From 21a5b1b4f6756d09c7efac3eadf09f3401463f29 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 18:11:00 +0800 Subject: [PATCH 01/16] Feat(domserver): docker compose testing --- ansible.cfg | 4 ++ group_vars/domserver/main.yml | 4 ++ hosts | 13 +++++++ .../files/config/mysql/domjudge.conf | 4 ++ .../files/config/php/domjudge.conf | 5 +++ roles/configure_domserver/handlers/main.yml | 6 +++ roles/configure_domserver/tasks/main.yml | 38 +++++++++++++++++++ .../templates/docker-compose.yml.jinja | 28 ++++++++++++++ roles/configure_judgehost/tasks/main.yml | 9 +++++ roles/install_packages/handlers/main.yml | 4 ++ roles/install_packages/tasks/main.yml | 9 +++++ 11 files changed, 124 insertions(+) create mode 100644 ansible.cfg create mode 100644 group_vars/domserver/main.yml create mode 100644 hosts create mode 100644 roles/configure_domserver/files/config/mysql/domjudge.conf create mode 100644 roles/configure_domserver/files/config/php/domjudge.conf create mode 100644 roles/configure_domserver/handlers/main.yml create mode 100644 roles/configure_domserver/tasks/main.yml create mode 100644 roles/configure_domserver/templates/docker-compose.yml.jinja create mode 100644 roles/configure_judgehost/tasks/main.yml create mode 100644 roles/install_packages/handlers/main.yml create mode 100644 roles/install_packages/tasks/main.yml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..98ff67c --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +roles_path=./roles/ +inventory=./hosts +remote_user=root diff --git a/group_vars/domserver/main.yml b/group_vars/domserver/main.yml new file mode 100644 index 0000000..bd6c46d --- /dev/null +++ b/group_vars/domserver/main.yml @@ -0,0 +1,4 @@ +--- +domjudge_base_dir: /opt/domjudge/midterm +mariadb_version: 11.7.2 +domserver_version: 8.3.1 diff --git a/hosts b/hosts new file mode 100644 index 0000000..b7e6d42 --- /dev/null +++ b/hosts @@ -0,0 +1,13 @@ +[control] +localhost ansible_connection=local + +[domserver] +10.4.2.226 +# 140.113.168.160 + +[judgehost] +10.4.2.227 +10.4.2.228 + +[all:vars] +ansible_python_interpreter=/usr/bin/python diff --git a/roles/configure_domserver/files/config/mysql/domjudge.conf b/roles/configure_domserver/files/config/mysql/domjudge.conf new file mode 100644 index 0000000..49cea30 --- /dev/null +++ b/roles/configure_domserver/files/config/mysql/domjudge.conf @@ -0,0 +1,4 @@ +[mariadb] +max_connections = 1000 +innodb_log_file_size = 4096MB +max_allowed_packet = 4096MB diff --git a/roles/configure_domserver/files/config/php/domjudge.conf b/roles/configure_domserver/files/config/php/domjudge.conf new file mode 100644 index 0000000..1ecc664 --- /dev/null +++ b/roles/configure_domserver/files/config/php/domjudge.conf @@ -0,0 +1,5 @@ +; Set these three to be at least the size of your largest testcase and +; largest expected program output. +php_admin_value[memory_limit] = 4096M +php_admin_value[upload_max_filesize] = 4096M +php_admin_value[post_max_size] = 4096M diff --git a/roles/configure_domserver/handlers/main.yml b/roles/configure_domserver/handlers/main.yml new file mode 100644 index 0000000..6555493 --- /dev/null +++ b/roles/configure_domserver/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart domjudge docker compose + community.docker.docker_compose_v2: + project_src: "{{ domjudge_base_dir }}" + state: restarted + remove_orphans: true diff --git a/roles/configure_domserver/tasks/main.yml b/roles/configure_domserver/tasks/main.yml new file mode 100644 index 0000000..eb763da --- /dev/null +++ b/roles/configure_domserver/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Install domjudge directory + ansible.builtin.file: + path: "{{ domjudge_base_dir }}" + state: directory + mode: '0755' + owner: root + group: root +- name: Install domjudge docker compose + notify: + - Restart domjudge docker compose + block: + - name: Install docker-compose.yml + ansible.builtin.template: + src: docker-compose.yml.jinja + dest: "{{ domjudge_base_dir }}/docker-compose.yml" + mode: '0644' + owner: root + group: root + - name: Install mysql config + ansible.builtin.copy: + src: config/mysql + dest: "{{ domjudge_base_dir }}/config/mysql" + mode: '0755' + owner: root + group: root + - name: Install domserver php config + ansible.builtin.copy: + src: config/php + dest: "{{ domjudge_base_dir }}/config/php" + mode: '0755' + owner: root + group: root +- name: Enable and start docker + ansible.builtin.systemd_service: + name: docker.service + state: started + enabled: true diff --git a/roles/configure_domserver/templates/docker-compose.yml.jinja b/roles/configure_domserver/templates/docker-compose.yml.jinja new file mode 100644 index 0000000..d892302 --- /dev/null +++ b/roles/configure_domserver/templates/docker-compose.yml.jinja @@ -0,0 +1,28 @@ +services: + mariadb: + image: mariadb:{{ mariadb_version }} + environment: + MYSQL_USER: domjudge + MYSQL_DATABASE: domjudge + MYSQL_PASSWORD: "{{ mysql_password }}" + MYSQL_ROOT_PASSWORD: "{{ mysql_root_password }}" + restart: always + volumes: + - "./data/mariadb:/var/lib/mysql" + - "./config/mysql:/etc/mysql/conf.d:ro" + domserver: + build: + context: . + dockerfile_inline: | + FROM domjudge/domserver:{{ domserver_version }} + COPY ./config/php/domjudge.conf /etc/php/8.2/fpm/pool.d/domjudge.conf + environment: + MYSQL_HOST: mariadb + MYSQL_USER: domjudge + MYSQL_DATABASE: domjudge + MYSQL_PASSWORD: "{{ mysql_password }}" + MYSQL_ROOT_PASSWORD: "{{ mysql_root_password }}" + CONTAINER_TIMEZONE: Asia/Taipei + restart: always + ports: + - "8080:80" diff --git a/roles/configure_judgehost/tasks/main.yml b/roles/configure_judgehost/tasks/main.yml new file mode 100644 index 0000000..98475e0 --- /dev/null +++ b/roles/configure_judgehost/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Add boot parameters + ansible.builtin.lineinfile: + path: /boot/loader/entries/arch.conf + line: >- + options + cgroup_enable=memory + swapaccount=1 + systemd.unified_cgroup_hierarchy=0 diff --git a/roles/install_packages/handlers/main.yml b/roles/install_packages/handlers/main.yml new file mode 100644 index 0000000..92f57c5 --- /dev/null +++ b/roles/install_packages/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Upgrade packages + community.general.pacman: + upgrade: true diff --git a/roles/install_packages/tasks/main.yml b/roles/install_packages/tasks/main.yml new file mode 100644 index 0000000..20e1355 --- /dev/null +++ b/roles/install_packages/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Update package cache + community.general.pacman: + update_cache: true +- name: Install docker + community.general.pacman: + pkg: + - docker + notify: Upgrade packages From 81c23bc1035035b3899e0919a9feb398c0c230d6 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 19:05:13 +0800 Subject: [PATCH 02/16] Fix(domserver): php being php --- .gitignore | 1 + playbooks/domserver.yml | 6 ++++ playbooks/uninstall.yml | 8 +++++ .../files/config/php/domjudge.conf | 30 +++++++++++++++++++ roles/configure_domserver/tasks/main.yml | 17 +++++++---- .../templates/docker-compose.yml.jinja | 12 ++++---- roles/install_packages/tasks/main.yml | 4 +++ 7 files changed, 66 insertions(+), 12 deletions(-) create mode 100644 .gitignore create mode 100644 playbooks/domserver.yml create mode 100644 playbooks/uninstall.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c3d2f84 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +group_vars/*/secret.yml diff --git a/playbooks/domserver.yml b/playbooks/domserver.yml new file mode 100644 index 0000000..3a1ce04 --- /dev/null +++ b/playbooks/domserver.yml @@ -0,0 +1,6 @@ +--- +- name: Install domserver + hosts: domserver + roles: + - role: install_packages + - role: configure_domserver diff --git a/playbooks/uninstall.yml b/playbooks/uninstall.yml new file mode 100644 index 0000000..9a16bd6 --- /dev/null +++ b/playbooks/uninstall.yml @@ -0,0 +1,8 @@ +--- +- name: Uninstall domserver + hosts: domserver + tasks: + - name: Remove docker directory + ansible.builtin.file: + path: "{{ domjudge_base_dir }}" + state: absent diff --git a/roles/configure_domserver/files/config/php/domjudge.conf b/roles/configure_domserver/files/config/php/domjudge.conf index 1ecc664..e202397 100644 --- a/roles/configure_domserver/files/config/php/domjudge.conf +++ b/roles/configure_domserver/files/config/php/domjudge.conf @@ -1,5 +1,35 @@ +; Generated from 'domjudge-fpm.conf.in' on Sat Mar 15 17:12:25 UTC 2025. + +; PHP-FPM configuration for DOMjudge + +[domjudge] +user = www-data +group = www-data + +listen = /var/run/php-fpm-domjudge.sock +listen.owner = www-data +listen.group = www-data +listen.mode = 0660 + +pm = static +pm.max_children = 40 +pm.max_requests = 5000 +pm.status_path = /fpm_status + +request_slowlog_timeout = 10s +slowlog = /var/log/php-fpm-domjudge.log.slow + +php_flag[display_errors] = off +php_admin_flag[log_errors] = on +php_admin_value[error_log] = /var/log/fpm-php.domjudge.log + ; Set these three to be at least the size of your largest testcase and ; largest expected program output. php_admin_value[memory_limit] = 4096M php_admin_value[upload_max_filesize] = 4096M php_admin_value[post_max_size] = 4096M +; This must be strictly larger than the configured max number of source +; files a team can submit. +php_admin_value[max_file_uploads] = 101 + +php_admin_value[date.timezone] = Asia/Taipei diff --git a/roles/configure_domserver/tasks/main.yml b/roles/configure_domserver/tasks/main.yml index eb763da..4b45b28 100644 --- a/roles/configure_domserver/tasks/main.yml +++ b/roles/configure_domserver/tasks/main.yml @@ -3,9 +3,9 @@ ansible.builtin.file: path: "{{ domjudge_base_dir }}" state: directory - mode: '0755' + mode: '0750' owner: root - group: root + group: docker - name: Install domjudge docker compose notify: - Restart domjudge docker compose @@ -20,15 +20,17 @@ - name: Install mysql config ansible.builtin.copy: src: config/mysql - dest: "{{ domjudge_base_dir }}/config/mysql" - mode: '0755' + dest: "{{ domjudge_base_dir }}/config" + mode: '0644' + directory_mode: '0755' owner: root group: root - name: Install domserver php config ansible.builtin.copy: src: config/php - dest: "{{ domjudge_base_dir }}/config/php" - mode: '0755' + dest: "{{ domjudge_base_dir }}/config" + mode: '0644' + directory_mode: '0755' owner: root group: root - name: Enable and start docker @@ -36,3 +38,6 @@ name: docker.service state: started enabled: true +- name: Run docker compose up + community.docker.docker_compose_v2: + project_src: "{{ domjudge_base_dir }}" diff --git a/roles/configure_domserver/templates/docker-compose.yml.jinja b/roles/configure_domserver/templates/docker-compose.yml.jinja index d892302..2384dd9 100644 --- a/roles/configure_domserver/templates/docker-compose.yml.jinja +++ b/roles/configure_domserver/templates/docker-compose.yml.jinja @@ -11,11 +11,7 @@ services: - "./data/mariadb:/var/lib/mysql" - "./config/mysql:/etc/mysql/conf.d:ro" domserver: - build: - context: . - dockerfile_inline: | - FROM domjudge/domserver:{{ domserver_version }} - COPY ./config/php/domjudge.conf /etc/php/8.2/fpm/pool.d/domjudge.conf + image: domjudge/domserver:{{ domserver_version }} environment: MYSQL_HOST: mariadb MYSQL_USER: domjudge @@ -24,5 +20,9 @@ services: MYSQL_ROOT_PASSWORD: "{{ mysql_root_password }}" CONTAINER_TIMEZONE: Asia/Taipei restart: always + volumes: + - "./config/php/domjudge.conf:/etc/php/8.2/fpm/pool.d/domjudge.conf" + depends_on: + - mariadb ports: - - "8080:80" + - "127.0.0.1:8080:80" diff --git a/roles/install_packages/tasks/main.yml b/roles/install_packages/tasks/main.yml index 20e1355..8aaf825 100644 --- a/roles/install_packages/tasks/main.yml +++ b/roles/install_packages/tasks/main.yml @@ -6,4 +6,8 @@ community.general.pacman: pkg: - docker + - docker-compose + - docker-buildx notify: Upgrade packages +- name: Flush handlers + ansible.builtin.meta: flush_handlers From 7f72c71f106b2917e1e700ff51fa3c67dbe4d093 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 20:45:24 +0800 Subject: [PATCH 03/16] Feat(judgehost): test judgehost --- group_vars/all/main.yml | 3 ++ group_vars/domserver/main.yml | 1 - playbooks/judgehost.yml | 6 +++ roles/configure_judgehost/handlers/main.yml | 6 +++ roles/configure_judgehost/tasks/main.yml | 48 +++++++++++++++++++ .../templates/docker-compose.yml.jinja | 12 +++++ 6 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 group_vars/all/main.yml create mode 100644 playbooks/judgehost.yml create mode 100644 roles/configure_judgehost/handlers/main.yml create mode 100644 roles/configure_judgehost/templates/docker-compose.yml.jinja diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml new file mode 100644 index 0000000..a48620b --- /dev/null +++ b/group_vars/all/main.yml @@ -0,0 +1,3 @@ +--- +domjudge_base_dir: /opt/domjudge/midterm +domserver_url: https://cp1.konchin.com diff --git a/group_vars/domserver/main.yml b/group_vars/domserver/main.yml index bd6c46d..a1ad432 100644 --- a/group_vars/domserver/main.yml +++ b/group_vars/domserver/main.yml @@ -1,4 +1,3 @@ --- -domjudge_base_dir: /opt/domjudge/midterm mariadb_version: 11.7.2 domserver_version: 8.3.1 diff --git a/playbooks/judgehost.yml b/playbooks/judgehost.yml new file mode 100644 index 0000000..855b997 --- /dev/null +++ b/playbooks/judgehost.yml @@ -0,0 +1,6 @@ +--- +- name: Install judgehost + hosts: judgehost + roles: + - role: install_packages + - role: configure_judgehost diff --git a/roles/configure_judgehost/handlers/main.yml b/roles/configure_judgehost/handlers/main.yml new file mode 100644 index 0000000..6d4e549 --- /dev/null +++ b/roles/configure_judgehost/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart judgehost docker compose + community.docker.docker_compose_v2: + project_src: "{{ domjudge_base_dir }}" + state: restarted + remove_orphans: true diff --git a/roles/configure_judgehost/tasks/main.yml b/roles/configure_judgehost/tasks/main.yml index 98475e0..c7ca0e2 100644 --- a/roles/configure_judgehost/tasks/main.yml +++ b/roles/configure_judgehost/tasks/main.yml @@ -7,3 +7,51 @@ cgroup_enable=memory swapaccount=1 systemd.unified_cgroup_hierarchy=0 + notify: Reboot +- name: Flush handlers + ansible.builtin.meta: flush_handlers + +- name: Fetch judgehost password + community.docker.docker_compose_v2_exec: + project_src: "{{ domjudge_base_dir }}" + service: domserver + command: >- + sed -nr 's/^.*\W+judgehost\W+(.+)$/\1/p' + /opt/domjudge/domserver/etc/restapi.secret + register: fetch_reg +- name: Set judgehost facts + ansible.builtin.set_fact: + domserver_url: "{{ domserver_url }}" + judgehost_password: "{{ fetch_reg['stdout'] }}" + delegate_to: domserver[0] + run_once: true +- name: Show judgehost password + ansible.builtin.debug: + var: judgehost_password + +- name: Install judgehost directory + ansible.builtin.file: + path: "{{ domjudge_base_dir }}" + state: directory + mode: '0750' + owner: root + group: docker +- name: Install judgehost docker compose + notify: + - Restart judgehost docker compose + block: + - name: Install docker-compose.yml + ansible.builtin.template: + src: docker-compose.yml.jinja + dest: "{{ domjudge_base_dir }}/docker-compose.yml" + mode: '0644' + owner: root + group: root +- name: Enable and start docker + ansible.builtin.systemd_service: + name: docker.service + state: started + enabled: true +- name: Run docker compose up + community.docker.docker_compose_v2: + project_src: "{{ domjudge_base_dir }}" diff --git a/roles/configure_judgehost/templates/docker-compose.yml.jinja b/roles/configure_judgehost/templates/docker-compose.yml.jinja new file mode 100644 index 0000000..a0eee7d --- /dev/null +++ b/roles/configure_judgehost/templates/docker-compose.yml.jinja @@ -0,0 +1,12 @@ +services: + judgehost: + image: domjudge/judgehost:{{ judgehost_version }} + privileged: true + environment: + DAEMON_ID: 0 + DOMSERVER_BASEURL: {{ domserver_url }} + JUDGEDAEMON_USERNAME: judgehost + JUDGEDAEMON_PASSWORD: {{ judgehost_password }} + DOMJUDGE_CREATE_WRITABLE_TEMP_DIR: 1 + CONTAINER_TIMEZONE: Asia/Taipei + restart: always From 43ee35f6a330274a946982b74c6a1123cbeb3e12 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 21:29:00 +0800 Subject: [PATCH 04/16] Feat(domserver): add haproxy support --- README.md | 9 ++++ playbooks/domserver.yml | 1 + roles/configure_haproxy/files/haproxy.cfg | 52 +++++++++++++++++++++++ roles/configure_haproxy/handlers/main.yml | 5 +++ roles/configure_haproxy/tasks/main.yml | 27 ++++++++++++ 5 files changed, 94 insertions(+) create mode 100644 roles/configure_haproxy/files/haproxy.cfg create mode 100644 roles/configure_haproxy/handlers/main.yml create mode 100644 roles/configure_haproxy/tasks/main.yml diff --git a/README.md b/README.md index aab45f4..d2facfb 100644 --- a/README.md +++ b/README.md @@ -1 +1,10 @@ # Ansible / domjudge + +## Usage + +1. Fill in the vars in `group_vars`. +2. Fill in `domserver` and `judgehost` machine ips in `hosts` file. +3. Run `ansible-playbook playbooks/domserver`. +4. Run `ansible-playbook playbooks/judgehost`. +5. Put web cert and key to `/etc/haproxy/cert.pem` on domserver. +6. Check if judgehost been registered. diff --git a/playbooks/domserver.yml b/playbooks/domserver.yml index 3a1ce04..84a162d 100644 --- a/playbooks/domserver.yml +++ b/playbooks/domserver.yml @@ -4,3 +4,4 @@ roles: - role: install_packages - role: configure_domserver + - role: configure_haproxy diff --git a/roles/configure_haproxy/files/haproxy.cfg b/roles/configure_haproxy/files/haproxy.cfg new file mode 100644 index 0000000..3925411 --- /dev/null +++ b/roles/configure_haproxy/files/haproxy.cfg @@ -0,0 +1,52 @@ +global + default-path config + #zero-warning + maxconn 20000 + log 127.0.0.1 local0 + user haproxy + #pidfile /run/haproxy.pid + hard-stop-after 5m + daemon + user haproxy + group haproxy + + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets + +# default settings common to all HTTP proxies below +defaults + mode http + log global + timeout client 1m + timeout server 1m + timeout connect 10s + timeout http-keep-alive 2m + timeout queue 15s + timeout tunnel 4h # for websocket + +frontend external + bind :443 name secure ssl crt /etc/haproxy/cert.pem + +.if feature(QUIC) + bind quic4@:443 name quic ssl crt /etc/haproxy/cert.pem + http-response add-header alt-svc 'h3=":443"; ma=90000' +.endif + + http-request redirect scheme https code 308 unless { ssl_fc } + http-request del-header x-forwarded-for + option forwardfor + option httplog + + http-request set-header X-Forwarded-Proto https if { ssl_fc } + + # enable HTTP compression of text contents + compression algo deflate gzip + compression type text/ application/javascript application/xhtml+xml image/x-icon + + default_backend domserver + +backend domserver + balance leastconn + option abortonclose + server gitea1 127.0.0.1:8080 maxconn 100 check inter 1s diff --git a/roles/configure_haproxy/handlers/main.yml b/roles/configure_haproxy/handlers/main.yml new file mode 100644 index 0000000..bb957cc --- /dev/null +++ b/roles/configure_haproxy/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart haproxy + ansible.builtin.systemd_service: + name: haproxy.service + state: restarted diff --git a/roles/configure_haproxy/tasks/main.yml b/roles/configure_haproxy/tasks/main.yml new file mode 100644 index 0000000..0121bcf --- /dev/null +++ b/roles/configure_haproxy/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Update package cache + community.general.pacman: + update_cache: true +- name: Install haproxy + community.general.pacman: + pkg: + - haproxy + notify: Upgrade packages + +- name: Install haproxy.cfg + ansible.builtin.copy: + src: haproxy.cfg + dest: /etc/haproxy/haproxy.cfg + mode: '0644' + owner: haproxy + group: haproxy + notify: Restart haproxy +- name: Prompt for manually install cert + ansible.builtin.pause: + prompt: "Make sure the cert and key pair are store in /etc/haproxy/cert.pem" + +- name: Enable and start haproxy + ansible.builtin.systemd_service: + name: haproxy.service + state: started + enabled: true From 77392da592a4aad327ae3afc271751e914d69129 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 21:51:18 +0800 Subject: [PATCH 05/16] Fix(judgehost): reboot handler --- roles/configure_judgehost/handlers/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/configure_judgehost/handlers/main.yml b/roles/configure_judgehost/handlers/main.yml index 6d4e549..6041b95 100644 --- a/roles/configure_judgehost/handlers/main.yml +++ b/roles/configure_judgehost/handlers/main.yml @@ -1,4 +1,6 @@ --- +- name: Reboot + ansible.builtin.reboot: {} - name: Restart judgehost docker compose community.docker.docker_compose_v2: project_src: "{{ domjudge_base_dir }}" From 4e4a88a64bcb92d0b6bfb0800ed7a8b36a72a711 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 21:52:46 +0800 Subject: [PATCH 06/16] Fix(judgehost): fetch password --- roles/configure_judgehost/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/configure_judgehost/tasks/main.yml b/roles/configure_judgehost/tasks/main.yml index c7ca0e2..540f808 100644 --- a/roles/configure_judgehost/tasks/main.yml +++ b/roles/configure_judgehost/tasks/main.yml @@ -18,12 +18,13 @@ command: >- sed -nr 's/^.*\W+judgehost\W+(.+)$/\1/p' /opt/domjudge/domserver/etc/restapi.secret + delegate_to: "{{ groups['domserver'] | first }}" + run_once: true register: fetch_reg - name: Set judgehost facts ansible.builtin.set_fact: domserver_url: "{{ domserver_url }}" judgehost_password: "{{ fetch_reg['stdout'] }}" - delegate_to: domserver[0] run_once: true - name: Show judgehost password ansible.builtin.debug: From 62f9058ee4ca6e996fc81733b3b38a917b261731 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 21:58:35 +0800 Subject: [PATCH 07/16] Fix(judgehost): add judgehost version --- group_vars/judgehost/main.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 group_vars/judgehost/main.yml diff --git a/group_vars/judgehost/main.yml b/group_vars/judgehost/main.yml new file mode 100644 index 0000000..46b5e91 --- /dev/null +++ b/group_vars/judgehost/main.yml @@ -0,0 +1,2 @@ +--- +judgehost_version: 8.3.1 From a295f1fdf1366e9de41cbaf34d4cf44928d36dbe Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 22:04:52 +0800 Subject: [PATCH 08/16] Fix(judgehost): use cgroups v1 --- roles/configure_judgehost/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/configure_judgehost/tasks/main.yml b/roles/configure_judgehost/tasks/main.yml index 540f808..092a9f4 100644 --- a/roles/configure_judgehost/tasks/main.yml +++ b/roles/configure_judgehost/tasks/main.yml @@ -6,6 +6,7 @@ options cgroup_enable=memory swapaccount=1 + SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 systemd.unified_cgroup_hierarchy=0 notify: Reboot - name: Flush handlers From 1a5976caea768104aa9d9dd4cb68a79c30a25207 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Sun, 6 Apr 2025 22:34:51 +0800 Subject: [PATCH 09/16] Fix(judgehost): mount /sys/fs/cgroup in container --- roles/configure_judgehost/templates/docker-compose.yml.jinja | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/configure_judgehost/templates/docker-compose.yml.jinja b/roles/configure_judgehost/templates/docker-compose.yml.jinja index a0eee7d..e8d2bb6 100644 --- a/roles/configure_judgehost/templates/docker-compose.yml.jinja +++ b/roles/configure_judgehost/templates/docker-compose.yml.jinja @@ -10,3 +10,5 @@ services: DOMJUDGE_CREATE_WRITABLE_TEMP_DIR: 1 CONTAINER_TIMEZONE: Asia/Taipei restart: always + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup From 9480d38ca43e5e084db073606ced315b2c8095bc Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Mon, 7 Apr 2025 00:06:41 +0800 Subject: [PATCH 10/16] Feat(judgehost): test legacy with debian11 --- README.md | 13 ++++++++++++- group_vars/judgehost/main.yml | 3 +++ hosts | 2 +- playbooks/judgehost.yml | 4 ++-- roles/configure_judgehost/tasks/main.yml | 6 +----- .../tasks/domjudge.yml | 13 +++++++++++++ roles/install_packages_debian11/tasks/main.yml | 18 ++++++++++++++++++ 7 files changed, 50 insertions(+), 9 deletions(-) create mode 100644 roles/configure_judgehost_legacy/tasks/domjudge.yml create mode 100644 roles/install_packages_debian11/tasks/main.yml diff --git a/README.md b/README.md index d2facfb..8bed580 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,20 @@ ## Usage +0. Install Arch Linux for domserver and **Debian 11** for judgehost. 1. Fill in the vars in `group_vars`. -2. Fill in `domserver` and `judgehost` machine ips in `hosts` file. +2. Fill in `domserver` and `judgehost` groups in `hosts` file. 3. Run `ansible-playbook playbooks/domserver`. 4. Run `ansible-playbook playbooks/judgehost`. 5. Put web cert and key to `/etc/haproxy/cert.pem` on domserver. 6. Check if judgehost been registered. + +## Trouble shooting + +### Judgehost cannot startup + +The cgroups v2 support had been patched since October, 2024. However the latest +release of domjudge is 8.3.1, which was published on September, 2024. + +Therefore, before cgroups v2 patch came out as a stable release, we still have +to use a older release, like Debian 11, to make things work. diff --git a/group_vars/judgehost/main.yml b/group_vars/judgehost/main.yml index 46b5e91..9ebb15a 100644 --- a/group_vars/judgehost/main.yml +++ b/group_vars/judgehost/main.yml @@ -1,2 +1,5 @@ --- judgehost_version: 8.3.1 + +# For legacy support +domjudge_tarball_url: https://www.domjudge.org/releases/domjudge-8.3.1.tar.gz diff --git a/hosts b/hosts index b7e6d42..8ee69cf 100644 --- a/hosts +++ b/hosts @@ -10,4 +10,4 @@ localhost ansible_connection=local 10.4.2.228 [all:vars] -ansible_python_interpreter=/usr/bin/python +ansible_python_interpreter=/usr/bin/python3 diff --git a/playbooks/judgehost.yml b/playbooks/judgehost.yml index 855b997..50ab8aa 100644 --- a/playbooks/judgehost.yml +++ b/playbooks/judgehost.yml @@ -2,5 +2,5 @@ - name: Install judgehost hosts: judgehost roles: - - role: install_packages - - role: configure_judgehost + - role: install_packages_debian11 + - role: configure_judgehost_legacy diff --git a/roles/configure_judgehost/tasks/main.yml b/roles/configure_judgehost/tasks/main.yml index 092a9f4..ed724a1 100644 --- a/roles/configure_judgehost/tasks/main.yml +++ b/roles/configure_judgehost/tasks/main.yml @@ -3,11 +3,7 @@ ansible.builtin.lineinfile: path: /boot/loader/entries/arch.conf line: >- - options - cgroup_enable=memory - swapaccount=1 - SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 - systemd.unified_cgroup_hierarchy=0 + options cgroup_enable=memory notify: Reboot - name: Flush handlers ansible.builtin.meta: flush_handlers diff --git a/roles/configure_judgehost_legacy/tasks/domjudge.yml b/roles/configure_judgehost_legacy/tasks/domjudge.yml new file mode 100644 index 0000000..3fd959a --- /dev/null +++ b/roles/configure_judgehost_legacy/tasks/domjudge.yml @@ -0,0 +1,13 @@ +- name: Download domjudge tarball + ansible.builtin.get_url: + url: "{{ domjudge_tarball_url }}" + dest: /opt/ + mode: '0644' + owner: root + group: root + register: downloaded_tarball +- name: Extract domjudge tarball + ansible.builtin.unarchive: + src: "{{ downloaded_tarball.dest }}" + dest: "{{ (downloaded_tarball.dest | basename).split('.') | first }}" + remote_src: true diff --git a/roles/install_packages_debian11/tasks/main.yml b/roles/install_packages_debian11/tasks/main.yml new file mode 100644 index 0000000..ed80e83 --- /dev/null +++ b/roles/install_packages_debian11/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: Install packages + ansible.builtin.apt: + pkg: + - make + - pkg-config + - sudo + - debootstrap + - libcgroup-dev + - php-cli + - php-curl + - php-json + - php-xml + - php-zip + - lsof + - procps + - gcc + - g++ From 24bac381cc115fcc6636adcc69d0920dd261a90b Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Mon, 7 Apr 2025 00:13:26 +0800 Subject: [PATCH 11/16] Feat(judgehost): import domjudge install --- roles/configure_judgehost_legacy/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 roles/configure_judgehost_legacy/tasks/main.yml diff --git a/roles/configure_judgehost_legacy/tasks/main.yml b/roles/configure_judgehost_legacy/tasks/main.yml new file mode 100644 index 0000000..43890e9 --- /dev/null +++ b/roles/configure_judgehost_legacy/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- name: Import domjudge install + ansible.builtin.import_tasks: domjudge.yml From 2d713a24d4868d927a9dd25fae3e476fd2554163 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Mon, 7 Apr 2025 00:16:02 +0800 Subject: [PATCH 12/16] Fix(judgehost): change extract destination --- roles/configure_judgehost_legacy/tasks/domjudge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/configure_judgehost_legacy/tasks/domjudge.yml b/roles/configure_judgehost_legacy/tasks/domjudge.yml index 3fd959a..80b5732 100644 --- a/roles/configure_judgehost_legacy/tasks/domjudge.yml +++ b/roles/configure_judgehost_legacy/tasks/domjudge.yml @@ -9,5 +9,5 @@ - name: Extract domjudge tarball ansible.builtin.unarchive: src: "{{ downloaded_tarball.dest }}" - dest: "{{ (downloaded_tarball.dest | basename).split('.') | first }}" + dest: "{{ domjudge_base_dir }}" remote_src: true From 38646bb3d96fa0940da1c276dc7e990b9b81781d Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Mon, 7 Apr 2025 00:19:00 +0800 Subject: [PATCH 13/16] Fix(judgehost): install domjudge directory beforehand --- roles/configure_judgehost_legacy/tasks/domjudge.