README.md

@@ -3,27 +3,33 @@ You need to have access to this repository (you need to add your public ssh-key
 Then you can clone the git repository to work on in locally.
 `git clone git@git.scc.kit.edu:las/ansible.git`
 
-Add your computer to the hosts file or if you are just testing add it to the local file.
-Add your hostname under each role name (the name in the square brackets) you want to be run on your computer.
+Add your computer to the `hosts` file or if you are just testing add it to the local file.
+Add your ``hostname`` under each role name (the name in the square brackets) you want to be run on your computer.
 Also create a new file which is named
 after your [fully-qualified-domain-name](https://de.wikipedia.org/wiki/Domain_(Internet)#Fully_Qualified_Domain_Name_.28FQDN.29}) (FQDN) in the `host_vars` directory including a [yaml](https://docs.ansible.com/ansible/YAMLSyntax.html) list with some host specific configuration variables, e. g. copy another similar host and adjust it.
-These files do not have the `.yml` extension and do not start with `---`
-Then create a file named after your FQDN with the extension ``.yml`` in the main directory of ansible which contains includes all the roles one want to run. This step needs root priviledges and therefore makes only sense for the first installation of a computer.
+These files do not have the `.yml` extension and do not start with `---` as most of the other yaml files do.
+Then create a file named after your FQDN with the extension ``.yml`` in the main directory of ansible which includes all the roles one want to run. This step needs root privileges and therefore makes only sense for the first installation of a computer.
 
 Install ansible and some dependencies: 
 
 ```
-dnf install ansible git python2-dnf libselinux-python
+dnf install ansible git python3-dnf libselinux-python python3-netaddr
 ```
 Run 
 
 ``` bash
-git clone  clone git@git.scc.kit.edu:las/ansible.git
+git clone  git@git.scc.kit.edu:las-it-organisation/32-0-IT-InstructionsAndRules/ansible.git
 cd ansible
-ansible-playbook --ask-become-pass --limit $(hostname -f) --vault-id @prompt site.yml
+sudo ansible-playbook --limit $(hostname -f) --vault-id @prompt sites.yml
 ```
 
   * If you only want some parts of the roles to be run, you can use the option `-t TAGNAME` to run only those tasks with the given tag.
+  * The vault-password is known to the usual suspects.
+
+Unfortunately you need to know the vault password to let ansible run.
+If you have got root access to obelix, then you should try to run ansible from that host.
+The repository is located at `/root/ansible` and you should pull before running ansible. The advantage is, that it is tested.
+There might be a tmux running for that purpose anyway.
 
 ### Ask for new software
 Open an issue in the GitLab issue tracker and use the template for softwarerequests.
@@ -46,16 +52,19 @@ requst by adding the software name to the list of `extra_software` in the
 * nfs.yml:
   * nfs-server: export /las-archiv1 to our network
   * lasarchiv: client side mount las126/las-archiv1
-* opera.yml: Cobham's Opera3d (client) ^2 ^3
 * admin.yml: tools for administrators
-* latex.yml: basic LaTeX installation (Arial not yet) ^1
-* kdev.yml: KDevelope (with Python PlugIn) ^1
-* jabref.yml: Cross platform BibTeX bibilography software [JabRef](http://www.jabref.org/)
-* pycharm.yml: Cross platform Python IDE: [PyCharm](https://www.jetbrains.com/pycharm/) IDE
 * chrome.yml: Google Chrome for Fedora (for Adobe Connect usage)
+* dhcpd.yml: DHCPd primary and secondary server on Fedora
 * elegant.yml: elegant (no Pelegant, yet)
 * inovesa.yml: [Inovesa](https://github.com/Inovesa/Inovesa)
+* kdev.yml: KDevelope (with Python PlugIn) ^1
+* latex.yml: basic LaTeX installation (Arial not yet) ^1
+* opera.yml: Cobham's Opera3d (client) ^2 ^3
+* pycharm.yml: Cross platform Python IDE: [PyCharm](https://www.jetbrains.com/pycharm/) IDE
+* remmina.yml: remmina a Remote Desktop Protocol (Windows remote) client for e. g. [rds.scc.kit.edu](https://rds.scc.kit.edu)
+* ripgrep.yml: ripgrep the better grep
 * undulator_control.yml: Install the software stack that is necessary to develop the control system for the JENA TGU experiment
+* zotero.yml: A citation management software
 
 ^1: (also put your FQDN to the \[common\] section in the hosts file as it depends hereon)
 
@@ -63,29 +72,47 @@ requst by adding the software name to the list of `extra_software` in the
 
 ### ^2 Opera
 
-After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@129.13.108.100`.
+After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@opera.las.kit.edu`.
 
 # Develop new roles, extend or modify existing ones and update roles for new software
 
 ## Branches
 All roles in the master branch should work and should not brake on any of our systems (desktop, server, simulation, notebooks). The `site.yml` should always be runnable and include all roles that are stable and not explicitly for setup purposes only.
 
-For developement and testing you should use development branches like `dev-latex`.
+For development and testing you should use development branches like `dev-latex`.
 
 You can check the syntax of the files by running `ansible-playbook --check-syntax filename.yml` (or by using the pre-commit-hook from the Snipplets.
 
-If you just want to install one or many packages you can use `jabref.yml` as a basis.
+If you just want to install one or many packages you can use `kdev.yml` as a basis or if it is not interesting for others you might want to add it to your host file instead.
 
 Be aware that the development branches here are not save and the owner might force push to them!
 
 # Run as admin 
-## Bootstrap
-* Add your SSH-key to the host `ssh-copy-id lasXXX.las.kit.edu`
-* Do the steps described for the self-setup
+## Bootstraping
+* Enable SSH on the new host (`lasXXX$ sudo systemctl start sshd && sudo systemctl enable sshd`)
+* Add your SSH-key to the host `obelix# ssh-copy-id lasXXX.las.kit.edu`
+* Install ansible dependencies: `lasXXX$ sudo dnf install ansible git python3-dnf libselinux-python python3-netaddr`
+* Check the `hosts` file for entries of `lasXXX.las.kit.edu`
 * Run `ansible-playbook -K --vault-id @prompt sites.yml` probably with the option `-l lasXXX.las.kit.edu`
 
 ## Edit encrypted files
 * You can either use `ansible-vault edit --vault-id @prompt group_vars/all/vault.yml` to edit the file in your editor mentioned in the `$EDITOR` environment variable or
 * you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`
 
-The first one is of cause the preferred one, because there is no rist to add a unencrypted file to the repo.
+The first one is of cause the preferred one, because there is no risk to add a unencrypted file to the repo.
+
+## Bootstrap IPA hosts
+In this example the client to bootstrap may be `pepe` and the installation takes place from the server `obelix`.
+The prompts `#` show that you are working at root.
+* Add your (root's) SSH-key to the host `obelix# ssh-copy-id pepe.las.kit.edu`
+* Install ansible dependencies on the client: `pepe# dnf install python3-dnf libselinux-python`
+* Get a Kerberos ticket (``obelix# kinit -f admin@LAS.KIT.EDU``)
+* For the host with the hostname `pepe.las.kit.edu` do the following
+* edit a file ``host_vars/pepe.las.kit.edu``
+```
+obelix# ansible-playbook -l pepe.las.kit.edu add_ipa_host.yml --vault-id @prompt
+```
+and provide the root password for the new host.
+
+## Decommission/Uninstall a host
+* edit the ``add_ipa_host.yml`` and uncomment the uninstall step in it.

