_reboot.yaml Fix overindented ansible in zuul_reboot.yaml playbook 2022-09-07 14:03:11 -07:00
zuul_reconfigure.yaml Stub out zuul_reconfigure playbook 2018-09-14 09:17:36 -06:00
zuul_restart.yaml Rework zuul start/stop/restart playbooks for docker 2020-04-27 09:34:50 -05:00
zuul_rolling_restart.yaml Add the start of a Zuul rolling restart playbook 2022-05-25 09:48:28 -07:00
zuul_start.yaml Run zuul-web on zuul01 and add to load balancer 2022-03-04 13:11:09 -08:00
zuul_stop.yaml Run zuul-web on zuul01 and add to load balancer 2022-03-04 13:11:09 -08:00