las-it-organisation issueshttps://git.scc.kit.edu/groups/las-it-organisation/-/issues2020-05-13T12:10:22+02:00https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/91Add networking to common role2020-05-13T12:10:22+02:00sg7149Add networking to common roleAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/90Autoupdate on lab computers2020-07-15T15:40:04+02:00sg7149Autoupdate on lab computersChange the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that ex...Change the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that expects certain behaviour not to change.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/77IOC tasks2021-09-03T15:19:23+02:00sg7149IOC tasksSetup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git...Setup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git.scc.kit.edu
HostName git.scc.kit.edu
ProxyCommand ssh ${USER}@192.168.0.1 nc %h %p
```
(tested only for `~/.ssh/config`, yet.
* Add ssh-key-signature from gitlab to your known_hosts `/etc/ssh/ssh_known_hosts` (world readable) (not tested yet)
For each user on an IOC computer (e.g. caligula) one has to
* create the user `useradd $name -u $ID -G users -m`
* create ssh-key `ssh-keygen`
* ssh-copy-id to faulusyuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/71Fix EPICS role with Firewall at CS2021-09-03T15:29:41+02:00sg7149Fix EPICS role with Firewall at CSCSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --ad...CSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --add-source-port=5064/udp --permanent
sudo systemctl reload firewalld
```
**Ideas for better fixes**:
Add ANKA-VPN to internal-zone.
Or do a similar thing to the iptables rule:
```
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/70integrate ipa-healthcheck into munin2020-05-04T12:19:48+02:00sg7149integrate ipa-healthcheck into muninIntegrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.Integrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/65script to add ipa-replica to dns2020-05-04T12:21:08+02:00sg7149script to add ipa-replica to dnsScript the change of the DNS entries for a new IPA replica.
Add the SRV entries to DNSVS
See [IPA docu](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide...Script the change of the DNS entries for a new IPA replica.
Add the SRV entries to DNSVS
See [IPA docu](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/creating-the-replica) and the [NETVS docu](https://www-net-doku.scc.kit.edu/webapi/release/intro/)
```
_ldap._tcp
_kerberos._tcp
_kerberos._udp
_kerberos-master._tcp
_kerberos-master._udp
_ntp._udp
_kpasswd._tcp
_kpasswd._udp
```Network movehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/64automate adding of hosts2021-09-03T15:31:05+02:00sg7149automate adding of hostsUse the DNSVS-api to add the host also to the DNS
* sshfsUse the DNSVS-api to add the host also to the DNS
* sshfshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/53sublime-merge2019-02-08T20:48:36+01:00sg7149sublime-mergehttps://www.sublimemerge.com/docs/linux_repositories#dnf
might be a software that is useful for new git users and those who prefer GUIs over CLI and do not use IDEs (PyCharm) either.https://www.sublimemerge.com/docs/linux_repositories#dnf
might be a software that is useful for new git users and those who prefer GUIs over CLI and do not use IDEs (PyCharm) either.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/50New name for new hardware2019-02-22T18:44:15+01:00sg7149New name for new hardware@ue5734 Choose a new name for Maisui's new computer.
**Decision:** 'Pepe' (making temporary solution permanent)@ue5734 Choose a new name for Maisui's new computer.
**Decision:** 'Pepe' (making temporary solution permanent)ue5734ue5734https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/45Create test infrastructure for ansible2021-09-03T15:41:08+02:00sg7149Create test infrastructure for ansibleTest ansible roles with GitLab-CI.
[ ] CI runners that start a new Docker of the currently supported Fedoras and run `sites.yml`Test ansible roles with GitLab-CI.
[ ] CI runners that start a new Docker of the currently supported Fedoras and run `sites.yml`https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/40Create the default directory structure2021-09-14T17:15:53+02:00sg7149Create the default directory structureFor new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.For new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/37Docker Gitlab-CI runner2021-09-03T15:49:17+02:00sg7149Docker Gitlab-CI runner* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compil...* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compilation of a document
* [ ] Python: linting PEP-8 or formatting with yapf
* [ ] shell: run shellcheck
* [ ] Document how to use the CI
* [ ] For the owner of the repo
* [ ] For a user who might be confused about merge requests or push commands being rejected
Things to discuss:
* Worth it?
