Ansible/cms
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: aws
All checks were successful
Ansible Playbook lint / ansible-lint (push) Successful in 14s
Details

Browse Source
This commit is contained in:
Yi-Ting Shih
2024-12-20 22:34:05 +08:00
parent c5e237b9ff
commit c014a0b76e
17 changed files with 199 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
group_vars/*/secret.yml group_vars/*/secret.yml
private.pem

7
ansible.cfg
View File

@@ -1,4 +1,9 @@
[defaults] [defaults]
roles_path=./roles/ roles_path=./roles/
inventory=./hosts inventory=./hosts
remote_user=root remote_user=arch
remote_tmp=/tmp/ansible-$USER
[privilege_escalation]
become=True
become_method=sudo

6
hosts
View File

@@ -2,7 +2,9 @@
localhost ansible_connection=local localhost ansible_connection=local
[cms] [cms]
test3.konchin.com aws.konchin.com
#test7.konchin.com
#test3.konchin.com
[all:vars] [all:vars]
ansible_python_interpreter=/usr/bin/python ansible_python_interpreter=/usr/bin/python3

1
playbooks/install.yml
View File

@@ -7,4 +7,5 @@
- role: cms_preparation - role: cms_preparation
- role: setup_database - role: setup_database
- role: configure_cms - role: configure_cms
- role: configure_haproxy
- role: add_helper_scripts - role: add_helper_scripts

14
playbooks/test.yml Normal file
View File

@@ -0,0 +1,14 @@
---
- name: Test
hosts: cms
tasks:
- name: Test
ansible.builtin.file:
path: /poop
check_mode: true
ignore_errors: true
register: poop
- name: Debug
ansible.builtin.debug:
var: poop
when: ! poop.failed

13
roles/cms_preparation/tasks/main.yml
View File

@@ -1,19 +1,24 @@
--- ---
- name: Clone repository - name: Clone CMS repository
ansible.builtin.git: ansible.builtin.git:
repo: 'https://github.com/cms-dev/cms.git' repo: 'https://github.com/cms-dev/cms.git'
dest: /srv/cms dest: /srv/cms
version: b77c87b4d60fbe7df60dc5e03d2be632a25992fe version: b77c87b4d60fbe7df60dc5e03d2be632a25992fe
single_branch: true single_branch: true
track_submodules: true update: false
- name: Clone isolate repository
ansible.builtin.git:
repo: 'https://github.com/ioi/isolate.git'
dest: /srv/cms/isolate
version: v1.8.1
single_branch: true
update: false update: false
- name: Run prerequisites - name: Run prerequisites
ansible.builtin.command: | ansible.builtin.command: |
python prerequisites.py -y --as-root install python prerequisites.py -y --as-root install
args: args:
chdir: /srv/cms chdir: /srv/cms
register: ret creates: /usr/local/etc/cms.conf
changed_when: ret.rc != 0
- name: Modify cmsuser - name: Modify cmsuser
ansible.builtin.user: ansible.builtin.user:
name: cmsuser name: cmsuser

2
roles/configure_haproxy/tasks/main.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Copy haproxy.cfg - name: Copy haproxy.cfg
ansible.builtin.copy: ansible.builtin.template:
src: haproxy.cfg.jinja src: haproxy.cfg.jinja
dest: /etc/haproxy/haproxy.cfg dest: /etc/haproxy/haproxy.cfg
mode: '0600' mode: '0600'

21
roles/configure_haproxy/templates/haproxy.cfg.jinja
View File

@@ -15,7 +15,7 @@ global
userlist creds userlist creds
user {{ username }} insecure-password {{ password }} user {{ username }} insecure-password {{ password }}
frontend secure frontend auth
bind :8080 bind :8080
http-request auth unless { http_auth(creds) } http-request auth unless { http_auth(creds) }
mode http mode http
@@ -26,12 +26,13 @@ frontend secure
maxconn 8000 maxconn 8000
timeout client 30s timeout client 30s
use_backend contest if { hdr(host) -i {{ dns_prefix }}.{{ dns_suffix }} }
use_backend rank if { hdr(host) -i {{ dns_prefix }}-ranking.{{ dns_suffix }} } use_backend rank if { hdr(host) -i {{ dns_prefix }}-ranking.{{ dns_suffix }} }
use_backend admin if { hdr(host) -i {{ dns_prefix }}-admin.{{ dns_suffix }} } use_backend admin if { hdr(host) -i {{ dns_prefix }}-admin.{{ dns_suffix }} }
default_backend contest
frontend main frontend main
bind :80 # bind :80
bind :443 ssl crt /etc/haproxy/cert.pem
mode http mode http
log global log global
option httplog option httplog
@@ -40,9 +41,17 @@ frontend main
maxconn 8000 maxconn 8000
timeout client 30s timeout client 30s
use_backend rank if { hdr(host) -i {{ dns_prefix }}-ranking.{{ dns_suffix }} } use_backend secure if { hdr(host) -i {{ dns_prefix }}.{{ dns_suffix }} }
use_backend admin if { hdr(host) -i {{ dns_prefix }}-admin.{{ dns_suffix }} } use_backend secure if { hdr(host) -i {{ dns_prefix }}-ranking.{{ dns_suffix }} }
default_backend contest use_backend secure if { hdr(host) -i {{ dns_prefix }}-admin.{{ dns_suffix }} }
backend secure
mode http
balance roundrobin
timeout connect 5s
timeout server 30s
timeout queue 30s
server secure1 127.0.0.1:8080 check
backend contest backend contest
mode http mode http

36
roles/install_packages/tasks/archlinux.yml Normal file
View File

@@ -0,0 +1,36 @@
---
- name: Update package cache
community.general.pacman:
update_cache: true
- name: Install cms dependencies
community.general.pacman:
pkg:
- base-devel
- jdk8-openjdk
- fpc
- postgresql
- python
- libcap
- git
notify: Upgrade packages
- name: Install cms optional dependencies
community.general.pacman:
pkg:
- postgresql-libs
- libcups
- libyaml
- python-virtualenv
- python-pip
- rust
notify: Upgrade packages
- name: Install additional packages
community.general.pacman:
pkg:
- pyenv
- haproxy
- python-psycopg2
- unzip
notify: Upgrade packages

38
roles/install_packages/tasks/debian.yml Normal file
View File

@@ -0,0 +1,38 @@
---
- name: Install cms dependencies
ansible.builtin.apt:
pkg:
- build-essential
- openjdk-8-headless
- fp-compiler
- postgresql
- postgresql-client
- python3
- cppreference-doc-en-html
- cgroup-lite
- libcap-dev
- zip
- jdk8-openjdk
- fpc
- postgresql
- python
- libcap
- git
- name: Install cms optional dependencies
ansible.builtin.apt:
pkg:
- postgresql-libs
- libcups
- libyaml
- python-virtualenv
- rust
- name: Install additional packages
ansible.builtin.apt:
pkg:
- pyenv
- haproxy
- python-psycopg2

39
roles/install_packages/tasks/main.yml
View File

@@ -1,34 +1,7 @@
--- ---
- name: Update package cache - name: Install packages on ArchLinux
community.general.pacman: ansible.builtin.import_tasks: archlinux.yml
update_cache: true when: ansible_distribution == 'Archlinux'
- name: Install packages on Debian
- name: Install cms dependencies ansible.builtin.import_tasks: debian.yml
community.general.pacman: when: ansible_distribution == 'Debian'
pkg:
- base-devel
- jdk8-openjdk
- fpc
- postgresql
- python
- libcap
- git
notify: Upgrade packages
- name: Install cms optional dependencies
community.general.pacman:
pkg:
- postgresql-libs
- libcups
- libyaml
- python-virtualenv
- rust
notify: Upgrade packages
- name: Install additional packages
community.general.pacman:
pkg:
- pyenv
- haproxy
- python-psycopg2
notify: Upgrade packages

5
roles/setup_cgroupsv1/handlers/main.yml
View File

@@ -1,3 +1,8 @@
--- ---
- name: GRUB mkconfig
ansible.builtin.command: |
grub-mkconfig -o /boot/grub/grub.cfg
register: ret
changed_when: ret.rc != 0
- name: Reboot - name: Reboot
ansible.builtin.reboot: ansible.builtin.reboot:

12
roles/setup_cgroupsv1/tasks/grub.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Append cgroupsv1 boot option
ansible.builtin.lineinfile:
path: /etc/default/grub
regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT)="(.*)"$'
line: '\1="\2 SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 systemd.unified_cgroup_hierarchy=0"'
backrefs: true
notify:
- GRUB mkconfig
- Reboot
- name: Flush handlers
ansible.builtin.meta: flush_handlers

31
roles/setup_cgroupsv1/tasks/main.yml
View File

@@ -1,13 +1,20 @@
--- ---
- name: Setup boot entry facts - name: Check systemd-boot
ansible.builtin.set_fact: ansible.builtin.file:
bootconf: "{{ setup_cgroupsv1_bootconf | default('/boot/loader/entries/arch.conf') }}" path: /boot/loader
- name: Append cgroupsv1 boot option check_mode: true
ansible.builtin.lineinfile: ignore_errors: true
path: "{{ bootconf }}" register: ret
regexp: '^(options.*rw)' - name: Import systemd-boot
line: '\1 SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 systemd.unified_cgroup_hierarchy=0' ansible.builtin.import_tasks: systemd-boot.yml
backrefs: true when: not ret.failed
notify: Reboot
- name: Flush handlers - name: Check grub
ansible.builtin.meta: flush_handlers ansible.builtin.file:
path: /boot/grub
check_mode: true
ignore_errors: true
register: ret
- name: Import grub
ansible.builtin.import_tasks: grub.yml
when: not ret.failed

13
roles/setup_cgroupsv1/tasks/systemd-boot.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: Setup boot entry facts
ansible.builtin.set_fact:
bootconf: "{{ setup_cgroupsv1_bootconf | default('/boot/loader/entries/arch.conf') }}"
- name: Append cgroupsv1 boot option
ansible.builtin.lineinfile:
path: "{{ bootconf }}"
regexp: '^(options.*rw)'
line: '\1 SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 systemd.unified_cgroup_hierarchy=0'
backrefs: true
notify: Reboot
- name: Flush handlers
ansible.builtin.meta: flush_handlers

9
roles/setup_database/handlers/main.yml Normal file
View File

@@ -0,0 +1,9 @@
- name: CMS init DB
ansible.builtin.shell: |
sudo -iu cmsuser <<EOF
cmsInitDB
EOF
become: true
become_user: cmsuser
register: ret
changed_when: ret.rc != 0

19
roles/setup_database/tasks/main.yml
View File

@@ -1,7 +1,7 @@
--- ---
- name: Init PostgreSQL - name: Init PostgreSQL
ansible.builtin.command: | ansible.builtin.command: |
initdb --locale=C.UTF-8 --encoding=UTF8 -D /var/lib/postgres/data initdb -D /var/lib/postgres/data
args: args:
creates: /var/lib/postgres/data/PG_VERSION creates: /var/lib/postgres/data/PG_VERSION
become: true become: true
@@ -31,12 +31,13 @@
role: cmsuser role: cmsuser
privs: ALL privs: ALL
objs: ALL_IN_SCHEMA objs: ALL_IN_SCHEMA
- name: CMS init DB - name: Check is CMS DB initialized
ansible.builtin.shell: | community.postgresql.postgresql_table:
sudo -iu cmsuser <<EOF db: cmsdb
cmsInitDB table: admins
EOF
become: true become: true
become_user: cmsuser become_user: postgres
register: ret check_mode: true
changed_when: ret.rc != 0 notify: CMS init DB
- name: Flush handlers
ansible.builtin.meta: flush_handlers