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/configure_judgehost_legacy/tasks/domjudge.yml b/roles/configure_judgehost_legacy/tasks/domjudge.yml index 80b5732..9b03fb7 100644 --- a/roles/configure_judgehost_legacy/tasks/domjudge.yml +++ b/roles/configure_judgehost_legacy/tasks/domjudge.yml @@ -6,6 +6,14 @@ owner: root group: root register: downloaded_tarball +- name: Install domjudge directory + ansible.builtin.file: + path: "{{ domjudge_base_dir | dirname }}" + state: directory + recurse: true + mode: '0700' + owner: root + group: root - name: Extract domjudge tarball ansible.builtin.unarchive: src: "{{ downloaded_tarball.dest }}" From 320037ecdfdf10283f18416cf85c8bdbb2c62d8d Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Mon, 7 Apr 2025 00:26:06 +0800 Subject: [PATCH 14/16] Fix(judgehost): check domjudge base directory --- roles/configure_judgehost_legacy/tasks/configure.yml | 4 ++++ .../tasks/{domjudge.yml => download.yml} | 6 +++++- roles/configure_judgehost_legacy/tasks/main.yml | 6 ++++-- 3 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 roles/configure_judgehost_legacy/tasks/configure.yml rename roles/configure_judgehost_legacy/tasks/{domjudge.yml => download.yml} (73%) diff --git a/roles/configure_judgehost_legacy/tasks/configure.yml b/roles/configure_judgehost_legacy/tasks/configure.yml new file mode 100644 index 0000000..806b058 --- /dev/null +++ b/roles/configure_judgehost_legacy/tasks/configure.yml @@ -0,0 +1,4 @@ +--- +- name: Show domjudge base dir + ansible.builtin.debug: + var: domjudge_base_dir diff --git a/roles/configure_judgehost_legacy/tasks/domjudge.yml b/roles/configure_judgehost_legacy/tasks/download.yml similarity index 73% rename from roles/configure_judgehost_legacy/tasks/domjudge.yml rename to roles/configure_judgehost_legacy/tasks/download.yml index 9b03fb7..e5ed582 100644 --- a/roles/configure_judgehost_legacy/tasks/domjudge.yml +++ b/roles/configure_judgehost_legacy/tasks/download.yml @@ -8,7 +8,7 @@ register: downloaded_tarball - name: Install domjudge directory ansible.builtin.file: - path: "{{ domjudge_base_dir | dirname }}" + path: "{{ domjudge_base_dir }}" state: directory recurse: true mode: '0700' @@ -19,3 +19,7 @@ src: "{{ downloaded_tarball.dest }}" dest: "{{ domjudge_base_dir }}" remote_src: true + register: domjudge_extracted +- name: Set new domjudge_base_dir + ansible.builtin.set_fact: + domjudge_base_dir: "{{ domjudge_extracted.dest }}" diff --git a/roles/configure_judgehost_legacy/tasks/main.yml b/roles/configure_judgehost_legacy/tasks/main.yml index 43890e9..0b54ba2 100644 --- a/roles/configure_judgehost_legacy/tasks/main.yml +++ b/roles/configure_judgehost_legacy/tasks/main.yml @@ -1,3 +1,5 @@ --- -- name: Import domjudge install - ansible.builtin.import_tasks: domjudge.yml +- name: Import domjudge download + ansible.builtin.import_tasks: download.yml +- name: Import domjudge configure + ansible.builtin.import_tasks: configure.yml From 83a95fe49cb981686683f5d859b32da673aad440 Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Mon, 7 Apr 2025 20:32:38 +0800 Subject: [PATCH 15/16] Fix(judgehost): works with Debian12 + docker --- README.md | 12 +- group_vars/all/main.yml | 4 +- hosts | 2 +- playbooks/judgehost.yml | 5 +- .../templates/docker-compose.yml.jinja | 3 + roles/configure_judgehost/handlers/main.yml | 4 + roles/configure_judgehost/tasks/main.yml | 15 +- .../handlers/main.yml | 14 ++ .../tasks/configure.yml | 138 +++++++++++++++++- .../tasks/download.yml | 60 +++++--- .../configure_judgehost_legacy/tasks/main.yml | 5 + .../tasks/main.yml | 0 12 files changed, 231 insertions(+), 31 deletions(-) create mode 100644 roles/configure_judgehost_legacy/handlers/main.yml rename roles/{install_packages_debian11 => install_packages_debian}/tasks/main.yml (100%) diff --git a/README.md b/README.md index 8bed580..77a92c5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ## Usage -0. Install Arch Linux for domserver and **Debian 11** for judgehost. +0. Install Arch Linux for domserver and **Debian 12** for judgehost. 1. Fill in the vars in `group_vars`. 2. Fill in `domserver` and `judgehost` groups in `hosts` file. 3. Run `ansible-playbook playbooks/domserver`. @@ -12,10 +12,18 @@ ## Trouble shooting +### I give up + +Just use Debian 12 + docker. + ### Judgehost cannot startup The cgroups v2 support had been patched since October, 2024. However the latest release of domjudge is 8.3.1, which was published on September, 2024. Therefore, before cgroups v2 patch came out as a stable release, we still have -to use a older release, like Debian 11, to make things work. +to use a older release, like Debian 12, to make things work. + +### PHP syntax error + +PHP version on Debian 11 is too old, use Debian 12 instead. diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index a48620b..780817e 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -1,3 +1,3 @@ --- -domjudge_base_dir: /opt/domjudge/midterm -domserver_url: https://cp1.konchin.com +domjudge_base_dir: /opt/domjudge +domserver_url: https://cp1.konchin.com/ diff --git a/hosts b/hosts index 8ee69cf..a8b52ff 100644 --- a/hosts +++ b/hosts @@ -7,7 +7,7 @@ localhost ansible_connection=local [judgehost] 10.4.2.227 -10.4.2.228 +#10.4.2.228 [all:vars] ansible_python_interpreter=/usr/bin/python3 diff --git a/playbooks/judgehost.yml b/playbooks/judgehost.yml index 50ab8aa..43f8769 100644 --- a/playbooks/judgehost.yml +++ b/playbooks/judgehost.yml @@ -2,5 +2,6 @@ - name: Install judgehost hosts: judgehost roles: - - role: install_packages_debian11 - - role: configure_judgehost_legacy + #- role: install_packages_debian + #- role: configure_judgehost_legacy + - role: configure_judgehost diff --git a/roles/configure_domserver/templates/docker-compose.yml.jinja b/roles/configure_domserver/templates/docker-compose.yml.jinja index 2384dd9..aaec4ce 100644 --- a/roles/configure_domserver/templates/docker-compose.yml.jinja +++ b/roles/configure_domserver/templates/docker-compose.yml.jinja @@ -21,8 +21,11 @@ services: CONTAINER_TIMEZONE: Asia/Taipei restart: always volumes: + - "restapi_secret:/opt/domjudge/domserver/etc/restapi.secret" - "./config/php/domjudge.conf:/etc/php/8.2/fpm/pool.d/domjudge.conf" depends_on: - mariadb ports: - "127.0.0.1:8080:80" +volumes: + restapi_secret: {} diff --git a/roles/configure_judgehost/handlers/main.yml b/roles/configure_judgehost/handlers/main.yml index 6041b95..1d8d1d6 100644 --- a/roles/configure_judgehost/handlers/main.yml +++ b/roles/configure_judgehost/handlers/main.yml @@ -1,6 +1,10 @@ --- - name: Reboot ansible.builtin.reboot: {} +- name: Update grub + ansible.builtin.command: | + update-grub + changed_when: true - name: Restart judgehost docker compose community.docker.docker_compose_v2: project_src: "{{ domjudge_base_dir }}" diff --git a/roles/configure_judgehost/tasks/main.yml b/roles/configure_judgehost/tasks/main.yml index ed724a1..8cfc8ee 100644 --- a/roles/configure_judgehost/tasks/main.yml +++ b/roles/configure_judgehost/tasks/main.yml @@ -1,10 +1,23 @@ --- -- name: Add boot parameters +- name: Add boot parameters (Archlinux) ansible.builtin.lineinfile: path: /boot/loader/entries/arch.conf line: >- options cgroup_enable=memory notify: Reboot + when: ansible_facts['distribution'] == "Archlinux" +- name: Add boot parameters (Debian) + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=' + line: >- + GRUB_CMDLINE_LINUX_DEFAULT="quiet + cgroup_enable=memory swapaccount=1 isolcpus=0 + systemd.unified_cgroup_hierarchy=0" + notify: + - Update grub + - Reboot + when: ansible_facts['distribution'] == "Debian" - name: Flush handlers ansible.builtin.meta: flush_handlers diff --git a/roles/configure_judgehost_legacy/handlers/main.yml b/roles/configure_judgehost_legacy/handlers/main.yml new file mode 100644 index 0000000..e339c4a --- /dev/null +++ b/roles/configure_judgehost_legacy/handlers/main.yml @@ -0,0 +1,14 @@ +--- +- name: Update grub + ansible.builtin.command: | + update-grub + changed_when: true +- name: Reboot + ansible.builtin.reboot: +- name: Systemd daemon-reload + ansible.builtin.systemd_service: + daemon_reload: true +- name: Restart judgehost + ansible.builtin.systemd_service: + name: domjudge-judgehost.target + state: restarted diff --git a/roles/configure_judgehost_legacy/tasks/configure.yml b/roles/configure_judgehost_legacy/tasks/configure.yml index 806b058..0cda5a4 100644 --- a/roles/configure_judgehost_legacy/tasks/configure.yml +++ b/roles/configure_judgehost_legacy/tasks/configure.yml @@ -1,4 +1,138 @@ --- -- name: Show domjudge base dir +- name: Run ./configure + tags: [make] + ansible.builtin.command: >- + ./configure + --with-baseurl={{ domserver_url }} + --prefix={{ domjudge_base_dir }} + args: + chdir: "{{ domjudge_base_dir }}" + become: true + become_user: domjudge + changed_when: true + register: debug +- name: Debug + tags: [make] ansible.builtin.debug: - var: domjudge_base_dir + var: debug.stdout_lines + +- name: Run make judgehost + tags: [make] + ansible.builtin.command: | + make judgehost + args: + chdir: "{{ domjudge_base_dir }}" + become: true + become_user: domjudge + register: debug +- name: Debug + tags: [make] + ansible.builtin.debug: + var: debug.stdout_lines + +- name: Run make install-judgehost + tags: [make] + ansible.builtin.command: | + make install-judgehost + args: + chdir: "{{ domjudge_base_dir }}" + notify: + - Systemd daemon-reload + register: debug +- name: Debug + tags: [make] + ansible.builtin.debug: + var: debug.stdout_lines + +- name: Create domjudge-run group + tags: [make] + ansible.builtin.group: + name: domjudge-run + +- name: Add domjudge-run user + tags: [make] + ansible.builtin.user: + name: domjudge-run + home: /nonexistent + group: domjudge-run + shell: /bin/false + +- name: Add domjudge-run-0 user + tags: [make] + ansible.builtin.user: + name: domjudge-run-0 + home: /nonexistent + group: domjudge-run + shell: /bin/false + +- name: Copy sudoers-domjudge + tags: [make] + ansible.builtin.copy: + src: "{{ domjudge_base_dir }}/etc/sudoers-domjudge" + dest: /etc/sudoers.d/sudoers-domjudge + remote_src: true + mode: '0440' + owner: root + group: root + +- name: Run misc-tools/dj_make_chroot + ansible.builtin.command: | + ./misc-tools/dj_make_chroot + args: + chdir: "{{ domjudge_base_dir }}" + +- name: Modify boot options + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=' + line: >- + GRUB_CMDLINE_LINUX_DEFAULT="quiet + cgroup_enable=memory swapaccount=1 isolcpus=0 + systemd.unified_cgroup_hierarchy=0" + notify: + - Update grub + - Reboot +- name: Flush handlers + ansible.builtin.meta: flush_handlers + +- name: Fetch judgehost password + tags: [make] + community.docker.docker_compose_v2_exec: + project_src: "{{ domjudge_base_dir }}" + service: domserver + command: >- + sed -nr 's/^.*\W+judgehost\W+(.+)$/\1/p' + /opt/domjudge/domserver/etc/restapi.secret + delegate_to: "{{ groups['domserver'] | first }}" + run_once: true + register: fetch_reg +- name: Set judgehost facts + tags: [make] + ansible.builtin.set_fact: + domserver_url: "{{ domserver_url }}" + judgehost_password: "{{ fetch_reg['stdout'] }}" + run_once: true +- name: Show judgehost password + tags: [make] + ansible.builtin.debug: + var: judgehost_password +- name: Install restapi.secret + tags: [make] + ansible.builtin.copy: + content: >- + default {{ domserver_url }}/api judgehost {{ judgehost_password }} + dest: "{{ domjudge_base_dir }}/judgehost/etc/restapi.secret" + mode: '0640' + owner: domjudge + group: domjudge + +- name: Flush handlers + tags: [make] + ansible.builtin.meta: flush_handlers + +- name: Enable and start domjudge-judgehost.target + tags: [make] + ansible.builtin.systemd_service: + name: domjudge-judgehost.target + state: started + enabled: true diff --git a/roles/configure_judgehost_legacy/tasks/download.yml b/roles/configure_judgehost_legacy/tasks/download.yml index e5ed582..ea89229 100644 --- a/roles/configure_judgehost_legacy/tasks/download.yml +++ b/roles/configure_judgehost_legacy/tasks/download.yml @@ -1,25 +1,43 @@ -- name: Download domjudge tarball - ansible.builtin.get_url: - url: "{{ domjudge_tarball_url }}" - dest: /opt/ - mode: '0644' - owner: root - group: root - register: downloaded_tarball - name: Install domjudge directory ansible.builtin.file: - path: "{{ domjudge_base_dir }}" + path: "{{ domjudge_base_dir | dirname }}" state: directory recurse: true - mode: '0700' - owner: root - group: root -- name: Extract domjudge tarball - ansible.builtin.unarchive: - src: "{{ downloaded_tarball.dest }}" - dest: "{{ domjudge_base_dir }}" - remote_src: true - register: domjudge_extracted -- name: Set new domjudge_base_dir - ansible.builtin.set_fact: - domjudge_base_dir: "{{ domjudge_extracted.dest }}" + mode: '0750' + owner: domjudge + group: domjudge +- name: Install domjudge by tarball + block: + - name: Create tmp for domjudge tarball + ansible.builtin.file: + path: /run/domjudge + state: directory + mode: '0755' + owner: root + group: root + - name: Download domjudge tarball + ansible.builtin.get_url: + url: "{{ domjudge_tarball_url }}" + dest: /run/domjudge/ + mode: '0644' + owner: domjudge + group: domjudge + register: downloaded_tarball + - name: Extract domjudge tarball + ansible.builtin.unarchive: + src: "{{ downloaded_tarball.dest }}" + dest: /run/domjudge/ + remote_src: true + owner: domjudge + group: domjudge + register: domjudge_extracted + - name: Set new domjudge_base_dir + ansible.builtin.set_fact: + domjudge_extracted_dir: "{{ domjudge_extracted.dest }}/domjudge-{{ judgehost_version }}" + - name: Move content to domjudge base directory + ansible.builtin.shell: | + echo "{{ domjudge_extracted_dir }}" + echo "{{ domjudge_base_dir }}" + mv {{ domjudge_extracted_dir }} {{ domjudge_base_dir }} + args: + creates: "{{ domjudge_base_dir }}" diff --git a/roles/configure_judgehost_legacy/tasks/main.yml b/roles/configure_judgehost_legacy/tasks/main.yml index 0b54ba2..3acf498 100644 --- a/roles/configure_judgehost_legacy/tasks/main.yml +++ b/roles/configure_judgehost_legacy/tasks/main.yml @@ -1,5 +1,10 @@ --- +- name: Add domjudge user + ansible.builtin.user: + name: domjudge + create_home: true - name: Import domjudge download ansible.builtin.import_tasks: download.yml - name: Import domjudge configure ansible.builtin.import_tasks: configure.yml + notify: Restart judgehost diff --git a/roles/install_packages_debian11/tasks/main.yml b/roles/install_packages_debian/tasks/main.yml similarity index 100% rename from roles/install_packages_debian11/tasks/main.yml rename to roles/install_packages_debian/tasks/main.yml From 8db26ab33e769402fa8bc7a15d5fec4a2b32bd1b Mon Sep 17 00:00:00 2001 From: Yi-Ting Shih Date: Mon, 7 Apr 2025 20:37:36 +0800 Subject: [PATCH 16/16] Feat(workflows): add lint --- .gitea/workflows/lint.yml | 17 +++++++++++++++++ playbooks/judgehost.yml | 4 ++-- .../tasks/configure.yml | 3 +++ 3 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 .gitea/workflows/lint.yml diff --git a/.gitea/workflows/lint.yml b/.gitea/workflows/lint.yml new file mode 100644 index 0000000..1806933 --- /dev/null +++ b/.gitea/workflows/lint.yml @@ -0,0 +1,17 @@ +name: Ansible Playbook lint +on: [push] + +jobs: + ansible-lint: + runs-on: imgbuilder + container: + image: gitea.konchin.com/image/ansible + credentials: + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + steps: + - name: Check out repository code + uses: actions/checkout@v4 + - name: Ansible Lint + run: | + ansible-lint playbooks/ roles/ diff --git a/playbooks/judgehost.yml b/playbooks/judgehost.yml index 43f8769..4390964 100644 --- a/playbooks/judgehost.yml +++ b/playbooks/judgehost.yml @@ -2,6 +2,6 @@ - name: Install judgehost hosts: judgehost roles: - #- role: install_packages_debian - #- role: configure_judgehost_legacy + # - role: install_packages_debian + # - role: configure_judgehost_legacy - role: configure_judgehost diff --git a/roles/configure_judgehost_legacy/tasks/configure.yml b/roles/configure_judgehost_legacy/tasks/configure.yml index 0cda5a4..ea7c62f 100644 --- a/roles/configure_judgehost_legacy/tasks/configure.yml +++ b/roles/configure_judgehost_legacy/tasks/configure.yml @@ -24,6 +24,7 @@ chdir: "{{ domjudge_base_dir }}" become: true become_user: domjudge + changed_when: true register: debug - name: Debug tags: [make] @@ -38,6 +39,7 @@ chdir: "{{ domjudge_base_dir }}" notify: - Systemd daemon-reload + changed_when: true register: debug - name: Debug tags: [make] @@ -80,6 +82,7 @@ ./misc-tools/dj_make_chroot args: chdir: "{{ domjudge_base_dir }}" + changed_when: true - name: Modify boot options ansible.builtin.lineinfile: