32-0-IT instructions and rules issueshttps://git.scc.kit.edu/groups/las-it-organisation/32-0-IT-InstructionsAndRules/-/issues2020-05-04T12:33:50+02:00https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/4ansible-pull2020-05-04T12:33:50+02:00sg7149ansible-pullUpdate documentation on ansible-pullUpdate documentation on ansible-pullsg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/2CUPS printer in ansible2018-03-31T01:10:47+02:00sg7149CUPS printer in ansibleprinting does not work since Fedora 24 upgrade and running client role nor with KDE print menu (this may be an root locked password issue)
io/hpmud/jd.c 93: unable to read device-id
Jul 20 22:34:07 las113.las.kit.edu hp[26249]: prnt/...printing does not work since Fedora 24 upgrade and running client role nor with KDE print menu (this may be an root locked password issue)
io/hpmud/jd.c 93: unable to read device-id
Jul 20 22:34:07 las113.las.kit.edu hp[26249]: prnt/backend/hp.c 825: INFO: open device failed stat=12: hp:/net/HP_LaserJet_P2015_Series?zc=NPI8A10C3; will retry in 30 seconds...
sg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/1ExFat USB-Sticks2018-03-31T01:09:52+02:00sg7149ExFat USB-SticksExFAT doesn't work out of the box on Fedora.
Create tasks for client role to fix this.
Just installing exfat-utils.x86_64 didn't fix it. Probably one needs the FUSE stuff as well and then reboot/load kernel modules.ExFAT doesn't work out of the box on Fedora.
Create tasks for client role to fix this.
Just installing exfat-utils.x86_64 didn't fix it. Probably one needs the FUSE stuff as well and then reboot/load kernel modules.sg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/24Labview2021-09-03T15:53:21+02:00sg7149LabviewHost: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-----------------...Host: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-------------------------------
M. Fischer
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/25texlive package names might change in future Fedora releases2021-09-03T14:43:48+02:00sg7149texlive package names might change in future Fedora releasesFedora 27 does not use the current stable TexLive version 2017.
For the next Fedora release the names of the texlive packages might change, because there is an [issue about renaming](https://bugzilla.redhat.com/show_bug.cgi?id=1505342) f...Fedora 27 does not use the current stable TexLive version 2017.
For the next Fedora release the names of the texlive packages might change, because there is an [issue about renaming](https://bugzilla.redhat.com/show_bug.cgi?id=1505342) from `texlive` into `texlive-base` and `texlive`.
Test via copr:
```
dnf copr enable spot/texlive
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/26EPICS_CA_ADDR_LIST hard is coded2020-02-24T17:39:28+01:00sg7149EPICS_CA_ADDR_LIST hard is codedCalling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las115
Summary
-------
Because the EPICS_CA_ADDR_LIST is hard coded for KARA in the `profile.d` file it is not practical for the Jena/TGU setup.
What is the current bug beh...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las115
Summary
-------
Because the EPICS_CA_ADDR_LIST is hard coded for KARA in the `profile.d` file it is not practical for the Jena/TGU setup.
What is the current bug behavior?
---------------------------------
The environment variable `EPICS_CA_ADDR_LIST` is set to a server that is responsible for the KARA PVs, but not depending on the use-case for KARA, FLUTE or JENA/TGU.
What is the expected correct behaviour?
---------------------------------------
The variable should be like it is for a KARA role, and different or not set for a JENA/TGU role.
Iff it is not set, it should be noted in the docu and as a `msg`.
Possible fixes
--------------
Create a role for KARA/CSS and a role for Jena/TGU control system and one without it being set.
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/27PyCharm comunity2021-09-03T15:52:43+02:00sg7149PyCharm comunityLet the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/Let the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/28firewalld not working on Fedora 282020-02-24T17:37:09+01:00sg7149firewalld not working on Fedora 28Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las118
Summary
-------
All rules that work with the `firewalld` module do not work with Fedora 28, because the firewalld module depends on `python-firewalld` and does not wor...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las118
Summary
-------
All rules that work with the `firewalld` module do not work with Fedora 28, because the firewalld module depends on `python-firewalld` and does not work with `python3-firewalld` as partly documented in the [documentation](https://docs.ansible.com/ansible/latest/modules/firewalld_module.html)
Steps to reproduce
------------------
Try to run the sshd task of the common role
What is the current bug behavior?
