...
 
Commits (133)
local
*.retry
host_vars/127.0.0.1
repos:
- repo: https://github.com/willthames/ansible-lint.git
sha: v3.4.16
hooks:
- id: ansible-lint
files: \.(yaml|yml)$
- repo: https://github.com/pre-commit/pre-commit-hooks.git
sha: v1.1.1
hooks:
- id: trailing-whitespace
- id: check-added-large-files
# [Ansible](https://docs.ansible.com/ansible/index.html) repository for LAS/CS NSQ computer
You need to have access to this repository (you need to add your public ssh-key (`ssh-keygen`) to your profile here).
Then you can clone the git repository to work on in locally.
`git clone git@git.scc.kit.edu:las/ansible.git`
Add your computer to the hosts file or if you are just testing add it to the local file.
Add your hostname under each role name (the name in the square brackets) you want to be run on your computer.
Also create a new file which is named
after your [fully-qualified-domain-name](https://de.wikipedia.org/wiki/Domain_(Internet)#Fully_Qualified_Domain_Name_.28FQDN.29}) (FQDN) in the `host_vars` directory including a [yaml](https://docs.ansible.com/ansible/YAMLSyntax.html) list with some host specific configuration variables, e. g. copy another similar host and adjust it.
These files do not have the `.yml` extension and do not start with `---`
Then create a file named after your FQDN with the extension ".yml" in the main directory of ansible which contains includes all the roles one want to run. This step needs root priviledges and therefore makes only sense for the first installation of a computer.
* install ansible and some dependencies:
```
dnf install ansible git python2-dnf libselinux-python
```
* run [ansible-pull](https://docs.ansible.com/ansible/playbooks_intro.html#ansible-pull):
```
ansible-pull -K -U git@git.scc.kit.edu:las/ansible.git playbook_name.yml
```
* If you only want some parts of the roles to be run, you can use the option `-t TAGNAME` to run only those tasks with the given tag.
### Ask for new software
Open an issue in the GitLab issue tracker with the label: softwarerequest
## How to get new software on your computer
## Available roles
* common.yml: basic configuration for all LAS/NSQ computers
* clients.yml: all computers not acting as a server (only) ^1
* desktop.yml: all desktop computers including laptops (having X11/Wayland)
* python.yml: basic python_stack for scientific Python usage (including fitting) ^1
* ipynb.yml: IPython/Jupyter notebook ^1
* MAD-8: MAD 8 inofficial build for Fedora
* nfs.yml:
* nfs-server: export /las-archiv1 to our network
* lasarchiv: client side mount las126/las-archiv1
* opera.yml: Cobham's Opera3d (client) ^2 ^3
* admin.yml: tools for administrators
* latex.yml: basic LaTeX installation (Arial not yet) ^1
* kdev.yml: KDevelope (with Python PlugIn) ^1
* jabref.yml: Cross platform BibTeX bibilography software [JabRef](http://www.jabref.org/)
* pycharm.yml: Cross platform Python IDE: [PyCharm](https://www.jetbrains.com/pycharm/) IDE
* chrome.yml: Google Chrome for Fedora (for Adobe Connect usage)
* elegant.yml: elegant (no Pelegant, yet)
* inovesa.yml: [Inovesa](https://github.com/Inovesa/Inovesa)
^1: (also put your FQDN to the \[common\] section in the hosts file as it depends hereon)
^3: (also put your FQDN to the \[lasarchiv\] section in the hosts file as it depends hereon)
### ^2 Opera
After installing Opera via ansible you must confirm the license agreement at first start and go to "Licensing -> Set License Path" and switch to `Other computer(s)` and fill in `@129.13.108.100`.
# Develop new roles, extend or modify existing ones and update roles for new software
## Branches
All roles in the master branch should work and should not brake on any of our systems (desktop, server, simulation, notebooks). The `site.yml` should always be runnable and include all roles that are stable and not explicitly for setup purposes only.
For developement and testing you should use development branches like `dev-latex`.
You can check the syntax of the files by running `ansible-playbook --check-syntax filename.yml` (or by using the pre-commit-hook from the Snipplets.
If you just want to install one or many packages you can use `jabref.yml` as a basis.
# Run as admin
## Bootstrap
* Add your SSH-key to the host `ssh-copy-id lasXXX.las.kit.edu`
* Do the steps described for the self-setup
* Run `ansible-playbook -K sites.yml` probably with the option `-l lasXXX.las.kit.edu`
- hosts: admin_pcs - hosts: admin_pcs
tasks: tasks:
- dnf: name={{item}} state=latest - name: install admin software
become: yes become: yes
with_items: admin_software dnf:
name: "{{ item }}"
state: present
with_items: "{{ admin_software }}"
[defaults] [defaults]
inventory=hosts inventory=hosts
pipelining = True pipelining = True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
remote_user=gethmann remote_user=gethmann
roles_path=roles roles_path=roles
become=False become=False
......
