diff --git a/README.md b/README.md index 0fe9545d2380f0a7e4ece7a26b077ea406d05291..6739230a3b6bbd3f71d358432e4d92bdec6bee8f 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,6 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest * common.yml: basic configuration for all LAS/NSQ computers * clients.yml: all computers not acting as a server (only) * desktop.yml: all desktop computers including laptops (having X11/Wayland) -* latex.yml: basic LaTeX installation (KIT classes not yet) * python.yml: basic python_stack for scientific Python usage (including fitting) * ipynb.yml: IPython/Jupyter notebook * MAD-8: MAD 8 inofficial build for Fedora @@ -32,6 +31,7 @@ Open an issue in the GitLab issue tracker with the label: softwarerequest * lasarchiv: client side mount las126/las-archiv1 * opera.yml: Cobham's Opera3d (client) * admin.yml: tools for administrators +* latex.yml: basic LaTeX installation (KIT classes not yet) # Develope new roles, extend or modify existing ones and update roles for new software diff --git a/group_vars/las-archiv1.yml b/group_vars/lasarchiv similarity index 100% rename from group_vars/las-archiv1.yml rename to group_vars/lasarchiv diff --git a/host_vars/las113.las.kit.edu b/host_vars/las113.las.kit.edu index a6713c357f68c6be98a44251a6c83624aded819c..bfd1b6eae392749924b17b4cab6a65ce0c52faff 100644 --- a/host_vars/las113.las.kit.edu +++ b/host_vars/las113.las.kit.edu @@ -2,4 +2,4 @@ ansible_user: gethmann user_account: gethmann ip_suffix: 113 loc: 618 -os: Fedora 24 +os: Fedora 25 diff --git a/host_vars/las118.las.kit.edu b/host_vars/las118.las.kit.edu index 4e078979a4df839412a38e0902914fc6aaf88624..8abfbf8e18c93d2ae7a09534e37a6535cd675343 100644 --- a/host_vars/las118.las.kit.edu +++ b/host_vars/las118.las.kit.edu @@ -1,4 +1,4 @@ -ansible_connection: local +# ansible_connection: local ansible_user: gethmann user_account: blomley ip_suffix: 118 diff --git a/host_vars/las122.las.kit.edu b/host_vars/las122.las.kit.edu index bae50c575f73a78a63060bd7a6204e5182bfa4b1..1cde83f7ff9789a0875cd6d02a24ec30ed6ad0b3 100644 --- a/host_vars/las122.las.kit.edu +++ b/host_vars/las122.las.kit.edu @@ -1,5 +1,6 @@ -ansible_connection: local +# ansible_connection: local ansible_user: gethmann user_account: gethmann ip_suffix: 122 loc: 621 +os: Fedora 25 diff --git a/host_vars/las126.las.kit.edu b/host_vars/las126.las.kit.edu index c1d2310460eb39b3a3f5662d81419e60e830144e..09ff9b6f7c1b2fa077c4edaec5c5a8a4573f56ad 100644 --- a/host_vars/las126.las.kit.edu +++ b/host_vars/las126.las.kit.edu @@ -1,5 +1,5 @@ -ansible_remote_user: gethmann +ansible_user: gethmann user_account: gethmann ip_suffix: 126 loc: 618 -os: Fedora 24 +os: Fedora 25 diff --git a/hosts b/hosts index 6ca09e516a8a6d1dbf1d8d5a103de6e05db34cae..d096e20441c434f00107208d7ab5756953e75654 100644 --- a/hosts +++ b/hosts @@ -14,8 +14,10 @@ las118.las.kit.edu las122.las.kit.edu las-gethmann.las.kit.edu -[las-archiv1] +[lasarchiv] las113.las.kit.edu +las126.las.kit.edu +las122.las.kit.edu las93.las.kit.edu las-gethmann.las.kit.edu @@ -34,6 +36,7 @@ las113.las.kit.edu [opera] las113.las.kit.edu +las122.las.kit.edu las126.las.kit.edu [mad8] diff --git a/nfs.yml b/nfs.yml index 424943ee2611e54bbb4498ec9ff1a4563b860de9..a63fee21268fa4f444e6c5a9d0bb1c1f32e0bdc3 100644 --- a/nfs.yml +++ b/nfs.yml @@ -4,7 +4,7 @@ tags: nfs-server -- hosts: las-archiv1 +- hosts: lasarchiv roles: - lasarchiv tags: nfs-clients diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index e1abda2c7aff368bad838bb41888b4689f45a603..7e89b9141cf9a51677f212f6318661909f377eba 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -1,27 +1,39 @@ --- - name: enable sshd become: yes - service: name=sshd enabled=yes + service: + name: sshd + enabled: yes - name: restart sshd become: yes - service: name=sshd state=restarted + service: + name: sshd + state: restarted - name: reload sshd become: yes - service: name=sshd state=reloaded + service: + name: sshd + state: reloaded - name: start sshd become: yes - service: name=sshd state=started + service: + name: sshd + state: started - name: enable ntp become: yes - service: name=ntpdate enabled=yes + service: + name: ntpdate + enabled: yes - name: start ntp become: yes - service: name=ntpdate state=started + service: + name: ntpdate + state: started - name: update-ca-trust become: yes @@ -30,3 +42,27 @@ - name: lock root user become: yes command: passwd -l root + +- name: reload firewalld + become: yes + service: + name: firewalld + state: reloaded + +- name: restart firewalld + become: yes + service: + name: firewalld + state: restarted + +- name: enable ufw + become: yes + service: + name: ufw + state: enabled + +- name: restart ufw + become: yes + service: + name: ufw + state: restarted diff --git a/roles/common/tasks/hostname.yml b/roles/common/tasks/hostname.yml index 1ba0493970ba5319a02fd4e6f7ec82fa803b404b..356da678bf776520f546f50db9ccaf1903e7f7f2 100644 --- a/roles/common/tasks/hostname.yml +++ b/roles/common/tasks/hostname.yml @@ -1,9 +1,9 @@ --- - name: install needed network manager libs + become: yes dnf: name: '{{ item }}' state: installed - become: yes with_items: - NetworkManager-glib - libnm-qt-devel.x86_64 @@ -24,7 +24,7 @@ # type: ethernet - name: set hostname + become: yes hostname: name: "las{{ ip_suffix }}.las.kit.edu" - become: yes diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml index fe40203054695b42a1e79ce384c1d1553b79107a..13524b7a7b1346ec7b854a24055b41cc8d289fa1 100644 --- a/roles/common/tasks/sshd.yml +++ b/roles/common/tasks/sshd.yml @@ -1,20 +1,64 @@ --- - name: Installed sshd - package: state=installed name=openssh-server become: yes + package: + state: installed + name: openssh-server + +- name: install firewalld + become: yes + package: + name: python-firewall + state: installed + when: ansible_distribution == "Fedora" or + (ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7) + +- name: Open port 22 on Fedora/CentOS + become: yes + firewalld: + port: 22/tcp + state: enabled + permanent: true + when: ansible_distribution == "Fedora" or + (ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7) + notify: + - reload firewalld + - restart firewalld + +- name: Open port 22 on Ubuntu + become: yes + ufw: + name: OpenSSH + rule: allow + notify: + - reload ufw + - enable ufw + when: ansible_distribution == "Ubuntu" - name: Disable empty password login - lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitEmptyPasswords.*" line="PermitEmptyPasswords no" backup=yes - notify: restart sshd become: yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: ".*PermitEmptyPasswords.*" + line: "PermitEmptyPasswords no" + backup: yes + notify: restart sshd - name: Disable remote root login - lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitRootLogin.*" line="PermitRootLogin no" backup=yes - notify: restart sshd become: yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: ".*PermitRootLogin.*" + line: "PermitRootLogin no" + backup: yes + notify: restart sshd - name: Enable tunnel - lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitTunnel.*" line="PermitTunnel yes" backup=yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: ".*PermitTunnel.*" + line: "PermitTunnel yes" + backup: yes notify: - enable sshd - restart sshd @@ -24,11 +68,19 @@ # command: chkconfig sshd on - name: Add curves - lineinfile: dest=/etc/ssh/sshd_config regexp="HostKey.*ed25519.*" line="HostKey /etc/ssh/ssh_host_ed25519_key" backup=yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "HostKey.*ed25519.*" + line: "HostKey /etc/ssh/ssh_host_ed25519_key" + backup: yes notify: restart sshd become: yes - name: enable PAM - lineinfile: dest=/etc/ssh/sshd_config regexp=".*UsePAM .*" line="UsePAM yes" backup=yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: ".*UsePAM .*" + line: "UsePAM yes" + backup: yes become: yes notify: restart sshd diff --git a/roles/common/tasks/sysupdate.yml b/roles/common/tasks/sysupdate.yml index e4fac344e4528087c20c883dbc8f579131d64bf3..19bacb7223fd35871b9d7b7f662f5593ba38d87c 100644 --- a/roles/common/tasks/sysupdate.yml +++ b/roles/common/tasks/sysupdate.yml @@ -4,3 +4,4 @@ package: name=* state=latest tags: - skip_ansible_lint + when: ansible_distribution != "Ubuntu" diff --git a/roles/opera/meta/main.yml b/roles/opera/meta/main.yml index 9aa854fa72e16f5c96d9b4532cb00b7b4aa2863c..81ffe366ac80b795605713e95f9d4cea9fb09907 100644 --- a/roles/opera/meta/main.yml +++ b/roles/opera/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - { role: lasarchiv } - - { role: client } + - { role: clients } diff --git a/roles/opera/tasks/opera.yml b/roles/opera/tasks/opera.yml index ce8dfbc984c4c39247b7d03678dec05f1779bf5d..2038cd40afc422222022ed8345a647649a7f77b8 100644 --- a/roles/opera/tasks/opera.yml +++ b/roles/opera/tasks/opera.yml @@ -1,6 +1,6 @@ --- - name: check if Opera is installed - stat: + stat: path: "{{ opera_path }}/code/bin/opera_manager" register: stat_result @@ -15,7 +15,7 @@ - name: unzip Opera become: yes - unarchive: + unarchive: # src: /mnt/las-archiv1/system/Opera/18/Opera_RHEL7.tar.bz src: /tmp/Opera_RHEL7.tar.bz dest: /usr/local/share/ @@ -24,7 +24,7 @@ - name: install dependencies become: yes - dnf: + dnf: name: "{{ item }}" state: present when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24") @@ -46,7 +46,7 @@ # does not work either # - name: link too new/missing libraries -# file: +# file: # state: link # src: "{{ item[1] }}" # dest: "{{ opera_path }}/bin/{{ item[0] }}" @@ -56,17 +56,17 @@ # - ["libicuuc.so.50", "/usr/lib64/libicuuc.so"] # - ["libicudata.so.50", "/usr/lib64/libicudata.so"] -# Work around for Fedora 25 vs. CentOS 7 +# Work around for Fedora 25 vs. CentOS 7 - name: create dir for CentOS 7 libs become: yes - file: + file: name: "{{ opera_path }}/CentOS7libs" state: directory when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "22") - name: copy libraries from real CentOS 7 host (server) become: yes - copy: + copy: src: "/mnt/las-archiv1/system/Opera/18/CentOS7libs/{{ item.src }}" dest: "{{ opera_path }}/CentOS7libs/{{ item.dest }}" with_items: @@ -86,26 +86,26 @@ - name: install RHEL 6 deps become: yes - dnf: - name: hwloc + dnf: + name: hwloc state: present - when: + when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "6") or (ansible_distribution == "RHEL" and ansible_distribution_major_version == "6") - name: install RHEL 7 deps become: yes - dnf: - name: hwloc-libs + dnf: + name: hwloc-libs state: present - when: + when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "7") or (ansible_distribution == "RHEL" and ansible_distribution_major_version == "7") or (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "24") - name: copy profile.d become: yes - copy: + copy: src: opera.sh dest: /etc/profile.d/opera.sh backup: yes @@ -116,7 +116,7 @@ - name: copy wrapper scripts become: yes - copy: + copy: src: "{{ item }}" dest: /usr/local/bin mode: ugo+x diff --git a/sites.yml b/sites.yml index c1de662ce5931bddbfb393dd5119dcff2934e215..6c745fca1b3aa0a4271582c5ef8c5b0dd2c29e6b 100644 --- a/sites.yml +++ b/sites.yml @@ -14,8 +14,8 @@ #- include: update.yml - include: desktop.yml tags: admin -- include: latex.yml - tags: latex + #- include: latex.yml + # tags: latex - include: kdev.yml tags: kdev - include: python.yml