las-it-organisation issueshttps://git.scc.kit.edu/groups/las-it-organisation/-/issues2017-11-21T18:24:54+01:00https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/16Fix latex role: handler mktexlsr2017-11-21T18:24:54+01:00sg7149Fix latex role: handler mktexlsr`mktexlsr` is not run correctly with the handler.
Package is not available immediately after installation, but after running `mktexlsr` as root (`$ sudo su ; # mktexlsr`)`mktexlsr` is not run correctly with the handler.
Package is not available immediately after installation, but after running `mktexlsr` as root (`$ sudo su ; # mktexlsr`)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/14skipping of elegant SDDSToolKit fails on F WS 252017-10-09T13:05:30+02:00sg7149skipping of elegant SDDSToolKit fails on F WS 25Though this should be skipped (like it does, when using the debug module), it does not and therefore fails.
role: elegant/tasks/elegant.yml lines 44 onwards
computer: las-gethmann.las.kit.edu
```
TASK [elegant : install SDDSToolKit] ...Though this should be skipped (like it does, when using the debug module), it does not and therefore fails.
role: elegant/tasks/elegant.yml lines 44 onwards
computer: las-gethmann.las.kit.edu
```
TASK [elegant : install SDDSToolKit] ********************************************************************************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "module_stderr": "No handlers could be found for logger \"dnf\"\nTraceback (most recent call last):\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 534, in <module>\n main()\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 530, in main\n ensure(module, base, params['state'], params['name'], params['autoremove'])\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 364, in ensure\n _install_remote_rpms(base, filenames)\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 322, in _install_remote_rpms\n pkgs.append(base.add_remote_rpm(filename))\n File \"/usr/lib/python2.7/site-packages/dnf/base.py\", line 925, in add_remote_rpm\n return self.sack.add_cmdline_package(path)\nIOError: Can not load RPM file: 26: u'3.5.1-1'}.fedora.25.x86_64.rpm.\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/84Rename [lab] to [maglab]2020-07-15T16:08:35+02:00sg7149Rename [lab] to [maglab]Rename `[lab]` role to avoid ambiguities between eg. LASMagLab and TGU-measurement stand.
(incomplete) list of its occurrence:
* hosts
* roles/lab
* sites.yml
* lab.yml
* README?Rename `[lab]` role to avoid ambiguities between eg. LASMagLab and TGU-measurement stand.
(incomplete) list of its occurrence:
* hosts
* roles/lab
* sites.yml
* lab.yml
* README?yuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/103get rid of old IPA related tasks and documentation2020-08-14T10:40:38+02:00sg7149get rid of old IPA related tasks and documentationAfter IPA is replaced by KIT-AD's LDAP one needs to clean the roles and the documentationAfter IPA is replaced by KIT-AD's LDAP one needs to clean the roles and the documentationKIT-ADhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/102Environment dependent epics configuration2020-07-15T14:59:38+02:00sg7149Environment dependent epics configurationEPICS is used for different purposes/environments which currently include:
* KARA
* LASMagLab
* TGU measurement
* Jena magnet setup
The configuration so far is only valid for one case only and the other configurations are changed by han...EPICS is used for different purposes/environments which currently include:
* KARA
* LASMagLab
* TGU measurement
* Jena magnet setup
The configuration so far is only valid for one case only and the other configurations are changed by hand which
- needs more steps for the installation and
- is error prone to (re-)running ansible.
This should be fixed.
See also issue #9https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/101Opera binaries to PATH2020-11-18T16:54:27+01:00sg7149Opera binaries to PATHAdd the main Opera binaries to the global PATH environment variable, so that they are available in all terminals.
* operafea-modeller*
* operafea-op3solve*
* operafea-post*
* operafea-readtrack*
* operafea-manager*
* operafea-pp*Add the main Opera binaries to the global PATH environment variable, so that they are available in all terminals.
* operafea-modeller*
* operafea-op3solve*
* operafea-post*
* operafea-readtrack*
* operafea-manager*
* operafea-pp*zx8344samira.fatehi@kit.eduzx8344samira.fatehi@kit.eduhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/92ansible ipv6 vs root2020-05-13T10:44:29+02:00sg7149ansible ipv6 vs rootansible tries to use IPv6 now that our hosts have proper DNS for IPv6.
Unfortunately the SSH-key for root only allows the IPv4 of obelix, so that running ansible fail atm.
One should either change the SSH-allowed IP addresses.
Or one sh...ansible tries to use IPv6 now that our hosts have proper DNS for IPv6.
Unfortunately the SSH-key for root only allows the IPv4 of obelix, so that running ansible fail atm.
One should either change the SSH-allowed IP addresses.
Or one should force ansible to use IPv4 only.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/91Add networking to common role2020-05-13T12:10:22+02:00sg7149Add networking to common roleAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/90Autoupdate on lab computers2020-07-15T15:40:04+02:00sg7149Autoupdate on lab computersChange the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that ex...Change the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that expects certain behaviour not to change.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/89Add fix to missing users at CN login screen2020-03-03T14:43:07+01:00sg7149Add fix to missing users at CN login screenFailing nodes: nichtsalsverdrus (Fedora LXQt)
Summary
-------
Users with UIDs of the IPA range and not the typical Linux user range (1000+) weren't shown in the login screen and one cannot type a user name either.
Steps to reproduce
...Failing nodes: nichtsalsverdrus (Fedora LXQt)
Summary
-------
Users with UIDs of the IPA range and not the typical Linux user range (1000+) weren't shown in the login screen and one cannot type a user name either.
Steps to reproduce
------------------
Log out and have a look at the login screen of the LXQt (SDDM) Fedora.
What is the current bug behavior?
---------------------------------
No users shown with too large UID (until workaround)
What is the expected correct behaviour?
---------------------------------------
All users selectable as login users.
Possible fixes
--------------
Fixed it (but not in ansible and not with a good upper limit, but only a value that is larger than the largest UID that is in use and small enough to show users.
If the UID is too large no user is shown at all.
In the `/etc/sddm.conf` one has to add the following lines:
```
HideUsers=nfsnobody
MaximumUid=1911111111
```
and restart sddm/Xorg.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/88SDDM not showing users2020-03-01T01:10:33+01:00sg7149SDDM not showing usersOnly the installation (local) user is displayed at the login screen.
[My documentation](https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/-/blob/master/ipa/freeipa.md#sddmlogin-manager)
suggests, that ...Only the installation (local) user is displayed at the login screen.
[My documentation](https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/-/blob/master/ipa/freeipa.md#sddmlogin-manager)
suggests, that it might help to add the network as a dependency to the sddm.service
```
SDDM/Login-Manager
In the case that KDE’s default login manager SDDM does not show any accounts to select for logging in, the following might help: Copy sddm.service from /lib/systemd/system to /etc/systemd/system, and add a line After=network.target to the [Unit] section.
```
Implement it as part of the ipa-hosts role.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/87Add backup daemon to LASMagLab computer2020-06-09T15:54:01+02:00sg7149Add backup daemon to LASMagLab computerLike done on the CN TGU terminal, it would make sense to have a backup daemon for the measurement data of the LASMagLab (on ueberdrus), too.
See also: las-software/15-1-Controls/Jena_UndulatorDocumentation#5 and las-it-organisation/issu...Like done on the CN TGU terminal, it would make sense to have a backup daemon for the measurement data of the LASMagLab (on ueberdrus), too.
See also: las-software/15-1-Controls/Jena_UndulatorDocumentation#5 and las-it-organisation/issues#8 and https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/-/blob/master/experiment_backup.md
It's not trivial and requires some more advanced knowledge of (Fedora/RHEL) Linux like SELinux and systemd.
@ue5734 hopefully understands my documentation and can do it or assist you (@vn4918 @updzh).ue5734ue5734https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/83LASMagLab DHCPd with template instead of static file2020-02-29T23:16:35+01:00sg7149LASMagLab DHCPd with template instead of static fileOne might want to use a template for the DHCPd server entry in the `dhcpd.conf`, so that one does not have to change it for a new computer.
Hints/Ideas for the template:
* MAC address: ('ansible_interfaces' starts with 'enp') ['ansible_...One might want to use a template for the DHCPd server entry in the `dhcpd.conf`, so that one does not have to change it for a new computer.
