davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Upload

Browse source
This commit is contained in:
David Rotermund 2024-04-20 02:23:17 +02:00
parent 3ebf9d1d81
commit 7940c31b95
6 changed files with 343 additions and 255 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
update_jobs/hourly_update.yaml
View file

@ -4,7 +4,6 @@
become: true become: true
tasks: tasks:
- name: block shutdown - name: block shutdown
blockinfile: blockinfile:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
@ -23,15 +22,15 @@
- name: Make sure systemd-oomd service unit is stopped - name: Make sure systemd-oomd service unit is stopped
systemd_service: systemd_service:
state: stopped state: stopped
name: systemd-oomd name: systemd-oomd
- name: remove other files - name: remove other files
include_tasks: ../yaml_sub/myrepo_clean.yaml include_tasks: ../yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: ../yaml_sub/myrepo_data.yaml import_tasks: ../yaml_sub/myrepo_data.yaml
- name: update system - name: update system
dnf: dnf:
name: "google-chrome-stable,microsoft-edge-stable,code,zoom,microsoft-edge-stable,thunderbird,firefox" name: "google-chrome-stable,microsoft-edge-stable,code,zoom,microsoft-edge-stable,thunderbird,firefox"
state: latest state: latest
@ -42,10 +41,10 @@
- name: Make sure systemd-oomd service unit is started - name: Make sure systemd-oomd service unit is started
systemd_service: systemd_service:
state: started state: started
name: systemd-oomd name: systemd-oomd
- name: stop shutdown embargo - name: stop shutdown embargo
ansible.builtin.file: ansible.builtin.file:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: "absent" state: "absent"

36
install_desktop_packages.yaml → update_jobs/install_desktop_packages.yaml
View file

@ -1,15 +1,37 @@
--- ---
- name: install desktop stuff - name: install desktop stuff
hosts: all hosts: all
become: true become: true
tasks: tasks:
- name: block shutdown
blockinfile:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.login1.power-off") == 0 ||
action.id.indexOf("org.freedesktop.login1.reboot") == 0) {
return polkit.Result.AUTH_ADMIN;
}
});
- name: Make sure systemd-oomd service unit is stopped
systemd_service:
state: stopped
name: systemd-oomd
- name: Install base system - name: Install base system
include_tasks: yaml_sub/install_base_system.yaml include_tasks: yaml_sub/install_base_system.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: install movie tools - name: install movie tools
@ -39,5 +61,15 @@
dest: /etc/systemd/system/default.target dest: /etc/systemd/system/default.target
state: link state: link
- name: disable tracker - name: disable tracker
shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done' shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done'
- name: Make sure systemd-oomd service unit is started
systemd_service:
state: started
name: systemd-oomd
- name: stop shutdown embargo
ansible.builtin.file:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: "absent"

56
update_jobs/update_to_version.yaml Normal file
View file

@ -0,0 +1,56 @@
---
- name: upgrade to next version
hosts: all
become: true
tasks:
- name: block shutdown
blockinfile:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
polkit.addRule(function(action, subject) {
if (action.id.indexOf("org.freedesktop.login1.power-off") == 0 ||
action.id.indexOf("org.freedesktop.login1.reboot") == 0) {
return polkit.Result.AUTH_ADMIN;
}
});
- name: Make sure systemd-oomd service unit is stopped
systemd_service:
state: stopped
name: systemd-oomd
- name: remove other files
include_tasks: ../yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: ../yaml_sub/myrepo_data.yaml
- name: install system-upgrade
dnf:
name: "dnf-command(system-upgrade)"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: upgrade version
shell: "dnf -y system-upgrade download --refresh --releasever={{version}} --allowerasing --best --skip-broken; dnf system-upgrade reboot"
- name: Make sure systemd-oomd service unit is started
systemd_service:
state: started
name: systemd-oomd
- name: stop shutdown embargo
ansible.builtin.file:
path: /etc/polkit-1/rules.d/55-inhibit-shutdown.rules
state: "absent"

1
update_jobs/yaml_sub Symbolic link
View file

@ -0,0 +1 @@
../yaml_sub

445
yaml_sub/install_base_system.yaml
View file

@ -1,251 +1,252 @@
--- ---
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: update system (base) - name: update system (base)
dnf: dnf:
name: "*" name: "*"
state: latest state: latest
update_cache: true update_cache: true
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load group list - name: Load group list
include_vars: include_vars:
file: yaml_sub/groups_39.yaml file: yaml_sub/groups_39.yaml
- name: Install groups - name: Install groups
dnf: dnf:
name: "{{ groupnames }}" name: "{{ groupnames }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true update_cache: true
state: present state: present
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
exclude: ghdl,sddm-x11 exclude: ghdl,sddm-x11
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 1 list - name: Load package 1 list
include_vars: include_vars:
file: yaml_sub/packages_1.yaml file: yaml_sub/packages_1.yaml
- name: Install package 1 - name: Install package 1
dnf: dnf:
name: "{{ package1names }}" name: "{{ package1names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true update_cache: true
state: present state: present
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 2 list - name: Load package 2 list
include_vars: include_vars:
file: yaml_sub/packages_2.yaml file: yaml_sub/packages_2.yaml
- name: Install package 2 - name: Install package 2
dnf: dnf:
name: "{{ package2names }}" name: "{{ package2names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true update_cache: true
state: present state: present
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 3 list - name: Load package 3 list
include_vars: include_vars:
file: yaml_sub/packages_3.yaml file: yaml_sub/packages_3.yaml
- name: Install package 3 - name: Install package 3
dnf: dnf:
name: "{{ package3names }}" name: "{{ package3names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true update_cache: true
state: present state: present
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Install cuda - name: Install cuda
dnf: dnf:
name: cuda name: cuda
enablerepo: "*" enablerepo: "*"
update_cache: true update_cache: true
state: present state: present
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Make sure firewall service unit is diabled - name: Make sure firewall service unit is diabled
systemd_service: systemd_service:
state: stopped state: stopped
enabled: false enabled: false
masked: true masked: true
name: firewalld name: firewalld
ignore_errors: true ignore_errors: true
- name: mount_info - name: mount_info
include_tasks: yaml_sub/mount_info.yaml include_tasks: yaml_sub/mount_info.yaml
- name: remove other files - name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: ssh - name: ssh
dnf: dnf:
name: "openssh,openssh-clients,openssh-server" name: "openssh,openssh-clients,openssh-server"
state: present state: present
update_cache: true update_cache: true
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: Set SELinux to disabled
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
create: true
- name: Set SSHd Config (TCPKeepAlive) - name: Set SELinux to disabled
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/selinux/config
state: present regexp: "^SELINUX="
line: "TCPKeepAlive yes" line: SELINUX=disabled
create: true create: true
- name: Set SSHd Config (ClientAliveInterval)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveInterval 30"
- name: Set SSHd Config (ClientAliveCountMax)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveCountMax 500"
- name: Set Services (sge_qmaster) - name: Set SSHd Config (TCPKeepAlive)
lineinfile: lineinfile:
path: /etc/services path: /etc/ssh/sshd_config
state: present state: present
line: "sge_qmaster 6444/tcp" line: "TCPKeepAlive yes"
create: true create: true
- name: Set Services (sge_execd) - name: Set SSHd Config (ClientAliveInterval)
lineinfile: lineinfile:
path: /etc/services path: /etc/ssh/sshd_config
state: present state: present
line: "sge_execd 6445/tcp" line: "ClientAliveInterval 30"
- name: Set Services (nrpe) - name: Set SSHd Config (ClientAliveCountMax)
lineinfile: lineinfile:
path: /etc/services path: /etc/ssh/sshd_config
state: present state: present
line: "nrpe 5666/tcp # NRPE" line: "ClientAliveCountMax 500"
- name: Set Cups - name: Set Services (sge_qmaster)
lineinfile: lineinfile:
path: /etc/cups/client.conf path: /etc/services
state: present state: present
line: "ServerName 10.10.10.16" line: "sge_qmaster 6444/tcp"
create: true create: true
- name: ldap - name: Set Services (sge_execd)
include_tasks: yaml_sub/ldap.yaml lineinfile:
path: /etc/services
- name: sssd state: present
include_tasks: yaml_sub/sssd.yaml line: "sge_execd 6445/tcp"
- name: set time zone - name: Set Services (nrpe)
timezone: lineinfile:
name: Europe/Berlin path: /etc/services
state: present
line: "nrpe 5666/tcp # NRPE"
- name: enable ping - name: Set Cups
shell: "setcap cap_net_raw+p /bin/ping" lineinfile:
path: /etc/cups/client.conf
state: present
line: "ServerName 10.10.0.8"
create: true
- name: procmail - name: ldap
dnf: include_tasks: yaml_sub/ldap.yaml
name: "procmail"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: esmtprc - name: sssd
blockinfile: include_tasks: yaml_sub/sssd.yaml
path: /etc/esmtprc
state: present
create: true
block: |
hostname = 134.102.55.235:25
mda "/usr/bin/procmail -d %T"
- name: Link for chrome - name: set time zone
file: timezone:
src: /opt/google/chrome/chrome name: Europe/Berlin
dest: /bin/chrome
state: link
- name: set /etc/profile - name: enable ping
blockinfile: shell: "setcap cap_net_raw+p /bin/ping"
path: /etc/profile.d/sge.sh
state: present - name: procmail
create: true dnf:
owner: "root" name: "procmail"
group: "root" state: present
mode: "0666" update_cache: true
block: | skip_broken: true
SGE_ROOT=/sge-root nobest: false
export SGE_ROOT allowerasing: true
SGE_ARCH=`/opt/sge/util/arch` - name: esmtprc
export SGE_ARCH blockinfile:
DRMAA_LIBRARY_PATH=/opt/sge/lib/lx-amd64/libdrmaa.so path: /etc/esmtprc
state: present
SGE_CELL=neuro create: true
export SGE_CELL block: |
SGE_CLUSTER_NAME=Neuro hostname = 134.102.55.235:25
export SGE_CLUSTER_NAME mda "/usr/bin/procmail -d %T"
unset SGE_QMASTER_PORT - name: Link for chrome
unset SGE_EXECD_PORT file:
src: /opt/google/chrome/chrome
MANPATH=/opt/sge/man:$MANPATH dest: /bin/chrome
export MANPATH state: link
PATH=/opt/sge/bin:/opt/sge/bin/lx-amd64/:$PATH
export PATH - name: set /etc/profile
shlib_path_name=/opt/sge/lib/lx-amd64/:$LD_LIBRARY_PATH blockinfile:
export shlib_path_name path: /etc/profile.d/sge.sh
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
SGE_ROOT=/sge-root
export SGE_ROOT
SGE_ARCH=`/opt/sge/util/arch`
export SGE_ARCH
DRMAA_LIBRARY_PATH=/opt/sge/lib/lx-amd64/libdrmaa.so
SGE_CELL=neuro
export SGE_CELL
SGE_CLUSTER_NAME=Neuro
export SGE_CLUSTER_NAME
unset SGE_QMASTER_PORT
unset SGE_EXECD_PORT
MANPATH=/opt/sge/man:$MANPATH
export MANPATH
PATH=/opt/sge/bin:/opt/sge/bin/lx-amd64/:$PATH
export PATH
shlib_path_name=/opt/sge/lib/lx-amd64/:$LD_LIBRARY_PATH
export shlib_path_name

47
yaml_sub/myrepo_data.yaml
View file

@ -13,106 +13,105 @@
baseurl=http://10.10.0.11/repos/Fedora/$releasever/Fedora/os baseurl=http://10.10.0.11/repos/Fedora/$releasever/Fedora/os
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[FEDORAUPDATE] [FEDORAUPDATE]
name=Fedora Update $releasever name=Fedora Update $releasever
baseurl=http://10.10.0.11/repos/Fedora/$releasever/Fedora_Update baseurl=http://10.10.0.11/repos/Fedora/$releasever/Fedora_Update
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[CUDA_37] [CUDA_37]
name=NVidia Cuda 37 name=NVidia Cuda 37
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_37 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_37
enabled=0 enabled=0
gpgcheck=0 gpgcheck=0
[CUDA_36] [CUDA_36]
name=NVidia Cuda 36 name=NVidia Cuda 36
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_36 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_36
enabled=0 enabled=0
gpgcheck=0 gpgcheck=0
[CUDA_35] [CUDA_35]
name=NVidia Cuda 35 name=NVidia Cuda 35
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_35 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_35
enabled=0 enabled=0
gpgcheck=0 gpgcheck=0
[CUDA_RHEL8] [CUDA_RHEL8]
name=NVidia Cuda RHEL 8 name=NVidia Cuda RHEL 8
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_rhel8 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/cuda_rhel8
enabled=0 enabled=0
gpgcheck=0 gpgcheck=0
[Google] [Google]
name=Google name=Google
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/google_64 baseurl=http://10.10.0.11/repos/Fedora/AllVersion/google_64
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[oneAPI] # [oneAPI]
name=oneAPI # name=oneAPI
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/oneAPI # baseurl=http://10.10.0.11/repos/Fedora/AllVersion/oneAPI
enabled=1 # enabled=1
gpgcheck=0 # gpgcheck=0
[Opera] [Opera]
name=Opera name=Opera
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/opera baseurl=http://10.10.0.11/repos/Fedora/AllVersion/opera
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[RPMFusionFreeUpdate] [RPMFusionFreeUpdate]
name=RPM Fusion Free Update $releasever name=RPM Fusion Free Update $releasever
baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_free/ baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_free/
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[RPMFusionNonFreeUpdate] [RPMFusionNonFreeUpdate]
name=RPM Fusion Non Free Update $releasever name=RPM Fusion Non Free Update $releasever
baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_nonfree/ baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_nonfree/
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[RPMFusionFreeEverything] [RPMFusionFreeEverything]
name=RPM Fusion Free Everything $releasever name=RPM Fusion Free Everything $releasever
baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_free2/os baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_free2/os
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[RPMFusionNonFreeEverything] [RPMFusionNonFreeEverything]
name=RPM Fusion Non Free Everything $releasever name=RPM Fusion Non Free Everything $releasever
baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_nonfree2/os baseurl=http://10.10.0.11/repos/Fedora/$releasever/fusion_nonfree2/os
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[SGE] [SGE]
name=SGE name=SGE
baseurl=http://10.10.0.11/repos/Fedora/32/sge/copr-be.cloud.fedoraproject.org/results/loveshack/SGE/fedora-32-x86_64 baseurl=http://10.10.0.11/repos/Fedora/37/sge/copr-be.cloud.fedoraproject.org/results/loveshack/SGE/fedora-37-x86_64
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[VSCode] [VSCode]
name=VS Code name=VS Code
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/vscode baseurl=http://10.10.0.11/repos/Fedora/AllVersion/vscode
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[zoom] [zoom]
name=zoom name=zoom
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/zoom baseurl=http://10.10.0.11/repos/Fedora/AllVersion/zoom
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[msedge] [msedge]
name=msedge name=msedge
baseurl=http://10.10.0.11/repos/Fedora/AllVersion/edge baseurl=http://10.10.0.11/repos/Fedora/AllVersion/edge
enabled=1 enabled=1
gpgcheck=0 gpgcheck=0
[docker-ce-stable] [docker-ce-stable]
name=Docker CE Stable - $basearch name=Docker CE Stable - $basearch
baseurl=http://10.10.0.11/repos/Fedora/$releasever/docker baseurl=http://10.10.0.11/repos/Fedora/$releasever/docker
enabled=0 enabled=0
gpgcheck=0 gpgcheck=0