Commit 04a27706 authored by julian.gethmann's avatar julian.gethmann

Fix many smaller errors

* LaTeX rule still seems not to be that stable, therefore removed from
site.yml
* Rename all versions to lasarchiv1 to be consistent
* Update SSH playbook of common rule to open the ports in the firewall
parent 9596c3b1
...@@ -23,7 +23,6 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest ...@@ -23,7 +23,6 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* common.yml: basic configuration for all LAS/NSQ computers * common.yml: basic configuration for all LAS/NSQ computers
* clients.yml: all computers not acting as a server (only) * clients.yml: all computers not acting as a server (only)
* desktop.yml: all desktop computers including laptops (having X11/Wayland) * desktop.yml: all desktop computers including laptops (having X11/Wayland)
* latex.yml: basic LaTeX installation (KIT classes not yet)
* python.yml: basic python_stack for scientific Python usage (including fitting) * python.yml: basic python_stack for scientific Python usage (including fitting)
* ipynb.yml: IPython/Jupyter notebook * ipynb.yml: IPython/Jupyter notebook
* MAD-8: MAD 8 inofficial build for Fedora * MAD-8: MAD 8 inofficial build for Fedora
...@@ -32,6 +31,7 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest ...@@ -32,6 +31,7 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* lasarchiv: client side mount las126/las-archiv1 * lasarchiv: client side mount las126/las-archiv1
* opera.yml: Cobham's Opera3d (client) * opera.yml: Cobham's Opera3d (client)
* admin.yml: tools for administrators * admin.yml: tools for administrators
* latex.yml: basic LaTeX installation (KIT classes not yet)
# Develope new roles, extend or modify existing ones and update roles for new software # Develope new roles, extend or modify existing ones and update roles for new software
......
...@@ -2,4 +2,4 @@ ansible_user: gethmann ...@@ -2,4 +2,4 @@ ansible_user: gethmann
user_account: gethmann user_account: gethmann
ip_suffix: 113 ip_suffix: 113
loc: 618 loc: 618
os: Fedora 24 os: Fedora 25
ansible_connection: local # ansible_connection: local
ansible_user: gethmann ansible_user: gethmann
user_account: blomley user_account: blomley
ip_suffix: 118 ip_suffix: 118
......
ansible_connection: local # ansible_connection: local
ansible_user: gethmann ansible_user: gethmann
user_account: gethmann user_account: gethmann
ip_suffix: 122 ip_suffix: 122
loc: 621 loc: 621
os: Fedora 25
ansible_remote_user: gethmann ansible_user: gethmann
user_account: gethmann user_account: gethmann
ip_suffix: 126 ip_suffix: 126
loc: 618 loc: 618
os: Fedora 24 os: Fedora 25
...@@ -14,8 +14,10 @@ las118.las.kit.edu ...@@ -14,8 +14,10 @@ las118.las.kit.edu
las122.las.kit.edu las122.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
[las-archiv1] [lasarchiv]
las113.las.kit.edu las113.las.kit.edu
las126.las.kit.edu
las122.las.kit.edu
las93.las.kit.edu las93.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
...@@ -34,6 +36,7 @@ las113.las.kit.edu ...@@ -34,6 +36,7 @@ las113.las.kit.edu
[opera] [opera]
las113.las.kit.edu las113.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu las126.las.kit.edu
[mad8] [mad8]
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
tags: nfs-server tags: nfs-server
- hosts: las-archiv1 - hosts: lasarchiv
roles: roles:
- lasarchiv - lasarchiv
tags: nfs-clients tags: nfs-clients
--- ---
- name: enable sshd - name: enable sshd
become: yes become: yes
service: name=sshd enabled=yes service:
name: sshd
enabled: yes
- name: restart sshd - name: restart sshd
become: yes become: yes
service: name=sshd state=restarted service:
name: sshd
state: restarted
- name: reload sshd - name: reload sshd
become: yes become: yes
service: name=sshd state=reloaded service:
name: sshd
state: reloaded
- name: start sshd - name: start sshd
become: yes become: yes
service: name=sshd state=started service:
name: sshd
state: started
- name: enable ntp - name: enable ntp
become: yes become: yes
service: name=ntpdate enabled=yes service:
name: ntpdate
enabled: yes
- name: start ntp - name: start ntp
become: yes become: yes
service: name=ntpdate state=started service:
name: ntpdate
state: started
- name: update-ca-trust - name: update-ca-trust
become: yes become: yes
...@@ -30,3 +42,27 @@ ...@@ -30,3 +42,27 @@
- name: lock root user - name: lock root user
become: yes become: yes
command: passwd -l root command: passwd -l root
- name: reload firewalld
become: yes
service:
name: firewalld
state: reloaded
- name: restart firewalld
become: yes
service:
name: firewalld
state: restarted
- name: enable ufw
become: yes
service:
name: ufw
state: enabled
- name: restart ufw
become: yes
service:
name: ufw
state: restarted
--- ---
- name: install needed network manager libs - name: install needed network manager libs
become: yes
dnf: dnf:
name: '{{ item }}' name: '{{ item }}'
state: installed state: installed
become: yes
with_items: with_items:
- NetworkManager-glib - NetworkManager-glib
- libnm-qt-devel.x86_64 - libnm-qt-devel.x86_64
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
# type: ethernet # type: ethernet
- name: set hostname - name: set hostname
become: yes
hostname: hostname:
name: "las{{ ip_suffix }}.las.kit.edu" name: "las{{ ip_suffix }}.las.kit.edu"
become: yes
--- ---
- name: Installed sshd - name: Installed sshd
package: state=installed name=openssh-server
become: yes become: yes
package:
state: installed
name: openssh-server
- name: install firewalld
become: yes
package:
name: python-firewall
state: installed
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
- name: Open port 22 on Fedora/CentOS
become: yes
firewalld:
port: 22/tcp
state: enabled
permanent: true
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
notify:
- reload firewalld
- restart firewalld
- name: Open port 22 on Ubuntu
become: yes
ufw:
name: OpenSSH
rule: allow
notify:
- reload ufw
- enable ufw
when: ansible_distribution == "Ubuntu"
- name: Disable empty password login - name: Disable empty password login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitEmptyPasswords.*" line="PermitEmptyPasswords no" backup=yes
notify: restart sshd
become: yes become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitEmptyPasswords.*"
line: "PermitEmptyPasswords no"
backup: yes
notify: restart sshd
- name: Disable remote root login - name: Disable remote root login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitRootLogin.*" line="PermitRootLogin no" backup=yes
notify: restart sshd
become: yes become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitRootLogin.*"
line: "PermitRootLogin no"
backup: yes
notify: restart sshd
- name: Enable tunnel - name: Enable tunnel
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitTunnel.*" line="PermitTunnel yes" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitTunnel.*"
line: "PermitTunnel yes"
backup: yes
notify: notify:
- enable sshd - enable sshd
- restart sshd - restart sshd
...@@ -24,11 +68,19 @@ ...@@ -24,11 +68,19 @@
# command: chkconfig sshd on # command: chkconfig sshd on
- name: Add curves - name: Add curves
lineinfile: dest=/etc/ssh/sshd_config regexp="HostKey.*ed25519.*" line="HostKey /etc/ssh/ssh_host_ed25519_key" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: "HostKey.*ed25519.*"
line: "HostKey /etc/ssh/ssh_host_ed25519_key"
backup: yes
notify: restart sshd notify: restart sshd
become: yes become: yes
- name: enable PAM - name: enable PAM
lineinfile: dest=/etc/ssh/sshd_config regexp=".*UsePAM .*" line="UsePAM yes" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*UsePAM .*"
line: "UsePAM yes"
backup: yes
become: yes become: yes
notify: restart sshd notify: restart sshd
...@@ -4,3 +4,4 @@ ...@@ -4,3 +4,4 @@
package: name=* state=latest package: name=* state=latest
tags: tags:
- skip_ansible_lint - skip_ansible_lint
when: ansible_distribution != "Ubuntu"
--- ---
dependencies: dependencies:
- { role: lasarchiv } - { role: lasarchiv }
- { role: client } - { role: clients }
--- ---
- name: check if Opera is installed - name: check if Opera is installed
stat: stat:
path: "{{ opera_path }}/code/bin/opera_manager" path: "{{ opera_path }}/code/bin/opera_manager"
register: stat_result register: stat_result
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
- name: unzip Opera - name: unzip Opera
become: yes become: yes
unarchive: unarchive:
# src: /mnt/las-archiv1/system/Opera/18/Opera_RHEL7.tar.bz # src: /mnt/las-archiv1/system/Opera/18/Opera_RHEL7.tar.bz
src: /tmp/Opera_RHEL7.tar.bz src: /tmp/Opera_RHEL7.tar.bz
dest: /usr/local/share/ dest: /usr/local/share/
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
- name: install dependencies - name: install dependencies
become: yes become: yes
dnf: dnf:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24") when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24")
...@@ -46,7 +46,7 @@ ...@@ -46,7 +46,7 @@
# does not work either # does not work either
# - name: link too new/missing libraries # - name: link too new/missing libraries
# file: # file:
# state: link # state: link
# src: "{{ item[1] }}" # src: "{{ item[1] }}"
# dest: "{{ opera_path }}/bin/{{ item[0] }}" # dest: "{{ opera_path }}/bin/{{ item[0] }}"
...@@ -56,17 +56,17 @@ ...@@ -56,17 +56,17 @@
# - ["libicuuc.so.50", "/usr/lib64/libicuuc.so"] # - ["libicuuc.so.50", "/usr/lib64/libicuuc.so"]
# - ["libicudata.so.50", "/usr/lib64/libicudata.so"] # - ["libicudata.so.50", "/usr/lib64/libicudata.so"]
# Work around for Fedora 25 vs. CentOS 7 # Work around for Fedora 25 vs. CentOS 7
- name: create dir for CentOS 7 libs - name: create dir for CentOS 7 libs
become: yes become: yes
file: file:
name: "{{ opera_path }}/CentOS7libs" name: "{{ opera_path }}/CentOS7libs"
state: directory state: directory
when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "22") when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "22")
- name: copy libraries from real CentOS 7 host (server) - name: copy libraries from real CentOS 7 host (server)
become: yes become: yes
copy: copy:
src: "/mnt/las-archiv1/system/Opera/18/CentOS7libs/{{ item.src }}" src: "/mnt/las-archiv1/system/Opera/18/CentOS7libs/{{ item.src }}"
dest: "{{ opera_path }}/CentOS7libs/{{ item.dest }}" dest: "{{ opera_path }}/CentOS7libs/{{ item.dest }}"
with_items: with_items:
...@@ -86,26 +86,26 @@ ...@@ -86,26 +86,26 @@
- name: install RHEL 6 deps - name: install RHEL 6 deps
become: yes become: yes
dnf: dnf:
name: hwloc name: hwloc
state: present state: present
when: when:
(ansible_distribution == "CentOS" and ansible_distribution_major_version == "6") or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "6") or
(ansible_distribution == "RHEL" and ansible_distribution_major_version == "6") (ansible_distribution == "RHEL" and ansible_distribution_major_version == "6")
- name: install RHEL 7 deps - name: install RHEL 7 deps
become: yes become: yes
dnf: dnf:
name: hwloc-libs name: hwloc-libs
state: present state: present
when: when:
(ansible_distribution == "CentOS" and ansible_distribution_major_version == "7") or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7") or
(ansible_distribution == "RHEL" and ansible_distribution_major_version == "7") or (ansible_distribution == "RHEL" and ansible_distribution_major_version == "7") or
(ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24") (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24")
- name: copy profile.d - name: copy profile.d
become: yes become: yes
copy: copy:
src: opera.sh src: opera.sh
dest: /etc/profile.d/opera.sh dest: /etc/profile.d/opera.sh
backup: yes backup: yes
...@@ -116,7 +116,7 @@ ...@@ -116,7 +116,7 @@
- name: copy wrapper scripts - name: copy wrapper scripts
become: yes become: yes
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: /usr/local/bin dest: /usr/local/bin
mode: ugo+x mode: ugo+x
......
...@@ -14,8 +14,8 @@ ...@@ -14,8 +14,8 @@
#- include: update.yml #- include: update.yml
- include: desktop.yml - include: desktop.yml
tags: admin tags: admin
- include: latex.yml #- include: latex.yml
tags: latex # tags: latex
- include: kdev.yml - include: kdev.yml
tags: kdev tags: kdev
- include: python.yml - include: python.yml
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment