ansible issueshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues2022-06-29T11:45:44+02:00https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/106Opera 2020 on Fedora 332022-06-29T11:45:44+02:00sg7149Opera 2020 on Fedora 33Failing nodes: methusalix, idefix
Summary
-------
Running operafea-post fails with errors.
Steps to reproduce
------------------
(How one can reproduce the issue - this is very important)
What is the current bug behavior?
--------...Failing nodes: methusalix, idefix
Summary
-------
Running operafea-post fails with errors.
Steps to reproduce
------------------
(How one can reproduce the issue - this is very important)
What is the current bug behavior?
---------------------------------
(What actually happens)
What is the expected correct behaviour?
---------------------------------------
(What you should see instead)
Relevant logs and/or screenshots
--------------------------------
```
/usr/local/share/Opera_2020/code/bin/operafea-post
libGL error: MESA-LOADER: failed to open swrast (search paths /usr/lib64/dri)
libGL error: failed to load driver: swrast
forrtl: severe (174): SIGSEGV, segmentation fault occurred
Image PC Routine Line Source
libifcoremt.so.5 00007F2EBD00F522 for__signal_handl Unknown Unknown
libpthread-2.32.s 00007F2EB68CE1E0 Unknown Unknown Unknown
libQt5OpenGL.so.5 00007F2EB90663E1 _ZN9QGLFormat18op Unknown Unknown
operafea-post 00005625BA7193E0 Unknown Unknown Unknown
operafea-post 00005625BA719D9B Unknown Unknown Unknown
operafea-post 00005625BA7191A3 Unknown Unknown Unknown
operafea-post 00005625BA718069 Unknown Unknown Unknown
operafea-post 00005625B9DBCFED Unknown Unknown Unknown
operafea-post 00005625BA4A2148 Unknown Unknown Unknown
operafea-post 00005625B9DFE281 Unknown Unknown Unknown
libc-2.32.so 00007F2EB34BD1E2 __libc_start_main Unknown Unknown
operafea-post 00005625B9DB7AF9 Unknown Unknown Unknown
```
Possible fixes
--------------
Tried installing `libglvnd-opengl` to provide `/lib64/libOpenGL.so.0.0.0` which was missing, but was on a working Fedora 31 host.ue5734ue5734https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/40Create the default directory structure2021-09-14T17:15:53+02:00sg7149Create the default directory structureFor new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.For new users, create the default directory structure based on the organisation document.
This should be possible by creating it at `/etc/skel`.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/11Python role(s)2021-09-03T15:59:34+02:00sg7149Python role(s)Python stackPython stackhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/13Bootstrap wrapper script2021-09-03T15:58:06+02:00sg7149Bootstrap wrapper scriptA script that bootstraps the ansible installation of a host.
* Create the files in `host_vars` and edit `hosts`
Might interfere with issues #10 and #4 and with the `add_host.sh` script of the documentation repositoryA script that bootstraps the ansible installation of a host.
* Create the files in `host_vars` and edit `hosts`
Might interfere with issues #10 and #4 and with the `add_host.sh` script of the documentation repositoryhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/15Provision new user rule2021-09-03T15:58:06+02:00sg7149Provision new user ruleRolle zum Anlegen und Entfernen von neuen Nutzern.
* [ ] JIRA-Ticket für Confluence-User https://docs.ansible.com/ansible/latest/jira_module.html (u-Kürzel)
* [ ] FreeIPA-Account (Nachname)
Leider noch nicht automatisierbar sind Sympa ...Rolle zum Anlegen und Entfernen von neuen Nutzern.
* [ ] JIRA-Ticket für Confluence-User https://docs.ansible.com/ansible/latest/jira_module.html (u-Kürzel)
* [ ] FreeIPA-Account (Nachname)
Leider noch nicht automatisierbar sind Sympa und GitLab-Gruppen-Angehörigkeit
Bitte auch mit issue #13 abstimmenhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/19Opera depends on a user with access rights to las-archiv2021-09-03T15:55:28+02:00sg7149Opera depends on a user with access rights to las-archivAdd IPA client as a dependency in the meta. See #13 and #5
So atm it is only possible to install Opera on an already running system.Add IPA client as a dependency in the meta. See #13 and #5
So atm it is only possible to install Opera on an already running system.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/23EPICS installation fails due to (invalid) certificates2021-09-03T15:53:58+02:00sg7149EPICS installation fails due to (invalid) certificatesCalling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las117
Summary
--------
epics role fails at installation/downloading of the files
Steps to reproduce
-------------------
run the `epics` role, e.g. by ``site.yml``
What is...Calling host: las113.las.kit.edu (Fedora 27)
Failing nodes: las117
Summary
--------
epics role fails at installation/downloading of the files
Steps to reproduce
-------------------
run the `epics` role, e.g. by ``site.yml``
What is the current bug behaviour?
----------------------------------
Role fails and EPICS will not install
What is the expected correct behavior?
---------------------------------------
Installation of epics
Relevant logs and/or screenshots
---------------------------------
```
TASK [epics : unarchived] ********************************************************************************************************************************************************
fatal: [las117.las.kit.edu]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for www.aps.anl.gov:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)."}
```
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/24Labview2021-09-03T15:53:21+02:00sg7149LabviewHost: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-----------------...Host: las117.las.kit.edu
OS: Fedora 27
Software name:
--------------
Labview
Software installation instruction if not in repos:
--------------------------------------------------
k.A.
Possibly also interesting for:
-------------------------------
M. Fischer
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/27PyCharm comunity2021-09-03T15:52:43+02:00sg7149PyCharm comunityLet the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/Let the user choose between the community edition or the commercial/educational one.
For the community edition there exists a copr repo
http://copr.fedorainfracloud.org/coprs/phracek/PyCharm/https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/30Opera HTML Manual is not readable2021-09-03T15:51:45+02:00ll5790Opera HTML Manual is not readableCalling host: las118.las.kit.edu (Fedora 28)
Failing nodes: las118
Summary
-------
Oper Manual owned by root: Opera can not open the file.
Steps to reproduce
------------------
Opera -> Help Manual (HTML)
What is the current bug ...Calling host: las118.las.kit.edu (Fedora 28)
Failing nodes: las118
Summary
-------
Oper Manual owned by root: Opera can not open the file.
Steps to reproduce
------------------
Opera -> Help Manual (HTML)
What is the current bug behavior?
---------------------------------
see above.
What is the expected correct behaviour?
---------------------------------------
Open Manual in Browser.
Possible fixes
--------------
Change reading rights: Grant access.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/33Add GitLab backup script to a ansible role2021-09-03T15:50:44+02:00sg7149Add GitLab backup script to a ansible rolesg7149sg7149https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/35Icinga2021-09-03T15:49:56+02:00sg7149IcingaHost: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
-----------------------------------------------...Host: las126.las.kit.edu, las100, las101, +Opt-In
OS: Fedora, CentOS
Software name:
--------------
Icinga2 or other monitoring software
Software installation instruction if not in repos:
--------------------------------------------------
* Temperatures
* HDD live and
* Load
* Network connectivity are very simple to install as far as I know.
Status of our services
* DHCPd
More difficult/not implemented yet, but basic features might be detectable with other modules:
* IPA functionality
Probably there are already roles in the ansible-Galaxy.
Possibly also interesting for:
-------------------------------
Clients as Opt-In, because it causes privacy issues (admins can see for how long the computer was turned on and how long a user was logged in, to name just a few)
User stories (kind of):
-----------------------
Clients:
* The user starts a job on his computer and he cannot log-in at the next morning. Is the computer gone for good? Is it just still to busy to take care of things like the log-in-manager? Are the hard-drives gone, because of the room heated up? -> Get hints of the cause of the problem.
* The user cannot log-in. Maybe IPA the network is down and therefore she cannot log-in, maybe IPA is down, maybe she just typed a wrong password.
Server:
* IPA went down and nobody notices it, because sssd caches it and no log-in errors occurred until half a year later. Then one can find out, since when IPA was not working and if a update might have triggered it. Or one can prevent it in the first place, by regularly monitoring the monitoring software.
* DHCPd went down and nobody notices it, because the workstations work with fixed IPs
* Docker GitLab-runner do not work and jobs have to fail to recognize it. Maybe an system update caused this and not a reboot without autostart.
* sharelatex is down and one gets a mail/call from CN, because they want to collaborate on a paper that needs to be submitted the next day.
/cc @project-managerhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/37Docker Gitlab-CI runner2021-09-03T15:49:17+02:00sg7149Docker Gitlab-CI runner* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compil...* [x] Install GitLab-CI runners (docker) on a proper computer (ask @gethmannn for documentation on the installation on Fedora and it's pitfalls) and
* [ ] create example `.gitlab-ci.yml` files for typical use-cases
* [ ] LaTeX: compilation of a document
* [ ] Python: linting PEP-8 or formatting with yapf
* [ ] shell: run shellcheck
* [ ] Document how to use the CI
* [ ] For the owner of the repo
* [ ] For a user who might be confused about merge requests or push commands being rejected
Things to discuss:
* Worth it?
* las126 or las101
* install runner on all clients? That would be a much bigger task imho.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/39nginx not listing directories correctly2021-09-03T15:45:15+02:00sg7149nginx not listing directories correctlynginx returns 403 and logs "directory index of ... is forbidden".
Host: las101
e.g. for the RPM repo (lasrepo)nginx returns 403 and logs "directory index of ... is forbidden".
Host: las101
e.g. for the RPM repo (lasrepo)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/42Fix nfs-server role2021-09-03T15:42:18+02:00sg7149Fix nfs-server roleThe server role has got syntax errors and therefore fails.
Tested on las115 and las127The server role has got syntax errors and therefore fails.
Tested on las115 and las127https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/45Create test infrastructure for ansible2021-09-03T15:41:08+02:00sg7149Create test infrastructure for ansibleTest ansible roles with GitLab-CI.
[ ] CI runners that start a new Docker of the currently supported Fedoras and run `sites.yml`Test ansible roles with GitLab-CI.
[ ] CI runners that start a new Docker of the currently supported Fedoras and run `sites.yml`https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/64automate adding of hosts2021-09-03T15:31:05+02:00sg7149automate adding of hostsUse the DNSVS-api to add the host also to the DNS
* sshfsUse the DNSVS-api to add the host also to the DNS
* sshfshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/71Fix EPICS role with Firewall at CS2021-09-03T15:29:41+02:00sg7149Fix EPICS role with Firewall at CSCSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --ad...CSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --add-source-port=5064/udp --permanent
sudo systemctl reload firewalld
```
**Ideas for better fixes**:
Add ANKA-VPN to internal-zone.
Or do a similar thing to the iptables rule:
```
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/77IOC tasks2021-09-03T15:19:23+02:00sg7149IOC tasksSetup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git...Setup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git.scc.kit.edu
HostName git.scc.kit.edu
ProxyCommand ssh ${USER}@192.168.0.1 nc %h %p
```
(tested only for `~/.ssh/config`, yet.
* Add ssh-key-signature from gitlab to your known_hosts `/etc/ssh/ssh_known_hosts` (world readable) (not tested yet)
For each user on an IOC computer (e.g. caligula) one has to
* create the user `useradd $name -u $ID -G users -m`
* create ssh-key `ssh-keygen`
* ssh-copy-id to faulusyuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/25texlive package names might change in future Fedora releases2021-09-03T14:43:48+02:00sg7149texlive package names might change in future Fedora releasesFedora 27 does not use the current stable TexLive version 2017.
For the next Fedora release the names of the texlive packages might change, because there is an [issue about renaming](https://bugzilla.redhat.com/show_bug.cgi?id=1505342) f...Fedora 27 does not use the current stable TexLive version 2017.
For the next Fedora release the names of the texlive packages might change, because there is an [issue about renaming](https://bugzilla.redhat.com/show_bug.cgi?id=1505342) from `texlive` into `texlive-base` and `texlive`.
Test via copr:
```
dnf copr enable spot/texlive
```