add_ipa_host.yml

+---
+- hosts: all
+  remote_user: root
+  vars:
+    ipa_host: "{{ computer_name }}.las.kit.edu"
+    ipa_host_ip: "129.13.108.{{ ip_suffix }}"
+    ipa_domain: las.kit.edu
+  vars_prompt:
+  - name: "ipa_pass"
+    prompt: "What is the admin@LAS.KIT.EDU password?"
+    private: yes
+
+  # - name: uninstall host
+  #   become: yes
+  #   command: ipa-client --uninstall -U
+
+  roles:
+    - ipa_hosts

ansible.cfg

 [defaults]
 inventory=hosts
 pipelining = True
-ssh_args = -o ControlMaster=auto -o ControlPersist=60s
-remote_user=gethmann
+ssh_args = -o ControlMaster=auto -o ControlPersist=30m
+remote_user=root
 roles_path=roles
 become=False
 become_user="root"
 become_ask_pass=True
 become_method="sudo"
+ansible_python_interpreter="/usr/bin/env python3"
+gathering = smart
+fact_caching = jsonfile
+fact_caching_connection = cachedir
+fact_caching_timeout = 86400

common.yml

 - hosts: all
   roles:
       - common
-
-- hosts: cn
-  become: yes
-  tasks:
-    - name: rename CN computer
-      hostname: name=las-bernhard.anka.kit.edu
-  tags:
-    - cn
-    - always

desktop.yml

@@ -2,9 +2,7 @@
   tasks:
     - name: install desktop software
       dnf:
-        name: "{{ item }}"
+        name: "{{ desktop_software }}"
         state: present
       become: yes
       when: ansible_distribution == 'Fedora'
-      with_items:
-      - "{{ desktop_software }}"

group_vars/all/vars.yml

@@ -35,16 +35,12 @@ desktop_software:
   - thunderbird
   - firefox
   - libreoffice
-  # - bwSyncAndShare
+  - "https://download.bwsyncandshare.kit.edu/clients/bwSyncAndShare_Latest.x86_64.rpm"
   - perl-Clipboard
   - perl-Capture-Tiny
 
-ipaserver: las126.las.kit.edu
-ipaserver2: las100.las.kit.edu
-ipaserver3: las101.las.kit.edu
-
 # this should be the IP or in the sshd_config the "UseDNS" must be set to yes
-ansible_server: 129.13.108.126
+ansible_server: 129.13.238.126
 
 # file: group_vars/all/vault.yml
 sudoer: "{{ vault_sudoer }}"
@@ -54,3 +50,11 @@ userinstall_vars: "{{ vault_userinstall_vars }}"
 admin_mail: "{{ vault_admin_mail }}"
 
 rootkey: "{{ vault_rootkey }}"
+
+# IPA
+gid: "{{ vault_gid }}"
+ipaserver1: "{{ vault_ipaserver1 }}"
+ipaserver2: "{{ vault_ipaserver2 }}"
+ipaserver3: "{{ vault_ipaserver3 }}"
+
+ipa_users: "{{ vault_ipa_users }}"

group_vars/lasarchiv

 ---
-nfs_server: 129.13.108.126
+nfs_server: 129.13.238.126

group_vars/latex.yml

@@ -22,7 +22,7 @@ kit_tikz:
         - texlive-mycv
         - texlive-pgf-spectra
 texlivepackages:
-        - texlive.x86_64
+        - "texlive-scheme-small"
         - kile
         - texmaker
         - texlive-epstopdf-bin
@@ -153,79 +153,79 @@ texlivepackages:
         - texlive-xecolor
         - texlive-fontspec
         # Thought to be usefull
-        - texlive-texlive-de-doc.noarch
-        - texlive-texlive-common-doc.noarch
-        - texlive-texlive-docindex-doc.noarch
-        - texlive-ae.noarch
-        - texlive-cm.noarch
-        - texlive-cv.noarch
-        - texlive-ec.noarch
-        - texlive-ed.noarch
-        - texlive-fp.noarch
-        - texlive-gu.noarch
-        - texlive-hc.noarch
-        - texlive-lm.noarch
-        - texlive-t2.noarch
-        - texlive-alg.noarch
-        - texlive-doi.noarch
-        - texlive-dox.noarch
-        - texlive-eco.noarch
-        - texlive-ecv.noarch
-        - texlive-emp.noarch
-        - texlive-esk.noarch
-        - texlive-fbs.noarch
-        - texlive-fmp.noarch
-        - texlive-gmp.noarch
-        - texlive-hep.noarch
-        - texlive-iso.noarch
-        - texlive-lcg.noarch
-        - texlive-lfb.noarch
-        - texlive-msg.noarch
-        - texlive-nag.noarch
-        - texlive-nuc.noarch
-        - texlive-ofs.noarch
-        - texlive-pax.noarch
-        - texlive-pgf.noarch
-        - texlive-qcm.noarch
-        - texlive-sfg.noarch
-        - texlive-svg.noarch
-        - texlive-svn.noarch
-        - texlive-tap.noarch
-        - texlive-ucs.noarch
-        - texlive-uml.noarch
-        - texlive-uri.noarch
-        - texlive-url.noarch
-        - texlive-vpe.noarch
-        - texlive-base.noarch
-        - texlive-abbr.noarch
-        - texlive-acro.noarch
-        - texlive-bohr.noarch
-        - texlive-cals.noarch
-        - texlive-circ.noarch
-        - texlive-cite.noarch
-        - texlive-cmap.noarch
-        - texlive-cmll.noarch
-        - texlive-cmpj.noarch
-        - texlive-cmsd.noarch
-        - texlive-cool.noarch
-        - texlive-crop.noarch
-        - texlive-dhua.noarch
-        - texlive-epsf.noarch
-        - texlive-etoc.noarch
-        - texlive-euro.noarch
-        - texlive-exam.noarch
-        - texlive-feyn.noarch
-        - texlive-fink.noarch
-        - texlive-mycv.noarch
-        - texlive-nath.noarch
-        - texlive-pbox.noarch
-        - texlive-pdfx.noarch
-        - texlive-spot.noarch
+        - texlive-texlive-de-doc
+        - texlive-texlive-common-doc
+        - texlive-texlive-docindex-doc
+        - texlive-ae
+        - texlive-cm
+        - texlive-cv
+        - texlive-ec
+        - texlive-ed
+        - texlive-fp
+        - texlive-gu
+        - texlive-hc
+        - texlive-lm
+        - texlive-t2
+        - texlive-alg
+        - texlive-doi
+        - texlive-dox
+        - texlive-eco
+        - texlive-ecv
+        - texlive-emp
+        - texlive-esk
+        - texlive-fbs
+        - texlive-fmp
+        - texlive-gmp
+        - texlive-hep
+        - texlive-iso
+        - texlive-lcg
+        - texlive-lfb
+        - texlive-msg
+        - texlive-nag
+        - texlive-nuc
+        - texlive-ofs
+        - texlive-pax
+        - texlive-pgf
+        - texlive-qcm
+        - texlive-sfg
+        - texlive-svg
+        - texlive-svn
+        - texlive-tap
+        - texlive-ucs
+        - texlive-uml
+        - texlive-uri
+        - texlive-url
+        - texlive-vpe
+        - texlive-base
+        - texlive-abbr
+        - texlive-acro
+        - texlive-bohr
+        - texlive-cals
+        - texlive-circ
+        - texlive-cite
+        - texlive-cmap
+        - texlive-cmll
+        - texlive-cmpj
+        - texlive-cmsd
+        - texlive-cool
+        - texlive-crop
+        - texlive-dhua
+        - texlive-epsf
+        - texlive-etoc
+        - texlive-euro
+        - texlive-exam
+        - texlive-feyn
+        - texlive-fink
+        - texlive-mycv
+        - texlive-nath
+        - texlive-pbox
+        - texlive-pdfx
+        - texlive-spot
         - texlive-tikz-palattice
-        - texlive-biblatex.noarch
-        - texlive-enumitem.noarch
-        - texlive-ctablestack.noarch
-        - texlive-gitinfo2.noarch
+        - texlive-biblatex
+        - texlive-enumitem
+        - texlive-ctablestack
+        - texlive-gitinfo2
         - texlive-fncychap  # e. g. Sphinx
         - latexmk  # sphinx
         - texlive-tabulary
@@ -253,3 +253,7 @@ texlivepackages:
         # to be continued
         - texlive-cleveref
         - texlive-fonttable
+        - texlive-tcolorbox
+        - texlive-appendixnumberbeamer
+        #
+        - texlive-textpos

group_vars/python.yml

@@ -15,36 +15,16 @@ python3pkg:
   - python3-sphinx
   - python3-tox
   - python3-pip
-
-python3pip:
-  - brewer2mpl
-  - Cython
-  - flake8
-  - flake8-mypy
-  - flake8-pep257
-  - i18n
-  - mypy_extensions
   - pipenv
-  - pre-commit
-  - PyScaffold
-  - pytest-yapf
-  - tox
-  - yapf
-  - nbdime
-
-python2pkg:
-  - python2
-  - python2-setuptools
-  - python-pip
+  - llvm
+  - cmake
+  - python3-flake8
+  - python3-Cython
+  - nodejs
+  - nodejs-libs
+  - kf5-purpose-twitter
+  - npm
 
-python2pip:
-  - backports.shutil_get_terminal_size
-  - brewer2mpl
-  - Cython
-  - ipython
-  - mpld3
-  - notebook
-  - pandas
-  - sklearn
+python2pkg: ""
 
 pip3bin: /bin/pip3

host_vars/las118.las.kit.edu → host_vars/amnesix.las.kit.edu

@@ -2,5 +2,5 @@ ansible_user: root
 user_account: richter
 ip_suffix: 118
 loc: 620
-os: Fedora 27
-computer_name: Amnesix
+os: Fedora 29
+computer_name: amnesix

host_vars/asterix.las.kit.edu

+ansible_user: root
+user_account: gethmann
+ip_suffix: 73
+loc: 618
+os: Fedora 29
+computer_name: asterix
+
+extra_software:
+  - subversion  # for ANKA software
+  - borgbackup
+  - mosh  # ssh alternative
+    # keepass compatible console client
+  - kpcli
+  - perl-Clipboard
+  - perl-Capture-Tiny
+  - ctags  # vim tags
+  - zsh
+  - neovim
+  - ShellCheck
+  - inkscape-table
+    # - fd-find
+  - ripgrep
+  - fzf  # fuzzy finder
+  - fd-find
+  - gsl-devel  # Needed to compile Eva Burkhards code
+  - mupdf  # better alternative to pdftk than pdfseparate+pdfunite
+  - evince  # for fixing RIP errors when printing LaTeX posters
+  - screen
+    # PDL for undulator/wiggler Opera script
+  - perl-PDL
+    # Installing dependencies:
+  - perl-Devel-Peek
+  - perl-Inline
+  - perl-Inline-C
+  - perl-Pegex
+  - freeglut
+  - perl-B-Utils
+  - perl-Class-Load
+  - perl-Class-Tiny
+  - perl-Data-Dump-Streamer
+  - perl-Devel-OverloadInfo
+  - perl-Devel-PartialDump
+  - perl-Devel-REPL
+  - perl-Devel-REPL-Plugin-Completion
+  - perl-Devel-REPL-Plugin-DDS
+  - perl-Devel-REPL-Plugin-LexEnv
+  - perl-Devel-REPL-Plugin-MultiLine-PPI
+  - perl-File-HomeDir
+  - perl-File-Map
+  - perl-Filter-Simple
+  - perl-Getopt-Long-Descriptive
+  - perl-IPC-System-Simple
+  - perl-Lexical-Persistence
+  - perl-Module-Compile
+  - perl-Module-Pluggable
+  - perl-Moose
+  - perl-MooseX-Getopt
+  - perl-MooseX-Object-Pluggable
+  - perl-MooseX-Role-Parameterized
+  - perl-OpenGL
+  - perl-PPI
+  - perl-Parse-RecDescent
+  - perl-PerlIO-Layers
+  - perl-Pod-Parser
+  - perl-Prima
+  - perl-Text-Balanced
+  - perl-YAML-LibYAML
+  - perl-autodie
+    # Installing weak dependencies:
+  - perl-Text-Bidi
+    # End of PDL

host_vars/galantine.las.kit.edu

+ansible_user: root
+user_account: gethmann
+ip_suffix: 91
+loc: 618
+os: Fedora 30
+computer_name: galantine
+
+extra_software:
+  - zsh

host_vars/las112.las.kit.edu → host_vars/gutemine.las.kit.edu

 ansible_user: root
 user_account: widmann
-ip_suffix: 112
 loc: 618
 os: Fedora 28
-computer_name: Gutemine
+computer_name: gutemine
 
 extra_software:
   - subversion  # ANKA software

host_vars/homoeopatix.las.kit.edu

+ansible_user: root
+user_account: gethmann
+ip_suffix: 92
+loc: 618
+os: Fedora 30
+computer_name: homoeopatix
+
+extra_software:
+  - zsh

host_vars/las117.las.kit.edu → host_vars/idefix.las.kit.edu

@@ -3,4 +3,7 @@ user_account: damminsek
 ip_suffix: 117
 loc: 620
 os: Fedora 27
-computer_name: Idefix
+computer_name: idefix
+
+extra_software:
+  - mupdf

host_vars/kantine.las.kit.edu

+ansible_user: root
+ansible_ssh_user: root
+ansible_remote_user: gethmann
+remote_user: gethmann
+ip_suffix: 100
+loc: 612
+os: CentOS 7.4
+computer_name: kantine

host_vars/las101.las.kit.edu

@@ -5,3 +5,4 @@ remote_user: gethmann
 ip_suffix: 101
 loc: 612
 os: Fedora 28
+computer_name: Kneipix

host_vars/las113.las.kit.edu

-ansible_user: root
-user_account: gethmann
-ip_suffix: 113
-loc: 618
-os: Fedora 27
-computer_name: Asterix
-
-extra_software:
-  - subversion  # for ANKA software
-  - borgbackup
-  - mosh  # ssh alternative
-  # keepass compatible console client
-  - kpcli
-  - perl-Clipboard
-  - perl-Capture-Tiny
-  - ctags  # vim tags
-  - zsh
-  - neovim
-  - ShellCheck
-  - inkscape-table
-  # - fd-find
-  - ripgrep
-  - fzf  # fuzzy finder

host_vars/las127.las.kit.edu → host_vars/majestix.las.kit.edu

 ansible_user: bernhard
 user_account: bernhard
-ip_suffix: 127
+ip_suffix: 70
 loc: 622
-os: Fedora 27
-computer_name: Majestix
+os: Fedora 29
+computer_name: majestix

host_vars/las126.las.kit.edu → host_vars/obelix.las.kit.edu

@@ -2,5 +2,8 @@ ansible_user: root
 user_account: gethmann
 ip_suffix: 126
 loc: 618
-os: Fedora 27
-computer_name: Obelix
+os: Fedora 29
+computer_name: obelix
+
+extra_software:
+  - borgbackup

host_vars/las115.las.kit.edu → host_vars/pepe.las.kit.edu

@@ -2,5 +2,9 @@ ansible_user: root
 user_account: ning
 ip_suffix: 115
 loc: 619
-os: Fedora 26
-computer_name: Costa Y Bravo
+os: Fedora 29
+computer_name: pepe
+
+extra_software:
+  - python-qt5
+  - "qt5-qttools-devel"

host_vars/las116.las.kit.edu → host_vars/spuernix.las.kit.edu

@@ -3,5 +3,5 @@ ansible_user: root
 user_account: rossmanith
 ip_suffix: 116
 loc: 619
-os: Fedora 27
-computer_name: Spürnix
+os: Fedora 29
+computer_name: spuernix

host_vars/las120.las.kit.edu → host_vars/teefax.las.kit.edu

@@ -3,4 +3,4 @@ user_account: tong
 ip_suffix: 120
 loc: 621
 os: Fedora 28
-computer_name: Teefax
+computer_name: teefax

hosts

 # stable
 [clients]
-las112.las.kit.edu
-las113.las.kit.edu
-las115.las.kit.edu
-las116.las.kit.edu
-las117.las.kit.edu
-las118.las.kit.edu
-las120.las.kit.edu
-las122.las.kit.edu
-las126.las.kit.edu
-las-gethmann.las.kit.edu
+amnesix.las.kit.edu
+asterix.las.kit.edu
+galantine.las.kit.edu
+gutemine.las.kit.edu
+homoeopatix.las.kit.edu
+idefix.las.kit.edu
+lysander.las.kit.edu
+majestix.las.kit.edu
+obelix.las.kit.edu
+pepe.las.kit.edu
+spuernix.las.kit.edu
+teefax.las.kit.edu
 
 [desktop]
-las112.las.kit.edu
-las113.las.kit.edu
-las115.las.kit.edu
-las116.las.kit.edu
-las117.las.kit.edu
-las118.las.kit.edu
-las120.las.kit.edu
-las122.las.kit.edu
-las-gethmann.las.kit.edu
+amnesix.las.kit.edu
+asterix.las.kit.edu
+galantine.las.kit.edu
+gutemine.las.kit.edu
+homoeopatix.las.kit.edu
+idefix.las.kit.edu
+lysander.las.kit.edu
+majestix.las.kit.edu
+pepe.las.kit.edu
+spuernix.las.kit.edu
+teefax.las.kit.edu
 
 [graphics]
-las113.las.kit.edu
-las-gethmann.las.kit.edu
-las118.las.kit.edu
+asterix.las.kit.edu
+lysander.las.kit.edu
+amnesix.las.kit.edu
+galantine.las.kit.edu
+homoeopatix.las.kit.edu
 
 [lasarchiv]
-las113.las.kit.edu
-las115.las.kit.edu
-las117.las.kit.edu
-las118.las.kit.edu
-las120.las.kit.edu
-las122.las.kit.edu
-las126.las.kit.edu
-las127.las.kit.edu
-las-gethmann.las.kit.edu
+asterix.las.kit.edu
+pepe.las.kit.edu
+idefix.las.kit.edu
+amnesix.las.kit.edu
+teefax.las.kit.edu
+obelix.las.kit.edu
+majestix.las.kit.edu
+lysander.las.kit.edu
 
 [python]
-las112.las.kit.edu
-las113.las.kit.edu
-las115.las.kit.edu
-las117.las.kit.edu
-las118.las.kit.edu
-las120.las.kit.edu
-las122.las.kit.edu
-las-gethmann.las.kit.edu
+amnesix.las.kit.edu
+asterix.las.kit.edu
+galantine.las.kit.edu
+gutemine.las.kit.edu
+homoeopatix.las.kit.edu
+idefix.las.kit.edu
+lysander.las.kit.edu
+pepe.las.kit.edu
+teefax.las.kit.edu
 
 [kdev]  # KDevelope
 
 [jabref]
-las113.las.kit.edu
-las117.las.kit.edu
-las-gethmann.las.kit.edu
+
+[zotero]
+asterix.las.kit.edu
+gutemine.las.kit.edu
+idefix.las.kit.edu
+lysander.las.kit.edu
 
 [pynaff]
-las-gethmann.las.kit.edu
-las113.las.kit.edu
-las126.las.kit.edu
+lysander.las.kit.edu
+asterix.las.kit.edu
+obelix.las.kit.edu
 
 [pycharm]
-las-gethmann.las.kit.edu
-las113.las.kit.edu
-las115.las.kit.edu
-las117.las.kit.edu
-las122.las.kit.edu
+lysander.las.kit.edu
+asterix.las.kit.edu
+pepe.las.kit.edu
+idefix.las.kit.edu
 
 [chrome]
-las-gethmann.las.kit.edu
+lysander.las.kit.edu
+
+[rdp]
+galantine.las.kit.edu
+gutemine.las.kit.edu
+asterix.las.kit.edu
+amnesix.las.kit.edu
 
 [latex]
-las112.las.kit.edu
-las-gethmann.las.kit.edu
-las113.las.kit.edu
-las115.las.kit.edu
-las117.las.kit.edu
-las118.las.kit.edu
-las120.las.kit.edu
-las122.las.kit.edu
+amnesix.las.kit.edu
+asterix.las.kit.edu
+galantine.las.kit.edu
+gutemine.las.kit.edu
+idefix.las.kit.edu
+lysander.las.kit.edu
+pepe.las.kit.edu
+teefax.las.kit.edu
 
 [opera]
-las113.las.kit.edu
-las118.las.kit.edu
-las122.las.kit.edu
-las126.las.kit.edu
-las127.las.kit.edu
+asterix.las.kit.edu
+amnesix.las.kit.edu
+idefix.las.kit.edu
+obelix.las.kit.edu
+majestix.las.kit.edu
 
 [mad8]
 # depercated for Fedora >=26
 
-[nfs-server]
-las126.las.kit.edu
+[nfsserver]
+obelix.las.kit.edu
 
 # developement
 
-[dhcpd]
-las101.las.kit.edu
-las126.las.kit.edu
-
 [lab]
 # las93.las.kit.edu
 
 [rpmbuild]
-las113.las.kit.edu
-las-gethmann.las.kit.edu
+asterix.las.kit.edu
+lysander.las.kit.edu
 
 [elegant]
-las113.las.kit.edu
-las117.las.kit.edu
-las120.las.kit.edu
-las126.las.kit.edu
-las-gethmann.las.kit.edu
+asterix.las.kit.edu  ansible_python_interpreter=/usr/bin/python3
+idefix.las.kit.edu  ansible_python_interpreter=/usr/bin/python3
+obelix.las.kit.edu  ansible_python_interpreter=/usr/bin/python3
+lysander.las.kit.edu  ansible_python_interpreter=/usr/bin/python3
+majestix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
+galantine.las.kit.edu  ansible_python_interpreter=/usr/bin/python3
+homoeopatix.las.kit.edu  ansible_python_interpreter=/usr/bin/python3
+spuernix.las.kit.edu  ansible_python_interpreter=/usr/bin/python3
 
 [epics]
-las112.las.kit.edu
-las113.las.kit.edu
-las115.las.kit.edu
-las117.las.kit.edu
-las-gethmann.las.kit.edu
+asterix.las.kit.edu
+galantine.las.kit.edu
+gutemine.las.kit.edu
+idefix.las.kit.edu
+lysander.las.kit.edu
+majestix.las.kit.edu
+pepe.las.kit.edu
 
 [ripgrep]
 las101.las.kit.edu
-las113.las.kit.edu
-las-gethmann.las.kit.edu
+asterix.las.kit.edu
+lysander.las.kit.edu
 
 [inovesa]
-las113.las.kit.edu
+asterix.las.kit.edu
+obelix.las.kit.edu # ansible_connection=local
+galantine.las.kit.edu
+homoeopatix.las.kit.edu
+pepe.las.kit.edu
 
 [ipynb]  # Jupyter notebook
-las120.las.kit.edu
-las122.las.kit.edu
-las-gethmann.las.kit.edu
+idefix.las.kit.edu
+teefax.las.kit.edu
+lysander.las.kit.edu
 
 # semi stable
 [tgu]
-las115.las.kit.edu
+pepe.las.kit.edu
 
 [local]
-# 127.0.0.1 ansible_connection=local
+127.0.0.1 ansible_connection=local
 
 [admin_pcs]
 las101.las.kit.edu
-las113.las.kit.edu
-las-gethmann.las.kit.edu
+asterix.las.kit.edu
+lysander.las.kit.edu
 
 [server]
 las101.las.kit.edu
-
-[cn]
-las-bernhard.anka.kit.edu

ipa_user.yml

+---
+- hosts: all
+  vars: 
+  vars_prompt:
+    - name: "ipa_admin_pass"
+      prompt: "What is IPA's admin password?"
+      private: yes
+
+  roles:
+    - ipa_users

jabref.yml

@@ -5,3 +5,8 @@
       dnf:
         name: jabref
         state: present
+      when: (ansible_distribution == "Fedora" and (ansible_distribution_major_version | int) <= 28)
+
+    - name: UNSUPPORTED
+      fail:
+        msg: Jabref is no longer maintained by Fedora! Use zotero instead.

nfs.yml

-- hosts: nfs-server
+- hosts: nfsserver
   roles:
     - nfs-server
   tags: nfs-server

remmina.yml

+- hosts: rdp
+  roles:
+    - rdp

roles/clients/files/printers.conf

@@ -41,7 +41,7 @@ ErrorPolicy stop-printer
 UUID urn:uuid:c20b481d-848e-30e6-5eab-8ba9fb397809
 Info Oki MC851(PS)
 Location Library
-DeviceURI socket://129.13.108.106/
+DeviceURI socket://oki.las.kit.edu/
 State Idle
 StateTime 1414591314
 Type 8433756

roles/clients/tasks/basic_software.yml

 ---
 - name: "Install basic client software"
   apt:
-    name: "{{ item }}"
+    name: "{{ client_software }}"
     state: present
-  with_items: "{{ client_software }}"
+    # with_items: "{{ client_software }}"
   when: ansible_distribution == 'Ubuntu'
   become: yes
 
 - name: "Install basic client software"
   dnf:
-    name: "{{ item }}"
+    name: "{{ client_software }}"
     state: present
-  with_items: "{{ client_software }}"
+    # with_items: "{{ client_software }}"
   when: ansible_distribution == 'Fedora'
   become: yes

roles/clients/tasks/cups.yml

@@ -9,11 +9,8 @@
 - name: install dependencies
   become: yes
   dnf:
-    name: "{{ item }}"
+    name: ["hplip-common", "hplip"]
     state: present
-  with_items:
-    - "hplip-common"
-    - "hplip"
   when: ansible_distribution == 'Fedora'
 
 - name: install CUPS

roles/clients/tasks/ms_fonts.yml

@@ -2,7 +2,7 @@
 - name: install fonts
   become: true
   dnf:
-    name: https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm
+    name: "https://sourceforge.net/projects/mscorefonts2/files/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm/download?use_mirror=netcologne&ts=1566291689&use_mirror=netcologne"
     state: installed
   tags: fonts
   when: ansible_distribution == "Fedora"

roles/common/files/automatic.conf

+[commands]
+#  What kind of upgrade to perform:
+# default                            = all available upgrades
+# security                           = only the security upgrades
+upgrade_type = security
+random_sleep = 0
+
+# To just receive updates use dnf-automatic-notifyonly.timer
+
+# Whether updates should be downloaded when they are available, by
+# dnf-automatic.timer. notifyonly.timer, download.timer and
+# install.timer override this setting.
+download_updates = yes
+
+# Whether updates should be applied when they are available, by
+# dnf-automatic.timer. notifyonly.timer, download.timer and
+# install.timer override this setting.
+apply_updates = yes
+
+
+[emitters]
+# Name to use for this system in messages that are emitted.  Default is the
+# hostname.
+# system_name = my-host
+
+# How to send messages.  Valid options are stdio, email and motd.  If
+# emit_via includes stdio, messages will be sent to stdout; this is useful
+# to have cron send the messages.  If emit_via includes email, this
+# program will send email itself according to the configured options.
+# If emit_via includes motd, /etc/motd file will have the messages. if
+# emit_via includes command_email, then messages will be send via a shell
+# command compatible with sendmail.
+# Default is email,stdio.
+# If emit_via is None or left blank, no messages will be sent.
+emit_via = motd,stdio
+
+
+[email]
+# The address to send email messages from.
+email_from = root@localhost
+
+# List of addresses to send messages to.
+email_to = root
+
+# Name of the host to connect to to send email messages.
+email_host = localhost
+
+
+[command]
+# The shell command to execute. This is a Python format string, as used in
+# str.format(). The format function will pass a shell-quoted argument called
+# `body`.
+# command_format = "cat"
+
+# The contents of stdin to pass to the command. It is a format string with the
+# same arguments as `command_format`.
+# stdin_format = "{body}"
+
+
+[command_email]
+# The shell command to use to send email. This is a Python format string,
+# as used in str.format(). The format function will pass shell-quoted arguments
+# called body, subject, email_from, email_to.
+# command_format = "mail -s {subject} -r {email_from} {email_to}"
+
+# The contents of stdin to pass to the command. It is a format string with the
+# same arguments as `command_format`.
+# stdin_format = "{body}"
+
+# The address to send email messages from.
+email_from = root@localhost
+
+# List of addresses to send messages to.
+email_to = root
+
+
+[base]
+# This section overrides dnf.conf
+
+# Use this to filter DNF core messages
+debuglevel = 1

roles/common/files/web.las.pub

+-----BEGIN CERTIFICATE-----
+MIIKcjCCCVqgAwIBAgIMIKiiExs4FR9L2Kp4MA0GCSqGSIb3DQEBCwUAMHsxCzAJ
+BgNVBAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcM
+CUthcmxzcnVoZTEqMCgGA1UECgwhS2FybHNydWhlIEluc3RpdHV0ZSBvZiBUZWNo
+bm9sb2d5MQ8wDQYDVQQDDAZLSVQtQ0EwHhcNMTkwMzEzMTU0MDU0WhcNMjEwNjE0
+MTU0MDU0WjCBhDELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVt
+YmVyZzESMBAGA1UEBwwJS2FybHNydWhlMSowKAYDVQQKDCFLYXJsc3J1aGUgSW5z
+dGl0dXRlIG9mIFRlY2hub2xvZ3kxGDAWBgNVBAMMD3dlYi5sYXMua2l0LmVkdTCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKLgVunuUl0m3520OuAnewPw
+N+zG0A295N4wSIS5KYflOxfmGBKKnAwefSzNvUIIOnyr+rrD2GdVG4ZMjQXmATAm
+ibiQLVAYsPu+yTOfWUmwKDJCYLOCH1VkwPJbebSMTTuSGC3uRaKdtCucXX6TnHqY
+jB0LPs730+KVPDFIiKps6U/SqfOmoCTr5owDiZXM75rl4sPtHSvNpsfFC1Ls6RIm
+z2moISu0Q1wLdU6sPUMmvjRtv+pkPD6nMLfO0j9y6SL2z7AbOVJt+JcXZLteGW11
+nQnRDOkHwpldy8xrYczIHd6bMp0hllVHSE8LsXs9H16yOy7LNkUMS8SfGFVlam84
+yn5/h7jFUgHY1BCsORyfR2w5MznOWH+HIy2U+RKA3u1JlPQZtH1Q6hHR6oSRgx8O
+4cf4lqgUELM2TydxEBiEupcHhiIHwleGHfTXL3ChtxSu/VyJZQcIiZ8gSDVTDrG7
+bAX5rnXEoTeqvenLJAv8cAECl9J22wUCzSz3MzFpalDQY2+P7mpPxYKcRcQQxCpo
+wVuKiiRw+JjN51AKkmELtZ5a/SD5JOy9PvmfAN1OUqJguxO+MbhYfp2If47Gy0ht
+WuYZ47H8VFIPbVD7a8uVKX1VWKBaBvW5N4Cl7Wu/2yny3Zw+yw2XZFpPvmSNlq/T
+8CYw0kFOQynCDzhrKASnAgMBAAGjggXqMIIF5jAJBgNVHRMEAjAAMA4GA1UdDwEB
+/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU/hB/iqc12SwT
+I7iIPJPSnPnKgLcwHwYDVR0jBBgwFoAUBBq/HJORPdPZPbDeEyPlmnD0LggwaAYD
+VR0RBGEwX4IPZG5mLmxhcy5raXQuZWR1ghFtdW5pbi5sYXMua2l0LmVkdYIQcHlw
+aS5sYXMua2l0LmVkdYIWc2hhcmVsYXRleC5sYXMua2l0LmVkdYIPd2ViLmxhcy5r
+aXQuZWR1MH0GA1UdHwR2MHQwOKA2oDSGMmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUv
+a2l0LWNhLWcyL3B1Yi9jcmwvY2FjcmwuY3JsMDigNqA0hjJodHRwOi8vY2RwMi5w
+Y2EuZGZuLmRlL2tpdC1jYS1nMi9wdWIvY3JsL2NhY3JsLmNybDCBzQYIKwYBBQUH
+AQEEgcAwgb0wMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnBjYS5kZm4uZGUvT0NT
+UC1TZXJ2ZXIvT0NTUDBCBggrBgEFBQcwAoY2aHR0cDovL2NkcDEucGNhLmRmbi5k
+ZS9raXQtY2EtZzIvcHViL2NhY2VydC9jYWNlcnQuY3J0MEIGCCsGAQUFBzAChjZo
+dHRwOi8vY2RwMi5wY2EuZGZuLmRlL2tpdC1jYS1nMi9wdWIvY2FjZXJ0L2NhY2Vy
+dC5jcnQwWQYDVR0gBFIwUDAIBgZngQwBAgIwDQYLKwYBBAGBrSGCLB4wDwYNKwYB
+BAGBrSGCLAEBBDARBg8rBgEEAYGtIYIsAQEEAwkwEQYPKwYBBAGBrSGCLAIBBAMJ
+MIIDXgYKKwYBBAHWeQIEAgSCA04EggNKA0gAdwBvU3asMfAxGdiZAKRRFf93FRwR
+2QLBACkGjbIImjfZEwAAAWl3tsubAAAEAwBIMEYCIQDleY52tBqLOUlBzrb6Dz5M
+uWEXellG3NnTfBaN87g67AIhAPHCGa4Y2xNiGoTecdUngDbbj+xdQyBLFR1mFrQV
+m0V9AHcAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFpd7bMqAAA
+BAMASDBGAiEA/mfu1lL6ri+Ib4fRjPRkLiSzriZQgHOt+ew5UVI0YHoCIQDXtv2r
+HG6aNaa9YCunjpA7Bc3w/RBjkCWmwKKoRzKzlwB2AKrnC388uNVmyGwvFpecn0Rf
+aasOtFNVibL3egMBBPPNAAABaXe2y7QAAAQDAEcwRQIgOWYMd92nC6diBFP9EJk2
+rvjYZMq92BSuGBKjy8P+OQQCIQCq2c2bqSRqX8biZ/WrpUgUs3CxOiX+OnUkci49
+RXxCFwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABaXe2y+AA
+AAQDAEcwRQIhALRrZGVHHpPLjOWbrs6xb+DCeRnXDyfZR5ttNezHZirFAiA80IU7
+FTBq3H7kswcnSiK3RAs0WLd5h5NpV+CsmeNzmgB1AKS5CZC0GFgUh7sTosxncAo8
+NZgE+RvfuON3zQ7IDdwQAAABaXe2y+AAAAQDAEYwRAIgbb9xvS1vv31chFtfr/nl
+9GPzyx9Uo2vjIJKgk8KcTKkCIAtl6Zgda9Bnj47yTfVkbM3Tzc6ZvxOToqVVWO9v
+Z4a9AHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFpd7bL2wAA
+BAMARzBFAiBD2wzVFDMmTRHKnF0vZN4Yia4Z2xe11iBpYtQU5mZ3vQIhAOgfeMi9
+7x96dZRZLsTs8J00KGz4NJcHX9RHRXyjeXQlAHUARJRlLrDuzq/EQAfYqP4owNrm
+gr7YyzG1P9MzlrW2gagAAAFpd7bScAAABAMARjBEAh8PGD3UXg5AeqX1KK2rEZWY
+jDyVOKXiaNM5uyEzGPIgAiEAuSLcjMd8cDtFuRotM+Jn9aIXiJIIcRpexcoA26PL
+PJkwDQYJKoZIhvcNAQELBQADggEBAE5OhnWn7XdXaIbX16SpWHV/Qfb/4+Hzzf6F
+KVl6bUJJ/maIUkmrjUWVYxHSfkL0Kx6aYL/WEdjZD0S40rjCZkEETJo3Lqy+WDgT
+ChgWEGzRBvqoNDVkywevsE77K5w2HaGKogWvD8IeOu/YOfZYKqTYYFz4ej7/PUit
+8TNbY0pYyEhXoKmoXsBJUvY0Fc03GJZDTevC6iEqCQOlMLprQxT/KuYthIHc/lv/
+qCIlbzsml0poyglupVIwzhvarFsQUPyZGoSEHcMG82Ors9VJbTaBk28uvdtORX9m
+gCkCBwb7DRxZb5US49rygRGROHqRaqlC/ASoXSznJgxUj8jL7Lc=
+-----END CERTIFICATE-----
+subject= /C=DE/ST=Baden-Wuerttemberg/L=Karlsruhe/O=Karlsruhe Institute of Technology/CN=KIT-CA
+-----BEGIN CERTIFICATE-----
+MIIFnjCCBIagAwIBAgIMHDrUjCTtki6w9JCuMA0GCSqGSIb3DQEBCwUAMIGVMQsw
+CQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVz
+IERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLEwdERk4t
+UEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IDIwHhcNMTYxMTAzMTUyNTQ4WhcNMzEwMjIyMjM1OTU5WjB7MQswCQYDVQQGEwJE
+RTEbMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlLYXJsc3J1
+aGUxKjAoBgNVBAoMIUthcmxzcnVoZSBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEP
+MA0GA1UEAwwGS0lULUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+1cwA90GCGWXXCQ+V4MkCc9CaPcYU0hrUc0mTyvbQ3DuOMey+w5aFI8JkmAD5CHsj
+jDWe/uuANc6OR828xLoN6EV4AsNMhD9HMelYZrGuBS2nsOVlGzIIf8t+RX7pDVQg
+Dc/UvczziO45HmLCoYeUDcqn9Qho8Jnuh4nXJdPCRB4UvcwtRCpYkgCeC+Llxfe4
+IpdnvABTX1kwYR4TVmnAg3Mel5tLoV+WcxTdwJMpsbjFz8P11qMta53Nactef4gx
+BWMSEpDlnGL+swzkUfd1s+3NQkFKBbAZ6ehZivOZc4ah4iRxB1T/5v2Tza+Hyao0
+4f5SbkkD2Y1p0Z5vdMVEPwIDAQABo4ICBTCCAgEwEgYDVR0TAQH/BAgwBgEB/wIB
+ATAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0gBCIwIDANBgsrBgEEAYGtIYIsHjAPBg0r
+BgEEAYGtIYIsAQEEMB0GA1UdDgQWBBQEGr8ck5E909k9sN4TI+WacPQuCDAfBgNV
+HSMEGDAWgBST49gyJtrV8UqlkUrg6kviogzP4TCBjwYDVR0fBIGHMIGEMECgPqA8
+hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWcyLWNhL3B1Yi9j
+cmwvY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2Jh
+bC1yb290LWcyLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIHdBggrBgEFBQcBAQSB0DCB
+zTAzBggrBgEFBQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZl
+ci9PQ1NQMEoGCCsGAQUFBzAChj5odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2Jh
+bC1yb290LWcyLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDBKBggrBgEFBQcwAoY+
+aHR0cDovL2NkcDIucGNhLmRmbi5kZS9nbG9iYWwtcm9vdC1nMi1jYS9wdWIvY2Fj
+ZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAH+/QKluUYGThHAZeh5I
+erhZdIN9B488jjjexsfs1p0IHjKAElUaxHdjTfHc2zENqfPtc+EKRJL04MOUWJj7
+8BSR2MOWu8WrOVXYmIZAJAzH1L1eFNR6cem3d1nsnjqtqw21EQ+/O/kXb9lIK/sv
+YDwudINFcdWE5UmOic9ZHSwFPb4oEeM97tG18WQkiVzKF1cM6nzLHWp78uRLwD1Q
+ek1y7eX5gc8iQSvv33wTlh0ppmbDqfaMTR/X/ED7SFfd5S9CF07EXj/XWlv7ps2g
+afR793FaPrPloGvghtC7pKT8uOMNBXC02Xq6drN6JlU+5k+bbSRcAd40Bqn6vyYA
+RKQ=
+-----END CERTIFICATE-----
+subject= /C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2
+-----BEGIN CERTIFICATE-----
+MIIFEjCCA/qgAwIBAgIJAOML1fivJdmBMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMg
+R21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwc
+VC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMjAeFw0xNjAyMjIxMzM4MjJaFw0z
+MTAyMjIyMzU5NTlaMIGVMQswCQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1
+ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUu
+IFYuMRAwDgYDVQQLEwdERk4tUEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDLYNf/ZqFBzdL6h5eKc6uZTepnOVqhYIBHFU6MlbLlz87TV0uNzvhWbBVV
+dgfqRv3IA0VjPnDUq1SAsSOcvjcoqQn/BV0YD8SYmTezIPZmeBeHwp0OzEoy5xad
+rg6NKXkHACBU3BVfSpbXeLY008F0tZ3pv8B3Teq9WQfgWi9sPKUA3DW9ZQ2PfzJt
+8lpqS2IB7qw4NFlFNkkF2njKam1bwIFrEczSPKiL+HEayjvigN0WtGd6izbqTpEp
+PbNRXK2oDL6dNOPRDReDdcQ5HrCUCxLx1WmOJfS4PSu/wI7DHjulv1UQqyquF5de
+M87I8/QJB+MChjFGawHFEAwRx1npAgMBAAGjggF0MIIBcDAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFJPj2DIm2tXxSqWRSuDqS+KiDM/hMB8GA1UdIwQYMBaAFL9Z
+IDYAeaCgImuM1fJh0rgsy4JKMBIGA1UdEwEB/wQIMAYBAf8CAQIwMwYDVR0gBCww
+KjAPBg0rBgEEAYGtIYIsAQEEMA0GCysGAQQBga0hgiweMAgGBmeBDAECAjBMBgNV
+HR8ERTBDMEGgP6A9hjtodHRwOi8vcGtpMDMzNi50ZWxlc2VjLmRlL3JsL1RlbGVT
+ZWNfR2xvYmFsUm9vdF9DbGFzc18yLmNybDCBhgYIKwYBBQUHAQEEejB4MCwGCCsG
+AQUFBzABhiBodHRwOi8vb2NzcDAzMzYudGVsZXNlYy5kZS9vY3NwcjBIBggrBgEF
+BQcwAoY8aHR0cDovL3BraTAzMzYudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19HbG9i
+YWxSb290X0NsYXNzXzIuY2VyMA0GCSqGSIb3DQEBCwUAA4IBAQCHC/8+AptlyFYt
+1juamItxT9q6Kaoh+UYu9bKkD64ROHk4sw50unZdnugYgpZi20wz6N35at8yvSxM
+R2BVf+d0a7Qsg9h5a7a3TVALZge17bOXrerufzDmmf0i4nJNPoRb7vnPmep/11I5
+LqyYAER+aTu/de7QCzsazeX3DyJsR4T2pUeg/dAaNH2t0j13s+70103/w+jlkk9Z
+PpBHEEqwhVjAb3/4ru0IQp4e1N8ULk2PvJ6Uw+ft9hj4PEnnJqinNtgs3iLNi4LY
+2XjiVRKjO4dEthEL1QxSr2mMDwbf0KJTi1eYe8/9ByT0/L3D/UqSApcb8re2z2WK
+GqK1chk5
+-----END CERTIFICATE-----
+subject= /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
+AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
+FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
+1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
+jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
+wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
+WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
+NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
+IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
+g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
+BSeOE6Fuwg==
+-----END CERTIFICATE-----
+

roles/common/handlers/main.yml

@@ -78,3 +78,17 @@
   service:
     name: smartd
     state: restarted
+
+- name: enable automatic
+  become: yes
+  systemd:
+    name: dnf-automatic.timer
+    state: started
+    enabled: yes
+
+- name: enable automatic service
+  become: yes
+  service:
+    name: dnf-automatic.service
+    state: restarted
+    enabled: yes

roles/common/tasks/certificate.yml

+---
+- name: copy certificate to the hosts
+  become: yes
+  copy:
+    src: web.las.pub
+    dest: /etc/pki/ca-trust/source/anchors/web.las.pem
+  notify:
+    - "update-ca-trust"

roles/common/tasks/etckeeper.yml

@@ -20,7 +20,7 @@
     line: "HIGHLEVEL_PACKAGE_MANAGER=dnf"
     regexp: "HIGHLEVEL_PACKAGE_MANAGER=.*"
     backup: yes
-  when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "18")
+  when: (ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) >= 18)
 
 - name: yum as package manager
   become: yes
@@ -29,7 +29,7 @@
     line: "HIGHLEVEL_PACKAGE_MANAGER=yum"
     regexp: "HIGHLEVEL_PACKAGE_MANAGER=.*"
     backup: yes
-  when: (ansible_distribution == "CentOS" and ansible_distribution_major_version <= "7")
+  when: (ansible_distribution == "CentOS" and (ansible_distribution_major_version|int) <= 7)
 
 - name: apt as package manager
   lineinfile:

roles/common/tasks/hostname.yml

@@ -26,5 +26,4 @@
 - name: set hostname
   become: yes
   hostname:
-    name: "las{{ ip_suffix }}.las.kit.edu"
-
+    name: "{{ computer_name }}.las.kit.edu"

roles/common/tasks/main.yml

@@ -7,9 +7,8 @@
 - import_tasks: sudoer.yml
 - import_tasks: sysupdate.yml
 - import_tasks: ntp.yml
-- import_tasks: yumrepos.yml
-  tags: lasrepo
 - import_tasks: software.yml
 - import_tasks: smartd.yml
   tags: smartd
 - import_tasks: sysrq.yml
+- import_tasks: certificate.yml

roles/common/tasks/ntp.yml

@@ -13,6 +13,21 @@
   - enable ntp
   changed_when: False
 
+- name: insert SCC into ntp configuration
+  become: yes
+  blockinfile:
+    insertafter: ^server .*[a-z]+.*$
+    path: /etc/ntp/step-tickers
+    backup: yes
+    state: present
+    block: |
+      server ntp1.scc.kit.edu
+      server ntp2.scc.kit.edu
+      server ntp3.scc.kit.edu
+      server ntp4.scc.kit.edu
+  tags: ntp
+  when: (ansible_distribution == 'Fedora' and (ansible_distribution_major_version|int) >= 28)
+
 - name: insert SCC into ntp configuration
   become: yes
   blockinfile:
@@ -26,3 +41,9 @@
       server ntp3.scc.kit.edu
       server ntp4.scc.kit.edu
   tags: ntp
+  when: (ansible_distribution == 'Fedora' and (ansible_distribution_major_version|int) < 28)
+
+- name: Set timezone
+  become: yes
+  timezone:
+    name: Europe/Berlin

roles/common/tasks/sshd.yml

@@ -10,13 +10,13 @@
   package:
     name: python-firewall
     state: present
-  when: ((ansible_distribution == "Fedora" and ansible_distribution_major_version < 28) or
-         (ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7))
+  when: ((ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) < 28) or
+         (ansible_distribution == "CentOS" and (ansible_distribution_major_version|int) >= 7))
 
 - name: Warn about firewalld not working
   debug:
     msg: Because python3-firewall is not working with the firewalld module, this tasks will not work!
-  when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= 28)
+  when: (ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) >= 28)
 
 - name: Open port 22 on Fedora/CentOS
   become: yes
@@ -24,8 +24,8 @@
     port: 22/tcp
     state: enabled
     permanent: true
-  when: ((ansible_distribution == "Fedora" and ansible_distribution_major_version < 28) or
-         (ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7))
+  when: ((ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) < 28) or
+         (ansible_distribution == "CentOS" and (ansible_distribution_major_version|int) >= 7))
   notify:
     - reload firewalld
     - restart firewalld

roles/common/tasks/sysupdate.yml

 ---
 - name: Updating the system
   become: yes
-  package: name=* state=latest
+  package:
+    name: "*"
+    state: latest
   tags:
   - skip_ansible_lint
   when: ansible_distribution != "Ubuntu"
+
+- name: install autoupdate for Fedora
+  become: yes
+  package:
+    name: "dnf-automatic"
+    state: installed
+  when: ansible_distribution == "Fedora"
+
+- name: configure autoupdate
+  become: yes
+  copy:
+    src: automatic.conf
+    dest: /etc/dnf/automatic.conf
+    mode: 644
+    owner: root
+    group: root
+  when: ansible_distribution == "Fedora"
+  notify:
+    - enable automatic

roles/elegant/files/mpich.sh

 export MPIR_CVAR_CH3_PORT_RANGE=10000:10100
 export PATH=/usr/lib64/mpich/bin:"${PATH}"
 export HYDRA_HOST_FILE=~/.mpihosts
-export RPN_DEFNS=~/.defns.rpn
+export RPN_DEFNS=/usr/local/share/defns.rpn

roles/elegant/files/pelegant_setup.sh

+#!/bin/bash
+# bash >= 4 required
+# This script assumes to be run only once per day and overwrites files
+# It also shouldn't be run for different hosts in parallel
+# Search the "Edit"-line
+# 
+# - This script has not been tested so far
+# - Mounting via sshfs is not included yet
+set -euo pipefail
+IFS=$'\n\t'
+
+############################################################
+# Edit:
+declare -A host_cpus=( ["129.13.108.79"]="3" ["129.13.108.113"]="6" )
+############################################################
+
+# main_host=$(hostname -f)
+main_host=$(ip -br -4 addr|\
+	grep '129.13.108.'|\
+	awk '{print $3}'|\
+	cut -d"/" -f1)
+
+printf "Generating SSH keys\n"
+filename=~/.ssh/"id_Pelegant_$(date --iso)"
+ssh-keygen -q -t ed25519 -o -f "${filename}" -C "Pelegant run from ${main_host} at $(date)"
+
+printf "Creating mpihosts file\n"
+if [ -f ~/.mpihosts ]; then
+  /usr/bin/mv ~/.mpihosts ~/.mpihosts.$(date --iso)
+fi
+for host in "${!host_cpus[@]}"; do
+  printf "%s:%s user=%s\n", "${host}" "${host_cpus[$host]}" "${USER}" >> ~/.mpihosts
+done
+
+printf "Copying files and mounting SSHFS\n"
+for host in "${!host_cpus[@]}"; do
+  printf "SSH copy from %s to %s (%s)", "${main_host}" "${host}" "${filename}"
+  scp "${filename}" "${host}:~/.ssh/"
+  scp "${filename}.pub" "${host}:~/.ssh/"
+  ssh-copy-id -i "${filename}" "${host}"
+  ssh-copy-id -i "${filename}" "${main_host}"
+
+  scp ~/.mpihosts "${host}:.mpihosts"
+
+  curdir=${PWD}
+  ssh -i "${filename}" "${host}"\
+	  "mkdir ${curdir} && "\
+	  "sshfs ${main_host}:${curdir} ${curdir} -o IdentityFile=\"${filename}\""
+done

roles/elegant/tasks/blas.yml

+---
+- name: "BLAS (needed by elegant)"
+  become: yes
+  dnf:
+    name: "{{ prePelegant }}"
+    state: present
+  tags: pelegant
+
+- name: ansible dependencies for firewalld
+  become: yes
+  dnf:
+    name: ["python3-decorator", "python3-slip", "python3-firewall"]
+    state: present
+  tags: pelegant
+
+- name: Pelegant open ports
+  become: yes
+  firewalld:
+    state: enabled
+    permanent: true
+    rich_rule: 'rule family="ipv4" source address="129.13.238.64/24" port port="10000-10100" protocol="tcp" accept'
+  notify:
+  - reload firewall
+  - restart firewall
+  tags: pelegant
+
+- name: Pelegant open ports
+  become: yes
+  firewalld:
+    state: disabled
+    permanent: true
+    rich_rule: 'rule family="ipv4" source address="129.13.108.64/24" port port="10000-10100" protocol="tcp" accept'
+  notify:
+  - reload firewall
+  - restart firewall
+  tags: pelegant
+
+- name: export variable