davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add files via upload

Browse source
This commit is contained in:
David Rotermund 2024-04-16 10:10:11 +02:00 committed by GitHub
parent 23a8918257
commit 193e98165b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
21 changed files with 569 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

132
install_checkmk.yaml Normal file
View file

@ -0,0 +1,132 @@
---
- name: install check
hosts: all
become: true
vars:
tasks:
- name: Create network CheckNet
community.docker.docker_network:
name: CheckNet
- name: remove other files
include_tasks: yaml_sub/install_docker.yaml
- name: mount dirs
include_tasks: yaml_sub/mount_info.yaml
- name: set ldap
include_tasks: yaml_sub/ldap.yaml
- name: set sssd
include_tasks: yaml_sub/sssd.yaml
- name: Create volume monitoring
community.docker.docker_volume:
name: monitoring
state: present
- name: Create checkmk
community.docker.docker_container:
name: checkmk
image: checkmk/check-mk-raw
state: started
recreate: no
restart_policy: always
published_ports:
- "80:5000/tcp"
- "8000:8000/tcp"
volumes:
- "monitoring:/omd/sites"
- "/etc/localtime:/etc/localtime:ro"
env:
MAIL_RELAY_HOST: "smtpd"
networks:
- name: CheckNet
- name: bridge
comparisons:
networks: strict
hostname: "neuro.uni-bremen.de"
- name: set smtpd_pre.conf
blockinfile:
path: /root/opensmtpd/smtpd_pre.conf
state: present
create: true
owner: "root"
group: "root"
mode: "0644"
block: |
listen on 0.0.0.0
listen on ::
table aliases file:/etc/smtpd/aliases
queue ttl 4d
bounce warn-interval 1h, 6h, 2d
smtp max-message-size 35M
table authinfo db:/etc/smtpd/authinfo.db
action default relay host "smtps://user@mailhost.neurotec.uni-bremen.de:465" auth <authinfo> tls no-verify
match from any for any action default
- name: Create a volume smtpd_spool
community.docker.docker_volume:
name: smtpd_spool
state: present
- name: Create OpenSMTPd
community.docker.docker_container:
name: smtpd
image: wodby/opensmtpd
state: started
recreate: no
restart_policy: always
published_ports:
- "25:25/tcp"
env:
RELAY_HOST: "XXX"
RELAY_PROTO: "smtps"
RELAY_PORT: "XXX"
RELAY_USER: "{{ EMAIL__USERNAME }}"
RELAY_PASSWORD: "{{ EMAIL__PASSWORD }}"
volumes:
- "/root/opensmtpd/smtpd_pre.conf:/etc/gotpl/smtpd.conf.tmpl"
- "smtpd_spool:/var/spool/smtpd"
networks:
- name: CheckNet
- name: bridge
comparisons:
networks: strict
- name: install mailx
dnf:
name: "mailx,telnet,sendmail"
state: latest
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: esmtprc
blockinfile:
path: /etc/esmtprc
state: present
create: true
block: |
hostname = 127.0.0.1:25
mda "/usr/bin/procmail -d %T"
# You will find the provisional password for the cmkadmin account in the logs that are written for this container
# docker container logs monitoring
# dnf install -y http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm
#
# myhostname=`hostname`
# cmk-agent-ctl register --server 10.10.0.3:8000 --site cmk --user automation --trust-cert --password 'UTUBJELBGMKMSHEHHOMC' --hostname $myhostname

23
install_checkmk_client_phase_a.yaml Normal file
View file

@ -0,0 +1,23 @@
---
- name: install check client
hosts: all
become: true
tasks:
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install client
ansible.builtin.dnf:
name: "http://10.10.0.3/cmk/check_mk/agents/check-mk-agent-2.2.0p24-1.noarch.rpm"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
disable_gpg_check: true

9
install_checkmk_client_phase_b.yaml Normal file
View file

@ -0,0 +1,9 @@
---
- name: register check client
hosts: all
become: true
tasks:
- name: register check client
shell: "myhostname=`hostname` ; cmk-agent-ctl register --server 10.10.0.3:8000 --site cmk --user automation --trust-cert --password '{{ password }}' --hostname $myhostname"

2
install_docker_web.yaml
View file

@ -18,7 +18,7 @@
name: portainerweb name: portainerweb
image: portainer/portainer-ce image: portainer/portainer-ce
state: started state: started
recreate: yes recreate: no
restart_policy: always restart_policy: always
published_ports: published_ports:
- "8000:8000/tcp" - "8000:8000/tcp"

61
install_gitlab.yaml Normal file
View file

@ -0,0 +1,61 @@
---
- name: install gitlab
hosts: all
become: true
tasks:
- name: Create network GitLabNet
community.docker.docker_network:
name: GitLabNet
# - name: install docker
# ansible.builtin.include_tasks: yaml_sub/install_docker.yaml
- name: Create a volume
community.docker.docker_volume:
name: gitlab_opt
state: present
- name: Create a volume
community.docker.docker_volume:
name: gitlab_etc
state: present
- name: Create a volume
community.docker.docker_volume:
name: gitlab_log
state: present
# - name: Create gitlab container
# community.docker.docker_container:
# name: gitlab
# image: gitlab/gitlab-ce
# state: started
# recreate: no
# GITLAB_ROOT_PASSWORD
## hostname: 'gitlab.example.com'
# GITLAB_OMNIBUS_CONFIG: |
# # Add any other gitlab.rb configuration here, each on its own line
# external_url 'https://gitlab.example.com'
# restart_policy: always
## published_ports:
## - "443:443/tcp"
## - "80:80/tcp"
## - "22:22/tcp"
# volumes:
# - "gitlab_opt:/var/opt/gitlab"
# - "gitlab_etc:/etc/gitlab"
# - "gitlab_log:/var/log/gitlab"
## - /var/run/docker.sock:/var/run/docker.sock
# networks:
# - name: OverleafNet
# - name: bridge
# comparisons:
# networks: strict
# shm_size: '256m'

2
install_pi_hole.yaml
View file

@ -34,7 +34,7 @@
name: pihole name: pihole
image: pihole/pihole image: pihole/pihole
state: started state: started
recreate: yes recreate: no
restart_policy: always restart_policy: always
published_ports: published_ports:
- "53:53/tcp" - "53:53/tcp"

76
install_slurm.yaml Normal file
View file

@ -0,0 +1,76 @@
---
- name: install slurm
hosts: all
become: true
vars:
sqlpwd: "{{ env_sql_pw}}"
sqlrootpwd: "{{ env_root_sql_pw}}"
tasks:
- name: export munge user
shell: "export MUNGEUSER=10001"
- name: export export SlurmUSER
shell: "export export SlurmUSER=10000"
- name: mount_info
include_tasks: yaml_sub/mount_info.yaml
- name: ldap
include_tasks: yaml_sub/ldap.yaml
- name: sssd
include_tasks: yaml_sub/sssd.yaml
- name: install docker
ansible.builtin.include_tasks: yaml_sub/install_docker.yaml
- name: Create volume slurm_maria_db
community.docker.docker_volume:
name: slurm_maria_db
state: present
- name: Create mariab container
community.docker.docker_container:
name: slurmmariadb
image: mariadb
state: started
recreate: no
restart_policy: always
env:
MARIADB_DATABASE: "slurm"
MARIADB_USER: "slurm"
MARIADB_PASSWORD: "{{ sqlpwd }}"
MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}"
MYSQL_ROOT_HOST: '%'
published_ports:
- "3306:3306/tcp"
networks:
- name: bridge
comparisons:
networks: strict
volumes:
- "slurm_maria_db:/var/lib/mysql"
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install slurm
dnf:
name: slurm,slurm-slurmctld,slurm-slurmdbd,slurm-slurmrestd,slurm-gui,munge,python3-mysql
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: install munge server
include_tasks: yaml_sub/install_munge_server.yaml

38
ldap_fix_group_permissions.lif Normal file
View file

@ -0,0 +1,38 @@
# ldapmodify -x -W -D "cn=admin" -f temp.lif
# ldapsearch -x -W -D "cn=admin" -b "dc=ldap,dc=neuro,dc=uni-bremen,dc=de" -LLL -s sub '(aci=*)' aci
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
delete: aci
aci: (targetattr="cn || member || memberUid || gidNumber || nsUniqueId || description || objectClass")(targetfilter="(objectClass=groupOfNames)")(version 3.0; acl "Enable anyone group read"; allow (read, search, compare)(userdn="ldap:///anyone");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
delete: aci
aci: (targetattr="member")(targetfilter="(objectClass=groupOfNames)")(version 3.0; acl "Enable group_modify to alter members"; allow (write)(groupdn="ldap:///cn=group_modify,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
delete: aci
aci: (targetattr="cn || member || gidNumber || description || objectClass")(targetfilter="(objectClass=groupOfNames)")(version 3.0; acl "Enable group_admin to manage groups"; allow (write, add, delete)(groupdn="ldap:///cn=group_admin,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
add: aci
aci: (targetattr="cn || member || memberUid || gidNumber || nsUniqueId || description || objectClass")(targetfilter="(objectClass=posixGroup)")(version 3.0; acl "Enable anyone group read"; allow (read, search, compare)(userdn="ldap:///anyone");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
add: aci
aci: (targetattr="member")(targetfilter="(objectClass=posixGroup)")(version 3.0; acl "Enable group_modify to alter members"; allow (write)(groupdn="ldap:///cn=group_modify,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)
dn: ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
changetype: modify
add: aci
aci: (targetattr="cn || member || gidNumber || description || objectClass")(targetfilter="(objectClass=posixGroup)")(version 3.0; acl "Enable group_admin to manage groups"; allow (write, add, delete)(groupdn="ldap:///cn=group_admin,ou=permissions,dc=ldap,dc=neuro,dc=uni-bremen,dc=de");)

2
machines/check Normal file
View file

@ -0,0 +1,2 @@
check.neuro.uni-bremen.de

43
machines/cluster Normal file
View file

@ -0,0 +1,43 @@
gate0
gate1
gate2
gp3u1
gp3u2
gp4u1
gp4u2
gp4u3
gp4u4
gp4u5
gp4u6
gp4u7
granat1
granat2
granat3
granat4
granat5
granat6
granat7
granat8
octopode
doppio
fatbastard
nc46
nc47
nc48
nc49
nc50
nc51
nc52
nc53
nc54
nc55
nc56
nc57
nc58
nc59
nc60
nc61
nc62
nc63
nc64
nc66

1
machines/crystal Normal file
View file

@ -0,0 +1 @@
crystal.neuro.uni-bremen.de

1
machines/gitlab Normal file
View file

@ -0,0 +1 @@
10.10.0.6

1
machines/haggis Normal file
View file

@ -0,0 +1 @@
haggis.neuro.uni-bremen.de

1
machines/slurm Normal file
View file

@ -0,0 +1 @@
10.10.0.7

11
update_ldap.yaml Normal file
View file

@ -0,0 +1,11 @@
---
- name: update ldap setting
hosts: all
become: true
tasks:
- name: ldap
include_tasks: yaml_sub/ldap.yaml
- name: sssd
include_tasks: yaml_sub/sssd.yaml

39
yaml_sub/install_base_system.yaml
View file

@ -114,38 +114,17 @@
name: firewalld name: firewalld
ignore_errors: true ignore_errors: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install nfs tools
dnf:
name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Make sure rpcbind service unit is started
systemd_service:
enabled: true
state: started
name: rpcbind
- name: mount_info - name: mount_info
include_tasks: yaml_sub/mount_info.yaml include_tasks: yaml_sub/mount_info.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: ssh and sss - name: ssh
dnf: dnf:
name: "openssh,openssh-clients,openssh-server,sssd" name: "openssh,openssh-clients,openssh-server"
state: present state: present
update_cache: true update_cache: true
skip_broken: true skip_broken: true
@ -202,18 +181,8 @@
line: "ServerName 10.10.10.16" line: "ServerName 10.10.10.16"
create: true create: true
- name: set LDAP - name: ldap
blockinfile: include_tasks: yaml_sub/ldap.yaml
path: /etc/openldap/ldap.conf
state: present
create: true
owner: "root"
group: "root"
mode: "0644"
block: |
URI ldap://ldap.neuro.uni-bremen.de
BASE dc=ldap,dc=neuro,dc=uni-bremen,dc=de
TLS_REQCERT never
- name: sssd - name: sssd
include_tasks: yaml_sub/sssd.yaml include_tasks: yaml_sub/sssd.yaml

67
yaml_sub/install_munge_server.yaml Normal file
View file

@ -0,0 +1,67 @@
---
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: export munge user
shell: "export MUNGEUSER=10001"
- name: install slurm
dnf:
name: munge
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: save munge key
ansible.builtin.copy:
src: "../munge.key"
dest: "/etc/munge/munge.key"
owner: "munge"
group: "munge"
mode: 0400
- name: deal with directories /etc/munge
ansible.builtin.file:
path: "/etc/munge"
owner: "munge"
group: "munge"
mode: 0700
state: "directory"
- name: deal with directories /var/log/munge/
ansible.builtin.file:
path: "/var/log/munge"
owner: "munge"
group: "munge"
mode: 0700
state: "directory"
- name: Make sure munge is running
systemd_service:
daemon_reload: true
state: started
enabled: true
name: munge
- name: Set number of munge threads
lineinfile:
path: "/etc/systemd/system/multi-user.target.wants/munge.service"
regexp: "^ExecStart=/usr/sbin/munged"
line: "ExecStart=/usr/sbin/munged --num-threads 10"
create: true
- name: Make sure munge is restarted
systemd_service:
daemon_reload: true
state: restarted
enabled: true
name: munge

41
yaml_sub/ldap.yaml Normal file
View file

@ -0,0 +1,41 @@
---
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install openldap
dnf:
name: nss-pam-ldapd,openldap,openldap-clients
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Remove old entry (URI)
ansible.builtin.lineinfile:
path: /etc/openldap/ldap.conf
state: absent
line: "URI ldap://10.10.1.31"
- name: Remove old entry (BASE)
ansible.builtin.lineinfile:
path: /etc/openldap/ldap.conf
state: absent
line: "BASE dc=nas1,dc=neuro,dc=itp"
- name: set LDAP
blockinfile:
path: /etc/openldap/ldap.conf
state: present
create: true
owner: "root"
group: "root"
mode: "0644"
block: |
URI ldaps://ldap.neuro.uni-bremen.de:636
BASE dc=ldap,dc=neuro,dc=uni-bremen,dc=de
TLS_REQCERT never

26
yaml_sub/mount_info.yaml
View file

@ -1,4 +1,24 @@
--- ---
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install nfs tools
dnf:
name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Make sure rpcbind service unit is started
systemd_service:
enabled: true
state: started
name: rpcbind
- name: Mount /home - name: Mount /home
ansible.posix.mount: ansible.posix.mount:
src: 10.10.1.21:/volume1/home_dir src: 10.10.1.21:/volume1/home_dir
@ -7,6 +27,7 @@
boot: true boot: true
state: mounted state: mounted
fstype: nfs fstype: nfs
- name: Mount /glocal - name: Mount /glocal
ansible.posix.mount: ansible.posix.mount:
src: 10.10.1.1:/volume1/glocal src: 10.10.1.1:/volume1/glocal
@ -15,6 +36,7 @@
boot: true boot: true
state: mounted state: mounted
fstype: nfs fstype: nfs
- name: Mount /tools - name: Mount /tools
ansible.posix.mount: ansible.posix.mount:
src: 10.10.1.1:/volume1/tools src: 10.10.1.1:/volume1/tools
@ -23,6 +45,7 @@
boot: true boot: true
state: mounted state: mounted
fstype: nfs fstype: nfs
- name: Mount /0 - name: Mount /0
ansible.posix.mount: ansible.posix.mount:
src: 10.10.1.1:/volume1/data src: 10.10.1.1:/volume1/data
@ -31,6 +54,7 @@
boot: true boot: true
state: mounted state: mounted
fstype: nfs fstype: nfs
- name: Mount /sge-root - name: Mount /sge-root
ansible.posix.mount: ansible.posix.mount:
src: 10.10.10.16:/sge-root src: 10.10.10.16:/sge-root
@ -39,6 +63,7 @@
boot: true boot: true
state: mounted state: mounted
fstype: nfs fstype: nfs
- name: Mount /data_1 - name: Mount /data_1
ansible.posix.mount: ansible.posix.mount:
src: 10.10.1.31:/volume1/data src: 10.10.1.31:/volume1/data
@ -47,6 +72,7 @@
boot: true boot: true
state: mounted state: mounted
fstype: nfs fstype: nfs
- name: Mount /web - name: Mount /web
ansible.posix.mount: ansible.posix.mount:
src: 10.10.1.1:/volume1/web src: 10.10.1.1:/volume1/web

31
yaml_sub/sssd.yaml
View file

@ -1,4 +1,19 @@
--- ---
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install sssd
dnf:
name: sssd,sssd-ldap,sssd-tools
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Check for marker line - name: Check for marker line
lineinfile: lineinfile:
path: /etc/sssd/sssd.conf path: /etc/sssd/sssd.conf
@ -28,21 +43,31 @@
[domain/default] [domain/default]
id_provider = ldap id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://ldap.neuro.uni-bremen.de:636 ldap_uri = ldaps://ldap.neuro.uni-bremen.de:636
ldap_search_base = dc=ldap,dc=neuro,dc=uni-bremen,dc=de ldap_search_base = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
ldap_user_search_base = ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
ldap_group_search_base = ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
ldap_user_name = uid ldap_user_name = uid
ldap_user_uid_number = uidNumber ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber ldap_user_gid_number = gidNumber
ldap_user_home_directory = homeDirectory ldap_user_home_directory = homeDirectory
loginShell = loginShell ldap_user_shell = loginShell
ldap_user_fullname = cn ldap_user_fullname = cn
ldap_user_object_class = posixAccount ldap_user_object_class = posixAccount
ldap_default_authtok_type = password ldap_default_authtok_type = password
ldap_tls_reqcert = never ldap_tls_reqcert = never
# ldap_auth_disable_tls_never_use_in_production = true ldap_group_object_class = posixGroup
# ldap_id_use_start_tls = False ldap_group_gid_number = gidNumber
ldap_group_member = memberUid
ldap_group_name = cn
ldap_group_nesting_level = 5
register: marker_check register: marker_check
- name: enable sssd - name: enable sssd