...
 
Commits (13)
......@@ -26,6 +26,11 @@ sudo ansible-playbook --limit $(hostname -f) --vault-id @prompt sites.yml
* If you only want some parts of the roles to be run, you can use the option `-t TAGNAME` to run only those tasks with the given tag.
* The vault-password is known to the usual suspects.
Unfortunately you need to know the vault password to let ansible run.
If you have got root access to obelix, then you should try to run ansible from that host.
The repository is located at `/root/ansible` and you should pull before running ansible. The advantage is, that it is tested.
There might be a tmux running for that purpose anyway.
### Ask for new software
Open an issue in the GitLab issue tracker and use the template for softwarerequests.
......@@ -67,14 +72,14 @@ requst by adding the software name to the list of `extra_software` in the
### ^2 Opera
After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@129.13.108.100`.
After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@opera.las.kit.edu`.
# Develop new roles, extend or modify existing ones and update roles for new software
## Branches
All roles in the master branch should work and should not brake on any of our systems (desktop, server, simulation, notebooks). The `site.yml` should always be runnable and include all roles that are stable and not explicitly for setup purposes only.
For developement and testing you should use development branches like `dev-latex`.
For development and testing you should use development branches like `dev-latex`.
You can check the syntax of the files by running `ansible-playbook --check-syntax filename.yml` (or by using the pre-commit-hook from the Snipplets.
......@@ -85,8 +90,8 @@ Be aware that the development branches here are not save and the owner might for
# Run as admin
## Bootstraping
* Enable SSH on the new host (`lasXXX$ sudo systemctl start sshd && sudo systemctl enable sshd`)
* Add your SSH-key to the host `ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies: `dnf install python2-dnf libselinux-python`
* Add your SSH-key to the host `obelix# ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies: `lasXXX$ sudo dnf install ansible git python3-dnf libselinux-python python3-netaddr`
* Check the `hosts` file for entries of `lasXXX.las.kit.edu`
* Run `ansible-playbook -K --vault-id @prompt sites.yml` probably with the option `-l lasXXX.las.kit.edu`
......@@ -94,18 +99,18 @@ Be aware that the development branches here are not save and the owner might for
* You can either use `ansible-vault edit --vault-id @prompt group_vars/all/vault.yml` to edit the file in your editor mentioned in the `$EDITOR` environment variable or
* you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`
The first one is of cause the preferred one, because there is no rist to add a unencrypted file to the repo.
The first one is of cause the preferred one, because there is no risk to add a unencrypted file to the repo.
## Bootstrap IPA hosts
In this example the client to bootstrap may be `las112` and the installation takes place from the server `las126`.
In this example the client to bootstrap may be `pepe` and the installation takes place from the server `obelix`.
The prompts `#` show that you are working at root.
* Add your (root's) SSH-key to the host `las126# ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies on the client: `las112# dnf install python2-dnf libselinux-python`
* Get a Kerberos ticket (``las126# kinit -f admin@LAS.KIT.EDU``)
* For the host with the hostname `lasXXX.las.kit.edu` do the following
* edit a file ``host_vars/lasXXX.las.kit.edu``
* Add your (root's) SSH-key to the host `obelix# ssh-copy-id pepe.las.kit.edu`
* Install ansible dependencies on the client: `pepe# dnf install python3-dnf libselinux-python`
* Get a Kerberos ticket (``obelix# kinit -f admin@LAS.KIT.EDU``)
* For the host with the hostname `pepe.las.kit.edu` do the following
* edit a file ``host_vars/pepe.las.kit.edu``
```
las126# ansible-playbook -l lasXXX.las.kit.edu add_ipa_host.yml --vault-id @prompt
obelix# ansible-playbook -l pepe.las.kit.edu add_ipa_host.yml --vault-id @prompt
```
and provide the root password for the new host.
......
[defaults]
inventory=hosts
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
ssh_args = -o ControlMaster=auto -o ControlPersist=30m
remote_user=root
roles_path=roles
become=False
......
......@@ -255,3 +255,5 @@ texlivepackages:
- texlive-fonttable
- texlive-tcolorbox
- texlive-appendixnumberbeamer
#
- texlive-textpos
......@@ -21,6 +21,7 @@ extra_software:
# - fd-find
- ripgrep
- fzf # fuzzy finder
- fd-find
- gsl-devel # Needed to compile Eva Burkhards code
- mupdf # better alternative to pdftk than pdfseparate+pdfunite
- evince # for fixing RIP errors when printing LaTeX posters
......
ansible_user: root
user_account: gethmann
ip_suffix: 91
loc: 618
os: Fedora 30
computer_name: galantine
extra_software:
- zsh
ansible_user: root
user_account: gethmann
ip_suffix: 92
loc: 618
os: Fedora 30
computer_name: homoeopatix
extra_software:
- zsh
......@@ -10,6 +10,8 @@ teefax.las.kit.edu
obelix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
galantine.las.kit.edu
homoeopatix.las.kit.edu
[desktop]
gutemine.las.kit.edu
......@@ -21,11 +23,15 @@ amnesix.las.kit.edu
teefax.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
galantine.las.kit.edu
homoeopatix.las.kit.edu
[graphics]
asterix.las.kit.edu
lysander.las.kit.edu
amnesix.las.kit.edu
galantine.las.kit.edu
homoeopatix.las.kit.edu
[lasarchiv]
asterix.las.kit.edu
......@@ -45,6 +51,8 @@ idefix.las.kit.edu
amnesix.las.kit.edu
teefax.las.kit.edu
lysander.las.kit.edu
galantine.las.kit.edu
homoeopatix.las.kit.edu
[kdev] # KDevelope
......@@ -94,7 +102,7 @@ majestix.las.kit.edu
[mad8]
# depercated for Fedora >=26
[nfs-server]
[nfsserver]
obelix.las.kit.edu
# developement
......@@ -112,6 +120,8 @@ idefix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
obelix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
lysander.las.kit.edu ansible_python_interpreter=/usr/bin/python3
majestix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
galantine.las.kit.edu ansible_python_interpreter=/usr/bin/python3
homoeopatix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
[epics]
gutemine.las.kit.edu
......@@ -128,6 +138,10 @@ lysander.las.kit.edu
[inovesa]
asterix.las.kit.edu
obelix.las.kit.edu # ansible_connection=local
galantine.las.kit.edu
homoeopatix.las.kit.edu
pepe.las.kit.edu
[ipynb] # Jupyter notebook
idefix.las.kit.edu
......
- hosts: nfs-server
- hosts: nfsserver
roles:
- nfs-server
tags: nfs-server
......
......@@ -2,7 +2,7 @@
- name: install fonts
become: true
dnf:
name: https://kent.dl.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm
name: "https://sourceforge.net/projects/mscorefonts2/files/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm/download\?use_mirror\=netcologne\&ts\=1566291689\&use_mirror\=netcologne"
state: installed
tags: fonts
when: ansible_distribution == "Fedora"
......@@ -32,7 +32,7 @@ apply_updates = yes
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio,motd
emit_via = motd,stdio
[email]
......
......@@ -81,7 +81,14 @@
- name: enable automatic
become: yes
service:
systemd:
name: dnf-automatic.timer
state: started
enabled: yes
- name: enable automatic service
become: yes
service:
name: dnf-automatic.service
state: restarted
enabled: yes
......@@ -5,18 +5,21 @@ ele_version:
27: 34.2.0-1
28: 35.1.0-1
29: 35.1.0-1
30: 2019.1.1-1
sddstk_version:
25: 3.5-1
26: 3.5.1-1
27: 3.5.1-1
28: 4.1-1
29: 4.1-1
30: 4.1-1
oagtcltk_version:
25: 1.24-1
26: 1.24-1
27: 1.24-1
28: 1.25-2
29: 1.25-2
30: 1.25-2
defns_path: /usr/local/share/defns.rpn
prePelegant:
......@@ -40,5 +43,6 @@ preElegantExamples:
- tcsh
pythonsdds_version:
29: 4.0-1
28: 4.0-1
29: 4.0-1
30: 4.0-1