---------------------------------
The role stops at task `common : Open port 22 on Fedora/CentOS`
What is the expected correct behaviour?
---------------------------------------
The role common runs and the firewall opens port 22 for ssh.
Relevant logs and/or screenshots
--------------------------------
```
fatal: [las118.las.kit.edu]: FAILED! => {
"changed": false,
"module_stderr": "OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/gethmann/.ssh/config\r\ndebug1: /home/gethmann/.ssh/config line 124: Applying options for *\r\ndebug1: /home/gethmann/.ssh/config line 128: Deprecated option \"useroaming\"\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 4 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 25187\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to las118.las.kit.edu closed.\r\n",
"module_stdout": "\r\nTraceback (most recent call last):\r\n File \"/tmp/ansible_VyTTtl/ansible_module_firewalld.py\", line 1017, in <module>\r\n main()\r\n File \"/tmp/ansible_VyTTtl/ansible_module_firewalld.py\", line 811, in main\r\n if fw_offline:\r\nNameError: global name 'fw_offline' is not defined\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
```
Possible fixes
--------------
Search for other ways (iptables) to open the port. Just as a work-around till Python 3 is supported.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/29opera_manager fails starting2018-06-07T15:38:00+02:00sg7149opera_manager fails startingFailing nodes: las113 (Fedora 27)
Summary
-------
`opera_manager` did not start.
Steps to reproduce
------------------
run `opera_manager` in the terminal
What is the current bug behavior?
---------------------------------
Fails ...Failing nodes: las113 (Fedora 27)
Summary
-------
`opera_manager` did not start.
Steps to reproduce
------------------
run `opera_manager` in the terminal
What is the current bug behavior?
---------------------------------
Fails with error message
What is the expected correct behaviour?
---------------------------------------
Opera starts
Relevant logs and/or screenshots
--------------------------------
```
~ opera_manager
/usr/local/share/Opera_18R2/code/bin/opera_manager: error while loading shared libraries: libpcre16.so.0: cannot open shared object file: No such file or directory
```
Possible fixes
--------------
Install `pcre-utf16`
/cc @gethmannsg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/30Opera HTML Manual is not readable2021-09-03T15:51:45+02:00ll5790Opera HTML Manual is not readableCalling host: las118.las.kit.edu (Fedora 28)
Failing nodes: las118
Summary
-------
Oper Manual owned by root: Opera can not open the file.
Steps to reproduce
------------------
Opera -> Help Manual (HTML)
What is the current bug ...Calling host: las118.las.kit.edu (Fedora 28)
Failing nodes: las118
Summary
-------
Oper Manual owned by root: Opera can not open the file.
Steps to reproduce
------------------
Opera -> Help Manual (HTML)
What is the current bug behavior?
---------------------------------
see above.
What is the expected correct behaviour?
---------------------------------------
Open Manual in Browser.
Possible fixes
--------------
Change reading rights: Grant access.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/31DHCPd on Ubuntu validation fails2020-02-24T17:34:58+01:00sg7149DHCPd on Ubuntu validation failsCalling host: las126.las.kit.edu (Fedora 27)
Failing nodes: las93
Summary
-------
The validation of the DHCPd config fails on Ubuntu (Lab computer).
There is at least one person experiencing the same issue,
https://superuser.com/quest...Calling host: las126.las.kit.edu (Fedora 27)
Failing nodes: las93
Summary
-------
The validation of the DHCPd config fails on Ubuntu (Lab computer).
There is at least one person experiencing the same issue,
https://superuser.com/questions/1286948/ansible-template-validation-fails-on-isc-dhcp-server , but no answer so far.
The file is not copied and the task aborts.
Steps to reproduce
------------------
Run the lab role with `validate: "{{ bin_path }} -t -cf %s"` activated.
What is the current bug behavior?
---------------------------------
The role fails and the files `host-list-maglab` and `dhcpd.conf` are not copied to the node.
What is the expected correct behaviour?
