From 7f74f1d93c0633a9e7d73564901e19c5ead44d2d Mon Sep 17 00:00:00 2001 From: Michael Vasseur Date: Sun, 22 Oct 2023 16:19:44 +0200 Subject: [PATCH] Symlink all group names used There is not clean way to keep the playbooks the same and keep our generic variables. The structure: wf46 - domserver wf47 - domserver would get all variables from wf47 as that is the last defined hostgroup above domserver, putting the contest below would put all hosts (even judgehosts) in the domserver group. By symlinking we get the least worse solution as we have the variables, but for ansible those all look like new groups. Where possible we use the value from `all`, online is fully copied to make sure we don't pick any value from the onsite branch. Use default values for Luxor --- .../ansible/group_vars/all/all.yml.example | 21 ++-- .../ansible/group_vars/analyst-domserver | 1 + .../ansible/group_vars/analyst-judgehost | 1 + .../ansible/group_vars/analyst/.gitignore | 2 + .../group_vars/analyst/all.yml.example | 12 +++ .../group_vars/analyst/secret.yml.example | 3 + .../ansible/group_vars/online-domserver | 1 + .../ansible/group_vars/online-judgehost | 1 + .../ansible/group_vars/online/.gitignore | 2 + .../ansible/group_vars/online/all.yml.example | 95 +++++++++++++++++++ .../group_vars/online/secret.yml.example | 9 ++ .../ansible/group_vars/wf46-domserver | 1 + .../ansible/group_vars/wf46-judgehost | 1 + .../ansible/group_vars/wf46/.gitignore | 2 + .../ansible/group_vars/wf46/all.yml.example | 4 + .../group_vars/wf46/secret.yml.example | 3 + .../ansible/group_vars/wf47-domserver | 1 + .../ansible/group_vars/wf47-judgehost | 1 + .../ansible/group_vars/wf47/.gitignore | 2 + .../ansible/group_vars/wf47/all.yml.example | 4 + .../group_vars/wf47/secret.yml.example | 3 + 21 files changed, 159 insertions(+), 11 deletions(-) create mode 120000 provision-contest/ansible/group_vars/analyst-domserver create mode 120000 provision-contest/ansible/group_vars/analyst-judgehost create mode 100644 provision-contest/ansible/group_vars/analyst/.gitignore create mode 100644 provision-contest/ansible/group_vars/analyst/all.yml.example create mode 100644 provision-contest/ansible/group_vars/analyst/secret.yml.example create mode 120000 provision-contest/ansible/group_vars/online-domserver create mode 120000 provision-contest/ansible/group_vars/online-judgehost create mode 100644 provision-contest/ansible/group_vars/online/.gitignore create mode 100644 provision-contest/ansible/group_vars/online/all.yml.example create mode 100644 provision-contest/ansible/group_vars/online/secret.yml.example create mode 120000 provision-contest/ansible/group_vars/wf46-domserver create mode 120000 provision-contest/ansible/group_vars/wf46-judgehost create mode 100644 provision-contest/ansible/group_vars/wf46/.gitignore create mode 100644 provision-contest/ansible/group_vars/wf46/all.yml.example create mode 100644 provision-contest/ansible/group_vars/wf46/secret.yml.example create mode 120000 provision-contest/ansible/group_vars/wf47-domserver create mode 120000 provision-contest/ansible/group_vars/wf47-judgehost create mode 100644 provision-contest/ansible/group_vars/wf47/.gitignore create mode 100644 provision-contest/ansible/group_vars/wf47/all.yml.example create mode 100644 provision-contest/ansible/group_vars/wf47/secret.yml.example diff --git a/provision-contest/ansible/group_vars/all/all.yml.example b/provision-contest/ansible/group_vars/all/all.yml.example index b2e08b3d..dc12e2ef 100644 --- a/provision-contest/ansible/group_vars/all/all.yml.example +++ b/provision-contest/ansible/group_vars/all/all.yml.example @@ -2,7 +2,7 @@ DJ_DIR: /opt/domjudge # Branch to checkout and use. -DJ_BRANCH: main +DJ_BRANCH: wfluxor # Whether to force-pull changes to the checkout, overwriting any local changes. DJ_FORCE_UPDATE: true @@ -16,21 +16,20 @@ LOCAL_GIT_IP: "{{SERVER_IP_PREFIX}}.207" # URL and IP of domserver from judgehosts. A hostname 'domserver' with # DOMSERVER_IP will be added to the judgehost /etc/hosts file. DOMSERVER: https://domjudge -DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.215" -DOMSERVER_URL: "{{DOMSERVER}}" +DOMSERVER_URL: "{{ DOMSERVER }}" DOMSERVER_SSL_CERT: /etc/ssl/certs/domserver.crt DOMSERVER_SSL_KEY: /etc/ssl/private/domserver.key # Set this to true when you are using the ICPC World Finals Contest Image -ICPC_IMAGE: false +ICPC_IMAGE: true # Set this to true when you are using a graphical desktop -GRAPHICAL: false +GRAPHICAL: true # Set this when on the blue network at the World Finals where no # internet access is available and "packages" must be used as APT repo # server. -WF_RESTRICTED_NETWORK: false +WF_RESTRICTED_NETWORK: true WF_GREEN: false # Static IP address configuration. Uses the ansible_host variable as the static @@ -62,17 +61,17 @@ PHP_POST_MAX_SIZE: 256M PHP_MAX_FILE_UPLOADS: 101 # Git repo URL -DJ_GIT_HOST: "{{LOCAL_GIT_IP}}" +DJ_GIT_HOST: "{{ LOCAL_GIT_IP }}" DJ_GIT_REPO: "https://github.com/domjudge/domjudge.git" -DJ_GIT_REPO_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge" +DJ_GIT_REPO_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge" DJ_GIT_REPO_SCRIPTS: "https://github.com/domjudge/domjudge-scripts.git" -DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge-scripts-bare" -CONTEST_REPO: "wf2021" +DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge-scripts-bare" +CONTEST_REPO: "wfluxor" PHPSTORM_VERSION: 2022.2 PHPSTORM_FULL_VERSION: 222.4345.15 -GRAFANA_MONITORING: false +GRAFANA_MONITORING: true # Hostname of the CDS. If set, will add an nginx in front of the CDS # If not set, will only expose CDS directly diff --git a/provision-contest/ansible/group_vars/analyst-domserver b/provision-contest/ansible/group_vars/analyst-domserver new file mode 120000 index 00000000..d8d431bc --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst-domserver @@ -0,0 +1 @@ +analyst \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/analyst-judgehost b/provision-contest/ansible/group_vars/analyst-judgehost new file mode 120000 index 00000000..d8d431bc --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst-judgehost @@ -0,0 +1 @@ +analyst \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/analyst/.gitignore b/provision-contest/ansible/group_vars/analyst/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/analyst/all.yml.example b/provision-contest/ansible/group_vars/analyst/all.yml.example new file mode 100644 index 00000000..194aa8e8 --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst/all.yml.example @@ -0,0 +1,12 @@ +# Server VLAN IP prefix. +SERVER_IP_PREFIX: 172.29.1 + +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domjudge +DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.240" + +# Set this when on the blue network at the World Finals where no +# internet access is available and "packages" must be used as APT repo +# server. +WF_GREEN: true diff --git a/provision-contest/ansible/group_vars/analyst/secret.yml.example b/provision-contest/ansible/group_vars/analyst/secret.yml.example new file mode 100644 index 00000000..f4f288ac --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst/secret.yml.example @@ -0,0 +1,3 @@ +DB_PASSWORD: {some-strong-database-password-analyst} +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-analyst} +ADMIN_PASSWORD: {some-admin-password-analyst} diff --git a/provision-contest/ansible/group_vars/online-domserver b/provision-contest/ansible/group_vars/online-domserver new file mode 120000 index 00000000..5f2de0e9 --- /dev/null +++ b/provision-contest/ansible/group_vars/online-domserver @@ -0,0 +1 @@ +online \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/online-judgehost b/provision-contest/ansible/group_vars/online-judgehost new file mode 120000 index 00000000..5f2de0e9 --- /dev/null +++ b/provision-contest/ansible/group_vars/online-judgehost @@ -0,0 +1 @@ +online \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/online/.gitignore b/provision-contest/ansible/group_vars/online/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/online/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/online/all.yml.example b/provision-contest/ansible/group_vars/online/all.yml.example new file mode 100644 index 00000000..d81346ee --- /dev/null +++ b/provision-contest/ansible/group_vars/online/all.yml.example @@ -0,0 +1,95 @@ +# Directory of the domjudge repository checkout. +DJ_DIR: /opt/domjudge + +# Branch to checkout and use. +DJ_BRANCH: wfonline + +# Whether to force-pull changes to the checkout, overwriting any local changes. +DJ_FORCE_UPDATE: true + +# Server VLAN IP prefix. +SERVER_IP_PREFIX: 10.3.3 + +# IP address of the git server. +LOCAL_GIT_IP: "{{SERVER_IP_PREFIX}}.207" + +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domjudge +DOMSERVER_URL: "{{ DOMSERVER }}" +DOMSERVER_SSL_CERT: /etc/ssl/certs/domserver.crt +DOMSERVER_SSL_KEY: /etc/ssl/private/domserver.key + +# Set this to true when you are using the ICPC World Finals Contest Image +ICPC_IMAGE: false + +# Set this to true when you are using a graphical desktop +GRAPHICAL: false + +# Set this when on the blue network at the World Finals where no +# internet access is available and "packages" must be used as APT repo +# server. +WF_RESTRICTED_NETWORK: false +WF_GREEN: false + +# Static IP address configuration. Uses the ansible_host variable as the static +# IP address. Only configured if STATIC_IP_ENABLED is true. +STATIC_IP_ENABLED: false +STATIC_IP_NETMASK: 255.255.252.0 +STATIC_IP_GATEWAY: 172.29.0.1 +STATIC_IP_INTERFACE: enp1s0 + +# Additional entries for the /etc/hosts file. +HOSTS: + cds: 10.3.3.207 + packages: 10.3.3.209 + ntp1: 10.3.3.208 + ntp2: 10.3.3.209 + nisprint: 10.3.3.211 + nismaster: 10.3.3.211 + printsrv: 