Commit ecc10f5e authored by julian.gethmann's avatar julian.gethmann

Fix many smaller errors

* LaTeX rule still seems not to be that stable, therefore removed from
site.yml
* Rename all versions to lasarchiv1 to be consistent
* Update SSH playbook of common rule to open the ports in the firewall
parent 9ef76ee4
......@@ -23,7 +23,6 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* common.yml: basic configuration for all LAS/NSQ computers
* clients.yml: all computers not acting as a server (only)
* desktop.yml: all desktop computers including laptops (having X11/Wayland)
* latex.yml: basic LaTeX installation (KIT classes not yet)
* python.yml: basic python_stack for scientific Python usage (including fitting)
* ipynb.yml: IPython/Jupyter notebook
* MAD-8: MAD 8 inofficial build for Fedora
......@@ -32,6 +31,7 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest
* lasarchiv: client side mount las126/las-archiv1
* opera.yml: Cobham's Opera3d (client)
* admin.yml: tools for administrators
* latex.yml: basic LaTeX installation (KIT classes not yet)
# Develope new roles, extend or modify existing ones and update roles for new software
......
......@@ -2,4 +2,4 @@ ansible_user: gethmann
user_account: gethmann
ip_suffix: 113
loc: 618
os: Fedora 24
os: Fedora 25
ansible_connection: local
# ansible_connection: local
ansible_user: gethmann
user_account: blomley
ip_suffix: 118
......
ansible_connection: local
# ansible_connection: local
ansible_user: gethmann
user_account: gethmann
ip_suffix: 122
loc: 621
os: Fedora 25
ansible_remote_user: gethmann
ansible_user: gethmann
user_account: gethmann
ip_suffix: 126
loc: 618
os: Fedora 24
os: Fedora 25
......@@ -14,8 +14,10 @@ las118.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
[las-archiv1]
[lasarchiv]
las113.las.kit.edu
las126.las.kit.edu
las122.las.kit.edu
las93.las.kit.edu
las-gethmann.las.kit.edu
......@@ -34,6 +36,7 @@ las113.las.kit.edu
[opera]
las113.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu
[mad8]
......
......@@ -4,7 +4,7 @@
tags: nfs-server
- hosts: las-archiv1
- hosts: lasarchiv
roles:
- lasarchiv
tags: nfs-clients
---
- name: enable sshd
become: yes
service: name=sshd enabled=yes
service:
name: sshd
enabled: yes
- name: restart sshd
become: yes
service: name=sshd state=restarted
service:
name: sshd
state: restarted
- name: reload sshd
become: yes
service: name=sshd state=reloaded
service:
name: sshd
state: reloaded
- name: start sshd
become: yes
service: name=sshd state=started
service:
name: sshd
state: started
- name: enable ntp
become: yes
service: name=ntpdate enabled=yes
service:
name: ntpdate
enabled: yes
- name: start ntp
become: yes
service: name=ntpdate state=started
service:
name: ntpdate
state: started
- name: update-ca-trust
become: yes
......@@ -30,3 +42,27 @@
- name: lock root user
become: yes
command: passwd -l root
- name: reload firewalld
become: yes
service:
name: firewalld
state: reloaded
- name: restart firewalld
become: yes
service:
name: firewalld
state: restarted
- name: enable ufw
become: yes
service:
name: ufw
state: enabled
- name: restart ufw
become: yes
service:
name: ufw
state: restarted
---
- name: install needed network manager libs
become: yes
dnf:
name: '{{ item }}'
state: installed
become: yes
with_items:
- NetworkManager-glib
- libnm-qt-devel.x86_64
......@@ -24,7 +24,7 @@
# type: ethernet
- name: set hostname
become: yes
hostname:
name: "las{{ ip_suffix }}.las.kit.edu"
become: yes
---
- name: Installed sshd
package: state=installed name=openssh-server
become: yes
package:
state: installed
name: openssh-server
- name: install firewalld
become: yes
package:
name: python-firewall
state: installed
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
- name: Open port 22 on Fedora/CentOS
become: yes
firewalld:
port: 22/tcp
state: enabled
permanent: true
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
notify:
- reload firewalld
- restart firewalld
- name: Open port 22 on Ubuntu
become: yes
ufw:
name: OpenSSH
rule: allow
notify:
- reload ufw
- enable ufw
when: ansible_distribution == "Ubuntu"
- name: Disable empty password login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitEmptyPasswords.*" line="PermitEmptyPasswords no" backup=yes
notify: restart sshd
become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitEmptyPasswords.*"
line: "PermitEmptyPasswords no"
backup: yes
notify: restart sshd
- name: Disable remote root login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitRootLogin.*" line="PermitRootLogin no" backup=yes
notify: restart sshd
become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitRootLogin.*"
line: "PermitRootLogin no"
backup: yes
notify: restart sshd
- name: Enable tunnel
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitTunnel.*" line="PermitTunnel yes" backup=yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitTunnel.*"
line: "PermitTunnel yes"
backup: yes
notify:
- enable sshd
- restart sshd
......@@ -24,11 +68,19 @@
# command: chkconfig sshd on
- name: Add curves
lineinfile: dest=/etc/ssh/sshd_config regexp="HostKey.*ed25519.*" line="HostKey /etc/ssh/ssh_host_ed25519_key" backup=yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "HostKey.*ed25519.*"
line: "HostKey /etc/ssh/ssh_host_ed25519_key"
backup: yes
notify: restart sshd
become: yes
- name: enable PAM
lineinfile: dest=/etc/ssh/sshd_config regexp=".*UsePAM .*" line="UsePAM yes" backup=yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*UsePAM .*"
line: "UsePAM yes"
backup: yes
become: yes
notify: restart sshd
......@@ -4,3 +4,4 @@
package: name=* state=latest
tags:
- skip_ansible_lint
when: ansible_distribution != "Ubuntu"
---
dependencies:
- { role: lasarchiv }
- { role: client }
- { role: clients }
---
- name: check if Opera is installed
stat:
stat:
path: "{{ opera_path }}/code/bin/opera_manager"
register: stat_result
......@@ -15,7 +15,7 @@
- name: unzip Opera
become: yes
unarchive:
unarchive:
# src: /mnt/las-archiv1/system/Opera/18/Opera_RHEL7.tar.bz
src: /tmp/Opera_RHEL7.tar.bz
dest: /usr/local/share/
......@@ -24,7 +24,7 @@
- name: install dependencies
become: yes
dnf:
dnf:
name: "{{ item }}"
state: present
when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24")
......@@ -46,7 +46,7 @@
# does not work either
# - name: link too new/missing libraries
# file:
# file:
# state: link
# src: "{{ item[1] }}"
# dest: "{{ opera_path }}/bin/{{ item[0] }}"
......@@ -56,17 +56,17 @@
# - ["libicuuc.so.50", "/usr/lib64/libicuuc.so"]
# - ["libicudata.so.50", "/usr/lib64/libicudata.so"]
# Work around for Fedora 25 vs. CentOS 7
# Work around for Fedora 25 vs. CentOS 7
- name: create dir for CentOS 7 libs
become: yes
file:
file:
name: "{{ opera_path }}/CentOS7libs"
state: directory
when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "22")
- name: copy libraries from real CentOS 7 host (server)
become: yes
copy:
copy:
src: "/mnt/las-archiv1/system/Opera/18/CentOS7libs/{{ item.src }}"
dest: "{{ opera_path }}/CentOS7libs/{{ item.dest }}"
with_items:
......@@ -86,26 +86,26 @@
- name: install RHEL 6 deps
become: yes
dnf:
name: hwloc
dnf:
name: hwloc
state: present
when:
when:
(ansible_distribution == "CentOS" and ansible_distribution_major_version == "6") or
(ansible_distribution == "RHEL" and ansible_distribution_major_version == "6")
- name: install RHEL 7 deps
become: yes
dnf:
name: hwloc-libs
dnf:
name: hwloc-libs
state: present
when:
when:
(ansible_distribution == "CentOS" and ansible_distribution_major_version == "7") or
(ansible_distribution == "RHEL" and ansible_distribution_major_version == "7") or
(ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24")
- name: copy profile.d
become: yes
copy:
copy:
src: opera.sh
dest: /etc/profile.d/opera.sh
backup: yes
......@@ -116,7 +116,7 @@
- name: copy wrapper scripts
become: yes
copy:
copy:
src: "{{ item }}"
dest: /usr/local/bin
mode: ugo+x
......
......@@ -14,8 +14,8 @@
#- include: update.yml
- include: desktop.yml
tags: admin
- include: latex.yml
tags: latex
#- include: latex.yml
# tags: latex
- include: kdev.yml
tags: kdev
- include: python.yml
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment