Commit 04a27706 authored by julian.gethmann's avatar julian.gethmann

Fix many smaller errors

* LaTeX rule still seems not to be that stable, therefore removed from
site.yml
* Rename all versions to lasarchiv1 to be consistent
* Update SSH playbook of common rule to open the ports in the firewall
parent 9596c3b1
......@@ -23,7 +23,6 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* common.yml: basic configuration for all LAS/NSQ computers
* clients.yml: all computers not acting as a server (only)
* desktop.yml: all desktop computers including laptops (having X11/Wayland)
* latex.yml: basic LaTeX installation (KIT classes not yet)
* python.yml: basic python_stack for scientific Python usage (including fitting)
* ipynb.yml: IPython/Jupyter notebook
* MAD-8: MAD 8 inofficial build for Fedora
......@@ -32,6 +31,7 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* lasarchiv: client side mount las126/las-archiv1
* opera.yml: Cobham's Opera3d (client)
* admin.yml: tools for administrators
* latex.yml: basic LaTeX installation (KIT classes not yet)
# Develope new roles, extend or modify existing ones and update roles for new software
......
......@@ -2,4 +2,4 @@ ansible_user: gethmann
user_account: gethmann
ip_suffix: 113
loc: 618
os: Fedora 24
os: Fedora 25
ansible_connection: local
# ansible_connection: local
ansible_user: gethmann
user_account: blomley
ip_suffix: 118
......
ansible_connection: local
# ansible_connection: local
ansible_user: gethmann
user_account: gethmann
ip_suffix: 122
loc: 621
os: Fedora 25
ansible_remote_user: gethmann
ansible_user: gethmann
user_account: gethmann
ip_suffix: 126
loc: 618
os: Fedora 24
os: Fedora 25
......@@ -14,8 +14,10 @@ las118.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
[las-archiv1]
[lasarchiv]
las113.las.kit.edu
las126.las.kit.edu
las122.las.kit.edu
las93.las.kit.edu
las-gethmann.las.kit.edu
......@@ -34,6 +36,7 @@ las113.las.kit.edu
[opera]
las113.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu
[mad8]
......
......@@ -4,7 +4,7 @@
tags: nfs-server
- hosts: las-archiv1
- hosts: lasarchiv
roles:
- lasarchiv
tags: nfs-clients
---
- name: enable sshd
become: yes
service: name=sshd enabled=yes
service:
name: sshd
enabled: yes
- name: restart sshd
become: yes
service: name=sshd state=restarted
service:
name: sshd
state: restarted
- name: reload sshd
become: yes
service: name=sshd state=reloaded
service:
name: sshd
state: reloaded
- name: start sshd
become: yes
service: name=sshd state=started
service:
name: sshd
state: started
- name: enable ntp
become: yes
service: name=ntpdate enabled=yes
service:
name: ntpdate
enabled: yes
- name: start ntp
become: yes
service: name=ntpdate state=started
service:
name: ntpdate
state: started
- name: update-ca-trust
become: yes
......@@ -30,3 +42,27 @@
- name: lock root user
become: yes
command: passwd -l root
- name: reload firewalld
become: yes
service:
name: firewalld
state: reloaded
- name: restart firewalld
become: yes
service:
name: firewalld
state: restarted
- name: enable ufw
become: yes
service:
name: ufw
state: enabled
- name: restart ufw
become: yes
service:
name: ufw
state: restarted
---
- name: install needed network manager libs
become: yes
dnf:
name: '{{ item }}'
state: installed
become: yes
with_items:
- NetworkManager-glib
- libnm-qt-devel.x86_64
......@@ -24,7 +24,7 @@
# type: ethernet
- name: set hostname
become: yes
hostname:
name: "las{{ ip_suffix }}.las.kit.edu"
become: yes
---
- name: Installed sshd
package: state=installed name=openssh-server
become: yes
package:
state: installed
name: openssh-server
- name: install firewalld
become: yes
package:
name: python-firewall
state: installed
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
- name: Open port 22 on Fedora/CentOS
become: yes
firewalld:
port: 22/tcp
state: enabled
permanent: true
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
notify:
- reload firewalld
- restart firewalld
- name: Open port 22 on Ubuntu
become: yes
ufw:
name: OpenSSH
rule: allow
notify:
- reload ufw
- enable ufw
when: ansible_distribution == "Ubuntu"
- name: Disable empty password login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitEmptyPasswords.*" line="PermitEmptyPasswords no" backup=yes
notify: restart sshd
become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitEmptyPasswords.*"
line: "PermitEmptyPasswords no"
backup: yes
notify: restart sshd
- name: Disable remote root login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitRootLogin.*" line="PermitRootLogin no" backup=yes
notify: restart sshd
become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitRootLogin.*"
line: "PermitRootLogin no"
backup: yes
notify: restart sshd
- name: Enable tunnel
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitTunnel.*" line="PermitTunnel yes" backup=yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitTunnel.*"
line: "PermitTunnel yes"
backup: yes
notify:
- enable sshd
- restart sshd
......@@ -24,11 +68,19 @@
# command: chkconfig sshd on
- name: Add curves
lineinfile: dest=/etc/ssh/sshd_config regexp="HostKey.*ed25519.*" line="HostKey /etc/ssh/ssh_host_ed25519_key" backup=yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "HostKey.*ed25519.*"
line: "HostKey /etc/ssh/ssh_host_ed25519_key"
backup: yes
notify: restart sshd
become: yes
- name: enable PAM
lineinfile: dest=/etc/ssh/sshd_config regexp=".*UsePAM .*" line="UsePAM yes" backup=yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*UsePAM .*"
line: "UsePAM yes"
backup: yes
become: yes
notify: restart sshd
......@@ -4,3 +4,4 @@
package: name=* state=latest
tags:
- skip_ansible_lint
when: ansible_distribution != "Ubuntu"
---
dependencies:
- { role: lasarchiv }
- { role: client }
- { role: clients }
......@@ -14,8 +14,8 @@
#- include: update.yml
- include: desktop.yml
tags: admin
- include: latex.yml
tags: latex
#- include: latex.yml
# tags: latex
- include: kdev.yml
tags: kdev
- include: python.yml
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment