ansible issueshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues2020-08-24T17:47:12+02:00https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/12ripgrep for other OSes2020-08-24T17:47:12+02:00sg7149ripgrep for other OSes* ripgrep role for CentOS und Ubuntu
* make copr installation idempotent* ripgrep role for CentOS und Ubuntu
* make copr installation idempotenthttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/13Bootstrap wrapper script2021-09-03T15:58:06+02:00sg7149Bootstrap wrapper scriptA script that bootstraps the ansible installation of a host.
* Create the files in `host_vars` and edit `hosts`
Might interfere with issues #10 and #4 and with the `add_host.sh` script of the documentation repositoryA script that bootstraps the ansible installation of a host.
* Create the files in `host_vars` and edit `hosts`
Might interfere with issues #10 and #4 and with the `add_host.sh` script of the documentation repositoryhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/14skipping of elegant SDDSToolKit fails on F WS 252017-10-09T13:05:30+02:00sg7149skipping of elegant SDDSToolKit fails on F WS 25Though this should be skipped (like it does, when using the debug module), it does not and therefore fails.
role: elegant/tasks/elegant.yml lines 44 onwards
computer: las-gethmann.las.kit.edu
```
TASK [elegant : install SDDSToolKit] ...Though this should be skipped (like it does, when using the debug module), it does not and therefore fails.
role: elegant/tasks/elegant.yml lines 44 onwards
computer: las-gethmann.las.kit.edu
```
TASK [elegant : install SDDSToolKit] ********************************************************************************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "failed": true, "module_stderr": "No handlers could be found for logger \"dnf\"\nTraceback (most recent call last):\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 534, in <module>\n main()\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 530, in main\n ensure(module, base, params['state'], params['name'], params['autoremove'])\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 364, in ensure\n _install_remote_rpms(base, filenames)\n File \"/tmp/ansible__ZtL8C/ansible_module_dnf.py\", line 322, in _install_remote_rpms\n pkgs.append(base.add_remote_rpm(filename))\n File \"/usr/lib/python2.7/site-packages/dnf/base.py\", line 925, in add_remote_rpm\n return self.sack.add_cmdline_package(path)\nIOError: Can not load RPM file: 26: u'3.5.1-1'}.fedora.25.x86_64.rpm.\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 0}
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/15Provision new user rule2021-09-03T15:58:06+02:00sg7149Provision new user ruleRolle zum Anlegen und Entfernen von neuen Nutzern.
* [ ] JIRA-Ticket für Confluence-User https://docs.ansible.com/ansible/latest/jira_module.html (u-Kürzel)
* [ ] FreeIPA-Account (Nachname)
Leider noch nicht automatisierbar sind Sympa ...Rolle zum Anlegen und Entfernen von neuen Nutzern.
* [ ] JIRA-Ticket für Confluence-User https://docs.ansible.com/ansible/latest/jira_module.html (u-Kürzel)
* [ ] FreeIPA-Account (Nachname)
Leider noch nicht automatisierbar sind Sympa und GitLab-Gruppen-Angehörigkeit
Bitte auch mit issue #13 abstimmenhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/16Fix latex role: handler mktexlsr2017-11-21T18:24:54+01:00sg7149Fix latex role: handler mktexlsr`mktexlsr` is not run correctly with the handler.
Package is not available immediately after installation, but after running `mktexlsr` as root (`$ sudo su ; # mktexlsr`)`mktexlsr` is not run correctly with the handler.
Package is not available immediately after installation, but after running `mktexlsr` as root (`$ sudo su ; # mktexlsr`)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/17Installation of neo2 support fail2017-11-21T18:24:54+01:00sg7149Installation of neo2 support fail```
TASK [latex : compile package docu] ********************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["pdflatex", "-interaction=nonstopmode", "uniinput.dtx"], "d...```
TASK [latex : compile package docu] ********************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["pdflatex", "-interaction=nonstopmode", "uniinput.dtx"], "delta": "0:00:00.044006", "end": "2017-11-07 17:44:07.041620", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-11-07 17:44:06.997614", "stderr": "", "stderr_lines": [], "stdout": "This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016) (preloaded format=pdflatex)\n restricted \\write18 enabled.\nentering extended mode\n! I can't find file `uniinput.dtx'.\n<*> uniinput.dtx\n \n(Press Enter to retry, or Control-D to exit)\nPlease type another input file name\n! Emergency stop.\n<*> uniinput.dtx\n \n! ==> Fatal error occurred, no output PDF file produced!\nTranscript written on texput.log.", "stdout_lines": ["This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016) (preloaded format=pdflatex)", " restricted \\write18 enabled.", "entering extended mode", "! I can't find file `uniinput.dtx'.", "<*> uniinput.dtx", " ", "(Press Enter to retry, or Control-D to exit)", "Please type another input file name", "! Emergency stop.", "<*> uniinput.dtx", " ", "! ==> Fatal error occurred, no output PDF file produced!", "Transcript written on texput.log."]}
```
and
```
TASK [latex : compile package] *************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": true, "cmd": ["latex", "uniinput.ins"], "delta": "0:00:00.047986", "end": "2017-11-07 17:44:07.256987", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-11-07 17:44:07.209001", "stderr": "", "stderr_lines": [], "stdout": "This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016) (preloaded format=latex)\n restricted \\write18 enabled.\nentering extended mode\n! I can't find file `uniinput.ins'.\n<*> uniinput.ins\n \n(Press Enter to retry, or Control-D to exit)\nPlease type another input file name: \n! Emergency stop.\n<*> uniinput.ins\n \nNo pages of output.\nTranscript written on texput.log.", "stdout_lines": ["This is pdfTeX, Version 3.14159265-2.6-1.40.17 (TeX Live 2016) (preloaded format=latex)", " restricted \\write18 enabled.", "entering extended mode", "! I can't find file `uniinput.ins'.", "<*> uniinput.ins", " ", "(Press Enter to retry, or Control-D to exit)", "Please type another input file name: ", "! Emergency stop.", "<*> uniinput.ins", " ", "No pages of output.", "Transcript written on texput.log."]}
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/18elegant for Fedora 272017-11-22T09:24:15+01:00sg7149elegant for Fedora 27No RPMs available yetNo RPMs available yethttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/19Opera depends on a user with access rights to las-archiv2021-09-03T15:55:28+02:00sg7149Opera depends on a user with access rights to las-archivAdd IPA client as a dependency in the meta. See #13 and #5
So atm it is only possible to install Opera on an already running system.Add IPA client as a dependency in the meta. See #13 and #5
So atm it is only possible to install Opera on an already running system.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/20ipynb fails2020-08-24T17:48:49+02:00sg7149ipynb fails```
RUNNING HANDLER [ipynb : activate ipywidgets] *****************************************************************************************
fatal: [las117.las.kit.edu]: FAILED! => {"changed": false, "cmd": "jupyter-nbextension enable --p...```
RUNNING HANDLER [ipynb : activate ipywidgets] *****************************************************************************************
fatal: [las117.las.kit.edu]: FAILED! => {"changed": false, "cmd": "jupyter-nbextension enable --py --sys-prefix widgetsnbextension", "failed": true, "msg": "[Errno 2] No such file or directory", "rc": 2}
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/21(KIT)Latex installation fails because of failing copy2020-08-24T17:49:50+02:00sg7149(KIT)Latex installation fails because of failing copyCalling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las117 (Fedora 27)
Summary
``with_glob`` fails when used with ``copy`` and ``tempdir``
Steps to reproduce
Run the KITLaTeX tasks.
What is the current bug behavior?
Task...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las117 (Fedora 27)
Summary
``with_glob`` fails when used with ``copy`` and ``tempdir``
Steps to reproduce
Run the KITLaTeX tasks.
What is the current bug behavior?
Task `hack Helvetica into KIT styles due to broken font installation` fails because `copy tex files` does not work.
What is the expected correct behavior?
Files are copied and the task can run.
Relevant logs and/or screenshots
```
TASK [latex : copy pdf files] *********************************************************************************************************
task path: /home/gethmann/ansible/ansible/roles/latex/tasks/KITLaTeX.yml:68
[WARNING]: Unable to find '/tmp/ansiEtob1c/doc/latex/KIT' in expected paths.
```
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/22Run ansible as root with certificats2020-05-04T12:32:11+02:00sg7149Run ansible as root with certificatsRun ansible as root to avoid sudo-timeouts on slow hard disks.
* [x] certificate for root on one host
* [x] root login via ssh
* [ ] edit tasks not to use become any longer?Run ansible as root to avoid sudo-timeouts on slow hard disks.
* [x] certificate for root on one host
* [x] root login via ssh
* [ ] edit tasks not to use become any longer?https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/23EPICS installation fails due to (invalid) certificates2021-09-03T15:53:58+02:00sg7149EPICS installation fails due to (invalid) certificatesCalling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las117
Summary
--------
epics role fails at installation/downloading of the files
Steps to reproduce
-------------------
run the `epics` role, e.g. by ``site.yml``
What is...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las117
Summary
--------
epics role fails at installation/downloading of the files
Steps to reproduce
-------------------
run the `epics` role, e.g. by ``site.yml``
What is the current bug behaviour?
----------------------------------
Role fails and EPICS will not install
What is the expected correct behavior?
---------------------------------------
Installation of epics
Relevant logs and/or screenshots
---------------------------------
```
TASK [epics : unarchived] ********************************************************************************************************************************************************
fatal: [las117.las.kit.edu]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for www.aps.anl.gov:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)."}
```
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/3ControlSystemStudio auf 126 fixen2018-02-08T18:06:06+01:00sg7149ControlSystemStudio auf 126 fixenJava wirft seit dem Upgrade auf Fedora 24 Fehler und CSS startet nicht.Java wirft seit dem Upgrade auf Fedora 24 Fehler und CSS startet nicht.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/8elegant/blas2020-08-24T17:50:17+02:00sg7149elegant/blasgescheit die key-Verwaltung lösengescheit die key-Verwaltung lösenhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/7dhcpd2018-05-23T09:40:35+02:00sg7149dhcpddhcpd server rolle für server und secondary einrichtendhcpd server rolle für server und secondary einrichtenhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/11Python role(s)2021-09-03T15:59:34+02:00sg7149Python role(s)Python stackPython stackhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/10ansible-pull service2018-06-07T15:51:08+02:00sg7149ansible-pull servicerun ansible-pull as a cronjob or a timed service.
Implement the rule for setup new hosts with this configrun ansible-pull as a cronjob or a timed service.
Implement the rule for setup new hosts with this confighttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/9EPICS (for Jena and KARA)2020-07-15T14:59:38+02:00sg7149EPICS (for Jena and KARA)* Rollen für EPICS
* [x] KARA
* [x] Jena-Messaufbau* Rollen für EPICS
* [x] KARA
* [x] Jena-Messaufbauhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/6nfs-server2018-06-07T15:49:47+02:00sg7149nfs-serverImplement rule for
* nfs-server
* lasarchiv1Implement rule for
* nfs-server
* lasarchiv1https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/5IPA-setup2020-05-04T12:34:48+02:00sg7149IPA-setupIPA setup in ansibleIPA setup in ansiblehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/4ansible-pull2020-05-04T12:33:50+02:00sg7149ansible-pullUpdate documentation on ansible-pullUpdate documentation on ansible-pullsg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/2CUPS printer in ansible2018-03-31T01:10:47+02:00sg7149CUPS printer in ansibleprinting does not work since Fedora 24 upgrade and running client role nor with KDE print menu (this may be an root locked password issue)
io/hpmud/jd.c 93: unable to read device-id
Jul 20 22:34:07 las113.las.kit.edu hp[26249]: prnt/...printing does not work since Fedora 24 upgrade and running client role nor with KDE print menu (this may be an root locked password issue)
io/hpmud/jd.c 93: unable to read device-id
Jul 20 22:34:07 las113.las.kit.edu hp[26249]: prnt/backend/hp.c 825: INFO: open device failed stat=12: hp:/net/HP_LaserJet_P2015_Series?zc=NPI8A10C3; will retry in 30 seconds...
sg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/1ExFat USB-Sticks2018-03-31T01:09:52+02:00sg7149ExFat USB-SticksExFAT doesn't work out of the box on Fedora.
Create tasks for client role to fix this.
Just installing exfat-utils.x86_64 didn't fix it. Probably one needs the FUSE stuff as well and then reboot/load kernel modules.ExFAT doesn't work out of the box on Fedora.
Create tasks for client role to fix this.
Just installing exfat-utils.x86_64 didn't fix it. Probably one needs the FUSE stuff as well and then reboot/load kernel modules.sg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/24Labview2021-09-03T15:53:21+02:00sg7149LabviewHost: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-----------------...Host: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-------------------------------
M. Fischer
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/25texlive package names might change in future Fedora releases2021-09-03T14:43:48+02:00sg7149texlive package names might change in future Fedora releasesFedora 27 does not use the current stable TexLive version 2017.
For the next Fedora release the names of the texlive packages might change, because there is an [issue about renaming](https://bugzilla.redhat.com/show_bug.cgi?id=1505342) f...Fedora 27 does not use the current stable TexLive version 2017.
For the next Fedora release the names of the texlive packages might change, because there is an [issue about renaming](https://bugzilla.redhat.com/show_bug.cgi?id=1505342) from `texlive` into `texlive-base` and `texlive`.
Test via copr:
```
dnf copr enable spot/texlive
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/26EPICS_CA_ADDR_LIST hard is coded2020-02-24T17:39:28+01:00sg7149EPICS_CA_ADDR_LIST hard is codedCalling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las115
Summary
-------
Because the EPICS_CA_ADDR_LIST is hard coded for KARA in the `profile.d` file it is not practical for the Jena/TGU setup.
What is the current bug beh...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las115
Summary
-------
Because the EPICS_CA_ADDR_LIST is hard coded for KARA in the `profile.d` file it is not practical for the Jena/TGU setup.
What is the current bug behavior?
---------------------------------
The environment variable `EPICS_CA_ADDR_LIST` is set to a server that is responsible for the KARA PVs, but not depending on the use-case for KARA, FLUTE or JENA/TGU.
What is the expected correct behaviour?
---------------------------------------
The variable should be like it is for a KARA role, and different or not set for a JENA/TGU role.
Iff it is not set, it should be noted in the docu and as a `msg`.
Possible fixes
--------------
Create a role for KARA/CSS and a role for Jena/TGU control system and one without it being set.
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/27PyCharm comunity2021-09-03T15:52:43+02:00sg7149PyCharm comunityLet the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/Let the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/28firewalld not working on Fedora 282020-02-24T17:37:09+01:00sg7149firewalld not working on Fedora 28Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las118
Summary
-------
All rules that work with the `firewalld` module do not work with Fedora 28, because the firewalld module depends on `python-firewalld` and does not wor...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las118
Summary
-------
All rules that work with the `firewalld` module do not work with Fedora 28, because the firewalld module depends on `python-firewalld` and does not work with `python3-firewalld` as partly documented in the [documentation](https://docs.ansible.com/ansible/latest/modules/firewalld_module.html)
Steps to reproduce
------------------
Try to run the sshd task of the common role
What is the current bug behavior?
---------------------------------
The role stops at task `common : Open port 22 on Fedora/CentOS`
What is the expected correct behaviour?
---------------------------------------
The role common runs and the firewall opens port 22 for ssh.
Relevant logs and/or screenshots
--------------------------------
```
fatal: [las118.las.kit.edu]: FAILED! => {
"changed": false,
"module_stderr": "OpenSSH_7.6p1, OpenSSL 1.1.0h-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/gethmann/.ssh/config\r\ndebug1: /home/gethmann/.ssh/config line 124: Applying options for *\r\ndebug1: /home/gethmann/.ssh/config line 128: Deprecated option \"useroaming\"\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 4 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 25187\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 1\r\nShared connection to las118.las.kit.edu closed.\r\n",
"module_stdout": "\r\nTraceback (most recent call last):\r\n File \"/tmp/ansible_VyTTtl/ansible_module_firewalld.py\", line 1017, in <module>\r\n main()\r\n File \"/tmp/ansible_VyTTtl/ansible_module_firewalld.py\", line 811, in main\r\n if fw_offline:\r\nNameError: global name 'fw_offline' is not defined\r\n",
"msg": "MODULE FAILURE",
"rc": 1
}
```
Possible fixes
--------------
Search for other ways (iptables) to open the port. Just as a work-around till Python 3 is supported.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/29opera_manager fails starting2018-06-07T15:38:00+02:00sg7149opera_manager fails startingFailing nodes: las113 (Fedora 27)
Summary
-------
`opera_manager` did not start.
Steps to reproduce
------------------
run `opera_manager` in the terminal
What is the current bug behavior?
---------------------------------
Fails ...Failing nodes: las113 (Fedora 27)
Summary
-------
`opera_manager` did not start.
Steps to reproduce
------------------
run `opera_manager` in the terminal
What is the current bug behavior?
---------------------------------
Fails with error message
What is the expected correct behaviour?
---------------------------------------
Opera starts
Relevant logs and/or screenshots
--------------------------------
```
~ opera_manager
/usr/local/share/Opera_18R2/code/bin/opera_manager: error while loading shared libraries: libpcre16.so.0: cannot open shared object file: No such file or directory
```
Possible fixes
--------------
Install `pcre-utf16`
/cc @gethmannsg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/30Opera HTML Manual is not readable2021-09-03T15:51:45+02:00ll5790Opera HTML Manual is not readableCalling host: las118.las.kit.edu (Fedora 28)
Failing nodes: las118
Summary
-------
Oper Manual owned by root: Opera can not open the file.
Steps to reproduce
------------------
Opera -> Help Manual (HTML)
What is the current bug ...Calling host: las118.las.kit.edu (Fedora 28)
Failing nodes: las118
Summary
-------
Oper Manual owned by root: Opera can not open the file.
Steps to reproduce
------------------
Opera -> Help Manual (HTML)
What is the current bug behavior?
---------------------------------
see above.
What is the expected correct behaviour?
---------------------------------------
Open Manual in Browser.
Possible fixes
--------------
Change reading rights: Grant access.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/31DHCPd on Ubuntu validation fails2020-02-24T17:34:58+01:00sg7149DHCPd on Ubuntu validation failsCalling host: las126.las.kit.edu (Fedora 27)
Failing nodes: las93
Summary
-------
The validation of the DHCPd config fails on Ubuntu (Lab computer).
There is at least one person experiencing the same issue,
https://superuser.com/quest...Calling host: las126.las.kit.edu (Fedora 27)
Failing nodes: las93
Summary
-------
The validation of the DHCPd config fails on Ubuntu (Lab computer).
There is at least one person experiencing the same issue,
https://superuser.com/questions/1286948/ansible-template-validation-fails-on-isc-dhcp-server , but no answer so far.
The file is not copied and the task aborts.
Steps to reproduce
------------------
Run the lab role with `validate: "{{ bin_path }} -t -cf %s"` activated.
What is the current bug behavior?
---------------------------------
The role fails and the files `host-list-maglab` and `dhcpd.conf` are not copied to the node.
What is the expected correct behaviour?
---------------------------------------
The task succeeds and the dhcpd.conf and the decrypted host-list-maglab file are at the node.
Relevant logs and/or screenshots
--------------------------------
```
failed: [las93.las.kit.edu] (item=maglab.hosts) => {"changed": false, "checksum": "6ba7f7faa00e05e763266888a31054cc20a58909", "exit_status": 1, "item": "maglab.hosts", "msg": "failed to validate", "stderr": "Internet Systems Consortium DHCP Server 4.2.4\nCopyright 2004-2012 Internet Systems Consortium.\nAll rights reserved.\nFor info, please visit https://www.isc.org/software/dhcp/\nCan't open /root/.ansible/tmp/ansible-tmp-1528358315.88-158600528943595/source: Permission denied\n", "stderr_lines": ["Internet Systems Consortium DHCP Server 4.2.4", "Copyright 2004-2012 Internet Systems Consortium.", "All rights reserved.", "For info, please visit https://www.isc.org/software/dhcp/", "Can't open /root/.ansible/tmp/ansible-tmp-1528358315.88-158600528943595/source: Permission denied"], "stdout": "", "stdout_lines": []}
failed: [las93.las.kit.edu] (item=dhcpd.conf) => {"changed": false, "checksum": "c8f8782d9486025107e622108f35cbea7f6da629", "exit_status": 1, "item": "dhcpd.conf", "msg": "failed to validate", "stderr": "Internet Systems Consortium DHCP Server 4.2.4\nCopyright 2004-2012 Internet Systems Consortium.\nAll rights reserved.\nFor info, please visit https://www.isc.org/software/dhcp/\nCan't open /root/.ansible/tmp/ansible-tmp-1528358317.34-230984934434610/source: Permission denied\n", "stderr_lines": ["Internet Systems Consortium DHCP Server 4.2.4", "Copyright 2004-2012 Internet Systems Consortium.", "All rights reserved.", "For info, please visit https://www.isc.org/software/dhcp/", "Can't open /root/.ansible/tmp/ansible-tmp-1528358317.34-230984934434610/source: Permission denied"], "stdout": "", "stdout_lines": []}
```
Possible fixes
--------------
Work around: Check the validity at your own host and don't use the validity check on the node.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/32sshd template causes error2020-05-04T12:30:17+02:00sg7149sshd template causes errorCalling host: las113.las.kit.edu (Fedora 27)
Failing nodes: localhost -i local
Summary
-------
ansible fails with an error message in the firewalld role complaining about syntax errors.
Steps to reproduce
------------------
run `an...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: localhost -i local
Summary
-------
ansible fails with an error message in the firewalld role complaining about syntax errors.
Steps to reproduce
------------------
run `ansible-playbook latex.yml -l localhost --vault-id @prompt -K -i local`
What is the current bug behavior?
---------------------------------
fails with an error on my Fedora 27. Might work on Fedora 28.
What is the expected correct behaviour?
---------------------------------------
continue and install a proper sshd config
Relevant logs and/or screenshots
--------------------------------
```
TASK [common : install firewalld] ******************************************************
fatal: [127.0.0.1]: FAILED! => {"msg": "The conditional check '((ansible_distribution == \"Fedora\" and ansible_distribution_major_version < 28) or (ansible_distribution == \"CentOS\" and ansible_distribution_major_version >= 7))' failed. The error was: Unexpected templating type error occurred on ({% if ((ansible_distribution == \"Fedora\" and ansible_distribution_major_version < 28) or (ansible_distribution == \"CentOS\" and ansible_distribution_major_version >= 7)) %} True {% else %} False {% endif %}): '<' not supported between instances of 'AnsibleUnsafeText' and 'int'\n\nThe error appears to have been in '/home/gethmann/ansible/ansible/roles/common/tasks/sshd.yml': line 8, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: install firewalld\n ^ here\n"}
```
Possible fixes
--------------
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/33Add GitLab backup script to a ansible role2021-09-03T15:50:44+02:00sg7149Add GitLab backup script to a ansible rolesg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/34Printer defaults to single page printing2020-08-24T17:43:49+02:00sg7149Printer defaults to single page printingFailing nodes: las113, las118 (Fedora 27, 28)
Summary
-------
Default for printing is no-duplex
Steps to reproduce
------------------
Print file from okular
What is the expected correct behaviour?
---------------------------------...Failing nodes: las113, las118 (Fedora 27, 28)
Summary
-------
Default for printing is no-duplex
Steps to reproduce
------------------
Print file from okular
What is the expected correct behaviour?
---------------------------------------
Duplex, long-edge as default.
Possible fixes
--------------
Either edit the files in the `client` role appropriately or change the default settings locally in CUPS (https://localhost:631) via KDE's printing dialogue and diff the files with the aforementioned.
/cc @gethmann @xr4779https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/35Icinga2021-09-03T15:49:56+02:00sg7149IcingaHost: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
-----------------------------------------------...Host: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
--------------------------------------------------
* Temperatures
* HDD live and
* Load
* Network connectivity are very simple to install as far as I know.
Status of our services
* DHCPd
More difficult/not implemented yet, but basic features might be detectable with other modules:
* IPA functionality
Probably there are already roles in the ansible-Galaxy.
Possibly also interesting for:
-------------------------------
Clients as Opt-In, because it causes privacy issues (admins can see for how long the computer was turned on and how long a user was logged in, to name just a few)
User stories (kind of):
-----------------------
Clients:
* The user starts a job on his computer and he cannot log-in at the next morning. Is the computer gone for good? Is it just still to busy to take care of things like the log-in-manager? Are the hard-drives gone, because of the room heated up? -> Get hints of the cause of the problem.
* The user cannot log-in. Maybe IPA the network is down and therefore she cannot log-in, maybe IPA is down, maybe she just typed a wrong password.
Server:
* IPA went down and nobody notices it, because sssd caches it and no log-in errors occurred until half a year later. Then one can find out, since when IPA was not working and if a update might have triggered it. Or one can prevent it in the first place, by regularly monitoring the monitoring software.
* DHCPd went down and nobody notices it, because the workstations work with fixed IPs
* Docker GitLab-runner do not work and jobs have to fail to recognize it. Maybe an system update caused this and not a reboot without autostart.
* sharelatex is down and one gets a mail/call from CN, because they want to collaborate on a paper that needs to be submitted the next day.
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/37Docker Gitlab-CI runner2021-09-03T15:49:17+02:00sg7149Docker Gitlab-CI runner* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compil...* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compilation of a document
* [ ] Python: linting PEP-8 or formatting with yapf
* [ ] shell: run shellcheck
* [ ] Document how to use the CI
* [ ] For the owner of the repo
* [ ] For a user who might be confused about merge requests or push commands being rejected
Things to discuss:
* Worth it?
* las126 or las101
* install runner on all clients? That would be a much bigger task imho.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/39nginx not listing directories correctly2021-09-03T15:45:15+02:00sg7149nginx not listing directories correctlynginx returns 403 and logs "directory index of ... is forbidden".
Host: las101
e.g. for the RPM repo (lasrepo)nginx returns 403 and logs "directory index of ... is forbidden".
Host: las101
e.g. for the RPM repo (lasrepo)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/40Create the default directory structure2021-09-14T17:15:53+02:00sg7149Create the default directory structureFor new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.For new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/41Opera role fails on Fedora 292019-01-14T18:26:18+01:00sg7149Opera role fails on Fedora 29Calling host: las127.las.kit.edu (Fedora 29)
Failing nodes: las127
Summary
-------
Role fails with some hints on comparison operator and string.
Steps to reproduce
------------------
Try to run the opera-role on new Fedora 29 insta...Calling host: las127.las.kit.edu (Fedora 29)
Failing nodes: las127
Summary
-------
Role fails with some hints on comparison operator and string.
Steps to reproduce
------------------
Try to run the opera-role on new Fedora 29 installation
What is the current bug behaviour?
----------------------------------
Installation fails.
What is the expected correct behaviour?
---------------------------------------
Installation works
Relevant logs and/or screenshots
--------------------------------
/cc @gethmann @xr4779https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/42Fix nfs-server role2021-09-03T15:42:18+02:00sg7149Fix nfs-server roleThe server role has got syntax errors and therefore fails.
Tested on las115 and las127The server role has got syntax errors and therefore fails.
Tested on las115 and las127https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/43ntp role fails2019-01-10T18:01:06+01:00sg7149ntp role failsCalling host: las126.las.kit.edu (Fedora 27)
Failing nodes: las115 (Fedora 29)
Summary
-------
(Summarize the bug encountered concisely)
Steps to reproduce
------------------
(How one can reproduce the issue - this is very importan...Calling host: las126.las.kit.edu (Fedora 27)
Failing nodes: las115 (Fedora 29)
Summary
-------
(Summarize the bug encountered concisely)
Steps to reproduce
------------------
(How one can reproduce the issue - this is very important)
What is the current bug behavior?
---------------------------------
(What actually happens)
What is the expected correct behaviour?
---------------------------------------
(What you should see instead)
Relevant logs and/or screenshots
--------------------------------
```
TASK [common : set time server] *************************************************************************************************************************************************************************************************************
ok: [las115.las.kit.edu]
TASK [common : insert SCC into ntp configuration] *******************************************************************************************************************************************************************************************
fatal: [las115.las.kit.edu]: FAILED! => {"changed": false, "msg": "Path /etc/ntp.conf does not exist !", "rc": 257}
to retry, use: --limit @/root/ansible/sites.retry
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
las115.las.kit.edu : ok=25 changed=1 unreachable=0 failed=1
```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/44latex fails2019-10-28T18:15:54+01:00sg7149latex failshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/45Create test infrastructure for ansible2021-09-03T15:41:08+02:00sg7149Create test infrastructure for ansibleTest ansible roles with GitLab-CI.
[ ] CI runners that start a new Docker of the currently supported Fedoras and run `sites.yml`Test ansible roles with GitLab-CI.
[ ] CI runners that start a new Docker of the currently supported Fedoras and run `sites.yml`https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/46Jabref missing on Fedora 292019-01-16T09:51:07+01:00sg7149Jabref missing on Fedora 29Fedora 29 does not provide jabref.
There is a package called jabref, but its dependency on `jempbox` is not fulfilled.
There are also known upstream bugs, blocking the current versions of jabref to work under Fedora 29:
https://help.jab...Fedora 29 does not provide jabref.
There is a package called jabref, but its dependency on `jempbox` is not fulfilled.
There are also known upstream bugs, blocking the current versions of jabref to work under Fedora 29:
https://help.jabref.org/en/Installation#fedora-and-openjdk
https://bugzilla.redhat.com/show_bug.cgi?id=1644712
https://github.com/JabRef/jabref/issues/4473https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/47NFS users dir2019-01-22T16:23:08+01:00sg7149NFS users dirCalling host: lasXXX.las.kit.edu (Fedora XX)
Failing nodes: las127
Summary
-------
NFS mount does not show new mounted `las-archiv1/users`
What is the current bug behavior?
---------------------------------
directory is empty
Wha...Calling host: lasXXX.las.kit.edu (Fedora XX)
Failing nodes: las127
Summary
-------
NFS mount does not show new mounted `las-archiv1/users`
What is the current bug behavior?
---------------------------------
directory is empty
What is the expected correct behaviour?
---------------------------------------
users directory (new disk) should also appear at /las-archiv1/users via NFS
Possible fixes
--------------
also export `/las-archiv1/users`
/cc @gethmann @lp5884lp5884lp5884https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/48OKI printer fails when used with evince2020-08-24T17:44:41+02:00sg7149OKI printer fails when used with evinceCalling host: las113.las.kit.edu (Fedora 29)
Summary
-------
When I try to print a PDF opened with evince, the OKI fails and needs a restart.
Steps to reproduce
------------------
Print e.g. [Github-Forking.pdf](/uploads/abfd6b7cc5b...Calling host: las113.las.kit.edu (Fedora 29)
Summary
-------
When I try to print a PDF opened with evince, the OKI fails and needs a restart.
Steps to reproduce
------------------
Print e.g. [Github-Forking.pdf](/uploads/abfd6b7cc5bc48e8b151901e9848be8a/Github-Forking.pdf) with evince. Duplex
What is the current bug behavior?
---------------------------------
Schwerer Ausnahmefehler ...
Bitte starten Sie den Drucker neu
What is the expected correct behaviour?
---------------------------------------
Works like it does in okular
Relevant logs and/or screenshots
--------------------------------
```
TODO
```
Possible workaround
-------------------
Just as a workaround: use okular instead of evince.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/50New name for new hardware2019-02-22T18:44:15+01:00sg7149New name for new hardware@ue5734 Choose a new name for Maisui's new computer.
**Decision:** 'Pepe' (making temporary solution permanent)@ue5734 Choose a new name for Maisui's new computer.
**Decision:** 'Pepe' (making temporary solution permanent)ue5734ue5734https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/52pyepics does not work on CN with Python 32019-02-14T15:21:55+01:00sg7149pyepics does not work on CN with Python 3pyepics is not importable with Python 3
@ucegg : I cannot reproduce this behaviour, so please elaborate on this issue.
My try shows the following expected behaviour:
```
messuser@las94:~$ python2
Python 2.7.15 (default, Oct 15 2018, 18...pyepics is not importable with Python 3
@ucegg : I cannot reproduce this behaviour, so please elaborate on this issue.
My try shows the following expected behaviour:
```
messuser@las94:~$ python2
Python 2.7.15 (default, Oct 15 2018, 18:36:25)
[GCC 7.3.1 20180712 (Red Hat 7.3.1-6)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import epics
>>> exit()
messuser@las94:~$ python3
Python 3.6.6 (default, Jul 19 2018, 16:29:00)
[GCC 7.3.1 20180303 (Red Hat 7.3.1-5)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import epics
>>> exit()
```
and not an `ImportError`https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/53sublime-merge2019-02-08T20:48:36+01:00sg7149sublime-mergehttps://www.sublimemerge.com/docs/linux_repositories#dnf
might be a software that is useful for new git users and those who prefer GUIs over CLI and do not use IDEs (PyCharm) either.https://www.sublimemerge.com/docs/linux_repositories#dnf
might be a software that is useful for new git users and those who prefer GUIs over CLI and do not use IDEs (PyCharm) either.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/54Unable to login via sddm2020-03-01T01:07:22+01:00sg7149Unable to login via sddmFailing nodes: las115
Summary
-------
One IPA only user cannot login via the login-manager sddm, but needs to login via the terminal and then `startx` by hand.
Steps to reproduce
------------------
Boot las115, try to login with a p...Failing nodes: las115
Summary
-------
One IPA only user cannot login via the login-manager sddm, but needs to login via the terminal and then `startx` by hand.
Steps to reproduce
------------------
Boot las115, try to login with a pure IPA user.
What is the current bug behavior?
---------------------------------
KDE Plasma does not start
What is the expected correct behaviour?
---------------------------------------
KDE Plasma starts.
Relevant logs and/or screenshots
--------------------------------
TODO
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/55improve elegant rpm installation2021-09-03T15:35:49+02:00sg7149improve elegant rpm installationIt seems that elegant is downloaded each time, even though it is installed.
Thus one should first check if elegant is installed and if so which version and only if they do not match the latest try installing it.
```
elegant|grep "This ...It seems that elegant is downloaded each time, even though it is installed.
Thus one should first check if elegant is installed and if so which version and only if they do not match the latest try installing it.
```
elegant|grep "This is elegant" |cut -d" " -f4|sed "s/,//"
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/63Fix died las1012020-02-24T17:27:11+01:00sg7149Fix died las101las101 did not come up again after reboot.
fsck fails and Ctrl+d does not work to get a prompt, yet.las101 did not come up again after reboot.
fsck fails and Ctrl+d does not work to get a prompt, yet.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/64automate adding of hosts2021-09-03T15:31:05+02:00sg7149automate adding of hostsUse the DNSVS-api to add the host also to the DNS
* sshfsUse the DNSVS-api to add the host also to the DNS
* sshfshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/65script to add ipa-replica to dns2020-05-04T12:21:08+02:00sg7149script to add ipa-replica to dnsScript the change of the DNS entries for a new IPA replica.
Add the SRV entries to DNSVS
See [IPA docu](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide...Script the change of the DNS entries for a new IPA replica.
Add the SRV entries to DNSVS
See [IPA docu](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/creating-the-replica) and the [NETVS docu](https://www-net-doku.scc.kit.edu/webapi/release/intro/)
```
_ldap._tcp
_kerberos._tcp
_kerberos._udp
_kerberos-master._tcp
_kerberos-master._udp
_ntp._udp
_kpasswd._tcp
_kpasswd._udp
```Network movehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/67NFS might not be mounted on start2020-08-24T17:46:02+02:00sg7149NFS might not be mounted on startCalling host: asterix.las.kit.edu (Fedora 29)
Failing nodes: asterix.las.kit.edu
Summary
-------
NFS is not mounted on boot.
Steps to reproduce
------------------
Boot the computer
What is the current bug behavior?
--------------...Calling host: asterix.las.kit.edu (Fedora 29)
Failing nodes: asterix.las.kit.edu
Summary
-------
NFS is not mounted on boot.
Steps to reproduce
------------------
Boot the computer
What is the current bug behavior?
---------------------------------
las-archiv1 is not mounted though it is in the fstab
What is the expected correct behaviour?
---------------------------------------
las-archiv1 is mounted after booting
Possible fixes
--------------
Probably the mounts are done before the network target is reached and therefore the NFS export is not viewable at that time, yet.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/68deprecation: TRANSFORM_INVALID_GROUP_CHARS2020-02-24T17:24:49+01:00sg7149deprecation: TRANSFORM_INVALID_GROUP_CHARSCalling host: obelix.las.kit.edu (Fedora 29)
Failing nodes: asterix (Fedora 30)
Summary
-------
Deprecation warning
Steps to reproduce
------------------
sites.yml
What is the current bug behavior?
-------------------------------...Calling host: obelix.las.kit.edu (Fedora 29)
Failing nodes: asterix (Fedora 30)
Summary
-------
Deprecation warning
Steps to reproduce
------------------
sites.yml
What is the current bug behavior?
---------------------------------
deprecation warning
What is the expected correct behaviour?
---------------------------------------
no warning
Relevant logs and/or screenshots
--------------------------------
```
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/69ssmtp fails every second time2020-02-24T17:29:24+01:00sg7149ssmtp fails every second timeCalling host: asterix.las.kit.edu (Fedora 30)
Failing nodes: asterix
Summary
-------
Every second time I run ansible-playbook sites.yml it fails at ssmtp rule
Steps to reproduce
------------------
run ansible twice
What is the c...Calling host: asterix.las.kit.edu (Fedora 30)
Failing nodes: asterix
Summary
-------
Every second time I run ansible-playbook sites.yml it fails at ssmtp rule
Steps to reproduce
------------------
run ansible twice
What is the current bug behavior?
---------------------------------
fails every second time
What is the expected correct behaviour?
---------------------------------------
does not fail
Relevant logs and/or screenshots
--------------------------------
```
[mail : install ssmtp and mailx] *******************************************************************************************************************************************************************************************************
failed: [asterix.las.kit.edu] (item=ssmtp) => {"ansible_loop_var": "item", "changed": false, "item": "ssmtp", "module_stderr": "/root/.ansible/tmp/ansible-tmp-1560283437.0299356-2401896733455/AnsiballZ_dnf.py:18: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses\n import imp\n", "module_stdout": "[master 1debf86] saving uncommitted changes in /etc prior to dnf run\n 1 file changed, 2 insertions(+)\n\n{\"msg\": \"Nothing to do\", \"changed\": false, \"results\": [\"Installed: ssmtp\"], \"rc\": 0, \"invocation\": {\"module_args\": {\"name\": [\"ssmtp\"], \"state\": \"present\", \"allow_downgrade\": false, \"autoremove\": false, \"bugfix\": false, \"disable_gpg_check\": false, \"disable_plugin\": [], \"disablerepo\": [], \"download_only\": false, \"enable_plugin\": [], \"enablerepo\": [], \"exclude\": [], \"installroot\": \"/\", \"install_repoquery\": true, \"install_weak_deps\": true, \"security\": false, \"skip_broken\": false, \"update_cache\": false, \"update_only\": false, \"validate_certs\": true, \"lock_timeout\": 0, \"conf_file\": null, \"disable_excludes\": null, \"download_dir\": null, \"list\": null, \"releasever\": null}}}\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 0}
```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/70integrate ipa-healthcheck into munin2020-05-04T12:19:48+02:00sg7149integrate ipa-healthcheck into muninIntegrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.Integrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/71Fix EPICS role with Firewall at CS2021-09-03T15:29:41+02:00sg7149Fix EPICS role with Firewall at CSCSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --ad...CSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --add-source-port=5064/udp --permanent
sudo systemctl reload firewalld
```
**Ideas for better fixes**:
Add ANKA-VPN to internal-zone.
Or do a similar thing to the iptables rule:
```
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/72Fix munin2019-08-28T14:46:52+02:00sg7149Fix muninMunin does not provide proper graphs for the clients (asterix: empty graphs, obelix: broken graphics)Munin does not provide proper graphs for the clients (asterix: empty graphs, obelix: broken graphics)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/73Fix auto-update role2021-09-03T15:25:45+02:00sg7149Fix auto-update roleCalling host: obelix.las.kit.edu (Fedora 30)
Failing nodes: homoeopatix, galantine
Summary
-------
The timer does not work
Steps to reproduce
------------------
* disable the timer if it is not anyway `sudo systemctl stop dnf-autom...Calling host: obelix.las.kit.edu (Fedora 30)
Failing nodes: homoeopatix, galantine
Summary
-------
The timer does not work
Steps to reproduce
------------------
* disable the timer if it is not anyway `sudo systemctl stop dnf-automatic.timer`
* Make a change in the config, to trigger a run of `configure autoupdate` and its handlers.
* Have a look if the timer is enabled/running `systemctl status dnf-automatic.timer`
What is the current bug behavior?
---------------------------------
* the timer is not enabled, though the handlers run
* the next task (install ntpdate) aborts with a connection timeout
What is the expected correct behaviour?
---------------------------------------
* timer is enabled like when running `sudo systemctl start dnf-automatic.timer`
* ansible does not stop at the next task
Relevant logs and/or screenshots
--------------------------------
```
NOTIFIED HANDLER common : enable automatic for homoeopatix.las.kit.edu
changed: [homoeopatix.las.kit.edu] => {
"changed": true,
"checksum": "696d44dfa164390f90c382977fd4f6017a41d36f",
"dest": "/etc/dnf/automatic.conf",
"diff": [],
"gid": 0,
"group": "root",
"invocation": {
"module_args": {
"_original_basename": "automatic.conf",
"attributes": null,
"backup": false,
"checksum": "696d44dfa164390f90c382977fd4f6017a41d36f",
"content": null,
"delimiter": null,
"dest": "/etc/dnf/automatic.conf",
"directory_mode": null,
"follow": false,
"force": true,
"group": "root",
"local_follow": null,
"mode": 644,
"owner": "root",
"regexp": null,
"remote_src": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"src": "/root/.ansible/tmp/ansible-tmp-1563879277.1940045-149113441544632/source",
"unsafe_writes": null,
"validate": null
}
},
"md5sum": "bfccf2820f6617355dc306e4f97cb290",
"mode": "01204",
"owner": "root",
"secontext": "system_u:object_r:etc_t:s0",
"size": 2572,
"src": "/root/.ansible/tmp/ansible-tmp-1563879277.1940045-149113441544632/source",
"state": "file",
"uid": 0
}
<homoeopatix.las.kit.edu> ESTABLISH SSH CONNECTION FOR USER: root
<homoeopatix.las.kit.edu> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/4830240bc1 homoeopatix.las.kit.edu '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<homoeopatix.las.kit.edu> (0, b'/root\n', b'')
<homoeopatix.las.kit.edu> ESTABLISH SSH CONNECTION FOR USER: root
<homoeopatix.las.kit.edu> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/4830240bc1 homoeopatix.las.kit.edu '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763 `" && echo ansible-tmp-1563879278.9439619-57665086813763="` echo /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763 `" ) && sleep 0'"'"''
<homoeopatix.las.kit.edu> (0, b'ansible-tmp-1563879278.9439619-57665086813763=/root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763\n', b'')
Using module file /usr/lib/python3.7/site-packages/ansible/modules/packaging/os/dnf.py
<homoeopatix.las.kit.edu> PUT /root/.ansible/tmp/ansible-local-284632oi9hj3u/tmpqen7qowb TO /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/AnsiballZ_dnf.py
<homoeopatix.las.kit.edu> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/4830240bc1 '[homoeopatix.las.kit.edu]'
<homoeopatix.las.kit.edu> (0, b'sftp> put /root/.ansible/tmp/ansible-local-284632oi9hj3u/tmpqen7qowb /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/AnsiballZ_dnf.py\n', b'')
<homoeopatix.las.kit.edu> ESTABLISH SSH CONNECTION FOR USER: root
<homoeopatix.las.kit.edu> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/4830240bc1 homoeopatix.las.kit.edu '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/ /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/AnsiballZ_dnf.py && sleep 0'"'"''
<homoeopatix.las.kit.edu> (0, b'', b'')
<homoeopatix.las.kit.edu> ESTABLISH SSH CONNECTION FOR USER: root
<homoeopatix.las.kit.edu> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/4830240bc1 -tt homoeopatix.las.kit.edu '/bin/sh -c '"'"'/usr/bin/python3 /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/AnsiballZ_dnf.py && sleep 0'"'"''
<homoeopatix.las.kit.edu> (0, b'/root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/AnsiballZ_dnf.py:18: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module\'s documentation for alternative uses\r\n import imp\r\n[master ac956f1] saving uncommitted changes in /etc prior to dnf run\r\n 1 file changed, 1 insertion(+), 1 deletion(-)\r\n\r\n{"msg": "Nothing to do", "changed": false, "results": ["Installed: ntpdate"], "rc": 0, "invocation": {"module_args": {"state": "present", "name": ["ntpdate"], "allow_downgrade": false, "autoremove": false, "bugfix": false, "disable_gpg_check": false, "disable_plugin": [], "disablerepo": [], "download_only": false, "enable_plugin": [], "enablerepo": [], "exclude": [], "installroot": "/", "install_repoquery": true, "install_weak_deps": true, "security": false, "skip_broken": false, "update_cache": false, "update_only": false, "validate_certs": true, "lock_timeout": 0, "conf_file": null, "disable_excludes": null, "download_dir": null, "list": null, "releasever": null}}}\r\n', b'Shared connection to homoeopatix.las.kit.edu closed.\r\n')
<homoeopatix.las.kit.edu> ESTABLISH SSH CONNECTION FOR USER: root
<homoeopatix.las.kit.edu> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/4830240bc1 homoeopatix.las.kit.edu '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/ > /dev/null 2>&1 && sleep 0'"'"''
<homoeopatix.las.kit.edu> (0, b'', b'')
fatal: [homoeopatix.las.kit.edu]: FAILED! => {
"changed": false,
"module_stderr": "Shared connection to homoeopatix.las.kit.edu closed.\r\n",
"module_stdout": "/root/.ansible/tmp/ansible-tmp-1563879278.9439619-57665086813763/AnsiballZ_dnf.py:18: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses\r\n import imp\r\n[master ac956f1] saving uncommitted changes in /etc prior to dnf run\r\n 1 file changed, 1 insertion(+), 1 deletion(-)\r\n\r\n{\"msg\": \"Nothing to do\", \"changed\": false, \"results\": [\"Installed: ntpdate\"], \"rc\": 0, \"invocation\": {\"module_args\": {\"state\": \"present\", \"name\": [\"ntpdate\"], \"allow_downgrade\": false, \"autoremove\": false, \"bugfix\": false, \"disable_gpg_check\": false, \"disable_plugin\": [], \"disablerepo\": [], \"download_only\": false, \"enable_plugin\": [], \"enablerepo\": [], \"exclude\": [], \"installroot\": \"/\", \"install_repoquery\": true, \"install_weak_deps\": true, \"security\": false, \"skip_broken\": false, \"update_cache\": false, \"update_only\": false, \"validate_certs\": true, \"lock_timeout\": 0, \"conf_file\": null, \"disable_excludes\": null, \"download_dir\": null, \"list\": null, \"releasever\": null}}}\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 0
}
RUNNING HANDLER [common : enable automatic] ***********************************************************************************************************************************************************************************************************************************
task path: /root/ansible/roles/common/handlers/main.yml:82
PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
homoeopatix.las.kit.edu : ok=24 changed=1 unreachable=0 failed=1 skipped=5 rescued=0 ignored=0
```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/74MS fonts2019-10-28T18:15:54+01:00sg7149MS fontsCalling host: obelix.las.kit.edu (Fedora 30)
Failing nodes: asterix, obelix
Summary
-------
MS fonts installation (client role) fails, because of certificate issues of sf.net
Steps to reproduce
------------------
Run client role
...Calling host: obelix.las.kit.edu (Fedora 30)
Failing nodes: asterix, obelix
Summary
-------
MS fonts installation (client role) fails, because of certificate issues of sf.net
Steps to reproduce
------------------
Run client role
What is the current bug behavior?
---------------------------------
Client role fails when reaching the MS fonts task
What is the expected correct behaviour?
---------------------------------------
MS fonst install
Relevant logs and/or screenshots
--------------------------------
```
TASK [clients : install fonts] **************************************************************************************************************************************************************************************************************
fatal: [asterix.las.kit.edu]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for kent.dl.sourceforge.net:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=
False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org,
/etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076).", "status": -1, "url": "https://kent.dl.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-ins
taller-2.6-1.noarch.rpm"} ```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/75Replace bwSync&Share with Nextcloud2020-05-15T09:54:00+02:00sg7149Replace bwSync&Share with NextcloudHost: lasXXX.las.kit.edu
OS: Fedora XX
Software name:
--------------
Nextcloud client for KIT's bwSync&Share
Date:
------
End of 2019
Software installation instruction if not in repos:
------------------------------------------------...Host: lasXXX.las.kit.edu
OS: Fedora XX
Software name:
--------------
Nextcloud client for KIT's bwSync&Share
Date:
------
End of 2019
Software installation instruction if not in repos:
--------------------------------------------------
Maybe at https://nextcloud.com/de/install/#install-clients with the URL: https://bwsyncandshare.kit.edu
Possibly also interesting for:
-------------------------------
http://help.bwsyncandshare.kit.edu/134.php
/cc @project-managerlp5884lp5884https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/76Create role for TGU experimental computer2020-02-29T23:58:13+01:00sg7149Create role for TGU experimental computer* [ ] docu https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/blob/master/setup-tgu-coputer.md
* [ ] service files/timer docu
* [x] /home/messuser/README
* [ ] /etc/systemd/system/...
* [ ] ~/.ssh/...
* [...* [ ] docu https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/blob/master/setup-tgu-coputer.md
* [ ] service files/timer docu
* [x] /home/messuser/README
* [ ] /etc/systemd/system/...
* [ ] ~/.ssh/...
* [ ] git checkout of all repos
* [ ] add users
* [ ] network confighttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/77IOC tasks2021-09-03T15:19:23+02:00sg7149IOC tasksSetup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git...Setup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git.scc.kit.edu
HostName git.scc.kit.edu
ProxyCommand ssh ${USER}@192.168.0.1 nc %h %p
```
(tested only for `~/.ssh/config`, yet.
* Add ssh-key-signature from gitlab to your known_hosts `/etc/ssh/ssh_known_hosts` (world readable) (not tested yet)
For each user on an IOC computer (e.g. caligula) one has to
* create the user `useradd $name -u $ID -G users -m`
* create ssh-key `ssh-keygen`
* ssh-copy-id to faulusyuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/78Add lab computers to munin2019-12-19T12:59:26+01:00sg7149Add lab computers to muninLab computers are not connected with one person so there should be almost no privacy issue. But since they run for a long time without user interaction errors aren't observed quickly. Hence it makes sense to supervise them.Lab computers are not connected with one person so there should be almost no privacy issue. But since they run for a long time without user interaction errors aren't observed quickly. Hence it makes sense to supervise them.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/80VGA-port @ ThinkCentres2020-02-17T15:54:47+01:00sg7149VGA-port @ ThinkCentresThe VGA-port on ThinkCentres seems to misbehave on Linux.
ThinkCentres (new M920t) with VGA connected to a VGA-Display boots and when switching to a higher resolution during booting (the monitor searches for signal and turns off).
Durin...The VGA-port on ThinkCentres seems to misbehave on Linux.
ThinkCentres (new M920t) with VGA connected to a VGA-Display boots and when switching to a higher resolution during booting (the monitor searches for signal and turns off).
During installation with KDE-Live-System it was possible to switch to a non-graphical console (ctrl+alt+2) and to login there and reboot (killing X did not help).
Probably it's possible to fix it with the right boot-flags.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/82Install LASMagLab software on terminal computer2020-02-24T17:16:42+01:00sg7149Install LASMagLab software on terminal computerInstall the LASMagLab software on the terminal [lab] computer and add the GitLab-Token automatically.
Atm. the computer is only setup as a normal epics client and DHCPd server, but not with all the Control system components installed, y...Install the LASMagLab software on the terminal [lab] computer and add the GitLab-Token automatically.
Atm. the computer is only setup as a normal epics client and DHCPd server, but not with all the Control system components installed, yet.
Also the (Python) dependencies might be missing.
Checking out all the software at `/usr/local/share` would make sense.
The computer needed to be replaced quite often in the near past and might be replaced in the not too far future, so it would make sense to automate it.
At least one should do it when setting it up as a CSS host (if one sticks to our Fedora/ansible deployment and does not change completely to CN-machine-group's Ubuntu/salt-stack deployment)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/83LASMagLab DHCPd with template instead of static file2020-02-29T23:16:35+01:00sg7149LASMagLab DHCPd with template instead of static fileOne might want to use a template for the DHCPd server entry in the `dhcpd.conf`, so that one does not have to change it for a new computer.
Hints/Ideas for the template:
* MAC address: ('ansible_interfaces' starts with 'enp') ['ansible_...One might want to use a template for the DHCPd server entry in the `dhcpd.conf`, so that one does not have to change it for a new computer.
Hints/Ideas for the template:
* MAC address: ('ansible_interfaces' starts with 'enp') ['ansible_enp????']['macaddress'] when ['ansible_enp???']['ipv4']['network'] == '192.168.0.0'
* Hostname: ['ansible_fqdn']
* IP: '192.168.0.1'
```
# DHCPd host
host {{'ansible_hostname'}} {
hardware ethernet {{ macaddress }};
fixed-address {{ ip }};
}
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/84Rename [lab] to [maglab]2020-07-15T16:08:35+02:00sg7149Rename [lab] to [maglab]Rename `[lab]` role to avoid ambiguities between eg. LASMagLab and TGU-measurement stand.
(incomplete) list of its occurrence:
* hosts
* roles/lab
* sites.yml
* lab.yml
* README?Rename `[lab]` role to avoid ambiguities between eg. LASMagLab and TGU-measurement stand.
(incomplete) list of its occurrence:
* hosts
* roles/lab
* sites.yml
* lab.yml
* README?yuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/85Opera on Fedora 312020-03-02T14:52:39+01:00sg7149Opera on Fedora 31To work around Opera not starting on Fedora 31 I linked the libhwloc.so.5->libhwloc.so.15.
Maybe one should also copy libhwloc.so.5 from CentOS7 (kantine) instead of linking the new one.
Probably also the new Opera 2020 will not depend ...To work around Opera not starting on Fedora 31 I linked the libhwloc.so.5->libhwloc.so.15.
Maybe one should also copy libhwloc.so.5 from CentOS7 (kantine) instead of linking the new one.
Probably also the new Opera 2020 will not depend on libhwloc.so.15, because their webpage claims to support RHEL7, but not RHEL8 and even RHEL8 seems to have libhwloc.so.5 instead of .15.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/87Add backup daemon to LASMagLab computer2020-06-09T15:54:01+02:00sg7149Add backup daemon to LASMagLab computerLike done on the CN TGU terminal, it would make sense to have a backup daemon for the measurement data of the LASMagLab (on ueberdrus), too.
See also: las-software/15-1-Controls/Jena_UndulatorDocumentation#5 and las-it-organisation/issu...Like done on the CN TGU terminal, it would make sense to have a backup daemon for the measurement data of the LASMagLab (on ueberdrus), too.
See also: las-software/15-1-Controls/Jena_UndulatorDocumentation#5 and las-it-organisation/issues#8 and https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/-/blob/master/experiment_backup.md
It's not trivial and requires some more advanced knowledge of (Fedora/RHEL) Linux like SELinux and systemd.
@ue5734 hopefully understands my documentation and can do it or assist you (@vn4918 @updzh).ue5734ue5734https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/88SDDM not showing users2020-03-01T01:10:33+01:00sg7149SDDM not showing usersOnly the installation (local) user is displayed at the login screen.
[My documentation](https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/-/blob/master/ipa/freeipa.md#sddmlogin-manager)
suggests, that ...Only the installation (local) user is displayed at the login screen.
[My documentation](https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/systemdocu/-/blob/master/ipa/freeipa.md#sddmlogin-manager)
suggests, that it might help to add the network as a dependency to the sddm.service
```
SDDM/Login-Manager
In the case that KDE’s default login manager SDDM does not show any accounts to select for logging in, the following might help: Copy sddm.service from /lib/systemd/system to /etc/systemd/system, and add a line After=network.target to the [Unit] section.
```
Implement it as part of the ipa-hosts role.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/89Add fix to missing users at CN login screen2020-03-03T14:43:07+01:00sg7149Add fix to missing users at CN login screenFailing nodes: nichtsalsverdrus (Fedora LXQt)
Summary
-------
Users with UIDs of the IPA range and not the typical Linux user range (1000+) weren't shown in the login screen and one cannot type a user name either.
Steps to reproduce
...Failing nodes: nichtsalsverdrus (Fedora LXQt)
Summary
-------
Users with UIDs of the IPA range and not the typical Linux user range (1000+) weren't shown in the login screen and one cannot type a user name either.
Steps to reproduce
------------------
Log out and have a look at the login screen of the LXQt (SDDM) Fedora.
What is the current bug behavior?
---------------------------------
No users shown with too large UID (until workaround)
What is the expected correct behaviour?
---------------------------------------
All users selectable as login users.
Possible fixes
--------------
Fixed it (but not in ansible and not with a good upper limit, but only a value that is larger than the largest UID that is in use and small enough to show users.
If the UID is too large no user is shown at all.
In the `/etc/sddm.conf` one has to add the following lines:
```
HideUsers=nfsnobody
MaximumUid=1911111111
```
and restart sddm/Xorg.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/90Autoupdate on lab computers2020-07-15T15:40:04+02:00sg7149Autoupdate on lab computersChange the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that ex...Change the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that expects certain behaviour not to change.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/91Add networking to common role2020-05-13T12:10:22+02:00sg7149Add networking to common roleAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/92ansible ipv6 vs root2020-05-13T10:44:29+02:00sg7149ansible ipv6 vs rootansible tries to use IPv6 now that our hosts have proper DNS for IPv6.
Unfortunately the SSH-key for root only allows the IPv4 of obelix, so that running ansible fail atm.
One should either change the SSH-allowed IP addresses.
Or one sh...ansible tries to use IPv6 now that our hosts have proper DNS for IPv6.
Unfortunately the SSH-key for root only allows the IPv4 of obelix, so that running ansible fail atm.
One should either change the SSH-allowed IP addresses.
Or one should force ansible to use IPv4 only.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/93teamviewer installation stopps updates2020-08-17T09:57:29+02:00sg7149teamviewer installation stopps updatesCalling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: pepe, asterix
Summary
-------
Updates fail, because teamviewer repo cannot be found
Steps to reproduce
------------------
enable the teamviewer repositories () and run `dn...Calling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: pepe, asterix
Summary
-------
Updates fail, because teamviewer repo cannot be found
Steps to reproduce
------------------
enable the teamviewer repositories () and run `dnf update`
What is the current bug behavior?
---------------------------------
```
Failed to synchronize cache for repo 'tvinternal_dev'
Ignoring repositories: tvinternal_dev
```
when running via ansible, it fails due to timeouts.
What is the expected correct behaviour?
---------------------------------------
Update runs without any problems.
Relevant logs and/or screenshots
--------------------------------
```
(Paste any relevant logs - please use code blocks (```) to format console output,
logs, and code as it's very hard to read otherwise.)
```
Possible fixes
--------------
As a workaround one can deactivate the repository, but then teamviewer will not get updates!
/cc @vn4918lp5884lp5884https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/95lasarchiv1 role fails sometimes2020-05-14T18:00:01+02:00sg7149lasarchiv1 role fails sometimesCalling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: pepe, faulus
Summary
-------
Running the newly merged code !43 it first failed for some hosts, but not for all.
After having a look at https://github.com/ansible/ansible/issu...Calling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: pepe, faulus
Summary
-------
Running the newly merged code !43 it first failed for some hosts, but not for all.
After having a look at https://github.com/ansible/ansible/issues/29814 and changing `remounted` to `mounted` again succeeded.
But `mounted` initially failed, so maybe it is the bug and we cannot do much about it in our role. From the github-issue, I understand the documentation like it should work with `mounted` which is more consistent with the idea of stateless-ness though I read the documentation of the `mount` module differently the last time.
Steps to reproduce
------------------
Run `ansible-playbook --vault-password-file password nfs.yml --skip-tags fonts`.
What is the current bug behavior?
---------------------------------
SOMETIMES:
Hosts with unmounted /mnt/las-archiv1 and not installed fail. Broken, and correctly mounted /mnt/las-archiv1 machines do not fail.
What is the expected correct behaviour?
