Git Product home page Git Product logo

atmosphere-ansible's People

Stargazers

 avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

atmosphere-ansible's Issues

Remove duplicate `Port` entry for `sshd_config`

Ubuntu 14.04.2 XFCE Base instance contains both:

Port 1657
Port 22

Should add either lineinfile to remove all entries and add just the desired port for SSH using regex to remove, then add again. Only then SSH can be restarted

Duplicate user lines in /etc/sudoers

/etc/sudoers

my_username  ALL = (ALL) NOPASSWD: ALL
%users ALL=(ALL) NOPASSWD: ALL
my_username ALL=(ALL) NOPASSWD:ALL
my_username  ALL=(ALL) ALL

This probably could be solved with a blockinfile.

python2 doesn't exist on instance, required by ansible

The following section detects python 3 installs python 2:
https://github.com/cyverse/attmosphere-ansible/blob/0a352c14769e382dd8eb7928bb3294fdf97186a1/ansible/roles/atmo-ssh-setup/tasks/main.yml#L57-L68

However it doesn't detect python 3 correctly. Testing whether a user has ssh is not sufficient. @c-mart found that an Ubuntu 16.04 instance had ssh access as root, which resulted in no python2 install.

A simple fix (and what seems more correct) is to ensure that python 2 independent even of the distro.

Limit `chown` & `chmod` to a single filesystem

Otherwise network filesystems mounted in home directory will cause instance resume to fail catastrophically. Not even mentioning breaking file permissions on remote network file systems.

Problem: absolute path to `basename` used in backup script

The script that is deployed and available for backup/restore is using /bin/basename instead of locating the basename executable. This means that a change for basename to /usr/bin/basename breaks the script.

For an Ubuntu 16.04 instance ...

lenards@vm000-00:~$ ls -lha /bin/ | grep basename
lenards@vm000-100:~$ ls -lha /usr/bin/ | grep basename
-rwxr-xr-x  1 root   root     31K Mar  2  2017 basename
lenards@vm000-100:~$ ls -lha /sbin/ | grep basename

One approach might be to capture the location in a variable, BASENAME=$(which basename), and then use that in determined the remote location.

Write fall back in docs for when ELK dies

Once logged in, perform some basic tests

Is Ansible still running? If so, check the ELK server for Ansible deployment logs and check for any deployment errors in the final report.

Need clarification for what to do when ELK is not up and running. @nfaction

Timezone and zone_info listed as separate variables

AFAIK there is always a symlink for the "proper name" of a timezone that redirects back to the more basic result. Here is an example:

(troposphere) root@r01c3b08:/opt/dev/troposphere# ll /usr/share/zoneinfo/America/Chicago
lrwxrwxrwx 1 root root 13 Oct 20  2015 /usr/share/zoneinfo/America/Chicago -> ../US/Central
(troposphere) root@r01c3b08:/opt/dev/troposphere# ll /usr/share/zoneinfo/US/Central
-rw-r--r-- 1 root root 3559 Oct 20  2015 /usr/share/zoneinfo/US/Central
(troposphere) root@r01c3b08:/opt/dev/troposphere# md5sum /usr/share/zoneinfo/US/Central
d0f076c9f390e7d8a933cc7cc1ad2e90  /usr/share/zoneinfo/US/Central
(troposphere) root@r01c3b08:/opt/dev/troposphere# md5sum /usr/share/zoneinfo/America/Chicago
d0f076c9f390e7d8a933cc7cc1ad2e90  /usr/share/zoneinfo/America/Chicago

Atmosphere-ansible should remove the ZONE_INFO variable and concatenate the TIME_ZONE variable to (A default variable for) ZONE_INFO_DIR.

SSHKEYS once added cannot be removed by a user

  1. A user adds a friend's key to their box in atmosphere
  2. User redeploys and see's friend's key
  3. Friend goes hostile
  4. User removes key from atmosphere and redeploys
  5. Friend still has access, and makes user ๐Ÿ˜ž

When vms get a new IP address, web desktop breaks

I helped triage the following ticket where a user had a desktop, but applications failed to launch. In fact I could not launch applications from the terminal.

I tried the following:

export DISPLAY=<can be :2 for vnc or :5 for guacamole>
export AUTHORITY=<path to Xauthority usually in ~/.Xauthority>
$ firefox 
No protocol specified
Failed to connect to Mir: Failed to connect to server socket: No such file or directory
Unable to init server: Could not connect: Connection refused
Error: cannot open display: :5

When I ran xauth list there were no cookies for the current vm's new ip/hostname. This was the issue. The cookies must match the current hostname. All I had to do was add new cookies. See this well written stackoverflow answer:
https://stackoverflow.com/questions/20611783/after-changing-hostname-gedit-and-other-x-clients-dont-open/20612084#20612084

Readme is out of date

The sections about playbooks is wrong. The playbooks have been moved into sub directories.

Sync hwclock with system time, and stop NTP before and after

Some systems have their time set in the future, which causes all sorts of issues. It appears that some suspended instances do not correct. We are reading from hwclock to bring time closer, which appeared to work, but it may instead be necessary to get time from outside, say with curl then set the hwclock using hwclock --systohc. A fix for this was made with issue #30 but without seeing output from ELK is difficult to determine if the curl is working.

One can read the current time like this: hwclock -r

Steps to fix this:

  1. Stop ntpd, and be sure to handle errors if ntpd is not already installed
  2. Get time from an outside source, like this: date -s "$(curl -s --head http://google.com | grep ^Date: | sed 's/Date: //g')"
  3. Sync current time back to HW using system time like this: hwclock --systohc
  4. Install NTP
  5. Start service

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.