Hints/Ideas for the template:
* MAC address: ('ansible_interfaces' starts with 'enp') ['ansible_enp????']['macaddress'] when ['ansible_enp???']['ipv4']['network'] == '192.168.0.0'
* Hostname: ['ansible_fqdn']
* IP: '192.168.0.1'
```
# DHCPd host
host {{'ansible_hostname'}} {
hardware ethernet {{ macaddress }};
fixed-address {{ ip }};
}
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/82Install LASMagLab software on terminal computer2020-02-24T17:16:42+01:00sg7149Install LASMagLab software on terminal computerInstall the LASMagLab software on the terminal [lab] computer and add the GitLab-Token automatically.
Atm. the computer is only setup as a normal epics client and DHCPd server, but not with all the Control system components installed, y...Install the LASMagLab software on the terminal [lab] computer and add the GitLab-Token automatically.
Atm. the computer is only setup as a normal epics client and DHCPd server, but not with all the Control system components installed, yet.
Also the (Python) dependencies might be missing.
Checking out all the software at `/usr/local/share` would make sense.
The computer needed to be replaced quite often in the near past and might be replaced in the not too far future, so it would make sense to automate it.
At least one should do it when setting it up as a CSS host (if one sticks to our Fedora/ansible deployment and does not change completely to CN-machine-group's Ubuntu/salt-stack deployment)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/78Add lab computers to munin2019-12-19T12:59:26+01:00sg7149Add lab computers to muninLab computers are not connected with one person so there should be almost no privacy issue. But since they run for a long time without user interaction errors aren't observed quickly. Hence it makes sense to supervise them.Lab computers are not connected with one person so there should be almost no privacy issue. But since they run for a long time without user interaction errors aren't observed quickly. Hence it makes sense to supervise them.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/77IOC tasks2021-09-03T15:19:23+02:00sg7149IOC tasksSetup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git...Setup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git.scc.kit.edu
HostName git.scc.kit.edu
ProxyCommand ssh ${USER}@192.168.0.1 nc %h %p
```
(tested only for `~/.ssh/config`, yet.
* Add ssh-key-signature from gitlab to your known_hosts `/etc/ssh/ssh_known_hosts` (world readable) (not tested yet)
For each user on an IOC computer (e.g. caligula) one has to
* create the user `useradd $name -u $ID -G users -m`
* create ssh-key `ssh-keygen`
* ssh-copy-id to faulusyuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/76Create role for TGU experimental computer2020-02-29T23:58:13+01:00sg7149Create role for TGU experimental computer* [ ] docu https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/blob/master/setup-tgu-coputer.md
* [ ] service files/timer docu
* [x] /home/messuser/README
* [ ] /etc/systemd/system/...
* [ ] ~/.ssh/...
* [...* [ ] docu https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/blob/master/setup-tgu-coputer.md
* [ ] service files/timer docu
* [x] /home/messuser/README
* [ ] /etc/systemd/system/...
* [ ] ~/.ssh/...
* [ ] git checkout of all repos
* [ ] add users
* [ ] network confighttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/75Replace bwSync&Share with Nextcloud2020-05-15T09:54:00+02:00sg7149Replace bwSync&Share with NextcloudHost: lasXXX.las.kit.edu
OS: Fedora XX
Software name:
--------------
Nextcloud client for KIT's bwSync&Share
Date:
------
End of 2019
Software installation instruction if not in repos:
------------------------------------------------...Host: lasXXX.las.kit.edu
OS: Fedora XX
Software name:
--------------
Nextcloud client for KIT's bwSync&Share
Date:
------
End of 2019
Software installation instruction if not in repos:
--------------------------------------------------
Maybe at https://nextcloud.com/de/install/#install-clients with the URL: https://bwsyncandshare.kit.edu
Possibly also interesting for:
-------------------------------
http://help.bwsyncandshare.kit.edu/134.php
/cc @project-managerlp5884lp5884https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/71Fix EPICS role with Firewall at CS2021-09-03T15:29:41+02:00sg7149Fix EPICS role with Firewall at CSCSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --ad...CSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --add-source-port=5064/udp --permanent
sudo systemctl reload firewalld
```
**Ideas for better fixes**:
Add ANKA-VPN to internal-zone.
Or do a similar thing to the iptables rule:
```
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/70integrate ipa-healthcheck into munin2020-05-04T12:19:48+02:00sg7149integrate ipa-healthcheck into muninIntegrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.Integrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.