README.md 6.39 KB
Newer Older
julian.gethmann's avatar
julian.gethmann committed
1
# [Ansible](https://docs.ansible.com/ansible/index.html) repository for LAS/CS NSQ computer
julian.gethmann's avatar
julian.gethmann committed
2
You need to have access to this repository (you need to add your public ssh-key (`ssh-keygen`) to your profile here).
julian.gethmann's avatar
julian.gethmann committed
3
Then you can clone the git repository to work on in locally.
julian.gethmann's avatar
julian.gethmann committed
4 5
`git clone git@git.scc.kit.edu:las/ansible.git`

6 7
Add your computer to the `hosts` file or if you are just testing add it to the local file.
Add your ``hostname`` under each role name (the name in the square brackets) you want to be run on your computer.
julian.gethmann's avatar
julian.gethmann committed
8
Also create a new file which is named
julian.gethmann's avatar
julian.gethmann committed
9
after your [fully-qualified-domain-name](https://de.wikipedia.org/wiki/Domain_(Internet)#Fully_Qualified_Domain_Name_.28FQDN.29}) (FQDN) in the `host_vars` directory including a [yaml](https://docs.ansible.com/ansible/YAMLSyntax.html) list with some host specific configuration variables, e. g. copy another similar host and adjust it.
10 11
These files do not have the `.yml` extension and do not start with `---` as most of the other yaml files do.
Then create a file named after your FQDN with the extension ``.yml`` in the main directory of ansible which includes all the roles one want to run. This step needs root privileges and therefore makes only sense for the first installation of a computer.
julian.gethmann's avatar
julian.gethmann committed
12 13 14 15

Install ansible and some dependencies: 

```
16
dnf install ansible git python3-dnf libselinux-python python3-netaddr
julian.gethmann's avatar
julian.gethmann committed
17
```
julian.gethmann's avatar
julian.gethmann committed
18 19 20
Run 

``` bash
julian.gethmann's avatar
julian.gethmann committed
21
git clone  git@git.scc.kit.edu:las-it-organisation/32-0-IT-InstructionsAndRules/ansible.git
julian.gethmann's avatar
julian.gethmann committed
22
cd ansible
julian.gethmann's avatar
julian.gethmann committed
23
sudo ansible-playbook --limit $(hostname -f) --vault-id @prompt sites.yml
julian.gethmann's avatar
julian.gethmann committed
24
```
julian.gethmann's avatar
julian.gethmann committed
25

julian.gethmann's avatar
julian.gethmann committed
26
  * If you only want some parts of the roles to be run, you can use the option `-t TAGNAME` to run only those tasks with the given tag.
julian.gethmann's avatar
julian.gethmann committed
27
  * The vault-password is known to the usual suspects.
julian.gethmann's avatar
julian.gethmann committed
28 29

### Ask for new software
julian.gethmann's avatar
julian.gethmann committed
30
Open an issue in the GitLab issue tracker and use the template for softwarerequests.
31 32 33 34 35 36

If the software is in the Fedora repositories and you think it makes sense to 
install this software only on your computer, you can also provide a merge/pull 
requst by adding the software name to the list of `extra_software` in the 
`host_vars` file for your computer.

julian.gethmann's avatar
julian.gethmann committed
37 38 39 40 41
## How to get new software on your computer

## Available roles

* common.yml: basic configuration for all LAS/NSQ computers
julian.gethmann's avatar
julian.gethmann committed
42
* clients.yml: all computers not acting as a server (only) ^1
julian.gethmann's avatar
julian.gethmann committed
43
* desktop.yml: all desktop computers including laptops (having X11/Wayland)
44
* graphics.yml: fundamental graphics software (Inkscape, Gimp)
julian.gethmann's avatar
julian.gethmann committed
45 46
* python.yml: basic python_stack for scientific Python usage (including fitting) ^1
* ipynb.yml: IPython/Jupyter notebook ^1
47 48 49
* nfs.yml:
  * nfs-server: export /las-archiv1 to our network
  * lasarchiv: client side mount las126/las-archiv1
50
* admin.yml: tools for administrators
julian.gethmann's avatar
julian.gethmann committed
51
* chrome.yml: Google Chrome for Fedora (for Adobe Connect usage)
52
* dhcpd.yml: DHCPd primary and secondary server on Fedora
53
* elegant.yml: elegant (no Pelegant, yet)
julian.gethmann's avatar
julian.gethmann committed
54
* inovesa.yml: [Inovesa](https://github.com/Inovesa/Inovesa)
55 56 57 58 59 60
* kdev.yml: KDevelope (with Python PlugIn) ^1
* latex.yml: basic LaTeX installation (Arial not yet) ^1
* opera.yml: Cobham's Opera3d (client) ^2 ^3
* pycharm.yml: Cross platform Python IDE: [PyCharm](https://www.jetbrains.com/pycharm/) IDE
* remmina.yml: remmina a Remote Desktop Protocol (Windows remote) client for e. g. [rds.scc.kit.edu](https://rds.scc.kit.edu)
* ripgrep.yml: ripgrep the better grep
61
* undulator_control.yml: Install the software stack that is necessary to develop the control system for the JENA TGU experiment
62
* zotero.yml: A citation management software
julian.gethmann's avatar
julian.gethmann committed
63

