QNAP TS-473A with RHEL8

Table of Contents

I installed Red Hat Enterprise Linux 8 on my QNAP TS-473A.

temporary placeholder image

These are my installation notes.

Used Hardware

I assembled the following:

  • QNAP TS-473 4-bay NAS with AMD Ryzen Embedded V1500B 4-core/8-thread @ 2.2 GHz CPU
  • QNAP QXG-10G2SF-CX4 2x 10 GbE SFP+ network card
  • ASUS GeForce GT 1030 BRK 2.0 GB GPU
  • 500GB Samsung SSD 980 NVMe M.2 2280 PCIe 3.0 V-NAND MLC
  • 2TB Crucial P2 M.2 NVMe
  • 64 GiB RAM, G.Skill F4-3200C22D-64GRS (that is a kit containing 2x 32G SO-DIMMs that each report as F4-3200C22-32GRS)
  • 4x 1TB HDD, for now, these might be replaced later with something larger

Firmware Settings

  1. ensure you have added a GPU to the TS-x73A
  2. connect screen and keyboard
  3. enter firmware setup by pressing Del or Esc during power on self test (POST)
  4. Boot / Quiet Boot: Disabled (simply so I get shown on screen which key to press during POST to enter UEFI)
  5. Boot / Boot Option Priorities: as you see fit. I disabled USB DISK MODULE PMAP and reordered the others to my liking.
  6. Save & Exit: Save Changes and Exit

Note that if you ever want to return to QTS, you must re-enable the USB DISK MODULE PMAP to be able to successfully boot from it by selecting it at Save & Exit / Boot Override.

Firmware Details

As of 2021-12-18 I have the following:

Aptio Setup Utility Version 2.20.1274

description value
BIOS Vendor American Megatrends
Core Version 5.14
Compliancy UEFI 2.7; PI 1.6
Project Version Q07DAR12
Build Date and Time 05/03/2021 10:59:15
Total Memory Total Memory 65536 MB (DDR4)
Memory Frequency 2400 MHz
EC Version Q07DE008

Interactive Install

Since the TS-x73A does not offer PXE boot from the on-bard network interfaces, and I have no UEFI HTTP boot setup yet, I made one initial install, interactively, from a RHEL 8.5 boot stick.

  1. create USB boot medium as per docs with dd if=rhel-8.1-x86_64-boot.iso of=/dev/sdd status=progress
  2. ensure you have added a GPU to the TS-x73A
  3. connect screen, keyboard, mouse and USB boot medium
  4. enter firmware setup by pressing Del or Esc during power on self test (POST)
  5. Save & Exit / Boot Override_: select your USB stick
  6. TS-x73A boots from USB
  7. install RHEL8

Enable Network Installs Started from GRUB

Because I want to be able to easily kickstart this machine and I have no wish to muck around with USB sticks, I added a boot target to the installed RHEL8’s GRand Unified Bootloader (GRUB) with Ansible.

It's just a handler and 3 tasks (click to expand).
  handlers:
    - name: grub2-mkconfig | run
      command: grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg

  tasks:
    - name: "GRUB | ensure initrd for RHEL 8.5 kickstart is present"
      get_url:
        url: "ftp://fileserver.internal.pcfe.net/pub/redhat/RHEL/RHEL-8.5/Server/x86_64/os/images/pxeboot/initrd.img"
        dest: "/boot/initrd-kickstart-rhel85.img"
        mode: "0644"
    - name: "GRUB | ensure kernel for RHEL 8.5 kickstart is present"
      get_url:
        url: "ftp://fileserver.internal.pcfe.net/pub/redhat/RHEL/RHEL-8.5/Server/x86_64/os/images/pxeboot/vmlinuz"
        dest: "/boot/vmlinuz-kickstart-rhel85"
        mode: "0755"
    - name: "GRUB | ensure kickstarting RHEL 8.5 entry is present"
      copy:
        dest: "/etc/grub.d/11_RHEL85_kickstart"
        owner: "root"
        group: "root"
        mode: 0755
        content: |
          #!/bin/sh
          exec tail -n +3 $0
          # This file provides an easy way to add custom menu entries.  Simply type the
          # menu entries you want to add after this comment.  Be careful not to change
          # the 'exec tail' line above.
          menuentry "WARNING Kickstart this box with RHEL 8.5 as a TS-x73A ceph node WARNING" {
              linuxefi /vmlinuz-kickstart-rhel85 ip=dhcp inst.repo=ftp://fileserver.internal.pcfe.net/pub/redhat/RHEL/RHEL-8.5/Server/x86_64/os inst.ks=ftp://fileserver.internal.pcfe.net/pub/kickstart/RHEL85-QNAP-TS-473A-ks.cfg
              initrdefi /initrd-kickstart-rhel85.img
          }          
      notify: grub2-mkconfig | run

Disable the on-board 5GB USB Stick

This on-board USB stick is used for installing QTS 5.0 or QuTS hero. I backed its content up while the TS-473A was still running QTS. Still, I want to leave it untouched for now.

The following creates a udev rule that triggers a de-authorize of the device. The bus will put the device into suspend mode, and it’ll never become active.

