From ab66b6d1b239ddb9f44c9c9dd5873ce66053decd Mon Sep 17 00:00:00 2001
From: Nicky Gerritsen <nickygerritsen@me.com>
Date: Sun, 7 Apr 2024 14:56:23 +0200
Subject: [PATCH 1/7] Use the ansible variable to write all cluster SSH
 clusters.

(cherry picked from commit dde3be4dfc0347c4b448d87fa670bb2f39932fb0)
---
 .../ansible/roles/clusterssh/tasks/main.yml   | 36 ++-----------------
 .../roles/clusterssh/templates/clusters.j2    |  5 +++
 2 files changed, 8 insertions(+), 33 deletions(-)
 create mode 100644 provision-contest/ansible/roles/clusterssh/templates/clusters.j2

diff --git a/provision-contest/ansible/roles/clusterssh/tasks/main.yml b/provision-contest/ansible/roles/clusterssh/tasks/main.yml
index fc30b99c..180432be 100644
--- a/provision-contest/ansible/roles/clusterssh/tasks/main.yml
+++ b/provision-contest/ansible/roles/clusterssh/tasks/main.yml
@@ -7,40 +7,10 @@
     pkg:
       - clusterssh
 
-- name: Create clusterssh 'all' config group
+- name: Create clusterssh clusters file
   become: true
   become_user: domjudge
-  lineinfile:
+  template:
+    src: clusters.j2
     dest: /home/domjudge/.clusterssh/clusters
-    regexp: '^all'
-    line: "all {{ groups['all'] | join(' ') }}"
-    create: true
-    mode: 0644
-
-- name: Create clusterssh config groups
-  become: true
-  become_user: domjudge
-  lineinfile:
-    dest: /home/domjudge/.clusterssh/clusters
-    regexp: '^{{ item }}s'
-    line: "{{ item }}s {{ groups[item] | join(' ') }}"
-    create: true
-    mode: 0644
-  loop:
-    - domserver
-    - emergency
-    - judgehost
-    - admin
-    - cds
-    - grafana
-    - scoreboard
-    - mgmt
-
-- name: Create clusterssh config groups
-  become: true
-  become_user: domjudge
-  lineinfile:
-    dest: /home/domjudge/.clusterssh/clusters
-    regexp: '^all-domservers'
-    line: "all-domservers {{ (groups['domserver'] + groups['emergency']) | join(' ') }}"
     mode: 0644
diff --git a/provision-contest/ansible/roles/clusterssh/templates/clusters.j2 b/provision-contest/ansible/roles/clusterssh/templates/clusters.j2
new file mode 100644
index 00000000..0dfcf597
--- /dev/null
+++ b/provision-contest/ansible/roles/clusterssh/templates/clusters.j2
@@ -0,0 +1,5 @@
+{% for group in groups %}
+{% if groups[group] %}
+{{ group | replace('emergency', 'emergencie') }}{% if group != 'all' %}s{% endif %} {{ groups[group] | join(' ') }}
+{% endif %}
+{% endfor %}

From 8dc0220bee6444d4553a244e6b893f542955cb54 Mon Sep 17 00:00:00 2001
From: Nicky Gerritsen <nickygerritsen@me.com>
Date: Sun, 7 Apr 2024 14:41:12 +0200
Subject: [PATCH 2/7] Only write DOMSERVER_IP to hosts file when present.

It is not present on admin machines.

(cherry picked from commit fdf3c4202ddd2db13cc49e0570d88d69a7eea1ef)
---
 provision-contest/ansible/roles/hosts/templates/hosts.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/provision-contest/ansible/roles/hosts/templates/hosts.j2 b/provision-contest/ansible/roles/hosts/templates/hosts.j2
index abedc3f8..d1218d9e 100644
--- a/provision-contest/ansible/roles/hosts/templates/hosts.j2
+++ b/provision-contest/ansible/roles/hosts/templates/hosts.j2
@@ -8,7 +8,9 @@ ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 
+{% if DOMSERVER_IP is defined %}
 {{ DOMSERVER_IP }}             domjudge domserver
+{% endif %}
 {% for item in groups['all'] %}
 {% if hostvars[item].ansible_host is defined %}
 {{ hostvars[item].ansible_host }}              {{ item }}

From 5734d87feca7732209e264680dc81f1002cb06e9 Mon Sep 17 00:00:00 2001
From: Nicky Gerritsen <nickygerritsen@me.com>
Date: Sun, 7 Apr 2024 14:39:59 +0200
Subject: [PATCH 3/7] Fix typo.

(cherry picked from commit 110ecc530a7bf940c529cba1abec9aa8d3c80dfb)
---
 provision-contest/ansible/domserver.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/provision-contest/ansible/domserver.yml b/provision-contest/ansible/domserver.yml
index 3c1ff1fb..d7116f73 100644
--- a/provision-contest/ansible/domserver.yml
+++ b/provision-contest/ansible/domserver.yml
@@ -83,7 +83,7 @@
         use_ssh_args: true
       notify: Clear application cache
 
-    - name: Grant www-data permisions to image folders
+    - name: Grant www-data permissions to image folders
       acl:
         path: "{{ DJ_DIR }}/webapp/public/images/{{ item }}"
         entity: www-data

From e45be6fd80e44790645b9889e57b8a51303fbea0 Mon Sep 17 00:00:00 2001
From: Nicky Gerritsen <nickygerritsen@me.com>
Date: Sun, 7 Apr 2024 14:39:51 +0200
Subject: [PATCH 4/7] Fix permissions for webserver user on admin machines.

(cherry picked from commit 339e6bb3fa1df5224166d3a2fd7c1179f8e2646d)
---
 provision-contest/ansible/admin.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/provision-contest/ansible/admin.yml b/provision-contest/ansible/admin.yml
index 4e43a4ad..c45cfaa2 100644
--- a/provision-contest/ansible/admin.yml
+++ b/provision-contest/ansible/admin.yml
@@ -142,3 +142,11 @@
         recurse: true
         owner: domjudge
         group: domjudge
+
+    - name: Grant www-data permissions to user homedir (needed for web browser)
+      acl:
+        path: "/home/domjudge"
+        entity: www-data
+        etype: user
+        permissions: rwx
+        state: present

From 7b42bbce1569136a481c41859bfcd5efda586144 Mon Sep 17 00:00:00 2001
From: Michael Vasseur <michael.vasseur@vu.nl>
Date: Sun, 17 Mar 2024 21:29:40 +0100
Subject: [PATCH 5/7] Replication fails in the ICPC image

Because we have more interfaces we need to specify which network
interface we want to use.

(cherry picked from commit 63fac4044ec7370bf6abf4397990c4836cad7fd9)
---
 .../ansible/roles/keepalived/templates/keepalived.conf.j2 | 2 +-
 .../ansible/roles/mysql_replication/tasks/main.yml        | 8 ++++++++
 .../mysql_replication/templates/mysql.replication.cnf.j2  | 2 +-
 .../mysql_replication/templates/setup-replication.sh.j2   | 4 ++--
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2 b/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
index 8f4f5456..9d3a77d5 100644
--- a/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
+++ b/provision-contest/ansible/roles/keepalived/templates/keepalived.conf.j2
@@ -1,6 +1,6 @@
 vrrp_instance lb_ipv4 {
 	state MASTER
-	interface {{ ansible_facts['default_ipv4']['interface'] }}
+	interface {{ KEEPALIVED_INTERFACE|default(ansible_facts['default_ipv4']['interface']) }}
 	use_vmac
 	virtual_router_id 32
 	priority {{KEEPALIVED_PRIORITY}}
diff --git a/provision-contest/ansible/roles/mysql_replication/tasks/main.yml b/provision-contest/ansible/roles/mysql_replication/tasks/main.yml
index d820927f..0f873b66 100644
--- a/provision-contest/ansible/roles/mysql_replication/tasks/main.yml
+++ b/provision-contest/ansible/roles/mysql_replication/tasks/main.yml
@@ -13,6 +13,14 @@
     regexp: '^bind-address\s*='
     replace: '#bind-address ='
 
+- name: Set the replication interface variable
+  set_fact:
+    replication_interface: "{{ REPLICATION_INTERFACE|default(ansible_default_ipv4.interface) }}"
+
+- name: Set the variable for the IP address of the replication interface
+  set_fact:
+    replication_interface_ip_address: "{{ vars['ansible_' + replication_interface]['ipv4']['address'] }}"
+
 - name: Add mysql config snippet for replication
   template:
     src: mysql.replication.cnf.j2
diff --git a/provision-contest/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2 b/provision-contest/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2
index 12ca2520..93f58de0 100644
--- a/provision-contest/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2
+++ b/provision-contest/ansible/roles/mysql_replication/templates/mysql.replication.cnf.j2
@@ -8,4 +8,4 @@ log-bin = /var/log/mysql/mysql-bin.log
 binlog_do_db = domjudge
 
 # Host specific replication configuration
-server_id = {{ ansible_default_ipv4.address | ipaddr('int') }}
+server_id = {{ replication_interface_ip_address | ipaddr('int') }}
diff --git a/provision-contest/ansible/roles/mysql_replication/templates/setup-replication.sh.j2 b/provision-contest/ansible/roles/mysql_replication/templates/setup-replication.sh.j2
index 0d32c5f9..d791d3f0 100755
--- a/provision-contest/ansible/roles/mysql_replication/templates/setup-replication.sh.j2
+++ b/provision-contest/ansible/roles/mysql_replication/templates/setup-replication.sh.j2
@@ -181,7 +181,7 @@ service mysql start
 
 echo "Starting replication locally..."
 mysql -e "
-CHANGE MASTER TO MASTER_HOST='{{ SERVER_IP_PREFIX }}.${PRIMARY_SERVER_ID}',
+CHANGE MASTER TO MASTER_HOST='${PRIMARY}',
                  MASTER_USER='replication',
                  MASTER_PASSWORD='{{ REPLICATION_PASSWORD }}',
                  MASTER_LOG_FILE='${PRIMARY_BINLOG}',
@@ -217,7 +217,7 @@ OUR_LOGPOS=$(get_field 'Position' "$OUR_STATUS")
 if [ "$SETUP_MASTER_MASTER" -eq 1 ]; then
     echo "Starting replication on $PRIMARY..."
     ssh "$PRIMARY" "mysql -e '
-    CHANGE MASTER TO MASTER_HOST=\"{{ SERVER_IP_PREFIX }}.${OUR_SERVER_ID}\",
+    CHANGE MASTER TO MASTER_HOST=\"{{ replication_interface_ip_address }}\",
                     MASTER_USER=\"replication\",
                     MASTER_PASSWORD=\"{{ REPLICATION_PASSWORD }}\",
                     MASTER_LOG_FILE=\"${OUR_BINLOG}\",

From 9704e0d55d20786c8ab81007a720caeb86d1a684 Mon Sep 17 00:00:00 2001
From: Michael Vasseur <michael.vasseur@vu.nl>
Date: Sun, 17 Mar 2024 21:19:14 +0100
Subject: [PATCH 6/7] CDS in ICPC image needs the JAVA_HOME

(cherry picked from commit 258b3f2f331ef0c35eda87b8ae377172fef2c3ab)
---
 provision-contest/ansible/roles/cds/files/cds.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/provision-contest/ansible/roles/cds/files/cds.service b/provision-contest/ansible/roles/cds/files/cds.service
index a1e6e7b4..a1b24a1e 100644
--- a/provision-contest/ansible/roles/cds/files/cds.service
+++ b/provision-contest/ansible/roles/cds/files/cds.service
@@ -4,6 +4,7 @@ Description=CDS
 User=domjudge
 Restart=always
 ExecStart=/home/domjudge/cds/wlp/bin/server run cds
+Environment=JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
 TimeoutStopSec=20s
 [Install]
 WantedBy=multi-user.target

From d930f24c1ce8b59f013bb21da2ed24d9f2a10bc6 Mon Sep 17 00:00:00 2001
From: Michael Vasseur <14887731+vmcj@users.noreply.github.com>
Date: Sun, 7 Apr 2024 21:50:29 +0200
Subject: [PATCH 7/7] We use this ansible very often in the Netherlands

Both Mart, Nicky & Michael have multiple contests where those books are
used.
---
 provision-contest/ansible/group_vars/all/all.yml.example | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/provision-contest/ansible/group_vars/all/all.yml.example b/provision-contest/ansible/group_vars/all/all.yml.example
index afe0903d..2649424c 100644
--- a/provision-contest/ansible/group_vars/all/all.yml.example
+++ b/provision-contest/ansible/group_vars/all/all.yml.example
@@ -55,7 +55,7 @@ HOSTS:
     domjudge-laptop: 10.3.3.200
     pc2:             10.3.3.241
 
-TIMEZONE: "Asia/Dhaka"
+TIMEZONE: "Europe/Amsterdam"
 
 PHP_FPM_MAX_CHILDREN: 400
 PHP_FPM_MAX_REQUESTS: 500