davrot/neuro_ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add files via upload

Browse source
This commit is contained in:
David Rotermund 2024-04-12 02:32:26 +02:00 committed by GitHub
parent 2bfde67548
commit bebf3c5293
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 360 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
base_package_install.yaml
View file

@ -112,3 +112,22 @@
- name: update file myrepo.repo - name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml import_tasks: yaml_sub/myrepo_data.yaml
- name: Link for chrome
file:
src: /opt/google/chrome/chrome
dest: /bin/chrome
state: link
- name: set /etc/profile
blockinfile:
path: /etc/profile
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
. /sge-root/neuro/common/settings.sh
MANPATH=$MANPATH/sge-root/man:/usr/share/man:
export MANPATH

247
install_base_system.yaml Normal file
View file

@ -0,0 +1,247 @@
---
- name: install our repos
hosts: all
become: true
tasks:
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: update system (base)
dnf:
name: "*"
state: latest
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load group list
include_vars:
file: yaml_sub/groups_39.yaml
- name: Install groups
dnf:
name: "{{ groupnames }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
exclude: ghdl,sddm-x11
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 1 list
include_vars:
file: yaml_sub/packages_1.yaml
- name: Install package 1
dnf:
name: "{{ package1names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 2 list
include_vars:
file: yaml_sub/packages_2.yaml
- name: Install package 2
dnf:
name: "{{ package2names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 3 list
include_vars:
file: yaml_sub/packages_3.yaml
- name: Install package 3
dnf:
name: "{{ package3names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Install cuda
dnf:
name: cuda
enablerepo: "*"
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Make sure firewall service unit is diabled
systemd_service:
state: stopped
enabled: false
masked: true
name: firewalld
ignore_errors: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install nfs tools
dnf:
name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Make sure rpcbind service unit is started
systemd_service:
enabled: true
state: started
name: rpcbind
- name: mount_info
include_tasks: yaml_sub/mount_info.yaml
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: ssh and sss
dnf:
name: "openssh,openssh-clients,openssh-server,sssd"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Set SELinux to disabled
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
create: true
- name: Set SSHd Config (TCPKeepAlive)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "TCPKeepAlive yes"
create: true
- name: Set SSHd Config (ClientAliveInterval)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveInterval 30"
- name: Set SSHd Config (ClientAliveCountMax)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveCountMax 500"
- name: Set Services (sge_qmaster)
lineinfile:
path: /etc/services
state: present
line: "sge_qmaster 6444/tcp"
create: true
- name: Set Services (sge_execd)
lineinfile:
path: /etc/services
state: present
line: "sge_execd 6445/tcp"
- name: Set Services (nrpe)
lineinfile:
path: /etc/services
state: present
line: "nrpe 5666/tcp # NRPE"
- name: Set Cups
lineinfile:
path: /etc/cups/client.conf
state: present
line: "ServerName 10.10.10.16"
create: true
- name: Set LDAP (URI)
lineinfile:
path: /etc/openldap/ldap.conf
state: present
line: "URI ldap://10.10.1.31"
- name: Set LDAP (BASE)
lineinfile:
path: /etc/openldap/ldap.conf
state: present
line: "BASE dc=nas1,dc=neuro,dc=itp"
- name: sssd
include_tasks: yaml_sub/sssd.yaml
- name: set time zone
timezone:
name: Europe/Berlin
- name: enable ping
shell: "setcap cap_net_raw+p /bin/ping"
- name: procmail
dnf:
name: "procmail"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: esmtprc
blockinfile:
path: /etc/esmtprc
state: present
create: true
block: |
hostname = 134.102.55.235:25
mda "/usr/bin/procmail -d %T"

21
install_desktop_packages.yaml
View file

@ -12,11 +12,30 @@
- name: install movie tools - name: install movie tools
dnf: dnf:
name: mencoder mmv mplayer HandBrake name: mencoder,mmv,mplayer,HandBrake
state: present state: present
update_cache: true update_cache: true
skip_broken: true skip_broken: true
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: make sure gdm is stopped
ansible.builtin.systemd_service:
name: gdm
state: stopped
enabled: false
- name: make sure lxdm is started
ansible.builtin.systemd_service:
name: lxdm
state: started
enabled: true
- name: Change default target to graphical.target
file:
src: /usr/lib/systemd/system/graphical.target
dest: /etc/systemd/system/default.target
state: link
- name: disable tracker
shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done'

94
install_ldap_389ds.yaml
View file

@ -3,7 +3,18 @@
hosts: all hosts: all
become: true become: true
vars:
lam_pwd: "{{ env_lam_pw }}"
ldap_pwd: "{{ env_ldap_pw }}"
ldap_ro_pwd: "{{ env_ldap_ro_pw}}"
sqlpwd: "{{ env_sql_pw}}"
sqlrootpwd: "{{ env_root_sql_pw}}"
tasks: tasks:
- name: Create network AuthentikNet
community.docker.docker_network:
name: LDAPNet
- name: remove other files - name: remove other files
include_tasks: yaml_sub/install_docker.yaml include_tasks: yaml_sub/install_docker.yaml
@ -31,6 +42,31 @@
nobest: false nobest: false
allowerasing: true allowerasing: true
- name: Create volume ldap_maria_db
community.docker.docker_volume:
name: ldap_maria_db
state: present
- name: Create mariab container
community.docker.docker_container:
name: ldapmariadb
image: mariadb
state: started
recreate: no
restart_policy: always
env:
MARIADB_DATABASE: "ldap"
MARIADB_USER: "ldap"
MARIADB_PASSWORD: "{{ sqlpwd }}"
MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}"
MYSQL_ROOT_HOST: '%'
networks:
- name: LDAPNet
comparisons:
networks: strict
volumes:
- "ldap_maria_db:/var/lib/mysql"
- name: Create volume lam_etc - name: Create volume lam_etc
community.docker.docker_volume: community.docker.docker_volume:
name: lam_etc name: lam_etc
@ -38,33 +74,41 @@
- name: Create lam container - name: Create lam container
community.docker.docker_container: community.docker.docker_container:
name: semaphore name: ldaplam
image: ldapaccountmanager/lam image: ldapaccountmanager/lam
state: started state: started
recreate: yes recreate: no
restart_policy: always restart_policy: always
published_ports: published_ports:
- "80:80/tcp" - "80:80/tcp"
volumes: volumes:
- lam_etc:/var/lib/ldap-account-manager/config - "lam_etc:/var/lib/ldap-account-manager/config"
env: env:
LAM_SKIP_PRECONFIGURE: false LAM_SKIP_PRECONFIGURE: "false"
LDAP_DOMAIN: ldap.neuro.uni-bremen.de LDAP_DOMAIN: "ldap.neuro.uni-bremen.de"
LDAP_BASE_DN: dc=ldap,dc=neuro,dc=uni-bremen,dc=de LDAP_BASE_DN: "dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_USERS_DN: ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de LDAP_USERS_DN: "ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_GROUPS_DN: ou=groups,dc=my-domain,dc=com LDAP_GROUPS_DN: "ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_SERVER: ldap://10.10.0.4:389 LDAP_SERVER: "ldap://ldap.neuro.uni-bremen.de:389"
# xxxxxx LDAP_USER: "cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_USER: cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de LAM_LANG: "en_US"
# xxxxxx LAM_PASSWORD: "{{ lam_pwd }}"
LAM_PASSWORD: lam LAM_CONFIGURATION_DATABASE: "mysql"
LAM_CONFIGURATION_DATABASE: files LAM_CONFIGURATION_HOST: "ldapmariadb"
LAM_DISABLE_TLS_CHECK: false LAM_CONFIGURATION_PORT: "3306"
LDAP_ORGANISATION: "Neuro-Physik ITP" LAM_CONFIGURATION_USER: "ldap"
# xxxxxx LAM_CONFIGURATION_PASSWORD: "{{ sqlpwd }}"
LDAP_ADMIN_PASSWORD: adminpw LAM_CONFIGURATION_DATABASE_NAME: "ldap"
# xxxxxx LAM_DISABLE_TLS_CHECK: "false"
LDAP_READONLY_USER_PASSWORD: readonlypw LDAP_ORGANISATION: "Neuro-Physik ITP"
LDAP_ADMIN_PASSWORD: "{{ ldap_pwd }}"
LDAP_READONLY_USER_PASSWORD: "{{ ldap_ro_pwd }}"
networks:
- name: LDAPNet
- name: bridge
comparisons:
networks: strict
- name: set instance.inf - name: set instance.inf
@ -79,11 +123,12 @@
[general] [general]
full_machine_name = ldap.neuro.uni-bremen.de full_machine_name = ldap.neuro.uni-bremen.de
start = True start = True
strict_host_checking = False
[slapd] [slapd]
instance_name = localhost instance_name = localhost
# xxxxxx root_dn = cn=admin
root_password = SOMEPASSWORD root_password = {{ ldap_pwd }}
port = 389 port = 389
secure_port = 636 secure_port = 636
self_sign_cert = True self_sign_cert = True
@ -92,7 +137,6 @@
sample_entries = yes sample_entries = yes
suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
cd /root ; dscreate from-file instance.inf
# dscreate from-file instance.inf # ldapsearch -x -H ldap://ldap.neuro.uni-bremen.de -s base -b "" "objectclass=*"
# systemctl status dirsrv@localhost.service
# ldapsearch -x -H ldap://10.10.0.4 -s base -b "" "objectclass=*"

1
machines/host_ansible Normal file
View file

@ -0,0 +1 @@
10.10.0.2

1
machines/host_dns Normal file
View file

@ -0,0 +1 @@
10.10.0.5

1
machines/host_hawaii Normal file
View file

@ -0,0 +1 @@
hawaii.neuro.uni-bremen.de

1
machines/host_ldap Normal file
View file

@ -0,0 +1 @@
ldap.neuro.uni-bremen.de

1
machines/host_takatuka Normal file
View file

@ -0,0 +1 @@
takatuka.neuro.uni-bremen.de