Add files via upload

This commit is contained in:
David Rotermund 2024-04-12 02:32:26 +02:00 committed by GitHub
parent 2bfde67548
commit bebf3c5293
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 360 additions and 26 deletions

View file

@ -112,3 +112,22 @@
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Link for chrome
file:
src: /opt/google/chrome/chrome
dest: /bin/chrome
state: link
- name: set /etc/profile
blockinfile:
path: /etc/profile
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
. /sge-root/neuro/common/settings.sh
MANPATH=$MANPATH/sge-root/man:/usr/share/man:
export MANPATH

247
install_base_system.yaml Normal file
View file

@ -0,0 +1,247 @@
---
- name: install our repos
hosts: all
become: true
tasks:
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: update system (base)
dnf:
name: "*"
state: latest
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load group list
include_vars:
file: yaml_sub/groups_39.yaml
- name: Install groups
dnf:
name: "{{ groupnames }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
exclude: ghdl,sddm-x11
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 1 list
include_vars:
file: yaml_sub/packages_1.yaml
- name: Install package 1
dnf:
name: "{{ package1names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 2 list
include_vars:
file: yaml_sub/packages_2.yaml
- name: Install package 2
dnf:
name: "{{ package2names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Load package 3 list
include_vars:
file: yaml_sub/packages_3.yaml
- name: Install package 3
dnf:
name: "{{ package3names }}"
disablerepo: RPMFusionNonFreeUpdate,RPMFusionFreeUpdate,RPMFusionFreeEverything,RPMFusionNonFreeEverything
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Install cuda
dnf:
name: cuda
enablerepo: "*"
update_cache: true
state: present
skip_broken: true
nobest: false
allowerasing: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: Make sure firewall service unit is diabled
systemd_service:
state: stopped
enabled: false
masked: true
name: firewalld
ignore_errors: true
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install nfs tools
dnf:
name: nfs-utils,nfs-utils-coreos,nfsv4-client-utils,rpcbind
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Make sure rpcbind service unit is started
systemd_service:
enabled: true
state: started
name: rpcbind
- name: mount_info
include_tasks: yaml_sub/mount_info.yaml
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: ssh and sss
dnf:
name: "openssh,openssh-clients,openssh-server,sssd"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: Set SELinux to disabled
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
create: true
- name: Set SSHd Config (TCPKeepAlive)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "TCPKeepAlive yes"
create: true
- name: Set SSHd Config (ClientAliveInterval)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveInterval 30"
- name: Set SSHd Config (ClientAliveCountMax)
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: "ClientAliveCountMax 500"
- name: Set Services (sge_qmaster)
lineinfile:
path: /etc/services
state: present
line: "sge_qmaster 6444/tcp"
create: true
- name: Set Services (sge_execd)
lineinfile:
path: /etc/services
state: present
line: "sge_execd 6445/tcp"
- name: Set Services (nrpe)
lineinfile:
path: /etc/services
state: present
line: "nrpe 5666/tcp # NRPE"
- name: Set Cups
lineinfile:
path: /etc/cups/client.conf
state: present
line: "ServerName 10.10.10.16"
create: true
- name: Set LDAP (URI)
lineinfile:
path: /etc/openldap/ldap.conf
state: present
line: "URI ldap://10.10.1.31"
- name: Set LDAP (BASE)
lineinfile:
path: /etc/openldap/ldap.conf
state: present
line: "BASE dc=nas1,dc=neuro,dc=itp"
- name: sssd
include_tasks: yaml_sub/sssd.yaml
- name: set time zone
timezone:
name: Europe/Berlin
- name: enable ping
shell: "setcap cap_net_raw+p /bin/ping"
- name: procmail
dnf:
name: "procmail"
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: esmtprc
blockinfile:
path: /etc/esmtprc
state: present
create: true
block: |
hostname = 134.102.55.235:25
mda "/usr/bin/procmail -d %T"

View file

@ -12,11 +12,30 @@
- name: install movie tools
dnf:
name: mencoder mmv mplayer HandBrake
name: mencoder,mmv,mplayer,HandBrake
state: present
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: make sure gdm is stopped
ansible.builtin.systemd_service:
name: gdm
state: stopped
enabled: false
- name: make sure lxdm is started
ansible.builtin.systemd_service:
name: lxdm
state: started
enabled: true
- name: Change default target to graphical.target
file:
src: /usr/lib/systemd/system/graphical.target
dest: /etc/systemd/system/default.target
state: link
- name: disable tracker
shell: 'for f in /etc/xdg/autostart/tracker*.desktop; do echo "Hidden=true" | tee -a "$f"; done'