---------------------------------------
The task succeeds and the dhcpd.conf and the decrypted host-list-maglab file are at the node.
Relevant logs and/or screenshots
--------------------------------
```
failed: [las93.las.kit.edu] (item=maglab.hosts) => {"changed": false, "checksum": "6ba7f7faa00e05e763266888a31054cc20a58909", "exit_status": 1, "item": "maglab.hosts", "msg": "failed to validate", "stderr": "Internet Systems Consortium DHCP Server 4.2.4\nCopyright 2004-2012 Internet Systems Consortium.\nAll rights reserved.\nFor info, please visit https://www.isc.org/software/dhcp/\nCan't open /root/.ansible/tmp/ansible-tmp-1528358315.88-158600528943595/source: Permission denied\n", "stderr_lines": ["Internet Systems Consortium DHCP Server 4.2.4", "Copyright 2004-2012 Internet Systems Consortium.", "All rights reserved.", "For info, please visit https://www.isc.org/software/dhcp/", "Can't open /root/.ansible/tmp/ansible-tmp-1528358315.88-158600528943595/source: Permission denied"], "stdout": "", "stdout_lines": []}
failed: [las93.las.kit.edu] (item=dhcpd.conf) => {"changed": false, "checksum": "c8f8782d9486025107e622108f35cbea7f6da629", "exit_status": 1, "item": "dhcpd.conf", "msg": "failed to validate", "stderr": "Internet Systems Consortium DHCP Server 4.2.4\nCopyright 2004-2012 Internet Systems Consortium.\nAll rights reserved.\nFor info, please visit https://www.isc.org/software/dhcp/\nCan't open /root/.ansible/tmp/ansible-tmp-1528358317.34-230984934434610/source: Permission denied\n", "stderr_lines": ["Internet Systems Consortium DHCP Server 4.2.4", "Copyright 2004-2012 Internet Systems Consortium.", "All rights reserved.", "For info, please visit https://www.isc.org/software/dhcp/", "Can't open /root/.ansible/tmp/ansible-tmp-1528358317.34-230984934434610/source: Permission denied"], "stdout": "", "stdout_lines": []}
```
Possible fixes
--------------
Work around: Check the validity at your own host and don't use the validity check on the node.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/32sshd template causes error2020-05-04T12:30:17+02:00sg7149sshd template causes errorCalling host: las113.las.kit.edu (Fedora 27)
Failing nodes: localhost -i local
Summary
-------
ansible fails with an error message in the firewalld role complaining about syntax errors.
Steps to reproduce
------------------
run `an...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: localhost -i local
Summary
-------
ansible fails with an error message in the firewalld role complaining about syntax errors.
Steps to reproduce
------------------
run `ansible-playbook latex.yml -l localhost --vault-id @prompt -K -i local`
What is the current bug behavior?
---------------------------------
fails with an error on my Fedora 27. Might work on Fedora 28.
What is the expected correct behaviour?
---------------------------------------
continue and install a proper sshd config
Relevant logs and/or screenshots
--------------------------------
```
TASK [common : install firewalld] ******************************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "The conditional check '((ansible_distribution == \"Fedora\" and ansible_distribution_major_version < 28) or (ansible_distribution == \"CentOS\" and ansible_distribution_major_version >= 7))' failed. The error was: Unexpected templating type error occurred on ({% if ((ansible_distribution == \"Fedora\" and ansible_distribution_major_version < 28) or (ansible_distribution == \"CentOS\" and ansible_distribution_major_version >= 7)) %} True {% else %} False {% endif %}): '<' not supported between instances of 'AnsibleUnsafeText' and 'int'\n\nThe error appears to have been in '/home/gethmann/ansible/ansible/roles/common/tasks/sshd.yml': line 8, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: install firewalld\n ^ here\n"}
```
Possible fixes
--------------
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/33Add GitLab backup script to a ansible role2021-09-03T15:50:44+02:00sg7149Add GitLab backup script to a ansible rolesg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/34Printer defaults to single page printing2020-08-24T17:43:49+02:00sg7149Printer defaults to single page printingFailing nodes: las113, las118 (Fedora 27, 28)
Summary
-------
Default for printing is no-duplex
Steps to reproduce
------------------
Print file from okular
What is the expected correct behaviour?
