Commit 08338130 authored by julian.gethmann's avatar julian.gethmann

Update outdate hostnames and packages in README and add hint on using it from obelix

parent 82ee2f13
......@@ -26,6 +26,11 @@ sudo ansible-playbook --limit $(hostname -f) --vault-id @prompt sites.yml
* If you only want some parts of the roles to be run, you can use the option `-t TAGNAME` to run only those tasks with the given tag.
* The vault-password is known to the usual suspects.
Unfortunately you need to know the vault password to let ansible run.
If you have got root access to obelix, then you should try to run ansible from that host.
The repository is located at `/root/ansible` and you should pull before running ansible. The advantage is, that it is tested.
There might be a tmux running for that purpose anyway.
### Ask for new software
Open an issue in the GitLab issue tracker and use the template for softwarerequests.
......@@ -67,14 +72,14 @@ requst by adding the software name to the list of `extra_software` in the
### ^2 Opera
After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@129.13.108.100`.
After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@opera.las.kit.edu`.
# Develop new roles, extend or modify existing ones and update roles for new software
## Branches
All roles in the master branch should work and should not brake on any of our systems (desktop, server, simulation, notebooks). The `site.yml` should always be runnable and include all roles that are stable and not explicitly for setup purposes only.
For developement and testing you should use development branches like `dev-latex`.
For development and testing you should use development branches like `dev-latex`.
You can check the syntax of the files by running `ansible-playbook --check-syntax filename.yml` (or by using the pre-commit-hook from the Snipplets.
......@@ -85,8 +90,8 @@ Be aware that the development branches here are not save and the owner might for
# Run as admin
## Bootstraping
* Enable SSH on the new host (`lasXXX$ sudo systemctl start sshd && sudo systemctl enable sshd`)
* Add your SSH-key to the host `ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies: `dnf install python2-dnf libselinux-python`
* Add your SSH-key to the host `obelix# ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies: `lasXXX$ sudo dnf install ansible git python3-dnf libselinux-python python3-netaddr`
* Check the `hosts` file for entries of `lasXXX.las.kit.edu`
* Run `ansible-playbook -K --vault-id @prompt sites.yml` probably with the option `-l lasXXX.las.kit.edu`
......@@ -94,18 +99,18 @@ Be aware that the development branches here are not save and the owner might for
* You can either use `ansible-vault edit --vault-id @prompt group_vars/all/vault.yml` to edit the file in your editor mentioned in the `$EDITOR` environment variable or
* you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`
The first one is of cause the preferred one, because there is no rist to add a unencrypted file to the repo.
The first one is of cause the preferred one, because there is no risk to add a unencrypted file to the repo.
## Bootstrap IPA hosts
In this example the client to bootstrap may be `las112` and the installation takes place from the server `las126`.
In this example the client to bootstrap may be `pepe` and the installation takes place from the server `obelix`.
The prompts `#` show that you are working at root.
* Add your (root's) SSH-key to the host `las126# ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies on the client: `las112# dnf install python2-dnf libselinux-python`
* Get a Kerberos ticket (``las126# kinit -f admin@LAS.KIT.EDU``)
* For the host with the hostname `lasXXX.las.kit.edu` do the following
* edit a file ``host_vars/lasXXX.las.kit.edu``
* Add your (root's) SSH-key to the host `obelix# ssh-copy-id pepe.las.kit.edu`
* Install ansible dependencies on the client: `pepe# dnf install python3-dnf libselinux-python`
* Get a Kerberos ticket (``obelix# kinit -f admin@LAS.KIT.EDU``)
* For the host with the hostname `pepe.las.kit.edu` do the following
* edit a file ``host_vars/pepe.las.kit.edu``
```
las126# ansible-playbook -l lasXXX.las.kit.edu add_ipa_host.yml --vault-id @prompt
obelix# ansible-playbook -l pepe.las.kit.edu add_ipa_host.yml --vault-id @prompt
```
and provide the root password for the new host.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment