From fa1812d5147a4b8db90768681253a88503f71a79 Mon Sep 17 00:00:00 2001 From: Michael Vasseur Date: Sun, 22 Oct 2023 15:18:23 +0200 Subject: [PATCH 1/8] Add expected judgehosts, admin machines and domservers Add intended final to naming, shortened naming for readability --- provision-contest/ansible/hosts.example | 137 ++++++++++++++++++------ 1 file changed, 104 insertions(+), 33 deletions(-) diff --git a/provision-contest/ansible/hosts.example b/provision-contest/ansible/hosts.example index 72409204..dae3032b 100644 --- a/provision-contest/ansible/hosts.example +++ b/provision-contest/ansible/hosts.example @@ -4,43 +4,114 @@ ansible_python_interpreter=/usr/bin/python3 # When moving clients for ad-hoc actions: # move them to their own group to keep hosts files on deployed machines in sync. - -[domserver] -domjudge-primary ansible_host=10.3.3.216 KEEPALIVED_PRIORITY=100 EFI_ORDER='0\,1\,3\,4' -domjudge-backup ansible_host=10.3.3.217 KEEPALIVED_PRIORITY=99 EFI_ORDER='0\,1\,3\,4' +[ad-hoc-group] +# untargetted-domserver ansible_host=10.1.1.1 [domserver:children] -emergency - -[emergency] -domjudge-laptop ansible_host=10.3.3.218 - -[judgehost] -domjudge-judgehost1 ansible_host=10.2.2.192 -domjudge-judgehost2 ansible_host=10.2.2.193 -domjudge-judgehost3 ansible_host=10.2.2.194 -domjudge-judgehost4 ansible_host=10.2.2.195 -domjudge-judgehost5 ansible_host=10.2.2.196 -domjudge-judgehost6 ansible_host=10.2.2.197 -domjudge-judgehost7 ansible_host=10.2.2.198 -domjudge-judgehost8 ansible_host=10.2.2.199 -domjudge-judgehost9 ansible_host=10.2.2.200 -domjudge-judgehost10 ansible_host=10.2.2.201 -domjudge-judgehost11 ansible_host=10.2.2.202 -domjudge-judgehost12 ansible_host=10.2.2.203 -domjudge-judgehost13 ansible_host=10.2.2.204 -domjudge-judgehost14 ansible_host=10.2.2.205 -domjudge-judgehost15 ansible_host=10.2.2.206 -domjudge-judgehost16 ansible_host=10.2.2.207 -domjudge-judgehost17 ansible_host=10.2.2.208 -domjudge-judgehost18 ansible_host=10.2.2.209 +wf46-domserver +wf47-domserver +analyst-domserver +online-domserver + +[wf46-domserver] +domjudge-wf46-primary ansible_host=10.3.3.216 +domjudge-wf46-secondary ansible_host=10.3.3.217 + +[wf46-domserver:children] +wf46-emergency + +[wf46-emergency] +wf46-emerg ansible_host=10.3.3.240 + +[wf47-domserver] +domjudge-wf47-primary ansible_host=10.3.3.219 +domjudge-wf47-secondary ansible_host=10.3.3.220 + +[wf47-domserver:children] +wf47-emergency + +[wf47-emergency] +wf47-emerg ansible_host=10.3.3.241 + +[analyst-domserver] +domjudge-analyst ansible_host=172.29.1.240 + +[online-domserver] +domjudge-aws ansible_host=0.0.0.0 + +[judgehost:children] +wf46-judgehost +wf47-judgehost +analyst-judgehost +online-judgehost + +[wf46-judgehost] +domjudge-judge-wf46-1 ansible_host=10.2.2.192 +domjudge-judge-wf46-2 ansible_host=10.2.2.193 +domjudge-judge-wf46-3 ansible_host=10.2.2.194 +domjudge-judge-wf46-4 ansible_host=10.2.2.195 +domjudge-judge-wf46-5 ansible_host=10.2.2.196 +domjudge-judge-wf46-6 ansible_host=10.2.2.197 +domjudge-judge-wf46-7 ansible_host=10.2.2.198 +domjudge-judge-wf46-8 ansible_host=10.2.2.199 +domjudge-judge-wf46-9 ansible_host=10.2.2.200 +domjudge-judge-wf46-10 ansible_host=10.2.2.201 +domjudge-judge-wf46-11 ansible_host=10.2.2.202 +domjudge-judge-wf46-12 ansible_host=10.2.2.203 +domjudge-judge-wf46-13 ansible_host=10.2.2.204 +domjudge-judge-wf46-14 ansible_host=10.2.2.205 +domjudge-judge-wf46-15 ansible_host=10.2.2.206 +domjudge-judge-wf46-16 ansible_host=10.2.2.207 + +[wf47-judgehost] +domjudge-judge-wf47-17 ansible_host=10.2.2.208 +domjudge-judge-wf47-18 ansible_host=10.2.2.209 +domjudge-judge-wf47-19 ansible_host=10.2.2.210 +domjudge-judge-wf47-20 ansible_host=10.2.2.211 +domjudge-judge-wf47-21 ansible_host=10.2.2.212 +domjudge-judge-wf47-22 ansible_host=10.2.2.213 +domjudge-judge-wf47-23 ansible_host=10.2.2.214 +domjudge-judge-wf47-24 ansible_host=10.2.2.215 +domjudge-judge-wf47-25 ansible_host=10.2.2.216 +domjudge-judge-wf47-26 ansible_host=10.2.2.217 +domjudge-judge-wf47-27 ansible_host=10.2.2.218 +domjudge-judge-wf47-28 ansible_host=10.2.2.219 +domjudge-judge-wf47-29 ansible_host=10.2.2.220 +domjudge-judge-wf47-30 ansible_host=10.2.2.221 +domjudge-judge-wf47-31 ansible_host=10.2.2.222 +domjudge-judge-wf47-32 ansible_host=10.2.2.223 + +[analyst-judgehost] +analyst-judge1 ansible_host=172.29.1.221 +analyst-judge2 ansible_host=172.29.1.222 +analyst-judge3 ansible_host=172.29.1.223 +analyst-judge4 ansible_host=172.29.1.224 +analyst-judge5 ansible_host=172.29.1.225 +analyst-judge6 ansible_host=172.29.1.226 +analyst-judge7 ansible_host=172.29.1.227 +analyst-judge8 ansible_host=172.29.1.228 +analyst-judge9 ansible_host=172.29.1.229 +# These are the reserved ccsadmins in green +#analyst-judge10 ansible_host=172.29.1.216 +#analyst-judge11 ansible_host=172.29.1.217 +#analyst-judge12 ansible_host=172.29.1.218 + +[online-judgehost] +domjudge-aws ansible_host=0.0.0.0 [admin] -domjudge-ccsadmin1 ansible_host=10.3.3.223 -domjudge-ccsadmin2 ansible_host=10.3.3.224 -domjudge-ccsadmin3 ansible_host=10.3.3.225 -domjudge-ccsadmin4 ansible_host=10.3.3.226 -domjudge-ccsadmin5 ansible_host=10.3.3.227 +domjudge-ccsadmin1 ansible_host=10.3.3.224 +domjudge-ccsadmin2 ansible_host=10.3.3.225 +domjudge-ccsadmin3 ansible_host=10.3.3.226 +domjudge-ccsadmin4 ansible_host=10.3.3.227 +domjudge-ccsadmin5 ansible_host=10.3.3.228 +domjudge-ccsadmin6 ansible_host=10.3.3.229 +domjudge-ccsadmin7 ansible_host=10.3.3.230 +domjudge-ccsadmin9 ansible_host=10.3.3.231 +# These are the reserved ccsadmins in green, also in judgehost group +#green-ccsadmin1 ansible_host=172.29.1.216 +#green-cssadmin2 ansible_host=172.29.1.217 +#green-cssadmin3 ansible_host=172.29.1.218 [grafana] # During the WFs we use one of the ccsadmin machines From fed0f6509dfc3f919e154bdcf322b7b9db99fced Mon Sep 17 00:00:00 2001 From: Michael Vasseur Date: Sun, 22 Oct 2023 16:19:44 +0200 Subject: [PATCH 2/8] Symlink all group names used There is not clean way to keep the playbooks the same and keep our generic variables. The structure: wf46 - domserver wf47 - domserver would get all variables from wf47 as that is the last defined hostgroup above domserver, putting the contest below would put all hosts (even judgehosts) in the domserver group. By symlinking we get the least worse solution as we have the variables, but for ansible those all look like new groups. Where possible we use the value from `all`, online is fully copied to make sure we don't pick any value from the onsite branch. Use default values for Luxor --- .../ansible/group_vars/all/all.yml.example | 21 ++-- .../ansible/group_vars/analyst-domserver | 1 + .../ansible/group_vars/analyst-judgehost | 1 + .../ansible/group_vars/analyst/.gitignore | 2 + .../group_vars/analyst/all.yml.example | 12 +++ .../group_vars/analyst/secret.yml.example | 3 + .../ansible/group_vars/online-domserver | 1 + .../ansible/group_vars/online-judgehost | 1 + .../ansible/group_vars/online/.gitignore | 2 + .../ansible/group_vars/online/all.yml.example | 95 +++++++++++++++++++ .../group_vars/online/secret.yml.example | 9 ++ .../ansible/group_vars/wf46-domserver | 1 + .../ansible/group_vars/wf46-judgehost | 1 + .../ansible/group_vars/wf46/.gitignore | 2 + .../ansible/group_vars/wf46/all.yml.example | 4 + .../group_vars/wf46/secret.yml.example | 3 + .../ansible/group_vars/wf47-domserver | 1 + .../ansible/group_vars/wf47-judgehost | 1 + .../ansible/group_vars/wf47/.gitignore | 2 + .../ansible/group_vars/wf47/all.yml.example | 4 + .../group_vars/wf47/secret.yml.example | 3 + 21 files changed, 159 insertions(+), 11 deletions(-) create mode 120000 provision-contest/ansible/group_vars/analyst-domserver create mode 120000 provision-contest/ansible/group_vars/analyst-judgehost create mode 100644 provision-contest/ansible/group_vars/analyst/.gitignore create mode 100644 provision-contest/ansible/group_vars/analyst/all.yml.example create mode 100644 provision-contest/ansible/group_vars/analyst/secret.yml.example create mode 120000 provision-contest/ansible/group_vars/online-domserver create mode 120000 provision-contest/ansible/group_vars/online-judgehost create mode 100644 provision-contest/ansible/group_vars/online/.gitignore create mode 100644 provision-contest/ansible/group_vars/online/all.yml.example create mode 100644 provision-contest/ansible/group_vars/online/secret.yml.example create mode 120000 provision-contest/ansible/group_vars/wf46-domserver create mode 120000 provision-contest/ansible/group_vars/wf46-judgehost create mode 100644 provision-contest/ansible/group_vars/wf46/.gitignore create mode 100644 provision-contest/ansible/group_vars/wf46/all.yml.example create mode 100644 provision-contest/ansible/group_vars/wf46/secret.yml.example create mode 120000 provision-contest/ansible/group_vars/wf47-domserver create mode 120000 provision-contest/ansible/group_vars/wf47-judgehost create mode 100644 provision-contest/ansible/group_vars/wf47/.gitignore create mode 100644 provision-contest/ansible/group_vars/wf47/all.yml.example create mode 100644 provision-contest/ansible/group_vars/wf47/secret.yml.example diff --git a/provision-contest/ansible/group_vars/all/all.yml.example b/provision-contest/ansible/group_vars/all/all.yml.example index 2649424c..2b706b70 100644 --- a/provision-contest/ansible/group_vars/all/all.yml.example +++ b/provision-contest/ansible/group_vars/all/all.yml.example @@ -2,7 +2,7 @@ DJ_DIR: /opt/domjudge # Branch to checkout and use. -DJ_BRANCH: main +DJ_BRANCH: wfluxor # Whether to force-pull changes to the checkout, overwriting any local changes. DJ_FORCE_UPDATE: true @@ -16,16 +16,15 @@ LOCAL_GIT_IP: "{{SERVER_IP_PREFIX}}.207" # URL and IP of domserver from judgehosts. A hostname 'domserver' with # DOMSERVER_IP will be added to the judgehost /etc/hosts file. DOMSERVER: https://domjudge -DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.215" -DOMSERVER_URL: "{{DOMSERVER}}" +DOMSERVER_URL: "{{ DOMSERVER }}" DOMSERVER_SSL_CERT: /etc/ssl/certs/domserver.crt DOMSERVER_SSL_KEY: /etc/ssl/private/domserver.key # Set this to true when you are using the ICPC World Finals Contest Image -ICPC_IMAGE: false +ICPC_IMAGE: true # Set this to true when you are using a graphical desktop -GRAPHICAL: false +GRAPHICAL: true # Set this to true when you use an (ICPC) AWS machine AWS: true @@ -33,7 +32,7 @@ AWS: true # Set this when on the blue network at the World Finals where no # internet access is available and "packages" must be used as APT repo # server. -WF_RESTRICTED_NETWORK: false +WF_RESTRICTED_NETWORK: true WF_GREEN: false # Static IP address configuration. Uses the ansible_host variable as the static @@ -65,17 +64,17 @@ PHP_POST_MAX_SIZE: 256M PHP_MAX_FILE_UPLOADS: 101 # Git repo URL -DJ_GIT_HOST: "{{LOCAL_GIT_IP}}" +DJ_GIT_HOST: "{{ LOCAL_GIT_IP }}" DJ_GIT_REPO: "https://github.com/domjudge/domjudge.git" -DJ_GIT_REPO_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge" +DJ_GIT_REPO_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge" DJ_GIT_REPO_SCRIPTS: "https://github.com/domjudge/domjudge-scripts.git" -DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{DJ_GIT_HOST}}:domjudge-scripts-bare" -CONTEST_REPO: "wf2021" +DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge-scripts-bare" +CONTEST_REPO: "wfluxor" PHPSTORM_VERSION: 2022.2 PHPSTORM_FULL_VERSION: 222.4345.15 -GRAFANA_MONITORING: false +GRAFANA_MONITORING: true # Hostname of the CDS. If set, will add an nginx in front of the CDS # If not set, will only expose CDS directly diff --git a/provision-contest/ansible/group_vars/analyst-domserver b/provision-contest/ansible/group_vars/analyst-domserver new file mode 120000 index 00000000..d8d431bc --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst-domserver @@ -0,0 +1 @@ +analyst \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/analyst-judgehost b/provision-contest/ansible/group_vars/analyst-judgehost new file mode 120000 index 00000000..d8d431bc --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst-judgehost @@ -0,0 +1 @@ +analyst \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/analyst/.gitignore b/provision-contest/ansible/group_vars/analyst/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/analyst/all.yml.example b/provision-contest/ansible/group_vars/analyst/all.yml.example new file mode 100644 index 00000000..194aa8e8 --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst/all.yml.example @@ -0,0 +1,12 @@ +# Server VLAN IP prefix. +SERVER_IP_PREFIX: 172.29.1 + +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domjudge +DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.240" + +# Set this when on the blue network at the World Finals where no +# internet access is available and "packages" must be used as APT repo +# server. +WF_GREEN: true diff --git a/provision-contest/ansible/group_vars/analyst/secret.yml.example b/provision-contest/ansible/group_vars/analyst/secret.yml.example new file mode 100644 index 00000000..f4f288ac --- /dev/null +++ b/provision-contest/ansible/group_vars/analyst/secret.yml.example @@ -0,0 +1,3 @@ +DB_PASSWORD: {some-strong-database-password-analyst} +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-analyst} +ADMIN_PASSWORD: {some-admin-password-analyst} diff --git a/provision-contest/ansible/group_vars/online-domserver b/provision-contest/ansible/group_vars/online-domserver new file mode 120000 index 00000000..5f2de0e9 --- /dev/null +++ b/provision-contest/ansible/group_vars/online-domserver @@ -0,0 +1 @@ +online \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/online-judgehost b/provision-contest/ansible/group_vars/online-judgehost new file mode 120000 index 00000000..5f2de0e9 --- /dev/null +++ b/provision-contest/ansible/group_vars/online-judgehost @@ -0,0 +1 @@ +online \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/online/.gitignore b/provision-contest/ansible/group_vars/online/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/online/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/online/all.yml.example b/provision-contest/ansible/group_vars/online/all.yml.example new file mode 100644 index 00000000..d81346ee --- /dev/null +++ b/provision-contest/ansible/group_vars/online/all.yml.example @@ -0,0 +1,95 @@ +# Directory of the domjudge repository checkout. +DJ_DIR: /opt/domjudge + +# Branch to checkout and use. +DJ_BRANCH: wfonline + +# Whether to force-pull changes to the checkout, overwriting any local changes. +DJ_FORCE_UPDATE: true + +# Server VLAN IP prefix. +SERVER_IP_PREFIX: 10.3.3 + +# IP address of the git server. +LOCAL_GIT_IP: "{{SERVER_IP_PREFIX}}.207" + +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domjudge +DOMSERVER_URL: "{{ DOMSERVER }}" +DOMSERVER_SSL_CERT: /etc/ssl/certs/domserver.crt +DOMSERVER_SSL_KEY: /etc/ssl/private/domserver.key + +# Set this to true when you are using the ICPC World Finals Contest Image +ICPC_IMAGE: false + +# Set this to true when you are using a graphical desktop +GRAPHICAL: false + +# Set this when on the blue network at the World Finals where no +# internet access is available and "packages" must be used as APT repo +# server. +WF_RESTRICTED_NETWORK: false +WF_GREEN: false + +# Static IP address configuration. Uses the ansible_host variable as the static +# IP address. Only configured if STATIC_IP_ENABLED is true. +STATIC_IP_ENABLED: false +STATIC_IP_NETMASK: 255.255.252.0 +STATIC_IP_GATEWAY: 172.29.0.1 +STATIC_IP_INTERFACE: enp1s0 + +# Additional entries for the /etc/hosts file. +HOSTS: + cds: 10.3.3.207 + packages: 10.3.3.209 + ntp1: 10.3.3.208 + ntp2: 10.3.3.209 + nisprint: 10.3.3.211 + nismaster: 10.3.3.211 + printsrv: 10.3.3.211 + domjudge-laptop: 10.3.3.200 + pc2: 10.3.3.241 + +TIMEZONE: "Asia/Dhaka" + +PHP_FPM_MAX_CHILDREN: 400 +PHP_FPM_MAX_REQUESTS: 500 +PHP_MEMORY_LIMIT: 1024M +PHP_UPLOAD_MAX_FILESIZE: 256M +PHP_POST_MAX_SIZE: 256M +PHP_MAX_FILE_UPLOADS: 101 + +# Git repo URL +DJ_GIT_HOST: "{{ LOCAL_GIT_IP }}" +DJ_GIT_REPO: "https://github.com/domjudge/domjudge.git" +DJ_GIT_REPO_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge" +DJ_GIT_REPO_SCRIPTS: "https://github.com/domjudge/domjudge-scripts.git" +DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge-scripts-bare" +CONTEST_REPO: "wfluxor" + +PHPSTORM_VERSION: 2022.2 +PHPSTORM_FULL_VERSION: 222.4345.15 + +GRAFANA_MONITORING: true + +# Hostname of the CDS. If set, will add an nginx in front of the CDS +# If not set, will only expose CDS directly +CDS_HOSTNAME: cds +CDS_PORT: 80 +CDS_PORT_SECURE: 443 + +# CDS SSL cert and key. Only needed when CDS_HOSTNAME is set +CDS_SSL_CERT: /etc/ssl/certs/cds.crt +CDS_SSL_KEY: /etc/ssl/private/cds.key + +# Hostname of the static scoreboard +STATIC_SCOREBOARD_HOSTNAME: scoreboard + +STATIC_SCOREBOARD_SSL_CERT: /etc/ssl/certs/scoreboard.crt +STATIC_SCOREBOARD_SSL_KEY: /etc/ssl/private/scoreboard.key + +# Block access to the CDS for IPs other than these +#CDS_IP_FILTER: +# - 127.0.0.1-127.0.0.1 +# - 192.168.0.0-192.168.255.255 diff --git a/provision-contest/ansible/group_vars/online/secret.yml.example b/provision-contest/ansible/group_vars/online/secret.yml.example new file mode 100644 index 00000000..9ff95a06 --- /dev/null +++ b/provision-contest/ansible/group_vars/online/secret.yml.example @@ -0,0 +1,9 @@ +DB_PASSWORD: {some-strong-database-password-online} + +# Credentials for the judgehost. +JUDGEHOST_USER: judgehost +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-online} + +# Username and password to be used in .netrc files on admin machines +ADMIN_USER: admin +ADMIN_PASSWORD: {some-admin-password-online} diff --git a/provision-contest/ansible/group_vars/wf46-domserver b/provision-contest/ansible/group_vars/wf46-domserver new file mode 120000 index 00000000..f4c9917d --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46-domserver @@ -0,0 +1 @@ +wf46 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf46-judgehost b/provision-contest/ansible/group_vars/wf46-judgehost new file mode 120000 index 00000000..f4c9917d --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46-judgehost @@ -0,0 +1 @@ +wf46 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf46/.gitignore b/provision-contest/ansible/group_vars/wf46/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/wf46/all.yml.example b/provision-contest/ansible/group_vars/wf46/all.yml.example new file mode 100644 index 00000000..9392945b --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46/all.yml.example @@ -0,0 +1,4 @@ +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domserver-wf46 +DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.215" diff --git a/provision-contest/ansible/group_vars/wf46/secret.yml.example b/provision-contest/ansible/group_vars/wf46/secret.yml.example new file mode 100644 index 00000000..10d7c121 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf46/secret.yml.example @@ -0,0 +1,3 @@ +REPLICATION_PASSWORD: {some-strong-replication-password-wf46} +DB_PASSWORD: {some-strong-database-password-wf46} +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-wf46} diff --git a/provision-contest/ansible/group_vars/wf47-domserver b/provision-contest/ansible/group_vars/wf47-domserver new file mode 120000 index 00000000..93589e28 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47-domserver @@ -0,0 +1 @@ +wf47 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf47-judgehost b/provision-contest/ansible/group_vars/wf47-judgehost new file mode 120000 index 00000000..93589e28 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47-judgehost @@ -0,0 +1 @@ +wf47 \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/wf47/.gitignore b/provision-contest/ansible/group_vars/wf47/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/wf47/all.yml.example b/provision-contest/ansible/group_vars/wf47/all.yml.example new file mode 100644 index 00000000..1d9881d8 --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47/all.yml.example @@ -0,0 +1,4 @@ +# URL and IP of domserver from judgehosts. A hostname 'domserver' with +# DOMSERVER_IP will be added to the judgehost /etc/hosts file. +DOMSERVER: https://domjudge-wf47 +DOMSERVER_IP: "{{SERVER_IP_PREFIX}}.218" diff --git a/provision-contest/ansible/group_vars/wf47/secret.yml.example b/provision-contest/ansible/group_vars/wf47/secret.yml.example new file mode 100644 index 00000000..edbd62de --- /dev/null +++ b/provision-contest/ansible/group_vars/wf47/secret.yml.example @@ -0,0 +1,3 @@ +REPLICATION_PASSWORD: {some-strong-replication-password-wf47} +DB_PASSWORD: {some-strong-database-password-wf47} +JUDGEHOST_PASSWORD: {some-strong-judgehost-password-wf47} From 384bba9a11000fcee56b21d3ba6ae44b6ab6e839 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sun, 7 Apr 2024 14:39:12 +0200 Subject: [PATCH 3/8] Set timezone to Cairo --- provision-contest/ansible/group_vars/all/all.yml.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provision-contest/ansible/group_vars/all/all.yml.example b/provision-contest/ansible/group_vars/all/all.yml.example index 2b706b70..15e24547 100644 --- a/provision-contest/ansible/group_vars/all/all.yml.example +++ b/provision-contest/ansible/group_vars/all/all.yml.example @@ -54,7 +54,7 @@ HOSTS: domjudge-laptop: 10.3.3.200 pc2: 10.3.3.241 -TIMEZONE: "Europe/Amsterdam" +TIMEZONE: "Africa/Cairo" PHP_FPM_MAX_CHILDREN: 400 PHP_FPM_MAX_REQUESTS: 500 From 49078ffb9b661e258462de1dc1761fc87ff1e968 Mon Sep 17 00:00:00 2001 From: Nicky Gerritsen Date: Sun, 7 Apr 2024 14:39:31 +0200 Subject: [PATCH 4/8] Update PHPStorm version. --- provision-contest/ansible/group_vars/all/all.yml.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/provision-contest/ansible/group_vars/all/all.yml.example b/provision-contest/ansible/group_vars/all/all.yml.example index 15e24547..257b7395 100644 --- a/provision-contest/ansible/group_vars/all/all.yml.example +++ b/provision-contest/ansible/group_vars/all/all.yml.example @@ -71,8 +71,8 @@ DJ_GIT_REPO_SCRIPTS: "https://github.com/domjudge/domjudge-scripts.git" DJ_GIT_REPO_SCRIPTS_RESTRICTED: "domjudge@{{ DJ_GIT_HOST }}:domjudge-scripts-bare" CONTEST_REPO: "wfluxor" -PHPSTORM_VERSION: 2022.2 -PHPSTORM_FULL_VERSION: 222.4345.15 +PHPSTORM_VERSION: 2024.1 +PHPSTORM_FULL_VERSION: 241.14494.237 GRAFANA_MONITORING: true From f1f3c8ed4891132eca760bf25038beabdecb24da Mon Sep 17 00:00:00 2001 From: Michael Vasseur Date: Sun, 17 Mar 2024 21:39:53 +0100 Subject: [PATCH 5/8] Use same admin password at analyst instance We import our admin accounts in the analyst instance, using another password only makes this more difficult. --- provision-contest/ansible/group_vars/analyst/secret.yml.example | 1 - 1 file changed, 1 deletion(-) diff --git a/provision-contest/ansible/group_vars/analyst/secret.yml.example b/provision-contest/ansible/group_vars/analyst/secret.yml.example index f4f288ac..b8f66a37 100644 --- a/provision-contest/ansible/group_vars/analyst/secret.yml.example +++ b/provision-contest/ansible/group_vars/analyst/secret.yml.example @@ -1,3 +1,2 @@ DB_PASSWORD: {some-strong-database-password-analyst} JUDGEHOST_PASSWORD: {some-strong-judgehost-password-analyst} -ADMIN_PASSWORD: {some-admin-password-analyst} From 32f899b1495e3cf2938de2d8c818a25ecc66fced Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Tue, 9 Apr 2024 17:25:55 +0200 Subject: [PATCH 6/8] Remove unneeded variables The replication password is set lower in the wf46/wf47 as besides the risk for leaking the database we would also setup replication on the analyst instance. The ICPC-tools variables are not relevant here as we at this point don't setup the CDS. --- .../ansible/group_vars/all/secret.yml.example | 47 ------------------- 1 file changed, 47 deletions(-) diff --git a/provision-contest/ansible/group_vars/all/secret.yml.example b/provision-contest/ansible/group_vars/all/secret.yml.example index 8e86e0ef..3144c239 100644 --- a/provision-contest/ansible/group_vars/all/secret.yml.example +++ b/provision-contest/ansible/group_vars/all/secret.yml.example @@ -4,10 +4,6 @@ # Adding `strong` in the template will create longer passwords and is used for the # passwords which almost never need to be manually typed. -# Password for the MySQL replication user. -# Set this to enable master-master replication between two domservers. -#REPLICATION_PASSWORD: {some-strong-replication-password} - # Database user password. DB_PASSWORD: {some-strong-database-password} @@ -24,48 +20,5 @@ ADMIN_PASSWORD: {some-admin-password} # created on the domserver and judgehosts. #DJ_SHELL_USER_PW: {some-hashed-password} -# Accounts to create when setting up the CDS -CDS_ACCOUNTS: - - username: admin - password: {some-adm1n-password} - type: admin - - username: presAdmin - password: {some-presentation-adm1n-password} - type: admin - - username: presentation - password: {some-public-presentation-password} - type: public - #- username: blue - # password: blu3 - # type: staff - #- username: balloon - # password: balloonPr1nter - # type: balloon - #- username: public - # password: publ1c - # type: public - #- username: myicpc - # password: my1cpc - # type: spectator - #- username: live - # password: l1ve - # type: analyst - #- username: team1 - # password: t3am - # type: team - # team_id: 1 - -# Contest(s) to configure in the CDS -CDS_CONTESTS: - - path: nwerc18 # Path in the contest directory - ccs: - id: nwerc18 # ID of the contest if hosted at DOMJUDGE_URL - # Or provide a absolute URL - # url: https://www.domjudge.org/demoweb/api/contests/nwerc18 - username: admin - password: admin - -PRESCLIENT_CONTEST: nwerc18 - # Sentry DSN URL # SENTRY_DSN: From 2f46727456b78a80f780f567500299614c673672 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Mon, 8 Apr 2024 22:02:04 +0200 Subject: [PATCH 7/8] Don't install texlive on judgehosts We only need those on the domservers (& admin machines). --- provision-contest/ansible/roles/base_packages/defaults/main.yml | 2 -- provision-contest/ansible/roles/domserver/defaults/main.yml | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/provision-contest/ansible/roles/base_packages/defaults/main.yml b/provision-contest/ansible/roles/base_packages/defaults/main.yml index 44cbcb05..bdcc7aff 100644 --- a/provision-contest/ansible/roles/base_packages/defaults/main.yml +++ b/provision-contest/ansible/roles/base_packages/defaults/main.yml @@ -36,8 +36,6 @@ INSTALLED_PACKAGES: - libjsoncpp-dev - libmagic-dev - debootstrap - - texlive-latex-recommended - - texlive-latex-extra - apache2-utils - tig - bat diff --git a/provision-contest/ansible/roles/domserver/defaults/main.yml b/provision-contest/ansible/roles/domserver/defaults/main.yml index 7092337a..e2a3a2cf 100644 --- a/provision-contest/ansible/roles/domserver/defaults/main.yml +++ b/provision-contest/ansible/roles/domserver/defaults/main.yml @@ -2,3 +2,5 @@ DOMSERVER_PACKAGES: - nginx - php-fpm - php-intl + - texlive-latex-recommended + - texlive-latex-extra From 3b5eddeceec71cf52f29b95c4803357a760c3f89 Mon Sep 17 00:00:00 2001 From: Michael Vasseur <14887731+vmcj@users.noreply.github.com> Date: Tue, 9 Apr 2024 20:26:21 +0200 Subject: [PATCH 8/8] ICPC image uses different repo name --- provision-contest/ansible/roles/base_packages/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provision-contest/ansible/roles/base_packages/tasks/main.yml b/provision-contest/ansible/roles/base_packages/tasks/main.yml index 9be1abe8..54fafc3c 100644 --- a/provision-contest/ansible/roles/base_packages/tasks/main.yml +++ b/provision-contest/ansible/roles/base_packages/tasks/main.yml @@ -12,7 +12,7 @@ - sources.list - sources.list.d/mono.list - sources.list.d/vscode.list - - sources.list.d/pypy-ubuntu-ppa-buster.list + - sources.list.d/pypy-ubuntu-ppa-jammy.list notify: Run apt update - name: Add packages to hosts file