View file

@ -3,7 +3,18 @@
hosts: all
become: true
vars:
lam_pwd: "{{ env_lam_pw }}"
ldap_pwd: "{{ env_ldap_pw }}"
ldap_ro_pwd: "{{ env_ldap_ro_pw}}"
sqlpwd: "{{ env_sql_pw}}"
sqlrootpwd: "{{ env_root_sql_pw}}"
tasks:
- name: Create network AuthentikNet
community.docker.docker_network:
name: LDAPNet
- name: remove other files
include_tasks: yaml_sub/install_docker.yaml
@ -31,6 +42,31 @@
nobest: false
allowerasing: true
- name: Create volume ldap_maria_db
community.docker.docker_volume:
name: ldap_maria_db
state: present
- name: Create mariab container
community.docker.docker_container:
name: ldapmariadb
image: mariadb
state: started
recreate: no
restart_policy: always
env:
MARIADB_DATABASE: "ldap"
MARIADB_USER: "ldap"
MARIADB_PASSWORD: "{{ sqlpwd }}"
MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}"
MYSQL_ROOT_HOST: '%'
networks:
- name: LDAPNet
comparisons:
networks: strict
volumes:
- "ldap_maria_db:/var/lib/mysql"
- name: Create volume lam_etc
community.docker.docker_volume:
name: lam_etc
@ -38,33 +74,41 @@
- name: Create lam container
community.docker.docker_container:
name: semaphore
name: ldaplam
image: ldapaccountmanager/lam
state: started
recreate: yes
recreate: no
restart_policy: always
published_ports:
- "80:80/tcp"
volumes:
- lam_etc:/var/lib/ldap-account-manager/config
- "lam_etc:/var/lib/ldap-account-manager/config"
env:
LAM_SKIP_PRECONFIGURE: false
LDAP_DOMAIN: ldap.neuro.uni-bremen.de
LDAP_BASE_DN: dc=ldap,dc=neuro,dc=uni-bremen,dc=de
LDAP_USERS_DN: ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
LDAP_GROUPS_DN: ou=groups,dc=my-domain,dc=com
LDAP_SERVER: ldap://10.10.0.4:389
# xxxxxx
LDAP_USER: cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de
# xxxxxx
LAM_PASSWORD: lam
LAM_CONFIGURATION_DATABASE: files
LAM_DISABLE_TLS_CHECK: false
LAM_SKIP_PRECONFIGURE: "false"
LDAP_DOMAIN: "ldap.neuro.uni-bremen.de"
LDAP_BASE_DN: "dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_USERS_DN: "ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_GROUPS_DN: "ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_SERVER: "ldap://ldap.neuro.uni-bremen.de:389"
LDAP_USER: "cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LAM_LANG: "en_US"
LAM_PASSWORD: "{{ lam_pwd }}"
LAM_CONFIGURATION_DATABASE: "mysql"
LAM_CONFIGURATION_HOST: "ldapmariadb"
LAM_CONFIGURATION_PORT: "3306"
LAM_CONFIGURATION_USER: "ldap"
LAM_CONFIGURATION_PASSWORD: "{{ sqlpwd }}"
LAM_CONFIGURATION_DATABASE_NAME: "ldap"
LAM_DISABLE_TLS_CHECK: "false"
LDAP_ORGANISATION: "Neuro-Physik ITP"
# xxxxxx
LDAP_ADMIN_PASSWORD: adminpw
# xxxxxx
LDAP_READONLY_USER_PASSWORD: readonlypw
LDAP_ADMIN_PASSWORD: "{{ ldap_pwd }}"
LDAP_READONLY_USER_PASSWORD: "{{ ldap_ro_pwd }}"
networks:
- name: LDAPNet
- name: bridge
comparisons:
networks: strict
- name: set instance.inf
@ -79,11 +123,12 @@
[general]
full_machine_name = ldap.neuro.uni-bremen.de
start = True
strict_host_checking = False
[slapd]
instance_name = localhost
# xxxxxx
root_password = SOMEPASSWORD
root_dn = cn=admin
root_password = {{ ldap_pwd }}
port = 389
secure_port = 636
self_sign_cert = True
@ -92,7 +137,6 @@
sample_entries = yes
suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
cd /root ; dscreate from-file instance.inf
# dscreate from-file instance.inf
# systemctl status dirsrv@localhost.service
# ldapsearch -x -H ldap://10.10.0.4 -s base -b "" "objectclass=*"
# ldapsearch -x -H ldap://ldap.neuro.uni-bremen.de -s base -b "" "objectclass=*"

1
machines/host_ansible Normal file
View file

@ -0,0 +1 @@
10.10.0.2

1
machines/host_dns Normal file
View file

@ -0,0 +1 @@
10.10.0.5

1
machines/host_hawaii Normal file
View file

@ -0,0 +1 @@
hawaii.neuro.uni-bremen.de

1
machines/host_ldap Normal file
View file

@ -0,0 +1 @@
ldap.neuro.uni-bremen.de

1
machines/host_takatuka Normal file
View file

@ -0,0 +1 @@
takatuka.neuro.uni-bremen.de