ansible issueshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues2020-05-04T12:21:08+02:00https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/65script to add ipa-replica to dns2020-05-04T12:21:08+02:00sg7149script to add ipa-replica to dnsScript the change of the DNS entries for a new IPA replica.
Add the SRV entries to DNSVS
See [IPA docu](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide...Script the change of the DNS entries for a new IPA replica.
Add the SRV entries to DNSVS
See [IPA docu](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/creating-the-replica) and the [NETVS docu](https://www-net-doku.scc.kit.edu/webapi/release/intro/)
```
_ldap._tcp
_kerberos._tcp
_kerberos._udp
_kerberos-master._tcp
_kerberos-master._udp
_ntp._udp
_kpasswd._tcp
_kpasswd._udp
```Network movehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/108Opera installation failing when GNOME group should be installed2021-09-03T14:12:42+02:00sg7149Opera installation failing when GNOME group should be installedCalling host: asterix.las.kit.edu (Fedora 32)
Failing nodes: asterix
Summary
-------
Running the Opera role fails when trying to install GNOME group. It seems that the group was renamed.
Steps to reproduce
------------------
Try to...Calling host: asterix.las.kit.edu (Fedora 32)
Failing nodes: asterix
Summary
-------
Running the Opera role fails when trying to install GNOME group. It seems that the group was renamed.
Steps to reproduce
------------------
Try to install opera via the ansible role on Fedora 32 (GNOME may already be installed).
What is the current bug behavior?
---------------------------------
Fails when trying to group install "@GNOME".
What is the expected correct behaviour?
---------------------------------------
The GNOME group is installed and Opera installation succeeds.
Relevant logs and/or screenshots
--------------------------------
```
TASK [opera : install dependencies] ********************************************************************************************************************************************************************************************************
fatal: [asterix.las.kit.edu]: FAILED! => {"changed": false, "msg": "No group GNOME available.", "results": []}
```
Possible fixes
--------------
Use the correct name for the GNOME group.zx8344samira.fatehi@kit.eduzx8344samira.fatehi@kit.eduhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/106Opera 2020 on Fedora 332022-06-29T11:45:44+02:00sg7149Opera 2020 on Fedora 33Failing nodes: methusalix, idefix
Summary
-------
Running operafea-post fails with errors.
Steps to reproduce
------------------
(How one can reproduce the issue - this is very important)
What is the current bug behavior?
--------...Failing nodes: methusalix, idefix
Summary
-------
Running operafea-post fails with errors.
Steps to reproduce
------------------
(How one can reproduce the issue - this is very important)
What is the current bug behavior?
---------------------------------
(What actually happens)
What is the expected correct behaviour?
---------------------------------------
(What you should see instead)
Relevant logs and/or screenshots
--------------------------------
```
/usr/local/share/Opera_2020/code/bin/operafea-post
libGL error: MESA-LOADER: failed to open swrast (search paths /usr/lib64/dri)
libGL error: failed to load driver: swrast
forrtl: severe (174): SIGSEGV, segmentation fault occurred
Image PC Routine Line Source
libifcoremt.so.5 00007F2EBD00F522 for__signal_handl Unknown Unknown
libpthread-2.32.s 00007F2EB68CE1E0 Unknown Unknown Unknown
libQt5OpenGL.so.5 00007F2EB90663E1 _ZN9QGLFormat18op Unknown Unknown
operafea-post 00005625BA7193E0 Unknown Unknown Unknown
operafea-post 00005625BA719D9B Unknown Unknown Unknown
operafea-post 00005625BA7191A3 Unknown Unknown Unknown
operafea-post 00005625BA718069 Unknown Unknown Unknown
operafea-post 00005625B9DBCFED Unknown Unknown Unknown
operafea-post 00005625BA4A2148 Unknown Unknown Unknown
operafea-post 00005625B9DFE281 Unknown Unknown Unknown
libc-2.32.so 00007F2EB34BD1E2 __libc_start_main Unknown Unknown
operafea-post 00005625B9DB7AF9 Unknown Unknown Unknown
```
Possible fixes
--------------
Tried installing `libglvnd-opengl` to provide `/lib64/libOpenGL.so.0.0.0` which was missing, but was on a working Fedora 31 host.ue5734ue5734https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/102Environment dependent epics configuration2020-07-15T14:59:38+02:00sg7149Environment dependent epics configurationEPICS is used for different purposes/environments which currently include:
* KARA
* LASMagLab
* TGU measurement
* Jena magnet setup
The configuration so far is only valid for one case only and the other configurations are changed by han...EPICS is used for different purposes/environments which currently include:
* KARA
* LASMagLab
* TGU measurement
* Jena magnet setup
The configuration so far is only valid for one case only and the other configurations are changed by hand which
- needs more steps for the installation and
- is error prone to (re-)running ansible.
This should be fixed.
See also issue #9https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/93teamviewer installation stopps updates2020-08-17T09:57:29+02:00sg7149teamviewer installation stopps updatesCalling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: pepe, asterix
Summary
-------
Updates fail, because teamviewer repo cannot be found
Steps to reproduce
------------------
enable the teamviewer repositories () and run `dn...Calling host: obelix.las.kit.edu (Fedora 31)
Failing nodes: pepe, asterix
Summary
-------
Updates fail, because teamviewer repo cannot be found
Steps to reproduce
------------------
enable the teamviewer repositories () and run `dnf update`
What is the current bug behavior?
---------------------------------
```
Failed to synchronize cache for repo 'tvinternal_dev'
Ignoring repositories: tvinternal_dev
```
when running via ansible, it fails due to timeouts.
What is the expected correct behaviour?
---------------------------------------
Update runs without any problems.
Relevant logs and/or screenshots
--------------------------------
```
(Paste any relevant logs - please use code blocks (```) to format console output,
logs, and code as it's very hard to read otherwise.)
```
Possible fixes
--------------
As a workaround one can deactivate the repository, but then teamviewer will not get updates!
/cc @vn4918lp5884lp5884https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/92ansible ipv6 vs root2020-05-13T10:44:29+02:00sg7149ansible ipv6 vs rootansible tries to use IPv6 now that our hosts have proper DNS for IPv6.
Unfortunately the SSH-key for root only allows the IPv4 of obelix, so that running ansible fail atm.
One should either change the SSH-allowed IP addresses.
Or one sh...ansible tries to use IPv6 now that our hosts have proper DNS for IPv6.
Unfortunately the SSH-key for root only allows the IPv4 of obelix, so that running ansible fail atm.
One should either change the SSH-allowed IP addresses.
Or one should force ansible to use IPv4 only.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/91Add networking to common role2020-05-13T12:10:22+02:00sg7149Add networking to common roleAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationAdd some basic networking setup to the common role (maybe via nmcli-module)
* [ ] DNS v4, v6
* [ ] Default gateway v4 v6
* [x] Hostname
* [ ] dhclient on start
* [ ] auto negotiationhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/90Autoupdate on lab computers2020-07-15T15:40:04+02:00sg7149Autoupdate on lab computersChange the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that ex...Change the settings from security to all updates.
The computers are not used on a daily basis by one user, but may not be used interactively for some time. Hence the updates aren't triggered by the user, but there is also no user that expects certain behaviour not to change.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/85Opera on Fedora 312020-03-02T14:52:39+01:00sg7149Opera on Fedora 31To work around Opera not starting on Fedora 31 I linked the libhwloc.so.5->libhwloc.so.15.
Maybe one should also copy libhwloc.so.5 from CentOS7 (kantine) instead of linking the new one.
Probably also the new Opera 2020 will not depend ...To work around Opera not starting on Fedora 31 I linked the libhwloc.so.5->libhwloc.so.15.
Maybe one should also copy libhwloc.so.5 from CentOS7 (kantine) instead of linking the new one.
Probably also the new Opera 2020 will not depend on libhwloc.so.15, because their webpage claims to support RHEL7, but not RHEL8 and even RHEL8 seems to have libhwloc.so.5 instead of .15.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/80VGA-port @ ThinkCentres2020-02-17T15:54:47+01:00sg7149VGA-port @ ThinkCentresThe VGA-port on ThinkCentres seems to misbehave on Linux.
ThinkCentres (new M920t) with VGA connected to a VGA-Display boots and when switching to a higher resolution during booting (the monitor searches for signal and turns off).
Durin...The VGA-port on ThinkCentres seems to misbehave on Linux.
ThinkCentres (new M920t) with VGA connected to a VGA-Display boots and when switching to a higher resolution during booting (the monitor searches for signal and turns off).
During installation with KDE-Live-System it was possible to switch to a non-graphical console (ctrl+alt+2) and to login there and reboot (killing X did not help).
Probably it's possible to fix it with the right boot-flags.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/77IOC tasks2021-09-03T15:19:23+02:00sg7149IOC tasksSetup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git...Setup on the DHCP computer (e.g. faulus).
* [x] Add to DHCPd host list
* [x] Add to `/etc/hosts`
For each IOC computer (after [vinegar](https://github.com/KIT-IBPT/vinegar) and salt stack setup)
* Add `/etc/ssh/ssh_config`
```
Host git.scc.kit.edu
HostName git.scc.kit.edu
ProxyCommand ssh ${USER}@192.168.0.1 nc %h %p
```
(tested only for `~/.ssh/config`, yet.
* Add ssh-key-signature from gitlab to your known_hosts `/etc/ssh/ssh_known_hosts` (world readable) (not tested yet)
For each user on an IOC computer (e.g. caligula) one has to
* create the user `useradd $name -u $ID -G users -m`
* create ssh-key `ssh-keygen`
* ssh-copy-id to faulusyuancun.nieyuancun.niehttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/74MS fonts2019-10-28T18:15:54+01:00sg7149MS fontsCalling host: obelix.las.kit.edu (Fedora 30)
Failing nodes: asterix, obelix
Summary
-------
MS fonts installation (client role) fails, because of certificate issues of sf.net
Steps to reproduce
------------------
Run client role
...Calling host: obelix.las.kit.edu (Fedora 30)
Failing nodes: asterix, obelix
Summary
-------
MS fonts installation (client role) fails, because of certificate issues of sf.net
Steps to reproduce
------------------
Run client role
What is the current bug behavior?
---------------------------------
Client role fails when reaching the MS fonts task
What is the expected correct behaviour?
---------------------------------------
MS fonst install
Relevant logs and/or screenshots
--------------------------------
```
TASK [clients : install fonts] **************************************************************************************************************************************************************************************************************
fatal: [asterix.las.kit.edu]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for kent.dl.sourceforge.net:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=
False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org,
/etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076).", "status": -1, "url": "https://kent.dl.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-ins
taller-2.6-1.noarch.rpm"} ```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/72Fix munin2019-08-28T14:46:52+02:00sg7149Fix muninMunin does not provide proper graphs for the clients (asterix: empty graphs, obelix: broken graphics)Munin does not provide proper graphs for the clients (asterix: empty graphs, obelix: broken graphics)https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/71Fix EPICS role with Firewall at CS2021-09-03T15:29:41+02:00sg7149Fix EPICS role with Firewall at CSCSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --ad...CSS does not behave right due to firewall issues.
**Setup**:
CS + ANKA-VPN
**Problem**:
PVs are not shown as connected, though `caget` works.
**Workaround**:
```
sudo firewall-cmd --add-port=5064/udp --permanent
sudo firewall-cmd --add-source-port=5064/udp --permanent
sudo systemctl reload firewalld
```
**Ideas for better fixes**:
Add ANKA-VPN to internal-zone.
Or do a similar thing to the iptables rule:
```
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
```https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/70integrate ipa-healthcheck into munin2020-05-04T12:19:48+02:00sg7149integrate ipa-healthcheck into muninIntegrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.Integrate the very new ipa-healthcheck tool into munin and/or a warning system, so one gets informed when a system fails.
Caution: one probably should take care of nodes that go down expectedly, because they run on clients.https://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/69ssmtp fails every second time2020-02-24T17:29:24+01:00sg7149ssmtp fails every second timeCalling host: asterix.las.kit.edu (Fedora 30)
Failing nodes: asterix
Summary
-------
Every second time I run ansible-playbook sites.yml it fails at ssmtp rule
Steps to reproduce
------------------
run ansible twice
What is the c...Calling host: asterix.las.kit.edu (Fedora 30)
Failing nodes: asterix
Summary
-------
Every second time I run ansible-playbook sites.yml it fails at ssmtp rule
Steps to reproduce
------------------
run ansible twice
What is the current bug behavior?
---------------------------------
fails every second time
What is the expected correct behaviour?
---------------------------------------
does not fail
Relevant logs and/or screenshots
--------------------------------
```
[mail : install ssmtp and mailx] *******************************************************************************************************************************************************************************************************
failed: [asterix.las.kit.edu] (item=ssmtp) => {"ansible_loop_var": "item", "changed": false, "item": "ssmtp", "module_stderr": "/root/.ansible/tmp/ansible-tmp-1560283437.0299356-2401896733455/AnsiballZ_dnf.py:18: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses\n import imp\n", "module_stdout": "[master 1debf86] saving uncommitted changes in /etc prior to dnf run\n 1 file changed, 2 insertions(+)\n\n{\"msg\": \"Nothing to do\", \"changed\": false, \"results\": [\"Installed: ssmtp\"], \"rc\": 0, \"invocation\": {\"module_args\": {\"name\": [\"ssmtp\"], \"state\": \"present\", \"allow_downgrade\": false, \"autoremove\": false, \"bugfix\": false, \"disable_gpg_check\": false, \"disable_plugin\": [], \"disablerepo\": [], \"download_only\": false, \"enable_plugin\": [], \"enablerepo\": [], \"exclude\": [], \"installroot\": \"/\", \"install_repoquery\": true, \"install_weak_deps\": true, \"security\": false, \"skip_broken\": false, \"update_cache\": false, \"update_only\": false, \"validate_certs\": true, \"lock_timeout\": 0, \"conf_file\": null, \"disable_excludes\": null, \"download_dir\": null, \"list\": null, \"releasever\": null}}}\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 0}
```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/68deprecation: TRANSFORM_INVALID_GROUP_CHARS2020-02-24T17:24:49+01:00sg7149deprecation: TRANSFORM_INVALID_GROUP_CHARSCalling host: obelix.las.kit.edu (Fedora 29)
Failing nodes: asterix (Fedora 30)
Summary
-------
Deprecation warning
Steps to reproduce
------------------
sites.yml
What is the current bug behavior?
-------------------------------...Calling host: obelix.las.kit.edu (Fedora 29)
Failing nodes: asterix (Fedora 30)
Summary
-------
Deprecation warning
Steps to reproduce
------------------
sites.yml
What is the current bug behavior?
---------------------------------
deprecation warning
What is the expected correct behaviour?
---------------------------------------
no warning
Relevant logs and/or screenshots
--------------------------------
```
[DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
```
Possible fixes
--------------
(If you can, link to the line of code that might be responsible for the problem)
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/67NFS might not be mounted on start2020-08-24T17:46:02+02:00sg7149NFS might not be mounted on startCalling host: asterix.las.kit.edu (Fedora 29)
Failing nodes: asterix.las.kit.edu
Summary
-------
NFS is not mounted on boot.
Steps to reproduce
------------------
Boot the computer
What is the current bug behavior?
--------------...Calling host: asterix.las.kit.edu (Fedora 29)
Failing nodes: asterix.las.kit.edu
Summary
-------
NFS is not mounted on boot.
Steps to reproduce
------------------
Boot the computer
What is the current bug behavior?
---------------------------------
las-archiv1 is not mounted though it is in the fstab
What is the expected correct behaviour?
---------------------------------------
las-archiv1 is mounted after booting
Possible fixes
--------------
Probably the mounts are done before the network target is reached and therefore the NFS export is not viewable at that time, yet.
/cc @gethmannhttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/64automate adding of hosts2021-09-03T15:31:05+02:00sg7149automate adding of hostsUse the DNSVS-api to add the host also to the DNS
* sshfsUse the DNSVS-api to add the host also to the DNS
* sshfshttps://git.scc.kit.edu/las-it-organisation/32-0-IT-InstructionsAndRules/ansible/-/issues/63Fix died las1012020-02-24T17:27:11+01:00sg7149Fix died las101las101 did not come up again after reboot.
fsck fails and Ctrl+d does not work to get a prompt, yet.las101 did not come up again after reboot.
fsck fails and Ctrl+d does not work to get a prompt, yet.