10.3.3.211 + domjudge-laptop: 10.3.3.200 + pc2: 10.3.3.241 + +TIMEZONE: "Asia/Dhaka" + +PHP_FPM_MAX_CHILDREN: 400 +PHP_FPM_MAX_REQUESTS: 500 +PHP_MEMORY_LIMIT: 1024M +PHP_UPLOAD_MAX_FILESIZE: 256M +PHP_POST_MAX_SIZE: 256M +PHP_MAX_FILE_UPLOADS: 101 + +# Git repo URL +DJ_GIT_HOST: "{{ LOCAL_GIT_IP }}" +DJ_GIT_REPO: "https://github.com/domjudge/domjudge.git" +DJ_GIT_REPO_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge" +DJ_GIT_REPO_SCRIPTS: "https://github.com/domjudge/domjudge-scripts.git" +DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge-scripts-bare" +CONTEST_REPO: "wfluxor" + +PHPSTORM_VERSION: 2022.2 +PHPSTORM_FULL_VERSION: 222.4345.15 + +GRAFANA_MONITORING: true + +# Hostname of the CDS. If set, will add an nginx in front of the CDS +# If not set, will only expose CDS directly +CDS_HOSTNAME: cds +CDS_PORT: 80 +CDS_PORT_SECURE: 443 + +# CDS SSL cert and key. Only needed when CDS_HOSTNAME is set +CDS_SSL_CERT: /etc/ssl/certs/cds.crt +CDS_SSL_KEY: /etc/ssl/private/cds.key + +# Hostname of the static scoreboard +STATIC_SCOREBOARD_HOSTNAME: scoreboard + +STATIC_SCOREBOARD_SSL_CERT: /etc/ssl/certs/scoreboard.crt +STATIC_SCOREBOARD_SSL_KEY: /etc/ssl/private/scoreboard.key + +# Block access to the CDS for IPs other than these +#CDS_IP_FILTER: +# - 127.0.0.1-127.0.0.1 +# - 192.168.0.0-192.168.255.255 diff --git a/provision-contest/ansible/group_vars/online/secret.yml.example b/provision-contest/ansible/group_vars/online/secret.yml.example new file mode 100644 index 00000000..9ff95a06 --- /dev/null +++ b/provision-contest/ansible/group_vars/online/secret.yml.example @@ -0,0 +1,9 @@ +DB_PASSWORD: {some-strong-database-password-online} + +# Credentials for the judgehost. +JUDGEHOST_USER: judgehost +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-online} + +# Username and password to be used in .netrc files on admin machines +ADMIN_USER: admin +ADMIN_PASSWORD: {some-admin-password-online} diff --git a/provision-contest/ansible/group_vars/wf46-domserver b/provision-contest/ansible/group_vars/wf46-domserver new file mode 120000 index 00000000..f4c9917d --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46-domserver @@ -0,0 +1 @@ +wf46 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf46-judgehost b/provision-contest/ansible/group_vars/wf46-judgehost new file mode 120000 index 00000000..f4c9917d --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46-judgehost @@ -0,0 +1 @@ +wf46 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf46/.gitignore b/provision-contest/ansible/group_vars/wf46/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/wf46/all.yml.example b/provision-contest/ansible/group_vars/wf46/all.yml.example new file mode 100644 index 00000000..9392945b --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46/all.yml.example @@ -0,0 +1,4 @@ +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domserver-wf46 +DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.215" diff --git a/provision-contest/ansible/group_vars/wf46/secret.yml.example b/provision-contest/ansible/group_vars/wf46/secret.yml.example new file mode 100644 index 00000000..10d7c121 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46/secret.yml.example @@ -0,0 +1,3 @@ +REPLICATION_PASSWORD: {some-strong-replication-password-wf46} +DB_PASSWORD: {some-strong-database-password-wf46} +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-wf46} diff --git a/provision-contest/ansible/group_vars/wf47-domserver b/provision-contest/ansible/group_vars/wf47-domserver new file mode 120000 index 00000000..93589e28 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47-domserver @@ -0,0 +1 @@ +wf47 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf47-judgehost b/provision-contest/ansible/group_vars/wf47-judgehost new file mode 120000 index 00000000..93589e28 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47-judgehost @@ -0,0 +1 @@ +wf47 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf47/.gitignore b/provision-contest/ansible/group_vars/wf47/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/wf47/all.yml.example b/provision-contest/ansible/group_vars/wf47/all.yml.example new file mode 100644 index 00000000..1d9881d8 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47/all.yml.example @@ -0,0 +1,4 @@ +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domjudge-wf47 +DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.218" diff --git a/provision-contest/ansible/group_vars/wf47/secret.yml.example b/provision-contest/ansible/group_vars/wf47/secret.yml.example new file mode 100644 index 00000000..edbd62de --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47/secret.yml.example @@ -0,0 +1,3 @@ +REPLICATION_PASSWORD: {some-strong-replication-password-wf47} +DB_PASSWORD: {some-strong-database-password-wf47} +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-wf47}