diff --git a/update_jobs/hourly_update.yaml b/update_jobs/hourly_update.yaml index 31aeca0..f459853 100644 --- a/update_jobs/hourly_update.yaml +++ b/update_jobs/hourly_update.yaml @@ -4,7 +4,6 @@ become: true tasks: - - name: block shutdown blockinfile: path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules @@ -23,15 +22,15 @@ - name: Make sure systemd-oomd service unit is stopped systemd_service: - state: stopped - name: systemd-oomd + state: stopped + name: systemd-oomd - name: remove other files include_tasks: ../yaml_sub/myrepo_clean.yaml - name: update file myrepo.repo import_tasks: ../yaml_sub/myrepo_data.yaml - - name: update system + - name: update system dnf: name: "google-chrome-stable,microsoft-edge-stable,code,zoom,microsoft-edge-stable,thunderbird,firefox" state: latest @@ -42,10 +41,10 @@ - name: Make sure systemd-oomd service unit is started systemd_service: - state: started - name: systemd-oomd + state: started + name: systemd-oomd - name: stop shutdown embargo ansible.builtin.file: path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules - state: "absent" \ No newline at end of file + state: "absent" diff --git a/install_desktop_packages.yaml b/update_jobs/install_desktop_packages.yaml similarity index 52% rename from install_desktop_packages.yaml rename to update_jobs/install_desktop_packages.yaml index 67628d3..453bd1e 100644 --- a/install_desktop_packages.yaml +++ b/update_jobs/install_desktop_packages.yaml @@ -1,15 +1,37 @@ --- -- name: install desktop stuff +- name: install desktop stuff hosts: all become: true tasks: + - name: block shutdown + blockinfile: + path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules + state: present + create: true + owner: "root" + group: "root" + mode: "0666" + block: | + polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.login1.power-off") == 0 || + action.id.indexOf("org.freedesktop.login1.reboot") == 0) { + return polkit.Result.AUTH_ADMIN; + } + }); + + - name: Make sure systemd-oomd service unit is stopped + systemd_service: + state: stopped + name: systemd-oomd + - name: Install base system include_tasks: yaml_sub/install_base_system.yaml - name: remove other files include_tasks: yaml_sub/myrepo_clean.yaml - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - name: install movie tools @@ -39,5 +61,15 @@ dest: /etc/systemd/system/default.target state: link - - name: disable tracker + - name: disable tracker shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done' + + - name: Make sure systemd-oomd service unit is started + systemd_service: + state: started + name: systemd-oomd + + - name: stop shutdown embargo + ansible.builtin.file: + path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules + state: "absent" diff --git a/update_jobs/update_to_version.yaml b/update_jobs/update_to_version.yaml new file mode 100644 index 0000000..662810b --- /dev/null +++ b/update_jobs/update_to_version.yaml @@ -0,0 +1,56 @@ +--- +- name: upgrade to next version + hosts: all + become: true + + tasks: + + - name: block shutdown + blockinfile: + path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules + state: present + create: true + owner: "root" + group: "root" + mode: "0666" + block: | + polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.login1.power-off") == 0 || + action.id.indexOf("org.freedesktop.login1.reboot") == 0) { + return polkit.Result.AUTH_ADMIN; + } + }); + + - name: Make sure systemd-oomd service unit is stopped + systemd_service: + state: stopped + name: systemd-oomd + + - name: remove other files + include_tasks: ../yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: ../yaml_sub/myrepo_data.yaml + + - name: install system-upgrade + dnf: + name: "dnf-command(system-upgrade)" + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: upgrade version + shell: "dnf -y system-upgrade download --refresh --releasever={{version}} --allowerasing --best --skip-broken; dnf system-upgrade reboot" + + - name: Make sure systemd-oomd service unit is started + systemd_service: + state: started + name: systemd-oomd + + - name: stop shutdown embargo + ansible.builtin.file: + path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules + state: "absent" + + diff --git a/update_jobs/yaml_sub b/update_jobs/yaml_sub new file mode 120000 index 0000000..6b8c3e3 --- /dev/null +++ b/update_jobs/yaml_sub @@ -0,0 +1 @@ +../yaml_sub \ No newline at end of file diff --git a/yaml_sub/install_base_system.yaml b/yaml_sub/install_base_system.yaml index 845b802..134c1fb 100644 --- a/yaml_sub/install_base_system.yaml +++ b/yaml_sub/install_base_system.yaml @@ -1,251 +1,252 @@ --- - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: update system (base) - dnf: - name: "*" - state: latest - update_cache: true - skip_broken: true - nobest: false - allowerasing: true +- name: update system (base) + dnf: + name: "*" + state: latest + update_cache: true + skip_broken: true + nobest: false + allowerasing: true - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: Load group list - include_vars: - file: yaml_sub/groups_39.yaml - - name: Install groups - dnf: - name: "{{ groupnames }}" - disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything - update_cache: true - state: present - skip_broken: true - nobest: false - allowerasing: true - exclude: ghdl,sddm-x11 +- name: Load group list + include_vars: + file: yaml_sub/groups_39.yaml +- name: Install groups + dnf: + name: "{{ groupnames }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true + exclude: ghdl,sddm-x11 - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: Load package 1 list - include_vars: - file: yaml_sub/packages_1.yaml - - name: Install package 1 - dnf: - name: "{{ package1names }}" - disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything - update_cache: true - state: present - skip_broken: true - nobest: false - allowerasing: true +- name: Load package 1 list + include_vars: + file: yaml_sub/packages_1.yaml +- name: Install package 1 + dnf: + name: "{{ package1names }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: Load package 2 list - include_vars: - file: yaml_sub/packages_2.yaml - - name: Install package 2 - dnf: - name: "{{ package2names }}" - disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything - update_cache: true - state: present - skip_broken: true - nobest: false - allowerasing: true +- name: Load package 2 list + include_vars: + file: yaml_sub/packages_2.yaml +- name: Install package 2 + dnf: + name: "{{ package2names }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: Load package 3 list - include_vars: - file: yaml_sub/packages_3.yaml - - name: Install package 3 - dnf: - name: "{{ package3names }}" - disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything - update_cache: true - state: present - skip_broken: true - nobest: false - allowerasing: true +- name: Load package 3 list + include_vars: + file: yaml_sub/packages_3.yaml +- name: Install package 3 + dnf: + name: "{{ package3names }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: Install cuda - dnf: - name: cuda - enablerepo: "*" - update_cache: true - state: present - skip_broken: true - nobest: false - allowerasing: true +- name: Install cuda + dnf: + name: cuda + enablerepo: "*" + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: Make sure firewall service unit is diabled - systemd_service: - state: stopped - enabled: false - masked: true - name: firewalld - ignore_errors: true +- name: Make sure firewall service unit is diabled + systemd_service: + state: stopped + enabled: false + masked: true + name: firewalld + ignore_errors: true - - name: mount_info - include_tasks: yaml_sub/mount_info.yaml +- name: mount_info + include_tasks: yaml_sub/mount_info.yaml - - name: remove other files - include_tasks: yaml_sub/myrepo_clean.yaml - - name: update file myrepo.repo - import_tasks: yaml_sub/myrepo_data.yaml +- name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml +- name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml - - name: ssh - dnf: - name: "openssh,openssh-clients,openssh-server" - state: present - update_cache: true - skip_broken: true - nobest: false - allowerasing: true - - - name: Set SELinux to disabled - lineinfile: - path: /etc/selinux/config - regexp: '^SELINUX=' - line: SELINUX=disabled - create: true +- name: ssh + dnf: + name: "openssh,openssh-clients,openssh-server" + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true - - name: Set SSHd Config (TCPKeepAlive) - lineinfile: - path: /etc/ssh/sshd_config - state: present - line: "TCPKeepAlive yes" - create: true - - name: Set SSHd Config (ClientAliveInterval) - lineinfile: - path: /etc/ssh/sshd_config - state: present - line: "ClientAliveInterval 30" - - name: Set SSHd Config (ClientAliveCountMax) - lineinfile: - path: /etc/ssh/sshd_config - state: present - line: "ClientAliveCountMax 500" +- name: Set SELinux to disabled + lineinfile: + path: /etc/selinux/config + regexp: "^SELINUX=" + line: SELINUX=disabled + create: true - - name: Set Services (sge_qmaster) - lineinfile: - path: /etc/services - state: present - line: "sge_qmaster 6444/tcp" - create: true +- name: Set SSHd Config (TCPKeepAlive) + lineinfile: + path: /etc/ssh/sshd_config + state: present + line: "TCPKeepAlive yes" + create: true - - name: Set Services (sge_execd) - lineinfile: - path: /etc/services - state: present - line: "sge_execd 6445/tcp" +- name: Set SSHd Config (ClientAliveInterval) + lineinfile: + path: /etc/ssh/sshd_config + state: present + line: "ClientAliveInterval 30" - - name: Set Services (nrpe) - lineinfile: - path: /etc/services - state: present - line: "nrpe 5666/tcp # NRPE" +- name: Set SSHd Config (ClientAliveCountMax) + lineinfile: + path: /etc/ssh/sshd_config + state: present + line: "ClientAliveCountMax 500" - - name: Set Cups - lineinfile: - path: /etc/cups/client.conf - state: present - line: "ServerName 10.10.10.16" - create: true +- name: Set Services (sge_qmaster) + lineinfile: + path: /etc/services + state: present + line: "sge_qmaster 6444/tcp" + create: true - - name: ldap - include_tasks: yaml_sub/ldap.yaml - - - name: sssd - include_tasks: yaml_sub/sssd.yaml +- name: Set Services (sge_execd) + lineinfile: + path: /etc/services + state: present + line: "sge_execd 6445/tcp" - - name: set time zone - timezone: - name: Europe/Berlin +- name: Set Services (nrpe) + lineinfile: + path: /etc/services + state: present + line: "nrpe 5666/tcp # NRPE" - - name: enable ping - shell: "setcap cap_net_raw+p /bin/ping" +- name: Set Cups + lineinfile: + path: /etc/cups/client.conf + state: present + line: "ServerName 10.10.0.8" + create: true - - name: procmail - dnf: - name: "procmail" - state: present - update_cache: true - skip_broken: true - nobest: false - allowerasing: true +- name: ldap + include_tasks: yaml_sub/ldap.yaml - - name: esmtprc - blockinfile: - path: /etc/esmtprc - state: present - create: true - block: | - hostname = 134.102.55.235:25 - mda "/usr/bin/procmail -d %T" +- name: sssd + include_tasks: yaml_sub/sssd.yaml - - name: Link for chrome - file: - src: /opt/google/chrome/chrome - dest: /bin/chrome - state: link +- name: set time zone + timezone: + name: Europe/Berlin - - name: set /etc/profile - blockinfile: - path: /etc/profile.d/sge.sh - state: present - create: true - owner: "root" - group: "root" - mode: "0666" - block: | - SGE_ROOT=/sge-root - export SGE_ROOT - - SGE_ARCH=`/opt/sge/util/arch` - export SGE_ARCH - DRMAA_LIBRARY_PATH=/opt/sge/lib/lx-amd64/libdrmaa.so - - SGE_CELL=neuro - export SGE_CELL - SGE_CLUSTER_NAME=Neuro - export SGE_CLUSTER_NAME - - unset SGE_QMASTER_PORT - unset SGE_EXECD_PORT - - MANPATH=/opt/sge/man:$MANPATH - export MANPATH - PATH=/opt/sge/bin:/opt/sge/bin/lx-amd64/:$PATH - export PATH - shlib_path_name=/opt/sge/lib/lx-amd64/:$LD_LIBRARY_PATH - export shlib_path_name - +- name: enable ping + shell: "setcap cap_net_raw+p /bin/ping" + +- name: procmail + dnf: + name: "procmail" + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + +- name: esmtprc + blockinfile: + path: /etc/esmtprc + state: present + create: true + block: | + hostname = 134.102.55.235:25 + mda "/usr/bin/procmail -d %T" + +- name: Link for chrome + file: + src: /opt/google/chrome/chrome + dest: /bin/chrome + state: link + +- name: set /etc/profile + blockinfile: + path: /etc/profile.d/sge.sh + state: present + create: true + owner: "root" + group: "root" + mode: "0666" + block: | + SGE_ROOT=/sge-root + export SGE_ROOT + + SGE_ARCH=`/opt/sge/util/arch` + export SGE_ARCH + DRMAA_LIBRARY_PATH=/opt/sge/lib/lx-amd64/libdrmaa.so + + SGE_CELL=neuro + export SGE_CELL + SGE_CLUSTER_NAME=Neuro + export SGE_CLUSTER_NAME + + unset SGE_QMASTER_PORT + unset SGE_EXECD_PORT + + MANPATH=/opt/sge/man:$MANPATH + export MANPATH + PATH=/opt/sge/bin:/opt/sge/bin/lx-amd64/:$PATH + export PATH + shlib_path_name=/opt/sge/lib/lx-amd64/:$LD_LIBRARY_PATH + export shlib_path_name diff --git a/yaml_sub/myrepo_data.yaml b/yaml_sub/myrepo_data.yaml index b1b6e70..ffd524c 100644 --- a/yaml_sub/myrepo_data.yaml +++ b/yaml_sub/myrepo_data.yaml @@ -13,106 +13,105 @@ baseurl=http://10.10.0.11/repos/Fedora/$releasever/Fedora/os enabled=1 gpgcheck=0 - + [FEDORAUPDATE] name=Fedora Update $releasever baseurl=http://10.10.0.11/repos/Fedora/$releasever/Fedora_Update enabled=1 gpgcheck=0 - + [CUDA_37] name=NVidia Cuda 37 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_37 enabled=0 gpgcheck=0 - + [CUDA_36] name=NVidia Cuda 36 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_36 enabled=0 gpgcheck=0 - + [CUDA_35] name=NVidia Cuda 35 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_35 enabled=0 gpgcheck=0 - + [CUDA_RHEL8] name=NVidia Cuda RHEL 8 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_rhel8 enabled=0 gpgcheck=0 - + [Google] name=Google baseurl=http://10.10.0.11/repos/Fedora/AllVersion/google_64 enabled=1 gpgcheck=0 - - [oneAPI] - name=oneAPI - baseurl=http://10.10.0.11/repos/Fedora/AllVersion/oneAPI - enabled=1 - gpgcheck=0 - + + # [oneAPI] + # name=oneAPI + # baseurl=http://10.10.0.11/repos/Fedora/AllVersion/oneAPI + # enabled=1 + # gpgcheck=0 + [Opera] name=Opera baseurl=http://10.10.0.11/repos/Fedora/AllVersion/opera enabled=1 gpgcheck=0 - + [RPMFusionFreeUpdate] name=RPM Fusion Free Update $releasever baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_free/ enabled=1 gpgcheck=0 - + [RPMFusionNonFreeUpdate] name=RPM Fusion Non Free Update $releasever baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_nonfree/ enabled=1 gpgcheck=0 - + [RPMFusionFreeEverything] name=RPM Fusion Free Everything $releasever baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_free2/os enabled=1 gpgcheck=0 - + [RPMFusionNonFreeEverything] name=RPM Fusion Non Free Everything $releasever baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_nonfree2/os enabled=1 gpgcheck=0 - + [SGE] name=SGE - baseurl=http://10.10.0.11/repos/Fedora/32/sge/copr-be.cloud.fedoraproject.org/results/loveshack/SGE/fedora-32-x86_64 + baseurl=http://10.10.0.11/repos/Fedora/37/sge/copr-be.cloud.fedoraproject.org/results/loveshack/SGE/fedora-37-x86_64 enabled=1 gpgcheck=0 - + [VSCode] name=VS Code baseurl=http://10.10.0.11/repos/Fedora/AllVersion/vscode enabled=1 gpgcheck=0 - + [zoom] name=zoom baseurl=http://10.10.0.11/repos/Fedora/AllVersion/zoom enabled=1 gpgcheck=0 - + [msedge] name=msedge baseurl=http://10.10.0.11/repos/Fedora/AllVersion/edge enabled=1 gpgcheck=0 - + [docker-ce-stable] name=Docker CE Stable - $basearch baseurl=http://10.10.0.11/repos/Fedora/$releasever/docker enabled=0 gpgcheck=0 -