* las126 or las101
* install runner on all clients? That would be a much bigger task imho.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/35Icinga2021-09-03T15:49:56+02:00sg7149IcingaHost: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
-----------------------------------------------...Host: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
--------------------------------------------------
* Temperatures
* HDD live and
* Load
* Network connectivity are very simple to install as far as I know.
Status of our services
* DHCPd
More difficult/not implemented yet, but basic features might be detectable with other modules:
* IPA functionality
Probably there are already roles in the ansible-Galaxy.
Possibly also interesting for:
-------------------------------
Clients as Opt-In, because it causes privacy issues (admins can see for how long the computer was turned on and how long a user was logged in, to name just a few)
User stories (kind of):
-----------------------
Clients:
* The user starts a job on his computer and he cannot log-in at the next morning. Is the computer gone for good? Is it just still to busy to take care of things like the log-in-manager? Are the hard-drives gone, because of the room heated up? -> Get hints of the cause of the problem.
* The user cannot log-in. Maybe IPA the network is down and therefore she cannot log-in, maybe IPA is down, maybe she just typed a wrong password.
Server:
* IPA went down and nobody notices it, because sssd caches it and no log-in errors occurred until half a year later. Then one can find out, since when IPA was not working and if a update might have triggered it. Or one can prevent it in the first place, by regularly monitoring the monitoring software.
* DHCPd went down and nobody notices it, because the workstations work with fixed IPs
* Docker GitLab-runner do not work and jobs have to fail to recognize it. Maybe an system update caused this and not a reboot without autostart.
* sharelatex is down and one gets a mail/call from CN, because they want to collaborate on a paper that needs to be submitted the next day.
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/33Add GitLab backup script to a ansible role2021-09-03T15:50:44+02:00sg7149Add GitLab backup script to a ansible rolesg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/27PyCharm comunity2021-09-03T15:52:43+02:00sg7149PyCharm comunityLet the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/Let the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/24Labview2021-09-03T15:53:21+02:00sg7149LabviewHost: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-----------------...Host: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-------------------------------
M. Fischer
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/22Run ansible as root with certificats2020-05-04T12:32:11+02:00sg7149Run ansible as root with certificatsRun ansible as root to avoid sudo-timeouts on slow hard disks.
* [x] certificate for root on one host
* [x] root login via ssh
* [ ] edit tasks not to use become any longer?Run ansible as root to avoid sudo-timeouts on slow hard disks.
* [x] certificate for root on one host
* [x] root login via ssh
* [ ] edit tasks not to use become any longer?https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/15Provision new user rule2021-09-03T15:58:06+02:00sg7149Provision new user ruleRolle zum Anlegen und Entfernen von neuen Nutzern.
* [ ] JIRA-Ticket für Confluence-User https://docs.ansible.com/ansible/latest/jira_module.html (u-Kürzel)
* [ ] FreeIPA-Account (Nachname)
Leider noch nicht automatisierbar sind Sympa ...Rolle zum Anlegen und Entfernen von neuen Nutzern.
* [ ] JIRA-Ticket für Confluence-User https://docs.ansible.com/ansible/latest/jira_module.html (u-Kürzel)
* [ ] FreeIPA-Account (Nachname)
Leider noch nicht automatisierbar sind Sympa und GitLab-Gruppen-Angehörigkeit
Bitte auch mit issue #13 abstimmenhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/13Bootstrap wrapper script2021-09-03T15:58:06+02:00sg7149Bootstrap wrapper scriptA script that bootstraps the ansible installation of a host.
* Create the files in `host_vars` and edit `hosts`
Might interfere with issues #10 and #4 and with the `add_host.sh` script of the documentation repositoryA script that bootstraps the ansible installation of a host.
* Create the files in `host_vars` and edit `hosts`
Might interfere with issues #10 and #4 and with the `add_host.sh` script of the documentation repositoryhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/12ripgrep for other OSes2020-08-24T17:47:12+02:00sg7149ripgrep for other OSes* ripgrep role for CentOS und Ubuntu
* make copr installation idempotent* ripgrep role for CentOS und Ubuntu
* make copr installation idempotent