---------------------------------------
ALWAYS: None of the machines fail and all have a mounted /mnt/las-archiv1
Relevant logs and/or screenshots
--------------------------------
```
TASK [lasarchiv : remount lasarchiv1] ********************************************************************************
fatal: [homoeopatix.las.kit.edu]: FAILED! => {"changed": false, "msg": "Error remounting /mnt/las-archiv1: umount: /mnt/las-archiv1: not mounted.\n"}
changed: [methusalix.las.kit.edu]
changed: [majestix.las.kit.edu]
changed: [troubadix.las.kit.edu]
fatal: [faulus.las.kit.edu]: FAILED! => {"changed": false, "msg": "Error remounting /mnt/las-archiv1: umount: /mnt/las-archiv1: no mount point specified.\n"}
fatal: [pepe.las.kit.edu]: FAILED! => {"changed": false, "msg": "Error remounting /mnt/las-archiv1: umount: /mnt/las-archiv1: not mounted.\n"}
changed: [idefix.las.kit.edu]
```
https://github.com/ansible/ansible/issues/29814
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @vn4918https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/96Fix deprecation warning (loop in Jupyter notebbok)2020-05-15T20:10:47+02:00sg7149Fix deprecation warning (loop in Jupyter notebbok)Calling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: idefix
Summary
-------
Deprecation warning for using list as loop for package managers instead of installing the list. See other roles (eg. common) for the fix of this issue....Calling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: idefix
Summary
-------
Deprecation warning for using list as loop for package managers instead of installing the list. See other roles (eg. common) for the fix of this issue.
Steps to reproduce
------------------
Run sites.yml
What is the current bug behavior?
---------------------------------
Deprecation warning
What is the expected correct behaviour?
---------------------------------------
No deprecation warning
Relevant logs and/or screenshots
--------------------------------
```
TASK [ipynb : install Jupyter notebook for Python 3] *****************************************************************
[DEPRECATION WARNING]: Invoking "dnf" only once while using a loop via squash_actions is deprecated. Instead of using
a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['python3-jupyter-core',
'python3-ipykernel', 'python3-nbformat', 'python3-ipdb', 'python3-ipython']` and remove the loop. This feature will
be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
ok: [idefix.las.kit.edu] => (item=['python3-jupyter-core', 'python3-ipykernel', 'python3-nbformat', 'python3-ipdb', 'python3-ipython'])
TASK [ipynb : install Jupyter notebook extensions] *******************************************************************
[DEPRECATION WARNING]: Invoking "pip" only once while using a loop via squash_actions is deprecated. Instead of using
a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['ipywidgets']` and remove
the loop. This feature will be removed in version 2.11. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
ok: [idefix.las.kit.edu] => (item=['ipywidgets'])
```
Possible fixes
--------------
Don't use a loop (with_items), but provide the list as the `name` argument.
/cc @vn4918https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/101Opera binaries to PATH2020-11-18T16:54:27+01:00sg7149Opera binaries to PATHAdd the main Opera binaries to the global PATH environment variable, so that they are available in all terminals.
* operafea-modeller*
* operafea-op3solve*
* operafea-post*
* operafea-readtrack*
* operafea-manager*
* operafea-pp*Add the main Opera binaries to the global PATH environment variable, so that they are available in all terminals.
* operafea-modeller*
* operafea-op3solve*
* operafea-post*
* operafea-readtrack*
* operafea-manager*
* operafea-pp*zx8344samira.fatehi@kit.eduzx8344samira.fatehi@kit.eduhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/102Environment dependent epics configuration2020-07-15T14:59:38+02:00sg7149Environment dependent epics configurationEPICS is used for different purposes/environments which currently include:
* KARA
* LASMagLab
* TGU measurement
* Jena magnet setup
The configuration so far is only valid for one case only and the other configurations are changed by han...EPICS is used for different purposes/environments which currently include:
* KARA
* LASMagLab
* TGU measurement
* Jena magnet setup
The configuration so far is only valid for one case only and the other configurations are changed by hand which
- needs more steps for the installation and
- is error prone to (re-)running ansible.
This should be fixed.
See also issue #9https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/103get rid of old IPA related tasks and documentation2020-08-14T10:40:38+02:00sg7149get rid of old IPA related tasks and documentationAfter IPA is replaced by KIT-AD's LDAP one needs to clean the roles and the documentationAfter IPA is replaced by KIT-AD's LDAP one needs to clean the roles and the documentationKIT-ADhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/106Opera 2020 on Fedora 332022-06-29T11:45:44+02:00sg7149Opera 2020 on Fedora 33Failing nodes: methusalix, idefix
Summary
-------
Running operafea-post fails with errors.
Steps to reproduce
------------------
(How one can reproduce the issue - this is very important)
What is the current bug behavior?
--------...Failing nodes: methusalix, idefix
Summary
-------
Running operafea-post fails with errors.
Steps to reproduce
------------------
(How one can reproduce the issue - this is very important)
What is the current bug behavior?
---------------------------------
(What actually happens)
What is the expected correct behaviour?
---------------------------------------
(What you should see instead)
Relevant logs and/or screenshots
--------------------------------
```
/usr/local/share/Opera_2020/code/bin/operafea-post
libGL error: MESA-LOADER: failed to open swrast (search paths /usr/lib64/dri)
libGL error: failed to load driver: swrast
forrtl: severe (174): SIGSEGV, segmentation fault occurred
Image PC Routine Line Source
libifcoremt.so.5 00007F2EBD00F522 for__signal_handl Unknown Unknown
libpthread-2.32.s 00007F2EB68CE1E0 Unknown Unknown Unknown
libQt5OpenGL.so.5 00007F2EB90663E1 _ZN9QGLFormat18op Unknown Unknown
operafea-post 00005625BA7193E0 Unknown Unknown Unknown
operafea-post 00005625BA719D9B Unknown Unknown Unknown
operafea-post 00005625BA7191A3 Unknown Unknown Unknown
operafea-post 00005625BA718069 Unknown Unknown Unknown
operafea-post 00005625B9DBCFED Unknown Unknown Unknown
operafea-post 00005625BA4A2148 Unknown Unknown Unknown
operafea-post 00005625B9DFE281 Unknown Unknown Unknown
libc-2.32.so 00007F2EB34BD1E2 __libc_start_main Unknown Unknown
operafea-post 00005625B9DB7AF9 Unknown Unknown Unknown
```
Possible fixes
--------------
Tried installing `libglvnd-opengl` to provide `/lib64/libOpenGL.so.0.0.0` which was missing, but was on a working Fedora 31 host.ue5734ue5734https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/107Add the KIT-AD integration2021-04-23T16:03:28+02:00sg7149Add the KIT-AD integrationSummary
-------
The AD integration is not automated so some behaviours are unexpected (las-archiv1 permissions on other computers) and setting up new computers involves manual work.
Steps to reproduce
------------------
1. SSH to a m...Summary
-------
The AD integration is not automated so some behaviours are unexpected (las-archiv1 permissions on other computers) and setting up new computers involves manual work.
Steps to reproduce
------------------
1. SSH to a machine that is not yours and try to access /mnt/las-archiv1.
2. Setup a new computer.
What is the current bug behaviour?
---------------------------------
1. Permission denied, because I'm not in the users group.
2. No login with KIT account possible
What is the expected correct behaviour?
---------------------------------------
1. Access granted (I am part of the group users)
2. Login with KIT account works.
Relevant logs and/or screenshots
--------------------------------
```
[sg7149@methusalix ~]$ ls -la /mnt/las-archiv1/
ls: cannot open directory '/mnt/las-archiv1/': Permission denied
```
Possible fixes
--------------
Implement the KIT-LAS_LDAP guide.yuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/108Opera installation failing when GNOME group should be installed2021-09-03T14:12:42+02:00sg7149Opera installation failing when GNOME group should be installedCalling host: asterix.las.kit.edu (Fedora 32)
Failing nodes: asterix
Summary
-------
Running the Opera role fails when trying to install GNOME group. It seems that the group was renamed.
Steps to reproduce
------------------
Try to...Calling host: asterix.las.kit.edu (Fedora 32)
Failing nodes: asterix
Summary
-------
Running the Opera role fails when trying to install GNOME group. It seems that the group was renamed.
Steps to reproduce
------------------
Try to install opera via the ansible role on Fedora 32 (GNOME may already be installed).
What is the current bug behavior?
---------------------------------
Fails when trying to group install "@GNOME".
What is the expected correct behaviour?
---------------------------------------
The GNOME group is installed and Opera installation succeeds.
Relevant logs and/or screenshots
--------------------------------
```
TASK [opera : install dependencies] ********************************************************************************************************************************************************************************************************
fatal: [asterix.las.kit.edu]: FAILED! => {"changed": false, "msg": "No group GNOME available.", "results": []}
```
Possible fixes
--------------
Use the correct name for the GNOME group.zx8344samira.fatehi@kit.eduzx8344samira.fatehi@kit.edu