-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use script_server config of ubergeek42
- Loading branch information
Showing
7 changed files
with
239 additions
and
0 deletions.
There are no files selected for viewing
43 changes: 43 additions & 0 deletions
43
provision-contest/ansible/roles/script_server/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
script_server_url: https://github.com/bugy/script-server/releases/download/1.18.0/script-server.zip | ||
script_server_port: 5000 | ||
|
||
script_server_admin_users: &admin_users | ||
# hostnames or ips | ||
- backup | ||
- 127.0.0.1 | ||
|
||
# ansible hostgroups to ignore | ||
script_server_ignored_groups: | ||
- 'all' | ||
- 'ungrouped' | ||
- 'contestants' | ||
- 'contestants_wf46' | ||
- 'contestants_wf47' | ||
|
||
|
||
script_server_commands: | ||
- name: run-lastminute | ||
description: Runs the ansible playbook lastminute.yml | ||
group: ansible # for organization in script-server | ||
allowed_users: | ||
- backup # or 10.3.3.210 (the ansible template will resolve names to IPs) | ||
content: | | ||
#!/usr/bin/bash | ||
echo "hello world $HOSTPATTERN" | ||
parameters: | ||
- name: host_pattern | ||
# pass_as: env_variable # this is default | ||
# env_var: host_pattern # default is same as name | ||
type: list | ||
values: | ||
- all | ||
- backup | ||
- packages | ||
- scoreboard | ||
- cds | ||
|
||
script_server_command_defaults: | ||
output_format: terminal | ||
# scheduling: # Don't allow scheduling, the ui for it is not good... | ||
# enabled: false |
Binary file added
BIN
+3.33 MB
provision-contest/ansible/roles/script_server/files/script-server.zip
Binary file not shown.
5 changes: 5 additions & 0 deletions
5
provision-contest/ansible/roles/script_server/handlers/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
- name: Restart script-server | ||
ansible.builtin.service: | ||
name: script-server | ||
state: restarted |
25 changes: 25 additions & 0 deletions
25
provision-contest/ansible/roles/script_server/lookup_plugins/ip.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
import ansible.utils as utils | ||
import ansible.errors as errors | ||
from ansible.plugins.lookup import LookupBase | ||
import socket | ||
import ipaddress | ||
|
||
class LookupModule(LookupBase): | ||
|
||
def __init__(self, basedir=None, **kwargs): | ||
self.basedir = basedir | ||
|
||
def run(self, terms, variables=None, **kwargs): | ||
hostname = terms[0] | ||
|
||
try: | ||
# If it's a valid ip address already, just return it directly | ||
ipaddress.ip_address(hostname) | ||
return [hostname] | ||
except Exception: | ||
pass | ||
|
||
if not isinstance(hostname, str): | ||
raise errors.AnsibleError("ip lookup expects a string (hostname)") | ||
|
||
return [socket.gethostbyname(hostname)] |
78 changes: 78 additions & 0 deletions
78
provision-contest/ansible/roles/script_server/tasks/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
--- | ||
- name: Install script-server dependencies | ||
ansible.builtin.package: | ||
pkg: "{{ item }}" | ||
state: present | ||
loop: | ||
- python3-tornado | ||
- apache2-utils # for htpasswd auth | ||
|
||
- name: Create directory for script-server to live | ||
ansible.builtin.file: | ||
path: /opt/script-server | ||
mode: "0755" | ||
owner: root | ||
group: root | ||
state: directory | ||
|
||
- name: Download script-server | ||
ansible.builtin.unarchive: | ||
src: "{{ script_server_url }}" | ||
dest: /opt/script-server | ||
remote_src: "{{ true if script_server_url.startswith('http') else false }}" | ||
creates: /opt/script-server/launcher.py | ||
|
||
- name: Configure the server | ||
ansible.builtin.template: | ||
src: conf.json.j2 | ||
dest: /opt/script-server/conf/conf.json | ||
mode: "0644" | ||
|
||
- name: Create systemd service for script-server | ||
ansible.builtin.copy: | ||
mode: "0644" | ||
dest: /etc/systemd/system/script-server.service | ||
content: | | ||
[Unit] | ||
Description=Script Server | ||
After=network.target | ||
StartLimitIntervalSec=0 | ||
[Service] | ||
Type=simple | ||
Restart=always | ||
RestartSec=1 | ||
ExecStart=/usr/bin/python3 /opt/script-server/launcher.py | ||
[Install] | ||
WantedBy=multi-user.target | ||
notify: Restart script-server | ||
|
||
- name: Start + enable script-server | ||
ansible.builtin.service: | ||
name: script-server | ||
state: started | ||
enabled: true | ||
|
||
- name: Ensure required directories exist | ||
ansible.builtin.file: | ||
state: directory | ||
mode: "0755" | ||
path: /opt/script-server/conf/{{ item }} | ||
loop: | ||
- scripts | ||
- runners | ||
|
||
- name: Create scripts | ||
ansible.builtin.copy: | ||
content: "{{ item.content }}" | ||
dest: /opt/script-server/conf/scripts/{{ item.name }} | ||
mode: "0755" | ||
with_items: "{{ script_server_commands }}" | ||
|
||
- name: Create script config definitions | ||
ansible.builtin.template: | ||
src: command_template.yaml.j2 | ||
dest: /opt/script-server/conf/runners/{{ item.name }}.yaml | ||
mode: "0644" | ||
with_items: "{{ script_server_commands }}" |
42 changes: 42 additions & 0 deletions
42
provision-contest/ansible/roles/script_server/templates/command_template.yaml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
--- | ||
{% set _unused_content = item.pop('content') %} | ||
{% set parameters = item.pop('parameters') %} | ||
{% set admin_users = item.pop('admin_users', []) + script_server_admin_users %} | ||
{% set allowed_users = item.pop('allowed_users', []) %} | ||
{# set admin_users = (admin_users if ( admin_users | type_debug == "list" ) else [admin_users]) #} | ||
{# set allowed_users = (allowed_users if ( allowed_users | type_debug == "list" ) else [allowed_users]) #} | ||
{{ | ||
script_server_command_defaults | | ||
combine(item) | | ||
to_nice_yaml | ||
}} | ||
{% if admin_users %} | ||
admin_users: | ||
{% for u in admin_users %} | ||
- {{ lookup('ip', u) }} | ||
{% endfor %} | ||
{% endif %} | ||
{% if allowed_users %} | ||
allowed_users: | ||
{% for u in (allowed_users + admin_users) %} | ||
- {{ lookup('ip', u) }} | ||
{% endfor %} | ||
{% endif %} | ||
|
||
{% if parameters %} | ||
parameters: | ||
{% for param in parameters %} | ||
- name: {{ param.name }} | ||
pass_as: {{ param.pass_as | default('env_variable') }} | ||
{% if param.pass_as|default('env_variable') == 'env_variable' %} | ||
env_var: {{ param.env_var | default(param.name) }} | ||
{% endif %} | ||
{% for k,v in param.items() if k not in ['pass_as','env_var','name'] %} | ||
{{ k}}: {{ v|to_json }} | ||
{% endfor %} | ||
{% endfor %} | ||
{% endif %} | ||
|
||
|
||
# assume default path for the script file | ||
script_path: conf/scripts/{{ item.name }} |
46 changes: 46 additions & 0 deletions
46
provision-contest/ansible/roles/script_server/templates/conf.json.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
{ | ||
"title": "sysops script server", | ||
"port": {{ script_server_port }}, | ||
"access": { | ||
"trusted_ips": [ | ||
{% for group in groups if group not in script_server_ignored_groups %} | ||
{%- for host in groups[group] -%} | ||
"{{ hostvars[host].ansible_host}}", | ||
{% endfor %} | ||
{%- endfor -%} | ||
|
||
{% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1" | ||
], | ||
"allowed_users": [ | ||
{% for group in groups if group not in script_server_ignored_groups %} | ||
{%- for host in groups[group] -%} | ||
"{{ hostvars[host].ansible_host}}", | ||
{% endfor -%} | ||
{%- endfor -%} | ||
"127.0.0.1" | ||
], | ||
"admin_users": [{% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1"], | ||
"groups": { | ||
{% for group in groups if group not in script_server_ignored_groups -%} | ||
"{{group}}": [ | ||
{% for host in groups[group] -%} | ||
"{{ hostvars[host].ansible_host}}" {{ ", " if not loop.last else "" }} | ||
{% endfor -%} | ||
], | ||
{% endfor -%} | ||
"all": [ | ||
{% for group in groups if group not in script_server_ignored_groups -%} | ||
"{{ group }}", | ||
{% endfor -%} | ||
"@admin_users" | ||
] | ||
} | ||
}, | ||
"logging": { | ||
"execution_file": "$DATE-$ID.log", | ||
"execution_date_format": "%y-%m-%d_%H-%M" | ||
}, | ||
"security": { | ||
"xsrf_protection": "token" | ||
} | ||
} |