...
 
Commits (143)
......@@ -3,27 +3,33 @@ You need to have access to this repository (you need to add your public ssh-key
Then you can clone the git repository to work on in locally.
`git clone git@git.scc.kit.edu:las/ansible.git`
Add your computer to the hosts file or if you are just testing add it to the local file.
Add your hostname under each role name (the name in the square brackets) you want to be run on your computer.
Add your computer to the `hosts` file or if you are just testing add it to the local file.
Add your ``hostname`` under each role name (the name in the square brackets) you want to be run on your computer.
Also create a new file which is named
after your [fully-qualified-domain-name](https://de.wikipedia.org/wiki/Domain_(Internet)#Fully_Qualified_Domain_Name_.28FQDN.29}) (FQDN) in the `host_vars` directory including a [yaml](https://docs.ansible.com/ansible/YAMLSyntax.html) list with some host specific configuration variables, e. g. copy another similar host and adjust it.
These files do not have the `.yml` extension and do not start with `---`
Then create a file named after your FQDN with the extension ``.yml`` in the main directory of ansible which contains includes all the roles one want to run. This step needs root priviledges and therefore makes only sense for the first installation of a computer.
These files do not have the `.yml` extension and do not start with `---` as most of the other yaml files do.
Then create a file named after your FQDN with the extension ``.yml`` in the main directory of ansible which includes all the roles one want to run. This step needs root privileges and therefore makes only sense for the first installation of a computer.
Install ansible and some dependencies:
```
dnf install ansible git python2-dnf libselinux-python
dnf install ansible git python3-dnf libselinux-python python3-netaddr
```
Run
``` bash
git clone clone git@git.scc.kit.edu:las/ansible.git
git clone git@git.scc.kit.edu:las-it-organisation/32-0-IT-InstructionsAndRules/ansible.git
cd ansible
ansible-playbook --ask-become-pass --limit $(hostname -f) --vault-id @prompt site.yml
sudo ansible-playbook --limit $(hostname -f) --vault-id @prompt sites.yml
```
* If you only want some parts of the roles to be run, you can use the option `-t TAGNAME` to run only those tasks with the given tag.
* The vault-password is known to the usual suspects.
Unfortunately you need to know the vault password to let ansible run.
If you have got root access to obelix, then you should try to run ansible from that host.
The repository is located at `/root/ansible` and you should pull before running ansible. The advantage is, that it is tested.
There might be a tmux running for that purpose anyway.
### Ask for new software
Open an issue in the GitLab issue tracker and use the template for softwarerequests.
......@@ -46,16 +52,20 @@ requst by adding the software name to the list of `extra_software` in the
* nfs.yml:
* nfs-server: export /las-archiv1 to our network
* lasarchiv: client side mount las126/las-archiv1
* opera.yml: Cobham's Opera3d (client) ^2 ^3
* admin.yml: tools for administrators
* latex.yml: basic LaTeX installation (Arial not yet) ^1
* kdev.yml: KDevelope (with Python PlugIn) ^1
* jabref.yml: Cross platform BibTeX bibilography software [JabRef](http://www.jabref.org/)
* pycharm.yml: Cross platform Python IDE: [PyCharm](https://www.jetbrains.com/pycharm/) IDE
* chrome.yml: Google Chrome for Fedora (for Adobe Connect usage)
* dhcpd.yml: DHCPd primary and secondary server on Fedora
* elegant.yml: elegant (no Pelegant, yet)
* inovesa.yml: [Inovesa](https://github.com/Inovesa/Inovesa)
* kdev.yml: KDevelope (with Python PlugIn) ^1
* latex.yml: basic LaTeX installation (Arial not yet) ^1
* opera.yml: Cobham's Opera3d (client) ^2 ^3
* pycharm.yml: Cross platform Python IDE: [PyCharm](https://www.jetbrains.com/pycharm/) IDE
* remmina.yml: remmina a Remote Desktop Protocol (Windows remote) client for e. g. [rds.scc.kit.edu](https://rds.scc.kit.edu)
* ripgrep.yml: ripgrep the better grep
* undulator_control.yml: Install the software stack that is necessary to develop the control system for the JENA TGU experiment
* zotero.yml: A citation management software
* lab.yml: Lab infrastructure (DHCPd)
^1: (also put your FQDN to the \[common\] section in the hosts file as it depends hereon)
......@@ -63,29 +73,47 @@ requst by adding the software name to the list of `extra_software` in the
### ^2 Opera
After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@129.13.108.100`.
After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@opera.las.kit.edu`.
# Develop new roles, extend or modify existing ones and update roles for new software
## Branches
All roles in the master branch should work and should not brake on any of our systems (desktop, server, simulation, notebooks). The `site.yml` should always be runnable and include all roles that are stable and not explicitly for setup purposes only.
For developement and testing you should use development branches like `dev-latex`.
For development and testing you should use development branches like `dev-latex`.
You can check the syntax of the files by running `ansible-playbook --check-syntax filename.yml` (or by using the pre-commit-hook from the Snipplets.
If you just want to install one or many packages you can use `jabref.yml` as a basis.
If you just want to install one or many packages you can use `kdev.yml` as a basis or if it is not interesting for others you might want to add it to your host file instead.
Be aware that the development branches here are not save and the owner might force push to them!
# Run as admin
## Bootstrap
* Add your SSH-key to the host `ssh-copy-id lasXXX.las.kit.edu`
* Do the steps described for the self-setup
## Bootstraping
* Enable SSH on the new host (`lasXXX$ sudo systemctl start sshd && sudo systemctl enable sshd`)
* Add your SSH-key to the host `obelix# ssh-copy-id lasXXX.las.kit.edu`
* Install ansible dependencies: `lasXXX$ sudo dnf install ansible git python3-dnf libselinux-python python3-netaddr`
* Check the `hosts` file for entries of `lasXXX.las.kit.edu`
* Run `ansible-playbook -K --vault-id @prompt sites.yml` probably with the option `-l lasXXX.las.kit.edu`
## Edit encrypted files
* You can either use `ansible-vault edit --vault-id @prompt group_vars/all/vault.yml` to edit the file in your editor mentioned in the `$EDITOR` environment variable or
* you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`
The first one is of cause the preferred one, because there is no rist to add a unencrypted file to the repo.
The first one is of cause the preferred one, because there is no risk to add a unencrypted file to the repo.