julian.gethmann's avatar
julian.gethmann committed
64
^1: (also put your FQDN to the \[common\] section in the hosts file as it depends hereon)
julian.gethmann's avatar
julian.gethmann committed
65

julian.gethmann's avatar
julian.gethmann committed
66 67 68
^3: (also put your FQDN to the \[lasarchiv\] section in the hosts file as it depends hereon)

### ^2 Opera
julian.gethmann's avatar
julian.gethmann committed
69 70 71

After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@129.13.108.100`.

julian.gethmann's avatar
julian.gethmann committed
72
# Develop new roles, extend or modify existing ones and update roles for new software
julian.gethmann's avatar
julian.gethmann committed
73 74

## Branches
julian.gethmann's avatar
julian.gethmann committed
75
All roles in the master branch should work and should not brake on any of our systems (desktop, server, simulation, notebooks). The `site.yml` should always be runnable and include all roles that are stable and not explicitly for setup purposes only.
julian.gethmann's avatar
julian.gethmann committed
76

julian.gethmann's avatar
julian.gethmann committed
77
For developement and testing you should use development branches like `dev-latex`.
julian.gethmann's avatar
julian.gethmann committed
78

julian.gethmann's avatar
julian.gethmann committed
79
You can check the syntax of the files by running `ansible-playbook --check-syntax filename.yml` (or by using the pre-commit-hook from the Snipplets.
julian.gethmann's avatar
julian.gethmann committed
80

81
If you just want to install one or many packages you can use `kdev.yml` as a basis or if it is not interesting for others you might want to add it to your host file instead.
julian.gethmann's avatar
julian.gethmann committed
82

83 84
Be aware that the development branches here are not save and the owner might force push to them!

julian.gethmann's avatar
julian.gethmann committed
85
# Run as admin 
86
## Bootstraping
87
* Enable SSH on the new host (`lasXXX$ sudo systemctl start sshd && sudo systemctl enable sshd`)
julian.gethmann's avatar
julian.gethmann committed
88
* Add your SSH-key to the host `ssh-copy-id lasXXX.las.kit.edu`
89
* Install ansible dependencies: `dnf install python2-dnf libselinux-python`
90
* Check the `hosts` file for entries of `lasXXX.las.kit.edu`
91
* Run `ansible-playbook -K --vault-id @prompt sites.yml` probably with the option `-l lasXXX.las.kit.edu`
92 93 94 95 96 97

## Edit encrypted files
* You can either use `ansible-vault edit --vault-id @prompt group_vars/all/vault.yml` to edit the file in your editor mentioned in the `$EDITOR` environment variable or
* you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`

The first one is of cause the preferred one, because there is no rist to add a unencrypted file to the repo.
98 99

## Bootstrap IPA hosts
100 101 102 103 104
In this example the client to bootstrap may be `las112` and the installation takes place from the server `las126`.
The prompts `#` show that you are working at root.
* Add your (root's) SSH-key to the host `las126# ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies on the client: `las112# dnf install python2-dnf libselinux-python`
* Get a Kerberos ticket (``las126# kinit -f admin@LAS.KIT.EDU``)
105 106
* For the host with the hostname `lasXXX.las.kit.edu` do the following
* edit a file ``host_vars/lasXXX.las.kit.edu``
107
```
julian.gethmann's avatar
julian.gethmann committed
108
las126# ansible-playbook -l lasXXX.las.kit.edu add_ipa_host.yml --vault-id @prompt
109 110
```
and provide the root password for the new host.
111 112 113

## Decommission/Uninstall a host
* edit the ``add_ipa_host.yml`` and uncomment the uninstall step in it.