Commit 04a27706 authored by julian.gethmann's avatar julian.gethmann
Browse files

Fix many smaller errors

* LaTeX rule still seems not to be that stable, therefore removed from
site.yml
* Rename all versions to lasarchiv1 to be consistent
* Update SSH playbook of common rule to open the ports in the firewall
parent 9596c3b1
...@@ -23,7 +23,6 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest ...@@ -23,7 +23,6 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* common.yml: basic configuration for all LAS/NSQ computers * common.yml: basic configuration for all LAS/NSQ computers
* clients.yml: all computers not acting as a server (only) * clients.yml: all computers not acting as a server (only)
* desktop.yml: all desktop computers including laptops (having X11/Wayland) * desktop.yml: all desktop computers including laptops (having X11/Wayland)
* latex.yml: basic LaTeX installation (KIT classes not yet)
* python.yml: basic python_stack for scientific Python usage (including fitting) * python.yml: basic python_stack for scientific Python usage (including fitting)
* ipynb.yml: IPython/Jupyter notebook * ipynb.yml: IPython/Jupyter notebook
* MAD-8: MAD 8 inofficial build for Fedora * MAD-8: MAD 8 inofficial build for Fedora
...@@ -32,6 +31,7 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest ...@@ -32,6 +31,7 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* lasarchiv: client side mount las126/las-archiv1 * lasarchiv: client side mount las126/las-archiv1
* opera.yml: Cobham's Opera3d (client) * opera.yml: Cobham's Opera3d (client)
* admin.yml: tools for administrators * admin.yml: tools for administrators
* latex.yml: basic LaTeX installation (KIT classes not yet)
# Develope new roles, extend or modify existing ones and update roles for new software # Develope new roles, extend or modify existing ones and update roles for new software
......
...@@ -2,4 +2,4 @@ ansible_user: gethmann ...@@ -2,4 +2,4 @@ ansible_user: gethmann
user_account: gethmann user_account: gethmann
ip_suffix: 113 ip_suffix: 113
loc: 618 loc: 618
os: Fedora 24 os: Fedora 25
ansible_connection: local # ansible_connection: local
ansible_user: gethmann ansible_user: gethmann
user_account: blomley user_account: blomley
ip_suffix: 118 ip_suffix: 118
......
ansible_connection: local # ansible_connection: local
ansible_user: gethmann ansible_user: gethmann
user_account: gethmann user_account: gethmann
ip_suffix: 122 ip_suffix: 122
loc: 621 loc: 621
os: Fedora 25
ansible_remote_user: gethmann ansible_user: gethmann
user_account: gethmann user_account: gethmann
ip_suffix: 126 ip_suffix: 126
loc: 618 loc: 618
os: Fedora 24 os: Fedora 25
...@@ -14,8 +14,10 @@ las118.las.kit.edu ...@@ -14,8 +14,10 @@ las118.las.kit.edu
las122.las.kit.edu las122.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
[las-archiv1] [lasarchiv]
las113.las.kit.edu las113.las.kit.edu
las126.las.kit.edu
las122.las.kit.edu
las93.las.kit.edu las93.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
...@@ -34,6 +36,7 @@ las113.las.kit.edu ...@@ -34,6 +36,7 @@ las113.las.kit.edu
[opera] [opera]
las113.las.kit.edu las113.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu las126.las.kit.edu
[mad8] [mad8]
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
tags: nfs-server tags: nfs-server
- hosts: las-archiv1 - hosts: lasarchiv
roles: roles:
- lasarchiv - lasarchiv
tags: nfs-clients tags: nfs-clients
--- ---
- name: enable sshd - name: enable sshd
become: yes become: yes
service: name=sshd enabled=yes service:
name: sshd
enabled: yes
- name: restart sshd - name: restart sshd
become: yes become: yes
service: name=sshd state=restarted service:
name: sshd
state: restarted
- name: reload sshd - name: reload sshd
become: yes become: yes
service: name=sshd state=reloaded service:
name: sshd
state: reloaded
- name: start sshd - name: start sshd
become: yes become: yes
service: name=sshd state=started service:
name: sshd
state: started
- name: enable ntp - name: enable ntp
become: yes become: yes
service: name=ntpdate enabled=yes service:
name: ntpdate
enabled: yes
- name: start ntp - name: start ntp
become: yes become: yes
service: name=ntpdate state=started service:
name: ntpdate
state: started
- name: update-ca-trust - name: update-ca-trust
become: yes become: yes
...@@ -30,3 +42,27 @@ ...@@ -30,3 +42,27 @@
- name: lock root user - name: lock root user
become: yes become: yes
command: passwd -l root command: passwd -l root
- name: reload firewalld
become: yes
service:
name: firewalld
state: reloaded
- name: restart firewalld
become: yes
service:
name: firewalld
state: restarted
- name: enable ufw
become: yes
service:
name: ufw
state: enabled
- name: restart ufw
become: yes
service:
name: ufw
state: restarted
--- ---
- name: install needed network manager libs - name: install needed network manager libs
become: yes
dnf: dnf:
name: '{{ item }}' name: '{{ item }}'
state: installed state: installed
become: yes
with_items: with_items:
- NetworkManager-glib - NetworkManager-glib
- libnm-qt-devel.x86_64 - libnm-qt-devel.x86_64
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
# type: ethernet # type: ethernet
- name: set hostname - name: set hostname
become: yes
hostname: hostname:
name: "las{{ ip_suffix }}.las.kit.edu" name: "las{{ ip_suffix }}.las.kit.edu"
become: yes
--- ---
- name: Installed sshd - name: Installed sshd
package: state=installed name=openssh-server
become: yes become: yes
package:
state: installed
name: openssh-server
- name: install firewalld
become: yes
package:
name: python-firewall
state: installed
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
- name: Open port 22 on Fedora/CentOS
become: yes
firewalld:
port: 22/tcp
state: enabled
permanent: true
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
notify:
- reload firewalld
- restart firewalld
- name: Open port 22 on Ubuntu
become: yes
ufw:
name: OpenSSH
rule: allow
notify:
- reload ufw
- enable ufw
when: ansible_distribution == "Ubuntu"
- name: Disable empty password login - name: Disable empty password login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitEmptyPasswords.*" line="PermitEmptyPasswords no" backup=yes
notify: restart sshd
become: yes become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitEmptyPasswords.*"
line: "PermitEmptyPasswords no"
backup: yes
notify: restart sshd
- name: Disable remote root login - name: Disable remote root login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitRootLogin.*" line="PermitRootLogin no" backup=yes
notify: restart sshd
become: yes become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitRootLogin.*"
line: "PermitRootLogin no"
backup: yes
notify: restart sshd
- name: Enable tunnel - name: Enable tunnel
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitTunnel.*" line="PermitTunnel yes" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitTunnel.*"
line: "PermitTunnel yes"
backup: yes
notify: notify:
- enable sshd - enable sshd
- restart sshd - restart sshd
...@@ -24,11 +68,19 @@ ...@@ -24,11 +68,19 @@
# command: chkconfig sshd on # command: chkconfig sshd on
- name: Add curves - name: Add curves
lineinfile: dest=/etc/ssh/sshd_config regexp="HostKey.*ed25519.*" line="HostKey /etc/ssh/ssh_host_ed25519_key" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: "HostKey.*ed25519.*"
line: "HostKey /etc/ssh/ssh_host_ed25519_key"
backup: yes
notify: restart sshd notify: restart sshd
become: yes become: yes
- name: enable PAM - name: enable PAM
lineinfile: dest=/etc/ssh/sshd_config regexp=".*UsePAM .*" line="UsePAM yes" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*UsePAM .*"
line: "UsePAM yes"
backup: yes
become: yes become: yes
notify: restart sshd notify: restart sshd
...@@ -4,3 +4,4 @@ ...@@ -4,3 +4,4 @@
package: name=* state=latest package: name=* state=latest
tags: tags:
- skip_ansible_lint - skip_ansible_lint
when: ansible_distribution != "Ubuntu"
--- ---
dependencies: dependencies:
- { role: lasarchiv } - { role: lasarchiv }
- { role: client } - { role: clients }
...@@ -14,8 +14,8 @@ ...@@ -14,8 +14,8 @@
#- include: update.yml #- include: update.yml
- include: desktop.yml - include: desktop.yml
tags: admin tags: admin
- include: latex.yml #- include: latex.yml
tags: latex # tags: latex
- include: kdev.yml - include: kdev.yml
tags: kdev tags: kdev
- include: python.yml - include: python.yml
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment