davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add files via upload

Browse source
This commit is contained in:
David Rotermund 2024-04-12 17:38:02 +02:00 committed by GitHub
parent adccc99502
commit 1dde36966f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 360 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
backup_389ds.yaml Normal file
View file

@ -0,0 +1,54 @@
---
- name: backup 389ds volume
hosts: all
become: true
gather_facts: true
tasks:
- name: make remove old folder
ansible.builtin.file:
path: "/var/lib/dirsrv/slapd-localhost/bak"
state: "absent"
- name: make make new folder
ansible.builtin.file:
path: "/var/lib/dirsrv/slapd-localhost/bak"
state: "directory"
owner: "dirsrv"
group: "dirsrv"
mode: '0770'
- name: make backup folder
ansible.builtin.file:
path: "/389ds_backup/"
owner: "ansibleuser"
group: "ansibleuser"
mode: '0700'
state: "directory"
- name: backup 389ds database
shell: "dsconf localhost backup create"
- name: delete old file
ansible.builtin.file:
path: "/389ds_backup/389ds_db_{{ ansible_hostname }}.tgz"
state: "absent"
- name: create archive
community.general.archive:
dest: "/389ds_backup/389ds_db_{{ ansible_hostname }}.tgz"
path: "/var/lib/dirsrv/slapd-localhost/bak"
owner: "ansibleuser"
- name: create sudo permision
lineinfile:
path: "/etc/sudoers.d/root"
create: true
state: present
line: "root ALL=(ansibleuser) NOPASSWD: ALL"
- name: scp file into safety
ansible.builtin.shell: 'scp -o "StrictHostKeyChecking accept-new" /389ds_backup/389ds_db_{{ ansible_hostname }}.tgz ansibleuser@10.10.0.2:/home/backup_ansible/'
become: false

2
install_desktop_packages.yaml
View file

@ -4,6 +4,8 @@
become: true become: true
tasks: tasks:
- name: Install base system
include_tasks: yaml_sub/install_base_system.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml

2
install_ldap_389ds.yaml
View file

@ -137,6 +137,6 @@
sample_entries = yes sample_entries = yes
suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
# cd /root ; dscreate from-file instance.inf cd /root ; dscreate from-file instance.inf
# ldapsearch -x -H ldap://ldap.neuro.uni-bremen.de -s base -b "" "objectclass=*" # ldapsearch -x -H ldap://ldap.neuro.uni-bremen.de -s base -b "" "objectclass=*"

1
machines/ansible Normal file
View file

@ -0,0 +1 @@
ansible.neuro.uni-bremen.de

1
machines/hawaii Normal file
View file

@ -0,0 +1 @@
hawaii.neuro.uni-bremen.de

1
machines/ldap Normal file
View file

@ -0,0 +1 @@
ldap.neuro.uni-bremen.de

1
machines/takatuka Normal file
View file

@ -0,0 +1 @@
takatuka.neuro.uni-bremen.de

1
machines/tea Normal file
View file

@ -0,0 +1 @@
tea.neuro.uni-bremen.de

282
yaml_sub/install_base_system.yaml Normal file
View file

@ -0,0 +1,282 @@
---
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: update system (base)
dnf:
name: "*"
state: latest
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load group list
include_vars:
file: yaml_sub/groups_39.yaml
- name: Install groups
dnf:
name: "{{ groupnames }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
exclude: ghdl,sddm-x11
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 1 list
include_vars:
file: yaml_sub/packages_1.yaml
- name: Install package 1
dnf:
name: "{{ package1names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 2 list
include_vars:
file: yaml_sub/packages_2.yaml
- name: Install package 2
dnf:
name: "{{ package2names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 3 list
include_vars:
file: yaml_sub/packages_3.yaml
- name: Install package 3
dnf:
name: "{{ package3names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Install cuda
dnf:
name: cuda
enablerepo: "*"
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Make sure firewall service unit is diabled
systemd_service:
state: stopped
enabled: false
masked: true
name: firewalld
ignore_errors: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install nfs tools
dnf:
name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Make sure rpcbind service unit is started
systemd_service:
enabled: true
state: started
name: rpcbind
- name: mount_info
include_tasks: yaml_sub/mount_info.yaml
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: ssh and sss
dnf:
name: "openssh,openssh-clients,openssh-server,sssd"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Set SELinux to disabled
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
create: true
- name: Set SSHd Config (TCPKeepAlive)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "TCPKeepAlive yes"
create: true
- name: Set SSHd Config (ClientAliveInterval)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveInterval 30"
- name: Set SSHd Config (ClientAliveCountMax)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveCountMax 500"
- name: Set Services (sge_qmaster)
lineinfile:
path: /etc/services
state: present
line: "sge_qmaster 6444/tcp"
create: true
- name: Set Services (sge_execd)
lineinfile:
path: /etc/services
state: present
line: "sge_execd 6445/tcp"
- name: Set Services (nrpe)
lineinfile:
path: /etc/services
state: present
line: "nrpe 5666/tcp # NRPE"
- name: Set Cups
lineinfile:
path: /etc/cups/client.conf
state: present
line: "ServerName 10.10.10.16"
create: true
- name: set LDAP
blockinfile:
path: /etc/openldap/ldap.conf
state: present
create: true
owner: "root"
group: "root"
mode: "0644"
block: |
URI ldap://ldap.neuro.uni-bremen.de
BASE dc=ldap,dc=neuro,dc=uni-bremen,dc=de
TLS_REQCERT never
- name: sssd
include_tasks: yaml_sub/sssd.yaml
- name: set time zone
timezone:
name: Europe/Berlin
- name: enable ping
shell: "setcap cap_net_raw+p /bin/ping"
- name: procmail
dnf:
name: "procmail"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: esmtprc
blockinfile:
path: /etc/esmtprc
state: present
create: true
block: |
hostname = 134.102.55.235:25
mda "/usr/bin/procmail -d %T"
- name: Link for chrome
file:
src: /opt/google/chrome/chrome
dest: /bin/chrome
state: link
- name: set /etc/profile
blockinfile:
path: /etc/profile.d/sge.sh
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
SGE_ROOT=/sge-root
export SGE_ROOT
SGE_ARCH=`/opt/sge/util/arch`
export SGE_ARCH
DRMAA_LIBRARY_PATH=/opt/sge/lib/lx-amd64/libdrmaa.so
SGE_CELL=neuro
export SGE_CELL
SGE_CLUSTER_NAME=Neuro
export SGE_CLUSTER_NAME
unset SGE_QMASTER_PORT
unset SGE_EXECD_PORT
MANPATH=/opt/sge/man:$MANPATH
export MANPATH
PATH=/opt/sge/bin:/opt/sge/bin/lx-amd64/:$PATH
export PATH
shlib_path_name=/opt/sge/lib/lx-amd64/:$LD_LIBRARY_PATH
export shlib_path_name

19
yaml_sub/sssd.yaml
View file

@ -28,10 +28,21 @@
[domain/default] [domain/default]
id_provider = ldap id_provider = ldap
ldap_uri = ldap://10.10.1.31 ldap_uri = ldaps://ldap.neuro.uni-bremen.de:636
ldap_search_base = dc=nas1,dc=neuro,dc=itp ldap_search_base = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
ldap_auth_disable_tls_never_use_in_production = true
ldap_id_use_start_tls = False ldap_user_name = uid
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = homeDirectory
loginShell = loginShell
ldap_user_fullname = cn
ldap_user_object_class = posixAccount
ldap_default_authtok_type = password
ldap_tls_reqcert = never
# ldap_auth_disable_tls_never_use_in_production = true
# ldap_id_use_start_tls = False
register: marker_check register: marker_check
- name: enable sssd - name: enable sssd