Extract from my kickstart file:

cat <<EOF >>/etc/udev/rules.d/75-disable-5GB-on-board-stick.rules
# The on-board 5GB stick should be disabled
# I currently have no use for it and leaving it untouched allows a reset to the shipped state
# by choosing the USB stick as boot target during POST
# c.f. https://projectgus.com/2014/09/blacklisting-a-single-usb-device-from-linux/
SUBSYSTEM=="usb", ATTRS{idVendor}=="1005", ATTRS{idProduct}=="b155", ATTR{authorized}="0"
EOF
chown root.root /etc/udev/rules.d/75-disable-5GB-on-board-stick.rules
chmod 644 /etc/udev/rules.d/75-disable-5GB-on-board-stick.rules
restorecon /etc/udev/rules.d/75-disable-5GB-on-board-stick.rules

Do not forget to activate the new udev rule with udevadm control --reload-rules.

Disk by-path Mappings

On machines with multiple storage devices (/dev/sda, /dev/sdb, /dev/nvme0n1, etc, etc) I really prefer to address storage devices via /dev/disk/by-path/…. The mappings for my TS-473A follow:

slot by-path note
NVMe slot 1 /dev/disk/by-path/pci-0000:03:00.0-nvme-1 the top slot
NVMe slot 2 /dev/disk/by-path/pci-0000:04:00.0-nvme-1 the bottom slot
HDD bay 1 /dev/disk/by-path/pci-0000:07:00.0-ata-1 bay furthest away from the power button
HDD bay 2 /dev/disk/by-path/pci-0000:07:00.0-ata-2
HDD bay 3 /dev/disk/by-path/pci-0000:09:00.0-ata-1
HDD bay 4 /dev/disk/by-path/pci-0000:09:00.0-ata-2 bay closest to the power button

Watchdog

The TS-x73A comes with a hardware watchdog. A SP5100 TCO timer.

Watchdog Setup

To use it, I use the following (hopefully self-explanatory) Ansible tasks:

    # # enable watchdog
    # # it's a
    # Dec 19 15:09:08 ts-473a-01.internal.pcfe.net kernel: sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver
    # Dec 19 15:09:08 ts-473a-01.internal.pcfe.net kernel: sp5100-tco sp5100-tco: Using 0xfeb00000 for watchdog MMIO address
    # and modinfo says
    # parm:           heartbeat:Watchdog heartbeat in seconds. (default=60) (int)
    # parm:           nowayout:Watchdog cannot be stopped once started. (default=0) (bool)
    - name: "WATCHDOG | ensure kernel module sp5100_tco has correct options configured"
      lineinfile:
        path:         /etc/modprobe.d/sp5100_tco.conf
        create:       true
        regexp:       '^options '
        insertafter:  '^#options'
        line:         'options sp5100_tco nowayout=0'

    # configure both watchdog.service and systemd watchdog, but only use the latter
    - name: "PACKAGE | ensure watchdog package is installed"
      package:
        name:         watchdog
        state:        present
        update_cache: no
    - name: "WATCHDOG | ensure correct watchdog-device is used by watchdog.service"
      lineinfile:
        path:         /etc/watchdog.conf
        regexp:       '^watchdog-device'
        insertafter:  '^#watchdog-device'
        line:         'watchdog-device = /dev/watchdog0'
    - name: "WATCHDOG | ensure timeout is set to 30 seconds for watchdog.service"
      lineinfile:
        path:         /etc/watchdog.conf
        regexp:       '^watchdog-timeout'
        insertafter:  '^#watchdog-timeout'
        line:         'watchdog-timeout = 30'
    # Using systemd watchdog rather than watchdog.service
    - name: "WATCHDOG | ensure watchdog.service is disabled"
      systemd:
        name:         watchdog.service
        state:        stopped
        enabled:      false
    # configure systemd watchdog
    # c.f. http://0pointer.de/blog/projects/watchdog.html
    - name: "SYSTEMD | ensure systemd watchdog is enabled"
      lineinfile:
        path:         /etc/systemd/system.conf
        regexp:       '^RuntimeWatchdogSec'
        insertafter:  'EOF'
        line:         'RuntimeWatchdogSec=30'
    - name: "SYSTEMD | ensure systemd shutdown watchdog is enabled"
      lineinfile:
        path:         /etc/systemd/system.conf
        regexp:       '^ShutdownWatchdogSec'
        insertafter:  'EOF'
        line:         'ShutdownWatchdogSec=30'

Watchdog Test

Verify that the watchdog works as expected.

As root, on the TS-x73A:

  • verify that you see the watchdog in the logs since bootup
  • forcefully crash the box
[root@ts-473a-01 ~]# journalctl -b --grep watchdog
-- Logs begin at [...], end at [...]. --
[...] kernel: NMI watchdog: Enabled. Permanently consumes one hw-PMU counter.
[...] kernel: sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver
[...] kernel: sp5100-tco sp5100-tco: Using 0xfeb00000 for watchdog MMIO address
[...] systemd[1]: Hardware watchdog 'SP5100 TCO timer', version 0
[...] systemd[1]: Set hardware watchdog to 30s.
[root@ts-473a-01 ~]# echo '1' > /proc/sys/kernel/sysrq
[root@ts-473a-01 ~]# date ; echo 'c' > /proc/sysrq-trigger

As expected, I see an Oops output on the graphical console and the TS-x73A reboots about 30 seconds later. Since kdump is set up, I also see the expected files in /var/crash/.

PowerTOP Autotuning at Boot

/usr/lib/systemd/system/powertop.service (as shipped by powertop-2.14-1.el8.x86_64) already contains all I want (this is a modern mobo, so my expectation is to start by enabling all tunables and only disable specific ones if I have issues):

[Unit]
Description=PowerTOP autotuner

[Service]
Type=oneshot
ExecStart=/usr/sbin/powertop --auto-tune

[Install]
WantedBy=multi-user.target

So all that’s left to do is to ensure it is run once at boot;

    - name: "POWER SAVING | ensure powertop autotune service runs once at boot"
      systemd:
        name:       powertop
        state:      stopped
        enabled:    True

Unstructured notes, remove when added to relevant sections

ACPI BIOS Error

I get this at boot, analyse.

Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: fbcon: Taking over console
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI: Video Device [VGA] (multi-head: yes  rom: no  post: no)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI BIOS Error (bug): Could not resolve symbol [\_SB.PCI0.GP17.VGA.LCD._BCM.AFN7], AE_NOT_FOUND (20210105/psargs-330)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI Error: Aborting method \_SB.PCI0.GP17.VGA.LCD._BCM due to previous error (AE_NOT_FOUND) (20210105/psparse-531)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: ACPI Error: Evaluating _BCM failed (20210105/video-370)
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:11/LNXVIDEO:00/input/input2
Dec 19 19:22:02 ts-473a-01.internal.pcfe.net kernel: Console: switching to colour frame buffer device 100x37

Seems to be a firmware issue related to LCD backlight, I’m not fussed.

UEFI but no SecureBoot

[root@ts-473a-01 ~]# efibootmgr 
BootCurrent: 0000
Timeout: 5 seconds
BootOrder: 0000,0006,0007,0002,0003,0008,0009
Boot0000* Red Hat Enterprise Linux
Boot0002* UEFI: Built-in EFI Shell
Boot0003   USB DISK MODULE PMAP
Boot0006* Samsung SSD 980 500GB
Boot0007* CT2000P2SSD8
Boot0008  Hitachi HDE721010SLA330
Boot0009  HUS722T1TALA600
[root@ts-473a-01 ~]# mokutil --sb-state 
SecureBoot disabled

Network booting

FIXME: find a way to PXE boot or HTTP boot from the EFI shell.

For UEFI HTTP boot setup, see https://www.redhat.com/sysadmin/uefi-http-boot-libvirt plus https://en.opensuse.org/UEFI_HTTPBoot_Server_Setup

Maybe https://ipxe.org/appnote/uefihttp?

https://uefi.org/sites/default/files/resources/UEFI_Plugfest_May_2015_HTTP_Boot_Redfish_Samer_El-Haj_ver1.2.pdf might also be useful.

Or put iPXE on the 5 GB on-board USB stick. Putting it on nvme0n1p1 as per https://wiki.archlinux.org/title/Netboot#Installation_with_efibootmgr seems to work, but it’s not happy with the shim I serve from nuc7

PPC Adjustment

What is a reasonable setting for Advanced / CPU Configuration / PPC Adjustement? The Aptio Setup Utility 12.20.1274 offers me PState0, PState 1 and PState 2 with a help text that reads “Provide to adjust _PPC object”. https://lore.kernel.org/lkml/20211130123641.1449041-1-ray.huang@amd.com/ might help.

For now I left it at the default setting, PState0

Heatsinks

Heatsinks mounted, right after boot I get these temperatures

[root@ts-473a-01 ~]# nvme smart-log /dev/nvme0n1
Smart Log for NVME device:nvme0n1 namespace-id:ffffffff
critical_warning                    : 0
temperature                         : 30 C
available_spare                     : 100%
available_spare_threshold           : 10%
percentage_used                     : 0%
data_units_read                     : 71.331
data_units_written                  : 6.356
host_read_commands                  : 168.429
host_write_commands                 : 39.443
controller_busy_time                : 1
power_cycles                        : 18
power_on_hours                      : 30
unsafe_shutdowns                    : 3
media_errors                        : 0
num_err_log_entries                 : 0
Warning Temperature Time            : 0
Critical Composite Temperature Time : 0
Temperature Sensor 1                : 30 C
Temperature Sensor 2                : 32 C
Thermal Management T1 Trans Count   : 0
Thermal Management T2 Trans Count   : 0
Thermal Management T1 Total Time    : 0
Thermal Management T2 Total Time    : 0
[root@ts-473a-01 ~]# 
[root@ts-473a-01 ~]# nvme smart-log /dev/nvme1n1
Smart Log for NVME device:nvme1n1 namespace-id:ffffffff
critical_warning                    : 0
temperature                         : 31 C
available_spare                     : 100%
available_spare_threshold           : 5%
percentage_used                     : 0%
data_units_read                     : 148.674
data_units_written                  : 139.728
host_read_commands                  : 563.519
host_write_commands                 : 767.591
controller_busy_time                : 21
power_cycles                        : 17
power_on_hours                      : 41
unsafe_shutdowns                    : 3
media_errors                        : 0
num_err_log_entries                 : 0
Warning Temperature Time            : 0
Critical Composite Temperature Time : 0
Thermal Management T1 Trans Count   : 0
Thermal Management T2 Trans Count   : 0
Thermal Management T1 Total Time    : 0
Thermal Management T2 Total Time    : 0
[root@ts-473a-01 ~]# uptime
 14:47:04 up  2:37,  2 users,  load average: 0,10, 0,10, 0,09
[root@ts-473a-01 ~]# nvme smart-log /dev/nvme0n1
Smart Log for NVME device:nvme0n1 namespace-id:ffffffff
critical_warning                        : 0
temperature                             : 34 C
available_spare                         : 100%
available_spare_threshold               : 10%
percentage_used                         : 0%
endurance group critical warning summary: 0
data_units_read                         : 110.433
data_units_written                      : 44.084
host_read_commands                      : 493.650
host_write_commands                     : 375.271
controller_busy_time                    : 2
power_cycles                            : 24
power_on_hours                          : 32
unsafe_shutdowns                        : 4
media_errors                            : 0
num_err_log_entries                     : 0
Warning Temperature Time                : 0
Critical Composite Temperature Time     : 0
Temperature Sensor 1                    : 34 C
Temperature Sensor 2                    : 36 C
Thermal Management T1 Trans Count       : 0
Thermal Management T2 Trans Count       : 1
Thermal Management T1 Total Time        : 0
Thermal Management T2 Total Time        : 0
[root@ts-473a-01 ~]# nvme smart-log /dev/nvme1n1
Smart Log for NVME device:nvme1n1 namespace-id:ffffffff
critical_warning                        : 0
temperature                             : 36 C
available_spare                         : 100%
available_spare_threshold               : 5%
percentage_used                         : 0%
endurance group critical warning summary: 0
data_units_read                         : 148.909
data_units_written                      : 158.461
host_read_commands                      : 570.673
host_write_commands                     : 823.844
controller_busy_time                    : 22
power_cycles                            : 23
power_on_hours                          : 52
unsafe_shutdowns                        : 4
media_errors                            : 0
num_err_log_entries                     : 28
Warning Temperature Time                : 0
Critical Composite Temperature Time     : 0
Thermal Management T1 Trans Count       : 0
Thermal Management T2 Trans Count       : 0
Thermal Management T1 Total Time        : 0
Thermal Management T2 Total Time        : 0

A while later, yes I used both NVMe a bit between the previous reading and the following one.

Uptime was about 45 minutes.

[root@ts-473a-01 ~]# date ; nvme smart-log /dev/nvme0n1
Fri Dec 24 14:34:10 CET 2021
Smart Log for NVME device:nvme0n1 namespace-id:ffffffff
critical_warning                        : 0
temperature                             : 34 C
available_spare                         : 100%
available_spare_threshold               : 10%
percentage_used                         : 0%
endurance group critical warning summary: 0
data_units_read                         : 481.067
data_units_written                      : 127.887
host_read_commands                      : 1.970.759
host_write_commands                     : 1.063.143
controller_busy_time                    : 8
power_cycles                            : 34
power_on_hours                          : 42
unsafe_shutdowns                        : 6
media_errors                            : 0
num_err_log_entries                     : 0
Warning Temperature Time                : 0
Critical Composite Temperature Time     : 0
Temperature Sensor 1                    : 34 C
Temperature Sensor 2                    : 37 C
Thermal Management T1 Trans Count       : 0
Thermal Management T2 Trans Count       : 2
Thermal Management T1 Total Time        : 0
Thermal Management T2 Total Time        : 0
[root@ts-473a-01 ~]# date ; nvme smart-log /dev/nvme1n1
Fri Dec 24 14:34:26 CET 2021
Smart Log for NVME device:nvme1n1 namespace-id:ffffffff
critical_warning                        : 0
temperature                             : 36 C
available_spare                         : 100%
available_spare_threshold               : 5%
percentage_used                         : 0%
endurance group critical warning summary: 0
data_units_read                         : 160.247
data_units_written                      : 537.920
host_read_commands                      : 635.173
host_write_commands                     : 2.147.570
controller_busy_time                    : 37
power_cycles                            : 33
power_on_hours                          : 98
unsafe_shutdowns                        : 6
media_errors                            : 0
num_err_log_entries                     : 28
Warning Temperature Time                : 0
Critical Composite Temperature Time     : 0
Thermal Management T1 Trans Count       : 0
Thermal Management T2 Trans Count       : 0
Thermal Management T1 Total Time        : 0
Thermal Management T2 Total Time        : 0

Ansible Logs

Log of qnap-ryzen-initial-setup-rhel8.yml run right after kickstarting the box. (click to expand).
pcfe@t3600 pcfe.net (master) $ ansible-playbook --inventory ../inventories/pcfe.net.ini qnap-ryzen-initial-setup-rhel8.yml 

PLAY [QNAP_Ryzen_boxes] *****************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************
Sunday 19 December 2021  16:24:11 +0100 (0:00:00.036)       0:00:00.036 ******* 
The authenticity of host 'ts-473a-01 (192.168.50.123)' can't be established.
ED25519 key fingerprint is SHA256:lnVxO5g9BKI2yL/aS1fQCXEt5+Qy/bAZFwV+A8K9MeA.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
ok: [ts-473a-01]

TASK [RHSM | ensure uuid override is derived from fqdn, QNAP TS-473A all seem to have, like all F5-422 I own, the same system-uuid in DMI] ***
Sunday 19 December 2021  16:24:15 +0100 (0:00:03.881)       0:00:03.918 ******* 
changed: [ts-473a-01]

TASK [RHSM | ensure system is registered with my activation key] ************************************************************************
Sunday 19 December 2021  16:24:16 +0100 (0:00:01.156)       0:00:05.074 ******* 
changed: [ts-473a-01]

TASK [RHSM | disable all repositories, next task will enable needed repos] **************************************************************
Sunday 19 December 2021  16:25:16 +0100 (0:00:59.466)       0:01:04.540 ******* 
changed: [ts-473a-01]

TASK [RHSM | ensure RHEL8 BaseOS repos needed for Ceph are enabled] *********************************************************************
Sunday 19 December 2021  16:26:54 +0100 (0:01:38.878)       0:02:43.419 ******* 
changed: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure group ansible exists] ***********************************************************************
Sunday 19 December 2021  16:28:27 +0100 (0:01:32.569)       0:04:15.989 ******* 
ok: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure we have a 'wheel' group] ********************************************************************
Sunday 19 December 2021  16:28:28 +0100 (0:00:00.614)       0:04:16.604 ******* 
ok: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure user ansible exists] ************************************************************************
Sunday 19 December 2021  16:28:28 +0100 (0:00:00.457)       0:04:17.061 ******* 
changed: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure authorized key for ansible exists] **********************************************************
Sunday 19 December 2021  16:28:29 +0100 (0:00:00.944)       0:04:18.005 ******* 
changed: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure authorized key for root exists] *************************************************************
Sunday 19 December 2021  16:28:30 +0100 (0:00:00.762)       0:04:18.768 ******* 
ok: [ts-473a-01]

TASK [pcfe.basic-security-setup : ensure selinux is running with enforcing] *************************************************************
Sunday 19 December 2021  16:28:30 +0100 (0:00:00.568)       0:04:19.337 ******* 
ok: [ts-473a-01]

TASK [pcfe.basic-security-setup : ensure ssh auth is via ssh-key only] ******************************************************************
Sunday 19 December 2021  16:28:31 +0100 (0:00:00.914)       0:04:20.251 ******* 
changed: [ts-473a-01]

TASK [pcfe.housenet : TIMEZONE | ensure timezone is Europe/Berlin] **********************************************************************
Sunday 19 December 2021  16:28:32 +0100 (0:00:00.593)       0:04:20.845 ******* 
ok: [ts-473a-01]

TASK [pcfe.housenet : YUM | ensure repo CentOS-Updates-HouseNet is enabled if on CentOS 7] **********************************************
Sunday 19 December 2021  16:28:32 +0100 (0:00:00.666)       0:04:21.511 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : YUM | ensure updates repo is disabled if on CentOS 7] *************************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.030)       0:04:21.541 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : YUM | ensure all security updates are applied if on CentOS 7 or later] ********************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.029)       0:04:21.571 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure repo fedora-updates-housenet is available if on Fedora 28 or 29] *************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.028)       0:04:21.599 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure updates repo is disabled if on Fedora 28 or 29] ******************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.029)       0:04:21.628 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure repo fedora-everything-housenet is enabled if on Fedora 28 or 29] ************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.028)       0:04:21.657 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure fedora repo is disabled if on Fedora 28 or 29] *******************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.032)       0:04:21.690 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | disable zchunk] *********************************************************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.029)       0:04:21.720 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | disable delta RPMs] *****************************************************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.029)       0:04:21.749 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure all security updates are applied if on Fedora >= 28] *************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.028)       0:04:21.777 ******* 
skipping: [ts-473a-01]

TASK [REPOS | ensure EPEL is disabled] **************************************************************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.028)       0:04:21.805 ******* 
ok: [ts-473a-01]

TASK [CHRONYD | ensure chrony is installed] *********************************************************************************************
Sunday 19 December 2021  16:28:33 +0100 (0:00:00.602)       0:04:22.408 ******* 
ok: [ts-473a-01]

TASK [CHRONYD | ensure chrony-wait is enabled] ******************************************************************************************
Sunday 19 December 2021  16:28:47 +0100 (0:00:13.908)       0:04:36.317 ******* 
changed: [ts-473a-01]

TASK [CHRONYD | ensure chronyd is enabled and running] **********************************************************************************
Sunday 19 December 2021  16:28:48 +0100 (0:00:01.155)       0:04:37.473 ******* 
ok: [ts-473a-01]

TASK [JOURNAL | ensure persistent logging for the systemd journal is possible] **********************************************************
Sunday 19 December 2021  16:28:49 +0100 (0:00:00.644)       0:04:38.117 ******* 
changed: [ts-473a-01]

TASK [SUDO | enable passwordless sudo for user ansible] *********************************************************************************
Sunday 19 December 2021  16:28:50 +0100 (0:00:00.605)       0:04:38.723 ******* 
changed: [ts-473a-01]

TASK [Ensure the ansible user can NOT log in with password] *****************************************************************************
Sunday 19 December 2021  16:28:51 +0100 (0:00:00.865)       0:04:39.588 ******* 
changed: [ts-473a-01]

TASK [package | ensure prerequisites needed in addition to minimal install are present] *************************************************
Sunday 19 December 2021  16:28:51 +0100 (0:00:00.769)       0:04:40.358 ******* 
changed: [ts-473a-01]

TASK [GRUB | ensure console blanking is disabled in defaults file] **********************************************************************
Sunday 19 December 2021  16:29:07 +0100 (0:00:15.319)       0:04:55.677 ******* 
changed: [ts-473a-01]

RUNNING HANDLER [pcfe.basic-security-setup : sshd | restart] ****************************************************************************
Sunday 19 December 2021  16:29:07 +0100 (0:00:00.468)       0:04:56.146 ******* 
changed: [ts-473a-01]

PLAY RECAP ******************************************************************************************************************************
ts-473a-01                 : ok=23   changed=14   unreachable=0    failed=0    skipped=10   rescued=0    ignored=0   

Sunday 19 December 2021  16:29:08 +0100 (0:00:00.685)       0:04:56.832 ******* 
=============================================================================== 
RHSM | disable all repositories, next task will enable needed repos ------------------------------------------------------------- 98.88s
RHSM | ensure RHEL8 BaseOS repos needed for Ceph are enabled -------------------------------------------------------------------- 92.57s
RHSM | ensure system is registered with my activation key ----------------------------------------------------------------------- 59.47s
package | ensure prerequisites needed in addition to minimal install are present ------------------------------------------------ 15.32s
CHRONYD | ensure chrony is installed -------------------------------------------------------------------------------------------- 13.91s
Gathering Facts ------------------------------------------------------------------------------------------------------------------ 3.88s
RHSM | ensure uuid override is derived from fqdn, QNAP TS-473A all seem to have, like all F5-422 I own, the same system-uuid in DMI --- 1.16s
CHRONYD | ensure chrony-wait is enabled ------------------------------------------------------------------------------------------ 1.16s
pcfe.user_owner : USER OWNER | ensure user ansible exists ------------------------------------------------------------------------ 0.94s
pcfe.basic-security-setup : ensure selinux is running with enforcing ------------------------------------------------------------- 0.91s
SUDO | enable passwordless sudo for user ansible --------------------------------------------------------------------------------- 0.87s
Ensure the ansible user can NOT log in with password ----------------------------------------------------------------------------- 0.77s
pcfe.user_owner : USER OWNER | ensure authorized key for ansible exists ---------------------------------------------------------- 0.76s
pcfe.basic-security-setup : sshd | restart --------------------------------------------------------------------------------------- 0.69s
pcfe.housenet : TIMEZONE | ensure timezone is Europe/Berlin ---------------------------------------------------------------------- 0.67s
CHRONYD | ensure chronyd is enabled and running ---------------------------------------------------------------------------------- 0.64s
pcfe.user_owner : USER OWNER | ensure group ansible exists ----------------------------------------------------------------------- 0.61s
JOURNAL | ensure persistent logging for the systemd journal is possible ---------------------------------------------------------- 0.61s
REPOS | ensure EPEL is disabled -------------------------------------------------------------------------------------------------- 0.60s
pcfe.basic-security-setup : ensure ssh auth is via ssh-key only ------------------------------------------------------------------ 0.59s
Log of qnap-ryzen-general-setup.yml run right after initial setup via qnap-ryzen-initial-setup-rhel8.yml (click to expand).
pcfe@t3600 pcfe.net (master) $ ansible-playbook --inventory ../inventories/pcfe.net.ini qnap-ryzen-general-setup.yml 

PLAY [QNAP_Ryzen_boxes] *****************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************
Sunday 19 December 2021  16:33:42 +0100 (0:00:00.037)       0:00:00.037 ******* 
ok: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure group pcfe exists] **************************************************************************
Sunday 19 December 2021  16:33:45 +0100 (0:00:02.259)       0:00:02.297 ******* 
changed: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure we have a 'wheel' group] ********************************************************************
Sunday 19 December 2021  16:33:46 +0100 (0:00:00.977)       0:00:03.274 ******* 
ok: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure user pcfe exists] ***************************************************************************
Sunday 19 December 2021  16:33:46 +0100 (0:00:00.515)       0:00:03.790 ******* 
changed: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure authorized key for pcfe exists] *************************************************************
Sunday 19 December 2021  16:33:47 +0100 (0:00:01.021)       0:00:04.811 ******* 
changed: [ts-473a-01]

TASK [pcfe.user_owner : USER OWNER | ensure authorized key for root exists] *************************************************************
Sunday 19 December 2021  16:33:48 +0100 (0:00:00.814)       0:00:05.626 ******* 
ok: [ts-473a-01]

TASK [pcfe.basic-security-setup : ensure selinux is running with enforcing] *************************************************************
Sunday 19 December 2021  16:33:49 +0100 (0:00:00.635)       0:00:06.262 ******* 
ok: [ts-473a-01]

TASK [pcfe.basic-security-setup : ensure ssh auth is via ssh-key only] ******************************************************************
Sunday 19 December 2021  16:33:50 +0100 (0:00:00.923)       0:00:07.185 ******* 
ok: [ts-473a-01]

TASK [pcfe.housenet : TIMEZONE | ensure timezone is Europe/Berlin] **********************************************************************
Sunday 19 December 2021  16:33:50 +0100 (0:00:00.658)       0:00:07.843 ******* 
ok: [ts-473a-01]

TASK [pcfe.housenet : YUM | ensure repo CentOS-Updates-HouseNet is enabled if on CentOS 7] **********************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.737)       0:00:08.581 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : YUM | ensure updates repo is disabled if on CentOS 7] *************************************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.030)       0:00:08.612 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : YUM | ensure all security updates are applied if on CentOS 7 or later] ********************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.030)       0:00:08.642 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure repo fedora-updates-housenet is available if on Fedora 28 or 29] *************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.031)       0:00:08.673 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure updates repo is disabled if on Fedora 28 or 29] ******************************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.030)       0:00:08.703 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure repo fedora-everything-housenet is enabled if on Fedora 28 or 29] ************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.032)       0:00:08.736 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure fedora repo is disabled if on Fedora 28 or 29] *******************************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.028)       0:00:08.765 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | disable zchunk] *********************************************************************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.029)       0:00:08.794 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | disable delta RPMs] *****************************************************************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.030)       0:00:08.824 ******* 
skipping: [ts-473a-01]

TASK [pcfe.housenet : DNF | ensure all security updates are applied if on Fedora >= 28] *************************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.030)       0:00:08.854 ******* 
skipping: [ts-473a-01]

TASK [pcfe.comfort : COMFORT | ensure packages for comfortable shell use are installed] *************************************************
Sunday 19 December 2021  16:33:51 +0100 (0:00:00.029)       0:00:08.884 ******* 
changed: [ts-473a-01]

TASK [pcfe.comfort : screen for all Fedora, Debian, Enterprise Linux except el8] ********************************************************
Sunday 19 December 2021  16:34:12 +0100 (0:00:20.427)       0:00:29.312 ******* 
skipping: [ts-473a-01]

TASK [pcfe.comfort : COMFORT | on Fedora, also ensure fortune is installed] *************************************************************
Sunday 19 December 2021  16:34:12 +0100 (0:00:00.035)       0:00:29.347 ******* 
skipping: [ts-473a-01]

TASK [pcfe.comfort : BASH | my additions for pcfe .bashrc] ******************************************************************************
Sunday 19 December 2021  16:34:12 +0100 (0:00:00.032)       0:00:29.379 ******* 
changed: [ts-473a-01]

TASK [pcfe.comfort : BASH | my additions for pcfe .bash_profile] ************************************************************************
Sunday 19 December 2021  16:34:12 +0100 (0:00:00.664)       0:00:30.044 ******* 
changed: [ts-473a-01]

TASK [pcfe.comfort : BASH | my additions for root .bashrc] ******************************************************************************
Sunday 19 December 2021  16:34:13 +0100 (0:00:00.523)       0:00:30.568 ******* 
changed: [ts-473a-01]

TASK [pcfe.comfort : BASH | my additions for root .bash_profile] ************************************************************************
Sunday 19 December 2021  16:34:14 +0100 (0:00:00.520)       0:00:31.088 ******* 
changed: [ts-473a-01]

TASK [pcfe.comfort : SCREEN | fixup /etc/screenrc] **************************************************************************************
Sunday 19 December 2021  16:34:14 +0100 (0:00:00.510)       0:00:31.599 ******* 
skipping: [ts-473a-01]

TASK [PACKAGE | tool installation] ******************************************************************************************************
Sunday 19 December 2021  16:34:14 +0100 (0:00:00.033)       0:00:31.632 ******* 
changed: [ts-473a-01]

TASK [set hostname] *********************************************************************************************************************
Sunday 19 December 2021  16:34:36 +0100 (0:00:21.849)       0:00:53.481 ******* 
ok: [ts-473a-01]

TASK [COCKPIT | ensure packages for https://cockpit-project.org/ are installed] *********************************************************
Sunday 19 December 2021  16:34:37 +0100 (0:00:01.189)       0:00:54.671 ******* 
changed: [ts-473a-01]

TASK [COCKPIT | ensure cockpit.socket is started and enabled] ***************************************************************************
Sunday 19 December 2021  16:35:06 +0100 (0:00:28.513)       0:01:23.184 ******* 
changed: [ts-473a-01]

TASK [COCKPIT | ensure firewalld allows service cockpit in zone public] *****************************************************************
Sunday 19 December 2021  16:35:07 +0100 (0:00:01.272)       0:01:24.456 ******* 
ok: [ts-473a-01]

TASK [WATCHDOG | ensure kernel module sp5100_tco has correct options configured] ********************************************************
Sunday 19 December 2021  16:35:08 +0100 (0:00:01.013)       0:01:25.470 ******* 
changed: [ts-473a-01]

TASK [PACKAGE | ensure watchdog package is installed] ***********************************************************************************
Sunday 19 December 2021  16:35:08 +0100 (0:00:00.539)       0:01:26.010 ******* 
changed: [ts-473a-01]

TASK [WATCHDOG | ensure correct watchdog-device is used by watchdog.service] ************************************************************
Sunday 19 December 2021  16:35:19 +0100 (0:00:10.751)       0:01:36.762 ******* 
changed: [ts-473a-01]

TASK [WATCHDOG | ensure timeout is set to 30 seconds for watchdog.service] **************************************************************
Sunday 19 December 2021  16:35:20 +0100 (0:00:00.586)       0:01:37.348 ******* 
changed: [ts-473a-01]

TASK [WATCHDOG | ensure watchdog.service is disabled] ***********************************************************************************
Sunday 19 December 2021  16:35:20 +0100 (0:00:00.585)       0:01:37.934 ******* 
ok: [ts-473a-01]

TASK [SYSTEMD | ensure systemd watchdog is enabled] *************************************************************************************
Sunday 19 December 2021  16:35:21 +0100 (0:00:00.704)       0:01:38.638 ******* 
changed: [ts-473a-01]

TASK [SYSTEMD | ensure systemd shutdown watchdog is enabled] ****************************************************************************
Sunday 19 December 2021  16:35:22 +0100 (0:00:00.550)       0:01:39.189 ******* 
changed: [ts-473a-01]

TASK [PACKAGE | ensure rng-tools package is installed] **********************************************************************************
Sunday 19 December 2021  16:35:22 +0100 (0:00:00.539)       0:01:39.728 ******* 
changed: [ts-473a-01]

TASK [RNGD | ensure rngd.service is enabled and started] ********************************************************************************
Sunday 19 December 2021  16:35:33 +0100 (0:00:11.174)       0:01:50.903 ******* 
changed: [ts-473a-01]

TASK [TUNED | ensure tuned.service is enabled and running] ******************************************************************************
Sunday 19 December 2021  16:35:34 +0100 (0:00:00.757)       0:01:51.660 ******* 
ok: [ts-473a-01]

TASK [TUNED | check which tuned profile is active] **************************************************************************************
Sunday 19 December 2021  16:35:35 +0100 (0:00:00.749)       0:01:52.410 ******* 
ok: [ts-473a-01]

TASK [TUNED | activate tuned profile powersave] *****************************************************************************************
Sunday 19 December 2021  16:35:36 +0100 (0:00:00.898)       0:01:53.308 ******* 
changed: [ts-473a-01]

TASK [PACKAGE | ensure podman is installed] *********************************************************************************************
Sunday 19 December 2021  16:35:40 +0100 (0:00:03.839)       0:01:57.147 ******* 
changed: [ts-473a-01]

TASK [PACKAGE | ensure setroubleshoot for headless server is installed] *****************************************************************
Sunday 19 December 2021  16:37:23 +0100 (0:01:43.326)       0:03:40.474 ******* 
ok: [ts-473a-01]

TASK [MONITORING | ensure packages for monitoring are installed] ************************************************************************
Sunday 19 December 2021  16:37:31 +0100 (0:00:08.464)       0:03:48.939 ******* 
changed: [ts-473a-01]

TASK [MONITORING | ensure firewalld permits 6556 in zone public for check-mk-agent] *****************************************************
Sunday 19 December 2021  16:37:42 +0100 (0:00:10.854)       0:03:59.794 ******* 
changed: [ts-473a-01]

TASK [MONITORING | ensure tarsnap cache is in fileinfo] *********************************************************************************
Sunday 19 December 2021  16:37:43 +0100 (0:00:00.908)       0:04:00.702 ******* 
changed: [ts-473a-01]

TASK [MONITORING | ensure entropy_avail plugin for Check_MK is present] *****************************************************************
Sunday 19 December 2021  16:37:44 +0100 (0:00:01.088)       0:04:01.791 ******* 
changed: [ts-473a-01]

TASK [MONITORING | plugins from running CEE instance] ***********************************************************************************
Sunday 19 December 2021  16:37:46 +0100 (0:00:01.315)       0:04:03.106 ******* 
changed: [ts-473a-01] => (item=smart)
changed: [ts-473a-01] => (item=lvm)

TASK [MONITORING | ensure check_mk.socket is started and enabled] ***********************************************************************
Sunday 19 December 2021  16:37:47 +0100 (0:00:01.478)       0:04:04.585 ******* 
ok: [ts-473a-01]

TASK [GRUB | ensure initrd for RHEL 8.5 kickstart is present] ***************************************************************************
Sunday 19 December 2021  16:37:48 +0100 (0:00:00.760)       0:04:05.346 ******* 
changed: [ts-473a-01]

TASK [GRUB | ensure kernel for RHEL 8.5 kickstart is present] ***************************************************************************
Sunday 19 December 2021  16:37:50 +0100 (0:00:01.878)       0:04:07.225 ******* 
changed: [ts-473a-01]

TASK [GRUB | ensure kickstarting RHEL 8.5 entry is present] *****************************************************************************
Sunday 19 December 2021  16:37:50 +0100 (0:00:00.838)       0:04:08.063 ******* 
changed: [ts-473a-01]

TASK [package | ensure all updates are applied] *****************************************************************************************
Sunday 19 December 2021  16:37:52 +0100 (0:00:01.052)       0:04:09.116 ******* 
changed: [ts-473a-01]

RUNNING HANDLER [grub2-mkconfig | run] **************************************************************************************************
Sunday 19 December 2021  16:40:14 +0100 (0:02:22.799)       0:06:31.915 ******* 
changed: [ts-473a-01]

PLAY RECAP ******************************************************************************************************************************
ts-473a-01                 : ok=44   changed=31   unreachable=0    failed=0    skipped=13   rescued=0    ignored=0   

Sunday 19 December 2021  16:40:20 +0100 (0:00:05.779)       0:06:37.694 ******* 
=============================================================================== 
package | ensure all updates are applied --------------------------------------------------------------------------------------- 142.80s
PACKAGE | ensure podman is installed ------------------------------------------------------------------------------------------- 103.33s
COCKPIT | ensure packages for https://cockpit-project.org/ are installed -------------------------------------------------------- 28.51s
PACKAGE | tool installation ----------------------------------------------------------------------------------------------------- 21.85s
pcfe.comfort : COMFORT | ensure packages for comfortable shell use are installed ------------------------------------------------ 20.43s
PACKAGE | ensure rng-tools package is installed --------------------------------------------------------------------------------- 11.17s
MONITORING | ensure packages for monitoring are installed ----------------------------------------------------------------------- 10.85s
PACKAGE | ensure watchdog package is installed ---------------------------------------------------------------------------------- 10.75s
PACKAGE | ensure setroubleshoot for headless server is installed ----------------------------------------------------------------- 8.46s
grub2-mkconfig | run ------------------------------------------------------------------------------------------------------------- 5.78s
TUNED | activate tuned profile powersave ----------------------------------------------------------------------------------------- 3.84s
Gathering Facts ------------------------------------------------------------------------------------------------------------------ 2.26s
GRUB | ensure initrd for RHEL 8.5 kickstart is present --------------------------------------------------------------------------- 1.88s
MONITORING | plugins from running CEE instance ----------------------------------------------------------------------------------- 1.48s
MONITORING | ensure entropy_avail plugin for Check_MK is present ----------------------------------------------------------------- 1.32s
COCKPIT | ensure cockpit.socket is started and enabled --------------------------------------------------------------------------- 1.27s
set hostname --------------------------------------------------------------------------------------------------------------------- 1.19s
MONITORING | ensure tarsnap cache is in fileinfo --------------------------------------------------------------------------------- 1.09s
GRUB | ensure kickstarting RHEL 8.5 entry is present ----------------------------------------------------------------------------- 1.05s
pcfe.user_owner : USER OWNER | ensure user pcfe exists --------------------------------------------------------------------------- 1.02s