---------------------------------...Failing nodes: las113, las118 (Fedora 27, 28)
Summary
-------
Default for printing is no-duplex
Steps to reproduce
------------------
Print file from okular
What is the expected correct behaviour?
---------------------------------------
Duplex, long-edge as default.
Possible fixes
--------------
Either edit the files in the `client` role appropriately or change the default settings locally in CUPS (https://localhost:631) via KDE's printing dialogue and diff the files with the aforementioned.
/cc @gethmann @xr4779https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/35Icinga2021-09-03T15:49:56+02:00sg7149IcingaHost: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
-----------------------------------------------...Host: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
--------------------------------------------------
* Temperatures
* HDD live and
* Load
* Network connectivity are very simple to install as far as I know.
Status of our services
* DHCPd
More difficult/not implemented yet, but basic features might be detectable with other modules:
* IPA functionality
Probably there are already roles in the ansible-Galaxy.
Possibly also interesting for:
-------------------------------
Clients as Opt-In, because it causes privacy issues (admins can see for how long the computer was turned on and how long a user was logged in, to name just a few)
User stories (kind of):
-----------------------
Clients:
* The user starts a job on his computer and he cannot log-in at the next morning. Is the computer gone for good? Is it just still to busy to take care of things like the log-in-manager? Are the hard-drives gone, because of the room heated up? -> Get hints of the cause of the problem.
* The user cannot log-in. Maybe IPA the network is down and therefore she cannot log-in, maybe IPA is down, maybe she just typed a wrong password.
Server:
* IPA went down and nobody notices it, because sssd caches it and no log-in errors occurred until half a year later. Then one can find out, since when IPA was not working and if a update might have triggered it. Or one can prevent it in the first place, by regularly monitoring the monitoring software.
* DHCPd went down and nobody notices it, because the workstations work with fixed IPs
* Docker GitLab-runner do not work and jobs have to fail to recognize it. Maybe an system update caused this and not a reboot without autostart.
* sharelatex is down and one gets a mail/call from CN, because they want to collaborate on a paper that needs to be submitted the next day.
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/37Docker Gitlab-CI runner2021-09-03T15:49:17+02:00sg7149Docker Gitlab-CI runner* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compil...* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compilation of a document
* [ ] Python: linting PEP-8 or formatting with yapf
* [ ] shell: run shellcheck
* [ ] Document how to use the CI
* [ ] For the owner of the repo
* [ ] For a user who might be confused about merge requests or push commands being rejected
Things to discuss:
* Worth it?
* las126 or las101
* install runner on all clients? That would be a much bigger task imho.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/39nginx not listing directories correctly2021-09-03T15:45:15+02:00sg7149nginx not listing directories correctlynginx returns 403 and logs "directory index of ... is forbidden".
Host: las101
e.g. for the RPM repo (lasrepo)nginx returns 403 and logs "directory index of ... is forbidden".
Host: las101
e.g. for the RPM repo (lasrepo)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/40Create the default directory structure2021-09-14T17:15:53+02:00sg7149Create the default directory structureFor new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.For new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/41Opera role fails on Fedora 292019-01-14T18:26:18+01:00sg7149Opera role fails on Fedora 29Calling host: las127.las.kit.edu (Fedora 29)
Failing nodes: las127
Summary
-------
Role fails with some hints on comparison operator and string.
Steps to reproduce
------------------
Try to run the opera-role on new Fedora 29 insta...Calling host: las127.las.kit.edu (Fedora 29)
Failing nodes: las127
Summary
-------
Role fails with some hints on comparison operator and string.
Steps to reproduce
------------------
Try to run the opera-role on new Fedora 29 installation
What is the current bug behaviour?
----------------------------------
Installation fails.
What is the expected correct behaviour?
---------------------------------------
Installation works
Relevant logs and/or screenshots
--------------------------------
/cc @gethmann @xr4779https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/42Fix nfs-server role2021-09-03T15:42:18+02:00sg7149Fix nfs-server roleThe server role has got syntax errors and therefore fails.
Tested on las115 and las127The server role has got syntax errors and therefore fails.
Tested on las115 and las127