- hosts: chrome
roles:
- google-chrome
...@@ -5,7 +5,8 @@ ...@@ -5,7 +5,8 @@
- hosts: cn - hosts: cn
become: yes become: yes
tasks: tasks:
- hostname: name=las-bernhard.anka.kit.edu - name: rename CN computer
hostname: name=las-bernhard.anka.kit.edu
tags: tags:
- cn - cn
- always - always
- hosts: desktop - hosts: desktop
tasks: tasks:
- dnf: name={{item}} state=latest - name: install desktop software
become: yes dnf:
when: ansible_distribution == 'Fedora' name: "{{ item }}"
with_items: state: present
- desktop_software become: yes
when: ansible_distribution == 'Fedora'
with_items:
- "{{ desktop_software }}"
- hosts: elegant
roles:
- elegant
---
- hosts: epics
roles:
- epics
...@@ -3,18 +3,23 @@ ...@@ -3,18 +3,23 @@
common_software: common_software:
- git - git
- vim - vim
- htop
- tmux - tmux
- iotop # diagnostic for admins
- iftop - htop # processes
- ncdu - iotop # disk IO
- dmidecode - iftop # network IO
- ncdu # nice disk usage
- dmidecode # general hardware information
- lm_sensors # cpu/gpu temperatures
- hddtemp # HDD temperatures
client_software: client_software:
- gnuplot - gnuplot
- kpcli
handy_software: handy_software:
- zsh - zsh
- neovim
admin_software: admin_software:
- ansible - ansible
...@@ -28,21 +33,13 @@ admin_software: ...@@ -28,21 +33,13 @@ admin_software:
- ansible-lint - ansible-lint
- ansible-inventory-grapher - ansible-inventory-grapher
python_software:
- python3-scipy
- python3-matplotlib
# - anaconda3
client_software:
- kpcli
desktop_software: desktop_software:
- thunderbird - thunderbird
# - king/Clipboard
# - dagolden/Capture-Tiny
- firefox - firefox
- libreoffice - libreoffice
- bwSyncAndShare # - bwSyncAndShare
- perl-Clipboard
- perl-Capture-Tiny
ipaserver: las101.las.kit.edu ipaserver: las101.las.kit.edu
ipaserver2: las126.las.kit.edu ipaserver2: las126.las.kit.edu
...@@ -55,3 +52,4 @@ userinstall_vars: ...@@ -55,3 +52,4 @@ userinstall_vars:
- {name: "gethmann", password: "$6$HEmrpe9IMPI7nwxK$7VyjN.1tf/bJ2JJUeXQa.HEK3PFB1ggUVqpvMD0M/b/Ln.8QkzSMit9xukPaNhVg4caTnQBmcn1DXVwbfCmJt."} - {name: "gethmann", password: "$6$HEmrpe9IMPI7nwxK$7VyjN.1tf/bJ2JJUeXQa.HEK3PFB1ggUVqpvMD0M/b/Ln.8QkzSMit9xukPaNhVg4caTnQBmcn1DXVwbfCmJt."}
- {name: "bernhard", password: "$6$Q9NiWWvweGVfXXUP$6jhQWNGEs1f/RZc2aeDJ4Wv7huT5eAyW/uO0hOr8Yzi.h5Sa149LDpzp6utQI2VbnKF6O7TfpZeoKHFaNKGY51"} - {name: "bernhard", password: "$6$Q9NiWWvweGVfXXUP$6jhQWNGEs1f/RZc2aeDJ4Wv7huT5eAyW/uO0hOr8Yzi.h5Sa149LDpzp6utQI2VbnKF6O7TfpZeoKHFaNKGY51"}
admin_mail: gethmann@kit.edu
---
nfs_server: 129.13.108.126
texpath: /usr/share/texlive/texmf-local
kit_tikz:
- texlive-tikzpfeile
- texlive-tikz-feynman
- texlive-tikzmark
- texlive-tikzscale
- texlive-circuitikz
- texlive-tikzsymbols
- texlive-tikzinclude
- texlive-tikzposter
- texlive-tikz-palattice
- texlive-aobs-tikz
- texlive-tikz-3dplot
- texlive-tikz-timing
- texlive-hf-tikz
- texlive-tikzscale
- texlive-tikz-dependency
- texlive-pgfgantt
- texlive-venndiagram
- texlive-flowchart
- texlive-mycv
- texlive-pgf-spectra
texlivepackages:
- texlive.x86_64
- kile
- texmaker
- texlive-epstopdf-bin
- texlive-quotmark
- texlive-hyphen-german
- texlive-babel-german
- texlive-pgfplots
- texlive-units
- texlive-mnsymbol
- texlive-pgfgantt
- texlive-pgf-umlcd
- texlive-pgf-umlsd
- texlive-prettyref
- texlive-faktor
- texlive-overpic
# Sphinx (Python docu)
- texlive-sidecap
- texlive-framed
- texlive-threeparttable
- texlive-wrapfig
- texlive-upquote
- texlive-capt-of
- texlive-multirow
- texlive-eqparbox
# fsphys/thesisvorlage-latex
- texlive-vmargin
- texlive-floatflt
- texlive-acronym
- texlive-mhchem
# KIT-{beamer,poster,brief}
- texlive-blindtext
# Bechleunigerphysik II Übung
- texlive-siunitx
- texlive-SIunits
- texlive-was
- texlive-commath
- texlive-ulem
# system docu
- texlive-draftwatermark
# JaCoW
- texlive-sttools
- texlive-boondox
- biber
- texlive-newtx
# biber dependencies
# gdbm-devel
# libdb-devel
# perl-Business-ISMN
# perl-Business-ISSN
# perl-Data-Compare
# perl-Data-Dump
# perl-Data-OptList
# perl-Date-Simple
# perl-Devel-GlobalDestruction
# perl-Dist-CheckConflicts
# perl-Email-Date-Format
# perl-Exporter-Tiny
# perl-ExtUtils-Command
# perl-ExtUtils-Install
# perl-ExtUtils-MakeMaker
# perl-ExtUtils-Manifest
# perl-ExtUtils-ParseXS
# perl-File-Find-Rule
# perl-File-Slurp
# perl-File-Slurp-Tiny
# perl-IPC-Cmd
# perl-IPC-Run3
# perl-LWP-Protocol-https
# perl-List-AllUtils
# perl-List-MoreUtils
# perl-Locale-Maketext
# perl-Locale-Maketext-Simple
# perl-Log-Dispatch
# perl-Log-Dispatch-FileRotate
# perl-Log-Log4perl
# perl-MIME-Charset
# perl-MIME-Lite
# perl-MIME-Types
# perl-Mail-Sender
# perl-Mail-Sendmail
# perl-MailTools
# perl-Module-Implementation
# perl-Module-Load
# perl-Module-Load-Conditional
# perl-Module-Metadata
# perl-Module-Runtime
# perl-Mozilla-CA
# perl-Net-SMTP-SSL
# perl-Number-Compare
# perl-Package-Generator
# perl-Params-Check
# perl-Params-Util
# perl-Params-Validate
# perl-Readonly
# perl-Regexp-Common
# perl-Sub-Exporter
# perl-Sub-Exporter-Progressive
# perl-Sub-Install
# perl-Sub-Name
# perl-Sys-Syslog
# perl-Text-BibTeX
# perl-Text-Glob
# perl-Tie-Cycle
# perl-Try-Tiny
# perl-Unicode-LineBreak
# perl-XML-LibXML
# perl-XML-LibXML-Simple
# perl-XML-LibXSLT
# perl-XML-NamespaceSupport
# perl-XML-SAX
# perl-XML-SAX-Base
# perl-XML-Writer
# perl-autovivification
# perl-devel
# rrdtool-perl
# sombok
# systemtap-sdt-devel
# Xe(La)TeX
- texlive-xetex
- texlive-collection-xetex
- texlive-xetex-def
- texlive-xetexfontinfo
- texlive-xevlna
- texlive-euenc
- texlive-unicode-math
- texlive-mathspec
- texlive-xgreek
- texlive-xecolor
- texlive-fontspec
# Thought to be usefull
- texlive-texlive-de-doc.noarch
- texlive-texlive-common-doc.noarch
- texlive-texlive-docindex-doc.noarch
- texlive-ae.noarch
- texlive-cm.noarch
- texlive-cv.noarch
- texlive-ec.noarch
- texlive-ed.noarch
- texlive-fp.noarch
- texlive-gu.noarch
- texlive-hc.noarch
- texlive-lm.noarch
- texlive-t2.noarch
- texlive-alg.noarch
- texlive-doi.noarch
- texlive-dox.noarch
- texlive-eco.noarch
- texlive-ecv.noarch
- texlive-emp.noarch
- texlive-esk.noarch
- texlive-fbs.noarch
- texlive-fmp.noarch
- texlive-gmp.noarch
- texlive-hep.noarch
- texlive-iso.noarch
- texlive-lcg.noarch
- texlive-lfb.noarch
- texlive-msg.noarch
- texlive-nag.noarch
- texlive-nuc.noarch
- texlive-ofs.noarch
- texlive-pax.noarch
- texlive-pgf.noarch
- texlive-qcm.noarch
- texlive-sfg.noarch
- texlive-svg.noarch
- texlive-svn.noarch
- texlive-tap.noarch
- texlive-ucs.noarch
- texlive-uml.noarch
- texlive-uri.noarch
- texlive-url.noarch
- texlive-vpe.noarch
- texlive-base.noarch
- texlive-abbr.noarch
- texlive-acro.noarch
- texlive-bohr.noarch
- texlive-cals.noarch
- texlive-circ.noarch
- texlive-cite.noarch
- texlive-cmap.noarch
- texlive-cmll.noarch
- texlive-cmpj.noarch
- texlive-cmsd.noarch
- texlive-cool.noarch
- texlive-crop.noarch
- texlive-dhua.noarch
- texlive-epsf.noarch
- texlive-etoc.noarch
- texlive-euro.noarch
- texlive-exam.noarch
- texlive-feyn.noarch
- texlive-fink.noarch
- texlive-mycv.noarch
- texlive-nath.noarch
- texlive-pbox.noarch
- texlive-pdfx.noarch
- texlive-spot.noarch
- texlive-tikz-palattice
- texlive-biblatex.noarch
- texlive-enumitem.noarch
- texlive-ctablestack.noarch
- texlive-gitinfo2.noarch
- texlive-fncychap # e. g. Sphinx
- texlive-tabulary
- texlive-latexdiff
# - texlive-latexdiff-bin
- texlive-a4wide
# systemdocu
- texlive-koma-script
- texlive-ctablestack
# to be continued
opera_path: /usr/local/share/Opera_18R2
---
python3pkg:
- bumpversion
- ptpython3
- python3
- python3-ipython
- python3-matplotlib-qt4
# - python3-matplotlib-qt5 # does not work: https://github.com/matplotlib/matplotlib/pull/6854
- python3-numpy
- python3-pandas
- python3-pip
- python3-pylint
- python3-scipy
- python3-setuptools
- python3-sphinx
- python3-tox
python3pip:
- brewer2mpl
- Cython
- flake8
- flake8-mypy
- flake8-pep257
- i18n
- mypy_extensions
- pipenv
- pre-commit
- PyScaffold
- pytest-yapf
- tox
- yapf
python2pkg:
- python2
- python2-setuptools
- python-pip
python2pip:
- backports.shutil_get_terminal_size
- brewer2mpl
- Cython
- ipython
- mpld3
- notebook
- pandas
- sklearn
ansible_connection: local
ansible_user: gethmann ansible_user: gethmann
user_account: gethmann user_account: gethmann
ip_suffix: -gethmann ip_suffix: -gethmann
loc: 618 loc: 618
os: Fedora 25
extra_software:
- subversion # for ANKA software
- borgbackup
- mosh # ssh alternative
# keepass compatible console client
- kpcli
- perl-Clipboard
- perl-Capture-Tiny
- ctags # vim tags
- zsh
ansible_user: gethmann
ansible_ssh_user: gethmann
ansible_remote_user: gethmann
remote_user: gethmann
ip_suffix: 101
loc: 620
os: Fedora 24
ansible_user: gethmann
user_account: gethmann
ip_suffix: 113
loc: 618
os: Fedora 27
extra_software:
- subversion # ANKA software
- borgbackup
- mosh # ssh alternative
# keepass compatible console client
- kpcli
- perl-Clipboard
- perl-Capture-Tiny
- ctags # vim tags
- zsh
# ansible_connection: local
ansible_user: gethmann
user_account: gethmann
ip_suffix: 114
loc: 619
os: Fedora 26
ansible_user: gethmann
user_account: rossmanith
ip_suffix: 115
loc: 619
os: Fedora 25
ansible_connection: local
ansible_user: gethmann
user_account: widmann
ip_suffix: 116
loc: 618
os: Fedora 24
ansible_user: gethmann
user_account: blomley
ip_suffix: 117
loc: 620
os: Fedora 25
# ansible_connection: local
ansible_user: gethmann
user_account: gethmann
ip_suffix: 118
loc: 620
os: Fedora 25
ansible_user: gethmann
user_account: tong
ip_suffix: 120
loc: 621
os: Fedora 26
# ansible_connection: local
ansible_user: gethmann
user_account: petri
ip_suffix: 122
loc: 621
os: Fedora 26
ansible_user: gethmann
user_account: gethmann
ip_suffix: 126
loc: 618
os: Fedora 25
ansible_user: bernhard
user_account: bernhard
ip_suffix: 127
loc: 622
os: Fedora 25
ansible_user: gethmann
user_account: bernhard
ip_suffix: 93
loc: -10.
os: ubuntu
# stable # stable
[las-archiv1] [clients]
las113.las.kit.edu las113.las.kit.edu
las111.las.kit.edu las115.las.kit.edu
las116.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las93.las.kit.edu las93.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
[opera] [desktop]
las113.las.kit.edu las113.las.kit.edu
las114.las.kit.edu las115.las.kit.edu
las-bernhard.anka.kit.edu las116.las.kit.edu
las111.las.kit.edu
las118.las.kit.edu las118.las.kit.edu
las117.las.kit.edu las120.las.kit.edu
las122.las.kit.edu
las-gethmann.las.kit.edu
las122.las.kit.edu
[lasarchiv]
las113.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu las126.las.kit.edu
las127.las.kit.edu
las93.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
[elegant] [python]
las-gethmann.las.kit.edu
las113.las.kit.edu las113.las.kit.edu
las117.las.kit.edu las120.las.kit.edu
las111.las.kit.edu las122.las.kit.edu
[ipynb] # Jupyter notebook
las-gethmann.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
[kdev] # KDevelope
[jabref]
las113.las.kit.edu
las-gethmann.las.kit.edu
[pynaff]
las-gethmann.las.kit.edu
las113.las.kit.edu
las126.las.kit.edu
[pycharm]
las-gethmann.las.kit.edu
las113.las.kit.edu
las122.las.kit.edu
[chrome]
las-gethmann.las.kit.edu
[latex]
las-gethmann.las.kit.edu
las113.las.kit.edu
las118.las.kit.edu
las120.las.kit.edu
las122.las.kit.edu
[opera]
las113.las.kit.edu
las118.las.kit.edu
las122.las.kit.edu
las126.las.kit.edu las126.las.kit.edu
las127.las.kit.edu
[mad8]
las113.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
[nfs-server]
las126.las.kit.edu
# developement
[lab] [lab]
las93.las.kit.edu las93.las.kit.edu
...@@ -29,45 +89,32 @@ las93.las.kit.edu ...@@ -29,45 +89,32 @@ las93.las.kit.edu
las113.las.kit.edu las113.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
[clients] [elegant]
las111.las.kit.edu
127.0.0.1
las114.las.kit.edu
las116.las.kit.edu
las118.las.kit.edu
las113.las.kit.edu las113.las.kit.edu
las93.las.kit.edu las117.las.kit.edu
las120.las.kit.edu
# las122.las.kit.edu
# las111.las.kit.edu
las126.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
[desktop] [epics]
las111.las.kit.edu
las113.las.kit.edu las113.las.kit.edu
las114.las.kit.edu
las116.las.kit.edu
las118.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
# semi stable [ripgrep]
[scipy]
las114.las.kit.edu
las113.las.kit.edu las113.las.kit.edu
las111.las.kit.edu las-gethmann.las.kit.edu
las126.las.kit.edu las101.las.kit.edu
# testing [inovesa]
[alle]
las101.las.kit.edu
las111.las.kit.edu
las113.las.kit.edu las113.las.kit.edu
las114.las.kit.edu
las118.las.kit.edu
las126.las.kit.edu
las-bernhard.anka.kit.edu
# semi stable
[local] [local]
127.0.0.1 ansible_connection=local # 127.0.0.1 ansible_connection=local
[admin-pcs] [admin_pcs]
las113.las.kit.edu las113.las.kit.edu
las101.las.kit.edu las101.las.kit.edu
las-gethmann.las.kit.edu las-gethmann.las.kit.edu
...@@ -77,6 +124,3 @@ las101.las.kit.edu ...@@ -77,6 +124,3 @@ las101.las.kit.edu
[cn] [cn]
las-bernhard.anka.kit.edu las-bernhard.anka.kit.edu
[simulation]
las126.las.kit.edu
- hosts: inovesa
roles:
- inovesa
- hosts: ipynb
roles:
- ipynb
- hosts: jabref
tasks:
- name: install Jabref
become: yes
dnf:
name: jabref
state: present
- hosts: kdev
roles:
- kdev
---
- include: common.yml
- include: clients.yml
tags: client
- include: opera.yml
tags: opera
#- include: update.yml
# tags: update
- include: desktop.yml
- include: admin.yml
- include: latex.yml
tags: latex
- include: kdev.yml
---
- include: common.yml
- include: clients.yml
tags: client
# - include: opera.yml
#- include: update.yml
# tags: update
- include: desktop.yml
- include: latex.yml
tags: latex
- hosts: latex
roles:
- latex
- hosts: mad8
roles:
- mad8
- hosts: nfs-server
roles:
- nfs-server
tags: nfs-server
- hosts: lasarchiv
roles:
- lasarchiv
tags: nfs-clients
---
- hosts: opera
become: yes
roles:
- opera
tags: opera
- hosts: pycharm
roles:
- pycharm
- hosts: pygui
roles:
- pygui
- hosts: pynaff
roles:
- naff_cpp
- hosts: python
roles:
- python_stack
- hosts: ripgrep
roles:
- ripgrep
--- ---
- name: "Install basic client software" - name: "Install basic client software"
apt: name={{ item }} state=latest apt:
name: "{{ item }}"
state: present
with_items: "{{ client_software }}" with_items: "{{ client_software }}"
when: ansible_distribution == 'Ubuntu' when: ansible_distribution == 'Ubuntu'
become: yes become: yes
- name: "Install basic client software" - name: "Install basic client software"
dnf: name={{ item }} state=latest dnf:
name: "{{ item }}"
state: present
with_items: "{{ client_software }}" with_items: "{{ client_software }}"
when: ansible_distribution == 'Fedora' when: ansible_distribution == 'Fedora'
become: yes become: yes
--- ---
- name: install CUPS - name: install CUPS
become: yes become: yes
dnf: name=cups state=latest dnf:
name: cups
state: present
when: ansible_distribution == 'Fedora' when: ansible_distribution == 'Fedora'
become: yes
- name: install CUPS - name: install CUPS
become: yes become: yes
apt: name=cups state=latest apt:
name: cups
state: present
when: ansible_distribution == 'Ubuntu' when: ansible_distribution == 'Ubuntu'
become: yes
- name: copy CUPS' configs - name: copy CUPS' configs
become: yes become: yes
copy: src={{ item }} dest=/etc/cups backup=yes group=lp owner=root copy:
src: "{{ item }}"
dest: /etc/cups
backup: yes
group: lp
owner: root
with_items: with_items:
- "printers.conf" - "printers.conf"
- "cupsd.conf" - "cupsd.conf"
...@@ -21,7 +28,13 @@ ...@@ -21,7 +28,13 @@
- name: copy PPD files - name: copy PPD files
become: yes become: yes
copy: src=ppd/{{ item }} dest=/etc/cups/ppd backup=yes group=root owner=root mode=644 copy:
src: "ppd/{{ item }}"
dest: /etc/cups/ppd
backup: yes
group: root
owner: root
mode: 0644
notify: restart cups notify: restart cups
with_items: with_items:
- "HP-LaserJet-P2015-Series.ppd" - "HP-LaserJet-P2015-Series.ppd"
......
---
- name: check
become: yes
blockinfile:
block: |
Section "ServerFlags"
Option "DontZap" "false"
EndSection
Section "InputClass"
Identifier "Keyboard Defaults"
MatchIsKeyboard "yes"
Option "XkbOptions" "terminate:ctrl_alt_bksp"
EndSection
path: /etc/X11/xorg.conf.d/10-enable-ctrl-alt-backspace
create: yes
backup: yes
state: present
tags: xorg
--- ---
- include: cups.yml - import_tasks: cups.yml
- include: basic_software.yml - import_tasks: basic_software.yml
- import_tasks: kill_x.yml
--- ---
- name: enable sshd - name: enable sshd
become: yes become: yes
service: name=sshd enabled=yes service:
name: sshd
enabled: yes
- name: restart sshd - name: restart sshd
become: yes become: yes
service: name=sshd state=restarted service:
name: sshd
state: restarted
- name: reload sshd - name: reload sshd
become: yes become: yes
service: name=sshd state=reloaded service:
name: sshd
state: reloaded
- name: start sshd - name: start sshd
become: yes become: yes
service: name=sshd state=started service:
name: sshd
state: started
- name: enable ntp - name: enable ntp
become: yes become: yes
service: name=ntpdate enabled=yes service:
name: ntpdate
enabled: yes
- name: start ntp - name: start ntp
become: yes become: yes
service: name=ntpdate state=started service:
name: ntpdate
state: started
- name: update-ca-trust
become: yes
command: update-ca-trust extract
- name: lock root user
become: yes
command: passwd -l root
- name: reload firewalld
become: yes
service:
name: firewalld
state: reloaded
- name: restart firewalld
become: yes
service:
name: firewalld
state: restarted
- name: enable ufw
become: yes
service:
name: ufw
enabled: yes
- name: restart ufw
become: yes
service:
name: ufw
state: restarted
- name: enable smartd
become: yes
service:
name: smartd
enabled: yes
- name: restart smartd
become: yes
service:
name: smartd
state: restarted
---
dependencies:
- { role: mail }
--- ---
# not tested yet
- name: install etckeeper - name: install etckeeper
become: yes become: yes
dnf: name=etckeeper state=installed package:
name: etckeeper
state: present
- name: Initialise etckeeper - name: Initialise etckeeper
tags: etckeeper
command: etckeeper init creates=/etc/.etckeeper chdir=/etc
become: yes become: yes
tags: etckeeper
command: etckeeper init
args:
creates: "/etc/.etckeeper"
chdir: /etc
- name: dnf as package manager - name: dnf as package manager
lineinfile: dest=/etc/etckeeper/etckeeper.conf line="HIGHLEVEL_PACKAGE_MANAGER=dnf" regexp="HIGHLEVEL_PACKAGE_MANAGER=.*" backup=yes
become: yes become: yes
lineinfile:
dest: /etc/etckeeper/etckeeper.conf
line: "HIGHLEVEL_PACKAGE_MANAGER=dnf"
regexp: "HIGHLEVEL_PACKAGE_MANAGER=.*"
backup: yes
when: (ansible_distribution == "Fedora" and ansible_distribution_major_version >= "18")
- name: yum as package manager
become: yes
lineinfile:
dest: /etc/etckeeper/etckeeper.conf
line: "HIGHLEVEL_PACKAGE_MANAGER=yum"
regexp: "HIGHLEVEL_PACKAGE_MANAGER=.*"
backup: yes
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version <= "7")
- name: apt as package manager
lineinfile:
dest: /etc/etckeeper/etckeeper.conf
line: "HIGHLEVEL_PACKAGE_MANAGER=apt"
regexp: "HIGHLEVEL_PACKAGE_MANAGER=.*"
backup: yes
become: yes
when: ansible_os_family == "Debian"
- name: use git
lineinfile:
dest: /etc/etckeeper/etckeeper.conf
line: 'VCS="git"'
regexp: '.*VCS="git"'
backup: yes
become: yes
- name: do not use bzr
lineinfile:
dest: /etc/etckeeper/etckeeper.conf
line: '# VCS="bzr"'
regexp: '.*VCS="bzr"'
backup: yes
become: yes
--- ---
# - name: install needed network manager libs
# become: yes
# dnf:
# name: '{{ item }}'
# state: present
# with_items:
# - NetworkManager-glib
# - libnm-qt-devel.x86_64
# - nm-connection-editor.x86_64
# - libsemanage-python
# - policycoreutils-python
# when: ((ansible_distribution == "Fedora" and ansible_distribution_number < 27) or ansible_distribution == "CentOS")
# does not work at the moment
# - name: set DNS Server
# nmcli:
# conn_name: enp0s31f6
# dns4:
# - 129.13.64.5
# - 141.3.175.65
# # - 8.8.8.8
# state: present
# type: ethernet
- name: set hostname - name: set hostname
hostname: "name=las{{ ip_suffix }}.las.kit.edu"
become: yes become: yes
hostname:
name: "las{{ ip_suffix }}.las.kit.edu"
- name: install needed network manager libs
dnf:
name: '{{ item }}'
state: installed
with_items:
- NetworkManager-glib
- libnm-qt-devel.x86_64
- nm-connection-editor.x86_64
- libsemanage-python
- policycoreutils-python
- name: set DNS Server
nmcli:
dns4:
- 129.13.64.5
- 141.3.175.65
- 8.8.8.8
state: present
--- ---
- include: etckeeper.yml - import_tasks: etckeeper.yml
- include: hostname.yml - import_tasks: hostname.yml
# - include: networking.yml # - import_tasks: networking.yml
- include: sshd.yml - import_tasks: sshd.yml
- include: sudoer.yml when: "'laptop' not in group_names"
- include: sysupdate.yml - import_tasks: sudoer.yml
- include: ntp.yml - import_tasks: sysupdate.yml
- include: yumrepos.yml - import_tasks: ntp.yml
- include: software.yml - import_tasks: yumrepos.yml
tags: lasrepo
- import_tasks: software.yml
- import_tasks: smartd.yml
tags: smartd
- import_tasks: sysrq.yml
--- ---
- name: install ntpdate - name: install ntpdate
dnf: state=latest name=ntpdate package:
state: present
name: ntpdate
become: yes become: yes
- name: set time server - name: set time server
...@@ -10,3 +12,17 @@ ...@@ -10,3 +12,17 @@
- start ntp - start ntp
- enable ntp - enable ntp
changed_when: False changed_when: False
- name: insert SCC into ntp configuration
become: yes
blockinfile:
insertafter: ^server .*[a-z]+.*$
path: /etc/ntp.conf
backup: yes
state: present
block: |
server ntp1.scc.kit.edu
server ntp2.scc.kit.edu
server ntp3.scc.kit.edu
server ntp4.scc.kit.edu
tags: ntp
---
- name: install smartd
become: yes
package:
name: smartmontools
state: present
notify:
- enable smartd
- restart smartd
- name: configure smartd on Fedora/CentOS
become: yes
lineinfile:
line: "DEVICESCAN -H -m {{ admin_mail }} -M exec /usr/libexec/smartmontools/smartdnotify -n standby,10,q -s (S/../.././02|L/../../6/03) -W 4,35,40"
regexp: ^DEVICESCAN .*$
backup: yes
path: /etc/smartmontools/smartd.conf
notify:
- enable smartd
- restart smartd
when: (ansible_distribution == "Fedora" or ansible_distribution == "CentOS")
--- ---
- name: install common software - name: install common software
package: name={{item}} state=latest become: true
package:
name: "{{ item }}"
state: present
with_items: "{{ common_software }}" with_items: "{{ common_software }}"
- name: install extra software
become: true become: true
package:
name: "{{ item }}"
state: present
with_items: "{{ extra_software }}"
when: extra_software is defined
--- ---
- name: Installed sshd - name: Installed sshd
dnf: state=installed name=openssh-server
become: yes become: yes
package:
state: present
name: openssh-server
- name: install firewalld
become: yes
package:
name: python-firewall
state: present
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
- name: Open port 22 on Fedora/CentOS
become: yes
firewalld:
port: 22/tcp
state: enabled
permanent: true
when: ansible_distribution == "Fedora" or
(ansible_distribution == "CentOS" and ansible_distribution_major_version >= 7)
notify:
- reload firewalld
- restart firewalld
- name: Open port 22 on Ubuntu
become: yes
ufw:
name: OpenSSH
rule: allow
notify:
- reload ufw
- enable ufw
when: ansible_distribution == "Ubuntu"
- name: Disable empty password login - name: Disable empty password login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitEmptyPasswords.*" line="PermitEmptyPasswords no" backup=yes
notify: restart sshd
become: yes become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitEmptyPasswords.*"
line: "PermitEmptyPasswords no"
backup: yes
notify: restart sshd
- name: Disable remote root login - name: Disable remote root login
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitRootLogin.*" line="PermitRootLogin no" backup=yes
notify: restart sshd
become: yes become: yes
lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitRootLogin.*"
line: "PermitRootLogin no"
backup: yes
notify: restart sshd
- name: Enable tunnel - name: Enable tunnel
lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitTunnel.*" line="PermitTunnel yes" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*PermitTunnel.*"
line: "PermitTunnel yes"
backup: yes
notify: notify:
- enable sshd - enable sshd
- restart sshd - restart sshd
...@@ -24,11 +68,19 @@ ...@@ -24,11 +68,19 @@
# command: chkconfig sshd on # command: chkconfig sshd on
- name: Add curves - name: Add curves
lineinfile: dest=/etc/ssh/sshd_config regexp="HostKey.*ed25519.*" line="HostKey /etc/ssh/ssh_host_ed25519_key" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: "HostKey.*ed25519.*"
line: "HostKey /etc/ssh/ssh_host_ed25519_key"
backup: yes
notify: restart sshd notify: restart sshd
become: yes become: yes
- name: enable PAM - name: enable PAM
lineinfile: dest=/etc/ssh/sshd_config regexp=".*UsePAM .*" line="UsePAM yes" backup=yes lineinfile:
dest: /etc/ssh/sshd_config
regexp: ".*UsePAM .*"
line: "UsePAM yes"
backup: yes
become: yes become: yes
notify: restart sshd notify: restart sshd
--- ---
- name: Ensure sudo is installed - name: Ensure sudo is installed
dnf: pkg=sudo state=installed
become: yes become: yes
package:
pkg: sudo
state: present
- name: Copy sudoers file including validation - name: Copy sudoers file including validation
become: yes become: yes
template: src=sudoers.j2 dest=/etc/sudoers.d/sudoers validate='visudo -cf %s' backup=yes owner=root group=root mode=440 template:
register: sudoers_enrole_result src: sudoers.j2
dest: /etc/sudoers.d/sudoers
validate: 'visudo -cf %s'
backup: yes
owner: root
group: root
mode: 0440
notify: lock root user
- name: requiretty in sudoers - name: requiretty in sudoers
lineinfile: backup=yes regexp="Defaults !?requiretty" state=present dest=/etc/sudoers line="Defaults !requiretty" validate="visudo -c -f %s"
become: yes become: yes
lineinfile:
- name: Lock the root user backup: yes
become: yes regexp: "Defaults !?requiretty"
shell: passwd -l root state: present
#failed_when: "'Success' not in command_result.stdout" dest: /etc/sudoers
when: sudoers_enrole_result|success and sudoers_enrole_result|changed line: "Defaults !requiretty"
tags: lock root validate: "visudo -c -f %s"
---
- name: enable all magic keys or SysRq
become: yes
sysctl:
name: kernel.sysrq
value: 1
state: present
sysctl_file: /etc/sysctl.d/90-sysrq.conf
--- ---
- name: Updating the system - name: Updating the system
become: yes become: yes
dnf: name=* state=latest package: name=* state=latest
tags:
- skip_ansible_lint
when: ansible_distribution != "Ubuntu"