From 6d54e76b203bb5589e1695e90b444cbe6335a5af Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 24 Jan 2019 13:27:33 +0100 Subject: [PATCH 01/10] Updated some task names to make the more descriptive. --- cluster.yml | 4 ++-- roles/spacewalk_client/tasks/main.yml | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cluster.yml b/cluster.yml index d4fb394f5..8048e68b4 100644 --- a/cluster.yml +++ b/cluster.yml @@ -71,12 +71,12 @@ - isilon - slurm-client -- name: export /home +- name: NFS server: export /home hosts: user-interface:&talos-cluster roles: - nfs_home_server -- name: export /home +- name: NFS client: mount /home hosts: compute-vm&talos-cluster roles: - nfs_home_client diff --git a/roles/spacewalk_client/tasks/main.yml b/roles/spacewalk_client/tasks/main.yml index 0224e7531..8d839ad1f 100644 --- a/roles/spacewalk_client/tasks/main.yml +++ b/roles/spacewalk_client/tasks/main.yml @@ -4,7 +4,7 @@ name: https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/spacewalk-2.8-client/epel-7-x86_64/00742644-spacewalk-repo/spacewalk-client-repo-2.8-11.el7.centos.noarch.rpm state: present -- name: install spacewalk client packages. +- name: Install spacewalk client packages. yum: name: - rhn-client-tools @@ -14,12 +14,12 @@ - m2crypto - yum-rhn-plugin -- name: restart spacewalk daemon +- name: Restart spacewalk daemon. systemd: name: rhnsd.service state: restarted -- name: register at the spacewalk server +- name: Register client at the spacewalk server. rhn_register: state: present activationkey: "{{activation_key}}" @@ -31,23 +31,23 @@ delay: 3 ignore_errors: yes -- name: Disable gpgcheck +- name: Disable gpgcheck. command: sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum/pluginconf.d/rhnplugin.conf args: warn: false -- name: remove all current repos +- name: Remove all current repo config files. shell: "rm -rf /etc/yum.repos.d/*" args: warn: false -- name: remove all current repos +- name: Clear the yum cache. command: "yum clean all" args: warn: false ignore_errors: yes -- name: upgrade all packages +- name: Upgrade all packages to version specified in spacewalk channel. yum: name: '*' state: latest From 540b1a819b177a7f937b6205eb4644cc2d861cef Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 24 Jan 2019 13:28:52 +0100 Subject: [PATCH 02/10] Fixed typo in Munge key file for Talos cluster. --- roles/slurm/files/{thalos_munge.key => talos_munge.key} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/slurm/files/{thalos_munge.key => talos_munge.key} (100%) diff --git a/roles/slurm/files/thalos_munge.key b/roles/slurm/files/talos_munge.key similarity index 100% rename from roles/slurm/files/thalos_munge.key rename to roles/slurm/files/talos_munge.key From 4570802e0eff62013bb6fdc848ac20bc98e04d41 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 24 Jan 2019 13:46:14 +0100 Subject: [PATCH 03/10] Added encrypted UMCG HPC Development CA private key (to Ansible vault) and unencrypted public key. --- .gitignore | 2 +- ssh-host-ca/umcg-hpc-development-ca | 167 ++++++++++++++++++++++++ ssh-host-ca/umcg-hpc-development-ca.pub | 1 + 3 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 ssh-host-ca/umcg-hpc-development-ca create mode 100644 ssh-host-ca/umcg-hpc-development-ca.pub diff --git a/.gitignore b/.gitignore index b727bead7..426e8b7e0 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,4 @@ promtools/results/* roles/hpc-cloud roles/HPCplaybooks roles/HPCplaybooks/* -ssh-host-ca +ssh-host-ca/umcg-hpc-ca diff --git a/ssh-host-ca/umcg-hpc-development-ca b/ssh-host-ca/umcg-hpc-development-ca new file mode 100644 index 000000000..c32a26e78 --- /dev/null +++ b/ssh-host-ca/umcg-hpc-development-ca @@ -0,0 +1,167 @@ +$ANSIBLE_VAULT;1.1;AES256 +38346363653562616136626438376337663533343832316531393035613231633933323332316262 +3465396138306333396238633136623930616464323466370a663935396265626231376435343935 +63616439363834653562326534636638353634303533613163663561303266396563376364643136 +3731633161383839370a383337623036666365663930333732653632363563393831343237386232 +35363664373432633963616237323938343665636634343765366263366339313031386266316639 +61393932336262333361623039653561353636323131363238616666636366613131663133613033 +63323966666563346135373765356538383338633464326365333964346235393533623462626235 +63383962616532383032633538663066623639626164663532633561616334396566663638666263 +61313637376431363930313738636433386637363439663733303437653936366266363432313765 +61376530613266303466346630303630323365376437613735373164333937363964353962343737 +32336466343064613363323139336266623066623232356339373035306539333562373830383832 +35396630613331373639313036366566366164646336333838626134626136336333383831323761 +39336536643734323962386434633965613636633635656135613666323639306564663663363831 +31663036643461323934616332323637303233373837653561353639333865636235386466613561 +33376133313963633638393537663439366130323734363439663539353530613637626231663430 +34373066336536313861613765633362373064623065323362333766366665303661333462613463 +30353634376236646664656634646236313266366532376165373835643464346363363633643563 +37666531343135366337323561333736306232353234646663303032663436393338373561643132 +39383162396539386366646630356430326263383061326636313536616535363161366431363137 +38383232306230623739346462326133303361626338663339376339306331656535636661323330 +65653532386336376566643034613538633761313238373661386536643636386432613432643237 +38386139353437643932393663633635323861653866633466383437653961613931396131333032 +35313064373663376437613030636566303439643761636362353935626532303234633339336337 +39643761323830653565326638356532663936373566623833346237366534316330666632346439 +39373163653237666635366239393665613036666263346437343761316535643666633262303465 +39666561646532333565383263616436616234363038323433316430626165396132643833656664 +30336332386438623737633139303434653763396564366531643165383930643438643938343632 +61656166393231373335323262316263313131303138336465333562336666323736393732396138 +32393966616563313933363937626134323333363238373837333861386431363464653233363636 +66616432643635353430646634336332636235653962373137666533643766666633356235323335 +63633636623962643330396630303464653239663235356338326163376461613237396561643130 +37326230663137653364646430373735666133336336613665623037633962643239643436383730 +34346161616264313236653535636262343139633864383862396435633062326233346131646137 +61323764663437323965393130663236376464626361393364386565613832343137383363633533 +63373139666138626131313135643634663332366534306136643037356266323739643032623139 +30623733623437326132333165643431653235303961326261663932303165326633306331363266 +64363266633132353831646136313438616235323762613136643335666533666430343566623130 +62346364323535363139343139333538383130303637626664323932666461613366383062396363 +32346665393261323239303561666430316464313038373830303935623037306435633565643663 +35346131396236623864626333643631363639623235633661323038656264646136343631393964 +39336365623764396632313265633765376434323731386565363863656361656230653334333939 +62663139326636616134646366613236616238663932303935303861383266613530626564643936 +62323436663164376565396465383735376166366434333363613134383063366666376633353938 +37356535306139323735386565623836343536653635623865616532316530373739633933636562 +30396265313763353539376566643339383739303064373564373932343434393063333437303434 +34663036343236623636636137343664386236313262376336373533616337363962393765643539 +35383134366332643030616630653936653030616436363732393834373733303063663536303431 +38633836346339616634663533326266303034653933313264323736633835323161633034653932 +38363266643833616231346565303439386230313933353534323739373631383530336636613834 +30656664643031373961356465623735383536663334633036653961336130323432653233613630 +38323766363235303734383365633363343038623461316235653239306431613466336134326565 +37663839363030313433623637326332383230633538333435663466326263333833393736356438 +30663034316432383361373665653064626137353234333866626264653532353936623939303631 +30643738663131303034383037656534313865313530336365613632373266356634613036356663 +32363261626136623239303933343063333063363831643263653064626535333332666336343234 +62353834313132373530653566363233383536373931386635663035626335353232643963663533 +64366363363037303233343566353562663238383562336130616164363833626236363862306539 +34623838636463386436373335386366373230363938383230383635316131633535336238626233 +39323438383733653961636432333633613839623032653130643032313839633731336362306438 +37613965363232616234306238633866633535343539643039353035343934626161363464373433 +62393936333435386363336131373761383730316363363866376363386230373463646164623663 +32376164383436303734306665366235363532663462653331303962663632333631623735343862 +61383430613235353232623464326466356536356431346139383463373932333338303665383735 +34326435383835393233353065646430346430363765663830643135326539303430616537366661 +62326664636136323438626234653063333335303233313632396539653434393864303838616133 +38373564303064666130366663353132303264316266313864326262353332333036333433613237 +64393461306662386662343735613862373766656162383036366136666137643963323830393433 +31323439373761653932393939306431626238343939396436386239323033323434346633366261 +30306134373762626330353939626364626263353862623735633462326239313437616366313462 +61613737376136633361643436383064336235656435646236623566366661336663623766373339 +32323763643634656332316532653635653337383463313266643236343531386266306135313634 +31303563633639356164343833663239346430363362366666373234346464623038393637366137 +37353233616634363334323564346365383631333465333531326661303235313636383738383939 +31346437386634346332653662363432653665623930653437636563613565636130663563386166 +34633633333639333435616465666630643237646562613932313065383432386437633336623632 +33653564303531653963613035626430383233663330373064313531363036366632343938656430 +35636134343037373632323438376639383936656637653035376634396665343137353366633266 +33376637383736323731663731313032653930313930343036376137313365323734643261373030 +36323131613231363239366533326361633834303238643138346262646163666539306263636462 +33393266646333633831366564613533316531646163633438643366613834656165643330643061 +66646366353030613334616638366134646332323366316437646337623830666661343161336562 +65666537353239386363306335306534346431636430633366613164343435363935306332313833 +33383438366636373031316630653363386266666431636138306330343735333163333934316631 +36323838373238663032353865326230653639343730346565356239656464643437343662363866 +65323161396265336464333037646138663364333265333261623935373837613037616361346530 +62363166613937633733316162353439333632616230663264656434633438643163393932623066 +65363262333137656230313436316338383633656430636261353037353938366637633630646461 +64316634313037653566376262313163356139636438656237636162386562653934343833613135 +62323230373961386236623163383135626464653962346465346166363964613565663065383634 +36663866373765376232393139323733373463363035643061633063663131396436626232326364 +38636364646531346430376235623462666536396633363734616338666162616632663532623663 +32623333396632393233623963626638353934363835306134326535393365663566313334303335 +38366534366436346230313733626231663634653536616565363233623736663865366335386432 +39613938343937653435656366383038636235356566323937333863396431663966363635356462 +31616361353539633134313230383635656337316536303335336530373732373461633838663937 +31663939316331306333626563623533373935313332646433343233343938623362663436653535 +38326263333438306137653863323232326263646161326231636363656439303266373739396534 +33623535653266303236306632393830633164666638363066663431376163306330666365626338 +65386161353863383834393733366361656263376665323231623139313930383237613562323833 +62346639666532643361383938613237623035643361313231383634393832636662663233656136 +31343333393333626630353033373538316365326332313362613835643030656236653831396232 +30323439363862626139363262633061623465383237353536616261633737343666336664623063 +37396233626264396439373765626332316436366264326663633637303035316234363662633162 +63316632643038333664663534306364663361666661393032333862346632666238363265623139 +35326633386131396563653231336235636530383633643037386633336535353164383738366138 +33643537626361346634656535326330653866353865663062343264396534663635333165623230 +32623265313466666633323665633561333130613433616230383265323638616232383135633139 +65636461316565646139663632663963366235616264346433396636303866616463636338313731 +66346536613735626333323861613139646635623864646631373534636261306233633830316434 +32366636393365396336333963623337366265643133616139396365623637303335616361313963 +39633237373733643563356638353834303563343830386637313734343164663234393062366630 +62653866656562666338393439383534333464323761323134373662393636633161323230333065 +61643331633030393564346138646639613637396335336539306131303835356237633135623964 +34623339653838333930333838366635653338656330396562656662316631663239623431343561 +64313236653966633265343539666164376566656332306631353431343837663533316638653863 +39383036323338373261623432636230363235363762373239613134396635306636633865333636 +35306263396465383666346263336231326636366530663762636235333962313235653536643363 +37373366636635376137313762306338373466373561363730383031323738396565323738363534 +66653331663761336637663361353632656436343431396537333964656531666165623132633536 +36653331636636333835353964333538363864616633656362623161393732363962663230373066 +35376661636134306232643433623661346235646262336432373937343936383131313432303062 +38336231333932656235613636663166616661376463646132366661326136613530343362333233 +32663834643366376535646164303636306431666233383966663231393630656561366236326430 +30346432393565333131613332393032616636316231636361393130653134313634356432346330 +39343832326365306535366335376639373635303066656633393035373965366139653531666139 +31373737386265393063343263346239643263633833303638386535646266313564326565393161 +31643437383839373364636461663966633239316462346434376261666364643066356164646338 +31323936336439656536323737383332386664346365356333393963313230303266383439623230 +31366462643066303936663363616263356333653335343430643530316466663766373364353630 +31326530306333316264303661373835653339663034393634373931636161396131626663346334 +61323165383663613231353836633766363030363238313961653631366632303135663061393661 +65326630386130656464626466636436666461393239633162366132376238363561353066353238 +35333464306536663137336630346232653761313566663339323530613035623363383136636235 +66326435356565356166613838386331656563323537396139306233303761616333376433333762 +38313663646133626337313234313533313231636137366565353236393866616334643733393938 +31323237653739653638383038383232313233333334663532346237373263353736663430656136 +63653665306638633065653263333436303563316538643833613465383139346464626664616263 +30383930613764626533613261323734653637656639663236656165643338343734393632316238 +61646364323934343233663630303337643363303736643364373332653132353639376566353262 +31353739353933343533366265666633366564383565313634353461623436636533646237343234 +63623363643166643932373861383437356166653233636435366339376633636132383339613330 +65666431663334306364383266663766326438313930376165623032363461663064663637663164 +66663332633230313530363030303336363464343362373238646365313838326438363166323430 +61303935356564346132646563303966613835353461623839323131356463333131613133316431 +38616536333036373736346239623166383635343631376134383064383966393236366532323762 +65306362313230396536343036333539366630333562303636663333313534396136656431363264 +63613562343030353763363932313531333964633438656338396630383535363964346534303963 +34336263383137616632666462336662386236326331613231616633623736306236353130613730 +38396636376266353665393533306663653234663661373233656266326136363535626434376466 +35333233626330316161376339353164383765383239326162363839313438636637396233646236 +30353337323235323864346139303437303432383562373531326437656137353739343261373230 +30623961666334633461643034356666383464373631306439386539383434353262393938333336 +34316361383438633338303761313330613433303131363263386231383361313463623563343731 +66333162313661386131313132393961316365393036623235323963373939613462343066356135 +38373336313738316661663862633138333637636530623462313032323664623638613630306532 +34316234353039383631346331376465666666646336616130613037396335616364303030666661 +65616165383762313537663932363738383863386266383566323134653933333765323165623333 +61393737383736383963653165316263623862303131633863643438633432393562663735346332 +35656137626562393136386135616135376231616164393138393061373563623436346363623334 +33383933356266373338396234303230663634633465303730313261346135613133303136306234 +37643563616137343636373330303230333333653461323562646535643530306530383733333665 +31633665653562653538373637623830633135623031383261363037613031393630323934313931 +30623434363936666433383766626239643662323431613635613535363263643237643434353338 +35633038306236373031393061643861616136323135613733373635373335366438633936636538 +65633936356462386362396335333762653233303337356235383531373332356633393962303166 +3439336133383039363338336466353935343565656338306430 diff --git a/ssh-host-ca/umcg-hpc-development-ca.pub b/ssh-host-ca/umcg-hpc-development-ca.pub new file mode 100644 index 000000000..e9c048888 --- /dev/null +++ b/ssh-host-ca/umcg-hpc-development-ca.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCowNwa+zvIgTPr8Zw8Td33jAQySU2MhdxndWOj7a5SW02NJ9o0VJyuTxjZslSdQtASultHUC+Zty0hA2798uGEvQE9hd+ixkYxM8uKI6MhTso6CJ5Fyv3MxddFHkcOhGmBiYkqtgdQYjev8RJjU/xAC+9pIekgdZs0Qy23HBzFwBzmoEOByJcPcgWwepL2Q+hvpHVmktwi0RR6ZZvmP8aCQovNjYmPjgeanot2Hs2cs8+Nbsvqml5iKWfoAitIubO4XV6CJ4aNnHdgz+xjZwMXOq3RnIiD4MfDa3mibBP+VTDgPnwjE+Wa3hDyCVCMhtqsBiXRY7FZNvuhAmhaXvwveU1k5P61BoFdp9XbG6AI36dcoeqLpTNey6A9ItWLfRh9qsbjQiF8qy0r2feCU0KAApyzcXlmXq3z7v4UwsTC5OfvpC3g4GQ8Oml7yYAiL3FT8ix5sXPFyL8+xEUzQ0uTI0BD9HRmWqoDm0sjDetVZTWnq7GPLuYNuB8DnUeTwQACt8ZmMqijTuAgZ3uqwIZHgzp4UPR93juwtUwgJGulCPnsMnYbAY18DqyVCvl5+/ey8RxgYkiHQgXWYuux3JPicEcoUfPTB75qFl5dC8uUze4Es6Yd/Hc4mP5d/Cvk99UjaN45DT5QCg9+6U5La0HrP580lfF1zxyQmnYPFoSILw== UMCG HPC Development CA From 8eaa369339837ef37be3be16f4157ed786dd5ee9 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 24 Jan 2019 14:16:26 +0100 Subject: [PATCH 04/10] Deleted deprecated, unused Gearshift secrets file. --- group_vars/gearshift_secrets.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 group_vars/gearshift_secrets.yml diff --git a/group_vars/gearshift_secrets.yml b/group_vars/gearshift_secrets.yml deleted file mode 100644 index 06c53ad82..000000000 --- a/group_vars/gearshift_secrets.yml +++ /dev/null @@ -1,20 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63393034306630343830386161646536343435303164633731623635393031623661653431303332 -3534386464333363343333623561356635326339643131360a653064353366343334393738623335 -37346230386364303863393237383732363362646433646261386634366430316533323535353639 -6536343162323832300a333864343239336336386433343934616131363365346663653532303963 -34346637616634316434346535303439356336343262383963643532373330653739376334356562 -30366264323631626666306563356538613739326461353638626364353666646539353733623764 -62316665316235666438363033313166383865383331616261323262313831303864396538666134 -64303036373263643835343734653464376335326434633862643762323531313566643838316466 -65623832643233336336663037373934646165393363666331303738366535613063376430643533 -63346161353732626537653530383930373235343435383962653137613661303466663364386236 -36353035386532383935336130623461643436366337623038383635363432333038313364613236 -66623164646231636132343535646330633839333861666431623337366664643938373138346335 -39363265333931383461643463626531636162613331643532396437326531666565303266633863 -64323538633638353738613936616335356233373631373061303734306634333166376332356234 -66656239306664653539663436653964366166343439623837313831353336616662313739373663 -34323931653039356438666532616461313265636238313332636231376439303137366530396637 -30623666306562383837613137333338326639353732376239666363323339323535306531373936 -38386236666137663862383931396233376337643430613463633534363965663361366233303838 -646532333733343130353031386438376136 From cb1133c160bbe31dadf797202da22dae9376dbb1 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 24 Jan 2019 14:32:01 +0100 Subject: [PATCH 05/10] Bugfix: remove colons from task names. --- cluster.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster.yml b/cluster.yml index 8048e68b4..7da05e880 100644 --- a/cluster.yml +++ b/cluster.yml @@ -71,12 +71,12 @@ - isilon - slurm-client -- name: NFS server: export /home +- name: Export /home on NFS server. hosts: user-interface:&talos-cluster roles: - nfs_home_server -- name: NFS client: mount /home +- name: Mount /home on NFS clients. hosts: compute-vm&talos-cluster roles: - nfs_home_client From fc49c9936c51ecbed82361f4c6a5b2cfb2cb255e Mon Sep 17 00:00:00 2001 From: pneerincx Date: Thu, 24 Jan 2019 15:06:14 +0100 Subject: [PATCH 06/10] Fix perms on CA private key if git messed them up. --- roles/ssh_host_signer/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/ssh_host_signer/tasks/main.yml b/roles/ssh_host_signer/tasks/main.yml index 63e88704f..dfdc33b39 100644 --- a/roles/ssh_host_signer/tasks/main.yml +++ b/roles/ssh_host_signer/tasks/main.yml @@ -30,6 +30,12 @@ with_items: "{{ private_keys.files }}" changed_when: false +- name: Check if we have a CA private key with correct permissions. + file: + path: "{{ ssh_host_signer_ca_private_key }}" + mode: 0600 + delegate_to: localhost + - name: Sign SSH keys. local_action: command ssh-keygen -s "{{ ssh_host_signer_ca_private_key | quote }}" -I {{ ssh_host_signer_id | quote }} -h -n {{ ssh_host_signer_hostnames | quote }} "{{ temporary_directory.path }}/public_keys/{{ inventory_hostname | quote }}{{ item.path | quote }}.pub" with_items: "{{ private_keys.files }}" From 3bf797de0b0dd2f23bb2aa2773357a563247b202 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Fri, 25 Jan 2019 13:48:14 +0100 Subject: [PATCH 07/10] Replaced UMCG HPC Development CA rsa keypair with ed25519 key pair and use OpenSSH ecryption with pass in Ansible Vault as opposed to encrypting the private key with Ansible Vault. --- group_vars/talos-cluster/secrets.yml | 47 ++++--- roles/ssh_host_signer/tasks/main.yml | 4 +- ssh-host-ca/umcg-hpc-development-ca | 175 ++---------------------- ssh-host-ca/umcg-hpc-development-ca.pub | 2 +- 4 files changed, 38 insertions(+), 190 deletions(-) diff --git a/group_vars/talos-cluster/secrets.yml b/group_vars/talos-cluster/secrets.yml index 0e87409a4..91c1b90df 100644 --- a/group_vars/talos-cluster/secrets.yml +++ b/group_vars/talos-cluster/secrets.yml @@ -1,22 +1,27 @@ $ANSIBLE_VAULT;1.1;AES256 -65373739663965393330306364356663356530313363386530663433393666616532613531656361 -3564613662306133353337306134353433366338396438620a383438656235343634346464383663 -33313862663236623630346631616261326430653636623632376137653133303639656638383737 -3561393265663637390a303339353963386665343261326236386639373130383364343234626230 -32313338386534633366343763643065336531636635616231353664306630333961613832343834 -37313435303164356633343731363962363633373363376434343833346535353230316663663233 -63333162363363653830636634343965363063666465613537353163636132656438653330353531 -35383765626634646563346438393934366239363132366138396531323062353835303838666330 -32613466343034356262383833616163376463306462356630373061303234633463613839623638 -33366563643531613462373363373665376638376434383932666132363833306362393830383764 -32393066396265626133303836663665386661393339386433343837386362383861396165343830 -61343433643439613630333865326162356134366430396339316366313232633837633264313465 -30356164613030373230396338636261343930636466363963316139356631323031303635363335 -30313462333463623638636432623138613130613961663665626533636662323032643235343630 -33373633383832353435663238316234366439373938633861366132333466313431373430373236 -30666335383939346534373934323663353465613436306331363936383835353834633436623132 -38366533343339316463356662333635396631346161613034383064326664663039653865343338 -65393930623561363832303434313237383533393632383761323331366562373038353433363236 -30333464373235653133656233373931346264633361633338363339303732373261616331356632 -37383533643331646137386162303662353864326661306632356265353837653936626663336565 -35636461313961343932653864343662366366646566313231393463663039383363 +36363232356235643436383162303734376463343966373436646339303861326236666337633138 +6561663835303037373831383233333134366461653539360a643237333166393266656338613530 +66366266643264383761313831343934636261666366396539376130666465313662313537366332 +3235616432613462370a623130393439636466663734326136646139373962393331316663326662 +30643837373934343337646430373463623865383931383764366466376261663034306234356133 +64386666643562653664653933336236363462346134336534616166363561306235356463653963 +65656463663232626137613533316139623462653434666532343263316362656361623032333230 +33343630376437613033333263343439636666636365336263393938383264346138333364393832 +31613663303362353364663038366637303932353364333661303635623030323666346433393265 +36303739313338353932326139373038316130323639323938613764623833353631623539316663 +33653636653865323733383133653338303861313434383136653830393637636264363234303161 +38666363636563613464313362333839643631363333636137343231306433373235336165346438 +39643634383863333631313764303161333764623930343731353037326530633937646263326234 +38656236366665663737333235336632303835333530303236363336333766626666386330303138 +34636433316163376335656431613631646436386530363837366133383764326465303865343961 +63663833303732373762303034636465383639623232663664386334323931313034353631666366 +30336266616137373862316531646464336132363436396430373233316330343336346635646537 +36613439623561393365383539366435393235356434643937323733313462386430303832653635 +35663966356561383161386464396635353935623738333965336637613931383235336138393931 +32663066613062326231393865363137613932356237343762626536316266663332333566383737 +66663933313361653639336664653934303761363966373536623231366364666362393535663933 +30383166643366613230333739333165336364383637303236316137333865313762643361383363 +65666263343463353966353461616231623164393738373034396662616563306536616538346335 +35356238323965346639313063306365313031366563653866616534636538373534653233663535 +38633963323534616336353164333435616635373165623761363864666337353764636333303132 +3132333039393739303933646165343862306632613032336538 diff --git a/roles/ssh_host_signer/tasks/main.yml b/roles/ssh_host_signer/tasks/main.yml index dfdc33b39..dab1b6e1a 100644 --- a/roles/ssh_host_signer/tasks/main.yml +++ b/roles/ssh_host_signer/tasks/main.yml @@ -37,9 +37,11 @@ delegate_to: localhost - name: Sign SSH keys. - local_action: command ssh-keygen -s "{{ ssh_host_signer_ca_private_key | quote }}" -I {{ ssh_host_signer_id | quote }} -h -n {{ ssh_host_signer_hostnames | quote }} "{{ temporary_directory.path }}/public_keys/{{ inventory_hostname | quote }}{{ item.path | quote }}.pub" + command: ssh-keygen -s {{ ssh_host_signer_ca_private_key | quote }} -P {{ ssh_host_signer_ca_private_key_pass | quote }} -I {{ ssh_host_signer_id | quote }} -h -n {{ ssh_host_signer_hostnames | quote }} "{{ temporary_directory.path }}/public_keys/{{ inventory_hostname | quote }}{{ item.path | quote }}.pub" with_items: "{{ private_keys.files }}" changed_when: false + delegate_to: localhost + no_log: True - name: Find certificates. local_action: diff --git a/ssh-host-ca/umcg-hpc-development-ca b/ssh-host-ca/umcg-hpc-development-ca index c32a26e78..31ba1fff3 100644 --- a/ssh-host-ca/umcg-hpc-development-ca +++ b/ssh-host-ca/umcg-hpc-development-ca @@ -1,167 +1,8 @@ -$ANSIBLE_VAULT;1.1;AES256 -38346363653562616136626438376337663533343832316531393035613231633933323332316262 -3465396138306333396238633136623930616464323466370a663935396265626231376435343935 -63616439363834653562326534636638353634303533613163663561303266396563376364643136 -3731633161383839370a383337623036666365663930333732653632363563393831343237386232 -35363664373432633963616237323938343665636634343765366263366339313031386266316639 -61393932336262333361623039653561353636323131363238616666636366613131663133613033 -63323966666563346135373765356538383338633464326365333964346235393533623462626235 -63383962616532383032633538663066623639626164663532633561616334396566663638666263 -61313637376431363930313738636433386637363439663733303437653936366266363432313765 -61376530613266303466346630303630323365376437613735373164333937363964353962343737 -32336466343064613363323139336266623066623232356339373035306539333562373830383832 -35396630613331373639313036366566366164646336333838626134626136336333383831323761 -39336536643734323962386434633965613636633635656135613666323639306564663663363831 -31663036643461323934616332323637303233373837653561353639333865636235386466613561 -33376133313963633638393537663439366130323734363439663539353530613637626231663430 -34373066336536313861613765633362373064623065323362333766366665303661333462613463 -30353634376236646664656634646236313266366532376165373835643464346363363633643563 -37666531343135366337323561333736306232353234646663303032663436393338373561643132 -39383162396539386366646630356430326263383061326636313536616535363161366431363137 -38383232306230623739346462326133303361626338663339376339306331656535636661323330 -65653532386336376566643034613538633761313238373661386536643636386432613432643237 -38386139353437643932393663633635323861653866633466383437653961613931396131333032 -35313064373663376437613030636566303439643761636362353935626532303234633339336337 -39643761323830653565326638356532663936373566623833346237366534316330666632346439 -39373163653237666635366239393665613036666263346437343761316535643666633262303465 -39666561646532333565383263616436616234363038323433316430626165396132643833656664 -30336332386438623737633139303434653763396564366531643165383930643438643938343632 -61656166393231373335323262316263313131303138336465333562336666323736393732396138 -32393966616563313933363937626134323333363238373837333861386431363464653233363636 -66616432643635353430646634336332636235653962373137666533643766666633356235323335 -63633636623962643330396630303464653239663235356338326163376461613237396561643130 -37326230663137653364646430373735666133336336613665623037633962643239643436383730 -34346161616264313236653535636262343139633864383862396435633062326233346131646137 -61323764663437323965393130663236376464626361393364386565613832343137383363633533 -63373139666138626131313135643634663332366534306136643037356266323739643032623139 -30623733623437326132333165643431653235303961326261663932303165326633306331363266 -64363266633132353831646136313438616235323762613136643335666533666430343566623130 -62346364323535363139343139333538383130303637626664323932666461613366383062396363 -32346665393261323239303561666430316464313038373830303935623037306435633565643663 -35346131396236623864626333643631363639623235633661323038656264646136343631393964 -39336365623764396632313265633765376434323731386565363863656361656230653334333939 -62663139326636616134646366613236616238663932303935303861383266613530626564643936 -62323436663164376565396465383735376166366434333363613134383063366666376633353938 -37356535306139323735386565623836343536653635623865616532316530373739633933636562 -30396265313763353539376566643339383739303064373564373932343434393063333437303434 -34663036343236623636636137343664386236313262376336373533616337363962393765643539 -35383134366332643030616630653936653030616436363732393834373733303063663536303431 -38633836346339616634663533326266303034653933313264323736633835323161633034653932 -38363266643833616231346565303439386230313933353534323739373631383530336636613834 -30656664643031373961356465623735383536663334633036653961336130323432653233613630 -38323766363235303734383365633363343038623461316235653239306431613466336134326565 -37663839363030313433623637326332383230633538333435663466326263333833393736356438 -30663034316432383361373665653064626137353234333866626264653532353936623939303631 -30643738663131303034383037656534313865313530336365613632373266356634613036356663 -32363261626136623239303933343063333063363831643263653064626535333332666336343234 -62353834313132373530653566363233383536373931386635663035626335353232643963663533 -64366363363037303233343566353562663238383562336130616164363833626236363862306539 -34623838636463386436373335386366373230363938383230383635316131633535336238626233 -39323438383733653961636432333633613839623032653130643032313839633731336362306438 -37613965363232616234306238633866633535343539643039353035343934626161363464373433 -62393936333435386363336131373761383730316363363866376363386230373463646164623663 -32376164383436303734306665366235363532663462653331303962663632333631623735343862 -61383430613235353232623464326466356536356431346139383463373932333338303665383735 -34326435383835393233353065646430346430363765663830643135326539303430616537366661 -62326664636136323438626234653063333335303233313632396539653434393864303838616133 -38373564303064666130366663353132303264316266313864326262353332333036333433613237 -64393461306662386662343735613862373766656162383036366136666137643963323830393433 -31323439373761653932393939306431626238343939396436386239323033323434346633366261 -30306134373762626330353939626364626263353862623735633462326239313437616366313462 -61613737376136633361643436383064336235656435646236623566366661336663623766373339 -32323763643634656332316532653635653337383463313266643236343531386266306135313634 -31303563633639356164343833663239346430363362366666373234346464623038393637366137 -37353233616634363334323564346365383631333465333531326661303235313636383738383939 -31346437386634346332653662363432653665623930653437636563613565636130663563386166 -34633633333639333435616465666630643237646562613932313065383432386437633336623632 -33653564303531653963613035626430383233663330373064313531363036366632343938656430 -35636134343037373632323438376639383936656637653035376634396665343137353366633266 -33376637383736323731663731313032653930313930343036376137313365323734643261373030 -36323131613231363239366533326361633834303238643138346262646163666539306263636462 -33393266646333633831366564613533316531646163633438643366613834656165643330643061 -66646366353030613334616638366134646332323366316437646337623830666661343161336562 -65666537353239386363306335306534346431636430633366613164343435363935306332313833 -33383438366636373031316630653363386266666431636138306330343735333163333934316631 -36323838373238663032353865326230653639343730346565356239656464643437343662363866 -65323161396265336464333037646138663364333265333261623935373837613037616361346530 -62363166613937633733316162353439333632616230663264656434633438643163393932623066 -65363262333137656230313436316338383633656430636261353037353938366637633630646461 -64316634313037653566376262313163356139636438656237636162386562653934343833613135 -62323230373961386236623163383135626464653962346465346166363964613565663065383634 -36663866373765376232393139323733373463363035643061633063663131396436626232326364 -38636364646531346430376235623462666536396633363734616338666162616632663532623663 -32623333396632393233623963626638353934363835306134326535393365663566313334303335 -38366534366436346230313733626231663634653536616565363233623736663865366335386432 -39613938343937653435656366383038636235356566323937333863396431663966363635356462 -31616361353539633134313230383635656337316536303335336530373732373461633838663937 -31663939316331306333626563623533373935313332646433343233343938623362663436653535 -38326263333438306137653863323232326263646161326231636363656439303266373739396534 -33623535653266303236306632393830633164666638363066663431376163306330666365626338 -65386161353863383834393733366361656263376665323231623139313930383237613562323833 -62346639666532643361383938613237623035643361313231383634393832636662663233656136 -31343333393333626630353033373538316365326332313362613835643030656236653831396232 -30323439363862626139363262633061623465383237353536616261633737343666336664623063 -37396233626264396439373765626332316436366264326663633637303035316234363662633162 -63316632643038333664663534306364663361666661393032333862346632666238363265623139 -35326633386131396563653231336235636530383633643037386633336535353164383738366138 -33643537626361346634656535326330653866353865663062343264396534663635333165623230 -32623265313466666633323665633561333130613433616230383265323638616232383135633139 -65636461316565646139663632663963366235616264346433396636303866616463636338313731 -66346536613735626333323861613139646635623864646631373534636261306233633830316434 -32366636393365396336333963623337366265643133616139396365623637303335616361313963 -39633237373733643563356638353834303563343830386637313734343164663234393062366630 -62653866656562666338393439383534333464323761323134373662393636633161323230333065 -61643331633030393564346138646639613637396335336539306131303835356237633135623964 -34623339653838333930333838366635653338656330396562656662316631663239623431343561 -64313236653966633265343539666164376566656332306631353431343837663533316638653863 -39383036323338373261623432636230363235363762373239613134396635306636633865333636 -35306263396465383666346263336231326636366530663762636235333962313235653536643363 -37373366636635376137313762306338373466373561363730383031323738396565323738363534 -66653331663761336637663361353632656436343431396537333964656531666165623132633536 -36653331636636333835353964333538363864616633656362623161393732363962663230373066 -35376661636134306232643433623661346235646262336432373937343936383131313432303062 -38336231333932656235613636663166616661376463646132366661326136613530343362333233 -32663834643366376535646164303636306431666233383966663231393630656561366236326430 -30346432393565333131613332393032616636316231636361393130653134313634356432346330 -39343832326365306535366335376639373635303066656633393035373965366139653531666139 -31373737386265393063343263346239643263633833303638386535646266313564326565393161 -31643437383839373364636461663966633239316462346434376261666364643066356164646338 -31323936336439656536323737383332386664346365356333393963313230303266383439623230 -31366462643066303936663363616263356333653335343430643530316466663766373364353630 -31326530306333316264303661373835653339663034393634373931636161396131626663346334 -61323165383663613231353836633766363030363238313961653631366632303135663061393661 -65326630386130656464626466636436666461393239633162366132376238363561353066353238 -35333464306536663137336630346232653761313566663339323530613035623363383136636235 -66326435356565356166613838386331656563323537396139306233303761616333376433333762 -38313663646133626337313234313533313231636137366565353236393866616334643733393938 -31323237653739653638383038383232313233333334663532346237373263353736663430656136 -63653665306638633065653263333436303563316538643833613465383139346464626664616263 -30383930613764626533613261323734653637656639663236656165643338343734393632316238 -61646364323934343233663630303337643363303736643364373332653132353639376566353262 -31353739353933343533366265666633366564383565313634353461623436636533646237343234 -63623363643166643932373861383437356166653233636435366339376633636132383339613330 -65666431663334306364383266663766326438313930376165623032363461663064663637663164 -66663332633230313530363030303336363464343362373238646365313838326438363166323430 -61303935356564346132646563303966613835353461623839323131356463333131613133316431 -38616536333036373736346239623166383635343631376134383064383966393236366532323762 -65306362313230396536343036333539366630333562303636663333313534396136656431363264 -63613562343030353763363932313531333964633438656338396630383535363964346534303963 -34336263383137616632666462336662386236326331613231616633623736306236353130613730 -38396636376266353665393533306663653234663661373233656266326136363535626434376466 -35333233626330316161376339353164383765383239326162363839313438636637396233646236 -30353337323235323864346139303437303432383562373531326437656137353739343261373230 -30623961666334633461643034356666383464373631306439386539383434353262393938333336 -34316361383438633338303761313330613433303131363263386231383361313463623563343731 -66333162313661386131313132393961316365393036623235323963373939613462343066356135 -38373336313738316661663862633138333637636530623462313032323664623638613630306532 -34316234353039383631346331376465666666646336616130613037396335616364303030666661 -65616165383762313537663932363738383863386266383566323134653933333765323165623333 -61393737383736383963653165316263623862303131633863643438633432393562663735346332 -35656137626562393136386135616135376231616164393138393061373563623436346363623334 -33383933356266373338396234303230663634633465303730313261346135613133303136306234 -37643563616137343636373330303230333333653461323562646535643530306530383733333665 -31633665653562653538373637623830633135623031383261363037613031393630323934313931 -30623434363936666433383766626239643662323431613635613535363263643237643434353338 -35633038306236373031393061643861616136323135613733373635373335366438633936636538 -65633936356462386362396335333762653233303337356235383531373332356633393962303166 -3439336133383039363338336466353935343565656338306430 +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCViZrnYl +lIsl1fpwIBBZ/oAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIJ2R24oebG0oGQxJ +QvxzCVjd7lAVFzlOB9ygg5N+WUDpAAAAoED/slN77LCfjBMd41yeXF+84qlUbP5/vzLu/F +4kozjpT2/atimYs0i7YYwVs6gHNnIyTbhs4JORTMa+wszWPt67Nwu2ooir1qfBF+my72yQ +dcSTzQxCMiQVM9EwXxmcXUikBihIfjcsZYKGMfcCf8CwEJCDiD4ojId12aLB7fF/ON0Jkz +dnT8PXA2gbnd41ry1W9hI6/tzvl979ylxQ21s= +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh-host-ca/umcg-hpc-development-ca.pub b/ssh-host-ca/umcg-hpc-development-ca.pub index e9c048888..536ecfa46 100644 --- a/ssh-host-ca/umcg-hpc-development-ca.pub +++ b/ssh-host-ca/umcg-hpc-development-ca.pub @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCowNwa+zvIgTPr8Zw8Td33jAQySU2MhdxndWOj7a5SW02NJ9o0VJyuTxjZslSdQtASultHUC+Zty0hA2798uGEvQE9hd+ixkYxM8uKI6MhTso6CJ5Fyv3MxddFHkcOhGmBiYkqtgdQYjev8RJjU/xAC+9pIekgdZs0Qy23HBzFwBzmoEOByJcPcgWwepL2Q+hvpHVmktwi0RR6ZZvmP8aCQovNjYmPjgeanot2Hs2cs8+Nbsvqml5iKWfoAitIubO4XV6CJ4aNnHdgz+xjZwMXOq3RnIiD4MfDa3mibBP+VTDgPnwjE+Wa3hDyCVCMhtqsBiXRY7FZNvuhAmhaXvwveU1k5P61BoFdp9XbG6AI36dcoeqLpTNey6A9ItWLfRh9qsbjQiF8qy0r2feCU0KAApyzcXlmXq3z7v4UwsTC5OfvpC3g4GQ8Oml7yYAiL3FT8ix5sXPFyL8+xEUzQ0uTI0BD9HRmWqoDm0sjDetVZTWnq7GPLuYNuB8DnUeTwQACt8ZmMqijTuAgZ3uqwIZHgzp4UPR93juwtUwgJGulCPnsMnYbAY18DqyVCvl5+/ey8RxgYkiHQgXWYuux3JPicEcoUfPTB75qFl5dC8uUze4Es6Yd/Hc4mP5d/Cvk99UjaN45DT5QCg9+6U5La0HrP580lfF1zxyQmnYPFoSILw== UMCG HPC Development CA +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2R24oebG0oGQxJQvxzCVjd7lAVFzlOB9ygg5N+WUDp UMCG HPC Development CA From e706201afb659c5c9d6ec0483793d5d906783378 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Fri, 25 Jan 2019 14:04:06 +0100 Subject: [PATCH 08/10] Updated documentation. --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c6796aec0..3b39600a3 100644 --- a/README.md +++ b/README.md @@ -135,19 +135,21 @@ The steps below describe how to get from machines with a bare ubuntu 16.04 insta ECDSA key fingerprint is .... Are you sure you want to continue connecting (yes/no)? ``` - * The filename of the private key is specified using the ```ssh_host_signer_ca_private_key``` variable defined in ```group_vars/*/vars.yml``` - * The filename of the corresponding public key must be the same as the one of the private key suffixed with ```.pub``` + * The filename of the CA private key is specified using the ```ssh_host_signer_ca_private_key``` variable defined in ```group_vars/*/vars.yml``` + * The filename of the corresponding CA public key must be the same as the one of the private key suffixed with ```.pub``` + * The password required to decrypt the CA private key must be specified using the ```ssh_host_signer_ca_private_key_pass``` variable defined in ```group_vars/*/secrets.yml```, + which must be encrypted with ```ansible-vault```. * Each user must add the content of the CA public key to their ```~.ssh/known_hosts``` like this: ``` - @cert-authority [names of the hosts for which the cert is valid] [content of the CA pulbic key] + @cert-authority [names of the hosts for which the cert is valid] [content of the CA public key] ``` E.g.: ``` @cert-authority reception*,*talos,*tl-* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWNAF....VMZpZ5b9+5GA3O8w== UMCG HPC Development CA ``` - * Example to create a new 4096 bitsize CA key pair with the ```rsa``` algorithm: + * Example to create a new CA key pair with the ```rsa``` algorithm: ```bash - ssh-keygen -b 4096 -t rsa -f ssh-host-ca/ca-key-file-name -C "CA key for ..." + ssh-keygen -t ed25519 -a 101 -f ssh-host-ca/ca-key-file-name -C "CA key for ..." ``` 5. Build Prometheus Node Exporter From 012d31e2ff8ecf3c4cb0368ebf490ef9c68679a2 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Fri, 25 Jan 2019 14:30:24 +0100 Subject: [PATCH 09/10] Disabled logging for tasks where decrypted passwords fro the vault are used. --- roles/slurm/tasks/main.yml | 30 +++++++++++++++------------ roles/spacewalk_client/tasks/main.yml | 1 + 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/roles/slurm/tasks/main.yml b/roles/slurm/tasks/main.yml index 40e5987bb..c780f0046 100644 --- a/roles/slurm/tasks/main.yml +++ b/roles/slurm/tasks/main.yml @@ -45,21 +45,23 @@ - name: Make sure the database user is present. mysql_user: - login_host: 127.0.0.1 - login_user: root - login_password: "{{ MYSQL_ROOT_PASSWORD }}" - name: "{{ slurm_storage_user }}" - password: "{{ slurm_storage_pass }}" - host: '%' - priv: '*.*:ALL' - + login_host: 127.0.0.1 + login_user: root + login_password: "{{ MYSQL_ROOT_PASSWORD }}" + name: "{{ slurm_storage_user }}" + password: "{{ slurm_storage_pass }}" + host: '%' + priv: '*.*:ALL' + no_log: True + - name: Create a database for Slurm accounting. mysql_db: - login_host: 127.0.0.1 - login_user: root - login_password: "{{ MYSQL_ROOT_PASSWORD }}" - name: slurm_acct_db - state: present + login_host: 127.0.0.1 + login_user: root + login_password: "{{ MYSQL_ROOT_PASSWORD }}" + name: slurm_acct_db + state: present + no_log: True - name: Install Docker config. template: @@ -215,6 +217,7 @@ > /srv/slurm/backup/slurm.sql tags: - backup + no_log: True - name: Dump the database every night. Keep 7 backups. cron: @@ -231,4 +234,5 @@ /bin/find /srv/slurm/backup/slurm_bak.sql.* -mtime 7 -delete tags: - backup + no_log: True ... diff --git a/roles/spacewalk_client/tasks/main.yml b/roles/spacewalk_client/tasks/main.yml index 8d839ad1f..b0471e951 100644 --- a/roles/spacewalk_client/tasks/main.yml +++ b/roles/spacewalk_client/tasks/main.yml @@ -30,6 +30,7 @@ retries: 3 delay: 3 ignore_errors: yes + no_log: True - name: Disable gpgcheck. command: sed -i 's/gpgcheck = 1/gpgcheck = 0/g' /etc/yum/pluginconf.d/rhnplugin.conf From 019103d5add8d1def2aee9330d4f1fed2c505969 Mon Sep 17 00:00:00 2001 From: pneerincx Date: Fri, 25 Jan 2019 14:31:46 +0100 Subject: [PATCH 10/10] Added LDAP settings for Talos cluster. --- group_vars/talos-cluster/vars.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/group_vars/talos-cluster/vars.yml b/group_vars/talos-cluster/vars.yml index 9aebbad51..74d738673 100644 --- a/group_vars/talos-cluster/vars.yml +++ b/group_vars/talos-cluster/vars.yml @@ -17,4 +17,10 @@ ui_real_memory: 8192 ui_local_disk: 0 ui_features: 'prm08,tmp08' ssh_host_signer_ca_private_key: "{{ ssh_host_signer_ca_keypair_dir }}/umcg-hpc-development-ca" +uri_ldap: 172.23.40.249 +uri_ldaps: comanage-in.id.rug.nl +ldap_port: 389 +ldaps_port: 636 +ldap_base: ou=umcg,o=asds +ldap_binddn: cn=clusteradminumcg,o=asds ... \ No newline at end of file