Skip to content

Commit

Permalink
Use script_server config of ubergeek42
Browse files Browse the repository at this point in the history
  • Loading branch information
vmcj committed Sep 12, 2024
1 parent e1733ce commit 34ddb46
Show file tree
Hide file tree
Showing 7 changed files with 239 additions and 0 deletions.
43 changes: 43 additions & 0 deletions provision-contest/ansible/roles/script_server/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---
script_server_url: https://github.com/bugy/script-server/releases/download/1.18.0/script-server.zip
script_server_port: 5000

script_server_admin_users: &admin_users
# hostnames or ips
- backup
- 127.0.0.1

# ansible hostgroups to ignore
script_server_ignored_groups:
- 'all'
- 'ungrouped'
- 'contestants'
- 'contestants_wf46'
- 'contestants_wf47'


script_server_commands:
- name: run-lastminute
description: Runs the ansible playbook lastminute.yml
group: ansible # for organization in script-server
allowed_users:
- backup # or 10.3.3.210 (the ansible template will resolve names to IPs)
content: |
#!/usr/bin/bash
echo "hello world $HOSTPATTERN"
parameters:
- name: host_pattern
# pass_as: env_variable # this is default
# env_var: host_pattern # default is same as name
type: list
values:
- all
- backup
- packages
- scoreboard
- cds

script_server_command_defaults:
output_format: terminal
# scheduling: # Don't allow scheduling, the ui for it is not good...
# enabled: false
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
- name: Restart script-server
ansible.builtin.service:
name: script-server
state: restarted
25 changes: 25 additions & 0 deletions provision-contest/ansible/roles/script_server/lookup_plugins/ip.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
import ansible.utils as utils
import ansible.errors as errors
from ansible.plugins.lookup import LookupBase
import socket
import ipaddress

class LookupModule(LookupBase):

def __init__(self, basedir=None, **kwargs):
self.basedir = basedir

def run(self, terms, variables=None, **kwargs):
hostname = terms[0]

try:
# If it's a valid ip address already, just return it directly
ipaddress.ip_address(hostname)
return [hostname]
except Exception:
pass

if not isinstance(hostname, str):
raise errors.AnsibleError("ip lookup expects a string (hostname)")

return [socket.gethostbyname(hostname)]
78 changes: 78 additions & 0 deletions provision-contest/ansible/roles/script_server/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
---
- name: Install script-server dependencies
ansible.builtin.package:
pkg: "{{ item }}"
state: present
loop:
- python3-tornado
- apache2-utils # for htpasswd auth

- name: Create directory for script-server to live
ansible.builtin.file:
path: /opt/script-server
mode: "0755"
owner: root
group: root
state: directory

- name: Download script-server
ansible.builtin.unarchive:
src: "{{ script_server_url }}"
dest: /opt/script-server
remote_src: "{{ true if script_server_url.startswith('http') else false }}"
creates: /opt/script-server/launcher.py

- name: Configure the server
ansible.builtin.template:
src: conf.json.j2
dest: /opt/script-server/conf/conf.json
mode: "0644"

- name: Create systemd service for script-server
ansible.builtin.copy:
mode: "0644"
dest: /etc/systemd/system/script-server.service
content: |
[Unit]
Description=Script Server
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
ExecStart=/usr/bin/python3 /opt/script-server/launcher.py
[Install]
WantedBy=multi-user.target
notify: Restart script-server

- name: Start + enable script-server
ansible.builtin.service:
name: script-server
state: started
enabled: true

- name: Ensure required directories exist
ansible.builtin.file:
state: directory
mode: "0755"
path: /opt/script-server/conf/{{ item }}
loop:
- scripts
- runners

- name: Create scripts
ansible.builtin.copy:
content: "{{ item.content }}"
dest: /opt/script-server/conf/scripts/{{ item.name }}
mode: "0755"
with_items: "{{ script_server_commands }}"

- name: Create script config definitions
ansible.builtin.template:
src: command_template.yaml.j2
dest: /opt/script-server/conf/runners/{{ item.name }}.yaml
mode: "0644"
with_items: "{{ script_server_commands }}"
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
{% set _unused_content = item.pop('content') %}
{% set parameters = item.pop('parameters') %}
{% set admin_users = item.pop('admin_users', []) + script_server_admin_users %}
{% set allowed_users = item.pop('allowed_users', []) %}
{# set admin_users = (admin_users if ( admin_users | type_debug == "list" ) else [admin_users]) #}
{# set allowed_users = (allowed_users if ( allowed_users | type_debug == "list" ) else [allowed_users]) #}
{{
script_server_command_defaults |
combine(item) |
to_nice_yaml
}}
{% if admin_users %}
admin_users:
{% for u in admin_users %}
- {{ lookup('ip', u) }}
{% endfor %}
{% endif %}
{% if allowed_users %}
allowed_users:
{% for u in (allowed_users + admin_users) %}
- {{ lookup('ip', u) }}
{% endfor %}
{% endif %}

{% if parameters %}
parameters:
{% for param in parameters %}
- name: {{ param.name }}
pass_as: {{ param.pass_as | default('env_variable') }}
{% if param.pass_as|default('env_variable') == 'env_variable' %}
env_var: {{ param.env_var | default(param.name) }}
{% endif %}
{% for k,v in param.items() if k not in ['pass_as','env_var','name'] %}
{{ k}}: {{ v|to_json }}
{% endfor %}
{% endfor %}
{% endif %}


# assume default path for the script file
script_path: conf/scripts/{{ item.name }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{
"title": "sysops script server",
"port": {{ script_server_port }},
"access": {
"trusted_ips": [
{% for group in groups if group not in script_server_ignored_groups %}
{%- for host in groups[group] -%}
"{{ hostvars[host].ansible_host}}",
{% endfor %}
{%- endfor -%}

{% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1"
],
"allowed_users": [
{% for group in groups if group not in script_server_ignored_groups %}
{%- for host in groups[group] -%}
"{{ hostvars[host].ansible_host}}",
{% endfor -%}
{%- endfor -%}
"127.0.0.1"
],
"admin_users": [{% for u in script_server_admin_users %}"{{ lookup('ip', u)}}", {% endfor %}"127.0.0.1"],
"groups": {
{% for group in groups if group not in script_server_ignored_groups -%}
"{{group}}": [
{% for host in groups[group] -%}
"{{ hostvars[host].ansible_host}}" {{ ", " if not loop.last else "" }}
{% endfor -%}
],
{% endfor -%}
"all": [
{% for group in groups if group not in script_server_ignored_groups -%}
"{{ group }}",
{% endfor -%}
"@admin_users"
]
}
},
"logging": {
"execution_file": "$DATE-$ID.log",
"execution_date_format": "%y-%m-%d_%H-%M"
},
"security": {
"xsrf_protection": "token"
}
}

0 comments on commit 34ddb46

Please sign in to comment.