## Bootstrap IPA hosts
In this example the client to bootstrap may be `pepe` and the installation takes place from the server `obelix`.
The prompts `#` show that you are working at root.
* Add your (root's) SSH-key to the host `obelix# ssh-copy-id pepe.las.kit.edu`
* Install ansible dependencies on the client: `pepe# dnf install python3-dnf libselinux-python`
* Get a Kerberos ticket (``obelix# kinit -f admin@LAS.KIT.EDU``)
* For the host with the hostname `pepe.las.kit.edu` do the following
* edit a file ``host_vars/pepe.las.kit.edu``
```
obelix# ansible-playbook -l pepe.las.kit.edu add_ipa_host.yml --vault-id @prompt
```
and provide the root password for the new host.
## Decommission/Uninstall a host
* edit the ``add_ipa_host.yml`` and uncomment the uninstall step in it.
---
- hosts: all
remote_user: root
vars:
ipa_host: "{{ computer_name }}.las.kit.edu"
ipa_host_ip: "129.13.238.{{ ip_suffix }}"
ipa_domain: las.kit.edu
vars_prompt:
- name: "ipa_pass"
prompt: "What is the admin@LAS.KIT.EDU password?"
private: yes
# - name: uninstall host
# become: yes
# command: ipa-client --uninstall -U
roles:
- ipa_hosts
[defaults]
inventory=hosts
pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
remote_user=gethmann
ssh_args = -o ControlMaster=auto -o ControlPersist=30m
remote_user=root
roles_path=roles
become=False
become_user="root"
become_ask_pass=True
become_method="sudo"
ansible_python_interpreter="/usr/bin/env python3"
gathering = smart
fact_caching = jsonfile
fact_caching_connection = cachedir
fact_caching_timeout = 86400
- hosts: all
roles:
- common
- hosts: cn
become: yes
tasks:
- name: rename CN computer
hostname: name=las-bernhard.anka.kit.edu
tags:
- cn
- always
......@@ -2,9 +2,7 @@
tasks:
- name: install desktop software
dnf:
name: "{{ item }}"
name: "{{ desktop_software }}"
state: present
become: yes
when: ansible_distribution == 'Fedora'
with_items:
- "{{ desktop_software }}"
......@@ -35,16 +35,12 @@ desktop_software:
- thunderbird
- firefox
- libreoffice
# - bwSyncAndShare
- "https://download.bwsyncandshare.kit.edu/clients/bwSyncAndShare_Latest.x86_64.rpm"
- perl-Clipboard
- perl-Capture-Tiny
ipaserver: las126.las.kit.edu
ipaserver2: las100.las.kit.edu
ipaserver3: las101.las.kit.edu
# this should be the IP or in the sshd_config the "UseDNS" must be set to yes
ansible_server: 129.13.108.126
ansible_server: 129.13.238.126
# file: group_vars/all/vault.yml
sudoer: "{{ vault_sudoer }}"
......@@ -54,3 +50,13 @@ userinstall_vars: "{{ vault_userinstall_vars }}"
admin_mail: "{{ vault_admin_mail }}"
rootkey: "{{ vault_rootkey }}"
# IPA
gid: "{{ vault_gid }}"
ipaserver1: "{{ vault_ipaserver1 }}"
ipaserver2: "{{ vault_ipaserver2 }}"
ipaserver3: "{{ vault_ipaserver3 }}"
ipa_users: "{{ vault_ipa_users }}"
undine_password: "{{ vault_undine_password }}"
This diff is collapsed.
---
nfs_server: 129.13.108.126
nfs_server: 129.13.238.126
......@@ -22,7 +22,7 @@ kit_tikz:
- texlive-mycv
- texlive-pgf-spectra
texlivepackages:
- texlive.x86_64
- "texlive-scheme-small"
- kile
- texmaker
- texlive-epstopdf-bin
......@@ -153,79 +153,79 @@ texlivepackages:
- texlive-xecolor
- texlive-fontspec
# Thought to be usefull
- texlive-texlive-de-doc.noarch
- texlive-texlive-common-doc.noarch
- texlive-texlive-docindex-doc.noarch
- texlive-ae.noarch
- texlive-cm.noarch
- texlive-cv.noarch
- texlive-ec.noarch
- texlive-ed.noarch
- texlive-fp.noarch
- texlive-gu.noarch
- texlive-hc.noarch
- texlive-lm.noarch
- texlive-t2.noarch
- texlive-alg.noarch
- texlive-doi.noarch
- texlive-dox.noarch
- texlive-eco.noarch
- texlive-ecv.noarch
- texlive-emp.noarch
- texlive-esk.noarch
- texlive-fbs.noarch
- texlive-fmp.noarch
- texlive-gmp.noarch
- texlive-hep.noarch
- texlive-iso.noarch
- texlive-lcg.noarch
- texlive-lfb.noarch
- texlive-msg.noarch
- texlive-nag.noarch
- texlive-nuc.noarch
- texlive-ofs.noarch
- texlive-pax.noarch
- texlive-pgf.noarch
- texlive-qcm.noarch
- texlive-sfg.noarch
- texlive-svg.noarch
- texlive-svn.noarch
- texlive-tap.noarch
- texlive-ucs.noarch
- texlive-uml.noarch
- texlive-uri.noarch
- texlive-url.noarch
- texlive-vpe.noarch
- texlive-base.noarch
- texlive-abbr.noarch
- texlive-acro.noarch
- texlive-bohr.noarch
- texlive-cals.noarch
- texlive-circ.noarch
- texlive-cite.noarch
- texlive-cmap.noarch
- texlive-cmll.noarch
- texlive-cmpj.noarch
- texlive-cmsd.noarch
- texlive-cool.noarch
- texlive-crop.noarch
- texlive-dhua.noarch
- texlive-epsf.noarch
- texlive-etoc.noarch
- texlive-euro.noarch
- texlive-exam.noarch
- texlive-feyn.noarch
- texlive-fink.noarch
- texlive-mycv.noarch
- texlive-nath.noarch
- texlive-pbox.noarch
- texlive-pdfx.noarch
- texlive-spot.noarch
- texlive-texlive-de-doc
- texlive-texlive-common-doc
- texlive-texlive-docindex-doc
- texlive-ae
- texlive-cm
- texlive-cv
- texlive-ec
- texlive-ed
- texlive-fp
- texlive-gu
- texlive-hc
- texlive-lm
- texlive-t2
- texlive-alg
- texlive-doi
- texlive-dox
- texlive-eco
- texlive-ecv
- texlive-emp
- texlive-esk
- texlive-fbs
- texlive-fmp
- texlive-gmp
- texlive-hep
- texlive-iso
- texlive-lcg
- texlive-lfb
- texlive-msg
- texlive-nag
- texlive-nuc
- texlive-ofs
- texlive-pax
- texlive-pgf
- texlive-qcm
- texlive-sfg
- texlive-svg
- texlive-svn
- texlive-tap
- texlive-ucs
- texlive-uml
- texlive-uri
- texlive-url
- texlive-vpe
- texlive-base
- texlive-abbr
- texlive-acro
- texlive-bohr
- texlive-cals
- texlive-circ
- texlive-cite
- texlive-cmap
- texlive-cmll
- texlive-cmpj
- texlive-cmsd
- texlive-cool
- texlive-crop
- texlive-dhua
- texlive-epsf
- texlive-etoc
- texlive-euro
- texlive-exam
- texlive-feyn
- texlive-fink
- texlive-mycv
- texlive-nath
- texlive-pbox
- texlive-pdfx
- texlive-spot
- texlive-tikz-palattice
- texlive-biblatex.noarch
- texlive-enumitem.noarch
- texlive-ctablestack.noarch
- texlive-gitinfo2.noarch
- texlive-biblatex
- texlive-enumitem
- texlive-ctablestack
- texlive-gitinfo2
- texlive-fncychap # e. g. Sphinx
- latexmk # sphinx
- texlive-tabulary
......@@ -253,3 +253,7 @@ texlivepackages:
# to be continued
- texlive-cleveref
- texlive-fonttable
- texlive-tcolorbox
- texlive-appendixnumberbeamer
#
- texlive-textpos
......@@ -15,36 +15,16 @@ python3pkg:
- python3-sphinx
- python3-tox
- python3-pip
python3pip:
- brewer2mpl
- Cython
- flake8
- flake8-mypy
- flake8-pep257
- i18n
- mypy_extensions
- pipenv
- pre-commit
- PyScaffold
- pytest-yapf
- tox
- yapf
- nbdime
python2pkg:
- python2
- python2-setuptools
- python-pip
- llvm
- cmake
- python3-flake8
- python3-Cython
- nodejs
- nodejs-libs
- kf5-purpose-twitter
- npm
python2pip:
- backports.shutil_get_terminal_size
- brewer2mpl
- Cython
- ipython
- mpld3
- notebook
- pandas
- sklearn
python2pkg: ""
pip3bin: /bin/pip3
......@@ -2,5 +2,5 @@ ansible_user: root
user_account: richter
ip_suffix: 118
loc: 620
os: Fedora 27
computer_name: Amnesix
os: Fedora 29
computer_name: amnesix
ansible_user: root
user_account: gethmann
ip_suffix: 73
loc: 618
os: Fedora 29
computer_name: asterix
extra_software:
- subversion # for ANKA software
- borgbackup
- mosh # ssh alternative
# keepass compatible console client
- kpcli
- perl-Clipboard
- perl-Capture-Tiny
- ctags # vim tags
- zsh
- neovim
- ShellCheck
- inkscape-table
# - fd-find
- ripgrep
- fzf # fuzzy finder
- fd-find
- gsl-devel # Needed to compile Eva Burkhards code
- mupdf # better alternative to pdftk than pdfseparate+pdfunite
- evince # for fixing RIP errors when printing LaTeX posters
- screen
# PDL for undulator/wiggler Opera script
- perl-PDL
# Installing dependencies:
- perl-Devel-Peek
- perl-Inline
- perl-Inline-C
- perl-Pegex
- freeglut
- perl-B-Utils
- perl-Class-Load
- perl-Class-Tiny
- perl-Data-Dump-Streamer
- perl-Devel-OverloadInfo
- perl-Devel-PartialDump
- perl-Devel-REPL
- perl-Devel-REPL-Plugin-Completion
- perl-Devel-REPL-Plugin-DDS
- perl-Devel-REPL-Plugin-LexEnv
- perl-Devel-REPL-Plugin-MultiLine-PPI
- perl-File-HomeDir
- perl-File-Map
- perl-Filter-Simple
- perl-Getopt-Long-Descriptive
- perl-IPC-System-Simple
- perl-Lexical-Persistence
- perl-Module-Compile
- perl-Module-Pluggable
- perl-Moose
- perl-MooseX-Getopt
- perl-MooseX-Object-Pluggable
- perl-MooseX-Role-Parameterized
- perl-OpenGL
- perl-PPI
- perl-Parse-RecDescent
- perl-PerlIO-Layers
- perl-Pod-Parser
- perl-Prima
- perl-Text-Balanced
- perl-YAML-LibYAML
- perl-autodie
# Installing weak dependencies:
- perl-Text-Bidi
# End of PDL
- snapd
ansible_user: root
user_account: gethmann
ip_suffix: 91
loc: 618
os: Fedora 30
computer_name: galantine
extra_software:
- zsh
ansible_user: root
user_account: widmann
ip_suffix: 112
loc: 618
os: Fedora 28
computer_name: Gutemine
user_account: blomley
loc: -119
os: Fedora 30
computer_name: gutemine
extra_software:
- subversion # ANKA software
......
ansible_user: root
user_account: gethmann
ip_suffix: 92
loc: 618
os: Fedora 30
computer_name: homoeopatix
extra_software:
- zsh
......@@ -3,4 +3,7 @@ user_account: damminsek
ip_suffix: 117
loc: 620
os: Fedora 27
computer_name: Idefix
computer_name: idefix
extra_software:
- mupdf
ansible_user: root
ansible_ssh_user: root
ansible_remote_user: gethmann
remote_user: gethmann
ip_suffix: 100
loc: 612
os: CentOS 7.4
computer_name: kantine
......@@ -5,3 +5,4 @@ remote_user: gethmann
ip_suffix: 101
loc: 612
os: Fedora 28
computer_name: Kneipix
ansible_user: root
user_account: gethmann
ip_suffix: 113
loc: 618
os: Fedora 27
computer_name: Asterix
extra_software:
- subversion # for ANKA software
- borgbackup
- mosh # ssh alternative
# keepass compatible console client
- kpcli
- perl-Clipboard
- perl-Capture-Tiny
- ctags # vim tags
- zsh
- neovim
- ShellCheck
- inkscape-table
# - fd-find
- ripgrep
- fzf # fuzzy finder
ansible_user: gethmann
ansible_user: root
user_account: bernhard
ip_suffix: 93
loc: -10.
loc: -119
os: ubuntu
computer_name: Taubenus
ansible_user: bernhard
user_account: bernhard
ip_suffix: 127
ip_suffix: 70
loc: 622
os: Fedora 27
computer_name: Majestix
os: Fedora 29
computer_name: majestix
......@@ -2,5 +2,8 @@ ansible_user: root
user_account: gethmann
ip_suffix: 126
loc: 618
os: Fedora 27
computer_name: Obelix
os: Fedora 29
computer_name: obelix
extra_software:
- borgbackup
......@@ -2,5 +2,9 @@ ansible_user: root
user_account: ning
ip_suffix: 115
loc: 619
os: Fedora 26
computer_name: Costa Y Bravo
os: Fedora 29
computer_name: pepe
extra_software:
- python-qt5
- "qt5-qttools-devel"
......@@ -3,5 +3,5 @@ ansible_user: root
user_account: rossmanith
ip_suffix: 116
loc: 619
os: Fedora 27
computer_name: Spürnix
os: Fedora 29
computer_name: spuernix
......@@ -3,4 +3,4 @@ user_account: tong
ip_suffix: 120
loc: 621
os: Fedora 28
computer_name: Teefax
computer_name: teefax
# stable
[clients]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las116.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu
las-gethmann.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
obelix.las.kit.edu
pepe.las.kit.edu
spuernix.las.kit.edu
teefax.las.kit.edu
[desktop]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las116.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
pepe.las.kit.edu
spuernix.las.kit.edu
teefax.las.kit.edu
[graphics]
las113.las.kit.edu
las-gethmann.las.kit.edu
las118.las.kit.edu
asterix.las.kit.edu
lysander.las.kit.edu
amnesix.las.kit.edu
galantine.las.kit.edu
homoeopatix.las.kit.edu
[lasarchiv]
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu
las127.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
pepe.las.kit.edu
idefix.las.kit.edu
amnesix.las.kit.edu
teefax.las.kit.edu
obelix.las.kit.edu
majestix.las.kit.edu
lysander.las.kit.edu
[python]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
homoeopatix.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
pepe.las.kit.edu
teefax.las.kit.edu
[kdev] # KDevelope
[jabref]
las113.las.kit.edu
las117.las.kit.edu
las-gethmann.las.kit.edu
[zotero]
asterix.las.kit.edu
gutemine.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
[pynaff]
las-gethmann.las.kit.edu
las113.las.kit.edu
las126.las.kit.edu
lysander.las.kit.edu
asterix.las.kit.edu
obelix.las.kit.edu
[pycharm]
las-gethmann.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las122.las.kit.edu
lysander.las.kit.edu
asterix.las.kit.edu
pepe.las.kit.edu
idefix.las.kit.edu
[chrome]
las-gethmann.las.kit.edu
lysander.las.kit.edu
[rdp]
galantine.las.kit.edu
gutemine.las.kit.edu
asterix.las.kit.edu
amnesix.las.kit.edu
[latex]
las112.las.kit.edu
las-gethmann.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
amnesix.las.kit.edu
asterix.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
pepe.las.kit.edu
teefax.las.kit.edu
[opera]
las113.las.kit.edu
las118.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu
las127.las.kit.edu
asterix.las.kit.edu
amnesix.las.kit.edu
idefix.las.kit.edu
obelix.las.kit.edu
majestix.las.kit.edu
[mad8]
# depercated for Fedora >=26
[nfs-server]
las126.las.kit.edu
[nfsserver]
obelix.las.kit.edu
# developement
[dhcpd]
las101.las.kit.edu
las126.las.kit.edu
[lab]
# las93.las.kit.edu
gutemine.las.kit.edu ansible_python_interpreter=/usr/bin/python3
[rpmbuild]
las113.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
lysander.las.kit.edu
[elegant]
las113.las.kit.edu
las117.las.kit.edu
las120.las.kit.edu
las126.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
idefix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
obelix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
lysander.las.kit.edu ansible_python_interpreter=/usr/bin/python3
majestix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
galantine.las.kit.edu ansible_python_interpreter=/usr/bin/python3
homoeopatix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
spuernix.las.kit.edu ansible_python_interpreter=/usr/bin/python3
[epics]
las112.las.kit.edu
las113.las.kit.edu
las115.las.kit.edu
las117.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
galantine.las.kit.edu
gutemine.las.kit.edu
idefix.las.kit.edu
lysander.las.kit.edu
majestix.las.kit.edu
pepe.las.kit.edu
[ripgrep]
las101.las.kit.edu
las113.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
lysander.las.kit.edu
[inovesa]
las113.las.kit.edu
asterix.las.kit.edu
obelix.las.kit.edu # ansible_connection=local
galantine.las.kit.edu
homoeopatix.las.kit.edu
pepe.las.kit.edu
[ipynb] # Jupyter notebook
las120.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
idefix.las.kit.edu
teefax.las.kit.edu
lysander.las.kit.edu
# semi stable
[tgu]
las115.las.kit.edu
pepe.las.kit.edu
[local]
# 127.0.0.1 ansible_connection=local
127.0.0.1 ansible_connection=local
[admin_pcs]
las101.las.kit.edu
las113.las.kit.edu
las-gethmann.las.kit.edu
asterix.las.kit.edu
lysander.las.kit.edu
[server]
las101.las.kit.edu
[cn]
las-bernhard.anka.kit.edu
---
- hosts: all
vars:
vars_prompt:
- name: "ipa_admin_pass"
prompt: "What is IPA's admin password?"
private: yes
roles:
- ipa_users
......@@ -5,3 +5,8 @@
dnf:
name: jabref
state: present
when: (ansible_distribution == "Fedora" and (ansible_distribution_major_version | int) <= 28)
- name: UNSUPPORTED
fail:
msg: Jabref is no longer maintained by Fedora! Use zotero instead.
- hosts: lab
roles:
- lab
- hosts: nfs-server
- hosts: nfsserver
roles:
- nfs-server
tags: nfs-server
......
- hosts: rdp
roles:
- rdp
......@@ -41,7 +41,7 @@ ErrorPolicy stop-printer
UUID urn:uuid:c20b481d-848e-30e6-5eab-8ba9fb397809
Info Oki MC851(PS)
Location Library
DeviceURI socket://129.13.108.106/
DeviceURI socket://oki.las.kit.edu/
State Idle
StateTime 1414591314
Type 8433756
......
---
- name: "Install basic client software"
apt:
name: "{{ item }}"
name: "{{ client_software }}"
state: present
with_items: "{{ client_software }}"
# with_items: "{{ client_software }}"
when: ansible_distribution == 'Ubuntu'
become: yes
- name: "Install basic client software"
dnf:
name: "{{ item }}"
name: "{{ client_software }}"
state: present
with_items: "{{ client_software }}"
# with_items: "{{ client_software }}"
when: ansible_distribution == 'Fedora'
become: yes
......@@ -9,11 +9,8 @@
- name: install dependencies
become: yes
dnf:
name: "{{ item }}"
name: ["hplip-common", "hplip"]
state: present
with_items:
- "hplip-common"
- "hplip"
when: ansible_distribution == 'Fedora'
- name: install CUPS
......
......@@ -2,7 +2,7 @@
- name: install fonts
become: true
dnf:
name: https://downloads.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm
name: "https://sourceforge.net/projects/mscorefonts2/files/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm/download?use_mirror=netcologne&ts=1566291689&use_mirror=netcologne"
state: installed
tags: fonts
when: ansible_distribution == "Fedora"
[commands]
# What kind of upgrade to perform:
# default = all available upgrades
# security = only the security upgrades
upgrade_type = security
random_sleep = 0
# To just receive updates use dnf-automatic-notifyonly.timer
# Whether updates should be downloaded when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
download_updates = yes
# Whether updates should be applied when they are available, by
# dnf-automatic.timer. notifyonly.timer, download.timer and
# install.timer override this setting.
apply_updates = yes
[emitters]
# Name to use for this system in messages that are emitted. Default is the
# hostname.
# system_name = my-host
# How to send messages. Valid options are stdio, email and motd. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via includes motd, /etc/motd file will have the messages. if
# emit_via includes command_email, then messages will be send via a shell
# command compatible with sendmail.
# Default is email,stdio.
# If emit_via is None or left blank, no messages will be sent.
emit_via = motd,stdio
[email]
# The address to send email messages from.
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[command]
# The shell command to execute. This is a Python format string, as used in
# str.format(). The format function will pass a shell-quoted argument called
# `body`.
# command_format = "cat"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
[command_email]
# The shell command to use to send email. This is a Python format string,
# as used in str.format(). The format function will pass shell-quoted arguments
# called body, subject, email_from, email_to.
# command_format = "mail -s {subject} -r {email_from} {email_to}"
# The contents of stdin to pass to the command. It is a format string with the
# same arguments as `command_format`.
# stdin_format = "{body}"
# The address to send email messages from.
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
[base]
# This section overrides dnf.conf
# Use this to filter DNF core messages
debuglevel = 1
-----BEGIN CERTIFICATE-----
MIIKcjCCCVqgAwIBAgIMIKiiExs4FR9L2Kp4MA0GCSqGSIb3DQEBCwUAMHsxCzAJ
BgNVBAYTAkRFMRswGQYDVQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxEjAQBgNVBAcM
CUthcmxzcnVoZTEqMCgGA1UECgwhS2FybHNydWhlIEluc3RpdHV0ZSBvZiBUZWNo
bm9sb2d5MQ8wDQYDVQQDDAZLSVQtQ0EwHhcNMTkwMzEzMTU0MDU0WhcNMjEwNjE0
MTU0MDU0WjCBhDELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVt
YmVyZzESMBAGA1UEBwwJS2FybHNydWhlMSowKAYDVQQKDCFLYXJsc3J1aGUgSW5z
dGl0dXRlIG9mIFRlY2hub2xvZ3kxGDAWBgNVBAMMD3dlYi5sYXMua2l0LmVkdTCC
AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKLgVunuUl0m3520OuAnewPw
N+zG0A295N4wSIS5KYflOxfmGBKKnAwefSzNvUIIOnyr+rrD2GdVG4ZMjQXmATAm
ibiQLVAYsPu+yTOfWUmwKDJCYLOCH1VkwPJbebSMTTuSGC3uRaKdtCucXX6TnHqY
jB0LPs730+KVPDFIiKps6U/SqfOmoCTr5owDiZXM75rl4sPtHSvNpsfFC1Ls6RIm
z2moISu0Q1wLdU6sPUMmvjRtv+pkPD6nMLfO0j9y6SL2z7AbOVJt+JcXZLteGW11
nQnRDOkHwpldy8xrYczIHd6bMp0hllVHSE8LsXs9H16yOy7LNkUMS8SfGFVlam84
yn5/h7jFUgHY1BCsORyfR2w5MznOWH+HIy2U+RKA3u1JlPQZtH1Q6hHR6oSRgx8O
4cf4lqgUELM2TydxEBiEupcHhiIHwleGHfTXL3ChtxSu/VyJZQcIiZ8gSDVTDrG7
bAX5rnXEoTeqvenLJAv8cAECl9J22wUCzSz3MzFpalDQY2+P7mpPxYKcRcQQxCpo
wVuKiiRw+JjN51AKkmELtZ5a/SD5JOy9PvmfAN1OUqJguxO+MbhYfp2If47Gy0ht
WuYZ47H8VFIPbVD7a8uVKX1VWKBaBvW5N4Cl7Wu/2yny3Zw+yw2XZFpPvmSNlq/T
8CYw0kFOQynCDzhrKASnAgMBAAGjggXqMIIF5jAJBgNVHRMEAjAAMA4GA1UdDwEB
/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU/hB/iqc12SwT
I7iIPJPSnPnKgLcwHwYDVR0jBBgwFoAUBBq/HJORPdPZPbDeEyPlmnD0LggwaAYD
VR0RBGEwX4IPZG5mLmxhcy5raXQuZWR1ghFtdW5pbi5sYXMua2l0LmVkdYIQcHlw
aS5sYXMua2l0LmVkdYIWc2hhcmVsYXRleC5sYXMua2l0LmVkdYIPd2ViLmxhcy5r
aXQuZWR1MH0GA1UdHwR2MHQwOKA2oDSGMmh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUv
a2l0LWNhLWcyL3B1Yi9jcmwvY2FjcmwuY3JsMDigNqA0hjJodHRwOi8vY2RwMi5w
Y2EuZGZuLmRlL2tpdC1jYS1nMi9wdWIvY3JsL2NhY3JsLmNybDCBzQYIKwYBBQUH
AQEEgcAwgb0wMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnBjYS5kZm4uZGUvT0NT
UC1TZXJ2ZXIvT0NTUDBCBggrBgEFBQcwAoY2aHR0cDovL2NkcDEucGNhLmRmbi5k
ZS9raXQtY2EtZzIvcHViL2NhY2VydC9jYWNlcnQuY3J0MEIGCCsGAQUFBzAChjZo
dHRwOi8vY2RwMi5wY2EuZGZuLmRlL2tpdC1jYS1nMi9wdWIvY2FjZXJ0L2NhY2Vy
dC5jcnQwWQYDVR0gBFIwUDAIBgZngQwBAgIwDQYLKwYBBAGBrSGCLB4wDwYNKwYB
BAGBrSGCLAEBBDARBg8rBgEEAYGtIYIsAQEEAwkwEQYPKwYBBAGBrSGCLAIBBAMJ
MIIDXgYKKwYBBAHWeQIEAgSCA04EggNKA0gAdwBvU3asMfAxGdiZAKRRFf93FRwR
2QLBACkGjbIImjfZEwAAAWl3tsubAAAEAwBIMEYCIQDleY52tBqLOUlBzrb6Dz5M
uWEXellG3NnTfBaN87g67AIhAPHCGa4Y2xNiGoTecdUngDbbj+xdQyBLFR1mFrQV
m0V9AHcAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFpd7bMqAAA
BAMASDBGAiEA/mfu1lL6ri+Ib4fRjPRkLiSzriZQgHOt+ew5UVI0YHoCIQDXtv2r
HG6aNaa9YCunjpA7Bc3w/RBjkCWmwKKoRzKzlwB2AKrnC388uNVmyGwvFpecn0Rf
aasOtFNVibL3egMBBPPNAAABaXe2y7QAAAQDAEcwRQIgOWYMd92nC6diBFP9EJk2
rvjYZMq92BSuGBKjy8P+OQQCIQCq2c2bqSRqX8biZ/WrpUgUs3CxOiX+OnUkci49
RXxCFwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABaXe2y+AA
AAQDAEcwRQIhALRrZGVHHpPLjOWbrs6xb+DCeRnXDyfZR5ttNezHZirFAiA80IU7
FTBq3H7kswcnSiK3RAs0WLd5h5NpV+CsmeNzmgB1AKS5CZC0GFgUh7sTosxncAo8
NZgE+RvfuON3zQ7IDdwQAAABaXe2y+AAAAQDAEYwRAIgbb9xvS1vv31chFtfr/nl
9GPzyx9Uo2vjIJKgk8KcTKkCIAtl6Zgda9Bnj47yTfVkbM3Tzc6ZvxOToqVVWO9v
Z4a9AHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFpd7bL2wAA
BAMARzBFAiBD2wzVFDMmTRHKnF0vZN4Yia4Z2xe11iBpYtQU5mZ3vQIhAOgfeMi9
7x96dZRZLsTs8J00KGz4NJcHX9RHRXyjeXQlAHUARJRlLrDuzq/EQAfYqP4owNrm
gr7YyzG1P9MzlrW2gagAAAFpd7bScAAABAMARjBEAh8PGD3UXg5AeqX1KK2rEZWY
jDyVOKXiaNM5uyEzGPIgAiEAuSLcjMd8cDtFuRotM+Jn9aIXiJIIcRpexcoA26PL
PJkwDQYJKoZIhvcNAQELBQADggEBAE5OhnWn7XdXaIbX16SpWHV/Qfb/4+Hzzf6F
KVl6bUJJ/maIUkmrjUWVYxHSfkL0Kx6aYL/WEdjZD0S40rjCZkEETJo3Lqy+WDgT
ChgWEGzRBvqoNDVkywevsE77K5w2HaGKogWvD8IeOu/YOfZYKqTYYFz4ej7/PUit
8TNbY0pYyEhXoKmoXsBJUvY0Fc03GJZDTevC6iEqCQOlMLprQxT/KuYthIHc/lv/
qCIlbzsml0poyglupVIwzhvarFsQUPyZGoSEHcMG82Ors9VJbTaBk28uvdtORX9m
gCkCBwb7DRxZb5US49rygRGROHqRaqlC/ASoXSznJgxUj8jL7Lc=
-----END CERTIFICATE-----
subject= /C=DE/ST=Baden-Wuerttemberg/L=Karlsruhe/O=Karlsruhe Institute of Technology/CN=KIT-CA
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIMHDrUjCTtki6w9JCuMA0GCSqGSIb3DQEBCwUAMIGVMQsw
CQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVz
IERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLEwdERk4t
UEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
IDIwHhcNMTYxMTAzMTUyNTQ4WhcNMzEwMjIyMjM1OTU5WjB7MQswCQYDVQQGEwJE
RTEbMBkGA1UECAwSQmFkZW4tV3VlcnR0ZW1iZXJnMRIwEAYDVQQHDAlLYXJsc3J1
aGUxKjAoBgNVBAoMIUthcmxzcnVoZSBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neTEP
MA0GA1UEAwwGS0lULUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
1cwA90GCGWXXCQ+V4MkCc9CaPcYU0hrUc0mTyvbQ3DuOMey+w5aFI8JkmAD5CHsj
jDWe/uuANc6OR828xLoN6EV4AsNMhD9HMelYZrGuBS2nsOVlGzIIf8t+RX7pDVQg
Dc/UvczziO45HmLCoYeUDcqn9Qho8Jnuh4nXJdPCRB4UvcwtRCpYkgCeC+Llxfe4
IpdnvABTX1kwYR4TVmnAg3Mel5tLoV+WcxTdwJMpsbjFz8P11qMta53Nactef4gx
BWMSEpDlnGL+swzkUfd1s+3NQkFKBbAZ6ehZivOZc4ah4iRxB1T/5v2Tza+Hyao0
4f5SbkkD2Y1p0Z5vdMVEPwIDAQABo4ICBTCCAgEwEgYDVR0TAQH/BAgwBgEB/wIB
ATAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0gBCIwIDANBgsrBgEEAYGtIYIsHjAPBg0r
BgEEAYGtIYIsAQEEMB0GA1UdDgQWBBQEGr8ck5E909k9sN4TI+WacPQuCDAfBgNV
HSMEGDAWgBST49gyJtrV8UqlkUrg6kviogzP4TCBjwYDVR0fBIGHMIGEMECgPqA8
hjpodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWcyLWNhL3B1Yi9j
cmwvY2FjcmwuY3JsMECgPqA8hjpodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2Jh
bC1yb290LWcyLWNhL3B1Yi9jcmwvY2FjcmwuY3JsMIHdBggrBgEFBQcBAQSB0DCB
zTAzBggrBgEFBQcwAYYnaHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZl
ci9PQ1NQMEoGCCsGAQUFBzAChj5odHRwOi8vY2RwMS5wY2EuZGZuLmRlL2dsb2Jh
bC1yb290LWcyLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDBKBggrBgEFBQcwAoY+
aHR0cDovL2NkcDIucGNhLmRmbi5kZS9nbG9iYWwtcm9vdC1nMi1jYS9wdWIvY2Fj
ZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQELBQADggEBAH+/QKluUYGThHAZeh5I
erhZdIN9B488jjjexsfs1p0IHjKAElUaxHdjTfHc2zENqfPtc+EKRJL04MOUWJj7
8BSR2MOWu8WrOVXYmIZAJAzH1L1eFNR6cem3d1nsnjqtqw21EQ+/O/kXb9lIK/sv
YDwudINFcdWE5UmOic9ZHSwFPb4oEeM97tG18WQkiVzKF1cM6nzLHWp78uRLwD1Q
ek1y7eX5gc8iQSvv33wTlh0ppmbDqfaMTR/X/ED7SFfd5S9CF07EXj/XWlv7ps2g
afR793FaPrPloGvghtC7pKT8uOMNBXC02Xq6drN6JlU+5k+bbSRcAd40Bqn6vyYA
RKQ=
-----END CERTIFICATE-----
subject= /C=DE/O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V./OU=DFN-PKI/CN=DFN-Verein Certification Authority 2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIJAOML1fivJdmBMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJERTErMCkGA1UECgwiVC1TeXN0ZW1zIEVudGVycHJpc2UgU2VydmljZXMg
R21iSDEfMB0GA1UECwwWVC1TeXN0ZW1zIFRydXN0IENlbnRlcjElMCMGA1UEAwwc
VC1UZWxlU2VjIEdsb2JhbFJvb3QgQ2xhc3MgMjAeFw0xNjAyMjIxMzM4MjJaFw0z
MTAyMjIyMzU5NTlaMIGVMQswCQYDVQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1
ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUu
IFYuMRAwDgYDVQQLEwdERk4tUEtJMS0wKwYDVQQDEyRERk4tVmVyZWluIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5IDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDLYNf/ZqFBzdL6h5eKc6uZTepnOVqhYIBHFU6MlbLlz87TV0uNzvhWbBVV
dgfqRv3IA0VjPnDUq1SAsSOcvjcoqQn/BV0YD8SYmTezIPZmeBeHwp0OzEoy5xad
rg6NKXkHACBU3BVfSpbXeLY008F0tZ3pv8B3Teq9WQfgWi9sPKUA3DW9ZQ2PfzJt
8lpqS2IB7qw4NFlFNkkF2njKam1bwIFrEczSPKiL+HEayjvigN0WtGd6izbqTpEp
PbNRXK2oDL6dNOPRDReDdcQ5HrCUCxLx1WmOJfS4PSu/wI7DHjulv1UQqyquF5de
M87I8/QJB+MChjFGawHFEAwRx1npAgMBAAGjggF0MIIBcDAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFJPj2DIm2tXxSqWRSuDqS+KiDM/hMB8GA1UdIwQYMBaAFL9Z
IDYAeaCgImuM1fJh0rgsy4JKMBIGA1UdEwEB/wQIMAYBAf8CAQIwMwYDVR0gBCww
KjAPBg0rBgEEAYGtIYIsAQEEMA0GCysGAQQBga0hgiweMAgGBmeBDAECAjBMBgNV
HR8ERTBDMEGgP6A9hjtodHRwOi8vcGtpMDMzNi50ZWxlc2VjLmRlL3JsL1RlbGVT
ZWNfR2xvYmFsUm9vdF9DbGFzc18yLmNybDCBhgYIKwYBBQUHAQEEejB4MCwGCCsG
AQUFBzABhiBodHRwOi8vb2NzcDAzMzYudGVsZXNlYy5kZS9vY3NwcjBIBggrBgEF
BQcwAoY8aHR0cDovL3BraTAzMzYudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19HbG9i
YWxSb290X0NsYXNzXzIuY2VyMA0GCSqGSIb3DQEBCwUAA4IBAQCHC/8+AptlyFYt
1juamItxT9q6Kaoh+UYu9bKkD64ROHk4sw50unZdnugYgpZi20wz6N35at8yvSxM
R2BVf+d0a7Qsg9h5a7a3TVALZge17bOXrerufzDmmf0i4nJNPoRb7vnPmep/11I5
LqyYAER+aTu/de7QCzsazeX3DyJsR4T2pUeg/dAaNH2t0j13s+70103/w+jlkk9Z
PpBHEEqwhVjAb3/4ru0IQp4e1N8ULk2PvJ6Uw+ft9hj4PEnnJqinNtgs3iLNi4LY
2XjiVRKjO4dEthEL1QxSr2mMDwbf0KJTi1eYe8/9ByT0/L3D/UqSApcb8re2z2WK
GqK1chk5
-----END CERTIFICATE-----
subject= /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2
-----BEGIN CERTIFICATE-----
MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
BSeOE6Fuwg==
-----END CERTIFICATE-----
......@@ -78,3 +78,17 @@
service:
name: smartd
state: restarted
- name: enable automatic
become: yes
systemd:
name: dnf-automatic.timer
state: started
enabled: yes
- name: enable automatic service
become: yes
service:
name: dnf-automatic.service
state: restarted
enabled: yes
---
- name: copy certificate to the hosts
become: yes
copy:
src: web.las.pub
dest: /etc/pki/ca-trust/source/anchors/web.las.pem
notify:
- "update-ca-trust"
......@@ -20,7 +20,7 @@
line: "HIGHLEVEL_PACKAGE_MANAGER=dnf"
regexp: "HIGHLEVEL_PACKAGE_MANAGER=.*"
backup: yes
when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "18")
when: (ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) >= 18)
- name: yum as package manager
become: yes
......@@ -29,7 +29,7 @@
line: "HIGHLEVEL_PACKAGE_MANAGER=yum"
regexp: "HIGHLEVEL_PACKAGE_MANAGER=.*"
backup: yes
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version <= "7")
when: (ansible_distribution == "CentOS" and (ansible_distribution_major_version|int) <= 7)
- name: apt as package manager
lineinfile:
......
......@@ -26,5 +26,4 @@
- name: set hostname
become: yes
hostname:
name: "las{{ ip_suffix }}.las.kit.edu"
name: "{{ computer_name }}.las.kit.edu"
......@@ -7,9 +7,8 @@
- import_tasks: sudoer.yml
- import_tasks: sysupdate.yml
- import_tasks: ntp.yml
- import_tasks: yumrepos.yml
tags: lasrepo
- import_tasks: software.yml
- import_tasks: smartd.yml
tags: smartd
- import_tasks: sysrq.yml
- import_tasks: certificate.yml
......@@ -13,6 +13,21 @@
- enable ntp
changed_when: False
- name: insert SCC into ntp configuration
become: yes
blockinfile:
insertafter: ^server .*[a-z]+.*$
path: /etc/ntp/step-tickers
backup: yes
state: present
block: |
server ntp1.scc.kit.edu
server ntp2.scc.kit.edu
server ntp3.scc.kit.edu
server ntp4.scc.kit.edu
tags: ntp
when: (ansible_distribution == 'Fedora' and (ansible_distribution_major_version|int) >= 28)
- name: insert SCC into ntp configuration
become: yes
blockinfile:
......@@ -26,3 +41,9 @@
server ntp3.scc.kit.edu
server ntp4.scc.kit.edu
tags: ntp
when: (ansible_distribution == 'Fedora' and (ansible_distribution_major_version|int) < 28)
- name: Set timezone
become: yes
timezone:
name: Europe/Berlin
......@@ -19,3 +19,15 @@
- enable smartd
- restart smartd
when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")
- name: configure smartd on Ubuntu
become: yes
lineinfile:
line: "DEVICESCAN -H -m {{ admin_mail }} -M exec /usr/libexec/smartmontools/smartdnotify -n standby,10,q -s (S/../.././02|L/../../6/03) -W 4,35,40"
regexp: ^DEVICESCAN .*$
backup: yes
path: /etc/smartd.conf
notify:
- enable smartd
- restart smartd
when: (ansible_distribution == "Ubuntu")
......@@ -10,13 +10,13 @@
package:
name: python-firewall
state: present
when: ((ansible_distribution == "Fedora" and ansible_distribution_major_version < 28) or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7))
when: ((ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) < 28) or
(ansible_distribution == "CentOS" and (ansible_distribution_major_version|int) >= 7))
- name: Warn about firewalld not working
debug:
msg: Because python3-firewall is not working with the firewalld module, this tasks will not work!
when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= 28)
when: (ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) >= 28)
- name: Open port 22 on Fedora/CentOS
become: yes
......@@ -24,8 +24,8 @@
port: 22/tcp
state: enabled
permanent: true
when: ((ansible_distribution == "Fedora" and ansible_distribution_major_version < 28) or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7))
when: ((ansible_distribution == "Fedora" and (ansible_distribution_major_version|int) < 28) or
(ansible_distribution == "CentOS" and (ansible_distribution_major_version|int) >= 7))
notify:
- reload firewalld
- restart firewalld
......
---
- name: Updating the system
become: yes
package: name=* state=latest
package:
name: "*"
state: latest
tags:
- skip_ansible_lint
when: ansible_distribution != "Ubuntu"
- name: install autoupdate for Fedora
become: yes
package:
name: "dnf-automatic"
state: installed
when: ansible_distribution == "Fedora"
- name: configure autoupdate
become: yes
copy:
src: automatic.conf
dest: /etc/dnf/automatic.conf
mode: 644
owner: root
group: root
when: ansible_distribution == "Fedora"
notify:
- enable automatic
This diff is collapsed.
export MPIR_CVAR_CH3_PORT_RANGE=10000:10100
export PATH=/usr/lib64/mpich/bin:"${PATH}"
export HYDRA_HOST_FILE=~/.mpihosts
export RPN_DEFNS=~/.defns.rpn
export RPN_DEFNS=/usr/local/share/defns.rpn
</
#!/bin/bash
# bash >= 4 required
# This script assumes to be run only once per day and overwrites files
# It also shouldn't be run for different hosts in parallel
# Search the "Edit"-line
#
# - This script has not been tested so far
# - Mounting via sshfs is not included yet
set -euo pipefail
IFS=$'\n\t'
############################################################
# Edit:
declare -A host_cpus=( ["129.13.108.79"]="3" ["129.13.108.113"]="6" )
############################################################
# main_host=$(hostname -f)
main_host=$(ip -br -4 addr|\
grep '129.13.108.'|\
awk '{print $3}'|\
cut -d"/" -f1)
printf "Generating SSH keys\n"
filename=~/.ssh/"id_Pelegant_$(date --iso)"
ssh-keygen -q -t ed25519 -o -f "${filename}" -C "Pelegant run from ${main_host} at $(date)"
printf "Creating mpihosts file\n"
if [ -f ~/.mpihosts ]; then
/usr/bin/mv ~/.mpihosts ~/.mpihosts.$(date --iso)
fi
for host in "${!host_cpus[@]}"; do
printf "%s:%s user=%s\n", "${host}" "${host_cpus[$host]}" "${USER}" >> ~/.mpihosts
done
printf "Copying files and mounting SSHFS\n"
for host in "${!host_cpus[@]}"; do
printf "SSH copy from %s to %s (%s)", "${main_host}" "${host}" "${filename}"