From bebf3c5293e86047d5146f2547946a99a9183826 Mon Sep 17 00:00:00 2001 From: David Rotermund Date: Fri, 12 Apr 2024 02:32:26 +0200 Subject: [PATCH] Add files via upload --- base_package_install.yaml | 19 +++ install_base_system.yaml | 247 ++++++++++++++++++++++++++++++++++ install_desktop_packages.yaml | 21 ++- install_ldap_389ds.yaml | 94 +++++++++---- machines/host_ansible | 1 + machines/host_dns | 1 + machines/host_hawaii | 1 + machines/host_ldap | 1 + machines/host_takatuka | 1 + 9 files changed, 360 insertions(+), 26 deletions(-) create mode 100644 install_base_system.yaml create mode 100644 machines/host_ansible create mode 100644 machines/host_dns create mode 100644 machines/host_hawaii create mode 100644 machines/host_ldap create mode 100644 machines/host_takatuka diff --git a/base_package_install.yaml b/base_package_install.yaml index 847cd29..d89f0e9 100644 --- a/base_package_install.yaml +++ b/base_package_install.yaml @@ -112,3 +112,22 @@ - name: update file myrepo.repo import_tasks: yaml_sub/myrepo_data.yaml + - name: Link for chrome + file: + src: /opt/google/chrome/chrome + dest: /bin/chrome + state: link + + - name: set /etc/profile + blockinfile: + path: /etc/profile + state: present + create: true + owner: "root" + group: "root" + mode: "0666" + block: | + . /sge-root/neuro/common/settings.sh + MANPATH=$MANPATH/sge-root/man:/usr/share/man: + export MANPATH + diff --git a/install_base_system.yaml b/install_base_system.yaml new file mode 100644 index 0000000..7dc72f5 --- /dev/null +++ b/install_base_system.yaml @@ -0,0 +1,247 @@ +--- +- name: install our repos + hosts: all + become: true + + tasks: + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: update system (base) + dnf: + name: "*" + state: latest + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: Load group list + include_vars: + file: yaml_sub/groups_39.yaml + - name: Install groups + dnf: + name: "{{ groupnames }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true + exclude: ghdl,sddm-x11 + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: Load package 1 list + include_vars: + file: yaml_sub/packages_1.yaml + - name: Install package 1 + dnf: + name: "{{ package1names }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: Load package 2 list + include_vars: + file: yaml_sub/packages_2.yaml + - name: Install package 2 + dnf: + name: "{{ package2names }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: Load package 3 list + include_vars: + file: yaml_sub/packages_3.yaml + - name: Install package 3 + dnf: + name: "{{ package3names }}" + disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: Install cuda + dnf: + name: cuda + enablerepo: "*" + update_cache: true + state: present + skip_broken: true + nobest: false + allowerasing: true + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: Make sure firewall service unit is diabled + systemd_service: + state: stopped + enabled: false + masked: true + name: firewalld + ignore_errors: true + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: install nfs tools + dnf: + name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: Make sure rpcbind service unit is started + systemd_service: + enabled: true + state: started + name: rpcbind + + - name: mount_info + include_tasks: yaml_sub/mount_info.yaml + + + - name: remove other files + include_tasks: yaml_sub/myrepo_clean.yaml + - name: update file myrepo.repo + import_tasks: yaml_sub/myrepo_data.yaml + + - name: ssh and sss + dnf: + name: "openssh,openssh-clients,openssh-server,sssd" + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: Set SELinux to disabled + lineinfile: + path: /etc/selinux/config + regexp: '^SELINUX=' + line: SELINUX=disabled + create: true + + - name: Set SSHd Config (TCPKeepAlive) + lineinfile: + path: /etc/ssh/sshd_config + state: present + line: "TCPKeepAlive yes" + create: true + - name: Set SSHd Config (ClientAliveInterval) + lineinfile: + path: /etc/ssh/sshd_config + state: present + line: "ClientAliveInterval 30" + - name: Set SSHd Config (ClientAliveCountMax) + lineinfile: + path: /etc/ssh/sshd_config + state: present + line: "ClientAliveCountMax 500" + + - name: Set Services (sge_qmaster) + lineinfile: + path: /etc/services + state: present + line: "sge_qmaster 6444/tcp" + create: true + + - name: Set Services (sge_execd) + lineinfile: + path: /etc/services + state: present + line: "sge_execd 6445/tcp" + + - name: Set Services (nrpe) + lineinfile: + path: /etc/services + state: present + line: "nrpe 5666/tcp # NRPE" + + - name: Set Cups + lineinfile: + path: /etc/cups/client.conf + state: present + line: "ServerName 10.10.10.16" + create: true + - name: Set LDAP (URI) + lineinfile: + path: /etc/openldap/ldap.conf + state: present + line: "URI ldap://10.10.1.31" + - name: Set LDAP (BASE) + lineinfile: + path: /etc/openldap/ldap.conf + state: present + line: "BASE dc=nas1,dc=neuro,dc=itp" + + - name: sssd + include_tasks: yaml_sub/sssd.yaml + + - name: set time zone + timezone: + name: Europe/Berlin + + - name: enable ping + shell: "setcap cap_net_raw+p /bin/ping" + + - name: procmail + dnf: + name: "procmail" + state: present + update_cache: true + skip_broken: true + nobest: false + allowerasing: true + + - name: esmtprc + blockinfile: + path: /etc/esmtprc + state: present + create: true + block: | + hostname = 134.102.55.235:25 + mda "/usr/bin/procmail -d %T" + diff --git a/install_desktop_packages.yaml b/install_desktop_packages.yaml index 4f85864..f64ea61 100644 --- a/install_desktop_packages.yaml +++ b/install_desktop_packages.yaml @@ -12,11 +12,30 @@ - name: install movie tools dnf: - name: mencoder mmv mplayer HandBrake + name: mencoder,mmv,mplayer,HandBrake state: present update_cache: true skip_broken: true nobest: false allowerasing: true + - name: make sure gdm is stopped + ansible.builtin.systemd_service: + name: gdm + state: stopped + enabled: false + - name: make sure lxdm is started + ansible.builtin.systemd_service: + name: lxdm + state: started + enabled: true + + - name: Change default target to graphical.target + file: + src: /usr/lib/systemd/system/graphical.target + dest: /etc/systemd/system/default.target + state: link + + - name: disable tracker + shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done' diff --git a/install_ldap_389ds.yaml b/install_ldap_389ds.yaml index b79ee60..84f438b 100644 --- a/install_ldap_389ds.yaml +++ b/install_ldap_389ds.yaml @@ -3,7 +3,18 @@ hosts: all become: true + vars: + lam_pwd: "{{ env_lam_pw }}" + ldap_pwd: "{{ env_ldap_pw }}" + ldap_ro_pwd: "{{ env_ldap_ro_pw}}" + sqlpwd: "{{ env_sql_pw}}" + sqlrootpwd: "{{ env_root_sql_pw}}" + tasks: + - name: Create network AuthentikNet + community.docker.docker_network: + name: LDAPNet + - name: remove other files include_tasks: yaml_sub/install_docker.yaml @@ -31,6 +42,31 @@ nobest: false allowerasing: true + - name: Create volume ldap_maria_db + community.docker.docker_volume: + name: ldap_maria_db + state: present + + - name: Create mariab container + community.docker.docker_container: + name: ldapmariadb + image: mariadb + state: started + recreate: no + restart_policy: always + env: + MARIADB_DATABASE: "ldap" + MARIADB_USER: "ldap" + MARIADB_PASSWORD: "{{ sqlpwd }}" + MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}" + MYSQL_ROOT_HOST: '%' + networks: + - name: LDAPNet + comparisons: + networks: strict + volumes: + - "ldap_maria_db:/var/lib/mysql" + - name: Create volume lam_etc community.docker.docker_volume: name: lam_etc @@ -38,33 +74,41 @@ - name: Create lam container community.docker.docker_container: - name: semaphore + name: ldaplam image: ldapaccountmanager/lam state: started - recreate: yes + recreate: no restart_policy: always published_ports: - "80:80/tcp" volumes: - - lam_etc:/var/lib/ldap-account-manager/config + - "lam_etc:/var/lib/ldap-account-manager/config" env: - LAM_SKIP_PRECONFIGURE: false - LDAP_DOMAIN: ldap.neuro.uni-bremen.de - LDAP_BASE_DN: dc=ldap,dc=neuro,dc=uni-bremen,dc=de - LDAP_USERS_DN: ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de - LDAP_GROUPS_DN: ou=groups,dc=my-domain,dc=com - LDAP_SERVER: ldap://10.10.0.4:389 -# xxxxxx - LDAP_USER: cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de -# xxxxxx - LAM_PASSWORD: lam - LAM_CONFIGURATION_DATABASE: files - LAM_DISABLE_TLS_CHECK: false - LDAP_ORGANISATION: "Neuro-Physik ITP" -# xxxxxx - LDAP_ADMIN_PASSWORD: adminpw -# xxxxxx - LDAP_READONLY_USER_PASSWORD: readonlypw + LAM_SKIP_PRECONFIGURE: "false" + LDAP_DOMAIN: "ldap.neuro.uni-bremen.de" + LDAP_BASE_DN: "dc=ldap,dc=neuro,dc=uni-bremen,dc=de" + LDAP_USERS_DN: "ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de" + LDAP_GROUPS_DN: "ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de" + LDAP_SERVER: "ldap://ldap.neuro.uni-bremen.de:389" + LDAP_USER: "cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de" + LAM_LANG: "en_US" + LAM_PASSWORD: "{{ lam_pwd }}" + LAM_CONFIGURATION_DATABASE: "mysql" + LAM_CONFIGURATION_HOST: "ldapmariadb" + LAM_CONFIGURATION_PORT: "3306" + LAM_CONFIGURATION_USER: "ldap" + LAM_CONFIGURATION_PASSWORD: "{{ sqlpwd }}" + LAM_CONFIGURATION_DATABASE_NAME: "ldap" + LAM_DISABLE_TLS_CHECK: "false" + LDAP_ORGANISATION: "Neuro-Physik ITP" + LDAP_ADMIN_PASSWORD: "{{ ldap_pwd }}" + LDAP_READONLY_USER_PASSWORD: "{{ ldap_ro_pwd }}" + + networks: + - name: LDAPNet + - name: bridge + comparisons: + networks: strict - name: set instance.inf @@ -79,11 +123,12 @@ [general] full_machine_name = ldap.neuro.uni-bremen.de start = True + strict_host_checking = False [slapd] instance_name = localhost -# xxxxxx - root_password = SOMEPASSWORD + root_dn = cn=admin + root_password = {{ ldap_pwd }} port = 389 secure_port = 636 self_sign_cert = True @@ -92,7 +137,6 @@ sample_entries = yes suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de +cd /root ; dscreate from-file instance.inf -# dscreate from-file instance.inf -# systemctl status dirsrv@localhost.service -# ldapsearch -x -H ldap://10.10.0.4 -s base -b "" "objectclass=*" \ No newline at end of file +# ldapsearch -x -H ldap://ldap.neuro.uni-bremen.de -s base -b "" "objectclass=*" \ No newline at end of file diff --git a/machines/host_ansible b/machines/host_ansible new file mode 100644 index 0000000..8fe27c5 --- /dev/null +++ b/machines/host_ansible @@ -0,0 +1 @@ +10.10.0.2 diff --git a/machines/host_dns b/machines/host_dns new file mode 100644 index 0000000..d502479 --- /dev/null +++ b/machines/host_dns @@ -0,0 +1 @@ +10.10.0.5 diff --git a/machines/host_hawaii b/machines/host_hawaii new file mode 100644 index 0000000..7632785 --- /dev/null +++ b/machines/host_hawaii @@ -0,0 +1 @@ +hawaii.neuro.uni-bremen.de diff --git a/machines/host_ldap b/machines/host_ldap new file mode 100644 index 0000000..7de558d --- /dev/null +++ b/machines/host_ldap @@ -0,0 +1 @@ +ldap.neuro.uni-bremen.de diff --git a/machines/host_takatuka b/machines/host_takatuka new file mode 100644 index 0000000..398a312 --- /dev/null +++ b/machines/host_takatuka @@ -0,0 +1 @@ +takatuka.neuro.uni-bremen.de