QNAP TS-473A with RHEL8
Table of Contents
I installed Red Hat Enterprise Linux 8 on my QNAP TS-473A.
These are my installation notes.
Used Hardware
- QNAP TS-473 4-bay NAS with AMD Ryzen Embedded V1500B 4-core/8-thread @ 2.2 GHz CPU
- QNAP QXG-10G2SF-CX4 2x 10 GbE SFP+ network card
- ASUS GeForce GT 1030 BRK 2.0 GB GPU
- 500GB Samsung SSD 980 NVMe M.2 2280 PCIe 3.0 V-NAND MLC
- 2TB Crucial P2 M.2 NVMe
- 64 GiB RAM, G.Skill F4-3200C22D-64GRS (that is a kit containing 2x 32G SO-DIMMs that each report as F4-3200C22-32GRS)
- 4x 1TB HDD, for now, these might be replaced later with something larger
Firmware Settings
- ensure you have added a GPU to the TS-x73A
- connect screen and keyboard
- enter firmware setup by pressing Del or Esc during power on self test (POST)
- Boot / Quiet Boot: Disabled (simply so I get shown on screen which key to press during POST to enter UEFI)
- Boot / Boot Option Priorities: as you see fit. I disabled USB DISK MODULE PMAP and reordered the others to my liking.
- Save & Exit: Save Changes and Exit
Note that if you ever want to return to QTS, you must re-enable the USB DISK MODULE PMAP to be able to successfully boot from it by selecting it at Save & Exit / Boot Override.
Firmware Details
As of 2021-12-18 I have the following:
Aptio Setup Utility Version 2.20.1274
| description | value |
|---|---|
| BIOS Vendor | American Megatrends |
| Core Version | 5.14 |
| Compliancy | UEFI 2.7; PI 1.6 |
| Project Version | Q07DAR12 |
| Build Date and Time | 05/03/2021 10:59:15 |
| Total Memory | Total Memory 65536 MB (DDR4) |
| Memory Frequency | 2400 MHz |
| EC Version | Q07DE008 |
Interactive Install
Since the TS-x73A does not offer PXE boot from the on-bard network interfaces, and I have no UEFI HTTP boot setup yet, I made one initial install, interactively, from a RHEL 8.5 boot stick.
- create USB boot medium as per docs with
dd if=rhel-8.1-x86_64-boot.iso of=/dev/sdd status=progress - ensure you have added a GPU to the TS-x73A
- connect screen, keyboard, mouse and USB boot medium
- enter firmware setup by pressing Del or Esc during power on self test (POST)
- Save & Exit / Boot Override_: select your USB stick
- TS-x73A boots from USB
- install RHEL8
Enable Network Installs Started from GRUB
Because I want to be able to easily kickstart this machine and I have no wish to muck around with USB sticks, I added a boot target to the installed RHEL8’s GRand Unified Bootloader (GRUB) with Ansible.
It's just a handler and 3 tasks (click to expand).
handlers:
- name: grub2-mkconfig | run
command: grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
tasks:
- name: "GRUB | ensure initrd for RHEL 8.5 kickstart is present"
get_url:
url: "ftp://fileserver.internal.pcfe.net/pub/redhat/RHEL/RHEL-8.5/Server/x86_64/os/images/pxeboot/initrd.img"
dest: "/boot/initrd-kickstart-rhel85.img"
mode: "0644"
- name: "GRUB | ensure kernel for RHEL 8.5 kickstart is present"
get_url:
url: "ftp://fileserver.internal.pcfe.net/pub/redhat/RHEL/RHEL-8.5/Server/x86_64/os/images/pxeboot/vmlinuz"
dest: "/boot/vmlinuz-kickstart-rhel85"
mode: "0755"
- name: "GRUB | ensure kickstarting RHEL 8.5 entry is present"
copy:
dest: "/etc/grub.d/11_RHEL85_kickstart"
owner: "root"
group: "root"
mode: 0755
content: |
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
menuentry "WARNING Kickstart this box with RHEL 8.5 as a TS-x73A ceph node WARNING" {
linuxefi /vmlinuz-kickstart-rhel85 ip=dhcp inst.repo=ftp://fileserver.internal.pcfe.net/pub/redhat/RHEL/RHEL-8.5/Server/x86_64/os inst.ks=ftp://fileserver.internal.pcfe.net/pub/kickstart/RHEL85-QNAP-TS-473A-ks.cfg
initrdefi /initrd-kickstart-rhel85.img
}
notify: grub2-mkconfig | run
Disable the on-board 5GB USB Stick
This on-board USB stick is used for installing QTS 5.0 or QuTS hero. I backed its content up while the TS-473A was still running QTS. Still, I want to leave it untouched for now.
The following creates a udev rule that triggers a de-authorize of the device. The bus will put the device into suspend mode, and it’ll never become active.
Extract from my kickstart file:
cat <<EOF >>/etc/udev/rules.d/75-disable-5GB-on-board-stick.rules
# The on-board 5GB stick should be disabled
# I currently have no use for it and leaving it untouched allows a reset to the shipped state
# by choosing the USB stick as boot target during POST
# c.f. https://projectgus.com/2014/09/blacklisting-a-single-usb-device-from-linux/
SUBSYSTEM=="usb", ATTRS{idVendor}=="1005", ATTRS{idProduct}=="b155", ATTR{authorized}="0"
EOF
chown root.root /etc/udev/rules.d/75-disable-5GB-on-board-stick.rules
chmod 644 /etc/udev/rules.d/75-disable-5GB-on-board-stick.rules
restorecon /etc/udev/rules.d/75-disable-5GB-on-board-stick.rules
Do not forget to activate the new udev rule with udevadm control --reload-rules.
Disk by-path Mappings
On machines with multiple storage devices (/dev/sda, /dev/sdb, /dev/nvme0n1, etc, etc) I really prefer to address storage devices via /dev/disk/by-path/…. The mappings for my TS-473A follow:
| slot | by-path | note |
|---|---|---|
| NVMe slot 1 | /dev/disk/by-path/pci-0000:03:00.0-nvme-1 |
the top slot |
| NVMe slot 2 | /dev/disk/by-path/pci-0000:04:00.0-nvme-1 |
the bottom slot |
| HDD bay 1 | /dev/disk/by-path/pci-0000:07:00.0-ata-1 |
bay furthest away from the power button |
| HDD bay 2 | /dev/disk/by-path/pci-0000:07:00.0-ata-2 |
|
| HDD bay 3 | /dev/disk/by-path/pci-0000:09:00.0-ata-1 |
|
| HDD bay 4 | /dev/disk/by-path/pci-0000:09:00.0-ata-2 |
bay closest to the power button |
Watchdog
The TS-x73A comes with a hardware watchdog. A SP5100 TCO timer.
Watchdog Setup
To use it, I use the following (hopefully self-explanatory) Ansible tasks:
# # enable watchdog
# # it's a
# Dec 19 15:09:08 ts-473a-01.internal.pcfe.net kernel: sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver
# Dec 19 15:09:08 ts-473a-01.internal.pcfe.net kernel: sp5100-tco sp5100-tco: Using 0xfeb00000 for watchdog MMIO address
# and modinfo says
# parm: heartbeat:Watchdog heartbeat in seconds. (default=60) (int)
# parm: nowayout:Watchdog cannot be stopped once started. (default=0) (bool)
- name: "WATCHDOG | ensure kernel module sp5100_tco has correct options configured"
lineinfile:
path: /etc/modprobe.d/sp5100_tco.conf
create: true
regexp: '^options '
insertafter: '^#options'
line: 'options sp5100_tco nowayout=0'
# configure both watchdog.service and systemd watchdog, but only use the latter
- name: "PACKAGE | ensure watchdog package is installed"
package:
name: watchdog
state: present
update_cache: no
- name: "WATCHDOG | ensure correct watchdog-device is used by watchdog.service"
lineinfile:
path: /etc/watchdog.conf
regexp: '^watchdog-device'
insertafter: '^#watchdog-device'
line: 'watchdog-device = /dev/watchdog0'
- name: "WATCHDOG | ensure timeout is set to 30 seconds for watchdog.service"
lineinfile:
path: /etc/watchdog.conf
regexp: '^watchdog-timeout'
insertafter: '^#watchdog-timeout'
line: 'watchdog-timeout = 30'
# Using systemd watchdog rather than watchdog.service
- name: "WATCHDOG | ensure watchdog.service is disabled"
systemd:
name: watchdog.service
state: stopped
enabled: false
# configure systemd watchdog
# c.f. http://0pointer.de/blog/projects/watchdog.html
- name: "SYSTEMD | ensure systemd watchdog is enabled"
lineinfile:
path: /etc/systemd/system.conf
regexp: '^RuntimeWatchdogSec'
insertafter: 'EOF'
line: 'RuntimeWatchdogSec=30'
- name: "SYSTEMD | ensure systemd shutdown watchdog is enabled"
lineinfile:
path: /etc/systemd/system.conf
regexp: '^ShutdownWatchdogSec'
insertafter: 'EOF'
line: 'ShutdownWatchdogSec=30'
Watchdog Test
Verify that the watchdog works as expected.
As root, on the TS-x73A:
- verify that you see the watchdog in the logs since bootup
- forcefully crash the box
[root@ts-473a-01 ~]# journalctl -b --grep watchdog
-- Logs begin at [...], end at [...]. --
[...] kernel: NMI watchdog: Enabled. Permanently consumes one hw-PMU counter.
[...] kernel: sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver
[...] kernel: sp5100-tco sp5100-tco: Using 0xfeb00000 for watchdog MMIO address
[...] systemd[1]: Hardware watchdog 'SP5100 TCO timer', version 0
[...] systemd[1]: Set hardware watchdog to 30s.
[root@ts-473a-01 ~]# echo '1' > /proc/sys/kernel/sysrq
[root@ts-473a-01 ~]# date ; echo 'c' > /proc/sysrq-trigger
As expected, I see an Oops output on the graphical console and the TS-x73A reboots about 30 seconds later.
Since kdump is set up, I also see the expected files in /var/crash/.
PowerTOP Autotuning at Boot
/usr/lib/systemd/system/powertop.service (as shipped by powertop-2.14-1.el8.x86_64)
already contains all I want (this is a modern mobo, so my expectation is to start by enabling all tunables and only disable specific ones if I have issues):
[Unit]
Description=PowerTOP autotuner
[Service]
Type=oneshot
ExecStart=/usr/sbin/powertop --auto-tune
[Install]
WantedBy=multi-user.target
So all that’s left to do is to ensure it is run once at boot;
- name: "POWER SAVING | ensure powertop autotune service runs once at boot"
systemd:
name: powertop
state: stopped
enabled: True
Unstructured notes, remove when added to relevant sections
ACPI BIOS Error
I get this at boot, analyse.
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: fbcon: Taking over console
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI: Video Device [VGA] (multi-head: yes rom: no post: no)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI BIOS Error (bug): Could not resolve symbol [\_SB.PCI0.GP17.VGA.LCD._BCM.AFN7], AE_NOT_FOUND (20210105/psargs-330)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI Error: Aborting method \_SB.PCI0.GP17.VGA.LCD._BCM due to previous error (AE_NOT_FOUND) (20210105/psparse-531)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI Error: Evaluating _BCM failed (20210105/video-370)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:11/LNXVIDEO:00/input/input2
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: Console: switching to colour frame buffer device 100x37
Seems to be a firmware issue related to LCD backlight, I’m not fussed.
UEFI but no SecureBoot
[root@ts-473a-01 ~]# efibootmgr
BootCurrent: 0000
Timeout: 5 seconds
BootOrder: 0000,0006,0007,0002,0003,0008,0009
Boot0000* Red Hat Enterprise Linux
Boot0002* UEFI: Built-in EFI Shell
Boot0003 USB DISK MODULE PMAP
Boot0006* Samsung SSD 980 500GB
Boot0007* CT2000P2SSD8
Boot0008 Hitachi HDE721010SLA330
Boot0009 HUS722T1TALA600
[root@ts-473a-01 ~]# mokutil --sb-state
SecureBoot disabled
Network booting
FIXME: find a way to PXE boot or HTTP boot from the EFI shell.
For UEFI HTTP boot setup, see https://www.redhat.com/sysadmin/uefi-http-boot-libvirt plus https://en.opensuse.org/UEFI_HTTPBoot_Server_Setup
Maybe https://ipxe.org/appnote/uefihttp?
https://uefi.org/sites/default/files/resources/UEFI_Plugfest_May_2015_HTTP_Boot_Redfish_Samer_El-Haj_ver1.2.pdf might also be useful.
Or put iPXE on the 5 GB on-board USB stick. Putting it on nvme0n1p1 as per https://wiki.archlinux.org/title/Netboot#Installation_with_efibootmgr seems to work, but it’s not happy with the shim I serve from nuc7
PPC Adjustment
What is a reasonable setting for Advanced / CPU Configuration / PPC Adjustement? The Aptio Setup Utility 12.20.1274 offers me PState0, PState 1 and PState 2 with a help text that reads “Provide to adjust _PPC object”. https://lore.kernel.org/lkml/20211130123641.1449041-1-ray.huang@amd.com/ might help.
For now I left it at the default setting, PState0
Heatsinks
Heatsinks mounted, right after boot I get these temperatures
[root@ts-473a-01 ~]# nvme smart-log /dev/nvme0n1
Smart Log for NVME device:nvme0n1 namespace-id:ffffffff
critical_warning : 0
temperature : 30 C
available_spare : 100%
available_spare_threshold : 10%
percentage_used : 0%
data_units_read : 71.331
data_units_written : 6.356
host_read_commands : 168.429
host_write_commands : 39.443
controller_busy_time : 1
power_cycles : 18
power_on_hours : 30
unsafe_shutdowns : 3
media_errors : 0
num_err_log_entries : 0
Warning Temperature Time : 0
Critical Composite Temperature Time : 0
Temperature Sensor 1 : 30 C
Temperature Sensor 2 : 32 C
Thermal Management T1 Trans Count : 0
Thermal Management T2 Trans Count : 0
Thermal Management T1 Total Time : 0
Thermal Management T2 Total Time : 0
[root@ts-473a-01 ~]#
[root@ts-473a-01 ~]# nvme smart-log /dev/nvme1n1
Smart Log for NVME device:nvme1n1 namespace-id:ffffffff
critical_warning : 0
temperature : 31 C
available_spare : 100%
available_spare_threshold : 5%
percentage_used : 0%
data_units_read : 148.674
data_units_written : 139.728
host_read_commands : 563.519
host_write_commands : 767.591
controller_busy_time : 21
power_cycles : 17
power_on_hours : 41
unsafe_shutdowns : 3
media_errors : 0
num_err_log_entries : 0
Warning Temperature Time : 0
Critical Composite Temperature Time : 0
Thermal Management T1 Trans Count : 0
Thermal Management T2 Trans Count : 0
Thermal Management T1 Total Time : 0
Thermal Management T2 Total Time : 0
[root@ts-473a-01 ~]# uptime
14:47:04 up 2:37, 2 users, load average: 0,10, 0,10, 0,09
[root@ts-473a-01 ~]# nvme smart-log /dev/nvme0n1
Smart Log for NVME device:nvme0n1 namespace-id:ffffffff
critical_warning : 0
temperature : 34 C
available_spare : 100%
available_spare_threshold : 10%
percentage_used : 0%
endurance group critical warning summary: 0
data_units_read : 110.433
data_units_written : 44.084
host_read_commands : 493.650
host_write_commands : 375.271
controller_busy_time : 2
power_cycles : 24
power_on_hours : 32
unsafe_shutdowns : 4
media_errors : 0
num_err_log_entries : 0
Warning Temperature Time : 0
Critical Composite Temperature Time : 0
Temperature Sensor 1 : 34 C
Temperature Sensor 2 : 36 C
Thermal Management T1 Trans Count : 0
Thermal Management T2 Trans Count : 1
Thermal Management T1 Total Time : 0
Thermal Management T2 Total Time : 0
[root@ts-473a-01 ~]# nvme smart-log /dev/nvme1n1
Smart Log for NVME device:nvme1n1 namespace-id:ffffffff
critical_warning : 0
temperature : 36 C
available_spare : 100%
available_spare_threshold : 5%
percentage_used : 0%
endurance group critical warning summary: 0
data_units_read : 148.909
data_units_written : 158.461
host_read_commands : 570.673
host_write_commands : 823.844
controller_busy_time : 22
power_cycles : 23
power_on_hours : 52
unsafe_shutdowns : 4
media_errors : 0
num_err_log_entries : 28
Warning Temperature Time : 0
Critical Composite Temperature Time : 0
Thermal Management T1 Trans Count : 0
Thermal Management T2 Trans Count : 0
Thermal Management T1 Total Time : 0
Thermal Management T2 Total Time : 0
A while later, yes I used both NVMe a bit between the previous reading and the following one.
Uptime was about 45 minutes.
[root@ts-473a-01 ~]# date ; nvme smart-log /dev/nvme0n1
Fri Dec 24 14:34:10 CET 2021
Smart Log for NVME device:nvme0n1 namespace-id:ffffffff
critical_warning : 0
temperature : 34 C
available_spare : 100%
available_spare_threshold : 10%
percentage_used : 0%
endurance group critical warning summary: 0
data_units_read : 481.067
data_units_written : 127.887
host_read_commands : 1.970.759
host_write_commands : 1.063.143
controller_busy_time : 8
power_cycles : 34
power_on_hours : 42
unsafe_shutdowns : 6
media_errors : 0
num_err_log_entries : 0
Warning Temperature Time : 0
Critical Composite Temperature Time : 0
Temperature Sensor 1 : 34 C
Temperature Sensor 2 : 37 C
Thermal Management T1 Trans Count : 0
Thermal Management T2 Trans Count : 2
Thermal Management T1 Total Time : 0
Thermal Management T2 Total Time : 0
[root@ts-473a-01 ~]# date ; nvme smart-log /dev/nvme1n1
Fri Dec 24 14:34:26 CET 2021
Smart Log for NVME device:nvme1n1 namespace-id:ffffffff
critical_warning : 0
temperature : 36 C
available_spare : 100%
available_spare_threshold : 5%
percentage_used : 0%
endurance group critical warning summary: 0
data_units_read : 160.247
data_units_written : 537.920
host_read_commands : 635.173
host_write_commands : 2.147.570
controller_busy_time : 37
power_cycles : 33
power_on_hours : 98
unsafe_shutdowns : 6
media_errors : 0
num_err_log_entries : 28
Warning Temperature Time : 0
Critical Composite Temperature Time : 0
Thermal Management T1 Trans Count : 0
Thermal Management T2 Trans Count : 0
Thermal Management T1 Total Time : 0
Thermal Management T2 Total Time : 0
Ansible Logs
Log of qnap-ryzen-initial-setup-rhel8.yml run right after kickstarting the box. (click to expand).
pcfe@t3600 pcfe.net (master) $ ansible-playbook --inventory ../inventories/pcfe.net.ini qnap-ryzen-initial-setup-rhel8.yml
PLAY [QNAP_Ryzen_boxes] *****************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************
Sunday 19 December 2021 16:24:11 +0100 (0:00:00.036) 0:00:00.036 *******
The authenticity of host 'ts-473a-01 (192.168.50.123)' can't be established.
ED25519 key fingerprint is SHA256:lnVxO5g9BKI2yL/aS1fQCXEt5+Qy/bAZFwV+A8K9MeA.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
ok: [ts-473a-01]
TASK [RHSM | ensure uuid override is derived from fqdn, QNAP TS-473A all seem to have, like all F5-422 I own, the same system-uuid in DMI] ***
Sunday 19 December 2021 16:24:15 +0100 (0:00:03.881) 0:00:03.918 *******
changed: [ts-473a-01]
TASK [RHSM | ensure system is registered with my activation key] ************************************************************************
Sunday 19 December 2021 16:24:16 +0100 (0:00:01.156) 0:00:05.074 *******
changed: [ts-473a-01]
TASK [RHSM | disable all repositories, next task will enable needed repos] **************************************************************
Sunday 19 December 2021 16:25:16 +0100 (0:00:59.466) 0:01:04.540 *******
changed: [ts-473a-01]
TASK [RHSM | ensure RHEL8 BaseOS repos needed for Ceph are enabled] *********************************************************************
Sunday 19 December 2021 16:26:54 +0100 (0:01:38.878) 0:02:43.419 *******
changed: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure group ansible exists] ***********************************************************************
Sunday 19 December 2021 16:28:27 +0100 (0:01:32.569) 0:04:15.989 *******
ok: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure we have a 'wheel' group] ********************************************************************
Sunday 19 December 2021 16:28:28 +0100 (0:00:00.614) 0:04:16.604 *******
ok: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure user ansible exists] ************************************************************************
Sunday 19 December 2021 16:28:28 +0100 (0:00:00.457) 0:04:17.061 *******
changed: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure authorized key for ansible exists] **********************************************************
Sunday 19 December 2021 16:28:29 +0100 (0:00:00.944) 0:04:18.005 *******
changed: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure authorized key for root exists] *************************************************************
Sunday 19 December 2021 16:28:30 +0100 (0:00:00.762) 0:04:18.768 *******
ok: [ts-473a-01]
TASK [pcfe.basic-security-setup : ensure selinux is running with enforcing] *************************************************************
Sunday 19 December 2021 16:28:30 +0100 (0:00:00.568) 0:04:19.337 *******
ok: [ts-473a-01]
TASK [pcfe.basic-security-setup : ensure ssh auth is via ssh-key only] ******************************************************************
Sunday 19 December 2021 16:28:31 +0100 (0:00:00.914) 0:04:20.251 *******
changed: [ts-473a-01]
TASK [pcfe.housenet : TIMEZONE | ensure timezone is Europe/Berlin] **********************************************************************
Sunday 19 December 2021 16:28:32 +0100 (0:00:00.593) 0:04:20.845 *******
ok: [ts-473a-01]
TASK [pcfe.housenet : YUM | ensure repo CentOS-Updates-HouseNet is enabled if on CentOS 7] **********************************************
Sunday 19 December 2021 16:28:32 +0100 (0:00:00.666) 0:04:21.511 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : YUM | ensure updates repo is disabled if on CentOS 7] *************************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.030) 0:04:21.541 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : YUM | ensure all security updates are applied if on CentOS 7 or later] ********************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.029) 0:04:21.571 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure repo fedora-updates-housenet is available if on Fedora 28 or 29] *************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.028) 0:04:21.599 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure updates repo is disabled if on Fedora 28 or 29] ******************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.029) 0:04:21.628 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure repo fedora-everything-housenet is enabled if on Fedora 28 or 29] ************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.028) 0:04:21.657 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure fedora repo is disabled if on Fedora 28 or 29] *******************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.032) 0:04:21.690 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | disable zchunk] *********************************************************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.029) 0:04:21.720 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | disable delta RPMs] *****************************************************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.029) 0:04:21.749 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure all security updates are applied if on Fedora >= 28] *************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.028) 0:04:21.777 *******
skipping: [ts-473a-01]
TASK [REPOS | ensure EPEL is disabled] **************************************************************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.028) 0:04:21.805 *******
ok: [ts-473a-01]
TASK [CHRONYD | ensure chrony is installed] *********************************************************************************************
Sunday 19 December 2021 16:28:33 +0100 (0:00:00.602) 0:04:22.408 *******
ok: [ts-473a-01]
TASK [CHRONYD | ensure chrony-wait is enabled] ******************************************************************************************
Sunday 19 December 2021 16:28:47 +0100 (0:00:13.908) 0:04:36.317 *******
changed: [ts-473a-01]
TASK [CHRONYD | ensure chronyd is enabled and running] **********************************************************************************
Sunday 19 December 2021 16:28:48 +0100 (0:00:01.155) 0:04:37.473 *******
ok: [ts-473a-01]
TASK [JOURNAL | ensure persistent logging for the systemd journal is possible] **********************************************************
Sunday 19 December 2021 16:28:49 +0100 (0:00:00.644) 0:04:38.117 *******
changed: [ts-473a-01]
TASK [SUDO | enable passwordless sudo for user ansible] *********************************************************************************
Sunday 19 December 2021 16:28:50 +0100 (0:00:00.605) 0:04:38.723 *******
changed: [ts-473a-01]
TASK [Ensure the ansible user can NOT log in with password] *****************************************************************************
Sunday 19 December 2021 16:28:51 +0100 (0:00:00.865) 0:04:39.588 *******
changed: [ts-473a-01]
TASK [package | ensure prerequisites needed in addition to minimal install are present] *************************************************
Sunday 19 December 2021 16:28:51 +0100 (0:00:00.769) 0:04:40.358 *******
changed: [ts-473a-01]
TASK [GRUB | ensure console blanking is disabled in defaults file] **********************************************************************
Sunday 19 December 2021 16:29:07 +0100 (0:00:15.319) 0:04:55.677 *******
changed: [ts-473a-01]
RUNNING HANDLER [pcfe.basic-security-setup : sshd | restart] ****************************************************************************
Sunday 19 December 2021 16:29:07 +0100 (0:00:00.468) 0:04:56.146 *******
changed: [ts-473a-01]
PLAY RECAP ******************************************************************************************************************************
ts-473a-01 : ok=23 changed=14 unreachable=0 failed=0 skipped=10 rescued=0 ignored=0
Sunday 19 December 2021 16:29:08 +0100 (0:00:00.685) 0:04:56.832 *******
===============================================================================
RHSM | disable all repositories, next task will enable needed repos ------------------------------------------------------------- 98.88s
RHSM | ensure RHEL8 BaseOS repos needed for Ceph are enabled -------------------------------------------------------------------- 92.57s
RHSM | ensure system is registered with my activation key ----------------------------------------------------------------------- 59.47s
package | ensure prerequisites needed in addition to minimal install are present ------------------------------------------------ 15.32s
CHRONYD | ensure chrony is installed -------------------------------------------------------------------------------------------- 13.91s
Gathering Facts ------------------------------------------------------------------------------------------------------------------ 3.88s
RHSM | ensure uuid override is derived from fqdn, QNAP TS-473A all seem to have, like all F5-422 I own, the same system-uuid in DMI --- 1.16s
CHRONYD | ensure chrony-wait is enabled ------------------------------------------------------------------------------------------ 1.16s
pcfe.user_owner : USER OWNER | ensure user ansible exists ------------------------------------------------------------------------ 0.94s
pcfe.basic-security-setup : ensure selinux is running with enforcing ------------------------------------------------------------- 0.91s
SUDO | enable passwordless sudo for user ansible --------------------------------------------------------------------------------- 0.87s
Ensure the ansible user can NOT log in with password ----------------------------------------------------------------------------- 0.77s
pcfe.user_owner : USER OWNER | ensure authorized key for ansible exists ---------------------------------------------------------- 0.76s
pcfe.basic-security-setup : sshd | restart --------------------------------------------------------------------------------------- 0.69s
pcfe.housenet : TIMEZONE | ensure timezone is Europe/Berlin ---------------------------------------------------------------------- 0.67s
CHRONYD | ensure chronyd is enabled and running ---------------------------------------------------------------------------------- 0.64s
pcfe.user_owner : USER OWNER | ensure group ansible exists ----------------------------------------------------------------------- 0.61s
JOURNAL | ensure persistent logging for the systemd journal is possible ---------------------------------------------------------- 0.61s
REPOS | ensure EPEL is disabled -------------------------------------------------------------------------------------------------- 0.60s
pcfe.basic-security-setup : ensure ssh auth is via ssh-key only ------------------------------------------------------------------ 0.59s
Log of qnap-ryzen-general-setup.yml run right after initial setup via qnap-ryzen-initial-setup-rhel8.yml (click to expand).
pcfe@t3600 pcfe.net (master) $ ansible-playbook --inventory ../inventories/pcfe.net.ini qnap-ryzen-general-setup.yml
PLAY [QNAP_Ryzen_boxes] *****************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************
Sunday 19 December 2021 16:33:42 +0100 (0:00:00.037) 0:00:00.037 *******
ok: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure group pcfe exists] **************************************************************************
Sunday 19 December 2021 16:33:45 +0100 (0:00:02.259) 0:00:02.297 *******
changed: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure we have a 'wheel' group] ********************************************************************
Sunday 19 December 2021 16:33:46 +0100 (0:00:00.977) 0:00:03.274 *******
ok: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure user pcfe exists] ***************************************************************************
Sunday 19 December 2021 16:33:46 +0100 (0:00:00.515) 0:00:03.790 *******
changed: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure authorized key for pcfe exists] *************************************************************
Sunday 19 December 2021 16:33:47 +0100 (0:00:01.021) 0:00:04.811 *******
changed: [ts-473a-01]
TASK [pcfe.user_owner : USER OWNER | ensure authorized key for root exists] *************************************************************
Sunday 19 December 2021 16:33:48 +0100 (0:00:00.814) 0:00:05.626 *******
ok: [ts-473a-01]
TASK [pcfe.basic-security-setup : ensure selinux is running with enforcing] *************************************************************
Sunday 19 December 2021 16:33:49 +0100 (0:00:00.635) 0:00:06.262 *******
ok: [ts-473a-01]
TASK [pcfe.basic-security-setup : ensure ssh auth is via ssh-key only] ******************************************************************
Sunday 19 December 2021 16:33:50 +0100 (0:00:00.923) 0:00:07.185 *******
ok: [ts-473a-01]
TASK [pcfe.housenet : TIMEZONE | ensure timezone is Europe/Berlin] **********************************************************************
Sunday 19 December 2021 16:33:50 +0100 (0:00:00.658) 0:00:07.843 *******
ok: [ts-473a-01]
TASK [pcfe.housenet : YUM | ensure repo CentOS-Updates-HouseNet is enabled if on CentOS 7] **********************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.737) 0:00:08.581 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : YUM | ensure updates repo is disabled if on CentOS 7] *************************************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.030) 0:00:08.612 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : YUM | ensure all security updates are applied if on CentOS 7 or later] ********************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.030) 0:00:08.642 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure repo fedora-updates-housenet is available if on Fedora 28 or 29] *************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.031) 0:00:08.673 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure updates repo is disabled if on Fedora 28 or 29] ******************************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.030) 0:00:08.703 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure repo fedora-everything-housenet is enabled if on Fedora 28 or 29] ************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.032) 0:00:08.736 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure fedora repo is disabled if on Fedora 28 or 29] *******************************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.028) 0:00:08.765 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | disable zchunk] *********************************************************************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.029) 0:00:08.794 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | disable delta RPMs] *****************************************************************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.030) 0:00:08.824 *******
skipping: [ts-473a-01]
TASK [pcfe.housenet : DNF | ensure all security updates are applied if on Fedora >= 28] *************************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.030) 0:00:08.854 *******
skipping: [ts-473a-01]
TASK [pcfe.comfort : COMFORT | ensure packages for comfortable shell use are installed] *************************************************
Sunday 19 December 2021 16:33:51 +0100 (0:00:00.029) 0:00:08.884 *******
changed: [ts-473a-01]
TASK [pcfe.comfort : screen for all Fedora, Debian, Enterprise Linux except el8] ********************************************************
Sunday 19 December 2021 16:34:12 +0100 (0:00:20.427) 0:00:29.312 *******
skipping: [ts-473a-01]
TASK [pcfe.comfort : COMFORT | on Fedora, also ensure fortune is installed] *************************************************************
Sunday 19 December 2021 16:34:12 +0100 (0:00:00.035) 0:00:29.347 *******
skipping: [ts-473a-01]
TASK [pcfe.comfort : BASH | my additions for pcfe .bashrc] ******************************************************************************
Sunday 19 December 2021 16:34:12 +0100 (0:00:00.032) 0:00:29.379 *******
changed: [ts-473a-01]
TASK [pcfe.comfort : BASH | my additions for pcfe .bash_profile] ************************************************************************
Sunday 19 December 2021 16:34:12 +0100 (0:00:00.664) 0:00:30.044 *******
changed: [ts-473a-01]
TASK [pcfe.comfort : BASH | my additions for root .bashrc] ******************************************************************************
Sunday 19 December 2021 16:34:13 +0100 (0:00:00.523) 0:00:30.568 *******
changed: [ts-473a-01]
TASK [pcfe.comfort : BASH | my additions for root .bash_profile] ************************************************************************
Sunday 19 December 2021 16:34:14 +0100 (0:00:00.520) 0:00:31.088 *******
changed: [ts-473a-01]
TASK [pcfe.comfort : SCREEN | fixup /etc/screenrc] **************************************************************************************
Sunday 19 December 2021 16:34:14 +0100 (0:00:00.510) 0:00:31.599 *******
skipping: [ts-473a-01]
TASK [PACKAGE | tool installation] ******************************************************************************************************
Sunday 19 December 2021 16:34:14 +0100 (0:00:00.033) 0:00:31.632 *******
changed: [ts-473a-01]
TASK [set hostname] *********************************************************************************************************************
Sunday 19 December 2021 16:34:36 +0100 (0:00:21.849) 0:00:53.481 *******
ok: [ts-473a-01]
TASK [COCKPIT | ensure packages for https://cockpit-project.org/ are installed] *********************************************************
Sunday 19 December 2021 16:34:37 +0100 (0:00:01.189) 0:00:54.671 *******
changed: [ts-473a-01]
TASK [COCKPIT | ensure cockpit.socket is started and enabled] ***************************************************************************
Sunday 19 December 2021 16:35:06 +0100 (0:00:28.513) 0:01:23.184 *******
changed: [ts-473a-01]
TASK [COCKPIT | ensure firewalld allows service cockpit in zone public] *****************************************************************
Sunday 19 December 2021 16:35:07 +0100 (0:00:01.272) 0:01:24.456 *******
ok: [ts-473a-01]
TASK [WATCHDOG | ensure kernel module sp5100_tco has correct options configured] ********************************************************
Sunday 19 December 2021 16:35:08 +0100 (0:00:01.013) 0:01:25.470 *******
changed: [ts-473a-01]
TASK [PACKAGE | ensure watchdog package is installed] ***********************************************************************************
Sunday 19 December 2021 16:35:08 +0100 (0:00:00.539) 0:01:26.010 *******
changed: [ts-473a-01]
TASK [WATCHDOG | ensure correct watchdog-device is used by watchdog.service] ************************************************************
Sunday 19 December 2021 16:35:19 +0100 (0:00:10.751) 0:01:36.762 *******
changed: [ts-473a-01]
TASK [WATCHDOG | ensure timeout is set to 30 seconds for watchdog.service] **************************************************************
Sunday 19 December 2021 16:35:20 +0100 (0:00:00.586) 0:01:37.348 *******
changed: [ts-473a-01]
TASK [WATCHDOG | ensure watchdog.service is disabled] ***********************************************************************************
Sunday 19 December 2021 16:35:20 +0100 (0:00:00.585) 0:01:37.934 *******
ok: [ts-473a-01]
TASK [SYSTEMD | ensure systemd watchdog is enabled] *************************************************************************************
Sunday 19 December 2021 16:35:21 +0100 (0:00:00.704) 0:01:38.638 *******
changed: [ts-473a-01]
TASK [SYSTEMD | ensure systemd shutdown watchdog is enabled] ****************************************************************************
Sunday 19 December 2021 16:35:22 +0100 (0:00:00.550) 0:01:39.189 *******
changed: [ts-473a-01]
TASK [PACKAGE | ensure rng-tools package is installed] **********************************************************************************
Sunday 19 December 2021 16:35:22 +0100 (0:00:00.539) 0:01:39.728 *******
changed: [ts-473a-01]
TASK [RNGD | ensure rngd.service is enabled and started] ********************************************************************************
Sunday 19 December 2021 16:35:33 +0100 (0:00:11.174) 0:01:50.903 *******
changed: [ts-473a-01]
TASK [TUNED | ensure tuned.service is enabled and running] ******************************************************************************
Sunday 19 December 2021 16:35:34 +0100 (0:00:00.757) 0:01:51.660 *******
ok: [ts-473a-01]
TASK [TUNED | check which tuned profile is active] **************************************************************************************
Sunday 19 December 2021 16:35:35 +0100 (0:00:00.749) 0:01:52.410 *******
ok: [ts-473a-01]
TASK [TUNED | activate tuned profile powersave] *****************************************************************************************
Sunday 19 December 2021 16:35:36 +0100 (0:00:00.898) 0:01:53.308 *******
changed: [ts-473a-01]
TASK [PACKAGE | ensure podman is installed] *********************************************************************************************
Sunday 19 December 2021 16:35:40 +0100 (0:00:03.839) 0:01:57.147 *******
changed: [ts-473a-01]
TASK [PACKAGE | ensure setroubleshoot for headless server is installed] *****************************************************************
Sunday 19 December 2021 16:37:23 +0100 (0:01:43.326) 0:03:40.474 *******
ok: [ts-473a-01]
TASK [MONITORING | ensure packages for monitoring are installed] ************************************************************************
Sunday 19 December 2021 16:37:31 +0100 (0:00:08.464) 0:03:48.939 *******
changed: [ts-473a-01]
TASK [MONITORING | ensure firewalld permits 6556 in zone public for check-mk-agent] *****************************************************
Sunday 19 December 2021 16:37:42 +0100 (0:00:10.854) 0:03:59.794 *******
changed: [ts-473a-01]
TASK [MONITORING | ensure tarsnap cache is in fileinfo] *********************************************************************************
Sunday 19 December 2021 16:37:43 +0100 (0:00:00.908) 0:04:00.702 *******
changed: [ts-473a-01]
TASK [MONITORING | ensure entropy_avail plugin for Check_MK is present] *****************************************************************
Sunday 19 December 2021 16:37:44 +0100 (0:00:01.088) 0:04:01.791 *******
changed: [ts-473a-01]
TASK [MONITORING | plugins from running CEE instance] ***********************************************************************************
Sunday 19 December 2021 16:37:46 +0100 (0:00:01.315) 0:04:03.106 *******
changed: [ts-473a-01] => (item=smart)
changed: [ts-473a-01] => (item=lvm)
TASK [MONITORING | ensure check_mk.socket is started and enabled] ***********************************************************************
Sunday 19 December 2021 16:37:47 +0100 (0:00:01.478) 0:04:04.585 *******
ok: [ts-473a-01]
TASK [GRUB | ensure initrd for RHEL 8.5 kickstart is present] ***************************************************************************
Sunday 19 December 2021 16:37:48 +0100 (0:00:00.760) 0:04:05.346 *******
changed: [ts-473a-01]
TASK [GRUB | ensure kernel for RHEL 8.5 kickstart is present] ***************************************************************************
Sunday 19 December 2021 16:37:50 +0100 (0:00:01.878) 0:04:07.225 *******
changed: [ts-473a-01]
TASK [GRUB | ensure kickstarting RHEL 8.5 entry is present] *****************************************************************************
Sunday 19 December 2021 16:37:50 +0100 (0:00:00.838) 0:04:08.063 *******
changed: [ts-473a-01]
TASK [package | ensure all updates are applied] *****************************************************************************************
Sunday 19 December 2021 16:37:52 +0100 (0:00:01.052) 0:04:09.116 *******
changed: [ts-473a-01]
RUNNING HANDLER [grub2-mkconfig | run] **************************************************************************************************
Sunday 19 December 2021 16:40:14 +0100 (0:02:22.799) 0:06:31.915 *******
changed: [ts-473a-01]
PLAY RECAP ******************************************************************************************************************************
ts-473a-01 : ok=44 changed=31 unreachable=0 failed=0 skipped=13 rescued=0 ignored=0
Sunday 19 December 2021 16:40:20 +0100 (0:00:05.779) 0:06:37.694 *******
===============================================================================
package | ensure all updates are applied --------------------------------------------------------------------------------------- 142.80s
PACKAGE | ensure podman is installed ------------------------------------------------------------------------------------------- 103.33s
COCKPIT | ensure packages for https://cockpit-project.org/ are installed -------------------------------------------------------- 28.51s
PACKAGE | tool installation ----------------------------------------------------------------------------------------------------- 21.85s
pcfe.comfort : COMFORT | ensure packages for comfortable shell use are installed ------------------------------------------------ 20.43s
PACKAGE | ensure rng-tools package is installed --------------------------------------------------------------------------------- 11.17s
MONITORING | ensure packages for monitoring are installed ----------------------------------------------------------------------- 10.85s
PACKAGE | ensure watchdog package is installed ---------------------------------------------------------------------------------- 10.75s
PACKAGE | ensure setroubleshoot for headless server is installed ----------------------------------------------------------------- 8.46s
grub2-mkconfig | run ------------------------------------------------------------------------------------------------------------- 5.78s
TUNED | activate tuned profile powersave ----------------------------------------------------------------------------------------- 3.84s
Gathering Facts ------------------------------------------------------------------------------------------------------------------ 2.26s
GRUB | ensure initrd for RHEL 8.5 kickstart is present --------------------------------------------------------------------------- 1.88s
MONITORING | plugins from running CEE instance ----------------------------------------------------------------------------------- 1.48s
MONITORING | ensure entropy_avail plugin for Check_MK is present ----------------------------------------------------------------- 1.32s
COCKPIT | ensure cockpit.socket is started and enabled --------------------------------------------------------------------------- 1.27s
set hostname --------------------------------------------------------------------------------------------------------------------- 1.19s
MONITORING | ensure tarsnap cache is in fileinfo --------------------------------------------------------------------------------- 1.09s
GRUB | ensure kickstarting RHEL 8.5 entry is present ----------------------------------------------------------------------------- 1.05s
pcfe.user_owner : USER OWNER | ensure user pcfe exists --------------------------------------------------------------------------- 1.02s